Share via

How to enable Encryption type for Azure AI services multi-service account

Eduardo Sciullo 0 Reputation points
2024-01-31T08:01:33.7433333+00:00

I'm not able to enable encryption (Microsoft Managed Keys) for Azure AI services multi-service account into West Europe location with S0 Standard pricing tier.

I receive the following error:

 Code="BringOwnFeatureNotEnabled" Message="Bring your own feature is not enabled for Subscription/SKU/Kind."

I'm using Pulumi's infrastructure as code SDK to provide it (just to share an ARM template/args example):

{
      accountName: "myName",
      kind: "CognitiveServices",
      properties: {
        customSubDomainName: "myName",
        publicNetworkAccess: "Enabled",
        networkAcls: {
          defaultAction: "Allow",
          virtualNetworkRules: [
            { id: mySubnet.id, ignoreMissingVnetServiceEndpoint: false },
          ],
        },
        encryption: {
          keySource: "Microsoft.CognitiveServices",
        },
      },
      resourceGroupName: "myResourceGroupName",
      sku: {
        name: "S0",
      },
      identity: {
        type: "SystemAssigned",
      },
    }

If I use Document intelligence (Form Recognizer) instead of Azure AI services multi-service account, i'm able to enable Encryption (switching kind from "CognitiveServices" to "FormRecognizer"):

{
      accountName: "myName",
      kind: "FormRecognizer",
      properties: {
        customSubDomainName: "myName",
        publicNetworkAccess: "Enabled",
        networkAcls: {
          defaultAction: "Allow",
          virtualNetworkRules: [
            { id: mySubnet.id, ignoreMissingVnetServiceEndpoint: false },
          ],
        },
        encryption: {
          keySource: "Microsoft.CognitiveServices",
        },
      },
      resourceGroupName: "myResourceGroupName",
      sku: {
        name: "S0",
      },
      identity: {
        type: "SystemAssigned",
      },
    }

So, how to enable Encryption type for Azure AI services multi-service account ? Could you share an example or ARM template ?

Thank you

Azure AI Document Intelligence
Azure AI Document Intelligence
An Azure service that turns documents into usable data. Previously known as Azure Form Recognizer.
1,535 questions
Azure AI services
Azure AI services
A group of Azure services, SDKs, and APIs designed to make apps more intelligent, engaging, and discoverable.
2,645 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. navba-MSFT 20,810 Reputation points Microsoft Employee
    2024-02-09T06:26:55.9233333+00:00

    @Eduardo Sciullo I got a confirmation from the Product group team.

    Please note that the Microsoft Managed Keys (MMK) is enabled by default for Azure AI services multi-service account level

    Using your above template you are enabling the Customer Managed Keys (CMK) and not MMK.

    Also note that the CMK, needs to be enabled for individual services (like Document intelligence) in your scenario. You cannot have it at the Azure AI services multi-service account level.

    This is the cause for the below error:

    Code="BringOwnFeatureNotEnabled" Message="Bring your own feature is not enabled for Subscription/SKU/Kind."

    Hope this helps.

    0 comments