From a311beeec8535a3031a6474375d58ac5b0863b9b Mon Sep 17 00:00:00 2001 From: Adin Ermie Date: Fri, 3 Jan 2025 16:57:20 -0500 Subject: [PATCH] TechDoc updates related to CAF v6.2.0 changes (especially around new policies) --- docs/azure/best-practices/azure-ai.md | 4 ++++ docs/azure/design-build-deploy/networking.md | 2 ++ 2 files changed, 6 insertions(+) diff --git a/docs/azure/best-practices/azure-ai.md b/docs/azure/best-practices/azure-ai.md index ac0cf04..607e911 100644 --- a/docs/azure/best-practices/azure-ai.md +++ b/docs/azure/best-practices/azure-ai.md @@ -40,3 +40,7 @@ When working with Azure OpenAI, you may need to create a Private Endpoint to res It has been observed in several cases, where the DNS `A-Record` for the Azure OpenAI service is not being created properly in the Private DNS Zone. This can cause issues with the service not being able to resolve the endpoint. If you encounter this issue, please open a [support ticket](../../welcome/support.md) with the Public Cloud Platform support team to investigate and resolve the issue. + +## Regulated Landing Zone Compliance + +If you are deploying Azure Cognitive Services, OpenAI, or Machine Learning, there are several Microsoft Enterprise Scale guardrail policies that are enforced that control permitted SKUs, secure authentication through Managed Identities, storage configuration, outbound network access, etc. diff --git a/docs/azure/design-build-deploy/networking.md b/docs/azure/design-build-deploy/networking.md index a4f99da..7e58a79 100644 --- a/docs/azure/design-build-deploy/networking.md +++ b/docs/azure/design-build-deploy/networking.md @@ -13,6 +13,8 @@ There are no subnets that are pre-created within the VNet. Each team is responsi For further guidance on creating subnets with associated NSGs (specifically using Terraform), refer to the [Be Mindful](../best-practices/be-mindful.md#using-terraform-to-create-subnets) documentation. + Additionally, as part of implementing a **Zero Trust** security model, all subnets need to be created as [Private Subnets](https://learn.microsoft.com/en-us/azure/virtual-network/ip-services/default-outbound-access#utilize-the-private-subnet-parameter-public-preview). + ## Spoke-to-Spoke connectivity If your team has multiple environments (ie. Dev, Test, Prod, Tools) within the same Project Set, you may require connectivity between the different environments. This is known as spoke-to-spoke connectivity.