AzPolicyAdvertizer

last sync: 2025-May-05 19:21:36 UTC

Configure a private DNS Zone ID for Cognitive Services account groupID

Community Policy definition

Source Repository Community-Policy GitHub
JSON Community-Policy GitHub
Deploy policy 5d34e716-cc45-4649-8a05-f1f7deaf2f36 (1.0.0) to Azure
Display name Configure a private DNS Zone ID for Cognitive Services account groupID
Id 5d34e716-cc45-4649-8a05-f1f7deaf2f36
Version 1.0.0
Details on versioning
Category Cognitive Services
Microsoft Learn
Description Configure private DNS zone group to override the DNS resolution for Cognitive Services 'account' groupID private endpoint. The policy distinguishes the correct Azure Private DNS Zone for Cognitive Services of kind OpenAI and other Cognitive Services. Reference: https://github.com/microsoft/industry/issues/380 Kudos @adforeman (GitHub)
Mode Indexed
Type Custom Community
Effect Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
RBAC role(s)
Role Name Role Id
Network Contributor 4d97b98b-1d4f-4787-a291-c67834d212e7
Reader acdd72a7-3385-48ef-bd42-f606fba81ae7
Rule aliases IF (3)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*] Microsoft.Network privateEndpoints properties.privateLinkServiceConnections[*] True False
Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].groupIds[*] Microsoft.Network privateEndpoints properties.privateLinkServiceConnections[*].properties.groupIds[*] True False
Microsoft.Network/privateEndpoints/privateLinkServiceConnections[*].privateLinkServiceId Microsoft.Network privateEndpoints properties.privateLinkServiceConnections[*].properties.privateLinkServiceId True False
Rule resource types IF (2)
Microsoft.CognitiveServices/accounts
Microsoft.Network/privateEndpoints
THEN-Deployment (1)
Microsoft.Network/privateEndpoints/privateDnsZoneGroups
JSON
EPAC
Deploy policy 5d34e716-cc45-4649-8a05-f1f7deaf2f36 (1.0.0) to Azure