Use identity-based authentication for Azure AI accounts

Security · Azure AI · Rule · 2022_09 · Important

Authenticate requests to Azure AI services with Entra ID identities.

Description

To send requests to Azure AI service endpoints (previously known as Cognitive Services), each request must include an authentication header. Azure AI service endpoints supports authentication with keys or access tokens. Using an Entra ID access token instead of a cryptographic key has some additional security benefits.

With Entra ID authentication, an authorized identity is issued an OAuth2 access token issued by Entra ID. Using Entra ID as the identity provider centralizes identity management and auditing.

Once you decide to use Entra ID authentication, you can disable authentication using keys.

Recommendation

Consider only using Entra ID identities to authenticate requests to Azure AI service accounts. Once configured, disable authentication based on access keys.

Examples

Configure with Azure template

To deploy accounts that pass this rule:

• Set the properties.disableLocalAuth property to true.

For example:

Azure Template snippet

{
  "type": "Microsoft.CognitiveServices/accounts",
  "apiVersion": "2023-05-01",
  "name": "[parameters('name')]",
  "location": "[parameters('location')]",
  "identity": {
    "type": "SystemAssigned"
  },
  "sku": {
    "name": "S0"
  },
  "kind": "CognitiveServices",
  "properties": {
    "publicNetworkAccess": "Disabled",
    "networkAcls": {
      "defaultAction": "Deny"
    },
    "disableLocalAuth": true
  }
}

Configure with Bicep

To deploy accounts that pass this rule:

• Set the properties.disableLocalAuth property to true.

For example:

Azure Bicep snippet

resource account 'Microsoft.CognitiveServices/accounts@2023-05-01' = {
  name: name
  location: location
  identity: {
    type: 'SystemAssigned'
  }
  sku: {
    name: 'S0'
  }
  kind: 'CognitiveServices'
  properties: {
    publicNetworkAccess: 'Disabled'
    networkAcls: {
      defaultAction: 'Deny'
    }
    disableLocalAuth: true
  }
}

Configure with Azure Policy

To address this issue at runtime use the following policies:

• Azure AI Services resources should have key access disabled (disable local authentication) /providers/Microsoft.Authorization/policyDefinitions/71ef260a-8f18-47b7-abcb-62d0673d94dc
• Configure Cognitive Services accounts to disable local authentication methods /providers/Microsoft.Authorization/policyDefinitions/14de9e63-1b31-492e-a5a3-c3f7fd57f555

Links

• SE:05 Identity and access management
• IM-1: Use centralized identity and authentication system
• Authenticate with Microsoft Entra ID
• Azure Policy built-in policy definitions for Azure AI services
• Azure deployment reference

Comments