Control: Cognitive Services accounts should disable public network access

Description

Disabling public network access improves security by ensuring that Cognitive Services account isn't exposed on the public internet. Creating private endpoints can limit exposure of Cognitive Services account.

Usage

Run the control in your terminal:

powerpipe control run azure_compliance.control.cognitive_account_public_network_access_disabled

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_compliance.control.cognitive_account_public_network_access_disabled --share

SQL

This control uses a named query:

select
  s.id as resource,
  case
    when public_network_access = 'Enabled' then 'alarm'
    else 'ok'
  end as status,
  case
    when public_network_access = 'Enabled' then name || ' public network access enabled.'
    else name || ' public network access disabled.'
  end as reason
  
  , s.resource_group as resource_group
  , sub.display_name as subscription
from
  azure_cognitive_account as s,
  azure_subscription as sub
where
  sub.subscription_id = s.subscription_id;

Control: Cognitive Services accounts should disable public network access

Description

Usage

SQL

Tags