Disable Public Network Access to OpenAI Service Instances

Risk Level: High (not acceptable risk)

Rule ID: AIServices-002

Ensure that public network access (i.e. all network access) to Microsoft Azure OpenAI service instances is disabled in order to enhance security by preventing unauthorized access.

This rule resolution is part of the Conformity Security & Compliance tool for Azure.

Security

When an Azure OpenAI service instance is publicly accessible, all networks, including the Internet, can access the instance, increasing the risk of unauthorized access, potential security breaches, and compliance violations. To limit access to selected, trusted networks, you must configure network access rules for your OpenAI instances. This allows only authorized traffic from your Azure virtual networks (VNets) or trusted IP addresses to interact with the OpenAI instances, preventing unauthorized access attempts and protecting your AI workloads and data.

Audit

To determine whether public network access to your Azure OpenAI service instances is restricted, perform the following actions:

Using Azure Console

01 Sign in to the Azure Management Console.

02 Navigate to Azure OpenAI blade available at https://portal.azure.com/#view/Microsoft_Azure_ProjectOxford/CognitiveServicesHub/~/OpenAI.

03 Select the Azure subscription that you want to examine from the Subscription equals all filter box, and choose Apply.

04 Click on the name (link) of the Azure OpenAI service instance that you want to examine. An OpenAI service instance has Kind set to OpenAI.

05 In the navigation panel, under Resource Management, select Networking to access the networking configuration settings available for the selected OpenAI resource.

06 Select the Firewalls and virtual networks tab and check the Allow access from configuration setting to determine the level of access configured for the selected OpenAI instance. If Allow access from is set to All networks, all networks, including the Internet, can access your resource, therefore, the public network access to the selected Azure OpenAI service instance is not disabled.

07 Repeat steps no. 4 – 6 for each Azure OpenAI instance available within the selected subscription.

08 Repeat steps no. 3 – 7 for each subscription created in your Microsoft Azure cloud account.

Using Azure CLI

01 Run cognitiveservices account list command (Windows/macOS/Linux) with custom output filters to list the name and the associated resource group for each Azure OpenAI service instance available in the current subscription:

az cognitiveservices account list
  --output table
  --query '[?(kind==`OpenAI`)].{name:name, resourceGroup:resourceGroup}'

02 The command output should return the requested OpenAI service instance identifiers:

Name                           ResourceGroup
---------------------------    ------------------------------
tm-openai-project5-instance    cloud-shell-storage-westeurope
tm-openai-workspace-server     cloud-shell-storage-westeurope

03 Run cognitiveservices account show command (Windows/macOS/Linux) with the name of the Azure OpenAI service instance that you want to examine as the identifier parameter and custom output filters to determine if the public network access to the selected OpenAI instance is disabled:

az cognitiveservices account show
  --name tm-openai-project5-instance
  --resource-group cloud-shell-storage-westeurope
  --query '{networkAcls:properties.networkAcls.defaultAction,publicNetworkAccess:properties.publicNetworkAccess}'

04 The command output should return the status of the default network access rule used by the selected instance (i.e. "networkAcls" value) and the status of the "publicNetworkAccess" setting configured for the instance:

{
	"networkAcls": "Allow",
	"publicNetworkAccess": "Enabled"
}

If the cognitiveservices account show command output returns "Allow" or null for "networkAcls" and "Enabled" for "publicNetworkAccess", as shown in the example above, all networks, including the Internet, can access your OpenAI resource, therefore, the public network access to the selected Azure OpenAI service instance is not disabled.

05 Repeat step no. 3 and 4 for each Azure OpenAI instance available in the selected Azure subscription.

06 Repeat steps no. 1 – 5 for each subscription created in your Microsoft Azure cloud account.

Remediation / Resolution

To disable public network access to your Microsoft Azure OpenAI service instances, perform the following operations:

Using Azure Console

01 Sign in to the Azure Management Console.

02 Navigate to Azure OpenAI blade available at https://portal.azure.com/#view/Microsoft_Azure_ProjectOxford/CognitiveServicesHub/~/OpenAI.

03 Select the Azure subscription that you want to access from the Subscription equals all filter box, and choose Apply.

04 Click on the name (link) of the Azure OpenAI service instance that you want to configure.

05 In the navigation panel, under Resource Management, select Networking to access the networking configuration settings available for the selected OpenAI resource.

06 Select the Firewalls and virtual networks tab and perform the following actions:

For Allow access from select Selected Networks and Private Endpoints.
If you want to grant access from an Azure virtual network (VNet), in the Virtual networks section, choose + Add existing virtual network and select an existing virtual network with one or more VNet subnets. If you need to create a new virtual network for secure access, choose + Add new virtual network and follow the setup wizard to create a new VNet for your OpenAI instance. The VNet subnet(s) will be created with a service endpoint for 'Microsoft.CognitiveServices'.
If you want to allow access from specific public IP addresses and IP ranges, in the Firewall section, provide an IP address range using CIDR notation (e.g. 192.168.0.0/16), or an individual IP address (e.g. 192.168.0.1) in the IP address or CIDR box under Address range. You can also add your client IP address by checking the Add your client IP address ('xxx.xxx.xxx.xxx') checkbox.
Choose Save to apply the configuration settings.

07 Repeat steps no. 4 - 6 for each Azure OpenAI instance that you want to configure, available within the selected Azure subscription.

08 Repeat steps no. 3 – 7 for each subscription available in your Microsoft Azure cloud account.

Using Azure CLI

01 Run cognitiveservices account list command (Windows/macOS/Linux) with custom output filters to list the identifier (ID) of each Azure OpenAI service instance available in the current subscription:

az cognitiveservices account list
  --query '[?(kind==`OpenAI`)].id'

02 The command output should return the requested OpenAI service instance identifiers:

[
	"/subscriptions/abcd1234-abcd-1234-abcd-1234abcd1234/resourceGroups/cloud-shell-storage-westeurope/providers/Microsoft.CognitiveServices/accounts/tm-openai-project5-instance",
	"/subscriptions/abcd1234-abcd-1234-abcd-1234abcd1234/resourceGroups/cloud-shell-storage-westeurope/providers/Microsoft.CognitiveServices/accounts/tm-openai-workspace-server"
]

03 Run resource update command (Windows/macOS/Linux) with the ID of the Azure OpenAI service instance that you want to configure as the identifier parameter, to disable public network access to the selected OpenAI instance:

az resource update
  --ids "/subscriptions/abcd1234-abcd-1234-abcd-1234abcd1234/resourceGroups/cloud-shell-storage-westeurope/providers/Microsoft.CognitiveServices/accounts/tm-openai-project5-instance"
  --set properties.networkAcls="{'defaultAction':'Deny'}"
  --set properties.publicNetworkAccess="Disabled"

04 The command output should return the information available for the configured OpenAI service instance:

{
	"id": "/subscriptions/abcd1234-abcd-1234-abcd-1234abcd1234/resourceGroups/cloud-shell-storage-westeurope/providers/Microsoft.CognitiveServices/accounts/tm-openai-project5-instance",
	"identity": {
		"principalId": "abcd1234-abcd-1234-abcd-1234abcd1234",
		"tenantId": "abcd1234-abcd-1234-abcd-1234abcd1234",
		"type": "SystemAssigned",
	},
	"kind": "OpenAI",
	"location": "westus",
	"name": "tm-openai-project5-instance",
	"properties": {
		"encryption": {
			"keySource": "Microsoft.KeyVault",
			"keyVaultProperties": {
				"keyName": "tm-openai-key",
				"keyVaultUri": "https://tm-project5-vault.vault.azure.net",
				"keyVersion": "abcd1234abcd1234abcd1234abcd1234"
			}
		},

		...

		"isMigrated": false,
		"locations": null,
		"migrationToken": null,
		"networkAcls": {
			"defaultAction": "Deny"
		},
		"privateEndpointConnections": [],
		"provisioningState": "Succeeded",
		"publicNetworkAccess": "Disabled",
		"quotaLimit": null,
		"restore": null,
		"restrictOutboundNetworkAccess": null,
		"scheduledPurgeDate": null,
		"skuChangeInfo": null,
		"userOwnedStorage": null
	},
	"resourceGroup": "cloud-shell-storage-westeurope",
	"type": "Microsoft.CognitiveServices/accounts"
}

05 If you want to grant access from an Azure virtual network (VNet), run network vnet subnet update command (Windows/macOS/Linux) to enable a service endpoint for your OpenAI instance on an existing virtual network (VNet) and subnet:

az network vnet subnet update
  --resource-group "cloud-shell-storage-westeurope"
  --name "tm-vnet-subnet-001"
  --vnet-name "tm-project5-vnet"
  --service-endpoints "Microsoft.CognitiveServices"

06 The command output should return the service endpoint configuration information:

{
	"addressPrefixes": [
		"10.0.0.0/24"
	],
	"delegations": [],
	"etag": "W/\"abcd1234-abcd-1234-abcd-1234abcd1234\"",
	"id": "/subscriptions/abcd1234-abcd-1234-abcd-1234abcd1234/resourceGroups/cloud-shell-storage-westeurope/providers/Microsoft.Network/virtualNetworks/tm-project5-vnet/subnets/tm-vnet-subnet-001",
	"name": "tm-vnet-subnet-001",
	"privateEndpointNetworkPolicies": "Disabled",
	"privateLinkServiceNetworkPolicies": "Enabled",
	"provisioningState": "Succeeded",
	"resourceGroup": "cloud-shell-storage-westeurope",
	"serviceEndpoints": [
		{
			"locations": [
			"*"
			],
			"provisioningState": "Succeeded",
			"service": "Microsoft.CognitiveServices"
		}
	],
	"type": "Microsoft.Network/virtualNetworks/subnets"
}

07 Run cognitiveservices account network-rule add command (Windows/macOS/Linux) to add a new network rule to your OpenAI service instance in order to allow access from the specified virtual network (VNet) subnet:

az cognitiveservices account network-rule add
  --resource-group "cloud-shell-storage-westeurope"
  --name "tm-openai-project5-instance"
  --subnet "/subscriptions/abcd1234-abcd-1234-abcd-1234abcd1234/resourceGroups/cloud-shell-storage-westeurope/providers/Microsoft.Network/virtualNetworks/tm-project5-vnet/subnets/tm-vnet-subnet-001"

08 The command output should return the information available for the configured OpenAI instance:

{
	"id": "/subscriptions/abcd1234-abcd-1234-abcd-1234abcd1234/resourceGroups/cloud-shell-storage-westeurope/providers/Microsoft.CognitiveServices/accounts/tm-openai-project5-instance",
	"identity": {
		"principalId": "abcd1234-abcd-1234-abcd-1234abcd1234",
		"tenantId": "abcd1234-abcd-1234-abcd-1234abcd1234",
		"type": "SystemAssigned",
	},
	"kind": "OpenAI",
	"location": "westus",
	"name": "tm-openai-project5-instance",
	"properties": {
		"encryption": {
		},

		...

		"isMigrated": false,
		"locations": null,
		"migrationToken": null,
		"networkAcls": {
			"defaultAction": "Deny",
			"ipRules": null,
			"virtualNetworkRules": [
				{
					"id": "/subscriptions/abcd1234-abcd-1234-abcd-1234abcd1234/resourceGroups/cloud-shell-storage-westeurope/providers/Microsoft.Network/virtualNetworks/tm-project5-vnet/subnets/tm-vnet-subnet-001",
					"ignoreMissingVnetServiceEndpoint": true,
					"resourceGroup": "cloud-shell-storage-westeurope",
					"state": null
				}
			]
		},

		...

		"privateEndpointConnections": [],
		"provisioningState": "Succeeded",
		"publicNetworkAccess": "Disabled",
		"quotaLimit": null,
		"restore": null,
		"restrictOutboundNetworkAccess": null,
		"scheduledPurgeDate": null,
		"skuChangeInfo": null,
		"userOwnedStorage": null
	},
	"resourceGroup": "cloud-shell-storage-westeurope",
	"type": "Microsoft.CognitiveServices/accounts"
}

09 If you want to allow access from specific public IP addresses or IP ranges, run cognitiveservices account network-rule add command (Windows/macOS/Linux) to add a network rule for an individual IPv4 address or IPv4 address range:

az cognitiveservices account network-rule add
  --resource-group "cloud-shell-storage-westeurope"
  --name "tm-openai-project5-instance"
  --ip-address "192.168.0.1"

10 The command output should return the information available for the configured OpenAI service instance:

{
	"id": "/subscriptions/abcd1234-abcd-1234-abcd-1234abcd1234/resourceGroups/cloud-shell-storage-westeurope/providers/Microsoft.CognitiveServices/accounts/tm-openai-project5-instance",
	"identity": {
		"principalId": "abcd1234-abcd-1234-abcd-1234abcd1234",
		"tenantId": "abcd1234-abcd-1234-abcd-1234abcd1234",
		"type": "SystemAssigned",
	},
	"kind": "OpenAI",
	"location": "westus",
	"name": "tm-openai-project5-instance",
	"properties": {
		"encryption": {
		}

		...

		"isMigrated": false,
		"locations": null,
		"migrationToken": null,
		"networkAcls": {
			"defaultAction": "Deny",
			"ipRules": [
				{
					"value": "192.168.0.1"
				}
			],
			"virtualNetworkRules": [
				{
					"id": "/subscriptions/abcd1234-abcd-1234-abcd-1234abcd1234/resourceGroups/cloud-shell-storage-westeurope/providers/Microsoft.Network/virtualNetworks/tm-project5-vnet/subnets/tm-vnet-subnet-001",
					"ignoreMissingVnetServiceEndpoint": true,
					"resourceGroup": "cloud-shell-storage-westeurope",
					"state": null
				}
			]
		},

		...

		"privateEndpointConnections": [],
		"provisioningState": "Succeeded",
		"publicNetworkAccess": "Disabled",
		"quotaLimit": null,
		"restore": null,
		"restrictOutboundNetworkAccess": null,
		"scheduledPurgeDate": null,
		"skuChangeInfo": null,
		"userOwnedStorage": null
	},
	"resourceGroup": "cloud-shell-storage-westeurope",
	"type": "Microsoft.CognitiveServices/accounts"
}

11 Repeat steps no. 3 - 10 for each Azure OpenAI instance that you want to configure, available in the selected Azure subscription.

12 Repeat steps no. 1 – 11 for each subscription available in your Microsoft Azure cloud account.

References

Azure Official Documentation
Azure AI services security
Configure Azure AI services virtual networks (portal)
Configure Azure AI services virtual networks (azure-cli)

Azure Command Line Interface (CLI) Documentation
az cognitiveservices account list
az cognitiveservices account show
az resource update
az network vnet subnet update
az cognitiveservices account network-rule add

Publication date Jun 21, 2024

Audit

Using Azure Console

Using Azure CLI

Remediation / Resolution

Using Azure Console

Using Azure CLI

References

Related AIServices rules