how to lock down the access to speech resource to Speech portal only?

Klaus Zuenkler 46 Reputation points
2020-12-21T17:26:31.203+00:00

how to lock down the access to a speech resource so that only Speech portal (speech.microsoft.com) would get access to it?
Currently the resource requires "access from all networks". This is against our policy. How can we lock this down? I did not find a suitable IP adress range which worked. What is best practice?
A private endpoint probably cannot be used, but what else?
We need the resource only for Content creation (text to speech with SSML)

Azure AI Speech
Azure AI Speech
An Azure service that integrates speech processing into apps and services.
1,818 questions
{count} votes

Accepted answer
  1. romungi-MSFT 47,441 Reputation points Microsoft Employee
    2020-12-22T14:08:45.897+00:00

    @Klaus Zuenkler I believe this query is similar to the thread we discussed earlier. I am referencing the same here for visibility and posting my last response as answer here.

    The list for all Azure are available for download from here. The cognitive services area uses the IPs under CognitiveServicesManagement. This list is dynamic and could change from time to time, if you are planning to block access with the IP list. Depending on your region you can lookup your IP with nslookup and check if the IP is available in the downloaded list. The IP returned in my case is available in the list so you can do a quick check by blocking the IP you see with lookup. I hope this helps.

    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.