You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/defender-for-cloud/gain-end-user-context-ai.md
+9-7Lines changed: 9 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -26,11 +26,13 @@ To receive AI security alerts with more context, you can add any or all of the f
26
26
27
27
All of the fields in the `SecurityContext` are optional, but we recommended, at a minimum, passing the `EndUserId` and `SourceIP` fields. The `EndUserId` and `SourceIP` fields provide Security Operations Center (SOC) analysts the ability to investigate security incidents that involve AI resources and generative AI applications. For examples, see the [SecurityContext schema](#securitycontext-schema).
28
28
29
+
The Azure OpenAI API call will be successful
30
+
29
31
If a field’s name is misspelled, the Azure OpenAI API call will still succeed. No validation of the `SecurityContext` schema is required to pass through the Azure OpenAI user field. Application developers should ensure that a valid JSON is passed to the `user` field in every request made by the application to Azure OpenAI.
30
32
31
33
## SecurityContext schema
32
34
33
-
The provided schema consists of the `SecurityContext`object which contains several parameters that describe the application itself, and the end user that interacts with the application. These fields assist your security operations teams to investigate and mitigate security incidents by providing a comprehensive approach to protecting your AI applications.
35
+
The provided schema consists of the `SecurityContext`objects that contains several parameters that describe the application itself, and the end user that interacts with the application. These fields assist your security operations teams to investigate and mitigate security incidents by providing a comprehensive approach to protecting your AI applications.
34
36
35
37
- End used ID
36
38
- End user type
@@ -41,11 +43,11 @@ The provided schema consists of the `SecurityContext` object which contains seve
41
43
42
44
| Field name | Type | Description | Optional | Example |
| EndUserId | string | Acts as a unique identifier for the end user within the generative AI application, in case AAD authorization is used to authenticate end-users in the generative AI application, this should be Microsoft Entra (previously known as Azure Active Directory) user object id, otherwise this can be a GUID or some other identifier that is uniquely identifying the user. | Yes | 1234a123-12a3-1234-1ab2-a1b2c34d56e |
45
-
| EndUserIdType | string | Specifies the type of end user identifier. It should be set to AAD when using Microsoft Entra (previously known as Azure Active Directory) user object ID. | Yes, unless EndUserId is passed, in that case this must be set to proper value. |AAD, Google, Other |
46
-
| EndUserTenantId | string | This property specifies the Microsoft 365 tenant id the end user belongs to. It is required when the generative AI application is multi-tenant and end users from different tenants can login. | Yes | 1234a123-12a3-1234-1ab2-a1b2c34d56e |
47
-
| SourceIP | string | Captures the IP address of the client as seen directly by the server. It represents the most immediate client IP address that made the connection to the server. If the client connects through a proxy or load balancer, SourceIP will be the IP address of that proxy or load balancer, not the original client's IP address: <br> - ASP.NET: HttpContext.Connection.RemoteIpAddress <br> - Python: request.remote_addr | Yes | 12.34.567.891, 1234:1:123a:123:1a2b:ab1:ab1c:ab12|
48
-
| SourceRequestHeaders | Dictionary<string, string> | Captures a subset of end user's request headers that are added by proxies or load balancers. Headers like X-Forwarded-For, X-Real-IP, or Forwarded are used by Microsoft Defender for Cloud to get the original client's IP address. User-Agent header will provide context about the client software initiating the API request. <br><br> Recommended header names include: User-Agent, X-Forwarded-For, X-Real-IP, Forwarded, CF-Connecting-IP, True-Client-IP, X-Client-IP, X-Forwarded, Forwarded-For | Yes | - |
46
+
| EndUserId | string | Acts as a unique identifier for the end user within the generative AI application. If Microsoft Entra ID authorization is used to authenticate end-users in the generative AI application, this should be a Microsoft Entra ID (previously known as Microsoft Entra ID) user object ID, otherwise this can be a GUID or some other identifier that uniquely identify the user. | Yes | 1234a123-12a3-1234-1ab2-a1b2c34d56e |
47
+
| EndUserIdType | string | Specifies the type of end user identifier. It should be set to Microsoft Entra ID when using Microsoft Entra (previously known as Microsoft Entra ID) user object ID. | Yes, unless EndUserId is passed, in that case this must be set to proper value. |Microsoft Entra ID, Google, Other |
48
+
| EndUserTenantId | string | This property specifies the Microsoft 365 tenant ID the end user belongs to. It's required when the generative AI application is multitenant and end users from different tenants can sign-in. | Yes | 1234a123-12a3-1234-1ab2-a1b2c34d56e |
49
+
| SourceIP | string | Captures the IP address of the client as seen directly by the server. It represents the most immediate client IP address that made the connection to the server. If the client connects through a proxy or load balancer, SourceIP is the IP address of that proxy or load balancer, not the original client's IP address: <br> - ASP.NET: HttpContext.Connection.RemoteIpAddress <br> - Python: request.remote_addr | Yes | 12.34.567.891, 1234:1:123a:123:1a2b:ab1:ab1c:ab12|
50
+
| SourceRequestHeaders | Dictionary<string, string> | Captures a subset of end user's request headers that proxies or load balancers add. Headers like X-Forwarded-For, X-Real-IP, or Forwarded are used by Microsoft Defender for Cloud to get the original client's IP address. User-Agent headers provide context about the client software initiating the API request. <br><br> Recommended header names include: User-Agent, X-Forwarded-For, X-Real-IP, Forwarded, CF-Connecting-IP, True-Client-IP, X-Client-IP, X-Forwarded, Forwarded-For | Yes | - |
49
51
| ApplicationName | string | The name of the application, used for identification and UI purposes. | Yes | Contoso HR Copilot, Customer sales chat bot. |
50
52
51
53
## Add the SecurityContext to your application
@@ -68,7 +70,7 @@ We recommend adding all of the parameters provided in this document to your gene
68
70
69
71
1. Save the changes.
70
72
71
-
Once you have added the code and saved your changes, ensure that a valid JSON is passed to the 'user' field in every request made by the application to Azure OpenAI.
73
+
After following the procedure, you should ensure that a valid JSON is passed to the `user` field in every request made by the application to Azure OpenAI.
0 commit comments