What's new?

• Added a new Firewall control family on Azure > Cognitive Services > Account to govern network access to your accounts. You can now set the default access rule (allow or deny), permit trusted Azure services to bypass the firewall, and define approved or required IP ranges and virtual networks. Enforcement remediates accounts in place, updating only the firewall rules Guardrails manages while leaving any other existing rules untouched.
• Added a new Public Network Access control and policy on Azure > Cognitive Services > Account to check or enforce whether an account is reachable from the public internet. It supports Check: Enabled, Check: Disabled, Enforce: Enabled, and Enforce: Disabled, and remediates non-compliant accounts (including Azure OpenAI and AI Service accounts) in place — without deleting and recreating the resource.

Control Types

Added

• Azure > Cognitive Services > Account > Firewall
• Azure > Cognitive Services > Account > Firewall > Exceptions
• Azure > Cognitive Services > Account > Firewall > IP Ranges
• Azure > Cognitive Services > Account > Firewall > IP Ranges > Approved
• Azure > Cognitive Services > Account > Firewall > IP Ranges > Required
• Azure > Cognitive Services > Account > Firewall > Virtual Networks
• Azure > Cognitive Services > Account > Firewall > Virtual Networks > Approved
• Azure > Cognitive Services > Account > Firewall > Virtual Networks > Required
• Azure > Cognitive Services > Account > Public Network Access

Policy Types

Added

• Azure > Cognitive Services > Account > Firewall
• Azure > Cognitive Services > Account > Firewall > Exceptions
• Azure > Cognitive Services > Account > Firewall > Exceptions > Items
• Azure > Cognitive Services > Account > Firewall > IP Ranges
• Azure > Cognitive Services > Account > Firewall > IP Ranges > Approved
• Azure > Cognitive Services > Account > Firewall > IP Ranges > Approved > CIDR Ranges
• Azure > Cognitive Services > Account > Firewall > IP Ranges > Approved > Compiled Rules
• Azure > Cognitive Services > Account > Firewall > IP Ranges > Approved > Rules
• Azure > Cognitive Services > Account > Firewall > IP Ranges > Required
• Azure > Cognitive Services > Account > Firewall > IP Ranges > Required > Items
• Azure > Cognitive Services > Account > Firewall > Virtual Networks
• Azure > Cognitive Services > Account > Firewall > Virtual Networks > Approved
• Azure > Cognitive Services > Account > Firewall > Virtual Networks > Approved > Compiled Rules
• Azure > Cognitive Services > Account > Firewall > Virtual Networks > Approved > Rules
• Azure > Cognitive Services > Account > Firewall > Virtual Networks > Approved > Subnets
• Azure > Cognitive Services > Account > Firewall > Virtual Networks > Required
• Azure > Cognitive Services > Account > Firewall > Virtual Networks > Required > Items
• Azure > Cognitive Services > Account > Public Network Access

Action Types

Added

• Azure > Cognitive Services > Account > Set Public Network Access
• Azure > Cognitive Services > Account > Update Firewall Default Access Rule
• Azure > Cognitive Services > Account > Update Firewall Exceptions
• Azure > Cognitive Services > Account > Update Firewall IP Ranges
• Azure > Cognitive Services > Account > Update Firewall Virtual Networks