last sync: 2021-May-10 15:04:35 UTC

Azure Policy definition

Cognitive Services accounts should use a managed identity

Name Cognitive Services accounts should use a managed identity
Azure Portal
Id fe3fd216-4f83-4fc1-8984-2bbec80a3418
Version 1.0.0
details on versioning
Category Cognitive Services
Microsoft docs
Description Assigning a managed identity to your Cognitive Service account helps ensure secure authentication. This identity is used by this Cognitive service account to communicate with other Azure services, like Azure Key Vault, in a secure way without you having to manage any credentials.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: Audit
Allowed: (Audit, Deny, Disabled)
Used RBAC Role none
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-03-09 14:37:41 add fe3fd216-4f83-4fc1-8984-2bbec80a3418
Used in Initiatives none
JSON
{
  "properties": {
    "displayName": "Cognitive Services accounts should use a managed identity",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Assigning a managed identity to your Cognitive Service account helps ensure secure authentication. This identity is used by this Cognitive service account to communicate with other Azure services, like Azure Key Vault, in a secure way without you having to manage any credentials.",
    "metadata": {
      "version": "1.0.0",
      "category": "Cognitive Services"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "The effect determines what happens when the policy rule is evaluated to match"
        },
        "allowedValues": [
          "Audit",
          "Deny",
          "Disabled"
        ],
        "defaultValue": "Audit"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.CognitiveServices/accounts"
          },
          {
            "anyOf": [
              {
                "field": "identity.type",
                "exists": "false"
              },
              {
                "field": "identity.type",
                "equals": "None"
              }
            ]
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/fe3fd216-4f83-4fc1-8984-2bbec80a3418",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "fe3fd216-4f83-4fc1-8984-2bbec80a3418"
}