Azure
Bug Report: Exclude Azure AI project because it doesn't have the property publicNetworkAccess
Describe the bug The "Azure AI project" are resources of type "Microsoft.MachineLearningServices/workspaces" but do not support the option "Microsoft.MachineLearningServices/workspaces/publicNetworkAccess", it is the "Azure AI hub" from which they inherit that support this property.
The following policy "Azure Machine Learning should have disabled public network access - 438c38d2-3772-465a-a9cc-7a6666a275ce." should exclude "Azure AI project" A solution could be to exclude "Azure AI project" from this policy through the following filter:
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.MachineLearningServices/workspaces"
},
{
"field": "Microsoft.MachineLearningServices/workspaces/kind",
"notEquals": "Project"
},
{
"anyOf": [
{
"field": "Microsoft.MachineLearningServices/workspaces/publicNetworkAccess",
"exists": "false"
},
{
"field": "Microsoft.MachineLearningServices/workspaces/publicNetworkAccess",
"notEquals": "Disabled"
}
]
}
]
},
Steps to reproduce
- Use the policy 438c38d2-3772-465a-a9cc-7a6666a275ce
- Create an Azure AI Hub with on Azure AI Project included
Screenshots
@JamesDLD thanks for reporting this issue. Can we ask you to open a support ticket for this issue as this related to a built-in policy (which we don't maintain). This helps create awareness with the respective engineering teams.
@JamesDLD thanks for reporting this issue. Can we ask you to open a support ticket for this issue as this related to a built-in policy (which we don't maintain). This helps create awareness with the respective engineering teams.
Thanks! just did it, support request number: 2510130050003164