AzInitiativeAdvertizer

last sync: 2024-Nov-25 18:54:43 UTC

Enforce recommended guardrails for Cognitive Services

Azure Landing Zones (ALZ) Policy Initiative (PolicySet)

Source Repository Azure Landing Zones (ALZ) GitHub
JSON Enforce-Guardrails-CognitiveServices
Display nameEnforce recommended guardrails for Cognitive Services
IdEnforce-Guardrails-CognitiveServices
Version1.1.0
Details on versioning
CategoryCognitive Services
DescriptionThis policy initiative is a group of policies that ensures Cognitive Services is compliant per regulated Landing Zones.
TypeCustom Azure Landing Zones (ALZ)
DeprecatedFalse
PreviewFalse
Policy count Total Policies: 9
Builtin Policies: 9
Static Policies: 0
ALZ Policies: 0
Policy used
Policy DisplayName Policy Id Category Effect Roles# Roles State Type
Azure Cognitive Search service should use a SKU that supports private link a049bf77-880b-470f-ba6d-9f21c530cf83 Search Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA BuiltIn
Azure Cognitive Search services should have local authentication methods disabled 6300012e-e9a4-4649-b41f-a85f5c43be91 Search Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA BuiltIn
Cognitive Services accounts should use a managed identity fe3fd216-4f83-4fc1-8984-2bbec80a3418 Cognitive Services Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA BuiltIn
Cognitive Services accounts should use customer owned storage 46aa9b05-0e60-4eae-a88b-1e9d374fa515 Cognitive Services Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA BuiltIn
Configure Azure Cognitive Search services to disable local authentication 4eb216f2-9dba-4979-86e6-5d7e63ce3b75 Search Default
Modify
Allowed
Modify, Disabled		 1 Search Service Contributor GA BuiltIn
Configure Azure Cognitive Search services to disable public network access 9cee519f-d9c1-4fd9-9f79-24ec3449ed30 Search Default
Modify
Allowed
Modify, Disabled		 2 Network Contributor, Search Service Contributor GA BuiltIn
Configure Cognitive Services accounts to disable local authentication methods 14de9e63-1b31-492e-a5a3-c3f7fd57f555 Cognitive Services Default
Modify
Allowed
Modify, Disabled		 1 Contributor GA BuiltIn
Configure Cognitive Services accounts to disable public network access 47ba1dd7-28d9-4b07-a8d5-9813bed64e0c Cognitive Services Default
Modify
Allowed
Disabled, Modify		 1 Contributor GA BuiltIn
Resource logs in Search services should be enabled b4330a05-a843-4bc8-bf9a-cacce50c67f4 Search Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA BuiltIn
Roles used
History none
JSON compare n/a
JSON
EPAC