last sync: 2021-Aug-04 14:59:26 UTC

Azure Policy definition

Machine Learning computes should have local authentication methods disabled

Name Machine Learning computes should have local authentication methods disabled
Azure Portal
Id e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f
Version 1.0.0
details on versioning
Category Machine Learning
Microsoft docs
Description Disabling local authentication methods improves security by ensuring that Machine Learning computes require Azure Active Directory identities exclusively for authentication. Learn more at: https://aka.ms/azure-ml-aad-policy.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: Audit
Allowed: (Audit, Deny, Disabled)
Used RBAC Role none
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-05-11 14:06:18 add e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f
Used in Initiatives none
JSON
{
  "properties": {
    "displayName": "Machine Learning computes should have local authentication methods disabled",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Disabling local authentication methods improves security by ensuring that Machine Learning computes require Azure Active Directory identities exclusively for authentication. Learn more at: https://aka.ms/azure-ml-aad-policy.",
    "metadata": {
      "version": "1.0.0",
      "category": "Machine Learning"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "Audit",
          "Deny",
          "Disabled"
        ],
        "defaultValue": "Audit"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.MachineLearningServices/workspaces/computes"
          },
          {
            "field": "Microsoft.MachineLearningServices/workspaces/computes/disableLocalAuth",
            "notEquals": true
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f"
}