last sync: 2020-Dec-02 15:37:49 UTC

Azure Policy definition

Cognitive Services accounts should enable data encryption with customer-managed key

Name Cognitive Services accounts should enable data encryption with customer-managed key
Azure Portal
Id 67121cc7-ff39-4ab8-b7e3-95b84dab487d
Version 1.0.1
details on versioning
Category Cognitive Services
Microsoft docs
Description Customer-managed keys provide enhanced data protection by allowing you to manage your encryption keys for data stored in Cognitive Services. This is often required to meet compliance requirements.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: Audit
Allowed: (Audit, Deny, Disabled)
Used RBAC Role none
History
Date/Time (UTC ymd) (i) Change type Change detail
2020-09-02 14:03:46 change Previous DisplayName: Cognitive Services accounts should enable data encryption with customer managed key
2020-06-09 16:25:53 add 67121cc7-ff39-4ab8-b7e3-95b84dab487d
Used in Initiatives none
Json
{
  "properties": {
    "displayName": "Cognitive Services accounts should enable data encryption with customer-managed key",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Customer-managed keys provide enhanced data protection by allowing you to manage your encryption keys for data stored in Cognitive Services. This is often required to meet compliance requirements.",
    "metadata": {
      "version": "1.0.1",
      "category": "Cognitive Services"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "The effect determines what happens when the policy rule is evaluated to match"
        },
        "allowedValues": [
          "Audit",
          "Deny",
          "Disabled"
        ],
        "defaultValue": "Audit"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.CognitiveServices/accounts"
          },
          {
            "field": "Microsoft.CognitiveServices/accounts/encryption.keySource",
            "notEquals": "Microsoft.KeyVault"
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "67121cc7-ff39-4ab8-b7e3-95b84dab487d"
}