Fix AML CMK enabled policy to not flag project workspace kinds

Azure · Aug 29, 2024 · 8632d21 · 8632d21
1 parent 76dc6a3
commit 8632d21
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 6 deletions.
diff --git a/...icies/policyDefinitions/Azure Government/Machine Learning/Workspace_CMKEnabled_Audit.json b/...icies/policyDefinitions/Azure Government/Machine Learning/Workspace_CMKEnabled_Audit.json
@@ -5,10 +5,10 @@
     "mode": "Indexed",
     "description": "Manage encryption at rest of Azure Machine Learning workspace data with customer-managed keys. By default, customer data is encrypted with service-managed keys, but customer-managed keys are commonly required to meet regulatory compliance standards. Customer-managed keys enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more at https://aka.ms/azureml-workspaces-cmk.",
     "metadata": {
-      "version": "1.0.3",
+      "version": "1.0.4",
       "category": "Machine Learning"
     },
-    "version": "1.0.3",
+    "version": "1.0.4",
     "parameters": {
       "effect": {
         "type": "String",
@@ -31,6 +31,12 @@
             "field": "type",
             "equals": "Microsoft.MachineLearningServices/workspaces"
           },
+          {
+            "not": {
+              "field": "Microsoft.MachineLearningServices/workspaces/kind",
+              "equals": "project"
+            }
+          },
           {
             "not": {
               "field": "Microsoft.MachineLearningServices/workspaces/encryption.status",
@@ -44,7 +50,7 @@
       }
     },
     "versions": [
-      "1.0.3"
+      "1.0.4"
     ]
   },
   "id": "/providers/Microsoft.Authorization/policyDefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8",

diff --git a/built-in-policies/policyDefinitions/Machine Learning/Workspace_CMKEnabled_Audit.json b/built-in-policies/policyDefinitions/Machine Learning/Workspace_CMKEnabled_Audit.json
@@ -5,10 +5,10 @@
     "mode": "Indexed",
     "description": "Manage encryption at rest of Azure Machine Learning workspace data with customer-managed keys. By default, customer data is encrypted with service-managed keys, but customer-managed keys are commonly required to meet regulatory compliance standards. Customer-managed keys enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more at https://aka.ms/azureml-workspaces-cmk.",
     "metadata": {
-      "version": "1.0.3",
+      "version": "1.0.4",
       "category": "Machine Learning"
     },
-    "version": "1.0.3",
+    "version": "1.0.4",
     "parameters": {
       "effect": {
         "type": "String",
@@ -31,6 +31,12 @@
             "field": "type",
             "equals": "Microsoft.MachineLearningServices/workspaces"
           },
+          {
+            "not": {
+              "field": "Microsoft.MachineLearningServices/workspaces/kind",
+              "equals": "project"
+            }
+          },
           {
             "not": {
               "field": "Microsoft.MachineLearningServices/workspaces/encryption.status",
@@ -44,7 +50,7 @@
       }
     },
     "versions": [
-      "1.0.3"
+      "1.0.4"
     ]
   },
   "id": "/providers/Microsoft.Authorization/policyDefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8",