Best practice rules for AI Services
- Disable Public Network Access to OpenAI Service Instances
Ensure that public network access to OpenAI service instances is disabled.
- Enable Diagnostic Logs for OpenAI Service Instances
Ensure that Diagnostic Logs are enabled for your Azure OpenAI service instances.
- OpenAI Encryption using Customer-Managed Keys
Use Customer Managed Keys (CMKs) to encrypt Azure OpenAI service instances.
- OpenAI Service Instances with Admin Privileges
Ensure that Azure OpenAI service instances don't have administrative privileges.
- Regenerate API Access Keys for OpenAI Service Instances
Ensure that your Azure AI services API access keys are regularly rotated.
- Use Managed Identities for OpenAI Service Instances
Ensure that Azure OpenAI service instances are using managed identities.
- Use Private Endpoints for OpenAI Service Instances
Ensure that network access to OpenAI service instances is allowed via private endpoints only.