Azure Ai Services - oWretch/policy GitHub Wiki
| Category | Policy | Production | Corp | Landing Zones | Platform | Identity | Sandbox | Management | Connectivity | Decommissioned |
|---|---|---|---|---|---|---|---|---|---|---|
| Azure Ai Services |
Azure AI Services resources should have key access disabled (disable local authentication) Key access (local authentication) is recommended to be disabled for security. Azure OpenAI Studio, typically used in development/testing, requires key access and will not function if key access is disabled. After disabling, Microsoft Entra ID becomes the only access method, which allows maintaining minimum privilege principle and granular control. Learn more at: https://aka.ms/AI/auth |
Audit Deny Disabled |
Deny Audit Disabled |
Deny Audit Disabled |
||||||
| Azure Ai Services |
Azure AI Services resources should restrict network access By restricting network access, you can ensure that only allowed networks can access the service. This can be achieved by configuring network rules so that only applications from allowed networks can access the Azure AI service. |
Audit Deny Disabled |
Deny Audit Disabled |
Deny Audit Disabled |
Deny Audit Disabled |
|||||
| Azure Ai Services |
Azure AI Services resources should use Azure Private Link Azure Private Link lets you connect your virtual network to Azure services without a public IP address at the source or destination. The Private Link platform reduces data leakage risks by handling the connectivity between the consumer and services over the Azure backbone network. Learn more about private links at: https://aka.ms/AzurePrivateLink/Overview |
Audit Disabled |
Audit Disabled |
Audit Disabled |
||||||
| Azure Ai Services |
Configure Azure AI Services resources to disable local key access (disable local authentication) Key access (local authentication) is recommended to be disabled for security. Azure OpenAI Studio, typically used in development/testing, requires key access and will not function if key access is disabled. After disabling, Microsoft Entra ID becomes the only access method, which allows maintaining minimum privilege principle and granular control. Learn more at: https://aka.ms/AI/auth |
DeployIfNotExists Disabled |
DeployIfNotExists Disabled |
|||||||
| Azure Ai Services |
Configure Azure AI Services resources to disable local key access (disable local authentication) Key access (local authentication) is recommended to be disabled for security. Azure OpenAI Studio, typically used in development/testing, requires key access and will not function if key access is disabled. After disabling, Microsoft Entra ID becomes the only access method, which allows maintaining minimum privilege principle and granular control. Learn more at: https://aka.ms/AI/auth |
DeployIfNotExists Disabled |
DeployIfNotExists Disabled |
|||||||
| Azure Ai Services |
Diagnostic logs in Azure AI services resources should be enabled Enable logs for Azure AI services resources. This enables you to recreate activity trails for investigation purposes, when a security incident occurs or your network is compromised |
AuditIfNotExists Disabled |
AuditIfNotExists Disabled |
AuditIfNotExists Disabled |