last sync: 2021-Oct-25 16:02:14 UTC

Azure Policy definition

Configure Cognitive Services accounts to disable public network access

Name Configure Cognitive Services accounts to disable public network access
Azure Portal
Id 47ba1dd7-28d9-4b07-a8d5-9813bed64e0c
Version 2.0.0
details on versioning
Category Cognitive Services
Microsoft docs
Description Disable public network access for your Cognitive Services resource so that it's not accessible over the public internet. This can reduce data leakage risks. Learn more at: https://go.microsoft.com/fwlink/?linkid=2129800.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: Modify
Allowed: (Disabled, Modify)
Used RBAC Role
Role Name Role Id
Contributor b24988ac-6180-42a0-ab88-20f7382dd24c
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-08-23 14:26:16 change Major (1.0.0 > 2.0.0)
2021-03-09 14:37:41 add 47ba1dd7-28d9-4b07-a8d5-9813bed64e0c
Used in Initiatives none
JSON Changes

JSON
{
  "displayName": "Configure Cognitive Services accounts to disable public network access",
  "policyType": "BuiltIn",
  "mode": "Indexed",
  "description": "Disable public network access for your Cognitive Services resource so that it's not accessible over the public internet. This can reduce data leakage risks. Learn more at: https://go.microsoft.com/fwlink/?linkid=2129800.",
  "metadata": {
    "version": "2.0.0",
    "category": "Cognitive Services"
  },
  "parameters": {
    "effect": {
      "type": "String",
      "metadata": {
        "displayName": "Effect",
        "description": "Enable or disable the execution of the policy"
      },
      "allowedValues": [
        "Disabled",
        "Modify"
      ],
      "defaultValue": "Modify"
    }
  },
  "policyRule": {
    "if": {
      "allOf": [
        {
          "field": "type",
          "equals": "Microsoft.CognitiveServices/accounts"
        },
        {
          "field": "Microsoft.CognitiveServices/accounts/publicNetworkAccess",
          "notEquals": "Disabled"
        },
        {
          "count": {
            "field": "Microsoft.CognitiveServices/accounts/capabilities[*]",
            "where": {
              "field": "Microsoft.CognitiveServices/accounts/capabilities[*].name",
              "equals": "VirtualNetworks"
            }
          },
          "greater": 0
        }
      ]
    },
    "then": {
      "effect": "[parameters('effect')]",
      "details": {
        "roleDefinitionIds": [
          "/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
        ],
        "conflictEffect": "audit",
        "operations": [
          {
            "condition": "[greaterOrEquals(requestContext().apiVersion, '2017-04-18')]",
            "operation": "addOrReplace",
            "field": "Microsoft.CognitiveServices/accounts/publicNetworkAccess",
            "value": "Disabled"
          }
        ]
      }
    }
  }
}