Policy: Azure > Cognitive Services > Account > Public Network Access
Define the public network access setting required for Azure > Cognitive Services > Account.
The Public Network Access policy determines whether public network access for an Azure Cognitive Services account (including Azure OpenAI / AI Service accounts) should be Enabled or Disabled.
When public network access is Enabled, the account is reachable over the public internet (subject to its network ACLs). Disabling public network access restricts the account so it can only be reached through private endpoints, which is the recommended hardening for accounts that should not be exposed publicly.
Unlike the Allowed controls — whose only enforcement is to stop or delete a non-compliant resource — this control remediates the violation in place by updating the live account's publicNetworkAccess property, because that property is mutable.
Targets
This policy targets the following resource types:
Controls
Setting this policy configures this control:
Policy Specification
Schema Type | |
|---|---|
Default | |
Valid Values [YAML] |
|
Examples [YAML] |
|
Category
In Your Workspace
Developers
- tmod:@turbot/turbot#/control/categories/other
- tmod:@turbot/azure-cognitiveservices#/policy/types/accountPublicNetworkAccess
- turbot graphql policy-type --id "tmod:@turbot/azure-cognitiveservices#/policy/types/accountPublicNetworkAccess"
- turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/azure-cognitiveservices#/policy/types/accountPublicNetworkAccess"
Get Policy TypeGet Policy Settings