-
Notifications
You must be signed in to change notification settings - Fork 328
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* adding policy files * removing dsstore
- Loading branch information
Showing
6 changed files
with
226 additions
and
0 deletions.
There are no files selected for viewing
53 changes: 53 additions & 0 deletions
53
policyDefinitions/Cognitive Services/audit-content-logging/azurepolicy.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
{ | ||
"name": "5e68f029-0f81-4ee3-b578-705b0fdb237d", | ||
"type": "Microsoft.Authorization/policyDefinitions", | ||
"properties": { | ||
"displayName": "Audit OpenAI instances with content filtering enabled", | ||
"description": "Azure OpenAI Service includes a content management system that filters content. If you are working with sensitive data, content filtering should be disabled so that Microsoft is not processing your data.", | ||
"metadata": { | ||
"category": "Cognitive Services", | ||
"version": "1.0.0" | ||
}, | ||
"mode": "Indexed", | ||
"parameters": { | ||
"effect": { | ||
"type": "String", | ||
"metadata": { | ||
"displayName": "Effect", | ||
"description": "Enable or disable the execution of the policy" | ||
}, | ||
"allowedValues": [ | ||
"Audit", | ||
"Deny", | ||
"Disabled" | ||
], | ||
"defaultValue": "Audit" | ||
} | ||
}, | ||
"policyRule": { | ||
"if": { | ||
"allOf": [ | ||
{ | ||
"field": "type", | ||
"equals": "Microsoft.CognitiveServices/accounts" | ||
}, | ||
{ | ||
"field": "kind", | ||
"equals": "OpenAI" | ||
}, | ||
{ | ||
"anyOf": [ | ||
{ | ||
"field": "Microsoft.CognitiveServices/accounts/capabilities[*].name", | ||
"notEquals": "ContentLogging" | ||
} | ||
] | ||
} | ||
] | ||
}, | ||
"then": { | ||
"effect": "[parameters('effect')]" | ||
} | ||
} | ||
} | ||
} |
15 changes: 15 additions & 0 deletions
15
policyDefinitions/Cognitive Services/audit-content-logging/azurepolicy.parameters.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
{ | ||
"effect": { | ||
"type": "String", | ||
"metadata": { | ||
"displayName": "Effect", | ||
"description": "Enable or disable the execution of the policy" | ||
}, | ||
"allowedValues": [ | ||
"Audit", | ||
"Deny", | ||
"Disabled" | ||
], | ||
"defaultValue": "Audit" | ||
} | ||
} |
25 changes: 25 additions & 0 deletions
25
policyDefinitions/Cognitive Services/audit-content-logging/azurepolicy.rules.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
{ | ||
"if": { | ||
"allOf": [ | ||
{ | ||
"field": "type", | ||
"equals": "Microsoft.CognitiveServices/accounts" | ||
}, | ||
{ | ||
"field": "kind", | ||
"equals": "OpenAI" | ||
}, | ||
{ | ||
"anyOf": [ | ||
{ | ||
"field": "Microsoft.CognitiveServices/accounts/capabilities[*].name", | ||
"notEquals": "ContentLogging" | ||
} | ||
] | ||
} | ||
] | ||
}, | ||
"then": { | ||
"effect": "[parameters('effect')]" | ||
} | ||
} |
73 changes: 73 additions & 0 deletions
73
policyDefinitions/Cognitive Services/public-access-restriction/azurepolicy.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,73 @@ | ||
{ | ||
"name": "5e68f029-0f81-4ee3-b578-705b0fdb237c", | ||
"type": "Microsoft.Authorization/policyDefinitions", | ||
"properties": { | ||
"displayName": "Audit OpenAI instances public access enabled", | ||
"description": "Azure OpenAI instances should not have public access enabled. Open AI instances should only be accessible via select networks or a private endpoint.", | ||
"metadata": { | ||
"category": "Cognitive Services", | ||
"version": "1.0.0" | ||
}, | ||
"mode": "Indexed", | ||
"parameters": { | ||
"effect": { | ||
"type": "String", | ||
"metadata": { | ||
"displayName": "Effect", | ||
"description": "Enable or disable the execution of the policy" | ||
}, | ||
"allowedValues": [ | ||
"Audit", | ||
"Deny", | ||
"Disabled" | ||
], | ||
"defaultValue": "Audit" | ||
} | ||
}, | ||
"policyRule": { | ||
"if": { | ||
"allOf": [ | ||
{ | ||
"field": "type", | ||
"equals": "Microsoft.CognitiveServices/accounts" | ||
}, | ||
{ | ||
"field": "kind", | ||
"equals": "OpenAI" | ||
}, | ||
{ | ||
"anyof": [ | ||
{ | ||
"allof": [ | ||
{ | ||
"field": "Microsoft.CognitiveServices/accounts/networkAcls.defaultAction", | ||
"notEquals": "Deny" | ||
}, | ||
{ | ||
"field": "Microsoft.CognitiveServices/accounts/publicNetworkAccess", | ||
"equals": "Enabled" | ||
} | ||
] | ||
}, | ||
{ | ||
"allof": [ | ||
{ | ||
"field": "Microsoft.CognitiveServices/accounts/networkAcls", | ||
"exists": "false" | ||
}, | ||
{ | ||
"field": "Microsoft.CognitiveServices/accounts/publicNetworkAccess", | ||
"equals": "Enabled" | ||
} | ||
] | ||
} | ||
] | ||
} | ||
] | ||
}, | ||
"then": { | ||
"effect": "[parameters('effect')]" | ||
} | ||
} | ||
} | ||
} |
15 changes: 15 additions & 0 deletions
15
policyDefinitions/Cognitive Services/public-access-restriction/azurepolicy.parameters.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
{ | ||
"effect": { | ||
"type": "String", | ||
"metadata": { | ||
"displayName": "Effect", | ||
"description": "Enable or disable the execution of the policy" | ||
}, | ||
"allowedValues": [ | ||
"Audit", | ||
"Deny", | ||
"Disabled" | ||
], | ||
"defaultValue": "Audit" | ||
} | ||
} |
45 changes: 45 additions & 0 deletions
45
policyDefinitions/Cognitive Services/public-access-restriction/azurepolicy.rules.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
{ | ||
"if": { | ||
"allOf": [ | ||
{ | ||
"field": "type", | ||
"equals": "Microsoft.CognitiveServices/accounts" | ||
}, | ||
{ | ||
"field": "kind", | ||
"equals": "OpenAI" | ||
}, | ||
{ | ||
"anyof": [ | ||
{ | ||
"allof": [ | ||
{ | ||
"field": "Microsoft.CognitiveServices/accounts/networkAcls.defaultAction", | ||
"notEquals": "Deny" | ||
}, | ||
{ | ||
"field": "Microsoft.CognitiveServices/accounts/publicNetworkAccess", | ||
"equals": "Enabled" | ||
} | ||
] | ||
}, | ||
{ | ||
"allof": [ | ||
{ | ||
"field": "Microsoft.CognitiveServices/accounts/networkAcls", | ||
"exists": "false" | ||
}, | ||
{ | ||
"field": "Microsoft.CognitiveServices/accounts/publicNetworkAccess", | ||
"equals": "Enabled" | ||
} | ||
] | ||
} | ||
] | ||
} | ||
] | ||
}, | ||
"then": { | ||
"effect": "[parameters('effect')]" | ||
} | ||
} |