Azure AI account access keys are enabled

April 11, 2025 ยท View on GitHub

SYNOPSIS

Access keys allow depersonalized access to Azure AI using a shared secret.

DESCRIPTION

To send requests to Azure AI service endpoints (previously known as Cognitive Services), each request must include an authentication header. Azure AI service endpoints supports authentication with keys or access tokens. Using an Entra ID access token instead of a cryptographic key has some additional security benefits.

With Entra ID authentication, an authorized identity is issued an OAuth2 access token issued by Entra ID. Using Entra ID as the identity provider centralizes identity management and auditing.

Once you decide to use Entra ID authentication, you can disable authentication using keys.

RECOMMENDATION

Consider only using Entra ID identities to authenticate requests to Azure AI service accounts. Once configured, disable authentication based on access keys.

EXAMPLES

Configure with Azure template

To deploy accounts that pass this rule:

  • Set the properties.disableLocalAuth property to true.

For example:

{
  "type": "Microsoft.CognitiveServices/accounts",
  "apiVersion": "2023-05-01",
  "name": "[parameters('name')]",
  "location": "[parameters('location')]",
  "identity": {
    "type": "SystemAssigned"
  },
  "sku": {
    "name": "S0"
  },
  "kind": "CognitiveServices",
  "properties": {
    "publicNetworkAccess": "Disabled",
    "networkAcls": {
      "defaultAction": "Deny"
    },
    "disableLocalAuth": true
  }
}

Configure with Bicep

To deploy accounts that pass this rule:

  • Set the properties.disableLocalAuth property to true.

For example:

resource account 'Microsoft.CognitiveServices/accounts@2023-05-01' = {
  name: name
  location: location
  identity: {
    type: 'SystemAssigned'
  }
  sku: {
    name: 'S0'
  }
  kind: 'CognitiveServices'
  properties: {
    publicNetworkAccess: 'Disabled'
    networkAcls: {
      defaultAction: 'Deny'
    }
    disableLocalAuth: true
  }
}

Configure with Azure Policy

To address this issue at runtime use the following policies: