AzPolicyAdvertizer

last sync: 2020-Sep-17 14:31:34 UTC

You like AzAdvertizer ? Go checkout the new version of AzGovViz

Azure Policy

Cognitive Services accounts should enable data encryption with customer-managed key

Policy DisplayName Cognitive Services accounts should enable data encryption with customer-managed key
Policy Id 67121cc7-ff39-4ab8-b7e3-95b84dab487d
Policy Category Cognitive Services
Policy Description Customer-managed keys provide enhanced data protection by allowing you to manage your encryption keys for data stored in Cognitive Services. This is often required to meet compliance requirements.
Policy Mode Indexed
Policy Type BuiltIn
Policy in Preview FALSE
Policy Deprecated FALSE
Policy Effect Default: Audit
Allowed: (Audit,Deny,Disabled)
Roles used none
Policy Changes
Date/Time (UTC ymd) (i) Change Change detail
2020-09-02 14:03:46 change: DisplayName previous DisplayName: Cognitive Services accounts should enable data encryption with customer managed key
2020-06-09 16:25:53 add: Policy 67121cc7-ff39-4ab8-b7e3-95b84dab487d
Used in Policy Initiative(s) none
Policy Rule 
{
  "properties": {
    "displayName": "Cognitive Services accounts should enable data encryption with customer-managed key",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Customer-managed keys provide enhanced data protection by allowing you to manage your encryption keys for data stored in Cognitive Services. This is often required to meet compliance requirements.",
    "metadata": {
      "version": "1.0.1",
      "category": "Cognitive Services"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "The effect determines what happens when the policy rule is evaluated to match"
        },
        "allowedValues": [
          "Audit",
          "Deny",
          "Disabled"
        ],
        "defaultValue": "Audit"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.CognitiveServices/accounts"
          },
          {
            "field": "Microsoft.CognitiveServices/accounts/encryption.keySource",
            "notEquals": "Microsoft.KeyVault"
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "67121cc7-ff39-4ab8-b7e3-95b84dab487d"
}