What's new?

• Added 18 prevention objectives for Azure AI Foundry covering account-level, deployment-level, and connection-level controls. Account objectives cover Prohibit Public Network Access, Restrict Network Access, Restrict Account Outbound Access to Allowed FQDNs, Require Private Link, Prohibit Local Authentication, Require Managed Identity, Require Customer-Managed Keys, Require Customer-Owned Storage, and Require Diagnostic Logs. Deployment objectives cover Restrict deployments to approved models, Restrict deployments to approved SKUs, Enforce approved model version, Require approved RAI policy, and four Responsible AI content-filtering objectives (prompt filtering, completion filtering, multi-severity filtering, and filtering mode). Connection objective covers Restrict connections to approved auth types.

Prevention Objectives

Added

• Enforce approved model version for Azure AI Foundry deployments
• Enforce completion content filtering for Azure AI Foundry deployments
• Enforce content filtering mode for Azure AI Foundry deployments
• Enforce multi-severity content filtering for Azure AI Foundry deployments
• Enforce prompt content filtering for Azure AI Foundry deployments
• Prohibit local authentication for Azure AI Foundry accounts
• Prohibit public network access for Azure AI Foundry accounts
• Require Azure Private Link for Azure AI Foundry accounts
• Require approved RAI policy for Azure AI Foundry deployments
• Require customer-managed keys for Azure AI Foundry accounts
• Require customer-owned storage for Azure AI Foundry accounts
• Require diagnostic logs for Azure AI Foundry accounts
• Require managed identity for Azure AI Foundry accounts
• Restrict Azure AI Foundry account outbound access to allowed FQDNs
• Restrict Azure AI Foundry connections to approved auth types
• Restrict Azure AI Foundry deployments to approved SKUs
• Restrict Azure AI Foundry deployments to approved models
• Restrict network access for Azure AI Foundry accounts

Prevention Examples

Added

• Enforce approved model version for Azure AI Foundry deployments
• Enforce completion content filtering for Azure AI Foundry deployments
• Enforce content filtering mode for Azure AI Foundry deployments
• Enforce multi-severity content filtering for Azure AI Foundry deployments
• Enforce prompt content filtering for Azure AI Foundry deployments
• Prohibit local authentication for Azure AI Foundry accounts
• Prohibit local authentication for Azure AI Foundry accounts
• Prohibit public network access for Azure AI Foundry accounts
• Prohibit public network access for Azure AI Foundry accounts
• Require Azure Private Link for Azure AI Foundry accounts
• Require approved RAI policy for Azure AI Foundry deployments
• Require customer-managed keys for Azure AI Foundry accounts
• Require customer-managed keys for Azure AI Foundry accounts
• Require customer-owned storage for Azure AI Foundry accounts
• Require diagnostic logs for Azure AI Foundry accounts
• Require managed identity for Azure AI Foundry accounts
• Restrict Azure AI Foundry account outbound access to allowed FQDNs
• Restrict Azure AI Foundry connections to approved auth types
• Restrict Azure AI Foundry deployments to approved SKUs
• Restrict Azure AI Foundry deployments to approved model formats
• Restrict Azure AI Foundry deployments to approved model names
• Restrict Azure AI Foundry deployments to approved models
• Restrict network access for Azure AI Foundry accounts