last sync: 2024-Dec-06 18:53:36 UTC

Enforce recommended guardrails for Open AI (Cognitive Service)

Azure Landing Zones (ALZ) Policy Initiative (PolicySet)

Source Repository Azure Landing Zones (ALZ) GitHub
JSON Enforce-Guardrails-OpenAI
Display nameEnforce recommended guardrails for Open AI (Cognitive Service)
IdEnforce-Guardrails-OpenAI
Version1.1.0
Details on versioning
CategoryCognitive Services
DescriptionThis policy initiative is a group of policies that ensures Open AI (Cognitive Service) is compliant per regulated Landing Zones.
TypeCustom Azure Landing Zones (ALZ)
DeprecatedFalse
PreviewFalse
Policy count Total Policies: 11
Builtin Policies: 9
Static Policies: 0
ALZ Policies: 2
Policy used
Policy DisplayName Policy Id Category Effect Roles# Roles State Type
Azure AI Services resources should have key access disabled (disable local authentication) 71ef260a-8f18-47b7-abcb-62d0673d94dc Azure Ai Services Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn
Azure AI Services resources should restrict network access 037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure Ai Services Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn
Azure AI Services resources should use Azure Private Link d6759c02-b87f-42b7-892e-71b3f471d782 Azure Ai Services Default
Audit
Allowed
Audit, Disabled
0 GA BuiltIn
Cognitive Services accounts should use a managed identity fe3fd216-4f83-4fc1-8984-2bbec80a3418 Cognitive Services Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn
Cognitive Services accounts should use customer owned storage 46aa9b05-0e60-4eae-a88b-1e9d374fa515 Cognitive Services Default
Audit
Allowed
Audit, Deny, Disabled
0 GA BuiltIn
Configure Azure AI Services resources to disable local key access (disable local authentication) d45520cb-31ca-44ba-8da2-fcf914608544 Azure Ai Services Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
3 Cognitive Services Contributor, Cognitive Services OpenAI Contributor, Search Service Contributor GA BuiltIn
Configure Azure AI Services resources to disable local key access (disable local authentication) 55eff01b-f2bd-4c32-9203-db285f709d30 Azure Ai Services Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
2 Cognitive Services Contributor, Cognitive Services OpenAI Contributor GA BuiltIn
Configure Cognitive Services accounts to disable local authentication methods 14de9e63-1b31-492e-a5a3-c3f7fd57f555 Cognitive Services Default
Modify
Allowed
Modify, Disabled
1 Contributor GA BuiltIn
Diagnostic logs in Azure AI services resources should be enabled 1b4d1c4e-934c-4703-944c-27c82c06bebb Azure Ai Services Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA BuiltIn
Network ACLs should be restricted for Cognitive Services Deny-CognitiveServices-NetworkAcls Cognitive Services Default
Deny
Allowed
Audit, Deny, Disabled
0 GA ALZ
Outbound network access should be restricted for Cognitive Services Deny-CognitiveServices-RestrictOutboundNetworkAccess Cognitive Services Default
Deny
Allowed
Audit, Deny, Disabled
0 GA ALZ
Roles used
History none
JSON compare n/a
JSON
EPAC