AzInitiativeAdvertizer

last sync: 2025-Apr-30 18:25:10 UTC
this is the development/test site - data is not accurate. Go to prod

Enforce recommended guardrails for Open AI (Cognitive Service)

Azure Landing Zones (ALZ) Policy Initiative (PolicySet)

Source Repository Azure Landing Zones (ALZ) GitHub
JSON Enforce-Guardrails-OpenAI
Display nameEnforce recommended guardrails for Open AI (Cognitive Service)
IdEnforce-Guardrails-OpenAI
Version1.2.0
Details on versioning
CategoryCognitive Services
DescriptionThis policy initiative is a group of policies that ensures Open AI (Cognitive Service) is compliant per regulated Landing Zones.
Cloud environments AzureChinaCloud
AzureCloud
AzureUSGovernment
TypeCustom Azure Landing Zones (ALZ)
DeprecatedFalse
PreviewFalse
Policy-used summary
Policy types Policy states Policy categories
Total Policies: 11
Builtin Policies: 9
Static Policies: 0
ALZ Policies: 2
GA: 11
2 categories:
Azure Ai Services: 6
Cognitive Services: 5
Policy-used
Policy DisplayName Policy Id Category Effect Roles# Roles State Type policy in AzUSGov
Azure AI Services resources should have key access disabled (disable local authentication) 71ef260a-8f18-47b7-abcb-62d0673d94dc Azure Ai Services Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA BuiltIn true
Azure AI Services resources should restrict network access 037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure Ai Services Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA BuiltIn true
Azure AI Services resources should use Azure Private Link d6759c02-b87f-42b7-892e-71b3f471d782 Azure Ai Services Default
Audit
Allowed
Audit, Disabled		 0 GA BuiltIn true
Cognitive Services accounts should use a managed identity fe3fd216-4f83-4fc1-8984-2bbec80a3418 Cognitive Services Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA BuiltIn unknown
Cognitive Services accounts should use customer owned storage 46aa9b05-0e60-4eae-a88b-1e9d374fa515 Cognitive Services Default
Audit
Allowed
Audit, Deny, Disabled		 0 GA BuiltIn unknown
Configure Azure AI Services resources to disable local key access (disable local authentication) d45520cb-31ca-44ba-8da2-fcf914608544 Azure Ai Services Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 3 Cognitive Services Contributor, Cognitive Services OpenAI Contributor, Search Service Contributor GA BuiltIn unknown
Configure Azure AI Services resources to disable local key access (disable local authentication) 55eff01b-f2bd-4c32-9203-db285f709d30 Azure Ai Services Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 2 Cognitive Services Contributor, Cognitive Services OpenAI Contributor GA BuiltIn unknown
Configure Cognitive Services accounts to disable local authentication methods 14de9e63-1b31-492e-a5a3-c3f7fd57f555 Cognitive Services Default
Modify
Allowed
Modify, Disabled		 1 Contributor GA BuiltIn unknown
Diagnostic logs in Azure AI services resources should be enabled 1b4d1c4e-934c-4703-944c-27c82c06bebb Azure Ai Services Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled		 0 GA BuiltIn true
Network ACLs should be restricted for Cognitive Services Deny-CognitiveServices-NetworkAcls Cognitive Services Default
Deny
Allowed
Audit, Deny, Disabled		 0 GA ALZ
Outbound network access should be restricted for Cognitive Services Deny-CognitiveServices-RestrictOutboundNetworkAccess Cognitive Services Default
Deny
Allowed
Audit, Deny, Disabled		 0 GA ALZ
Roles used
History none
JSON compare n/a
JSON
EPAC