Редактиране

Споделяне чрез

AI security recommendations

  • Статия

This article lists all the AI security recommendations you might see in Microsoft Defender for Cloud.

The recommendations that appear in your environment are based on the resources that you're protecting and on your customized configuration.

To learn about actions that you can take in response to these recommendations, see Remediate recommendations in Defender for Cloud.

Azure recommendations

Azure AI Services resources should have key access disabled (disable local authentication)

Description: Key access (local authentication) is recommended to be disabled for security. Azure OpenAI Studio, typically used in development/testing, requires key access and will not function if key access is disabled. After the setting is disabled, Microsoft Entra ID becomes the only access method, which allows maintaining minimum privilege principle and granular control. Learn more.

This recommendation replaces the old recommendation Cognitive Services accounts should have local authentication methods disabled. It was formerly in category Cognitive Services and Cognitive Search, and was updated to comply with the Azure AI Services naming format and align with the relevant resources.

Severity: Medium

Azure AI Services resources should restrict network access

Description: By restricting network access, you can ensure that only allowed networks can access the service. This can be achieved by configuring network rules so that only applications from allowed networks can access the Azure AI service resource.

This recommendation replaces the old recommendation Cognitive Services accounts should restrict network access. It was formerly in category Cognitive Services and Cognitive Search, and was updated to comply with the Azure AI Services naming format and align with the relevant resources.

Severity: Medium

(Enable if required) Azure AI Services resources should encrypt data at rest with a customer-managed key (CMK)

Description: Using customer-managed keys to encrypt data at rest provides more control over the key lifecycle, including rotation and management. This is particularly relevant for organizations with related compliance requirements.

This is not assessed by default and should only be applied when required by compliance or restrictive policy requirements. If not enabled, the data will be encrypted using platform-managed keys. To implement this, update the 'Effect' parameter in the Security Policy for the applicable scope. (Related policy: Azure AI Services resources should encrypt data at rest with a customer-managed key (CMK))

This recommendation replaces the old recommendation Cognitive services accounts should enable data encryption using customer keys. It was formerly in category Data recommendations, and was updated to comply with the Azure AI Services naming format and align with the relevant resources.

Severity: Low

Resource logs in Azure Machine Learning Workspaces should be enabled (Preview)

Description & related policy: Resource logs enable recreating activity trails to use for investigation purposes when a security incident occurs or when your network is compromised.

Severity: Medium

Azure Machine Learning Workspaces should disable public network access (Preview)

Description & related policy: Disabling public network access improves security by ensuring that the Machine Learning Workspaces aren't exposed on the public internet. You can control exposure of your workspaces by creating private endpoints instead. For more information, see Configure a private endpoint for an Azure Machine Learning workspace.

Severity: Medium

Azure Machine Learning Computes should be in a virtual network (Preview)

Description & related policy: Azure Virtual Networks provide enhanced security and isolation for your Azure Machine Learning Compute Clusters and Instances, as well as subnets, access control policies, and other features to further restrict access. When a compute is configured with a virtual network, it is not publicly addressable and can only be accessed from virtual machines and applications within the virtual network.

Severity: Medium

Azure Machine Learning Computes should have local authentication methods disabled (Preview)

Description & related policy: Disabling local authentication methods improves security by ensuring that Machine Learning Computes require Azure Active Directory identities exclusively for authentication. For more information, see Azure Policy Regulatory Compliance controls for Azure Machine Learning.

Severity: Medium

Azure Machine Learning compute instances should be recreated to get the latest software updates (Preview)

Description & related policy: Ensure Azure Machine Learning compute instances run on the latest available operating system. Security is improved and vulnerabilities reduced by running with the latest security patches. For more information, see Vulnerability management for Azure Machine Learning.

Severity: Medium

Diagnostic logs in Azure AI services resources should be enabled

Description: Enable logs for Azure AI services resources. This enables you to recreate activity trails for investigation purposes, when a security incident occurs or your network is compromised.

This recommendation replaces the old recommendation Diagnostic logs in Search services should be enabled. It was formerly in the category Cognitive Services and Cognitive Search, and was updated to comply with the Azure AI Services naming format and align with the relevant resources.

Severity: Low

Resource logs in Azure Databricks Workspaces should be enabled (Preview)

Description & related policy: Resource logs enable recreating activity trails to use for investigation purposes when a security incident occurs or when your network is compromised.

Severity: Medium

Azure Databricks Workspaces should disable public network access (Preview)

Description & related policy: Disabling public network access improves security by ensuring that the resource isn't exposed on the public internet. You can control exposure of your resources by creating private endpoints instead. For more information, see Enable Azure Private Link.

Severity: Medium

Azure Databricks Clusters should disable public IP (Preview)

Description & related policy: Disabling public IP of clusters in Azure Databricks Workspaces improves security by ensuring that the clusters aren't exposed on the public internet. For more information, see Secure cluster connectivity.

Severity: Medium

Azure Databricks Workspaces should be in a virtual network (Preview)

Description & related policy: Azure Virtual Networks provide enhanced security and isolation for your Azure Databricks Workspaces, as well as subnets, access control policies, and other features to further restrict access. For more information, see Deploy Azure Databricks in your Azure virtual network.

Severity: Medium

Description & related policy: Azure Private Link lets you connect your virtual networks to Azure services without a public IP address at the source or destination. The Private Link platform handles the connectivity between the consumer and services over the Azure backbone network. By mapping private endpoints to Azure Databricks workspaces, you can reduce data leakage risks. For more information, see Create the workspace and private endpoints in the Azure portal UI.

Severity: Medium

AWS AI recommendations

AWS Bedrock should have model invocation logging enabled

Description: With invocation logging, you can collect the full request data, response data, and metadata associated with all calls performed in your account. This enables you to recreate activity trails for investigation purposes when a security incident occurs.

Severity: Low

Related content