Policy: Azure > AI Foundry > Account > Public Network Access

Define the Public Network Access settings required for Azure > AI Foundry > Account.

This policy determines whether public network access is permitted for the AI Foundry account (a Cognitive Services account with kind=AIServices). When public network access is disabled, the account can only be accessed through private endpoints, which is the recommended posture for production AI workloads. When set to "Check: Disabled" or "Check: Enabled" the control will go to an alarm state if the account setting does not match. When set to "Enforce: Disabled" or "Enforce: Enabled" the control will automatically configure the property to match. Setting the policy to "Skip" will exclude the account from this check.

Targets

This policy targets the following resource types:

Azure > AI Foundry > Account

Controls

Setting this policy configures this control:

Azure > AI Foundry > Account > Public Network Access

Policy Specification

Schema Type	`string`
Default	`Skip`
Valid Values [YAML]	`Skip` `Check: Enabled` `Check: Disabled` `Enforce: Enabled` `Enforce: Disabled`
Examples [YAML]	`Check: Disabled`

In Your Workspace

Policy Settings by Type report

Developers

Category URI

tmod:@turbot/turbot#/control/categories/security

Policy Type URI

tmod:@turbot/azure-aifoundry#/policy/types/accountPublicNetworkAccess

GraphQL

query policyType(id: "tmod:@turbot/azure-aifoundry#/policy/types/accountPublicNetworkAccess") { … }

query policySettings(filter: "policyTypeId:'tmod:@turbot/azure-aifoundry#/policy/types/accountPublicNetworkAccess'") { … }

query policyValues(filter: "policyTypeId:'tmod:@turbot/azure-aifoundry#/policy/types/accountPublicNetworkAccess'") { … }

CLI

Get Policy Type

turbot graphql policy-type --id "tmod:@turbot/azure-aifoundry#/policy/types/accountPublicNetworkAccess"

Get Policy Settings

turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/azure-aifoundry#/policy/types/accountPublicNetworkAccess"