Azure 认知服务的 Azure Policy 内置策略定义Azure Policy built-in policy definitions for Azure Cognitive Services

此页是 Azure 认知服务的 Azure Policy 内置策略定义的索引。This page is an index of Azure Policy built-in policy definitions for Azure Cognitive Services. 有关其他服务的其他 Azure Policy 内置定义,请参阅 Azure Policy 内置定义For additional Azure Policy built-ins for other services, see Azure Policy built-in definitions.

每个内置策略定义链接(指向 Azure 门户中的策略定义)的名称。The name of each built-in policy definition links to the policy definition in the Azure portal. 使用“版本”列中的链接查看 Azure Policy GitHub 存储库上的源。Use the link in the Version column to view the source on the Azure Policy GitHub repo.

Azure 认知服务Azure Cognitive Services

名称Name
(Azure 门户)(Azure portal)
说明Description 效果Effect(s) 版本Version
(GitHub)(GitHub)
认知服务帐户应启用数据加密Cognitive Services accounts should enable data encryption 此策略审核未使用数据加密的任何认知服务帐户。This policy audits any Cognitive Services account not using data encryption. 对于具有存储的各个认知服务帐户,应启用使用客户托管密钥或 Microsoft 管理密钥的数据加密。For each Cognitive Services account with storage, should enable data encryption with either customer managed or Microsoft managed key. Audit、Deny、DisabledAudit, Deny, Disabled 1.0.01.0.0
认知服务帐户应启用使用客户管理密钥的数据加密Cognitive Services accounts should enable data encryption with customer-managed key 客户管理的密钥可便于管理存储在认知服务中的数据的加密密钥,从而提供增强的数据保护。Customer-managed keys provide enhanced data protection by allowing you to manage your encryption keys for data stored in Cognitive Services. 这通常是满足合规性要求所必需的。This is often required to meet compliance requirements. Audit、Deny、DisabledAudit, Deny, Disabled 1.0.11.0.1
认知服务帐户应限制网络访问Cognitive Services accounts should restrict network access 应限制对认知服务帐户的网络访问。Network access to Cognitive Services accounts should be restricted. 配置网络规则,使只有来自允许的网络的应用程序才能访问认知服务帐户。Configure network rules so only applications from allowed networks can access the Cognitive Services account. 若要允许来自特定 Internet 或本地客户端的连接,可以向来自特定 Azure 虚拟网络或到公共 Internet IP 地址范围的流量授予访问权限。To allow connections from specific internet or on-premises clients, access can be granted to traffic from specific Azure virtual networks or to public internet IP address ranges. Audit、Deny、DisabledAudit, Deny, Disabled 1.0.01.0.0
认知服务帐户应使用客户自有存储Cognitive Services accounts should use customer owned storage 此策略审核未使用客户自有存储的任何认知服务帐户。This policy audits any Cognitive Services account not using customer owned storage. Audit、Deny、DisabledAudit, Deny, Disabled 1.0.01.0.0
认知服务帐户应使用客户自有存储或启用数据加密。Cognitive Services accounts should use customer owned storage or enable data encryption. 此策略审核未使用客户自有存储或数据加密的任何认知服务帐户。This policy audits any Cognitive Services account not using customer owned storage nor data encryption. 对于具有存储的各个认知服务帐户,应使用客户自有存储或启用数据加密。For each Cognitive Services account with storage, use either customer owned storage or enable data encryption. Audit、Deny、DisabledAudit, Deny, Disabled 1.0.01.0.0
应为认知服务帐户禁用公用网络访问Public network access should be disabled for Cognitive Services accounts 此策略审核你的环境中启用了公用网络访问的任何认知服务帐户。This policy audits any Cognitive Services account in your environment with public network access enabled. 应禁用公用网络访问,仅允许来自专用终结点的连接。Public network access should be disabled so that only connections from private endpoints are allowed. Audit、Deny、DisabledAudit, Deny, Disabled 1.0.01.0.0

后续步骤Next steps