You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/ai-studio/how-to/built-in-policy-model-deployment.md
+10-8Lines changed: 10 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -25,31 +25,33 @@ Azure Policy provides built-in policy definitions that help you govern the deplo
25
25
## Enable the policy
26
26
27
27
1. From the [Azure portal](https://portal.azure.com), select **Policy** from the left side of the page. You can also search for **Policy** in the search bar at the top of the page.
28
-
1. From the left side of the Azure Policy Dashboard, select **Authoring**, **Assignments**, and then select **Assign policy** from the top of the page.
29
-
1.In the**Policy Assignment**form, use the following values:
28
+
1. From the left side of the Azure Policy Dashboard, select **Authoring**, **Definition**, and then search for "[Preview]: Azure Machine Learning Deployments should only use approved Registry Models" in the search bar within the page. You can also directly navigate to policy definition creation page by clicking [here](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F12e5dd16-d201-47ff-849b-8454061c293d).
29
+
1.Click on**Assign**to assign the policy to the appropiate management group:
30
30
31
31
-**Scope**: Select the scope where you want to assign the policy. The scope can be a management group, subscription, or resource group.
32
-
-**Policy definition**: Select the ellipse (...) and search for **Allowed models for AI model deployment**. Select the policy definition from the list. For example, **Allowed models for AI model deployment in MaaS and MaaP**.
32
+
-**Policy definition**: this section should be pre-filled by "**[Preview]: Azure Machine Learning Deployments should only use approved Registry Models**".
33
33
-**Assignment name**: Enter a unique name for the assignment.
34
34
35
35
The rest of the fields can be left as their default values or you can customize as needed for your organization.
36
36
37
37
1. Select **Next** at the bottom of the page or the **Parameters** tab at the top of the page.
38
-
1. In the **Parameters** tab, use the following fields:
38
+
1. In the **Parameters** tab, un-check "Only show parameteres that needs input 0or review" to see all fields:
39
39
40
-
-**Allowed models**: This field expects the **model ID strings**, separated by commas. To get the model ID strings, use the following steps:
40
+
-**Effect**: ensure these is filed is set to [**Deny**](/azure/governance/policy/concepts/effect-deny). Note: [audits](/azure/governance/policy/concepts/effect-audit) option allows you to configure the policy to log information to your own compliance dashboard.
41
+
-**Allowed Models Publishers**: This field expects a list of **publisher's name** in quotation and separated by commas.
42
+
-**Allowed Asset Ids**: This field expects a list of **model asset ids** in quotation and separated by commas.
43
+
44
+
To get the model asset ID strings and model publishers' name use the following steps:
41
45
42
46
1. Go to the [Azure AI Studio model catalog](model-catalog-overview.md).
43
47
44
48
45
-
1. For each model you want to allow, select the model to view the details. In the model detail information, copy the **Model ID** value. For example, the value might look like `azureml://registries/azure-openai/models/gpt-35-turbo/versions/3`.
49
+
1. For each model you want to allow, select the model to view the details. In the model detail information, copy the **Model ID** value. For example, the value might look like `azureml://registries/azure-openai/models/gpt-35-turbo/versions/3` for GPT-3.5-Turbo model. The provide names are also "Collections" in model catalog. for instance, publisher for "Meta-Llama-3.1-70B-Instruct" model is Meta.
46
50
47
51
> [!IMPORTANT]
48
52
> The model ID value must be an exact match for the model. If the model ID is not an exact match, the model won't be allowed.
49
53
50
-
-**Effect**: This field determines whether the policy [audits](/azure/governance/policy/concepts/effect-audit) or [denies](/azure/governance/policy/concepts/effect-deny) the use of the models listed in the **Allowed models** field.
51
54
52
-
1. Optionally, select the **Non-compliance messages** tab at the top of the page and set a custom message for noncompliance.
53
55
1. Select **Review + create** tab and verify that the policy assignment is correct. When ready, select **Create** to assign the policy.
54
56
1. Notify your developers that the policy is in place. They receive an error message if they try to deploy a model that isn't in the list of allowed models.
0 commit comments