Policy: Azure > AI Foundry > Account > Local Auth

Define whether local (API key) authentication is allowed on Azure > AI Foundry > Account.

Enabled means local authentication methods (API keys) are permitted — backed by properties.disableLocalAuth: false (the Azure default). Disabled means only Microsoft Entra ID (AAD) authentication is accepted — backed by properties.disableLocalAuth: true. Use Disabled to align an account with the "identity-only" governance objective.

Targets

This policy targets the following resource types:

Azure > AI Foundry > Account

Controls

Setting this policy configures this control:

Azure > AI Foundry > Account > Local Auth

Policy Specification

Schema Type	`string`
Default	`Skip`
Valid Values [YAML]	`Skip` `Check: Enabled` `Check: Disabled` `Enforce: Enabled` `Enforce: Disabled`
Examples [YAML]	`Check: Disabled`

In Your Workspace

Policy Settings by Type report

Developers

Category URI

tmod:@turbot/turbot#/control/categories/security

Policy Type URI

tmod:@turbot/azure-aifoundry#/policy/types/accountLocalAuth

GraphQL

query policyType(id: "tmod:@turbot/azure-aifoundry#/policy/types/accountLocalAuth") { … }

query policySettings(filter: "policyTypeId:'tmod:@turbot/azure-aifoundry#/policy/types/accountLocalAuth'") { … }

query policyValues(filter: "policyTypeId:'tmod:@turbot/azure-aifoundry#/policy/types/accountLocalAuth'") { … }

CLI

Get Policy Type

turbot graphql policy-type --id "tmod:@turbot/azure-aifoundry#/policy/types/accountLocalAuth"

Get Policy Settings

turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/azure-aifoundry#/policy/types/accountLocalAuth"