Azure Policy built-in policy definitions for Azure AI services

This page is an index of Azure Policy built-in policy definitions for Azure AI services. For additional Azure Policy built-ins for other services, see Azure Policy built-in definitions.

The name of each built-in policy definition links to the policy definition in the Azure portal. Use the link in the Version column to view the source on the Azure Policy GitHub repo.

Azure AI services

Name
(Azure portal)
Description Effect(s) Version
(GitHub)
Azure AI Services resources should have key access disabled (disable local authentication) Key access (local authentication) is recommended to be disabled for security. Azure OpenAI Studio, typically used in development/testing, requires key access and will not function if key access is disabled. After disabling, Microsoft Entra ID becomes the only access method, which allows maintaining minimum privilege principle and granular control. Learn more at: https://aka.ms/AI/auth Audit, Deny, Disabled 1.1.0
Azure AI Services resources should restrict network access By restricting network access, you can ensure that only allowed networks can access the service. This can be achieved by configuring network rules so that only applications from allowed networks can access the Azure AI service. Audit, Deny, Disabled 3.2.0
Cognitive Services accounts should enable data encryption with a customer-managed key Customer-managed keys are commonly required to meet regulatory compliance standards. Customer-managed keys enable the data stored in Cognitive Services to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more about customer-managed keys at https://go.microsoft.com/fwlink/?linkid=2121321. Audit, Deny, Disabled 2.1.0
Cognitive Services accounts should use a managed identity Assigning a managed identity to your Cognitive Service account helps ensure secure authentication. This identity is used by this Cognitive service account to communicate with other Azure services, like Azure Key Vault, in a secure way without you having to manage any credentials. Audit, Deny, Disabled 1.0.0
Cognitive Services accounts should use customer owned storage Use customer owned storage to control the data stored at rest in Cognitive Services. To learn more about customer owned storage, visit https://aka.ms/cogsvc-cmk. Audit, Deny, Disabled 2.0.0
Cognitive Services should use private link Azure Private Link lets you connect your virtual networks to Azure services without a public IP address at the source or destination. The Private Link platform handles the connectivity between the consumer and services over the Azure backbone network. By mapping private endpoints to Cognitive Services, you'll reduce the potential for data leakage. Learn more about private links at: https://go.microsoft.com/fwlink/?linkid=2129800. Audit, Disabled 3.0.0
Configure Cognitive Services accounts to disable local authentication methods Disable local authentication methods so that your Cognitive Services accounts require Azure Active Directory identities exclusively for authentication. Learn more at: https://aka.ms/cs/auth. Modify, Disabled 1.0.0
Configure Cognitive Services accounts to disable public network access Disable public network access for your Cognitive Services resource so that it's not accessible over the public internet. This can reduce data leakage risks. Learn more at: https://go.microsoft.com/fwlink/?linkid=2129800. Disabled, Modify 3.0.0
Configure Cognitive Services accounts with private endpoints Private endpoints connect your virtual networks to Azure services without a public IP address at the source or destination. By mapping private endpoints to Cognitive Services, you'll reduce the potential for data leakage. Learn more about private links at: https://go.microsoft.com/fwlink/?linkid=2129800. DeployIfNotExists, Disabled 3.0.0
Diagnostic logs in Azure AI services resources should be enabled Enable logs for Azure AI services resources. This enables you to recreate activity trails for investigation purposes, when a security incident occurs or your network is compromised AuditIfNotExists, Disabled 1.0.0
Enable logging by category group for Cognitive Services (microsoft.cognitiveservices/accounts) to Event Hub Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to an Event Hub for Cognitive Services (microsoft.cognitiveservices/accounts). DeployIfNotExists, AuditIfNotExists, Disabled 1.1.0
Enable logging by category group for Cognitive Services (microsoft.cognitiveservices/accounts) to Log Analytics Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Cognitive Services (microsoft.cognitiveservices/accounts). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0
Enable logging by category group for Cognitive Services (microsoft.cognitiveservices/accounts) to Storage Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Storage Account for Cognitive Services (microsoft.cognitiveservices/accounts). DeployIfNotExists, AuditIfNotExists, Disabled 1.0.0

Next steps