Configure data loss prevention for Azure AI services
Azure AI services data loss prevention capabilities allow customers to configure the list of outbound URLs their Azure AI services resources are allowed to access. This creates another level of control for customers to prevent data loss. In this article, we'll cover the steps required to enable the data loss prevention feature for Azure AI services resources.
Prerequisites
Before you make a request, you need an Azure account and an Azure AI services subscription. If you already have an account, go ahead and skip to the next section. If you don't have an account, we have a guide to get you set up in minutes: Create an Azure AI services multi-service resource.
Enabling data loss prevention
There are two parts to enable data loss prevention. First, the resource property restrictOutboundNetworkAccess
must be set to true
. When this is set to true, you also need to provide the list of approved URLs. The list of URLs is added to the allowedFqdnList
property. The allowedFqdnList
property contains an array of comma-separated URLs.
Note
- The
allowedFqdnList
property value supports a maximum of 1000 URLs. - The property supports both IP addresses and fully qualified domain names i.e.,
www.microsoft.com
, values. - It can take up to 15 minutes for the updated list to take effect.
View the details of the Azure AI services resource.
az cognitiveservices account show \ -g "myresourcegroup" -n "myaccount" \
View the current properties of the Azure AI services resource.
az rest -m get \ -u /subscriptions/{subscription ID}/resourceGroups/{resource group}/providers/Microsoft.CognitiveServices/accounts/{account name}?api-version=2021-04-30 \
Configure the restrictOutboundNetworkAccess property and update the allowed FqdnList with the approved URLs
az rest -m patch \ -u /subscriptions/{subscription ID}/resourceGroups/{resource group}/providers/Microsoft.CognitiveServices/accounts/{account name}?api-version=2021-04-30 \ -b '{"properties": { "restrictOutboundNetworkAccess": true, "allowedFqdnList": [ "microsoft.com" ] }}'
Supported services
The following services support data loss prevention configuration:
- Azure AI Vision
- Content Moderator
- Custom Vision
- Face
- Document Intelligence
- Speech Service