Restrict Azure AI service endpoints

Security · Azure AI · Rule · 2022_09 · Important

Restrict access of Azure AI services to authorized virtual networks.

Description

By default, public network access is enabled for a Azure AI service accounts (previously known as Cognitive Services). Service Endpoints and Private Link can be leveraged to restrict access to PaaS endpoints. When access is restricted, access by malicious actor is from an unauthorized virtual network is mitigated.

Configure service endpoints and private links where appropriate.

Recommendation

Consider configuring network access restrictions for Azure AI service accounts. Limit access to accounts so that access is permitted from authorized virtual networks only.

Examples

Configure with Azure template

To deploy accounts that pass this rule:

• Set the properties.networkAcls.defaultAction property to Deny, or
• Set the properties.publicNetworkAccess property to Disabled.

For example:

Azure Template snippet

{
  "type": "Microsoft.CognitiveServices/accounts",
  "apiVersion": "2023-05-01",
  "name": "[parameters('name')]",
  "location": "[parameters('location')]",
  "identity": {
    "type": "SystemAssigned"
  },
  "sku": {
    "name": "S0"
  },
  "kind": "CognitiveServices",
  "properties": {
    "publicNetworkAccess": "Disabled",
    "networkAcls": {
      "defaultAction": "Deny"
    },
    "disableLocalAuth": true
  }
}

Configure with Bicep

To deploy accounts that pass this rule:

• Set the properties.networkAcls.defaultAction property to Deny, or
• Set the properties.publicNetworkAccess property to Disabled.

For example:

Azure Bicep snippet

resource account 'Microsoft.CognitiveServices/accounts@2023-05-01' = {
  name: name
  location: location
  identity: {
    type: 'SystemAssigned'
  }
  sku: {
    name: 'S0'
  }
  kind: 'CognitiveServices'
  properties: {
    publicNetworkAccess: 'Disabled'
    networkAcls: {
      defaultAction: 'Deny'
    }
    disableLocalAuth: true
  }
}

Configure with Azure Verified Modules

A pre-validated module supported by Microsoft is available from the Azure Bicep public registry. To reference the module, please use the following syntax:

br/public:avm/res/cognitive-services/account:<version>

To use the latest version:

br/public:avm/res/cognitive-services/account:0.8.1

---

• What is Azure Verified Modules?
• Usage and parameters for this module

Links

• SE:06 Network controls
• Configure Azure AI services virtual networks
• Azure Policy built-in policy definitions for Azure AI services
• Azure deployment reference

Comments