You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/ai-studio/how-to/built-in-policy-model-deployment.md
+9-7Lines changed: 9 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,7 +6,7 @@ author: Blackmist
6
6
ms.author: larryfr
7
7
ms.service: azure-ai-studio
8
8
ms.topic: how-to #Don't change
9
-
ms.date: 10/02/2024
9
+
ms.date: 10/25/2024
10
10
11
11
#customer intent: As an admin, I want control what Managed AI Services (MaaS) and Model-as-a-Platform (MaaP) AI models can be deployed by my developers.
12
12
@@ -25,19 +25,21 @@ Azure Policy provides built-in policy definitions that help you govern the deplo
25
25
## Enable the policy
26
26
27
27
1. From the [Azure portal](https://portal.azure.com), select **Policy** from the left side of the page. You can also search for **Policy** in the search bar at the top of the page.
28
-
1. From the left side of the Azure Policy Dashboard, select **Authoring**, **Definition**, and then search for "[Preview]: Azure Machine Learning Deployments should only use approved Registry Models" in the search bar within the page. You can also directly navigate to policy definition creation page by clicking [here](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F12e5dd16-d201-47ff-849b-8454061c293d).
29
-
1.Click on **Assign** to assign the policy to the appropiate management group:
28
+
1. From the left side of the Azure Policy Dashboard, select **Authoring**, **Definition**, and then search for "[Preview]: Azure Machine Learning Deployments should only use approved Registry Models" in the search bar within the page. You can also directly navigate to [policy definition creation page](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F12e5dd16-d201-47ff-849b-8454061c293d).
29
+
1.Select on **Assign** to assign the policy to the management group:
30
30
31
31
-**Scope**: Select the scope where you want to assign the policy. The scope can be a management group, subscription, or resource group.
32
-
-**Policy definition**: this section should be pre-filled by "**[Preview]: Azure Machine Learning Deployments should only use approved Registry Models**".
32
+
-**Policy definition**: this section should already have a value of "**[Preview]: Azure Machine Learning Deployments should only use approved Registry Models**".
33
33
-**Assignment name**: Enter a unique name for the assignment.
34
34
35
35
The rest of the fields can be left as their default values or you can customize as needed for your organization.
36
36
37
37
1. Select **Next** at the bottom of the page or the **Parameters** tab at the top of the page.
38
-
1. In the **Parameters** tab, un-check "Only show parameteres that needs input 0or review" to see all fields:
38
+
1. In the **Parameters** tab, deselect **Only show parameters that needs input or review** to see all fields:
39
39
40
-
-**Effect**: ensure these is filed is set to [**Deny**](/azure/governance/policy/concepts/effect-deny). Note: [audits](/azure/governance/policy/concepts/effect-audit) option allows you to configure the policy to log information to your own compliance dashboard.
40
+
-**Effect**: Set to [**Deny**](/azure/governance/policy/concepts/effect-deny).
41
+
> [!NOTE]
42
+
> Using the [audit](/azure/governance/policy/concepts/effect-audit) option allows you to configure the policy to log information to your own compliance dashboard.
41
43
-**Allowed Models Publishers**: This field expects a list of **publisher's name** in quotation and separated by commas.
42
44
-**Allowed Asset Ids**: This field expects a list of **model asset ids** in quotation and separated by commas.
43
45
@@ -46,7 +48,7 @@ Azure Policy provides built-in policy definitions that help you govern the deplo
46
48
1. Go to the [Azure AI Studio model catalog](model-catalog-overview.md).
47
49
48
50
49
-
1. For each model you want to allow, select the model to view the details. In the model detail information, copy the **Model ID** value. For example, the value might look like `azureml://registries/azure-openai/models/gpt-35-turbo/versions/3` for GPT-3.5-Turbo model. The provide names are also "Collections" in model catalog. for instance, publisher for "Meta-Llama-3.1-70B-Instruct" model is Meta.
51
+
1. For each model you want to allow, select the model to view the details. In the model detail information, copy the **Model ID** value. For example, the value might look like `azureml://registries/azure-openai/models/gpt-35-turbo/versions/3` for GPT-3.5-Turbo model. The provided names are also *Collections* in model catalog. For example, the publisher for "Meta-Llama-3.1-70B-Instruct" model is Meta.
50
52
51
53
> [!IMPORTANT]
52
54
> The model ID value must be an exact match for the model. If the model ID is not an exact match, the model won't be allowed.
0 commit comments