AzPolicyAdvertizer

last sync: 2024-Nov-25 18:54:24 UTC

Configure Azure AI Services resources to disable local key access (disable local authentication)

Azure BuiltIn Policy definition

Source Azure Portal
Display name Configure Azure AI Services resources to disable local key access (disable local authentication)
Id d45520cb-31ca-44ba-8da2-fcf914608544
Version 1.0.0
Details on versioning
Versioning Versions supported for Versioning: 1
1.0.0
Built-in Versioning [Preview]
Category Azure Ai Services
Microsoft Learn
Description Key access (local authentication) is recommended to be disabled for security. Azure OpenAI Studio, typically used in development/testing, requires key access and will not function if key access is disabled. After disabling, Microsoft Entra ID becomes the only access method, which allows maintaining minimum privilege principle and granular control. Learn more at: https://aka.ms/AI/auth
Mode Indexed
Type BuiltIn
Preview False
Deprecated False
Effect Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
RBAC role(s)
Role Name Role Id
Cognitive Services OpenAI Contributor a001fd3d-188f-4b5d-821b-7da978bf7442
Cognitive Services Contributor 25fbc0a9-bd7c-42a3-aa1a-3b75d497ee68
Search Service Contributor 7ca78c08-252a-4471-8644-bb5ff32d4ba0
Rule aliases THEN-ExistenceCondition (1)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Search/searchServices/disableLocalAuth Microsoft.Search searchServices properties.disableLocalAuth True True
Rule resource types IF (1)
Microsoft.Search/searchServices
THEN-Deployment (1)
Microsoft.Search/searchServices
Compliance Not a Compliance control
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
Enforce recommended guardrails for Open AI (Cognitive Service) Enforce-Guardrails-OpenAI Cognitive Services GA ALZ
History
Date/Time (UTC ymd) (i) Change type Change detail
2024-04-12 17:45:57 add d45520cb-31ca-44ba-8da2-fcf914608544
JSON compare n/a
JSON
api-version=2021-06-01
EPAC