You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/ai-foundry/how-to/develop/planning.md
+4-3Lines changed: 4 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -65,18 +65,18 @@ For most use cases, Contoso does **not use CMK**, relying on Microsoft-managed
65
65
66
66
Effective access management is foundational to a secure and scalable AI Foundry setup.
67
67
68
-
- Define required access roles and responsibilities:
68
+
-**Define required access roles and responsibilities**
69
69
- Identify which user groups require access to various aspects of the AI Foundry environment.
70
70
- Assign built-in or custom Azure RBAC roles based on responsibilities such as:
71
71
- Account owner: Manage top-level configurations such as security and shared resource connections.
72
72
- Project Managers: Create and manage AI Foundry projects and their contributors.
73
73
- Project Users: contribute to existing projects.
74
-
- Determine Access Scope
74
+
-**Determine access scope**
75
75
- Choose the appropriate scope for access assignments:
76
76
- Subscription level: broadest access, typically suitable for central IT or platform teams or smaller organizations.
77
77
- Resource group level: Useful for grouping related resources with shared access policies. For example, an Azure Function that follows the same application lifecycle as your AI Foundry environment.
78
78
- Resource or project level: Ideal for fine-grained control, especially when dealing with sensitive data or enabling self-service.
79
-
- Align Identity Strategy
79
+
-**Align identity strategy**
80
80
- For data sources and tools integrated with AI Foundry, determine whether users should authenticate using:
81
81
- Using managed identities or API key: suitable for automated services and shared access across users.
82
82
- User identities: Preferred when user-level accountability or auditability is required.
@@ -137,6 +137,7 @@ A hub resource is deployed side-by-side with your AI Foundry resource and takes
137
137
- Customer-Managed Keys (CMK): [Customer-managed keys in Azure AI Foundry](../../concepts/encryption-keys-portal.md)
138
138
- Authentication & RBAC: [Role-based access control in Azure AI Foundry](../../concepts/rbac-azure-ai-foundry.md)
139
139
- Sample Templates: [Create an AI Foundry hub using a Bicep template](../create-azure-ai-hub-template.md)
140
+
-[Recover or purge deleted Azure AI Foundry resources](../../../ai-services/recover-purge-resources.md)
140
141
141
142
### Establish Connectivity with Other Azure Services
0 commit comments