Skip to content

Use Azure AI services Private Endpoints#

Security · Azure AI · Rule · 2022_09 · Important

Use Private Endpoints to access Azure AI services accounts.

Description#

By default, a public endpoint is enabled for Azure AI services accounts (previously known as Cognitive Services). The public endpoint is used for all access except for requests that use a Private Endpoint. Access through the public endpoint can be disabled or restricted to authorized virtual networks.

Data exfiltration is an attack where an malicious actor does an unauthorized data transfer. Private Endpoints help prevent data exfiltration by an internal or external malicious actor. They do this by providing clear separation between public and private endpoints. As a result, broad access to public endpoints which could be operated by a malicious actor is not required.

Recommendation#

Consider accessing Azure AI services accounts by Private Endpoints and disabling public endpoints.

Examples#

Configure with Azure template#

To deploy accounts that pass this rule:

  • Set the properties.publicNetworkAccess property to Disabled.

For example:

Azure Template snippet
{
  "type": "Microsoft.CognitiveServices/accounts",
  "apiVersion": "2023-05-01",
  "name": "[parameters('name')]",
  "location": "[parameters('location')]",
  "identity": {
    "type": "SystemAssigned"
  },
  "sku": {
    "name": "S0"
  },
  "kind": "CognitiveServices",
  "properties": {
    "publicNetworkAccess": "Disabled",
    "networkAcls": {
      "defaultAction": "Deny"
    },
    "disableLocalAuth": true
  }
}

Configure with Bicep#

To deploy accounts that pass this rule:

  • Set the properties.publicNetworkAccess property to Disabled.

For example:

Azure Bicep snippet
resource account 'Microsoft.CognitiveServices/accounts@2023-05-01' = {
  name: name
  location: location
  identity: {
    type: 'SystemAssigned'
  }
  sku: {
    name: 'S0'
  }
  kind: 'CognitiveServices'
  properties: {
    publicNetworkAccess: 'Disabled'
    networkAcls: {
      defaultAction: 'Deny'
    }
    disableLocalAuth: true
  }
}

Configure with Azure Verified Modules

A pre-validated module supported by Microsoft is available from the Azure Bicep public registry. To reference the module, please use the following syntax:

br/public:avm/res/cognitive-services/account:<version>

To use the latest version:

br/public:avm/res/cognitive-services/account:0.9.0

Comments