diff --git a/.github/workflows/translate.yml b/.github/workflows/translate.yml index e7c77cc30..3a79d7d01 100644 --- a/.github/workflows/translate.yml +++ b/.github/workflows/translate.yml @@ -67,7 +67,7 @@ jobs: # Update the timestamp in the modified file python3 ./scripts/timestamp_checklist.py --input-file $input_file # Translate modified file - # python3 ./scripts/translate.py --input-file $input_file + python3 ./scripts/translate.py --input-file $input_file fi done diff --git a/CODEOWNERS b/CODEOWNERS index 661ee250c..16a344f71 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -6,7 +6,7 @@ # @global-owner1 and @global-owner2 will be requested for # review when someone opens a pull request. # * @global-owner1 @global-owner2 -* @erjosito @sdolgin +* @erjosito @sdolgin @mbilalamjad # Order is important; the last matching pattern takes the most # precedence. When someone opens a pull request that only @@ -28,8 +28,9 @@ # In this example, @doctocat owns any files in the build/logs # directory at the root of the repository and any of its # subdirectories. -/checklists/ @erjosito @sdolgin +/checklists/ @erjosito @sdolgin @mbilalamjad /checklists/alz_checklist.en.json @Azure/fta-alz-vteam @Azure/alz-checklist-contributors +/checklists/ai_lz_checklist.en.json @mbilalamjad @prwani /checklists/cost_checklist.en.json @brmoreir @pea-ms /checklists/aks_checklist.en.json @erjosito @seenu433 @msftnadavbh /checklists/aro_checklist.en.json @msftnadavbh @naioja @erjosito diff --git a/README.md b/README.md index e21537c76..d0f67f741 100644 --- a/README.md +++ b/README.md @@ -24,7 +24,8 @@ Summary of checklists supported and the respective responsible owners: | Checklist | Status | CodeOwners | | --- | --- | --- | -| ALZ | GA | FTA-ALZ-vTeam, ALZ-checklist-contributors | +| Azure Landing Zone | GA | FTA-ALZ-vTeam, ALZ-checklist-contributors | +| AI Landing Zone | Preview | [@mbilalamjad](https://github.com/mbilalamjad) [@prwani](https://github.com/prwani) | | WAF | GA | Dynamically generated | | AKS | GA | [@msftnadavbh](https://github.com/msftnadavbh) [@seenu433](https://github.com/seenu433) [@erjosito](https://github.com/erjosito) | | ARO | Preview | [@msftnadavbh](https://github.com/msftnadavbh) [@naioja](https://github.com/naioja) [@erjosito](https://github.com/erjosito) | diff --git a/checklists/ai_lz_checklist.en.json b/checklists/ai_lz_checklist.en.json new file mode 100644 index 000000000..f7f380bb3 --- /dev/null +++ b/checklists/ai_lz_checklist.en.json @@ -0,0 +1,2025 @@ +{ + "items": [ + { + "category": "Application Deployment", + "subcategory": "Data Classification", + "text": "Establish a version control process for grounding data, for example, in RAG.", + "waf": "Operations", + "service": "Azure DevOps", + "guid": "20a734fb-ca83-4ce0-b3a7-935a00b2e9b9", + "id": "AI.1", + "severity": "Low" + }, + { + "category": "Application Deployment", + "subcategory": "DevOps", + "text": "Use a CI/CD pipeline to deploy IaC artifacts and ensure the quality of your deployment and Azure environments.", + "waf": "Operations", + "service": "Azure DevOps", + "guid": "9af60e0a-1111-4885-82e2-f9575581673f", + "id": "AI.2", + "severity": "Medium", + "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/considerations/infrastructure-as-code" + }, + { + "category": "Application Deployment", + "subcategory": "DevOps", + "text": "Include unit tests for IaC and application code as part of your build process.", + "waf": "Operations", + "service": "NA", + "guid": "004a958f-9f9b-4e05-bcb3-d58369936a80", + "id": "AI.3", + "severity": "Low", + "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/considerations/development-strategy-development-lifecycle" + }, + { + "category": "Application Deployment", + "subcategory": "DevOps", + "text": "Leverage Declarative Infrastructure as Code Tools such as Azure Bicep, ARM Templates or Terraform to maintain your Azure AI Landing Zone.", + "waf": "Operations", + "service": "NA", + "guid": "244b82ee-0144-429a-bb80-412941090968", + "id": "AI.4", + "severity": "Low", + "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/considerations/infrastructure-as-code" + }, + { + "category": "BC and DR", + "subcategory": "Data Protection", + "text": "Implement multi-region deployments to ensure high availability and resiliency for Azure AI Foundry.", + "waf": "Reliability", + "service": "Azure AI Foundry", + "guid": "79157dd1-32b2-4b9f-9cf6-bf2704733a00", + "id": "AI.5", + "severity": "Medium", + "link": "https://learn.microsoft.com/azure/ai-studio/how-to/disaster-recovery" + }, + { + "category": "BC and DR", + "subcategory": "Data Protection", + "text": "Implement multi-region deployments to ensure high availability and resiliency for Azure Machine Learning.", + "waf": "Reliability", + "service": "Azure Machine Learning", + "guid": "96326612-1e4f-44f6-9d49-2c68234eb64d", + "id": "AI.6", + "severity": "Medium", + "link": "https://learn.microsoft.com/azure/machine-learning/how-to-high-availability-machine-learning" + }, + { + "category": "BC and DR", + "subcategory": "Data Protection", + "text": "Implement multi-region deployments to ensure high availability and resiliency for Azure Open AI", + "waf": "Reliability", + "service": "Azure Open AI", + "guid": "0a597728-1c21-4e11-9294-10c134ddd388", + "id": "AI.7", + "severity": "Medium", + "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/business-continuity-disaster-recovery" + }, + { + "category": "BC and DR", + "subcategory": "Multi-region architecture", + "text": "Deploy multiple OAI instances across regions", + "waf": "Reliability", + "service": "Azure OpenAI", + "guid": "5e39f541-accc-4d97-a376-bcdb3750ab2a", + "id": "AI.8", + "severity": "Low", + "link": "https://learn.microsoft.com/azure/architecture/ai-ml/architecture/baseline-openai-e2e-chat#azure-openai---reliability" + }, + { + "category": "BC and DR", + "subcategory": "Load balancing", + "text": "Implement retry & healthchecks with Gateway pattern like APIM", + "waf": "Reliability", + "service": "Azure OpenAI", + "guid": "b039da6d-55d7-4c89-8adb-107d5325af62", + "id": "AI.9", + "severity": "High", + "link": "https://learn.microsoft.com/azure/architecture/ai-ml/architecture/baseline-openai-e2e-chat#azure-openai---reliability" + }, + { + "category": "BC and DR", + "subcategory": "Quotas", + "text": "Ensure having adequate quotas of TPM & RPM for the workload", + "waf": "Reliability", + "service": "Azure OpenAI", + "guid": "5ca44e46-85e2-4223-ace8-bb12308ca5f1", + "id": "AI.10", + "severity": "Medium", + "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/quota?tabs=rest#introduction-to-quota" + }, + { + "category": "BC and DR", + "subcategory": "Load balancing", + "text": "Deploy separate fine tuned models across regions if finetuning is employed", + "waf": "Reliability", + "service": "Azure OpenAI", + "guid": "7f154e3a-a369-4282-ae7e-316183687a04", + "id": "AI.11", + "severity": "Medium", + "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/business-continuity-disaster-recovery" + }, + { + "category": "BC and DR", + "subcategory": "Data Backup and Disaster Recovery", + "text": "Regularly backup and replicate critical data to ensure data availability and recoverability in case of data loss or system failures. Leverage Azure's backup and disaster recovery services to protect your data.", + "waf": "Reliability", + "service": "Azure OpenAI", + "guid": "77a1f893-5bda-4433-84f2-4811633182ba", + "id": "AI.12", + "severity": "Medium", + "link": "https://learn.microsoft.com/azure/backup/backup-overview" + }, + { + "category": "BC and DR", + "subcategory": "SLA considerations", + "text": "Azure AI search service tiers should be choosen to have a SLA ", + "waf": "Reliability", + "service": "Azure OpenAI", + "guid": "95b96ad8-844c-4e3b-8b38-b876ba2cf204", + "id": "AI.13", + "severity": "High", + "graph": "resources | where type == 'microsoft.search/searchservices' | extend compliant = (sku.name != 'free' and properties.replicaCount >= 3) | project id, compliant", + "link": "https://learn.microsoft.com/azure/search/search-reliability" + }, + { + "category": "Cost Governance", + "subcategory": "Cost Management", + "text": "Verify PTU cost savings vs pay as you pricing for Azure OpenAI and OpenAI models.", + "waf": "Cost", + "service": "Azure OpenAI", + "guid": "4bfd472f-6860-4b27-a90c-a34b36b296cb", + "id": "AI.14", + "severity": "High", + "link": "https://learn.microsoft.com/azure/ai-services/openai/concepts/provisioned-throughput" + }, + { + "category": "Cost Governance", + "subcategory": "Cost Management", + "text": "Ensure the right and cost effective model is in use, unless the use case demands a more expensive model.", + "waf": "Cost", + "service": "Azure OpenAI", + "guid": "d59e6d68-eaa3-4eec-b2c9-f7bf55bea7f6", + "id": "AI.15", + "severity": "Medium", + "link": "https://learn.microsoft.com/azure/ai-services/openai/concepts/models?branch=main&tabs=python-secure" + }, + { + "category": "Cost Governance", + "subcategory": "Cost Management", + "text": "Allocate provisioning quotas for each model based on expected workloads to prevent unnecessary costs.", + "waf": "Cost", + "service": "Azure OpenAI", + "guid": "ec8f4d8c-98b0-4507-9213-3cafc4c2217e", + "id": "AI.16", + "severity": "Medium", + "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/quota?tabs=rest&branch=main" + }, + { + "category": "Cost Governance", + "subcategory": "Cost Management", + "text": "Use the right deployment type, global deployment offers lower cost-per-token pricing on certain GPT models.", + "waf": "Cost", + "service": "Azure OpenAI", + "guid": "3847ab4c-ce03-478f-bd89-caf0ec11b781", + "id": "AI.17", + "severity": "High", + "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/deployment-types" + }, + { + "category": "Cost Governance", + "subcategory": "Cost Management", + "text": "Choose the right hosting infrastructure, depending on your solution's needs e.g. managed endpoints, AKS or Azure App Service.", + "waf": "Cost", + "service": "NA", + "guid": "dfe64294-9fc5-4b98-a3dc-7cc7b07621c0", + "id": "AI.18", + "severity": "Medium" + }, + { + "category": "Cost Governance", + "subcategory": "Cost Management", + "text": "Define and enforce a policy to automatically shutdown Azure AI Foundry and Azure Machine Learning compute instances.", + "waf": "Cost", + "service": "Azure AI Foundry", + "guid": "187edf80-5592-41ca-b65c-c804e56f7394", + "id": "AI.19", + "severity": "Low", + "link": "https://github.com/Azure/Community-Policy/tree/main/policyDefinitions/Compute/deploy-vm-auto-shutdown" + }, + { + "category": "Cost Governance", + "subcategory": "Cost Management", + "text": "Configure 'Actual' and 'Forecasted' Budget Alerts.", + "waf": "Cost", + "service": "Azure Cost Management", + "guid": "15912c2a-babb-4b9f-9dc3-73c1489472dd", + "id": "AI.20", + "severity": "Medium", + "link": "https://learn.microsoft.com/azure/cost-management-billing/costs/tutorial-acm-create-budgets?bc=%2Fazure%2Fcloud-adoption-framework%2F_bread%2Ftoc.json&toc=%2Fazure%2Fcloud-adoption-framework%2Ftoc.json" + }, + { + "category": "Cost Governance", + "subcategory": "Token Optimization", + "text": "Use prompt compression tools like LLMLingua or gprtrim", + "waf": "Cost", + "service": "Azure OpenAI", + "guid": "7f42c78e-78cb-46a2-8ad1-90916e6a8d8f", + "id": "AI.21", + "severity": "Medium", + "link": "https://www.microsoft.com/research/blog/llmlingua-innovating-llm-efficiency-with-prompt-compression/" + }, + { + "category": "Cost Governance", + "subcategory": "Token Optimization", + "text": "Use tiktoken to understand token sizes for token optimizations in conversational mode", + "waf": "Cost", + "service": "Azure OpenAI", + "guid": "adfe27be-e297-401a-a352-baaab79b088d", + "id": "AI.22", + "severity": "High", + "link": "https://github.com/openai/tiktoken" + }, + { + "category": "Cost Governance", + "subcategory": "Cost familiarization", + "text": "Understand difference in cost of base models and fine tuned models and token step sizes", + "waf": "Cost", + "service": "Azure OpenAI", + "guid": "d3cd21bf-7703-46e5-b6b4-bed3d503547c", + "id": "AI.23", + "severity": "Medium", + "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/manage-costs#base-series-and-codex-series-fine-tuned-models" + }, + { + "category": "Cost Governance", + "subcategory": "Batch processing", + "text": "Batch requests, where possible, to minimize the per-call overhead which can reduce overall costs. Ensure you optimize batch size", + "waf": "Cost", + "service": "Azure OpenAI", + "guid": "1347dc56-028a-471f-be1c-e15dd3f0d5e7", + "id": "AI.24", + "severity": "High", + "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/latency#batching" + }, + { + "category": "Cost Governance", + "subcategory": "Cost monitoring", + "text": "Set up a cost tracking system that monitors model usage and use that information to help inform model choices and prompt sizes", + "waf": "Cost", + "service": "Azure OpenAI", + "guid": "72d41e36-11cc-457b-9a4b-1410d43958a8", + "id": "AI.25", + "severity": "Medium", + "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/manage-costs" + }, + { + "category": "Cost Governance", + "subcategory": "Token limit", + "text": "Set a maximum limit on the number of tokens per model response (max_tokens and the number of completions to generate). Optimize the size to ensure it is large enough for a valid response", + "waf": "Cost", + "service": "Azure OpenAI", + "guid": "166cd072-af9b-4141-a898-a535e737897e", + "id": "AI.26", + "severity": "Medium", + "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/quota?tabs=rest#understanding-rate-limits" + }, + { + "category": "Cost Governance", + "subcategory": "Costing Model", + "text": "Evaluate usage of billing models - PAYG vs PTU. Start with PAYG and consider PTU when the usage is predictable in production since it offers dedicated memory and compute, reserved capacity, and consistent maximum latency for the specified model version", + "waf": "Cost", + "service": "Azure OpenAI", + "guid": "aa80932c-8ec9-4d1b-a770-26e5e6beba9e", + "id": "AI.27", + "severity": "High", + "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/provisioned-throughput-onboarding#understanding-the-provisioned-throughput-purchase-model" + }, + { + "category": "Cost Governance", + "subcategory": "Quota Management", + "text": "Consider Quota management practices. Use dynamic quota for certain use cases when your application can use extra capacity opportunistically or the application itself is driving the rate at which the Azure OpenAI API is called", + "waf": "Cost", + "service": "Azure OpenAI", + "guid": "d5f3547c-c346-4d81-9028-a71ffe1b9b5d", + "id": "AI.28", + "severity": "High", + "link": "https://techcommunity.microsoft.com/t5/fasttrack-for-azure/optimizing-azure-openai-a-guide-to-limits-quotas-and-best/ba-p/4076268" + }, + { + "category": "Cost Governance", + "subcategory": "Cost estimation", + "text": "Develop your cost model, considering prompt sizes. Understanding prompt input and response sizes and how text translates into tokens helps you create a viable cost model", + "waf": "Cost", + "service": "Azure OpenAI", + "guid": "72d41e36-11cc-457b-9a4b-1410d43958a9", + "id": "AI.29", + "severity": "Medium", + "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/manage-costs" + }, + { + "category": "Cost Governance", + "subcategory": "Model selection", + "text": "Consider model pricing and capabilities when you choose models. Start with less-costly models for less-complex tasks like text generation or completion tasks and for complex tasks like language translation or content understanding, consider using more advanced models. Optimize costs while still achieving the desired application performance", + "waf": "Cost", + "service": "Azure OpenAI", + "guid": "72d41e36-11cc-457b-9a4b-1410d43958a1", + "id": "AI.30", + "severity": "Medium", + "link": "https://azure.microsoft.com/pricing/details/cognitive-services/openai-service/" + }, + { + "category": "Cost Governance", + "subcategory": "Usage Optimization", + "text": "Maximize Azure OpenAI price breakpoints like fine-tuning and model breakpoints like image generation to your advantage. Fine-tuning is charged per hour, use as much time as you have available per hour to improve results without slipping into the next billing period. The cost for generating 100 images is the same as the cost for 1 image", + "waf": "Cost", + "service": "Azure OpenAI", + "guid": "72d41e36-11cc-457b-9a4b-1410d43958a2", + "id": "AI.31", + "severity": "Medium", + "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/manage-costs" + }, + { + "category": "Cost Governance", + "subcategory": "Usage Optimization", + "text": "Remove unused fine-tuned models when they're no longer being consumed to avoid incurring an ongoing hosting fee", + "waf": "Cost", + "service": "Azure OpenAI", + "guid": "72d41e36-11cc-457b-9a4b-1410d43958a3", + "id": "AI.32", + "severity": "Medium", + "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/manage-costs" + }, + { + "category": "Cost Governance", + "subcategory": "Token Optimization", + "text": "Create concise prompts that provide enough context for the model to generate a useful response. Also ensure that you optimize the limit of the response length.", + "waf": "Cost", + "service": "Azure OpenAI", + "guid": "7f42c78e-78cb-46a2-8ad1-90916e6a8d8g", + "id": "AI.33", + "severity": "Medium", + "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/manage-costs" + }, + { + "category": "Governance and Security", + "subcategory": "Threat Protection", + "text": "Implement threat protection for all AI models.", + "waf": "Security", + "service": "Microsoft Defender for Cloud", + "guid": "77f9dffe-09a6-4a2d-bc87-6598564d80aa", + "id": "AI.34", + "severity": "High", + "link": "https://learn.microsoft.com/azure/defender-for-cloud/ai-threat-protection" + }, + { + "category": "Governance and Security", + "subcategory": "Threat Protection", + "text": "Regularly inspect AI model output to detect and mitigate risks associated with malicious or unpredictable user prompts.", + "waf": "Security", + "service": "Azure AI Content Safety", + "guid": "3b5bf58d-c4b8-440d-b0fc-0ddb452bbc27", + "id": "AI.35", + "severity": "High", + "link": "https://learn.microsoft.com/azure/ai-services/content-safety/concepts/jailbreak-detection" + }, + { + "category": "Governance and Security", + "subcategory": "Threat Protection", + "text": "Establish company-wide verification mechanisms to ensure all AI models in use are legitimate and secure.", + "waf": "Security", + "service": "NA", + "guid": "ae9acafb-9675-4b4d-a2b5-03d809535fa7", + "id": "AI.36", + "severity": "High" + }, + { + "category": "Governance and Security", + "subcategory": "Access Management", + "text": "Use distinct workspaces to organize and manage AI artifacts like datasets, models, and experiments.", + "waf": "Security", + "service": "Azure AI Foundry", + "guid": "888d6799-0028-49bb-ab5f-e62541d6d364", + "id": "AI.37", + "severity": "High", + "link": "https://learn.microsoft.com/azure/ai-studio/concepts/ai-resources" + }, + { + "category": "Governance and Security", + "subcategory": "Risk Mitigation", + "text": "Use MITRE ATLAS, OWASP Machine Learning risk, and OWASP Generative AI risk to regularly evaluate risks across all AI workloads.", + "waf": "Security", + "service": "NA", + "guid": "2e76dec8-e54f-47b0-8b08-939e34611c6f", + "id": "AI.38", + "severity": "Medium", + "link": "https://genai.owasp.org/llm-top-10/" + }, + { + "category": "Governance and Security", + "subcategory": "Risk Mitigation", + "text": "Assess insider risk to sensitive data, across all AI workloads", + "waf": "Security", + "service": "Microsoft Purview", + "guid": "8c243a35-7a57-438a-8b48-73a7b2ce6a20", + "id": "AI.39", + "severity": "Low", + "link": "https://learn.microsoft.com/purview/insider-risk-management" + }, + { + "category": "Governance and Security", + "subcategory": "Risk Mitigation", + "text": "Perform AI threat modeling using frameworks like STRIDE to assess potential attack vectors for all AI workloads.", + "waf": "Security", + "service": "Microsoft Threat Modeling Tool", + "guid": "2fee0018-807e-44de-807c-e4a1aaecabba", + "id": "AI.40", + "severity": "Medium", + "link": "https://www.microsoft.com/securityengineering/sdl/threatmodeling" + }, + { + "category": "Governance and Security", + "subcategory": "Risk Mitigation", + "text": "Conduct red-team testing against generative AI models and nongenerative models to assess their vulnerability to attacks.", + "waf": "Security", + "service": "Azure OpenAI", + "guid": "c3566fc0-e457-4324-b61d-56f89403f895", + "id": "AI.41", + "severity": "Medium", + "link": "https://learn.microsoft.com/azure/ai-services/openai/concepts/red-teaming" + }, + { + "category": "Governance and Security", + "subcategory": "Risk Mitigation", + "text": "Maintaining a detailed and up-to-date inventory of your AI workload resources", + "waf": "Security", + "service": "Microsoft Defender for Cloud", + "guid": "de4b110e-eeb0-4cbf-b7e3-fa5cf40674b0", + "id": "AI.42", + "severity": "High", + "link": "https://learn.microsoft.com/azure/defender-for-cloud/identify-ai-workload-model" + }, + { + "category": "Governance and Security", + "subcategory": "Risk Mitigation", + "text": "Create a data sensitivity change management plan. Track data sensitivity levels as they can change over time.", + "waf": "Security", + "service": "NA", + "guid": "818a1055-9179-4a54-85f9-aaa2fc5cc993", + "id": "AI.43", + "severity": "Medium" + }, + { + "category": "Governance and Security", + "subcategory": "Risk Mitigation", + "text": "Safeguard sensitive data when required by using duplicates, local copies, or subsets that contain only the necessary information.", + "waf": "Security", + "service": "NA", + "guid": "05f2a394-f90b-4dd3-9402-248f3720fcf6", + "id": "AI.44", + "severity": "High" + }, + { + "category": "Governance and Security", + "subcategory": "Risk Mitigation", + "text": "Conduct rigorous tests to determine if sensitive data can be leaked or coerced through AI systems.", + "waf": "Security", + "service": "Azure AI Services", + "guid": "f320b81e-cceb-47f9-b6bb-7bd6f45e0732", + "id": "AI.45", + "severity": "High", + "link": "https://learn.microsoft.com/azure/ai-services/language-service/personally-identifiable-information/concepts/entity-categories" + }, + { + "category": "Governance and Security", + "subcategory": "Risk Mitigation", + "text": "Provide AI-focused employee training and awareness emphasizing the importance of data security and AI development best practices and deployment.", + "waf": "Security", + "service": "NA", + "guid": "b77c0824-c933-49ed-a9e1-41b5668c04fd", + "id": "AI.46", + "severity": "Medium" + }, + { + "category": "Governance and Security", + "subcategory": "Risk Mitigation", + "text": "Develop and maintain an incident response plan for AI security incidents.", + "waf": "Security", + "service": "NA", + "guid": "2fe19fb3-860a-403a-94e6-3b5eab341ff8", + "id": "AI.47", + "severity": "High" + }, + { + "category": "Governance and Security", + "subcategory": "Risk Mitigation", + "text": "Regularly evaluate emerging threats and vulnerabilities specific to AI through risk assessments and impact analyses.", + "waf": "Security", + "service": "NA", + "guid": "eafa85b5-ef4e-4bed-806a-96b09f0d0f29", + "id": "AI.48", + "severity": "High" + }, + { + "category": "Governance and Security", + "subcategory": "Risk Mitigation", + "text": "Enforce Customer Managed Keys for data at rest encryption via Azure Policy", + "waf": "Security", + "service": "NA", + "guid": "91c2b50a-3f81-480a-99b1-7e1ee9561712", + "id": "AI.49", + "severity": "Medium", + "link": "https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Enforce-Encryption-CMK.html" + }, + { + "category": "Governance and Security", + "subcategory": "Risk Mitigation", + "text": "Disable inferencing via Azure AI Foundry to prevent API Gateway bypass.", + "waf": "Security", + "service": "Azure AI Foundry", + "guid": "0fc6d1b2-cee1-4851-9a89-ab61a9802682", + "id": "AI.50", + "severity": "Medium" + }, + { + "category": "Governance and Security", + "subcategory": "Operations", + "text": "Use tools like Defender for Cloud to discover Gen AI workloads and explore AI artifacts risks such as vulnerable images & code repositories.", + "waf": "Security", + "service": "Microsoft Defender for Cloud", + "guid": "2db05c38-8c93-481e-84b0-8aa28b3bf7b2", + "id": "AI.51", + "severity": "High", + "link": "https://learn.microsoft.com/azure/defender-for-cloud/identify-ai-workload-model" + }, + { + "category": "Governance and Security", + "subcategory": "Operations", + "text": "Use Azure AI Content Safety to define a baseline content filter for your approved AI models.", + "waf": "Security", + "service": "Azure AI Content Safety", + "guid": "570e9d31-44ea-409e-a5a9-83bee922204d", + "id": "AI.52", + "severity": "High", + "link": "https://learn.microsoft.com/azure/ai-services/content-safety/overview" + }, + { + "category": "Governance and Security", + "subcategory": "Operations", + "text": "Test the effectiveness of grounding by using tools like prompt flow.", + "waf": "Performance", + "service": "Azure AI Foundry", + "guid": "6f50ef6a-2bb1-4aec-a633-96ad271cb42f", + "id": "AI.53", + "severity": "Medium", + "link": "https://learn.microsoft.com/azure/ai-studio/how-to/prompt-flow" + }, + { + "category": "Governance and Security", + "subcategory": "Operations", + "text": "Enable recommended alert rules to receive notifications of deviations that indicate a decline in workload health.", + "waf": "Operations", + "service": "Azure AI Search", + "guid": "ecfc0860-f3a8-4bef-98f2-8660c4eaca34", + "id": "AI.54", + "severity": "High", + "link": "https://learn.microsoft.com/azure/search/monitor-azure-cognitive-search" + }, + { + "category": "Governance and Security", + "subcategory": "Operations", + "text": "Use Azure Policy to control which services can be provisioned at the subscription/management group level.", + "waf": "Operations", + "service": "Microsoft cloud security benchmark", + "guid": "5cf51132-180a-488b-b6c6-4f905b2dc1b1", + "id": "AI.55", + "severity": "Medium", + "link": "https://learn.microsoft.com/security/benchmark/azure/mcsb-asset-management" + }, + { + "category": "Governance and Security", + "subcategory": "Security", + "text": "Limit client access to your AI service by enforcing security protocols like network controls, keys, and role-based access control (RBAC).", + "waf": "Security", + "service": "Azure AI Services", + "guid": "3e73d1c2-cc01-4953-95c5-2ec43cd9beed", + "id": "AI.56", + "severity": "High", + "link": "https://learn.microsoft.com/azure/ai-services/policy-reference" + }, + { + "category": "Governance and Security", + "subcategory": "Compliance", + "text": "Use Microsoft Purview Compliance Manager to assess and manage compliance across cloud environments.", + "waf": "Security", + "service": "Microsoft Purview", + "guid": "f28b4c3f-efd7-423c-9d5f-6aa8234690eb", + "id": "AI.57", + "severity": "Medium", + "link": "https://learn.microsoft.com/microsoft-365/compliance/compliance-manager-overview" + }, + { + "category": "Governance and Security", + "subcategory": "Compliance", + "text": "Use standards, such as ISO/IEC 23053:2022 to audit policies that are applied to your AI workloads.", + "waf": "Security", + "service": "NA", + "guid": "87288dca-d802-49fb-9c92-d027a9ffe90f", + "id": "AI.58", + "severity": "High" + }, + { + "category": "Governance and Security", + "subcategory": "Data Classification", + "text": "Use a tool like Microsoft Purview to implement a unified data catalog and classification system across your organization.", + "waf": "Security", + "service": "Microsoft Purview", + "guid": "6dc4dce7-5233-480f-8b24-1fa035682c97", + "id": "AI.59", + "severity": "Medium", + "link": "https://learn.microsoft.com/purview/unified-catalog?branch=main" + }, + { + "category": "Governance and Security", + "subcategory": "Data Classification", + "text": "Ensure that any data ingested into AI models is classified and vetted according to centralized standards.", + "waf": "Security", + "service": "NA", + "guid": "0ab50b4d-a903-4dc0-9437-3c075877fad8", + "id": "AI.60", + "severity": "Medium" + }, + { + "category": "Governance and Security", + "subcategory": "Data Classification", + "text": "Use a content filtering system like Protected material detection in Azure AI Content Safety to filter out copyrighted material.", + "waf": "Security", + "service": "Azure AI Content Safety", + "guid": "001bbabe-364c-4b0f-a667-760f47791726", + "id": "AI.61", + "severity": "High", + "link": "https://learn.microsoft.com/azure/ai-services/content-safety/concepts/protected-material?branch=main&tabs=text" + }, + { + "category": "Governance and Security", + "subcategory": "Authentication", + "text": "Use Microsoft Entra Authentication with Managed Identity instead of API Key", + "waf": "Security", + "service": "Azure OpenAI", + "guid": "4350d092-d234-4292-a752-8537a551c5bf", + "id": "AI.62", + "severity": "High", + "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/managed-identity" + }, + { + "category": "Governance and Security", + "subcategory": "Data Sensitivity", + "text": "Classify data and sensitivity, labeling with Microsoft Purview before generating the embeddings and make sure to treat the embeddings generated with same sensitivity and classification", + "waf": "Security", + "service": "Azure OpenAI", + "guid": "99013a5d-3ce4-474d-acbd-8682a6abca2a", + "id": "AI.63", + "severity": "Low", + "link": "https://learn.microsoft.com/purview/purview" + }, + { + "category": "Governance and Security", + "subcategory": "Encryption at Rest", + "text": "Encrypt data used for RAG with SSE/Disk encryption with optional BYOK", + "waf": "Security", + "service": "Azure OpenAI", + "guid": "4fda1dbf-3dd9-45d4-ac7c-891dca1f6d56", + "id": "AI.64", + "severity": "High", + "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/use-your-data-securely" + }, + { + "category": "Governance and Security", + "subcategory": "Transit Encryption", + "text": "Ensure TLS is enforced for data in transit across data sources, AI search used for Retrieval-Augmented Generation (RAG) and LLM communication", + "waf": "Security", + "service": "Azure OpenAI", + "guid": "59ae558b-937d-4498-9e11-12dbd7ba012f", + "id": "AI.65", + "severity": "High", + "link": "https://learn.microsoft.com/azure/search/search-security-overview" + }, + { + "category": "Governance and Security", + "subcategory": "Access Control", + "text": "Use RBAC to manage access to Azure OpenAI services. Assign appropriate permissions to users and restrict access based on their roles and responsibilities", + "waf": "Security", + "service": "Azure OpenAI", + "guid": "7b94ef6e-047d-42ea-8992-b1cd6e2054b2", + "id": "AI.66", + "severity": "High", + "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/role-based-access-control" + }, + { + "category": "Governance and Security", + "subcategory": "Data Masking and Redaction", + "text": "Implement data encryption, masking or redaction techniques to hide sensitive data or replace it with obfuscated values in non-production environments or when sharing data for testing or troubleshooting purposes", + "waf": "Security", + "service": "Azure OpenAI", + "guid": "9769e4a6-91e8-4838-ac93-6667e13c0056", + "id": "AI.67", + "severity": "Medium", + "link": "https://learn.microsoft.com/azure/security/fundamentals/data-encryption-best-practices" + }, + { + "category": "Governance and Security", + "subcategory": "Threat Detection and Monitoring", + "text": "Utilize Azure Defender to detect and respond to security threats and set up monitoring and alerting mechanisms to identify suspicious activities or breaches. Leverage Azure Sentinel for advanced threat detection and response", + "waf": "Security", + "service": "Azure OpenAI", + "guid": "74b1e945-b459-4837-be7a-d6c6d3b375a5", + "id": "AI.68", + "severity": "High", + "link": "https://learn.microsoft.com/azure/defender-for-cloud/ai-onboarding" + }, + { + "category": "Governance and Security", + "subcategory": "Data Retention and Disposal", + "text": "Establish data retention and disposal policies to adhere to compliance regulations. Implement secure deletion methods for data that is no longer required and maintain an audit trail of data retention and disposal activities", + "waf": "Security", + "service": "Azure OpenAI", + "guid": "c7acbe48-abe5-44cd-99f2-e87768468c55", + "id": "AI.69", + "severity": "Medium", + "link": "https://techcommunity.microsoft.com/t5/azure-storage-blog/managing-long-term-log-retention-or-any-business-data/ba-p/2494791" + }, + { + "category": "Governance and Security", + "subcategory": "Data Privacy and Compliance", + "text": "Ensure compliance with relevant data protection regulations, such as GDPR or HIPAA, by implementing privacy controls and obtaining necessary consents or permissions for data processing activities.", + "waf": "Security", + "service": "Azure OpenAI", + "guid": "a775c6ee-95b9-46ad-a844-ce3b2b38b876", + "id": "AI.70", + "severity": "High", + "link": "https://learn.microsoft.com/azure/compliance/" + }, + { + "category": "Governance and Security", + "subcategory": "Employee Awareness and Training", + "text": "Educate your employees about data security best practices, the importance of handling data securely, and potential risks associated with data breaches. Encourage them to follow data security protocols diligently.", + "waf": "Security", + "service": "Azure OpenAI", + "guid": "ba2cf204-9901-43a5-b3ce-474dccbd8682", + "id": "AI.71", + "severity": "Medium" + }, + { + "category": "Governance and Security", + "subcategory": "Environment segregation", + "text": "Keep production data separate from development and testing data. Only use real sensitive data in production and utilize anonymized or synthetic data in development and test environments.", + "waf": "Security", + "service": "Azure OpenAI", + "guid": "eae01e6e-842e-452f-9721-d928c1b1cd52", + "id": "AI.72", + "severity": "High" + }, + { + "category": "Governance and Security", + "subcategory": "Index Segregation", + "text": "If you have varying levels of data sensitivity, consider creating separate indexes for each level. For instance, you could have one index for general data and another for sensitive data, each governed by different access protocols", + "waf": "Security", + "service": "Azure OpenAI", + "guid": "1e54a29a-9de3-499c-bd7b-28dc93555620", + "id": "AI.73", + "severity": "Medium" + }, + { + "category": "Governance and Security", + "subcategory": "Sensitive Data in Separate Instances", + "text": "Take segregation a step further by placing sensitive datasets in different instances of the service. Each instance can be controlled with its own specific set of RBAC policies", + "waf": "Security", + "service": "Azure OpenAI", + "guid": "2bfe4564-b0d8-434a-948b-263e6dd60512", + "id": "AI.74", + "severity": "Medium" + }, + { + "category": "Governance and Security", + "subcategory": "Embedding and Vector handling", + "text": "Recognize that embeddings and vectors generated from sensitive information are themselves sensitive. This data should be afforded the same protective measures as the source material", + "waf": "Security", + "service": "Azure OpenAI", + "guid": "a36498f6-dbad-438e-ad53-cc7ce1d7aaab", + "id": "AI.75", + "severity": "High" + }, + { + "category": "Governance and Security", + "subcategory": "Access control", + "text": "Apply RBAC to th data stores having embeddings and vectors and scope access based on role's access requirements", + "waf": "Security", + "service": "Azure OpenAI", + "guid": "3571449a-b805-43d8-af89-dc7b33be2a1a", + "id": "AI.76", + "severity": "High", + "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/role-based-access-control" + }, + { + "category": "Governance and Security", + "subcategory": "Network security", + "text": "Configure private endpoint for AI services to restrict service access within your network", + "waf": "Security", + "service": "Azure OpenAI", + "guid": "27f7b9e9-1be1-4f38-aef3-9812bd463cbb", + "id": "AI.77", + "severity": "High", + "graph": "resources | where type =~ 'Microsoft.CognitiveServices/accounts' or type == 'microsoft.search/searchservices' | project id, compliant = (properties.privateEndpointConnections != '[]' and properties.publicNetworkAccess !~ 'enabled')", + "link": "https://techcommunity.microsoft.com/t5/azure-architecture-blog/azure-openai-private-endpoints-connecting-across-vnet-s/ba-p/3913325" + }, + { + "category": "Governance and Security", + "subcategory": "Network security", + "text": "Enforce strict inbound and outbound traffic control with Azure Firewall and UDRs and limit the external integration points", + "waf": "Security", + "service": "Azure OpenAI", + "guid": "ac8ac199-ebb9-41a3-9d90-cae2cc881370", + "id": "AI.78", + "severity": "High" + }, + { + "category": "Governance and Security", + "subcategory": "Control Network Access", + "text": "Implement network segmentation and access controls to restrict access to the LLM application only to authorized users and systems and prevent lateral movement", + "waf": "Security", + "service": "Azure OpenAI", + "guid": "6f7c0cba-fe51-4464-add4-57e927138b82", + "id": "AI.79", + "severity": "High" + }, + { + "category": "Governance and Security", + "subcategory": "Secure APIs and Endpoints", + "text": "Ensure that APIs and endpoints used by the LLM application are properly secured with authentication and authorization mechanisms, such as Managed identities, API keys or OAuth, to prevent unauthorized access.", + "waf": "Security", + "service": "Azure OpenAI", + "guid": "1102cac6-eae0-41e6-b842-e52f4721d928", + "id": "AI.80", + "severity": "High", + "graph": "resources | where type =~ 'Microsoft.CognitiveServices/accounts' or type == 'microsoft.search/searchservices' | project id, compliant = (isnotnull(identity))", + "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/managed-identity" + }, + { + "category": "Governance and Security", + "subcategory": "Implement Strong Authentication", + "text": "Enforce strong end user authentication mechanisms, such as multi-factor authentication, to prevent unauthorized access to the LLM application and associated network resources", + "waf": "Security", + "service": "Azure OpenAI", + "guid": "c1b1cd52-1e54-4a29-a9de-399cfd7b28dc", + "id": "AI.81", + "severity": "Medium", + "link": "https://techcommunity.microsoft.com/t5/azure-architecture-blog/security-best-practices-for-genai-applications-openai-in-azure/ba-p/4027885" + }, + { + "category": "Governance and Security", + "subcategory": "Use Network Monitoring", + "text": "Implement network monitoring tools to detect and analyze network traffic for any suspicious or malicious activities. Enable logging to capture network events and facilitate forensic analysis in case of security incidents", + "waf": "Security", + "service": "Azure OpenAI", + "guid": "93555620-2bfe-4456-9b0d-834a348b263e", + "id": "AI.82", + "severity": "Medium" + }, + { + "category": "Governance and Security", + "subcategory": "Security Audits and Penetration Testing", + "text": "Conduct security audits and penetration testing to identify and address any network security weaknesses or vulnerabilities in the LLM application's network infrastructure", + "waf": "Security", + "service": "Azure OpenAI", + "guid": "6dd60512-a364-498f-9dba-d38ead53cc7c", + "id": "AI.83", + "severity": "Medium" + }, + { + "category": "Governance and Security", + "subcategory": "Infrastructure Deployment", + "text": "Azure AI Services are properly tagged for better management", + "waf": "Operations", + "service": "Azure OpenAI", + "guid": "e1d7aaab-3571-4449-ab80-53d89f89dc7b", + "id": "AI.84", + "severity": "Low", + "graph": "resources | where type == 'microsoft.cognitiveservices/accounts' or type == 'microsoft.search/searchservices' | project id, compliant = (tags != '{}')", + "link": "https://learn.microsoft.com/azure/azure-resource-manager/management/tag-resources?tabs=json" + }, + { + "category": "Governance and Security", + "subcategory": "Infrastructure Deployment", + "text": "Azure AI Service accounts follows organizational naming conventions", + "waf": "Operations", + "service": "Azure OpenAI", + "guid": "77036e5e-6b4b-4ed3-b503-547c1347dc56", + "id": "AI.85", + "severity": "Low", + "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations" + }, + { + "category": "Governance and Security", + "subcategory": "Diagnostics Logging", + "text": "Diagnostic logs in Azure AI services resources should be enabled", + "waf": "Operations", + "service": "Azure OpenAI", + "guid": "028a71ff-e1ce-415d-b3f0-d5e772d41e36", + "id": "AI.86", + "severity": "High", + "link": "https://learn.microsoft.com/azure/ai-services/diagnostic-logging" + }, + { + "category": "Governance and Security", + "subcategory": "Secure Key Management", + "text": "Store and manage keys securely using Azure Key Vault. Avoid hard-coding or embedding sensitive keys within your LLM application's code and retrieve them securely from Azure Key Vault using managed identities", + "waf": "Security", + "service": "Azure OpenAI", + "guid": "6b57cfc6-5546-41e1-a3e3-453a3c863964", + "id": "AI.87", + "severity": "High", + "link": "https://learn.microsoft.com/azure/key-vault/general/best-practices" + }, + { + "category": "Governance and Security", + "subcategory": "Key Rotation and Expiration", + "text": "Regularly rotate and expire keys stored in Azure Key Vault to minimize the risk of unauthorized access.", + "waf": "Security", + "service": "Azure OpenAI", + "guid": "8b652d6c-15f5-4129-9539-8e6ded227dd1", + "id": "AI.88", + "severity": "High", + "link": "https://learn.microsoft.com/azure/key-vault/general/best-practices" + }, + { + "category": "Governance and Security", + "subcategory": "Secure coding practice", + "text": "Follow secure coding practices to prevent common vulnerabilities such as injection attacks, cross-site scripting (XSS), or security misconfigurations", + "waf": "Security", + "service": "Azure OpenAI", + "guid": "42b06c21-d799-49a6-96f4-389a7f42c78e", + "id": "AI.89", + "severity": "High", + "link": "https://learn.microsoft.com/azure/security/develop/secure-dev-overview" + }, + { + "category": "Governance and Security", + "subcategory": "Patching and updates", + "text": "Setup a process to regularly update and patch the LLM libraries and other system components", + "waf": "Security", + "service": "Azure OpenAI", + "guid": "78c06a73-a22a-4495-9e6a-8dc4a20e27c3", + "id": "AI.90", + "severity": "High", + "link": "https://learn.microsoft.com/azure/devops/repos/security/github-advanced-security-dependency-scanning?view=azure-devops" + }, + { + "category": "Governance and Security", + "subcategory": "Security Audits and Penetration Testing", + "text": "Red team your GenAI applications", + "waf": "Security", + "service": "Azure OpenAI", + "guid": "e737897e-71ca-47da-acfa-962a1594946d", + "id": "AI.91", + "severity": "Medium", + "link": "https://learn.microsoft.com/azure/ai-services/openai/concepts/red-teaming" + }, + { + "category": "Governance and Security", + "subcategory": "Key Management", + "text": "Use customer-managed keys for fine-tuned models and training data that's uploaded to Azure OpenAI", + "waf": "Security", + "service": "Azure OpenAI", + "guid": "9de0d5d7-31d4-41e3-911c-817bfafbc415", + "id": "AI.92", + "severity": "Medium", + "link": "https://learn.microsoft.com/azure/ai-services/openai/encrypt-data-at-rest" + }, + { + "category": "Governance and Security", + "subcategory": "Jailbreak protection", + "text": "Implement jailbreak risk detection to safeguard your language model deployments against prompt injection attacks", + "waf": "Security", + "service": "Azure OpenAI", + "guid": "9de0d5d7-31d4-41e3-911c-817bfafbc416", + "id": "AI.93", + "severity": "Medium", + "graph": "resources | where type == 'microsoft.cognitiveservices/accounts' and kind =~ 'contentsafety' | project id, compliant = 1", + "link": "https://learn.microsoft.com/azure/ai-services/content-safety/concepts/jailbreak-detection" + }, + { + "category": "Governance and Security", + "subcategory": "Quota exhaustion", + "text": "Use security controls like throttling, service isolation and gateway pattern to prevent attacks that might exhaust model usage quotas", + "waf": "Security", + "service": "Azure OpenAI", + "guid": "9de0d5d7-31d4-41e3-911c-817bfafbc417", + "id": "AI.94", + "severity": "Medium", + "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/monitor-openai" + }, + { + "category": "Identity and Access Management", + "subcategory": "Authentication", + "text": "Wherever possible, eliminate static API keys in favor of Microsoft Entra ID for authentication.", + "waf": "Security", + "service": "Azure OpenAI", + "guid": "10c1532e-5f7f-4d63-9887-44e219ab130a", + "id": "AI.95", + "severity": "High", + "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/managed-identity" + }, + { + "category": "Identity and Access Management", + "subcategory": "Authentication", + "text": "Enforce multi-factor authentication for any user with rights to the Azure environments.", + "waf": "Security", + "service": "Microsoft Entra", + "guid": "a7e20682-1bcf-4bde-927d-2bafd295bbc1", + "id": "AI.96", + "severity": "High", + "link": "https://learn.microsoft.com/azure/active-directory/authentication/concept-mfa-howitworks" + }, + { + "category": "Identity and Access Management", + "subcategory": "Authentication", + "text": "Enforce Microsoft Entra ID Privileged Identity Management (PIM) to establish zero standing access and least privilege.", + "waf": "Security", + "service": "Microsoft Entra", + "guid": "aae9d9e3-9ab0-4e30-b5da-184742112664", + "id": "AI.97", + "severity": "High", + "link": "https://learn.microsoft.com/azure/active-directory/privileged-identity-management/pim-configure" + }, + { + "category": "Identity and Access Management", + "subcategory": "Authentication", + "text": "Enforce Microsoft Entra ID Conditional Access policies for any user with rights to Azure environments.", + "waf": "Security", + "service": "Microsoft Entra", + "guid": "2daf1eb6-7084-4e03-8cdf-ee6d64bb4936", + "id": "AI.98", + "severity": "High", + "link": "https://learn.microsoft.com/azure/active-directory/conditional-access/overview" + }, + { + "category": "Identity and Access Management", + "subcategory": "Authentication", + "text": "Use Azure RBAC to manage data plane access to resources, if possible. E.g. Data Operations across Key Vault, Storage Account and Database Services.", + "waf": "Security", + "service": "Azure RBAC", + "guid": "6091840f-0bcd-4238-acbe-17f7f66bf78a", + "id": "AI.99", + "severity": "High", + "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/identity-access-landing-zones" + }, + { + "category": "Identity and Access Management", + "subcategory": "Authentication", + "text": "Use Microsoft Entra ID PIM access reviews to periodically validate resource entitlements.", + "waf": "Security", + "service": "Microsoft Entra", + "guid": "c51df970-509c-4110-960a-601dd2348dbf", + "id": "AI.100", + "severity": "High", + "link": "https://learn.microsoft.com/azure/active-directory/privileged-identity-management/pim-create-roles-and-resource-roles-review" + }, + { + "category": "Identity and Access Management", + "subcategory": "Authentication", + "text": "Require clients to authenticate using Entra ID when accessing AI model endpoints.", + "waf": "Security", + "service": "Azure API Management", + "guid": "21f656e3-7ba4-4d23-be79-02a6264a1942", + "id": "AI.101", + "severity": "High", + "link": "https://github.com/Azure/apim-landing-zone-accelerator/blob/main/scenarios/workload-genai/README.md" + }, + { + "category": "Identity and Access Management", + "subcategory": "Entra ID based access", + "text": "Key access (local authentication) is recommended to be disabled for security. After disabling key based access, Microsoft Entra ID becomes the only access method, which allows maintaining minimum privilege principle and granular control. ", + "waf": "Security", + "service": "Azure OpenAI", + "guid": "11cc57b4-a4b1-4410-b439-58a8c2289b3d", + "id": "AI.102", + "severity": "High", + "graph": "resources | where type =~ 'Microsoft.CognitiveServices/accounts' or type == 'microsoft.search/searchservices' | project id, compliant = (properties.disableLocalAuth == true)", + "link": "https://learn.microsoft.com/azure/ai-services/authentication" + }, + { + "category": "Network Topology and Connectivity", + "subcategory": "Azure OpenAI", + "text": "Restrict access to select virtual networks or use private endpoints.", + "waf": "Security", + "service": "Azure OpenAI", + "guid": "c9635b24-65e0-41c9-a442-53f320f2054f", + "id": "AI.103", + "severity": "High", + "link": "https://learn.microsoft.com/azure/ai-studio/how-to/configure-managed-network" + }, + { + "category": "Network Topology and Connectivity", + "subcategory": "Azure AI Services (Speech, Bing, Translator etc.)", + "text": "Restrict access to select virtual networks or use private endpoints.", + "waf": "Security", + "service": "Azure AI Services", + "guid": "bdd4c29c-da1f-4632-b8ac-b48f713981b1", + "id": "AI.104", + "severity": "High", + "link": "https://learn.microsoft.com/azure/ai-studio/how-to/configure-managed-network" + }, + { + "category": "Network Topology and Connectivity", + "subcategory": "Azure Machine Learning", + "text": "Restrict network access to Azure Machine Learning resources.", + "waf": "Security", + "service": "Azure Machine Learning", + "guid": "d0675476-5676-4392-b98e-953c2720554d", + "id": "AI.105", + "severity": "High", + "link": "https://learn.microsoft.com/azure/machine-learning/concept-network-isolation-configurations" + }, + { + "category": "Network Topology and Connectivity", + "subcategory": "Azure AI Services", + "text": "Configure data loss prevention for Azure AI services.", + "waf": "Security", + "service": "Azure AI Services", + "guid": "b0ffe298-2f44-4af0-94c6-250e732b3e28", + "id": "AI.106", + "severity": "High", + "link": "https://learn.microsoft.com/azure/ai-services/cognitive-services-data-loss-prevention?branch=main&tabs=azure-cli" + }, + { + "category": "Network Topology and Connectivity", + "subcategory": "Azure AI Foundry", + "text": "Limit outbound traffic from your AI resources.", + "waf": "Security", + "service": "Azure AI Foundry", + "guid": "fa191645-9897-4e46-82a7-d30aa352f7d2", + "id": "AI.107", + "severity": "High", + "link": "https://learn.microsoft.com/azure/ai-studio/how-to/configure-managed-network?branch=main&tabs=portal" + }, + { + "category": "Network Topology and Connectivity", + "subcategory": "Azure Machine Learning", + "text": "Allow only approved network outbound mode.", + "waf": "Security", + "service": "Azure Machine Learning", + "guid": "3b85ba90-0f99-4b74-ab1f-40ca251f3706", + "id": "AI.108", + "severity": "High", + "link": "https://learn.microsoft.com/azure/machine-learning/how-to-network-isolation-planning?view=azureml-api-2&branch=main" + }, + { + "category": "Network Topology and Connectivity", + "subcategory": "API Gateway", + "text": "Deploy a API Gateway solution like API-Management to load balance requests, rate limit tokens, keyless authentication and monitor AI usage.", + "waf": "Security", + "service": "Azure API Management", + "guid": "129b5c68-132e-4839-ac3a-ebe7c14bc08e", + "id": "AI.109", + "severity": "High", + "link": "https://github.com/Azure/apim-landing-zone-accelerator/blob/main/scenarios/workload-genai/README.md" + }, + { + "category": "Network Topology and Connectivity ", + "subcategory": "Azure AI Foundry", + "text": "Configure the AI managed network and use private endpoints.", + "waf": "Security", + "service": "Azure AI Foundry", + "guid": "e3a78016-e8d8-4598-9cbf-02599ff12e3d", + "id": "AI.110", + "severity": "High", + "link": "https://learn.microsoft.com/azure/ai-studio/how-to/configure-managed-network" + }, + { + "category": "Operations", + "subcategory": "Operations", + "text": "Use Dynamic Sessions in Azure Container Apps, to ensure each code execution occurs in a fresh, isolated environment that is destroyed after use.", + "waf": "Security", + "service": "Azure Container Apps", + "guid": "be2ade6f-bea6-4092-9dab-49e8f8c2ddb7", + "id": "AI.111", + "severity": "High", + "link": "https://learn.microsoft.com/azure/container-apps/sessions?tabs=azure-cli" + }, + { + "category": "Operations", + "subcategory": "Operations", + "text": "Set resource limits (CPU, memory, disk usage) for code execution environments to prevent any single execution from consuming excessive resources.", + "waf": "Security", + "service": "NA", + "guid": "2ba176b3-5d95-4caf-a870-0b0ecd65c3af", + "id": "AI.112", + "severity": "Medium" + }, + { + "category": "Operations", + "subcategory": "Monitoring", + "text": "Implement a monitoring system to ensure that AI workloads remain aligned with KPIs.", + "waf": "Performance", + "service": "Azure AI Foundry", + "guid": "988b2b85-208c-44f9-9b0d-e81327060c25", + "id": "AI.113", + "severity": "High", + "link": "https://learn.microsoft.com/azure/ai-studio/concepts/evaluation-approach-gen-ai" + }, + { + "category": "Operations", + "subcategory": "Monitoring", + "text": "Proactively identify performance bottlenecks and anomalies.", + "waf": "Performance", + "service": "Azure AI Foundry", + "guid": "48a9f4af-7ab1-45c3-9d62-e06d9df08986", + "id": "AI.114", + "severity": "High", + "link": "https://learn.microsoft.com/azure/ai-studio/how-to/develop/trace-local-sdk" + }, + { + "category": "Operations", + "subcategory": "Monitoring", + "text": "Include service and resource health events as part of the overall platform monitoring solution.", + "waf": "Operations", + "service": "Azure Service Health", + "guid": "6181f3aa-1b06-4ece-b0fe-b373f2ca30d9", + "id": "AI.115", + "severity": "High", + "link": "https://learn.microsoft.com/azure/service-health/alerts-activity-log-service-notifications-portal" + }, + { + "category": "Operations", + "subcategory": "Monitoring", + "text": "Deploy AMBA to establish monitoring for platform components of your landing zone.", + "waf": "Operations", + "service": "Azure Monitor", + "guid": "b49dd9e6-e189-4fc5-a02d-d5cc04583d1d", + "id": "AI.116", + "severity": "Medium", + "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/management-monitor" + }, + { + "category": "Operations", + "subcategory": "Operations", + "text": "Track retirement for pretrained models avoids performance issues when vendor support ends.", + "waf": "Operations", + "service": "Azure AI Services", + "guid": "d71bb244-4ec4-4f61-9ff1-cfdffc0c8036", + "id": "AI.117", + "severity": "High", + "link": "https://learn.microsoft.com/azure/ai-services/openai/concepts/model-retirements" + }, + { + "category": "Operations", + "subcategory": "Operations", + "text": "Schedule regular retraining based on model performance or business needs to ensure the AI system stays relevant.", + "waf": "Operations", + "service": "Azure AI Foundry", + "guid": "e0572cb0-cd12-450c-950c-b007c0fc2afb", + "id": "AI.118", + "severity": "High", + "link": "https://learn.microsoft.com/azure/ai-foundry/model-inference/concepts/model-versions" + }, + { + "category": "Operations", + "subcategory": "Operations", + "text": "Establish model promotion process to promote trained, fine-tuned, and retrained models to higher environments based on performance criteria.", + "waf": "Operations", + "service": "Azure AI Foundry", + "guid": "b73836e9-356c-4aaf-8a2d-af4cd51dfcc1", + "id": "AI.119", + "severity": "Medium", + "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/fine-tuning-deploy?tabs=portal" + }, + { + "category": "Operations", + "subcategory": "Operations", + "text": "Standardize compute management for Azure AI Foundry.", + "waf": "Operations", + "service": "Azure AI Foundry", + "guid": "79eca34e-0aeb-4160-9fe8-0ff5c647e1c7", + "id": "AI.120", + "severity": "Medium", + "link": "https://learn.microsoft.com/azure/ai-studio/how-to/create-manage-compute" + }, + { + "category": "Operations", + "subcategory": "Operations", + "text": "Standardize compute management for Azure Machine Learning.", + "waf": "Operations", + "service": "Azure Machine Learning", + "guid": "a35efa79-4227-4c84-a038-e19d8b8c365f", + "id": "AI.121", + "severity": "Medium", + "link": "https://learn.microsoft.com/azure/machine-learning/how-to-create-attach-compute-studio" + }, + { + "category": "Operations", + "subcategory": "Operations", + "text": "Use resource locks to prevent accidental deletion of critical shared services.", + "waf": "Operations", + "service": "Azure Resource Manager", + "guid": "200a5d55-e0be-450c-83c1-4af6c44fd4bd", + "id": "AI.122", + "severity": "High", + "link": "https://learn.microsoft.com/azure/azure-resource-manager/management/lock-resources?tabs=json" + }, + { + "category": "Operations", + "subcategory": "Operations", + "text": "Enforce recommended guardrails for Azure Open AI", + "waf": "Security", + "service": "Azure Open AI", + "guid": "c4a479ba-3007-4ef8-b845-c15febd3c3e3", + "id": "AI.123", + "severity": "Medium", + "link": "https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Enforce-Guardrails-OpenAI.html" + }, + { + "category": "Operations", + "subcategory": "Operations", + "text": "Enforce recommended guardrails for Machine Learning.", + "waf": "Security", + "service": "Azure Machine Learning", + "guid": "2355aba7-e21a-4bb0-b89a-99597783f4b2", + "id": "AI.124", + "severity": "Medium", + "link": "https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Enforce-Guardrails-MachineLearning.html" + }, + { + "category": "Operations", + "subcategory": "Operations", + "text": "Enforce recommended guardrails for Azure AI Services.", + "waf": "Security", + "service": "Azure AI Services", + "guid": "12ff613a-8408-4ac5-915f-5f46cf7fd970", + "id": "AI.125", + "severity": "Medium", + "link": "https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Enforce-Guardrails-CognitiveServices.html" + }, + { + "category": "Operations", + "subcategory": "Operations", + "text": "Enforce recommended guardrails for API Management", + "waf": "Security", + "service": "Azure API Management", + "guid": "65a0e89a-d016-4eda-b366-af816f1344d6", + "id": "AI.126", + "severity": "Medium", + "link": "https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Enforce-Guardrails-APIM.html" + }, + { + "category": "Operations", + "subcategory": "Operations", + "text": "Ensure high-quality data in the correct format, and likely chunked, enriched, and embedded for AI model consumption.", + "waf": "Operations", + "service": "Azure AI Search", + "guid": "86617182-f039-4f35-ad77-25419a3c98df", + "id": "AI.127", + "severity": "High", + "link": "https://learn.microsoft.com/azure/architecture/ai-ml/guide/rag/rag-solution-design-and-evaluation-guide" + }, + { + "category": "Operations", + "subcategory": "Operations", + "text": "Manage model versioning and detect drift and set alerts when model predictions or LLM responses start to deviate from expected behavior.", + "waf": "Operations", + "service": "Azure AI Foundry", + "guid": "2181bc5a-da1e-4b2e-b83b-4398398f34c2", + "id": "AI.128", + "severity": "Medium", + "link": "https://learn.microsoft.com/azure/ai-studio/concepts/evaluation-approach-gen-ai" + }, + { + "category": "Operations", + "subcategory": "Load Balancing", + "text": "Consider Gateway patterns with APIM or solutions like AI central for better rate limiting, load balancing, authentication and logging", + "waf": "Operations", + "service": "Azure OpenAI", + "guid": "d4391898-cd28-48be-b6b1-7cb8245451e1", + "id": "AI.129", + "severity": "High", + "link": "https://github.com/Azure-Samples/AI-Gateway" + }, + { + "category": "Operations", + "subcategory": "Monitoring", + "text": "Enable monitoring for your AOAI instances", + "waf": "Operations", + "service": "Azure OpenAI", + "guid": "aed3453a-ec72-4392-97a1-52d6cc5e4029", + "id": "AI.130", + "severity": "High", + "link": "https://techcommunity.microsoft.com/t5/fasttrack-for-azure/azure-openai-insights-monitoring-ai-with-confidence/ba-p/4026850" + }, + { + "category": "Operations", + "subcategory": "Alerts", + "text": "Create alerts to notify teams of events such as an entry in the activity log created by an action performed on the resource, such as regenerating its subscription keys or a metric threshold such as the number of errors exceeding 10 in an hour", + "waf": "Operations", + "service": "Azure OpenAI", + "guid": "697cb391-ed16-4b2d-886f-0a0241addde6", + "id": "AI.131", + "severity": "High", + "graph": "resources | where type == 'microsoft.insights/metricalerts' | extend compliant = (properties.targetResourceType =~ 'Microsoft.CognitiveServices/accounts') | project id, compliant", + "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/monitoring#set-up-alerts" + }, + { + "category": "Operations", + "subcategory": "Monitoring", + "text": "Monitor token usage to prevent service disruptions due to capacity", + "waf": "Operations", + "service": "Azure OpenAI", + "guid": "8a477cde-b486-41bc-9bc1-0ae66e25d4d5", + "id": "AI.132", + "severity": "High", + "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/monitoring" + }, + { + "category": "Operations", + "subcategory": "Observability", + "text": "observe metrics like processed inference tokens, generated completion tokens monitor for rate limit", + "waf": "Operations", + "service": "Azure OpenAI", + "guid": "a3aec2c4-e243-46b0-936c-b45e17960eee", + "id": "AI.133", + "severity": "Medium", + "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/monitoring" + }, + { + "category": "Operations", + "subcategory": "Observability", + "text": "Enable and configure Diagnostics for the Azure OpenAI Service. If not sufficient, consider using a gateway such as Azure API Managements in front of Azure OpenAI to log both incoming prompts and outgoing responses, where permitted", + "waf": "Operations", + "service": "Azure OpenAI", + "guid": "fbdf4cc2-eec4-4d76-8c31-d25ffbb46a39", + "id": "AI.134", + "severity": "Low", + "link": "https://techcommunity.microsoft.com/t5/apps-on-azure-blog/build-an-enterprise-ready-azure-openai-solution-with-azure-api/ba-p/3907562" + }, + { + "category": "Operations", + "subcategory": "Infrastructure Deployment", + "text": "Use Infrastructure as code to deploy the Azure OpenAI Service, model deployments, and all related resources", + "waf": "Operations", + "service": "Azure OpenAI", + "guid": "3af30ed3-2947-498b-8178-a2c5a46ceb54", + "id": "AI.135", + "severity": "High", + "link": "https://github.com/Azure-Samples/openai-enterprise-iac" + }, + { + "category": "Operations", + "subcategory": "Hosting model", + "text": "Evaluate usage of Provisioned throughput model ", + "waf": "Performance", + "service": "Azure OpenAI", + "guid": "68889535-e327-4897-b31b-67d67be5962a", + "id": "AI.136", + "severity": "High", + "link": "https://learn.microsoft.com/azure/architecture/ai-ml/architecture/baseline-openai-e2e-chat#azure-openai---performance-efficiency" + }, + { + "category": "Operations", + "subcategory": "Throughput definition", + "text": "Define and evaluate the throughput of the system based on tokens & response per minute and align with requirements", + "waf": "Performance", + "service": "Azure OpenAI", + "guid": "1193846d-697c-4b39-8ed1-6b2d186f0a02", + "id": "AI.137", + "severity": "High", + "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/latency#system-level-throughput" + }, + { + "category": "Operations", + "subcategory": "Latency improvement", + "text": "Improve latency of the system by limiting token sizes, streaming options for applications like chatbots or conversational interfaces. Streaming can enhance the perceived performance of Azure OpenAI applications by delivering responses to users in an incremental manner", + "waf": "Performance", + "service": "Azure OpenAI", + "guid": "41addde6-8a47-47cd-bb48-61bc3bc10ae6", + "id": "AI.138", + "severity": "Medium", + "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/latency#improve-performance" + }, + { + "category": "Operations", + "subcategory": "Elasticity segregation", + "text": "Estimate elasticity demands to determine synchronous and batch request segregation based on priority. For high priority, use synchronous approach and for low priority, asynchronous batch processing with queue is preferred", + "waf": "Performance", + "service": "Azure OpenAI", + "guid": "6e25d4d5-a3ae-4c2c-9e24-36b0336cb45e", + "id": "AI.139", + "severity": "Medium", + "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/latency#batching" + }, + { + "category": "Operations", + "subcategory": "Benchmarking", + "text": "Benchmark token consumption requirements based on estimated demands from consumers. Consider using the Azure OpenAI benchmarking tool to help you validate the throughput if you are using Provisioned Throughput Unit deployments", + "waf": "Performance", + "service": "Azure OpenAI", + "guid": "5bda4332-4f24-4811-9331-82ba51752694", + "id": "AI.140", + "severity": "High", + "link": "https://github.com/Azure/azure-openai-benchmark/" + }, + { + "category": "Operations", + "subcategory": "Elasticity ", + "text": "If you are using Provisioned Throughput Units (PTUs), consider deploying a token-per-minute (TPM) deployment for overflow requests. Use a gateway to route requests to the TPM deployment when the PTU limits are reached.", + "waf": "Performance", + "service": "Azure OpenAI", + "guid": "4008ae7d-7e47-4432-96d8-bdcf55bce619", + "id": "AI.141", + "severity": "Medium", + "link": "https://techcommunity.microsoft.com/t5/fasttrack-for-azure/optimizing-azure-openai-a-guide-to-limits-quotas-and-best/ba-p/4076268" + }, + { + "category": "Operations", + "subcategory": "Model choice", + "text": "Choose the right model for the right task. Pick models with right tradeoff between speed, quality of response and output complexity", + "waf": "Performance", + "service": "Azure OpenAI", + "guid": "e8a13f98-8794-424d-9267-86d60b96c97b", + "id": "AI.142", + "severity": "High", + "link": "https://learn.microsoft.com/azure/ai-services/openai/concepts/models" + }, + { + "category": "Operations", + "subcategory": "Fine tuning", + "text": "Have a baseline for performance without fine-tuning for knowing whether or not fine-tuning has improved model performance", + "waf": "Performance", + "service": "Azure OpenAI", + "guid": "e9951904-8384-45c9-a6cb-2912156a1147", + "id": "AI.143", + "severity": "Medium", + "link": "https://github.com/Azure/azure-openai-benchmark/" + }, + { + "category": "Operations", + "subcategory": "AI Search Vector Limits", + "text": "Plan and manage AI Search Vector storage", + "waf": "Operations", + "service": "Azure OpenAI", + "guid": "3266b225-86f4-4a16-92bd-ddea8a487cde", + "id": "AI.144", + "severity": "Medium", + "link": "https://learn.microsoft.com/azure/search/vector-search-index-size?tabs=portal-vector-quota" + }, + { + "category": "Operations", + "subcategory": "DevOps", + "text": "Ensure deployment of Azure OpenAI instances across your various environments, such as development, test, and production supporting lrarning & experimentation. Apply LLMOps practices to automate the lifecycle management of your GenAI applications", + "waf": "Operations", + "service": "Azure OpenAI", + "guid": "b4861bc3-bc14-4aeb-9e66-e8d9a3aec218", + "id": "AI.145", + "severity": "Medium", + "link": "https://learn.microsoft.com/azure/machine-learning/prompt-flow/how-to-end-to-end-llmops-with-prompt-flow?view=azureml-api-2" + }, + { + "category": "Operations", + "subcategory": "DevOps", + "text": "Evaluate the quality of prompts and applications when switching between model versions", + "waf": "Operations", + "service": "Azure OpenAI", + "guid": "e6436b07-36db-455f-9796-03334bdf9cc2", + "id": "AI.146", + "severity": "Medium", + "link": "https://techcommunity.microsoft.com/t5/ai-azure-ai-services-blog/how-to-control-azure-openai-models/ba-p/4146793" + }, + { + "category": "Operations", + "subcategory": "Development", + "text": "Evaluate, monitor and refine your GenAI apps for features like groundedness, relevance, accuracy, coherence and fluency", + "waf": "Operations", + "service": "Azure OpenAI", + "guid": "3418db61-2712-4650-9bb4-7a393a080327", + "id": "AI.147", + "severity": "Medium", + "link": "https://learn.microsoft.com/azure/machine-learning/prompt-flow/concept-model-monitoring-generative-ai-evaluation-metrics?view=azureml-api-2" + }, + { + "category": "Operations", + "subcategory": "Development", + "text": "Evaluate your Azure AI Search results based on different search parameters", + "waf": "Operations", + "service": "Azure OpenAI", + "guid": "294798b1-578b-4219-a46c-eb5443513592", + "id": "AI.148", + "severity": "Medium" + }, + { + "category": "Operations", + "subcategory": "Development", + "text": "Look at fine tuning models as way of increasing accuracy only when you have tried other basic approaches like prompt engineering and RAG with your data", + "waf": "Operations", + "service": "Azure OpenAI", + "guid": "2744293b-b628-4537-a551-19b08e8f5854", + "id": "AI.149", + "severity": "Medium", + "link": "https://learn.microsoft.com/azure/ai-services/openai/concepts/fine-tuning-considerations" + }, + { + "category": "Operations", + "subcategory": "Development", + "text": "Use prompt engineering techniques to improve the accuracy of LLM responses", + "waf": "Operations", + "service": "Azure OpenAI", + "guid": "287d9cec-166c-4d07-8af9-b141a898a535", + "id": "AI.150", + "severity": "Medium", + "link": "https://learn.microsoft.com/azure/ai-services/openai/concepts/advanced-prompt-engineering?pivots=programming-language-chat-completions" + }, + { + "category": "Operations", + "subcategory": "End user feedback", + "text": "Provide end users with scoring options for LLM responses and track these scores. ", + "waf": "Operations", + "service": "Azure OpenAI", + "guid": "edb117e6-76aa-4f66-aca4-8e5a95f2223e", + "id": "AI.151", + "severity": "Medium", + "link": "https://www.microsoft.com/haxtoolkit/guideline/encourage-granular-feedback/" + }, + { + "category": "Operations", + "subcategory": "Load Balancing", + "text": "Use Load balancer solutions like APIM based gateway for balancing load and capacity across services and regions", + "waf": "Operations", + "service": "Azure OpenAI", + "guid": "9de0d5d7-31d4-41e3-911c-817bfafbc410", + "id": "AI.152", + "severity": "Medium", + "link": "https://github.com/Azure/aoai-apim/blob/main/README.md" + }, + { + "category": "Operations", + "subcategory": "Fine tuning", + "text": "Follow the guidance for fine-tuning with large data files and import the data from an Azure blob store. Large files, 100 MB or larger, can become unstable when uploaded through multipart forms because the requests are atomic and can't be retried or resumed", + "waf": "Reliability", + "service": "Azure OpenAI", + "guid": "9de0d5d7-31d4-41e3-911c-817bfafbc411", + "id": "AI.153", + "severity": "Medium", + "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/fine-tuning?tabs=turbo%2Cpython-new&pivots=programming-language-studio#import-training-data-from-azure-blob-store" + }, + { + "category": "Operations", + "subcategory": "Monitoring", + "text": "Manage rate limits for your model deployments and monitor usage of tokens per minute (TPM) and requests per minute (RPM) for pay-as-you-go deployments", + "waf": "Reliability", + "service": "Azure OpenAI", + "guid": "9de0d5d7-31d4-41e3-911c-817bfafbc412", + "id": "AI.154", + "severity": "Medium", + "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/quota?tabs=rest" + }, + { + "category": "Operations", + "subcategory": "Monitoring", + "text": "Monitor provision-managed utilization if you're using the provisioned throughput payment model", + "waf": "Reliability", + "service": "Azure OpenAI", + "guid": "9de0d5d7-31d4-41e3-911c-817bfafbc413", + "id": "AI.155", + "severity": "Medium", + "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/monitor-openai" + }, + { + "category": "Operations", + "subcategory": "IaC", + "text": "Use infrastructure as code (IaC) to deploy Azure OpenAI, model deployments, and other infrastructure required for fine-tuning models", + "waf": "Operations", + "service": "Azure OpenAI", + "guid": "b4861bc3-bc14-4aeb-9e66-e8d9a3aec219", + "id": "AI.156", + "severity": "Medium", + "link": "https://learn.microsoft.com/azure/ai-services/create-account-bicep" + }, + { + "category": "Operations", + "subcategory": "Development", + "text": "Consider using dedicated model deployments per consumer group to provide per-model usage isolation that can help prevent noisy neighbors between your consumer groups", + "waf": "Operations", + "service": "Azure OpenAI", + "guid": "2744293b-b628-4537-a551-19b08e8f5855", + "id": "AI.157", + "severity": "Medium", + "link": "https://learn.microsoft.com/azure/architecture/guide/multitenant/service/openai" + }, + { + "category": "Operations", + "subcategory": "High Availablity", + "text": "Enable 2 replicas to have 99.9% availability for read operations", + "waf": "Reliability", + "service": "Cognitive Search", + "guid": "41faa1ed-b7f0-447d-8cba-4a4905e5bb83", + "id": "AI.158", + "severity": "High", + "link": "https://learn.microsoft.com/azure/search/search-reliability#high-availability" + }, + { + "category": "Operations", + "subcategory": "High Availablity", + "text": "Enable 3 replicas to have 99.9% availability for read/write operations", + "waf": "Reliability", + "service": "Cognitive Search", + "guid": "7d956fd9-788a-4845-9b9f-c0340972d810", + "id": "AI.159", + "severity": "Medium", + "link": "https://learn.microsoft.com/azure/search/search-reliability#high-availability" + }, + { + "category": "Operations", + "subcategory": "High Availablity", + "text": "Leverage Availability Zones by enabling read and/or write replicas", + "waf": "Reliability", + "service": "Cognitive Search", + "guid": "44dc5f2b-a032-4d03-aae8-90c3f2c0a4c3", + "id": "AI.160", + "severity": "High", + "link": "https://learn.microsoft.com/azure/search/search-reliability#availability-zone-support" + }, + { + "category": "Operations", + "subcategory": "Georeplication", + "text": "For regional redudancy, Manually create services in 2 or more regions for Search as it doesn't provide an automated method of replicating search indexes across geographic regions", + "waf": "Reliability", + "service": "Cognitive Search", + "guid": "cd0730f0-0ff1-4b77-9a2b-2a1f7dd5e291", + "id": "AI.161", + "severity": "Medium", + "link": "https://learn.microsoft.com/azure/search/search-reliability#multiple-services-in-separate-geographic-regions" + }, + { + "category": "Operations", + "subcategory": "Georeplication", + "text": "To synchronize data across multiple services either Use indexers for updating content on multiple services or Use REST APIs for pushing content updates on multiple services", + "waf": "Reliability", + "service": "Cognitive Search", + "guid": "3c964882-aec9-4d44-9f68-4b5f2efbbdb6", + "id": "AI.162", + "severity": "Medium", + "link": "https://learn.microsoft.com/azure/search/search-reliability#synchronize-data-across-multiple-services" + }, + { + "category": "Operations", + "subcategory": "Georeplication", + "text": "Use Azure Traffic Manager to coordinate requests", + "waf": "Reliability", + "service": "Cognitive Search", + "guid": "85ee93c9-f53c-4803-be51-e6e4aa37ff4e", + "id": "AI.163", + "severity": "Medium", + "link": "https://learn.microsoft.com/azure/search/search-reliability#use-azure-traffic-manager-to-coordinate-requests" + }, + { + "category": "Operations", + "subcategory": "Disaster Recovery", + "text": "Backup and Restore an Azure Cognitive Search Index. Use this sample code to back up index definition and snapshot to a series of Json files", + "waf": "Reliability", + "service": "Cognitive Search", + "guid": "7be10278-57c1-4a61-8ee3-895aebfec5aa", + "id": "AI.164", + "severity": "High", + "link": "https://learn.microsoft.com/azure/search/search-reliability#back-up-and-restore-alternatives" + }, + { + "category": "Operations", + "subcategory": "Best Practice", + "text": "Leverage FTA HandBook for Cognitive Services", + "waf": "Reliability", + "service": "Cognitive Services", + "guid": "21c30d25-ffb7-4f6a-b9ea-b3fec328f787", + "id": "AI.165", + "severity": "Medium", + "link": "https://github.com/Azure/fta-resiliencyplaybooks/blob/main/paas-foundations-playbooks-cog_svcs_v1.docx" + }, + { + "category": "Operations", + "subcategory": "Backup", + "text": "Backup Your Prompts", + "waf": "Reliability", + "service": "Cognitive Services", + "guid": "78c34698-16b2-4763-aefe-1b9b599de0d5", + "id": "AI.166", + "severity": "Medium", + "link": "https://learn.microsoft.com/azure/ai-services/openai/concepts/advanced-prompt-engineering?pivots=programming-language-chat-completions" + }, + { + "category": "Operations", + "subcategory": "Backup", + "text": "Business Continuity and Disaster Recovery (BCDR) considerations with Azure OpenAI Service", + "waf": "Reliability", + "service": "Cognitive Services", + "guid": "750ab2ab-039d-4a6d-95d7-c892adb107d5", + "id": "AI.167", + "severity": "High", + "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/business-continuity-disaster-recovery" + }, + { + "category": "Operations", + "subcategory": "Backup", + "text": "Backup Your ChatGPT conversations", + "waf": "Reliability", + "service": "Cognitive Services", + "guid": "325af625-ca44-4e46-a5e2-223ace8bb123", + "id": "AI.168", + "severity": "Medium", + "link": "https://github.com/abacaj/chatgpt-backup#backup-your-chatgpt-conversations" + }, + { + "category": "Operations", + "subcategory": "DevOps", + "text": "CI/CD for custom speech", + "waf": "Reliability", + "service": "Cognitive Services", + "guid": "07ca5f17-f154-4e3a-a369-2829e7e31618", + "id": "AI.169", + "severity": "Medium", + "link": "https://learn.microsoft.com/azure/ai-services/speech-service/how-to-custom-speech-continuous-integration-continuous-deployment" + }, + { + "category": "Operations", + "subcategory": "QnA Service", + "text": "Move a knowledge base using export-import", + "waf": "Reliability", + "service": "Cognitive Services", + "guid": "3687a046-7a1f-4893-9bda-43324f248116", + "id": "AI.170", + "severity": "Low", + "link": "https://learn.microsoft.com/azure/ai-services/qnamaker/tutorials/export-knowledge-base" + }, + { + "category": "Governance and Security", + "subcategory": "Metaprompting", + "text": "Follow Metaprompting guardrails for resonsible AI", + "waf": "Operations", + "service": "Azure OpenAI", + "guid": "a85b86ad-884f-48e3-9273-4b875ba18f10", + "id": "AI.171", + "severity": "High", + "link": "https://learn.microsoft.com/azure/ai-services/openai/concepts/system-message#define-additional-safety-and-behavioral-guardrails" + }, + { + "category": "Governance and Security", + "subcategory": "Evaluation", + "text": "Evaluate the performance/accuracy of the system with a known golden dataset which has the inputs and the correct answers. Leverage capabilities in PromptFlow for Evaluation.", + "waf": "Operations", + "service": "Azure OpenAI", + "guid": "4e4f1854-287d-45cd-a126-cc031af5b1fc", + "id": "AI.172", + "severity": "High", + "link": "https://learn.microsoft.com/azure/machine-learning/prompt-flow/how-to-bulk-test-evaluate-flow?view=azureml-api-2" + }, + { + "category": "Governance and Security", + "subcategory": "Content Safety", + "text": "Review and implement Azure AI content safety", + "waf": "Operations", + "service": "Azure OpenAI", + "guid": "cd288bed-6b17-4cb8-8454-51e1aed3453a", + "id": "AI.173", + "severity": "High", + "link": "https://learn.microsoft.com/azure/ai-services/content-safety/overview" + }, + { + "category": "Governance and Security", + "subcategory": "UX best practice", + "text": "Review the considerations in HAI toolkit guidance and apply those interaction practices for the slution", + "waf": "Operations", + "service": "Azure OpenAI", + "guid": "ec723923-7a15-42d6-ac5e-402925387e5c", + "id": "AI.174", + "severity": "Medium", + "link": "https://www.microsoft.com/research/project/guidelines-for-human-ai-interaction/" + }, + { + "category": "Governance and Security", + "subcategory": "Jail break Safety", + "text": "Implement Prompt shields and groundedness detection using Content Safety ", + "waf": "Operations", + "service": "Azure OpenAI", + "guid": "a9c27d9c-42bb-46bd-8c69-99a246f3389a", + "id": "AI.175", + "severity": "High", + "link": "https://learn.microsoft.com/azure/ai-services/content-safety/concepts/jailbreak-detection" + }, + { + "category": "Governance and Security", + "subcategory": "Governance", + "text": "Adhere to Azure OpenAI or other LLMs terms of use, policies and guidance and allowed use cases", + "waf": "Operations", + "service": "Azure OpenAI", + "guid": "e29711b1-352b-4eee-879b-588defc4972c", + "id": "AI.176", + "severity": "High", + "link": "https://learn.microsoft.com/legal/cognitive-services/openai/code-of-conduct" + }, + { + "category": "Governance and Security", + "subcategory": "Content Safety", + "text": "Tune content filters to minimize false positives from overly aggressive filters.", + "waf": "Reliability", + "service": "Azure OpenAI", + "guid": "9de0d5d7-31d4-41e3-911c-817bfafbc414", + "id": "AI.177", + "severity": "Medium", + "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/content-filters" + } + ], + "categories": [ + { + "name": "Identity and Access Management" + }, + { + "name": "Network Topology and Connectivity" + }, + { + "name": "BC and DR" + }, + { + "name": "Governance and Security" + }, + { + "name": "Cost Governance" + }, + { + "name": "Operations" + }, + { + "name": "Application Deployment" + } + ], + "waf": [ + { + "name": "Reliability" + }, + { + "name": "Security" + }, + { + "name": "Cost" + }, + { + "name": "Operations" + }, + { + "name": "Performance" + } + ], + "yesno": [ + { + "name": "Yes" + }, + { + "name": "No" + } + ], + "status": [ + { + "name": "Not verified", + "description": "This check has not been looked at yet" + }, + { + "name": "Open", + "description": "There is an action item associated to this check" + }, + { + "name": "Fulfilled", + "description": "This check has been verified, and there are no further action items associated to it" + }, + { + "name": "Not required", + "description": "Recommendation understood, but not needed by current requirements" + }, + { + "name": "N/A", + "description": "Not applicable for current design" + } + ], + "severities": [ + { + "name": "High" + }, + { + "name": "Medium" + }, + { + "name": "Low" + } + ], + "metadata": { + "name": "AI Landing Zone", + "state": "Preview", + "waf": "all", + "timestamp": "April 04, 2025" + } + } + + \ No newline at end of file diff --git a/checklists/aoai_checklist.en.json b/checklists/aoai_checklist.en.json deleted file mode 100644 index 8df319829..000000000 --- a/checklists/aoai_checklist.en.json +++ /dev/null @@ -1,1070 +0,0 @@ -{ - "items": [ - { - "category": "Responsible AI", - "subcategory": "Metaprompting", - "text": "Follow Metaprompting guardrails for resonsible AI", - "waf": "Operational Excellence", - "service": "OpenAI", - "guid": "a85b86ad-884f-48e3-9273-4b875ba18f10", - "id": "AOAI.1", - "severity": "High", - "link": "https://learn.microsoft.com/azure/ai-services/openai/concepts/system-message#define-additional-safety-and-behavioral-guardrails" - }, - { - "category": "Operations Management", - "subcategory": "Load Balancing", - "text": "Consider Gateway patterns with APIM or solutions like AI central for better rate limiting, load balancing, authentication and logging", - "waf": "Operational Excellence", - "service": "OpenAI", - "guid": "d4391898-cd28-48be-b6b1-7cb8245451e1", - "id": "AOAI.10", - "severity": "High", - "link": "https://github.com/Azure-Samples/AI-Gateway" - }, - { - "category": "Operations Management", - "subcategory": "Monitoring", - "text": "Enable monitoring for your AOAI instances", - "waf": "Operational Excellence", - "service": "OpenAI", - "guid": "aed3453a-ec72-4392-97a1-52d6cc5e4029", - "id": "AOAI.11", - "severity": "High", - "link": "https://techcommunity.microsoft.com/t5/fasttrack-for-azure/azure-openai-insights-monitoring-ai-with-confidence/ba-p/4026850" - }, - { - "category": "Operations Management", - "subcategory": "Alerts", - "text": "Create alerts to notify teams of events such as an entry in the activity log created by an action performed on the resource, such as regenerating its subscription keys or a metric threshold such as the number of errors exceeding 10 in an hour", - "waf": "Operational Excellence", - "service": "OpenAI", - "guid": "697cb391-ed16-4b2d-886f-0a0241addde6", - "id": "AOAI.12", - "graph": "resources | where type == 'microsoft.insights/metricalerts' | extend compliant = (properties.targetResourceType =~ 'Microsoft.CognitiveServices/accounts') | project id, compliant", - "severity": "High", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/monitoring#set-up-alerts" - }, - { - "category": "Operations Management", - "subcategory": "Monitoring", - "text": "Monitor token usage to prevent service disruptions due to capacity", - "waf": "Operational Excellence", - "service": "OpenAI", - "guid": "8a477cde-b486-41bc-9bc1-0ae66e25d4d5", - "id": "AOAI.13", - "severity": "High", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/monitoring" - }, - { - "category": "Operations Management", - "subcategory": "Observability", - "text": "observe metrics like processed inference tokens, generated completion tokens monitor for rate limit", - "waf": "Operational Excellence", - "service": "OpenAI", - "guid": "a3aec2c4-e243-46b0-936c-b45e17960eee", - "id": "AOAI.14", - "severity": "Medium", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/monitoring" - }, - { - "category": "Operations Management", - "subcategory": "Observability", - "text": "Enable and configure Diagnostics for the Azure OpenAI Service. If not sufficient, consider using a gateway such as Azure API Managements in front of Azure OpenAI to log both incoming prompts and outgoing responses, where permitted", - "waf": "Operational Excellence", - "service": "OpenAI", - "guid": "fbdf4cc2-eec4-4d76-8c31-d25ffbb46a39", - "id": "AOAI.15", - "severity": "Low", - "link": "https://techcommunity.microsoft.com/t5/apps-on-azure-blog/build-an-enterprise-ready-azure-openai-solution-with-azure-api/ba-p/3907562" - }, - { - "category": "Operations Management", - "subcategory": "Infrastructure Deployment", - "text": "Use Infrastructure as code to deploy the Azure OpenAI Service, model deployments, and all related resources", - "waf": "Operational Excellence", - "service": "OpenAI", - "guid": "3af30ed3-2947-498b-8178-a2c5a46ceb54", - "id": "AOAI.16", - "severity": "High", - "link": "https://github.com/Azure-Samples/openai-enterprise-iac" - }, - { - "category": "Governance and Security", - "subcategory": "Authentication", - "text": "Use Microsoft Entra Authentication with Managed Identity instead of API Key", - "waf": "Security", - "service": "OpenAI", - "guid": "4350d092-d234-4292-a752-8537a551c5bf", - "id": "AOAI.17", - "severity": "High", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/managed-identity" - }, - { - "category": "Responsible AI", - "subcategory": "Evaluation", - "text": "Evaluate the performance/accuracy of the system with a known golden dataset which has the inputs and the correct answers. Leverage capabilities in PromptFlow for Evaluation.", - "waf": "Operational Excellence", - "service": "OpenAI", - "guid": "4e4f1854-287d-45cd-a126-cc031af5b1fc", - "id": "AOAI.18", - "severity": "High", - "link": "https://learn.microsoft.com/azure/machine-learning/prompt-flow/how-to-bulk-test-evaluate-flow?view=azureml-api-2" - }, - { - "category": "Operations Management", - "subcategory": "Hosting model", - "text": "Evaluate usage of Provisioned throughput model ", - "waf": "Performance", - "service": "OpenAI", - "guid": "68889535-e327-4897-b31b-67d67be5962a", - "id": "AOAI.19", - "severity": "High", - "link": "https://learn.microsoft.com/azure/architecture/ai-ml/architecture/baseline-openai-e2e-chat#azure-openai---performance-efficiency" - }, - { - "category": "Responsible AI", - "subcategory": "Content Safety", - "text": "Review and implement Azure AI content safety", - "waf": "Operational Excellence", - "service": "OpenAI", - "guid": "cd288bed-6b17-4cb8-8454-51e1aed3453a", - "id": "AOAI.2", - "severity": "High", - "link": "https://learn.microsoft.com/azure/ai-services/content-safety/overview" - }, - { - "category": "Operations Management", - "subcategory": "Throughput definition", - "text": "Define and evaluate the throughput of the system based on tokens & response per minute and align with requirements", - "waf": "Performance", - "service": "OpenAI", - "guid": "1193846d-697c-4b39-8ed1-6b2d186f0a02", - "id": "AOAI.20", - "severity": "High", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/latency#system-level-throughput" - }, - { - "category": "Operations Management", - "subcategory": "Latency improvement", - "text": "Improve latency of the system by limiting token sizes, streaming options for applications like chatbots or conversational interfaces. Streaming can enhance the perceived performance of Azure OpenAI applications by delivering responses to users in an incremental manner", - "waf": "Performance", - "service": "OpenAI", - "guid": "41addde6-8a47-47cd-bb48-61bc3bc10ae6", - "id": "AOAI.21", - "severity": "Medium", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/latency#improve-performance" - }, - { - "category": "Operations Management", - "subcategory": "Elasticity segregation", - "text": "Estimate elasticity demands to determine synchronous and batch request segregation based on priority. For high priority, use synchronous approach and for low priority, asynchronous batch processing with queue is preferred", - "waf": "Performance", - "service": "OpenAI", - "guid": "6e25d4d5-a3ae-4c2c-9e24-36b0336cb45e", - "id": "AOAI.22", - "severity": "Medium", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/latency#batching" - }, - { - "category": "Operations Management", - "subcategory": "Benchmarking", - "text": "Benchmark token consumption requirements based on estimated demands from consumers. Consider using the Azure OpenAI benchmarking tool to help you validate the throughput if you are using Provisioned Throughput Unit deployments", - "waf": "Performance", - "service": "OpenAI", - "guid": "5bda4332-4f24-4811-9331-82ba51752694", - "id": "AOAI.23", - "severity": "High", - "link": "https://github.com/Azure/azure-openai-benchmark/" - }, - { - "category": "Operations Management", - "subcategory": "Elasticity ", - "text": "If you are using Provisioned Throughput Units (PTUs), consider deploying a token-per-minute (TPM) deployment for overflow requests. Use a gateway to route requests to the TPM deployment when the PTU limits are reached.", - "waf": "Performance", - "service": "OpenAI", - "guid": "4008ae7d-7e47-4432-96d8-bdcf55bce619", - "id": "AOAI.24", - "severity": "Medium", - "link": "https://techcommunity.microsoft.com/t5/fasttrack-for-azure/optimizing-azure-openai-a-guide-to-limits-quotas-and-best/ba-p/4076268" - }, - { - "category": "Operations Management", - "subcategory": "Model choice", - "text": "Choose the right model for the right task. Pick models with right tradeoff between speed, quality of response and output complexity", - "waf": "Performance", - "service": "OpenAI", - "guid": "e8a13f98-8794-424d-9267-86d60b96c97b", - "id": "AOAI.25", - "severity": "High", - "link": "https://learn.microsoft.com/azure/ai-services/openai/concepts/models" - }, - { - "category": "Operations Management", - "subcategory": "Fine tuning", - "text": "Have a baseline for performance without fine-tuning for knowing whether or not fine-tuning has improved model performance", - "waf": "Performance", - "service": "OpenAI", - "guid": "e9951904-8384-45c9-a6cb-2912156a1147", - "id": "AOAI.26", - "severity": "Medium", - "link": "https://github.com/Azure/azure-openai-benchmark/" - }, - { - "category": "BC and DR", - "subcategory": "Multi-region architecture", - "text": "Deploy multiple OAI instances across regions", - "waf": "Reliability", - "service": "OpenAI", - "guid": "5e39f541-accc-4d97-a376-bcdb3750ab2a", - "id": "AOAI.27", - "severity": "Low", - "link": "https://learn.microsoft.com/azure/architecture/ai-ml/architecture/baseline-openai-e2e-chat#azure-openai---reliability" - }, - { - "category": "BC and DR", - "subcategory": "Load balancing", - "text": "Implement retry & healthchecks with Gateway pattern like APIM", - "waf": "Reliability", - "service": "OpenAI", - "guid": "b039da6d-55d7-4c89-8adb-107d5325af62", - "id": "AOAI.28", - "severity": "High", - "link": "https://learn.microsoft.com/azure/architecture/ai-ml/architecture/baseline-openai-e2e-chat#azure-openai---reliability" - }, - { - "category": "BC and DR", - "subcategory": "Quotas", - "text": "Ensure having adequate quotas of TPM & RPM for the workload", - "waf": "Reliability", - "service": "OpenAI", - "guid": "5ca44e46-85e2-4223-ace8-bb12308ca5f1", - "id": "AOAI.29", - "severity": "Medium", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/quota?tabs=rest#introduction-to-quota" - }, - { - "category": "Responsible AI", - "subcategory": "UX best practice", - "text": "Review the considerations in HAI toolkit guidance and apply those interaction practices for the slution", - "waf": "Operational Excellence", - "service": "OpenAI", - "guid": "ec723923-7a15-42d6-ac5e-402925387e5c", - "id": "AOAI.3", - "severity": "Medium", - "link": "https://www.microsoft.com/research/project/guidelines-for-human-ai-interaction/" - }, - { - "category": "BC and DR", - "subcategory": "Load balancing", - "text": "Deploy separate fine tuned models across regions if finetuning is employed", - "waf": "Reliability", - "service": "OpenAI", - "guid": "7f154e3a-a369-4282-ae7e-316183687a04", - "id": "AOAI.30", - "severity": "Medium", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/business-continuity-disaster-recovery" - }, - { - "category": "BC and DR", - "subcategory": "Data Backup and Disaster Recovery", - "text": "Regularly backup and replicate critical data to ensure data availability and recoverability in case of data loss or system failures. Leverage Azure's backup and disaster recovery services to protect your data.", - "waf": "Reliability", - "service": "OpenAI", - "guid": "77a1f893-5bda-4433-84f2-4811633182ba", - "id": "AOAI.31", - "severity": "Medium", - "link": "https://learn.microsoft.com/azure/backup/backup-overview" - }, - { - "category": "BC and DR", - "subcategory": "SLA considerations", - "text": "Azure AI search service tiers should be choosen to have a SLA ", - "waf": "Reliability", - "service": "OpenAI", - "guid": "95b96ad8-844c-4e3b-8b38-b876ba2cf204", - "id": "AOAI.32", - "graph": "resources | where type == 'microsoft.search/searchservices' | extend compliant = (sku.name != 'free' and properties.replicaCount >= 3) | project id, compliant", - "severity": "High", - "link": "https://learn.microsoft.com/azure/search/search-reliability" - }, - { - "category": "Governance and Security", - "subcategory": "Data Sensitivity", - "text": "Classify data and sensitivity, labeling with Microsoft Purview before generating the embeddings and make sure to treat the embeddings generated with same sensitivity and classification", - "waf": "Security", - "service": "OpenAI", - "guid": "99013a5d-3ce4-474d-acbd-8682a6abca2a", - "id": "AOAI.33", - "severity": "Low", - "link": "https://learn.microsoft.com/purview/purview" - }, - { - "category": "Governance and Security", - "subcategory": "Encryption at Rest", - "text": "Encrypt data used for RAG with SSE/Disk encryption with optional BYOK", - "waf": "Security", - "service": "OpenAI", - "guid": "4fda1dbf-3dd9-45d4-ac7c-891dca1f6d56", - "id": "AOAI.34", - "severity": "High", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/use-your-data-securely" - }, - { - "category": "Governance and Security", - "subcategory": "Transit Encryption", - "text": "Ensure TLS is enforced for data in transit across data sources, AI search used for Retrieval-Augmented Generation (RAG) and LLM communication", - "waf": "Security", - "service": "OpenAI", - "guid": "59ae558b-937d-4498-9e11-12dbd7ba012f", - "id": "AOAI.35", - "severity": "High", - "link": "https://learn.microsoft.com/azure/search/search-security-overview" - }, - { - "category": "Governance and Security", - "subcategory": "Access Control", - "text": "Use RBAC to manage access to Azure OpenAI services. Assign appropriate permissions to users and restrict access based on their roles and responsibilities", - "waf": "Security", - "service": "OpenAI", - "guid": "7b94ef6e-047d-42ea-8992-b1cd6e2054b2", - "id": "AOAI.36", - "severity": "High", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/role-based-access-control" - }, - { - "category": "Governance and Security", - "subcategory": "Data Masking and Redaction", - "text": "Implement data encryption, masking or redaction techniques to hide sensitive data or replace it with obfuscated values in non-production environments or when sharing data for testing or troubleshooting purposes", - "waf": "Security", - "service": "OpenAI", - "guid": "9769e4a6-91e8-4838-ac93-6667e13c0056", - "id": "AOAI.37", - "severity": "Medium", - "link": "https://learn.microsoft.com/azure/security/fundamentals/data-encryption-best-practices" - }, - { - "category": "Governance and Security", - "subcategory": "Threat Detection and Monitoring", - "text": "Utilize Azure Defender to detect and respond to security threats and set up monitoring and alerting mechanisms to identify suspicious activities or breaches. Leverage Azure Sentinel for advanced threat detection and response", - "waf": "Security", - "service": "OpenAI", - "guid": "74b1e945-b459-4837-be7a-d6c6d3b375a5", - "id": "AOAI.38", - "severity": "High", - "link": "https://learn.microsoft.com/azure/defender-for-cloud/ai-onboarding" - }, - { - "category": "Governance and Security", - "subcategory": "Data Retention and Disposal", - "text": "Establish data retention and disposal policies to adhere to compliance regulations. Implement secure deletion methods for data that is no longer required and maintain an audit trail of data retention and disposal activities", - "waf": "Security", - "service": "OpenAI", - "guid": "c7acbe48-abe5-44cd-99f2-e87768468c55", - "id": "AOAI.39", - "severity": "Medium", - "link": "https://techcommunity.microsoft.com/t5/azure-storage-blog/managing-long-term-log-retention-or-any-business-data/ba-p/2494791" - }, - { - "category": "Responsible AI", - "subcategory": "Jail break Safety", - "text": "Implement Prompt shields and groundedness detection using Content Safety ", - "waf": "Operational Excellence", - "service": "OpenAI", - "guid": "a9c27d9c-42bb-46bd-8c69-99a246f3389a", - "id": "AOAI.4", - "severity": "High", - "link": "https://learn.microsoft.com/azure/ai-services/content-safety/concepts/jailbreak-detection" - }, - { - "category": "Governance and Security", - "subcategory": "Data Privacy and Compliance", - "text": "Ensure compliance with relevant data protection regulations, such as GDPR or HIPAA, by implementing privacy controls and obtaining necessary consents or permissions for data processing activities.", - "waf": "Security", - "service": "OpenAI", - "guid": "a775c6ee-95b9-46ad-a844-ce3b2b38b876", - "id": "AOAI.40", - "severity": "High", - "link": "https://learn.microsoft.com/azure/compliance/" - }, - { - "category": "Governance and Security", - "subcategory": "Employee Awareness and Training", - "text": "Educate your employees about data security best practices, the importance of handling data securely, and potential risks associated with data breaches. Encourage them to follow data security protocols diligently.", - "waf": "Security", - "service": "OpenAI", - "guid": "ba2cf204-9901-43a5-b3ce-474dccbd8682", - "id": "AOAI.41", - "severity": "Medium" - }, - { - "category": "Governance and Security", - "subcategory": "Environment segregation", - "text": "Keep production data separate from development and testing data. Only use real sensitive data in production and utilize anonymized or synthetic data in development and test environments.", - "waf": "Security", - "service": "OpenAI", - "guid": "eae01e6e-842e-452f-9721-d928c1b1cd52", - "id": "AOAI.42", - "severity": "High" - }, - { - "category": "Governance and Security", - "subcategory": "Index Segregation", - "text": "If you have varying levels of data sensitivity, consider creating separate indexes for each level. For instance, you could have one index for general data and another for sensitive data, each governed by different access protocols", - "waf": "Security", - "service": "OpenAI", - "guid": "1e54a29a-9de3-499c-bd7b-28dc93555620", - "id": "AOAI.43", - "severity": "Medium" - }, - { - "category": "Governance and Security", - "subcategory": "Sensitive Data in Separate Instances", - "text": "Take segregation a step further by placing sensitive datasets in different instances of the service. Each instance can be controlled with its own specific set of RBAC policies", - "waf": "Security", - "service": "OpenAI", - "guid": "2bfe4564-b0d8-434a-948b-263e6dd60512", - "id": "AOAI.44", - "severity": "Medium" - }, - { - "category": "Governance and Security", - "subcategory": "Embedding and Vector handling", - "text": "Recognize that embeddings and vectors generated from sensitive information are themselves sensitive. This data should be afforded the same protective measures as the source material", - "waf": "Security", - "service": "OpenAI", - "guid": "a36498f6-dbad-438e-ad53-cc7ce1d7aaab", - "id": "AOAI.45", - "severity": "High" - }, - { - "category": "Governance and Security", - "subcategory": "Access control", - "text": "Apply RBAC to th data stores having embeddings and vectors and scope access based on role's access requirements", - "waf": "Security", - "service": "OpenAI", - "guid": "3571449a-b805-43d8-af89-dc7b33be2a1a", - "id": "AOAI.46", - "severity": "High", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/role-based-access-control" - }, - { - "category": "Governance and Security", - "subcategory": "Network security", - "text": "Configure private endpoint for AI services to restrict service access within your network", - "waf": "Security", - "service": "OpenAI", - "guid": "27f7b9e9-1be1-4f38-aef3-9812bd463cbb", - "id": "AOAI.47", - "graph": "resources | where type =~ 'Microsoft.CognitiveServices/accounts' or type == 'microsoft.search/searchservices' | project id, compliant = (properties.privateEndpointConnections != '[]' and properties.publicNetworkAccess !~ 'enabled')", - "severity": "High", - "link": "https://techcommunity.microsoft.com/t5/azure-architecture-blog/azure-openai-private-endpoints-connecting-across-vnet-s/ba-p/3913325" - }, - { - "category": "Governance and Security", - "subcategory": "Network security", - "text": "Enforce strict inbound and outbound traffic control with Azure Firewall and UDRs and limit the external integration points", - "waf": "Security", - "service": "OpenAI", - "guid": "ac8ac199-ebb9-41a3-9d90-cae2cc881370", - "id": "AOAI.48", - "severity": "High" - }, - { - "category": "Governance and Security", - "subcategory": "Control Network Access", - "text": "Implement network segmentation and access controls to restrict access to the LLM application only to authorized users and systems and prevent lateral movement", - "waf": "Security", - "service": "OpenAI", - "guid": "6f7c0cba-fe51-4464-add4-57e927138b82", - "id": "AOAI.49", - "severity": "High" - }, - { - "category": "Cost Optimization", - "subcategory": "Token Optimization", - "text": "Use prompt compression tools like LLMLingua or gprtrim", - "waf": "Cost Optimization", - "service": "OpenAI", - "guid": "7f42c78e-78cb-46a2-8ad1-90916e6a8d8f", - "id": "AOAI.5", - "severity": "Medium", - "link": "https://www.microsoft.com/research/blog/llmlingua-innovating-llm-efficiency-with-prompt-compression/" - }, - { - "category": "Governance and Security", - "subcategory": "Secure APIs and Endpoints", - "text": "Ensure that APIs and endpoints used by the LLM application are properly secured with authentication and authorization mechanisms, such as Managed identities, API keys or OAuth, to prevent unauthorized access.", - "waf": "Security", - "service": "OpenAI", - "guid": "1102cac6-eae0-41e6-b842-e52f4721d928", - "id": "AOAI.50", - "graph": "resources | where type =~ 'Microsoft.CognitiveServices/accounts' or type == 'microsoft.search/searchservices' | project id, compliant = (isnotnull(identity))", - "severity": "High", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/managed-identity" - }, - { - "category": "Governance and Security", - "subcategory": "Implement Strong Authentication", - "text": "Enforce strong end user authentication mechanisms, such as multi-factor authentication, to prevent unauthorized access to the LLM application and associated network resources", - "waf": "Security", - "service": "OpenAI", - "guid": "c1b1cd52-1e54-4a29-a9de-399cfd7b28dc", - "id": "AOAI.51", - "severity": "Medium", - "link": "https://techcommunity.microsoft.com/t5/azure-architecture-blog/security-best-practices-for-genai-applications-openai-in-azure/ba-p/4027885" - }, - { - "category": "Governance and Security", - "subcategory": "Use Network Monitoring", - "text": "Implement network monitoring tools to detect and analyze network traffic for any suspicious or malicious activities. Enable logging to capture network events and facilitate forensic analysis in case of security incidents", - "waf": "Security", - "service": "OpenAI", - "guid": "93555620-2bfe-4456-9b0d-834a348b263e", - "id": "AOAI.52", - "severity": "Medium" - }, - { - "category": "Governance and Security", - "subcategory": "Security Audits and Penetration Testing", - "text": "Conduct security audits and penetration testing to identify and address any network security weaknesses or vulnerabilities in the LLM application's network infrastructure", - "waf": "Security", - "service": "OpenAI", - "guid": "6dd60512-a364-498f-9dba-d38ead53cc7c", - "id": "AOAI.53", - "severity": "Medium" - }, - { - "category": "Governance and Security", - "subcategory": "Infrastructure Deployment", - "text": "Azure AI Services are properly tagged for better management", - "waf": "Operational Excellence", - "guid": "e1d7aaab-3571-4449-ab80-53d89f89dc7b", - "id": "AOAI.54", - "graph": "resources | where type == 'microsoft.cognitiveservices/accounts' or type == 'microsoft.search/searchservices' | project id, compliant = (tags != '{}')", - "service": "OpenAI", - "severity": "Low", - "link": "https://learn.microsoft.com/azure/azure-resource-manager/management/tag-resources?tabs=json" - }, - { - "category": "Governance and Security", - "subcategory": "Infrastructure Deployment", - "text": "Azure AI Service accounts follows organizational naming conventions", - "waf": "Operational Excellence", - "service": "OpenAI", - "guid": "77036e5e-6b4b-4ed3-b503-547c1347dc56", - "id": "AOAI.55", - "severity": "Low", - "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations" - }, - { - "category": "Governance and Security", - "subcategory": "Diagnostics Logging", - "text": "Diagnostic logs in Azure AI services resources should be enabled", - "waf": "Operational Excellence", - "service": "OpenAI", - "guid": "028a71ff-e1ce-415d-b3f0-d5e772d41e36", - "id": "AOAI.56", - "severity": "High", - "link": "https://learn.microsoft.com/azure/ai-services/diagnostic-logging" - }, - { - "category": "Identity and Access Management", - "subcategory": "Entra ID based access", - "text": "Key access (local authentication) is recommended to be disabled for security. After disabling key based access, Microsoft Entra ID becomes the only access method, which allows maintaining minimum privilege principle and granular control. ", - "waf": "Security", - "service": "OpenAI", - "guid": "11cc57b4-a4b1-4410-b439-58a8c2289b3d", - "id": "AOAI.57", - "graph": "resources | where type =~ 'Microsoft.CognitiveServices/accounts' or type == 'microsoft.search/searchservices' | project id, compliant = (properties.disableLocalAuth == true)", - "severity": "High", - "link": "https://learn.microsoft.com/azure/ai-services/authentication" - }, - { - "category": "Governance and Security", - "subcategory": "Secure Key Management", - "text": "Store and manage keys securely using Azure Key Vault. Avoid hard-coding or embedding sensitive keys within your LLM application's code and retrieve them securely from Azure Key Vault using managed identities", - "waf": "Security", - "service": "OpenAI", - "guid": "6b57cfc6-5546-41e1-a3e3-453a3c863964", - "id": "AOAI.58", - "severity": "High", - "link": "https://learn.microsoft.com/azure/key-vault/general/best-practices" - }, - { - "category": "Governance and Security", - "subcategory": "Key Rotation and Expiration", - "text": "Regularly rotate and expire keys stored in Azure Key Vault to minimize the risk of unauthorized access.", - "waf": "Security", - "service": "OpenAI", - "guid": "8b652d6c-15f5-4129-9539-8e6ded227dd1", - "id": "AOAI.59", - "severity": "High", - "link": "https://learn.microsoft.com/azure/key-vault/general/best-practices" - }, - { - "category": "Cost Optimization", - "subcategory": "Token Optimization", - "text": "Use tiktoken to understand token sizes for token optimizations in conversational mode", - "waf": "Cost Optimization", - "service": "OpenAI", - "guid": "adfe27be-e297-401a-a352-baaab79b088d", - "id": "AOAI.6", - "severity": "High", - "link": "https://github.com/openai/tiktoken" - }, - { - "category": "Governance and Security", - "subcategory": "Secure coding practice", - "text": "Follow secure coding practices to prevent common vulnerabilities such as injection attacks, cross-site scripting (XSS), or security misconfigurations", - "waf": "Security", - "service": "OpenAI", - "guid": "42b06c21-d799-49a6-96f4-389a7f42c78e", - "id": "AOAI.60", - "severity": "High", - "link": "https://learn.microsoft.com/azure/security/develop/secure-dev-overview" - }, - { - "category": "Governance and Security", - "subcategory": "Patching and updates", - "text": "Setup a process to regularly update and patch the LLM libraries and other system components", - "waf": "Security", - "service": "OpenAI", - "guid": "78c06a73-a22a-4495-9e6a-8dc4a20e27c3", - "id": "AOAI.61", - "severity": "High", - "link": "https://learn.microsoft.com/azure/devops/repos/security/github-advanced-security-dependency-scanning?view=azure-devops" - }, - { - "category": "Responsible AI", - "subcategory": "Governance", - "text": "Adhere to Azure OpenAI or other LLMs terms of use, policies and guidance and allowed use cases", - "waf": "Operational Excellence", - "service": "OpenAI", - "guid": "e29711b1-352b-4eee-879b-588defc4972c", - "id": "AOAI.62", - "severity": "High", - "link": "https://learn.microsoft.com/legal/cognitive-services/openai/code-of-conduct" - }, - { - "category": "Cost Optimization", - "subcategory": "Cost familiarization", - "text": "Understand difference in cost of base models and fine tuned models and token step sizes", - "waf": "Cost Optimization", - "service": "OpenAI", - "guid": "d3cd21bf-7703-46e5-b6b4-bed3d503547c", - "id": "AOAI.63", - "severity": "Medium", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/manage-costs#base-series-and-codex-series-fine-tuned-models" - }, - { - "category": "Cost Optimization", - "subcategory": "Batch processing", - "text": "Batch requests, where possible, to minimize the per-call overhead which can reduce overall costs. Ensure you optimize batch size", - "waf": "Cost Optimization", - "service": "OpenAI", - "guid": "1347dc56-028a-471f-be1c-e15dd3f0d5e7", - "id": "AOAI.64", - "severity": "High", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/latency#batching" - }, - { - "category": "Cost Optimization", - "subcategory": "Cost monitoring", - "text": "Set up a cost tracking system that monitors model usage and use that information to help inform model choices and prompt sizes", - "waf": "Cost Optimization", - "service": "OpenAI", - "guid": "72d41e36-11cc-457b-9a4b-1410d43958a8", - "id": "AOAI.65", - "severity": "Medium", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/manage-costs" - }, - { - "category": "Cost Optimization", - "subcategory": "Token limit", - "text": "Set a maximum limit on the number of tokens per model response (max_tokens and the number of completions to generate). Optimize the size to ensure it is large enough for a valid response", - "waf": "Cost Optimization", - "service": "OpenAI", - "guid": "166cd072-af9b-4141-a898-a535e737897e", - "id": "AOAI.66", - "severity": "Medium", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/quota?tabs=rest#understanding-rate-limits" - }, - { - "category": "Operations Management", - "subcategory": "AI Search Vector Limits", - "text": "Plan and manage AI Search Vector storage", - "waf": "Operational Excellence", - "service": "OpenAI", - "guid": "3266b225-86f4-4a16-92bd-ddea8a487cde", - "id": "AOAI.68", - "severity": "Medium", - "link": "https://learn.microsoft.com/azure/search/vector-search-index-size?tabs=portal-vector-quota" - }, - { - "category": "Operations Management", - "subcategory": "DevOps", - "text": "Ensure deployment of Azure OpenAI instances across your various environments, such as development, test, and production supporting lrarning & experimentation. Apply LLMOps practices to automate the lifecycle management of your GenAI applications", - "waf": "Operational Excellence", - "service": "OpenAI", - "guid": "b4861bc3-bc14-4aeb-9e66-e8d9a3aec218", - "id": "AOAI.69", - "severity": "Medium", - "link": "https://learn.microsoft.com/azure/machine-learning/prompt-flow/how-to-end-to-end-llmops-with-prompt-flow?view=azureml-api-2" - }, - { - "category": "Cost Optimization", - "subcategory": "Costing Model", - "text": "Evaluate usage of billing models - PAYG vs PTU. Start with PAYG and consider PTU when the usage is predictable in production since it offers dedicated memory and compute, reserved capacity, and consistent maximum latency for the specified model version", - "waf": "Cost Optimization", - "service": "OpenAI", - "guid": "aa80932c-8ec9-4d1b-a770-26e5e6beba9e", - "id": "AOAI.7", - "severity": "High", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/provisioned-throughput-onboarding#understanding-the-provisioned-throughput-purchase-model" - }, - { - "category": "Operations Management", - "subcategory": "DevOps", - "text": "Evaluate the quality of prompts and applications when switching between model versions", - "waf": "Operational Excellence", - "service": "OpenAI", - "guid": "e6436b07-36db-455f-9796-03334bdf9cc2", - "id": "AOAI.70", - "severity": "Medium", - "link": "https://techcommunity.microsoft.com/t5/ai-azure-ai-services-blog/how-to-control-azure-openai-models/ba-p/4146793" - }, - { - "category": "Operations Management", - "subcategory": "Development", - "text": "Evaluate, monitor and refine your GenAI apps for features like groundedness, relevance, accuracy, coherence and fluency", - "waf": "Operational Excellence", - "service": "OpenAI", - "guid": "3418db61-2712-4650-9bb4-7a393a080327", - "id": "AOAI.71", - "severity": "Medium", - "link": "https://learn.microsoft.com/azure/machine-learning/prompt-flow/concept-model-monitoring-generative-ai-evaluation-metrics?view=azureml-api-2" - }, - { - "category": "Operations Management", - "subcategory": "Development", - "text": "Evaluate your Azure AI Search results based on different search parameters", - "waf": "Operational Excellence", - "service": "OpenAI", - "guid": "294798b1-578b-4219-a46c-eb5443513592", - "id": "AOAI.72", - "severity": "Medium" - }, - { - "category": "Operations Management", - "subcategory": "Development", - "text": "Look at fine tuning models as way of increasing accuracy only when you have tried other basic approaches like prompt engineering and RAG with your data", - "waf": "Operational Excellence", - "service": "OpenAI", - "guid": "2744293b-b628-4537-a551-19b08e8f5854", - "id": "AOAI.73", - "severity": "Medium", - "link": "https://learn.microsoft.com/azure/ai-services/openai/concepts/fine-tuning-considerations" - }, - { - "category": "Operations Management", - "subcategory": "Development", - "text": "Use prompt engineering techniques to improve the accuracy of LLM responses", - "waf": "Operational Excellence", - "service": "OpenAI", - "guid": "287d9cec-166c-4d07-8af9-b141a898a535", - "id": "AOAI.74", - "severity": "Medium", - "link": "https://learn.microsoft.com/azure/ai-services/openai/concepts/advanced-prompt-engineering?pivots=programming-language-chat-completions" - }, - { - "category": "Governance and Security", - "subcategory": "Security Audits and Penetration Testing", - "text": "Red team your GenAI applications", - "waf": "Security", - "service": "OpenAI", - "guid": "e737897e-71ca-47da-acfa-962a1594946d", - "id": "AOAI.75", - "severity": "Medium", - "link": "https://learn.microsoft.com/azure/ai-services/openai/concepts/red-teaming" - }, - { - "category": "Operations Management", - "subcategory": "End user feedback", - "text": "Provide end users with scoring options for LLM responses and track these scores. ", - "waf": "Operational Excellence", - "service": "OpenAI", - "guid": "edb117e6-76aa-4f66-aca4-8e5a95f2223e", - "id": "AOAI.76", - "severity": "Medium", - "link": "https://www.microsoft.com/haxtoolkit/guideline/encourage-granular-feedback/" - }, - { - "category": "Cost Optimization", - "subcategory": "Quota Management", - "text": "Consider Quota management practices. Use dynamic quota for certain use cases when your application can use extra capacity opportunistically or the application itself is driving the rate at which the Azure OpenAI API is called", - "waf": "Cost Optimization", - "service": "OpenAI", - "guid": "d5f3547c-c346-4d81-9028-a71ffe1b9b5d", - "id": "AOAI.8", - "severity": "High", - "link": "https://techcommunity.microsoft.com/t5/fasttrack-for-azure/optimizing-azure-openai-a-guide-to-limits-quotas-and-best/ba-p/4076268" - }, - { - "category": "Operations Management", - "subcategory": "Load Balancing", - "text": "Use Load balancer solutions like APIM based gateway for balancing load and capacity across services and regions", - "waf": "Operational Excellence", - "service": "OpenAI", - "guid": "9de0d5d7-31d4-41e3-911c-817bfafbc410", - "id": "AOAI.9", - "severity": "Medium", - "link": "https://github.com/Azure/aoai-apim/blob/main/README.md" - }, - { - "category": "Operations Management", - "subcategory": "Fine tuning", - "text": "Follow the guidance for fine-tuning with large data files and import the data from an Azure blob store. Large files, 100 MB or larger, can become unstable when uploaded through multipart forms because the requests are atomic and can't be retried or resumed", - "waf": "Reliability", - "service": "OpenAI", - "guid": "9de0d5d7-31d4-41e3-911c-817bfafbc411", - "id": "AOAI.77", - "severity": "Medium", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/fine-tuning?tabs=turbo%2Cpython-new&pivots=programming-language-studio#import-training-data-from-azure-blob-store" - }, - { - "category": "Operations Management", - "subcategory": "Monitoring", - "text": "Manage rate limits for your model deployments and monitor usage of tokens per minute (TPM) and requests per minute (RPM) for pay-as-you-go deployments", - "waf": "Reliability", - "service": "OpenAI", - "guid": "9de0d5d7-31d4-41e3-911c-817bfafbc412", - "id": "AOAI.78", - "severity": "Medium", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/quota?tabs=rest" - }, - { - "category": "Operations Management", - "subcategory": "Monitoring", - "text": "Monitor provision-managed utilization if you're using the provisioned throughput payment model", - "waf": "Reliability", - "service": "OpenAI", - "guid": "9de0d5d7-31d4-41e3-911c-817bfafbc413", - "id": "AOAI.79", - "severity": "Medium", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/monitor-openai" - }, - { - "category": "Responsible AI", - "subcategory": "Content Safety", - "text": "Tune content filters to minimize false positives from overly aggressive filters", - "waf": "Reliability", - "service": "OpenAI", - "guid": "9de0d5d7-31d4-41e3-911c-817bfafbc414", - "id": "AOAI.80", - "severity": "Medium", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/content-filters" - }, - { - "category": "Governance and Security", - "subcategory": "Key Management", - "text": "Use customer-managed keys for fine-tuned models and training data that's uploaded to Azure OpenAI", - "waf": "Security", - "service": "OpenAI", - "guid": "9de0d5d7-31d4-41e3-911c-817bfafbc415", - "id": "AOAI.81", - "severity": "Medium", - "link": "https://learn.microsoft.com/azure/ai-services/openai/encrypt-data-at-rest" - }, - { - "category": "Governance and Security", - "subcategory": "Jailbreak protection", - "text": "Implement jailbreak risk detection to safeguard your language model deployments against prompt injection attacks", - "waf": "Security", - "service": "OpenAI", - "guid": "9de0d5d7-31d4-41e3-911c-817bfafbc416", - "id": "AOAI.82", - "graph": "resources | where type == 'microsoft.cognitiveservices/accounts' and kind =~ 'contentsafety' | project id, compliant = 1", - "severity": "Medium", - "link": "https://learn.microsoft.com/azure/ai-services/content-safety/concepts/jailbreak-detection" - }, - { - "category": "Governance and Security", - "subcategory": "Quota exhaustion", - "text": "Use security controls like throttling, service isolation and gateway pattern to prevent attacks that might exhaust model usage quotas", - "waf": "Security", - "service": "OpenAI", - "guid": "9de0d5d7-31d4-41e3-911c-817bfafbc417", - "id": "AOAI.83", - "severity": "Medium", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/monitor-openai" - }, - { - "category": "Cost Optimization", - "subcategory": "Cost estimation", - "text": "Develop your cost model, considering prompt sizes. Understanding prompt input and response sizes and how text translates into tokens helps you create a viable cost model", - "waf": "Cost Optimization", - "service": "OpenAI", - "guid": "72d41e36-11cc-457b-9a4b-1410d43958a9", - "id": "AOAI.84", - "severity": "Medium", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/manage-costs" - }, - { - "category": "Cost Optimization", - "subcategory": "Model selection", - "text": "Consider model pricing and capabilities when you choose models. Start with less-costly models for less-complex tasks like text generation or completion tasks and for complex tasks like language translation or content understanding, consider using more advanced models. Optimize costs while still achieving the desired application performance", - "waf": "Cost Optimization", - "service": "OpenAI", - "guid": "72d41e36-11cc-457b-9a4b-1410d43958a1", - "id": "AOAI.85", - "severity": "Medium", - "link": "https://azure.microsoft.com/pricing/details/cognitive-services/openai-service/" - }, - { - "category": "Cost Optimization", - "subcategory": "Usage Optimization", - "text": "Maximize Azure OpenAI price breakpoints like fine-tuning and model breakpoints like image generation to your advantage. Fine-tuning is charged per hour, use as much time as you have available per hour to improve results without slipping into the next billing period. The cost for generating 100 images is the same as the cost for 1 image", - "waf": "Cost Optimization", - "service": "OpenAI", - "guid": "72d41e36-11cc-457b-9a4b-1410d43958a2", - "id": "AOAI.86", - "severity": "Medium", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/manage-costs" - }, - { - "category": "Cost Optimization", - "subcategory": "Usage Optimization", - "text": "Remove unused fine-tuned models when they're no longer being consumed to avoid incurring an ongoing hosting fee", - "waf": "Cost Optimization", - "service": "OpenAI", - "guid": "72d41e36-11cc-457b-9a4b-1410d43958a3", - "id": "AOAI.87", - "severity": "Medium", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/manage-costs" - }, - { - "category": "Cost Optimization", - "subcategory": "Token Optimization", - "text": "Create concise prompts that provide enough context for the model to generate a useful response. Also ensure that you optimize the limit of the response length.", - "waf": "Cost Optimization", - "service": "OpenAI", - "guid": "7f42c78e-78cb-46a2-8ad1-90916e6a8d8g", - "id": "AOAI.88", - "severity": "Medium", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/manage-costs" - }, - { - "category": "Operations Management", - "subcategory": "IaC", - "text": "Use infrastructure as code (IaC) to deploy Azure OpenAI, model deployments, and other infrastructure required for fine-tuning models", - "waf": "Operational Excellence", - "service": "OpenAI", - "guid": "b4861bc3-bc14-4aeb-9e66-e8d9a3aec219", - "id": "AOAI.89", - "severity": "Medium", - "link": "https://learn.microsoft.com/azure/ai-services/create-account-bicep" - }, - { - "category": "Operations Management", - "subcategory": "Development", - "text": "Consider using dedicated model deployments per consumer group to provide per-model usage isolation that can help prevent noisy neighbors between your consumer groups", - "waf": "Operational Excellence", - "service": "OpenAI", - "guid": "2744293b-b628-4537-a551-19b08e8f5855", - "id": "AOAI.90", - "severity": "Medium", - "link": "https://learn.microsoft.com/azure/architecture/guide/multitenant/service/openai" - } - ], - "categories": [ - { - "name": "Identity and Access Management" - }, - { - "name": "Network Topology and Connectivity" - }, - { - "name": "BC and DR" - }, - { - "name": "Governance and Security" - }, - { - "name": "Cost Governance" - }, - { - "name": "Operations Management" - }, - { - "name": "Application Deployment" - }, - { - "name": "Responsible AI" - } - ], - "waf": [ - { - "name": "Reliability" - }, - { - "name": "Security" - }, - { - "name": "Cost" - }, - { - "name": "Operations" - }, - { - "name": "Performance" - } - ], - "yesno": [ - { - "name": "Yes" - }, - { - "name": "No" - } - ], - "status": [ - { - "name": "Not verified", - "description": "This check has not been looked at yet" - }, - { - "name": "Open", - "description": "There is an action item associated to this check" - }, - { - "name": "Fulfilled", - "description": "This check has been verified, and there are no further action items associated to it" - }, - { - "name": "Not required", - "description": "Recommendation understood, but not needed by current requirements" - }, - { - "name": "N/A", - "description": "Not applicable for current design" - } - ], - "severities": [ - { - "name": "High" - }, - { - "name": "Medium" - }, - { - "name": "Low" - } - ], - "metadata": { - "name": "Azure OpenAI Review", - "state": "Preview", - "waf": "all", - "timestamp": "July 24, 2024" - } -} diff --git a/checklists/aoai_checklist.es.json b/checklists/aoai_checklist.es.json deleted file mode 100644 index 0144987c6..000000000 --- a/checklists/aoai_checklist.es.json +++ /dev/null @@ -1,920 +0,0 @@ -{ - "categories": [ - { - "name": "Gestión de identidades y accesos" - }, - { - "name": "Topología de red y conectividad" - }, - { - "name": "BC y RD" - }, - { - "name": "Gobernanza y seguridad" - }, - { - "name": "Gobernanza de costos" - }, - { - "name": "Gestión de Operaciones" - }, - { - "name": "Implementación de aplicaciones" - }, - { - "name": "IA responsable" - } - ], - "items": [ - { - "category": "IA responsable", - "guid": "a85b86ad-884f-48e3-9273-4b875ba18f10", - "id": "AOAI.1", - "link": "https://learn.microsoft.com/azure/ai-services/openai/concepts/system-message#define-additional-safety-and-behavioral-guardrails", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Metaprompting (Metaincitación)", - "text": "Siga las barreras de seguridad de Metaprompting para una IA responsable", - "waf": "Excelencia Operacional" - }, - { - "category": "Gestión de Operaciones", - "guid": "d4391898-cd28-48be-b6b1-7cb8245451e1", - "id": "AOAI.10", - "link": "https://github.com/Azure-Samples/AI-Gateway", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Equilibrio de carga", - "text": "Considere la posibilidad de crear patrones de puerta de enlace con APIM o soluciones como AI Central para mejorar la limitación de velocidad, el equilibrio de carga, la autenticación y el registro", - "waf": "Excelencia Operacional" - }, - { - "category": "Gestión de Operaciones", - "guid": "aed3453a-ec72-4392-97a1-52d6cc5e4029", - "id": "AOAI.11", - "link": "https://techcommunity.microsoft.com/t5/fasttrack-for-azure/azure-openai-insights-monitoring-ai-with-confidence/ba-p/4026850", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Monitorización", - "text": "Habilitación de la supervisión para las instancias de AOAI", - "waf": "Excelencia Operacional" - }, - { - "category": "Gestión de Operaciones", - "guid": "697cb391-ed16-4b2d-886f-0a0241addde6", - "id": "AOAI.12", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/monitoring#set-up-alerts", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Alertas", - "text": "Cree alertas para notificar a los equipos de eventos, como una entrada en el registro de actividad creada por una acción realizada en el recurso, como la regeneración de sus claves de suscripción, o un umbral de métrica, como el número de errores que superan los 10 en una hora", - "waf": "Excelencia Operacional" - }, - { - "category": "Gestión de Operaciones", - "guid": "8a477cde-b486-41bc-9bc1-0ae66e25d4d5", - "id": "AOAI.13", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/monitoring", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Monitorización", - "text": "Supervise el uso de tokens para evitar interrupciones del servicio debido a la capacidad", - "waf": "Excelencia Operacional" - }, - { - "category": "Gestión de Operaciones", - "guid": "a3aec2c4-e243-46b0-936c-b45e17960eee", - "id": "AOAI.14", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/monitoring", - "service": "Azure OpenAI", - "severity": "Medio", - "subcategory": "Observancia", - "text": "Observe métricas como tokens de inferencia procesados, tokens de finalización generados, monitoree el límite de velocidad", - "waf": "Excelencia Operacional" - }, - { - "category": "Gestión de Operaciones", - "guid": "fbdf4cc2-eec4-4d76-8c31-d25ffbb46a39", - "id": "AOAI.15", - "link": "https://techcommunity.microsoft.com/t5/apps-on-azure-blog/build-an-enterprise-ready-azure-openai-solution-with-azure-api/ba-p/3907562", - "service": "Azure OpenAI", - "severity": "Bajo", - "subcategory": "Observancia", - "text": "Si los diagnósticos no son suficientes para usted, considere la posibilidad de usar una puerta de enlace como Azure API Managements frente a Azure OpenAI para registrar tanto los mensajes entrantes como las respuestas salientes, cuando esté permitido", - "waf": "Excelencia Operacional" - }, - { - "category": "Gestión de Operaciones", - "guid": "3af30ed3-2947-498b-8178-a2c5a46ceb54", - "id": "AOAI.16", - "link": "https://github.com/Azure-Samples/openai-enterprise-iac", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Despliegue de infraestructura", - "text": "Use la infraestructura como código para implementar el servicio Azure OpenAI, las implementaciones de modelos y todos los recursos relacionados", - "waf": "Excelencia Operacional" - }, - { - "category": "Gobernanza y seguridad", - "guid": "4350d092-d234-4292-a752-8537a551c5bf", - "id": "AOAI.17", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/managed-identity", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Autenticación", - "text": "Uso de la autenticación de Microsoft Entra con identidad administrada en lugar de clave de API", - "waf": "Seguridad" - }, - { - "category": "IA responsable", - "guid": "4e4f1854-287d-45cd-a126-cc031af5b1fc", - "id": "AOAI.18", - "link": "https://learn.microsoft.com/azure/machine-learning/prompt-flow/how-to-bulk-test-evaluate-flow?view=azureml-api-2", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Evaluación", - "text": "Evalúe el rendimiento/precisión del sistema con un conjunto de datos dorado conocido que tenga las entradas y las respuestas correctas. Aproveche las capacidades de PromptFlow para la evaluación.", - "waf": "Excelencia Operacional" - }, - { - "category": "Gestión de Operaciones", - "guid": "68889535-e327-4897-b31b-67d67be5962a", - "id": "AOAI.19", - "link": "https://learn.microsoft.com/azure/architecture/ai-ml/architecture/baseline-openai-e2e-chat#azure-openai---performance-efficiency", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Modelo de alojamiento", - "text": "Evaluación del uso del modelo de rendimiento aprovisionado ", - "waf": "Rendimiento" - }, - { - "category": "IA responsable", - "guid": "cd288bed-6b17-4cb8-8454-51e1aed3453a", - "id": "AOAI.2", - "link": "https://learn.microsoft.com/azure/ai-services/content-safety/overview", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Seguridad del contenido", - "text": "Revisión e implementación de la seguridad del contenido de Azure AI", - "waf": "Excelencia Operacional" - }, - { - "category": "Gestión de Operaciones", - "guid": "1193846d-697c-4b39-8ed1-6b2d186f0a02", - "id": "AOAI.20", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/latency#system-level-throughput", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Definición de rendimiento", - "text": "Defina y evalúe el rendimiento del sistema en función de los tokens y la respuesta por minuto y alinee con los requisitos", - "waf": "Rendimiento" - }, - { - "category": "Gestión de Operaciones", - "guid": "41addde6-8a47-47cd-bb48-61bc3bc10ae6", - "id": "AOAI.21", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/latency#improve-performance", - "service": "Azure OpenAI", - "severity": "Medio", - "subcategory": "Mejora de la latencia", - "text": "Mejore la latencia del sistema limitando el tamaño de los tokens, las opciones de transmisión", - "waf": "Rendimiento" - }, - { - "category": "Gestión de Operaciones", - "guid": "6e25d4d5-a3ae-4c2c-9e24-36b0336cb45e", - "id": "AOAI.22", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/latency#batching", - "service": "Azure OpenAI", - "severity": "Medio", - "subcategory": "Segregación por elasticidad", - "text": "Calcule las demandas de elasticidad para determinar la segregación de solicitudes sincrónicas y por lotes en función de la prioridad. Para la prioridad alta, utilice el enfoque sincrónico y para la prioridad baja, se prefiere el procesamiento por lotes asincrónico con cola", - "waf": "Rendimiento" - }, - { - "category": "Gestión de Operaciones", - "guid": "5bda4332-4f24-4811-9331-82ba51752694", - "id": "AOAI.23", - "link": "https://github.com/Azure/azure-openai-benchmark/", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Evaluación comparativa", - "text": "Compare los requisitos de consumo de tokens en función de las demandas estimadas de los consumidores. Considere la posibilidad de usar la herramienta de pruebas comparativas de Azure OpenAI para ayudarle a validar el rendimiento si usa implementaciones de unidades de rendimiento aprovisionadas", - "waf": "Rendimiento" - }, - { - "category": "Gestión de Operaciones", - "guid": "4008ae7d-7e47-4432-96d8-bdcf55bce619", - "id": "AOAI.24", - "link": "https://techcommunity.microsoft.com/t5/fasttrack-for-azure/optimizing-azure-openai-a-guide-to-limits-quotas-and-best/ba-p/4076268", - "service": "Azure OpenAI", - "severity": "Medio", - "subcategory": "Elasticidad ", - "text": "Si usa unidades de rendimiento aprovisionadas (PTU), considere la posibilidad de implementar una implementación de token por minuto (TPM) para las solicitudes de desbordamiento. Use una puerta de enlace para enrutar las solicitudes a la implementación de TPM cuando se alcancen los límites de PTU.", - "waf": "Rendimiento" - }, - { - "category": "Gestión de Operaciones", - "guid": "e8a13f98-8794-424d-9267-86d60b96c97b", - "id": "AOAI.25", - "link": "https://learn.microsoft.com/azure/ai-services/openai/concepts/models", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Elección del modelo", - "text": "Elija el modelo adecuado para la tarea correcta. Elija modelos con el equilibrio adecuado entre velocidad, calidad de respuesta y complejidad de salida", - "waf": "Rendimiento" - }, - { - "category": "Gestión de Operaciones", - "guid": "e9951904-8384-45c9-a6cb-2912156a1147", - "id": "AOAI.26", - "link": "https://github.com/Azure/azure-openai-benchmark/", - "service": "Azure OpenAI", - "severity": "Medio", - "subcategory": "Puesta a punto", - "text": "Tener una línea de base para el rendimiento sin ajuste fino para saber si el ajuste fino ha mejorado o no el rendimiento del modelo", - "waf": "Rendimiento" - }, - { - "category": "BC y RD", - "guid": "5e39f541-accc-4d97-a376-bcdb3750ab2a", - "id": "AOAI.27", - "link": "https://learn.microsoft.com/azure/architecture/ai-ml/architecture/baseline-openai-e2e-chat#azure-openai---reliability", - "service": "Azure OpenAI", - "severity": "Bajo", - "subcategory": "Arquitectura multirregional", - "text": "Implementación de varias instancias de OAI en todas las regiones", - "waf": "Fiabilidad" - }, - { - "category": "BC y RD", - "guid": "b039da6d-55d7-4c89-8adb-107d5325af62", - "id": "AOAI.28", - "link": "https://learn.microsoft.com/azure/architecture/ai-ml/architecture/baseline-openai-e2e-chat#azure-openai---reliability", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Equilibrio de carga", - "text": "Implemente reintentos y comprobaciones de estado con el patrón de puerta de enlace como APIM", - "waf": "Fiabilidad" - }, - { - "category": "BC y RD", - "guid": "5ca44e46-85e2-4223-ace8-bb12308ca5f1", - "id": "AOAI.29", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/quota?tabs=rest#introduction-to-quota", - "service": "Azure OpenAI", - "severity": "Medio", - "subcategory": "Cuotas", - "text": "Asegúrese de tener cuotas adecuadas de TPM y RPM para la carga de trabajo", - "waf": "Fiabilidad" - }, - { - "category": "IA responsable", - "guid": "ec723923-7a15-42d6-ac5e-402925387e5c", - "id": "AOAI.3", - "link": "https://www.microsoft.com/research/project/guidelines-for-human-ai-interaction/", - "service": "Azure OpenAI", - "severity": "Medio", - "subcategory": "Mejores prácticas de UX", - "text": "Revise las consideraciones de la guía del kit de herramientas de HAI y aplique esas prácticas de interacción para el slution", - "waf": "Excelencia Operacional" - }, - { - "category": "BC y RD", - "guid": "7f154e3a-a369-4282-ae7e-316183687a04", - "id": "AOAI.30", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/business-continuity-disaster-recovery", - "service": "Azure OpenAI", - "severity": "Medio", - "subcategory": "Equilibrio de carga", - "text": "Implemente modelos de ajuste de precisión independientes en todas las regiones si se emplea el ajuste de precisión", - "waf": "Fiabilidad" - }, - { - "category": "BC y RD", - "guid": "77a1f893-5bda-4433-84f2-4811633182ba", - "id": "AOAI.31", - "link": "https://learn.microsoft.com/azure/backup/backup-overview", - "service": "Azure OpenAI", - "severity": "Medio", - "subcategory": "Copia de seguridad de datos y recuperación ante desastres", - "text": "Realice copias de seguridad y replique regularmente los datos críticos para garantizar la disponibilidad y la capacidad de recuperación de los datos en caso de pérdida de datos o fallos del sistema. Aproveche los servicios de copia de seguridad y recuperación ante desastres de Azure para proteger sus datos.", - "waf": "Fiabilidad" - }, - { - "category": "BC y RD", - "guid": "95b96ad8-844c-4e3b-8b38-b876ba2cf204", - "id": "AOAI.32", - "link": "https://www.microsoft.com/licensing/docs/view/Service-Level-Agreements-SLA-for-Online-Services?lang=1", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Consideraciones sobre el SLA", - "text": "Los niveles de servicio de búsqueda de Azure AI deben elegirse para tener un Acuerdo de Nivel de Servicio ", - "waf": "Fiabilidad" - }, - { - "category": "Gobernanza y seguridad", - "guid": "99013a5d-3ce4-474d-acbd-8682a6abca2a", - "id": "AOAI.33", - "link": "https://learn.microsoft.com/purview/purview", - "service": "Azure OpenAI", - "severity": "Bajo", - "subcategory": "Confidencialidad de los datos", - "text": "Clasifique los datos y la confidencialidad, etiquetando con Microsoft Purview antes de generar las incrustaciones y asegúrese de tratar las incrustaciones generadas con la misma confidencialidad y clasificación", - "waf": "Seguridad" - }, - { - "category": "Gobernanza y seguridad", - "guid": "4fda1dbf-3dd9-45d4-ac7c-891dca1f6d56", - "id": "AOAI.34", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/use-your-data-securely", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Cifrado en reposo", - "text": "Cifre los datos utilizados para RAG con cifrado SSE/Disk con BYOK opcional", - "waf": "Seguridad" - }, - { - "category": "Gobernanza y seguridad", - "guid": "59ae558b-937d-4498-9e11-12dbd7ba012f", - "id": "AOAI.35", - "link": "https://learn.microsoft.com/azure/search/search-security-overview", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Encriptación de tránsito", - "text": "Asegúrese de que TLS se aplica a los datos en tránsito a través de fuentes de datos, la búsqueda de IA utilizada para la generación aumentada de recuperación (RAG) y la comunicación de LLM", - "waf": "Seguridad" - }, - { - "category": "Gobernanza y seguridad", - "guid": "7b94ef6e-047d-42ea-8992-b1cd6e2054b2", - "id": "AOAI.36", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/role-based-access-control", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Control de acceso", - "text": "Use RBAC para administrar el acceso a los servicios de Azure OpenAI. Asigne los permisos adecuados a los usuarios y restrinja el acceso en función de sus funciones y responsabilidades", - "waf": "Seguridad" - }, - { - "category": "Gobernanza y seguridad", - "guid": "9769e4a6-91e8-4838-ac93-6667e13c0056", - "id": "AOAI.37", - "link": "https://learn.microsoft.com/azure/security/fundamentals/data-encryption-best-practices", - "service": "Azure OpenAI", - "severity": "Medio", - "subcategory": "Enmascaramiento y redacción de datos", - "text": "Implemente técnicas de cifrado, enmascaramiento o redacción de datos para ocultar datos confidenciales o reemplazarlos con valores ofuscados en entornos que no sean de producción o al compartir datos con fines de prueba o solución de problemas", - "waf": "Seguridad" - }, - { - "category": "Gobernanza y seguridad", - "guid": "74b1e945-b459-4837-be7a-d6c6d3b375a5", - "id": "AOAI.38", - "link": "https://learn.microsoft.com/azure/defender-for-cloud/defender-for-cloud-introduction", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Detección y monitoreo de amenazas", - "text": "Use Azure Defender para detectar y responder a las amenazas de seguridad y configurar mecanismos de supervisión y alerta para identificar actividades sospechosas o infracciones. Aproveche Azure Sentinel para la detección y respuesta a amenazas avanzadas", - "waf": "Seguridad" - }, - { - "category": "Gobernanza y seguridad", - "guid": "c7acbe48-abe5-44cd-99f2-e87768468c55", - "id": "AOAI.39", - "link": "https://techcommunity.microsoft.com/t5/azure-storage-blog/managing-long-term-log-retention-or-any-business-data/ba-p/2494791", - "service": "Azure OpenAI", - "severity": "Medio", - "subcategory": "Retención y eliminación de datos", - "text": "Establezca políticas de retención y eliminación de datos para cumplir con las regulaciones de cumplimiento. Implemente métodos de eliminación seguros para los datos que ya no son necesarios y mantenga un registro de auditoría de las actividades de retención y eliminación de datos", - "waf": "Seguridad" - }, - { - "category": "IA responsable", - "guid": "a9c27d9c-42bb-46bd-8c69-99a246f3389a", - "id": "AOAI.4", - "link": "https://learn.microsoft.com/azure/ai-services/content-safety/concepts/jailbreak-detection", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Seguridad en la fuga de la cárcel", - "text": "Implemente los escudos de aviso y la detección de conexión a tierra mediante Content Safety ", - "waf": "Excelencia Operacional" - }, - { - "category": "Gobernanza y seguridad", - "guid": "a775c6ee-95b9-46ad-a844-ce3b2b38b876", - "id": "AOAI.40", - "link": "https://learn.microsoft.com/azure/compliance/", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Privacidad de datos y cumplimiento", - "text": "Garantice el cumplimiento de las normativas de protección de datos pertinentes, como el RGPD o la HIPAA, mediante la implementación de controles de privacidad y la obtención de los consentimientos o permisos necesarios para las actividades de tratamiento de datos.", - "waf": "Seguridad" - }, - { - "category": "Gobernanza y seguridad", - "guid": "ba2cf204-9901-43a5-b3ce-474dccbd8682", - "id": "AOAI.41", - "service": "Azure OpenAI", - "severity": "Medio", - "subcategory": "Concienciación y formación de los empleados", - "text": "Eduque a sus empleados sobre las mejores prácticas de seguridad de datos, la importancia de manejar los datos de forma segura y los riesgos potenciales asociados con las violaciones de datos. Anímelos a seguir diligentemente los protocolos de seguridad de datos.", - "waf": "Seguridad" - }, - { - "category": "Gobernanza y seguridad", - "guid": "eae01e6e-842e-452f-9721-d928c1b1cd52", - "id": "AOAI.42", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Segregación del medio ambiente", - "text": "Mantenga los datos de producción separados de los datos de desarrollo y pruebas. Utilice únicamente datos confidenciales reales en producción y utilice datos anónimos o sintéticos en entornos de desarrollo y prueba.", - "waf": "Seguridad" - }, - { - "category": "Gobernanza y seguridad", - "guid": "1e54a29a-9de3-499c-bd7b-28dc93555620", - "id": "AOAI.43", - "service": "Azure OpenAI", - "severity": "Medio", - "subcategory": "Segregación de índices", - "text": "Si tiene distintos niveles de confidencialidad de datos, considere la posibilidad de crear índices independientes para cada nivel. Por ejemplo, podría tener un índice para los datos generales y otro para los datos confidenciales, cada uno gobernado por diferentes protocolos de acceso", - "waf": "Seguridad" - }, - { - "category": "Gobernanza y seguridad", - "guid": "2bfe4564-b0d8-434a-948b-263e6dd60512", - "id": "AOAI.44", - "service": "Azure OpenAI", - "severity": "Medio", - "subcategory": "Datos confidenciales en instancias separadas", - "text": "Lleve la segregación un paso más allá colocando conjuntos de datos confidenciales en diferentes instancias del servicio. Cada instancia se puede controlar con su propio conjunto específico de políticas RBAC", - "waf": "Seguridad" - }, - { - "category": "Gobernanza y seguridad", - "guid": "a36498f6-dbad-438e-ad53-cc7ce1d7aaab", - "id": "AOAI.45", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Incrustación y manejo de vectores", - "text": "Reconozca que las incrustaciones y los vectores generados a partir de información confidencial son en sí mismos confidenciales. Estos datos deben recibir las mismas medidas de protección que el material de origen", - "waf": "Seguridad" - }, - { - "category": "Gobernanza y seguridad", - "guid": "3571449a-b805-43d8-af89-dc7b33be2a1a", - "id": "AOAI.46", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/role-based-access-control", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Control de acceso", - "text": "Aplique RBAC a los almacenes de datos que tienen incrustaciones y vectores y alcance el acceso en función de los requisitos de acceso del rol", - "waf": "Seguridad" - }, - { - "category": "Gobernanza y seguridad", - "guid": "27f7b9e9-1be1-4f38-aef3-9812bd463cbb", - "id": "AOAI.47", - "link": "https://techcommunity.microsoft.com/t5/azure-architecture-blog/azure-openai-private-endpoints-connecting-across-vnet-s/ba-p/3913325", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Seguridad de la red", - "text": "Configure un punto de conexión privado para que los servicios de IA restrinjan el acceso al servicio dentro de su red", - "waf": "Seguridad" - }, - { - "category": "Gobernanza y seguridad", - "guid": "ac8ac199-ebb9-41a3-9d90-cae2cc881370", - "id": "AOAI.48", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Seguridad de la red", - "text": "Aplique un estricto control del tráfico entrante y saliente con Azure Firewall y UDR, y limite los puntos de integración externos", - "waf": "Seguridad" - }, - { - "category": "Gobernanza y seguridad", - "guid": "6f7c0cba-fe51-4464-add4-57e927138b82", - "id": "AOAI.49", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Controlar el acceso a la red", - "text": "Implemente la segmentación de la red y los controles de acceso para restringir el acceso a la aplicación LLM solo a los usuarios y sistemas autorizados y evitar el movimiento lateral", - "waf": "Seguridad" - }, - { - "category": "Optimización de costes", - "guid": "7f42c78e-78cb-46a2-8ad1-90916e6a8d8f", - "id": "AOAI.5", - "link": "https://www.microsoft.com/research/blog/llmlingua-innovating-llm-efficiency-with-prompt-compression/", - "service": "Azure OpenAI", - "severity": "Medio", - "subcategory": "Optimización de tokens", - "text": "Utilice herramientas de compresión rápida como LLMLingua o gprtrim", - "waf": "Optimización de costes" - }, - { - "category": "Gobernanza y seguridad", - "guid": "1102cac6-eae0-41e6-b842-e52f4721d928", - "id": "AOAI.50", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/managed-identity", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "API y endpoints seguros", - "text": "Asegúrese de que las API y los puntos finales utilizados por la aplicación LLM estén correctamente protegidos con mecanismos de autenticación y autorización, como identidades administradas, claves de API u OAuth, para evitar el acceso no autorizado.", - "waf": "Seguridad" - }, - { - "category": "Gobernanza y seguridad", - "guid": "c1b1cd52-1e54-4a29-a9de-399cfd7b28dc", - "id": "AOAI.51", - "link": "https://techcommunity.microsoft.com/t5/azure-architecture-blog/security-best-practices-for-genai-applications-openai-in-azure/ba-p/4027885", - "service": "Azure OpenAI", - "severity": "Medio", - "subcategory": "Implementación de una autenticación sólida", - "text": "Aplique mecanismos sólidos de autenticación de usuario final, como la autenticación multifactor, para evitar el acceso no autorizado a la aplicación LLM y a los recursos de red asociados", - "waf": "Seguridad" - }, - { - "category": "Gobernanza y seguridad", - "guid": "93555620-2bfe-4456-9b0d-834a348b263e", - "id": "AOAI.52", - "service": "Azure OpenAI", - "severity": "Medio", - "subcategory": "Uso de la supervisión de red", - "text": "Implemente herramientas de monitoreo de red para detectar y analizar el tráfico de red en busca de actividades sospechosas o maliciosas. Habilite el registro para capturar eventos de red y facilitar el análisis forense en caso de incidentes de seguridad", - "waf": "Seguridad" - }, - { - "category": "Gobernanza y seguridad", - "guid": "6dd60512-a364-498f-9dba-d38ead53cc7c", - "id": "AOAI.53", - "service": "Azure OpenAI", - "severity": "Medio", - "subcategory": "Auditorías de seguridad y pruebas de penetración", - "text": "Realizar auditorías de seguridad y pruebas de penetración para identificar y abordar cualquier debilidad o vulnerabilidad de seguridad de red en la infraestructura de red de la aplicación LLM", - "waf": "Seguridad" - }, - { - "category": "Gobernanza y seguridad", - "guid": "e1d7aaab-3571-4449-ab80-53d89f89dc7b", - "id": "AOAI.54", - "link": "https://learn.microsoft.com/azure/azure-resource-manager/management/tag-resources?tabs=json", - "service": "Azure OpenAI", - "severity": "Bajo", - "subcategory": "Despliegue de infraestructura", - "text": "Los servicios de Azure AI están etiquetados correctamente para una mejor administración", - "waf": "Excelencia Operacional" - }, - { - "category": "Gobernanza y seguridad", - "guid": "77036e5e-6b4b-4ed3-b503-547c1347dc56", - "id": "AOAI.55", - "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations", - "service": "Azure OpenAI", - "severity": "Bajo", - "subcategory": "Despliegue de infraestructura", - "text": "Las cuentas de Azure AI Service siguen las convenciones de nomenclatura de la organización", - "waf": "Excelencia Operacional" - }, - { - "category": "Gobernanza y seguridad", - "guid": "028a71ff-e1ce-415d-b3f0-d5e772d41e36", - "id": "AOAI.56", - "link": "https://learn.microsoft.com/azure/ai-services/diagnostic-logging", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Registro de diagnósticos", - "text": "Los registros de diagnóstico en los recursos de servicios de Azure AI deben estar habilitados", - "waf": "Excelencia Operacional" - }, - { - "category": "Gestión de identidades y accesos", - "guid": "11cc57b4-a4b1-4410-b439-58a8c2289b3d", - "id": "AOAI.57", - "link": "https://learn.microsoft.com/azure/ai-services/authentication", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Acceso basado en ID de Entra", - "text": "Se recomienda deshabilitar el acceso a claves (autenticación local) por seguridad. Después de deshabilitar el acceso basado en claves, el identificador de Microsoft Entra se convierte en el único método de acceso, lo que permite mantener el principio de privilegio mínimo y el control granular. ", - "waf": "Seguridad" - }, - { - "category": "Gobernanza y seguridad", - "guid": "6b57cfc6-5546-41e1-a3e3-453a3c863964", - "id": "AOAI.58", - "link": "https://learn.microsoft.com/azure/key-vault/general/best-practices", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Gestión segura de claves", - "text": "Almacene y administre claves de forma segura con Azure Key Vault. Evite codificar de forma rígida o incrustar claves confidenciales en el código de la aplicación de LLM y recupérelas de forma segura de Azure Key Vault mediante identidades administradas", - "waf": "Seguridad" - }, - { - "category": "Gobernanza y seguridad", - "guid": "8b652d6c-15f5-4129-9539-8e6ded227dd1", - "id": "AOAI.59", - "link": "https://learn.microsoft.com/azure/key-vault/general/best-practices", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Rotación y caducidad de claves", - "text": "Rotar y expirar periódicamente las claves almacenadas en Azure Key Vault para minimizar el riesgo de acceso no autorizado.", - "waf": "Seguridad" - }, - { - "category": "Optimización de costes", - "guid": "adfe27be-e297-401a-a352-baaab79b088d", - "id": "AOAI.6", - "link": "https://github.com/openai/tiktoken", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Optimización de tokens", - "text": "Use tiktoken para comprender los tamaños de los tokens para las optimizaciones de tokens en el modo conversacional", - "waf": "Optimización de costes" - }, - { - "category": "Gobernanza y seguridad", - "guid": "42b06c21-d799-49a6-96f4-389a7f42c78e", - "id": "AOAI.60", - "link": "https://learn.microsoft.com/azure/security/develop/secure-dev-overview", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Práctica de codificación segura", - "text": "Siga prácticas de codificación seguras para evitar vulnerabilidades comunes, como ataques de inyección, secuencias de comandos entre sitios (XSS) o errores de configuración de seguridad.", - "waf": "Seguridad" - }, - { - "category": "Gobernanza y seguridad", - "guid": "78c06a73-a22a-4495-9e6a-8dc4a20e27c3", - "id": "AOAI.61", - "link": "https://learn.microsoft.com/azure/devops/repos/security/github-advanced-security-dependency-scanning?view=azure-devops", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Aplicación de parches y actualizaciones", - "text": "Configurar un proceso para actualizar y parchear regularmente las bibliotecas de LLM y otros componentes del sistema", - "waf": "Seguridad" - }, - { - "category": "IA responsable", - "guid": "e29711b1-352b-4eee-879b-588defc4972c", - "id": "AOAI.62", - "link": "https://learn.microsoft.com/legal/cognitive-services/openai/code-of-conduct", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Gobernanza", - "text": "Cumplir con los términos de uso, las directivas y las directrices de Azure OpenAI u otros LLM, así como con los casos de uso permitidos.", - "waf": "Excelencia Operacional" - }, - { - "category": "Optimización de costes", - "guid": "d3cd21bf-7703-46e5-b6b4-bed3d503547c", - "id": "AOAI.63", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/manage-costs#base-series-and-codex-series-fine-tuned-models", - "service": "Azure OpenAI", - "severity": "Medio", - "subcategory": "Familiarización con los costos", - "text": "Comprenda la diferencia en el costo de los modelos base y los modelos ajustados y los tamaños de paso de token", - "waf": "Optimización de costes" - }, - { - "category": "Optimización de costes", - "guid": "1347dc56-028a-471f-be1c-e15dd3f0d5e7", - "id": "AOAI.64", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/latency#batching", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Procesamiento por lotes", - "text": "Solicitudes por lotes, siempre que sea posible, para minimizar la sobrecarga por llamada, lo que puede reducir los costos generales. Asegúrese de optimizar el tamaño del lote", - "waf": "Optimización de costes" - }, - { - "category": "Optimización de costes", - "guid": "72d41e36-11cc-457b-9a4b-1410d43958a8", - "id": "AOAI.65", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/manage-costs", - "service": "Azure OpenAI", - "severity": "Medio", - "subcategory": "Seguimiento de costes", - "text": "Configure un sistema de seguimiento de costos que supervise el uso del modelo y use esa información para ayudar a informar las opciones de modelos y los tamaños indicados", - "waf": "Optimización de costes" - }, - { - "category": "Optimización de costes", - "guid": "166cd072-af9b-4141-a898-a535e737897e", - "id": "AOAI.66", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/quota?tabs=rest#understanding-rate-limits", - "service": "Azure OpenAI", - "severity": "Medio", - "subcategory": "Límite de tokens", - "text": "Establezca un límite máximo en el número de tokens por respuesta de modelo. Optimice el tamaño para asegurarse de que sea lo suficientemente grande para una respuesta válida", - "waf": "Optimización de costes" - }, - { - "category": "Gestión de Operaciones", - "guid": "71ca7da8-cfa9-462a-8594-946da97dc3a2", - "id": "AOAI.67", - "link": "https://learn.microsoft.com/azure/search/search-reliability", - "service": "Azure OpenAI", - "severity": "Medio", - "subcategory": "Fiabilidad de la búsqueda con IA", - "text": "Revise las instrucciones proporcionadas sobre la configuración de la búsqueda de IA para la confiabilidad", - "waf": "Excelencia Operacional" - }, - { - "category": "Gestión de Operaciones", - "guid": "3266b225-86f4-4a16-92bd-ddea8a487cde", - "id": "AOAI.68", - "link": "https://learn.microsoft.com/azure/search/vector-search-index-size?tabs=portal-vector-quota", - "service": "Azure OpenAI", - "severity": "Medio", - "subcategory": "Límites del vector de búsqueda de IA", - "text": "Planifique y administre el almacenamiento de vectores de búsqueda de IA", - "waf": "Excelencia Operacional" - }, - { - "category": "Gestión de Operaciones", - "guid": "b4861bc3-bc14-4aeb-9e66-e8d9a3aec218", - "id": "AOAI.69", - "link": "https://learn.microsoft.com/azure/machine-learning/prompt-flow/how-to-end-to-end-llmops-with-prompt-flow?view=azureml-api-2", - "service": "Azure OpenAI", - "severity": "Medio", - "subcategory": "DevOps (Operaciones de desarrollo)", - "text": "Aplique prácticas de LLMOps para automatizar la gestión del ciclo de vida de sus aplicaciones GenAI", - "waf": "Excelencia Operacional" - }, - { - "category": "Optimización de costes", - "guid": "aa80932c-8ec9-4d1b-a770-26e5e6beba9e", - "id": "AOAI.7", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/provisioned-throughput-onboarding#understanding-the-provisioned-throughput-purchase-model", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Modelo de cálculo de costes", - "text": "Evalúe el uso de los modelos de facturación: PAYG frente a PTU", - "waf": "Optimización de costes" - }, - { - "category": "Gestión de Operaciones", - "guid": "e6436b07-36db-455f-9796-03334bdf9cc2", - "id": "AOAI.70", - "link": "https://techcommunity.microsoft.com/t5/ai-azure-ai-services-blog/how-to-control-azure-openai-models/ba-p/4146793", - "service": "Azure OpenAI", - "severity": "Medio", - "subcategory": "DevOps (Operaciones de desarrollo)", - "text": "Evalúe la calidad de los mensajes y las aplicaciones al cambiar entre versiones de modelo", - "waf": "Excelencia Operacional" - }, - { - "category": "Gestión de Operaciones", - "guid": "3418db61-2712-4650-9bb4-7a393a080327", - "id": "AOAI.71", - "link": "https://learn.microsoft.com/azure/machine-learning/prompt-flow/concept-model-monitoring-generative-ai-evaluation-metrics?view=azureml-api-2", - "service": "Azure OpenAI", - "severity": "Medio", - "subcategory": "Desarrollo", - "text": "Evalúe, supervise y perfeccione sus aplicaciones GenAI para características como la fundamentación, la relevancia, la precisión, la coherencia, la fluidez,", - "waf": "Excelencia Operacional" - }, - { - "category": "Gestión de Operaciones", - "guid": "294798b1-578b-4219-a46c-eb5443513592", - "id": "AOAI.72", - "service": "Azure OpenAI", - "severity": "Medio", - "subcategory": "Desarrollo", - "text": "Evalúe los resultados de búsqueda de Azure AI en función de diferentes parámetros de búsqueda", - "waf": "Excelencia Operacional" - }, - { - "category": "Gestión de Operaciones", - "guid": "2744293b-b628-4537-a551-19b08e8f5854", - "id": "AOAI.73", - "link": "https://learn.microsoft.com/azure/ai-services/openai/concepts/fine-tuning-considerations", - "service": "Azure OpenAI", - "severity": "Medio", - "subcategory": "Desarrollo", - "text": "Considere los modelos de ajuste fino como una forma de aumentar la precisión solo cuando haya probado otros enfoques básicos como la ingeniería de avisos y RAG con sus datos", - "waf": "Excelencia Operacional" - }, - { - "category": "Gestión de Operaciones", - "guid": "287d9cec-166c-4d07-8af9-b141a898a535", - "id": "AOAI.74", - "link": "https://learn.microsoft.com/azure/ai-services/openai/concepts/advanced-prompt-engineering?pivots=programming-language-chat-completions", - "service": "Azure OpenAI", - "severity": "Medio", - "subcategory": "Desarrollo", - "text": "Utilice técnicas de ingeniería rápida para mejorar la precisión de las respuestas de LLM", - "waf": "Excelencia Operacional" - }, - { - "category": "Gobernanza y seguridad", - "guid": "e737897e-71ca-47da-acfa-962a1594946d", - "id": "AOAI.75", - "link": "https://learn.microsoft.com/azure/ai-services/openai/concepts/red-teaming", - "service": "Azure OpenAI", - "severity": "Medio", - "subcategory": "Auditorías de seguridad y pruebas de penetración", - "text": "Equipo rojo con sus aplicaciones GenAI", - "waf": "Seguridad" - }, - { - "category": "Gestión de Operaciones", - "guid": "edb117e6-76aa-4f66-aca4-8e5a95f2223e", - "id": "AOAI.76", - "link": "https://www.microsoft.com/haxtoolkit/guideline/encourage-granular-feedback/", - "service": "Azure OpenAI", - "severity": "Medio", - "subcategory": "Comentarios de los usuarios finales", - "text": "Proporcione a los usuarios finales opciones de puntuación para las respuestas de LLM y realice un seguimiento de estas puntuaciones. ", - "waf": "Excelencia Operacional" - }, - { - "category": "Optimización de costes", - "guid": "d5f3547c-c346-4d81-9028-a71ffe1b9b5d", - "id": "AOAI.8", - "link": "https://techcommunity.microsoft.com/t5/fasttrack-for-azure/optimizing-azure-openai-a-guide-to-limits-quotas-and-best/ba-p/4076268", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Gestión de cuotas", - "text": "Considere las prácticas de administración de cuotas", - "waf": "Optimización de costes" - }, - { - "category": "Gestión de Operaciones", - "guid": "9de0d5d7-31d4-41e3-911c-817bfafbc410", - "id": "AOAI.9", - "link": "https://github.com/Azure/aoai-apim/blob/main/README.md", - "service": "Azure OpenAI", - "severity": "Medio", - "subcategory": "Equilibrio de carga", - "text": "Utilice soluciones de equilibrador de carga, como la puerta de enlace basada en APIM, para equilibrar la carga y la capacidad entre servicios y regiones", - "waf": "Excelencia Operacional" - } - ], - "metadata": { - "name": "Azure OpenAI Review", - "state": "Preview", - "timestamp": "July 24, 2024", - "waf": "all" - }, - "severities": [ - { - "name": "Alto" - }, - { - "name": "Medio" - }, - { - "name": "Bajo" - } - ], - "status": [ - { - "description": "Este control aún no se ha examinado", - "name": "No verificado" - }, - { - "description": "Hay un elemento de acción asociado a esta comprobación", - "name": "Abrir" - }, - { - "description": "Esta comprobación se ha verificado y no hay más elementos de acción asociados a ella", - "name": "Cumplido" - }, - { - "description": "Recomendación entendida, pero no necesaria por los requisitos actuales", - "name": "No es necesario" - }, - { - "description": "No aplicable para el diseño actual", - "name": "N/A" - } - ], - "waf": [ - { - "name": "Fiabilidad" - }, - { - "name": "Seguridad" - }, - { - "name": "Costar" - }, - { - "name": "Operaciones" - }, - { - "name": "Rendimiento" - } - ], - "yesno": [ - { - "name": "Sí" - }, - { - "name": "No" - } - ] -} \ No newline at end of file diff --git a/checklists/aoai_checklist.ja.json b/checklists/aoai_checklist.ja.json deleted file mode 100644 index 38d3c59a4..000000000 --- a/checklists/aoai_checklist.ja.json +++ /dev/null @@ -1,920 +0,0 @@ -{ - "categories": [ - { - "name": "ID およびアクセス管理" - }, - { - "name": "ネットワーク トポロジと接続性" - }, - { - "name": "BC と DR" - }, - { - "name": "ガバナンスとセキュリティ" - }, - { - "name": "コストガバナンス" - }, - { - "name": "オペレーションマネジメント" - }, - { - "name": "アプリケーションのデプロイメント" - }, - { - "name": "責任あるAI" - } - ], - "items": [ - { - "category": "責任あるAI", - "guid": "a85b86ad-884f-48e3-9273-4b875ba18f10", - "id": "AOAI.1", - "link": "https://learn.microsoft.com/azure/ai-services/openai/concepts/system-message#define-additional-safety-and-behavioral-guardrails", - "service": "Azure OpenAI", - "severity": "高い", - "subcategory": "メタプロンプティング", - "text": "共鳴可能なAIのためのメタプロンプトガードレールに従う", - "waf": "オペレーショナルエクセレンス" - }, - { - "category": "オペレーションマネジメント", - "guid": "d4391898-cd28-48be-b6b1-7cb8245451e1", - "id": "AOAI.10", - "link": "https://github.com/Azure-Samples/AI-Gateway", - "service": "Azure OpenAI", - "severity": "高い", - "subcategory": "ロードバランシング", - "text": "APIM や AI Central などのソリューションを使用したゲートウェイ パターンを検討して、レート制限、負荷分散、認証、ログ記録を改善します", - "waf": "オペレーショナルエクセレンス" - }, - { - "category": "オペレーションマネジメント", - "guid": "aed3453a-ec72-4392-97a1-52d6cc5e4029", - "id": "AOAI.11", - "link": "https://techcommunity.microsoft.com/t5/fasttrack-for-azure/azure-openai-insights-monitoring-ai-with-confidence/ba-p/4026850", - "service": "Azure OpenAI", - "severity": "高い", - "subcategory": "モニタリング", - "text": "AOAI インスタンスの監視を有効にする", - "waf": "オペレーショナルエクセレンス" - }, - { - "category": "オペレーションマネジメント", - "guid": "697cb391-ed16-4b2d-886f-0a0241addde6", - "id": "AOAI.12", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/monitoring#set-up-alerts", - "service": "Azure OpenAI", - "severity": "高い", - "subcategory": "アラート", - "text": "リソースに対して実行されたアクション (サブスクリプション キーの再生成など) によって作成されたアクティビティ ログのエントリや、1 時間に 10 を超えるエラー数などのメトリックしきい値によって作成されたアクティビティ ログのエントリなど、イベントを通知するアラートを作成します", - "waf": "オペレーショナルエクセレンス" - }, - { - "category": "オペレーションマネジメント", - "guid": "8a477cde-b486-41bc-9bc1-0ae66e25d4d5", - "id": "AOAI.13", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/monitoring", - "service": "Azure OpenAI", - "severity": "高い", - "subcategory": "モニタリング", - "text": "トークンの使用状況を監視して、容量によるサービスの中断を防ぎます", - "waf": "オペレーショナルエクセレンス" - }, - { - "category": "オペレーションマネジメント", - "guid": "a3aec2c4-e243-46b0-936c-b45e17960eee", - "id": "AOAI.14", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/monitoring", - "service": "Azure OpenAI", - "severity": "中程度", - "subcategory": "オブザーバビリティ", - "text": "処理された推論トークン、生成された完了トークンなどのメトリックを観察し、レート制限を監視します", - "waf": "オペレーショナルエクセレンス" - }, - { - "category": "オペレーションマネジメント", - "guid": "fbdf4cc2-eec4-4d76-8c31-d25ffbb46a39", - "id": "AOAI.15", - "link": "https://techcommunity.microsoft.com/t5/apps-on-azure-blog/build-an-enterprise-ready-azure-openai-solution-with-azure-api/ba-p/3907562", - "service": "Azure OpenAI", - "severity": "低い", - "subcategory": "オブザーバビリティ", - "text": "診断が十分でない場合は、Azure OpenAI の前で Azure API Management などのゲートウェイを使用して、受信プロンプトと送信応答の両方をログに記録することを検討してください (許可されている場合)", - "waf": "オペレーショナルエクセレンス" - }, - { - "category": "オペレーションマネジメント", - "guid": "3af30ed3-2947-498b-8178-a2c5a46ceb54", - "id": "AOAI.16", - "link": "https://github.com/Azure-Samples/openai-enterprise-iac", - "service": "Azure OpenAI", - "severity": "高い", - "subcategory": "インフラストラクチャの展開", - "text": "コードとしてのインフラストラクチャを使用して、Azure OpenAI Service、モデル デプロイ、およびすべての関連リソースをデプロイします", - "waf": "オペレーショナルエクセレンス" - }, - { - "category": "ガバナンスとセキュリティ", - "guid": "4350d092-d234-4292-a752-8537a551c5bf", - "id": "AOAI.17", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/managed-identity", - "service": "Azure OpenAI", - "severity": "高い", - "subcategory": "認証", - "text": "API キーの代わりにマネージド ID で Microsoft Entra 認証を使用する", - "waf": "安全" - }, - { - "category": "責任あるAI", - "guid": "4e4f1854-287d-45cd-a126-cc031af5b1fc", - "id": "AOAI.18", - "link": "https://learn.microsoft.com/azure/machine-learning/prompt-flow/how-to-bulk-test-evaluate-flow?view=azureml-api-2", - "service": "Azure OpenAI", - "severity": "高い", - "subcategory": "評価", - "text": "入力と正しい答えを持つ既知のゴールデンデータセットを使用して、システムのパフォーマンス/精度を評価します。PromptFlowの機能を評価に活用します。", - "waf": "オペレーショナルエクセレンス" - }, - { - "category": "オペレーションマネジメント", - "guid": "68889535-e327-4897-b31b-67d67be5962a", - "id": "AOAI.19", - "link": "https://learn.microsoft.com/azure/architecture/ai-ml/architecture/baseline-openai-e2e-chat#azure-openai---performance-efficiency", - "service": "Azure OpenAI", - "severity": "高い", - "subcategory": "ホスティングモデル", - "text": "プロビジョニング済みスループットモデルの使用状況の評価", - "waf": "パフォーマンス" - }, - { - "category": "責任あるAI", - "guid": "cd288bed-6b17-4cb8-8454-51e1aed3453a", - "id": "AOAI.2", - "link": "https://learn.microsoft.com/azure/ai-services/content-safety/overview", - "service": "Azure OpenAI", - "severity": "高い", - "subcategory": "コンテンツの安全性", - "text": "Azure AI コンテンツの安全性を確認して実装する", - "waf": "オペレーショナルエクセレンス" - }, - { - "category": "オペレーションマネジメント", - "guid": "1193846d-697c-4b39-8ed1-6b2d186f0a02", - "id": "AOAI.20", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/latency#system-level-throughput", - "service": "Azure OpenAI", - "severity": "高い", - "subcategory": "スループットの定義", - "text": "トークンと1分あたりのレスポンスに基づいてシステムのスループットを定義および評価し、要件に合わせます", - "waf": "パフォーマンス" - }, - { - "category": "オペレーションマネジメント", - "guid": "41addde6-8a47-47cd-bb48-61bc3bc10ae6", - "id": "AOAI.21", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/latency#improve-performance", - "service": "Azure OpenAI", - "severity": "中程度", - "subcategory": "レイテンシーの改善", - "text": "トークンサイズ、ストリーミングオプションを制限することにより、システムのレイテンシーを改善します", - "waf": "パフォーマンス" - }, - { - "category": "オペレーションマネジメント", - "guid": "6e25d4d5-a3ae-4c2c-9e24-36b0336cb45e", - "id": "AOAI.22", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/latency#batching", - "service": "Azure OpenAI", - "severity": "中程度", - "subcategory": "弾力性の分離", - "text": "弾力性の要求を見積もり、優先順位に基づいて同期要求とバッチ要求の分離を決定します。優先度が高い場合は同期アプローチを使用し、優先度が低い場合はキューを使用した非同期バッチ処理が推奨されます", - "waf": "パフォーマンス" - }, - { - "category": "オペレーションマネジメント", - "guid": "5bda4332-4f24-4811-9331-82ba51752694", - "id": "AOAI.23", - "link": "https://github.com/Azure/azure-openai-benchmark/", - "service": "Azure OpenAI", - "severity": "高い", - "subcategory": "ベンチマーク", - "text": "消費者からの推定需要に基づくトークン消費要件のベンチマーク。プロビジョニングされたスループット ユニットのデプロイを使用している場合は、Azure OpenAI ベンチマーク ツールを使用してスループットを検証することを検討してください", - "waf": "パフォーマンス" - }, - { - "category": "オペレーションマネジメント", - "guid": "4008ae7d-7e47-4432-96d8-bdcf55bce619", - "id": "AOAI.24", - "link": "https://techcommunity.microsoft.com/t5/fasttrack-for-azure/optimizing-azure-openai-a-guide-to-limits-quotas-and-best/ba-p/4076268", - "service": "Azure OpenAI", - "severity": "中程度", - "subcategory": "弾性", - "text": "プロビジョニングされたスループットユニット (PTU) を使用している場合は、オーバーフローリクエストに対して Token-Per Minute (TPM) デプロイメントをデプロイすることを検討してください。ゲートウェイを使用して、PTU の制限に達したときに要求を TPM デプロイにルーティングします。", - "waf": "パフォーマンス" - }, - { - "category": "オペレーションマネジメント", - "guid": "e8a13f98-8794-424d-9267-86d60b96c97b", - "id": "AOAI.25", - "link": "https://learn.microsoft.com/azure/ai-services/openai/concepts/models", - "service": "Azure OpenAI", - "severity": "高い", - "subcategory": "モデルの選択", - "text": "適切なタスクに適したモデルを選択してください。速度、応答の品質、出力の複雑さの間で適切なトレードオフを持つモデルを選択する", - "waf": "パフォーマンス" - }, - { - "category": "オペレーションマネジメント", - "guid": "e9951904-8384-45c9-a6cb-2912156a1147", - "id": "AOAI.26", - "link": "https://github.com/Azure/azure-openai-benchmark/", - "service": "Azure OpenAI", - "severity": "中程度", - "subcategory": "微調整", - "text": "微調整によってモデルのパフォーマンスが向上したかどうかを知るための微調整を行わずに、パフォーマンスのベースラインを設定する", - "waf": "パフォーマンス" - }, - { - "category": "BC と DR", - "guid": "5e39f541-accc-4d97-a376-bcdb3750ab2a", - "id": "AOAI.27", - "link": "https://learn.microsoft.com/azure/architecture/ai-ml/architecture/baseline-openai-e2e-chat#azure-openai---reliability", - "service": "Azure OpenAI", - "severity": "低い", - "subcategory": "マルチリージョン アーキテクチャ", - "text": "複数のOAIインスタンスを複数のリージョンにデプロイする", - "waf": "確実" - }, - { - "category": "BC と DR", - "guid": "b039da6d-55d7-4c89-8adb-107d5325af62", - "id": "AOAI.28", - "link": "https://learn.microsoft.com/azure/architecture/ai-ml/architecture/baseline-openai-e2e-chat#azure-openai---reliability", - "service": "Azure OpenAI", - "severity": "高い", - "subcategory": "ロードバランシング", - "text": "APIM のようなゲートウェイ パターンを使用した再試行とヘルスチェックの実装", - "waf": "確実" - }, - { - "category": "BC と DR", - "guid": "5ca44e46-85e2-4223-ace8-bb12308ca5f1", - "id": "AOAI.29", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/quota?tabs=rest#introduction-to-quota", - "service": "Azure OpenAI", - "severity": "中程度", - "subcategory": "クォータ", - "text": "ワークロードに対してTPMとRPMの適切なクォータがあることを確認します", - "waf": "確実" - }, - { - "category": "責任あるAI", - "guid": "ec723923-7a15-42d6-ac5e-402925387e5c", - "id": "AOAI.3", - "link": "https://www.microsoft.com/research/project/guidelines-for-human-ai-interaction/", - "service": "Azure OpenAI", - "severity": "中程度", - "subcategory": "UX のベスト プラクティス", - "text": "HAIツールキットガイダンスの考慮事項を確認し、それらの相互作用の実践をslutionに適用します", - "waf": "オペレーショナルエクセレンス" - }, - { - "category": "BC と DR", - "guid": "7f154e3a-a369-4282-ae7e-316183687a04", - "id": "AOAI.30", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/business-continuity-disaster-recovery", - "service": "Azure OpenAI", - "severity": "中程度", - "subcategory": "ロードバランシング", - "text": "ファインチューニングが採用されている場合は、リージョン間で個別の微調整モデルをデプロイします", - "waf": "確実" - }, - { - "category": "BC と DR", - "guid": "77a1f893-5bda-4433-84f2-4811633182ba", - "id": "AOAI.31", - "link": "https://learn.microsoft.com/azure/backup/backup-overview", - "service": "Azure OpenAI", - "severity": "中程度", - "subcategory": "データバックアップとディザスタリカバリ", - "text": "重要なデータを定期的にバックアップおよびレプリケートして、データの損失やシステム障害が発生した場合のデータの可用性と回復性を確保します。Azure のバックアップおよびディザスター リカバリー サービスを活用して、データを保護します。", - "waf": "確実" - }, - { - "category": "BC と DR", - "guid": "95b96ad8-844c-4e3b-8b38-b876ba2cf204", - "id": "AOAI.32", - "link": "https://www.microsoft.com/licensing/docs/view/Service-Level-Agreements-SLA-for-Online-Services?lang=1", - "service": "Azure OpenAI", - "severity": "高い", - "subcategory": "SLA に関する考慮事項", - "text": "Azure AI Search サービス レベルは、SLA を持つために選択する必要があります", - "waf": "確実" - }, - { - "category": "ガバナンスとセキュリティ", - "guid": "99013a5d-3ce4-474d-acbd-8682a6abca2a", - "id": "AOAI.33", - "link": "https://learn.microsoft.com/purview/purview", - "service": "Azure OpenAI", - "severity": "低い", - "subcategory": "データの機密性", - "text": "データと機密性を分類し、埋め込みを生成する前に Microsoft Purview でラベル付けし、生成された埋め込みを同じ感度と分類で処理するようにしてください", - "waf": "安全" - }, - { - "category": "ガバナンスとセキュリティ", - "guid": "4fda1dbf-3dd9-45d4-ac7c-891dca1f6d56", - "id": "AOAI.34", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/use-your-data-securely", - "service": "Azure OpenAI", - "severity": "高い", - "subcategory": "保存時の暗号化", - "text": "SSE/ディスク暗号化(オプションのBYOKを使用)を使用してRAGに使用されるデータを暗号化", - "waf": "安全" - }, - { - "category": "ガバナンスとセキュリティ", - "guid": "59ae558b-937d-4498-9e11-12dbd7ba012f", - "id": "AOAI.35", - "link": "https://learn.microsoft.com/azure/search/search-security-overview", - "service": "Azure OpenAI", - "severity": "高い", - "subcategory": "トランジット暗号化", - "text": "データソース間で転送されるデータ、Retrieval-Augmented Generation(RAG)およびLLM通信に使用されるAI検索にTLSが適用されていることを確認します", - "waf": "安全" - }, - { - "category": "ガバナンスとセキュリティ", - "guid": "7b94ef6e-047d-42ea-8992-b1cd6e2054b2", - "id": "AOAI.36", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/role-based-access-control", - "service": "Azure OpenAI", - "severity": "高い", - "subcategory": "アクセス制御", - "text": "RBAC を使用して、Azure OpenAI サービスへのアクセスを管理します。ユーザーに適切な権限を割り当て、ユーザーの役割と責任に基づいてアクセスを制限します", - "waf": "安全" - }, - { - "category": "ガバナンスとセキュリティ", - "guid": "9769e4a6-91e8-4838-ac93-6667e13c0056", - "id": "AOAI.37", - "link": "https://learn.microsoft.com/azure/security/fundamentals/data-encryption-best-practices", - "service": "Azure OpenAI", - "severity": "中程度", - "subcategory": "データマスキングとリダクション", - "text": "データの暗号化、マスキング、または編集技術を実装して、機密データを非表示にしたり、非本番環境で難読化された値に置き換えたり、テストやトラブルシューティングの目的でデータを共有する場合", - "waf": "安全" - }, - { - "category": "ガバナンスとセキュリティ", - "guid": "74b1e945-b459-4837-be7a-d6c6d3b375a5", - "id": "AOAI.38", - "link": "https://learn.microsoft.com/azure/defender-for-cloud/defender-for-cloud-introduction", - "service": "Azure OpenAI", - "severity": "高い", - "subcategory": "脅威の検出と監視", - "text": "Azure Defender を利用して、セキュリティの脅威を検出して対応し、監視とアラートのメカニズムを設定して、疑わしいアクティビティや侵害を特定します。Azure Sentinel を活用して高度な脅威の検出と対応を実現", - "waf": "安全" - }, - { - "category": "ガバナンスとセキュリティ", - "guid": "c7acbe48-abe5-44cd-99f2-e87768468c55", - "id": "AOAI.39", - "link": "https://techcommunity.microsoft.com/t5/azure-storage-blog/managing-long-term-log-retention-or-any-business-data/ba-p/2494791", - "service": "Azure OpenAI", - "severity": "中程度", - "subcategory": "データの保持と廃棄", - "text": "コンプライアンス規制を遵守するためのデータ保持および廃棄ポリシーを確立します。不要になったデータに対して安全な削除方法を実装し、データの保持と廃棄活動の監査証跡を維持します", - "waf": "安全" - }, - { - "category": "責任あるAI", - "guid": "a9c27d9c-42bb-46bd-8c69-99a246f3389a", - "id": "AOAI.4", - "link": "https://learn.microsoft.com/azure/ai-services/content-safety/concepts/jailbreak-detection", - "service": "Azure OpenAI", - "severity": "高い", - "subcategory": "脱獄の安全性", - "text": "Content Safety を使用した Prompt シールドと接地検出の実装", - "waf": "オペレーショナルエクセレンス" - }, - { - "category": "ガバナンスとセキュリティ", - "guid": "a775c6ee-95b9-46ad-a844-ce3b2b38b876", - "id": "AOAI.40", - "link": "https://learn.microsoft.com/azure/compliance/", - "service": "Azure OpenAI", - "severity": "高い", - "subcategory": "データのプライバシーとコンプライアンス", - "text": "GDPRやHIPAAなどの関連するデータ保護規制への準拠を確保するには、プライバシー制御を実装し、データ処理活動に必要な同意または許可を取得します。", - "waf": "安全" - }, - { - "category": "ガバナンスとセキュリティ", - "guid": "ba2cf204-9901-43a5-b3ce-474dccbd8682", - "id": "AOAI.41", - "service": "Azure OpenAI", - "severity": "中程度", - "subcategory": "従業員の意識向上と教育", - "text": "データセキュリティのベストプラクティス、データの安全な取り扱いの重要性、データ侵害に関連する潜在的なリスクについて、従業員を教育します。データセキュリティプロトコルに熱心に従うように促します。", - "waf": "安全" - }, - { - "category": "ガバナンスとセキュリティ", - "guid": "eae01e6e-842e-452f-9721-d928c1b1cd52", - "id": "AOAI.42", - "service": "Azure OpenAI", - "severity": "高い", - "subcategory": "環境の分離", - "text": "運用データを開発データやテストデータから分離します。本番環境では実際の機密データのみを使用し、開発環境やテスト環境では匿名化されたデータや合成データを利用します。", - "waf": "安全" - }, - { - "category": "ガバナンスとセキュリティ", - "guid": "1e54a29a-9de3-499c-bd7b-28dc93555620", - "id": "AOAI.43", - "service": "Azure OpenAI", - "severity": "中程度", - "subcategory": "インデックスの分離", - "text": "データの機密性のレベルが異なる場合は、レベルごとに個別のインデックスを作成することを検討してください。たとえば、一般的なデータ用に 1 つのインデックスを作成し、機密データ用に別のインデックスを作成し、それぞれ異なるアクセス プロトコルで管理することができます", - "waf": "安全" - }, - { - "category": "ガバナンスとセキュリティ", - "guid": "2bfe4564-b0d8-434a-948b-263e6dd60512", - "id": "AOAI.44", - "service": "Azure OpenAI", - "severity": "中程度", - "subcategory": "個別のインスタンス内の機密データ", - "text": "分離をさらに一歩進めて、機密性の高いデータセットをサービスの異なるインスタンスに配置します。各インスタンスは、独自のRBACポリシーのセットで制御できます", - "waf": "安全" - }, - { - "category": "ガバナンスとセキュリティ", - "guid": "a36498f6-dbad-438e-ad53-cc7ce1d7aaab", - "id": "AOAI.45", - "service": "Azure OpenAI", - "severity": "高い", - "subcategory": "埋め込みとベクター処理", - "text": "機密情報から生成された埋め込みとベクトルは、それ自体が機密性が高いことを認識します。このデータには、ソースマテリアルと同じ保護対策を提供する必要があります", - "waf": "安全" - }, - { - "category": "ガバナンスとセキュリティ", - "guid": "3571449a-b805-43d8-af89-dc7b33be2a1a", - "id": "AOAI.46", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/role-based-access-control", - "service": "Azure OpenAI", - "severity": "高い", - "subcategory": "アクセス制御", - "text": "埋め込みとベクトルを持つデータストアに RBAC を適用し、ロールのアクセス要件に基づいてアクセスのスコープを設定します", - "waf": "安全" - }, - { - "category": "ガバナンスとセキュリティ", - "guid": "27f7b9e9-1be1-4f38-aef3-9812bd463cbb", - "id": "AOAI.47", - "link": "https://techcommunity.microsoft.com/t5/azure-architecture-blog/azure-openai-private-endpoints-connecting-across-vnet-s/ba-p/3913325", - "service": "Azure OpenAI", - "severity": "高い", - "subcategory": "ネットワークセキュリティ", - "text": "AI サービスのプライベート エンドポイントを構成して、ネットワーク内のサービス アクセスを制限します", - "waf": "安全" - }, - { - "category": "ガバナンスとセキュリティ", - "guid": "ac8ac199-ebb9-41a3-9d90-cae2cc881370", - "id": "AOAI.48", - "service": "Azure OpenAI", - "severity": "高い", - "subcategory": "ネットワークセキュリティ", - "text": "Azure Firewall と UDR を使用して受信と送信のトラフィック制御を厳密に適用し、外部統合ポイントを制限します", - "waf": "安全" - }, - { - "category": "ガバナンスとセキュリティ", - "guid": "6f7c0cba-fe51-4464-add4-57e927138b82", - "id": "AOAI.49", - "service": "Azure OpenAI", - "severity": "高い", - "subcategory": "ネットワークアクセスの制御", - "text": "ネットワークのセグメンテーションとアクセス制御を実装して、LLMアプリケーションへのアクセスを許可されたユーザーとシステムのみに制限し、横方向の移動を防ぎます", - "waf": "安全" - }, - { - "category": "コストの最適化", - "guid": "7f42c78e-78cb-46a2-8ad1-90916e6a8d8f", - "id": "AOAI.5", - "link": "https://www.microsoft.com/research/blog/llmlingua-innovating-llm-efficiency-with-prompt-compression/", - "service": "Azure OpenAI", - "severity": "中程度", - "subcategory": "トークンの最適化", - "text": "LLMLingua や gprtrim などのプロンプト圧縮ツールを使用します", - "waf": "コストの最適化" - }, - { - "category": "ガバナンスとセキュリティ", - "guid": "1102cac6-eae0-41e6-b842-e52f4721d928", - "id": "AOAI.50", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/managed-identity", - "service": "Azure OpenAI", - "severity": "高い", - "subcategory": "安全なAPIとエンドポイント", - "text": "LLM アプリケーションで使用される API とエンドポイントが、マネージド ID、API キー、OAuth などの認証および承認メカニズムで適切に保護され、不正アクセスを防止します。", - "waf": "安全" - }, - { - "category": "ガバナンスとセキュリティ", - "guid": "c1b1cd52-1e54-4a29-a9de-399cfd7b28dc", - "id": "AOAI.51", - "link": "https://techcommunity.microsoft.com/t5/azure-architecture-blog/security-best-practices-for-genai-applications-openai-in-azure/ba-p/4027885", - "service": "Azure OpenAI", - "severity": "中程度", - "subcategory": "強力な認証の実装", - "text": "多要素認証などの強力なエンドユーザー認証メカニズムを適用して、LLMアプリケーションおよび関連するネットワークリソースへの不正アクセスを防止します", - "waf": "安全" - }, - { - "category": "ガバナンスとセキュリティ", - "guid": "93555620-2bfe-4456-9b0d-834a348b263e", - "id": "AOAI.52", - "service": "Azure OpenAI", - "severity": "中程度", - "subcategory": "ネットワーク監視を使用する", - "text": "ネットワーク監視ツールを実装して、疑わしいアクティビティや悪意のあるアクティビティのネットワークトラフィックを検出および分析します。ロギングを有効にしてネットワークイベントをキャプチャし、セキュリティインシデントが発生した場合のフォレンジック分析を容易にします", - "waf": "安全" - }, - { - "category": "ガバナンスとセキュリティ", - "guid": "6dd60512-a364-498f-9dba-d38ead53cc7c", - "id": "AOAI.53", - "service": "Azure OpenAI", - "severity": "中程度", - "subcategory": "セキュリティ監査と侵入テスト", - "text": "セキュリティ監査と侵入テストを実施して、LLMアプリケーションのネットワークインフラストラクチャのネットワークセキュリティの弱点または脆弱性を特定して対処します", - "waf": "安全" - }, - { - "category": "ガバナンスとセキュリティ", - "guid": "e1d7aaab-3571-4449-ab80-53d89f89dc7b", - "id": "AOAI.54", - "link": "https://learn.microsoft.com/azure/azure-resource-manager/management/tag-resources?tabs=json", - "service": "Azure OpenAI", - "severity": "低い", - "subcategory": "インフラストラクチャの展開", - "text": "Azure AI Services は、管理を改善するために適切にタグ付けされています", - "waf": "オペレーショナルエクセレンス" - }, - { - "category": "ガバナンスとセキュリティ", - "guid": "77036e5e-6b4b-4ed3-b503-547c1347dc56", - "id": "AOAI.55", - "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations", - "service": "Azure OpenAI", - "severity": "低い", - "subcategory": "インフラストラクチャの展開", - "text": "Azure AI Service アカウントは、組織の名前付け規則に従います", - "waf": "オペレーショナルエクセレンス" - }, - { - "category": "ガバナンスとセキュリティ", - "guid": "028a71ff-e1ce-415d-b3f0-d5e772d41e36", - "id": "AOAI.56", - "link": "https://learn.microsoft.com/azure/ai-services/diagnostic-logging", - "service": "Azure OpenAI", - "severity": "高い", - "subcategory": "診断のログ", - "text": "Azure AI サービス リソースの診断ログを有効にする必要がある", - "waf": "オペレーショナルエクセレンス" - }, - { - "category": "ID およびアクセス管理", - "guid": "11cc57b4-a4b1-4410-b439-58a8c2289b3d", - "id": "AOAI.57", - "link": "https://learn.microsoft.com/azure/ai-services/authentication", - "service": "Azure OpenAI", - "severity": "高い", - "subcategory": "Entra IDベースのアクセス", - "text": "セキュリティのため、キーアクセス(ローカル認証)を無効にすることをお勧めします。 キーベースのアクセスを無効にすると、Microsoft Entra IDが唯一のアクセス方法になり、最小限の特権原則ときめ細かな制御を維持できます。", - "waf": "安全" - }, - { - "category": "ガバナンスとセキュリティ", - "guid": "6b57cfc6-5546-41e1-a3e3-453a3c863964", - "id": "AOAI.58", - "link": "https://learn.microsoft.com/azure/key-vault/general/best-practices", - "service": "Azure OpenAI", - "severity": "高い", - "subcategory": "セキュアなキー管理", - "text": "Azure Key Vault を使用して、キーを安全に保存および管理します。LLM アプリケーションのコード内で機密性の高いキーをハードコーディングしたり埋め込んだりすることを避け、マネージド ID を使用して Azure Key Vault から安全に取得します", - "waf": "安全" - }, - { - "category": "ガバナンスとセキュリティ", - "guid": "8b652d6c-15f5-4129-9539-8e6ded227dd1", - "id": "AOAI.59", - "link": "https://learn.microsoft.com/azure/key-vault/general/best-practices", - "service": "Azure OpenAI", - "severity": "高い", - "subcategory": "キーのローテーションと有効期限", - "text": "Azure Key Vault に格納されているキーを定期的にローテーションして期限切れにすることで、不正アクセスのリスクを最小限に抑えます。", - "waf": "安全" - }, - { - "category": "コストの最適化", - "guid": "adfe27be-e297-401a-a352-baaab79b088d", - "id": "AOAI.6", - "link": "https://github.com/openai/tiktoken", - "service": "Azure OpenAI", - "severity": "高い", - "subcategory": "トークンの最適化", - "text": "tiktokenを使用して、会話モードでのトークン最適化のためのトークンサイズを理解します", - "waf": "コストの最適化" - }, - { - "category": "ガバナンスとセキュリティ", - "guid": "42b06c21-d799-49a6-96f4-389a7f42c78e", - "id": "AOAI.60", - "link": "https://learn.microsoft.com/azure/security/develop/secure-dev-overview", - "service": "Azure OpenAI", - "severity": "高い", - "subcategory": "安全なコーディングの実践", - "text": "安全なコーディング手法に従って、インジェクション攻撃、クロスサイトスクリプティング(XSS)、セキュリティ設定の誤りなどの一般的な脆弱性を防止します", - "waf": "安全" - }, - { - "category": "ガバナンスとセキュリティ", - "guid": "78c06a73-a22a-4495-9e6a-8dc4a20e27c3", - "id": "AOAI.61", - "link": "https://learn.microsoft.com/azure/devops/repos/security/github-advanced-security-dependency-scanning?view=azure-devops", - "service": "Azure OpenAI", - "severity": "高い", - "subcategory": "パッチ適用と更新", - "text": "LLM ライブラリとその他のシステム コンポーネントを定期的に更新し、パッチを適用するプロセスを設定します", - "waf": "安全" - }, - { - "category": "責任あるAI", - "guid": "e29711b1-352b-4eee-879b-588defc4972c", - "id": "AOAI.62", - "link": "https://learn.microsoft.com/legal/cognitive-services/openai/code-of-conduct", - "service": "Azure OpenAI", - "severity": "高い", - "subcategory": "統治", - "text": "Azure OpenAI またはその他の LLM の利用規約、ポリシー、ガイダンス、および許可されたユース ケースを順守する", - "waf": "オペレーショナルエクセレンス" - }, - { - "category": "コストの最適化", - "guid": "d3cd21bf-7703-46e5-b6b4-bed3d503547c", - "id": "AOAI.63", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/manage-costs#base-series-and-codex-series-fine-tuned-models", - "service": "Azure OpenAI", - "severity": "中程度", - "subcategory": "コストの習熟度", - "text": "基本モデルと微調整されたモデルおよびトークンのステップサイズのコストの違いを理解する", - "waf": "コストの最適化" - }, - { - "category": "コストの最適化", - "guid": "1347dc56-028a-471f-be1c-e15dd3f0d5e7", - "id": "AOAI.64", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/latency#batching", - "service": "Azure OpenAI", - "severity": "高い", - "subcategory": "バッチ処理", - "text": "可能であれば、呼び出しごとのオーバーヘッドを最小限に抑え、全体的なコストを削減できるバッチ要求。バッチサイズを確実に最適化する", - "waf": "コストの最適化" - }, - { - "category": "コストの最適化", - "guid": "72d41e36-11cc-457b-9a4b-1410d43958a8", - "id": "AOAI.65", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/manage-costs", - "service": "Azure OpenAI", - "severity": "中程度", - "subcategory": "コスト監視", - "text": "モデルの使用状況を監視するコスト追跡システムを設定し、その情報を使用してモデルの選択とプロンプトのサイズを通知します", - "waf": "コストの最適化" - }, - { - "category": "コストの最適化", - "guid": "166cd072-af9b-4141-a898-a535e737897e", - "id": "AOAI.66", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/quota?tabs=rest#understanding-rate-limits", - "service": "Azure OpenAI", - "severity": "中程度", - "subcategory": "トークン制限", - "text": "モデル応答あたりのトークン数に上限を設定します。サイズを最適化して、有効な応答に十分な大きさになるようにします", - "waf": "コストの最適化" - }, - { - "category": "オペレーションマネジメント", - "guid": "71ca7da8-cfa9-462a-8594-946da97dc3a2", - "id": "AOAI.67", - "link": "https://learn.microsoft.com/azure/search/search-reliability", - "service": "Azure OpenAI", - "severity": "中程度", - "subcategory": "AI検索の信頼性", - "text": "信頼性のための AI 検索の設定に関するガイダンスを確認します", - "waf": "オペレーショナルエクセレンス" - }, - { - "category": "オペレーションマネジメント", - "guid": "3266b225-86f4-4a16-92bd-ddea8a487cde", - "id": "AOAI.68", - "link": "https://learn.microsoft.com/azure/search/vector-search-index-size?tabs=portal-vector-quota", - "service": "Azure OpenAI", - "severity": "中程度", - "subcategory": "AI 検索ベクトルの制限", - "text": "AI Search Vector ストレージの計画と管理", - "waf": "オペレーショナルエクセレンス" - }, - { - "category": "オペレーションマネジメント", - "guid": "b4861bc3-bc14-4aeb-9e66-e8d9a3aec218", - "id": "AOAI.69", - "link": "https://learn.microsoft.com/azure/machine-learning/prompt-flow/how-to-end-to-end-llmops-with-prompt-flow?view=azureml-api-2", - "service": "Azure OpenAI", - "severity": "中程度", - "subcategory": "DevOpsの", - "text": "LLMOpsプラクティスを適用して、GenAIアプリケーションのライフサイクル管理を自動化します", - "waf": "オペレーショナルエクセレンス" - }, - { - "category": "コストの最適化", - "guid": "aa80932c-8ec9-4d1b-a770-26e5e6beba9e", - "id": "AOAI.7", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/provisioned-throughput-onboarding#understanding-the-provisioned-throughput-purchase-model", - "service": "Azure OpenAI", - "severity": "高い", - "subcategory": "原価計算モデル", - "text": "請求モデルの使用状況の評価 - PAYG と PTU の比較", - "waf": "コストの最適化" - }, - { - "category": "オペレーションマネジメント", - "guid": "e6436b07-36db-455f-9796-03334bdf9cc2", - "id": "AOAI.70", - "link": "https://techcommunity.microsoft.com/t5/ai-azure-ai-services-blog/how-to-control-azure-openai-models/ba-p/4146793", - "service": "Azure OpenAI", - "severity": "中程度", - "subcategory": "DevOpsの", - "text": "モデルバージョンを切り替える際のプロンプトとアプリケーションの品質を評価する", - "waf": "オペレーショナルエクセレンス" - }, - { - "category": "オペレーションマネジメント", - "guid": "3418db61-2712-4650-9bb4-7a393a080327", - "id": "AOAI.71", - "link": "https://learn.microsoft.com/azure/machine-learning/prompt-flow/concept-model-monitoring-generative-ai-evaluation-metrics?view=azureml-api-2", - "service": "Azure OpenAI", - "severity": "中程度", - "subcategory": "発達", - "text": "GenAIアプリを評価、監視、改良して、接地性、関連性、精度、一貫性、流暢さなどの機能を確認します。", - "waf": "オペレーショナルエクセレンス" - }, - { - "category": "オペレーションマネジメント", - "guid": "294798b1-578b-4219-a46c-eb5443513592", - "id": "AOAI.72", - "service": "Azure OpenAI", - "severity": "中程度", - "subcategory": "発達", - "text": "さまざまな検索パラメーターに基づいて Azure AI Search の結果を評価する", - "waf": "オペレーショナルエクセレンス" - }, - { - "category": "オペレーションマネジメント", - "guid": "2744293b-b628-4537-a551-19b08e8f5854", - "id": "AOAI.73", - "link": "https://learn.microsoft.com/azure/ai-services/openai/concepts/fine-tuning-considerations", - "service": "Azure OpenAI", - "severity": "中程度", - "subcategory": "発達", - "text": "精度を向上させる方法としてモデルの微調整を検討するのは、データを使用してプロンプトエンジニアリングやRAGなどの他の基本的なアプローチを試した場合のみです", - "waf": "オペレーショナルエクセレンス" - }, - { - "category": "オペレーションマネジメント", - "guid": "287d9cec-166c-4d07-8af9-b141a898a535", - "id": "AOAI.74", - "link": "https://learn.microsoft.com/azure/ai-services/openai/concepts/advanced-prompt-engineering?pivots=programming-language-chat-completions", - "service": "Azure OpenAI", - "severity": "中程度", - "subcategory": "発達", - "text": "プロンプトエンジニアリング手法を使用して、LLM応答の精度を向上させる", - "waf": "オペレーショナルエクセレンス" - }, - { - "category": "ガバナンスとセキュリティ", - "guid": "e737897e-71ca-47da-acfa-962a1594946d", - "id": "AOAI.75", - "link": "https://learn.microsoft.com/azure/ai-services/openai/concepts/red-teaming", - "service": "Azure OpenAI", - "severity": "中程度", - "subcategory": "セキュリティ監査と侵入テスト", - "text": "GenAIアプリケーションをレッドチーム化", - "waf": "安全" - }, - { - "category": "オペレーションマネジメント", - "guid": "edb117e6-76aa-4f66-aca4-8e5a95f2223e", - "id": "AOAI.76", - "link": "https://www.microsoft.com/haxtoolkit/guideline/encourage-granular-feedback/", - "service": "Azure OpenAI", - "severity": "中程度", - "subcategory": "エンドユーザーのフィードバック", - "text": "エンドユーザーにLLM応答のスコアリングオプションを提供し、これらのスコアを追跡します。", - "waf": "オペレーショナルエクセレンス" - }, - { - "category": "コストの最適化", - "guid": "d5f3547c-c346-4d81-9028-a71ffe1b9b5d", - "id": "AOAI.8", - "link": "https://techcommunity.microsoft.com/t5/fasttrack-for-azure/optimizing-azure-openai-a-guide-to-limits-quotas-and-best/ba-p/4076268", - "service": "Azure OpenAI", - "severity": "高い", - "subcategory": "クォータ管理", - "text": "クォータ管理の実践を検討する", - "waf": "コストの最適化" - }, - { - "category": "オペレーションマネジメント", - "guid": "9de0d5d7-31d4-41e3-911c-817bfafbc410", - "id": "AOAI.9", - "link": "https://github.com/Azure/aoai-apim/blob/main/README.md", - "service": "Azure OpenAI", - "severity": "中程度", - "subcategory": "ロードバランシング", - "text": "APIM ベースのゲートウェイなどのロード バランサー ソリューションを使用して、サービスやリージョン間で負荷と容量を分散します", - "waf": "オペレーショナルエクセレンス" - } - ], - "metadata": { - "name": "Azure OpenAI Review", - "state": "Preview", - "timestamp": "July 24, 2024", - "waf": "all" - }, - "severities": [ - { - "name": "高い" - }, - { - "name": "中程度" - }, - { - "name": "低い" - } - ], - "status": [ - { - "description": "このチェックはまだ見ていません", - "name": "未確認" - }, - { - "description": "このチェックにはアクションアイテムが関連付けられています", - "name": "開ける" - }, - { - "description": "このチェックは検証済みであり、これ以上のアクション アイテムは関連付けられていません", - "name": "達成" - }, - { - "description": "推奨事項は理解されているが、現在の要件では必要ではない", - "name": "必須ではありません" - }, - { - "description": "現在のデザインには適用されません", - "name": "該当なし" - } - ], - "waf": [ - { - "name": "確実" - }, - { - "name": "安全" - }, - { - "name": "費用" - }, - { - "name": "オペレーションズ" - }, - { - "name": "パフォーマンス" - } - ], - "yesno": [ - { - "name": "はい" - }, - { - "name": "いいえ" - } - ] -} \ No newline at end of file diff --git a/checklists/aoai_checklist.ko.json b/checklists/aoai_checklist.ko.json deleted file mode 100644 index c7af3b9b2..000000000 --- a/checklists/aoai_checklist.ko.json +++ /dev/null @@ -1,920 +0,0 @@ -{ - "categories": [ - { - "name": "ID 및 액세스 관리" - }, - { - "name": "네트워크 토폴로지 및 연결성" - }, - { - "name": "BC 및 DR" - }, - { - "name": "거버넌스 및 보안" - }, - { - "name": "비용 관리" - }, - { - "name": "운영 관리" - }, - { - "name": "응용 프로그램 배포" - }, - { - "name": "책임감 있는 AI" - } - ], - "items": [ - { - "category": "책임감 있는 AI", - "guid": "a85b86ad-884f-48e3-9273-4b875ba18f10", - "id": "AOAI.1", - "link": "https://learn.microsoft.com/azure/ai-services/openai/concepts/system-message#define-additional-safety-and-behavioral-guardrails", - "service": "Azure OpenAI", - "severity": "높다", - "subcategory": "메타프롬프트", - "text": "공명형 AI를 위한 Metaprompting 가드레일 따르기", - "waf": "운영 우수성" - }, - { - "category": "운영 관리", - "guid": "d4391898-cd28-48be-b6b1-7cb8245451e1", - "id": "AOAI.10", - "link": "https://github.com/Azure-Samples/AI-Gateway", - "service": "Azure OpenAI", - "severity": "높다", - "subcategory": "로드 밸런싱", - "text": "더 나은 속도 제한, 부하 분산, 인증 및 로깅을 위해 APIM 또는 AI Central과 같은 솔루션을 사용하여 게이트웨이 패턴을 고려합니다.", - "waf": "운영 우수성" - }, - { - "category": "운영 관리", - "guid": "aed3453a-ec72-4392-97a1-52d6cc5e4029", - "id": "AOAI.11", - "link": "https://techcommunity.microsoft.com/t5/fasttrack-for-azure/azure-openai-insights-monitoring-ai-with-confidence/ba-p/4026850", - "service": "Azure OpenAI", - "severity": "높다", - "subcategory": "모니터링", - "text": "AOAI 인스턴스에 대한 모니터링 활성화", - "waf": "운영 우수성" - }, - { - "category": "운영 관리", - "guid": "697cb391-ed16-4b2d-886f-0a0241addde6", - "id": "AOAI.12", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/monitoring#set-up-alerts", - "service": "Azure OpenAI", - "severity": "높다", - "subcategory": "경고", - "text": "리소스에 대해 수행된 작업(예: 구독 키 다시 생성) 또는 메트릭 임계값(예: 한 시간에 10을 초과하는 오류 수)에 의해 생성된 활동 로그의 항목과 같은 이벤트를 팀에 알리는 경고를 만듭니다", - "waf": "운영 우수성" - }, - { - "category": "운영 관리", - "guid": "8a477cde-b486-41bc-9bc1-0ae66e25d4d5", - "id": "AOAI.13", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/monitoring", - "service": "Azure OpenAI", - "severity": "높다", - "subcategory": "모니터링", - "text": "용량으로 인한 서비스 중단을 방지하기 위해 토큰 사용량을 모니터링합니다.", - "waf": "운영 우수성" - }, - { - "category": "운영 관리", - "guid": "a3aec2c4-e243-46b0-936c-b45e17960eee", - "id": "AOAI.14", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/monitoring", - "service": "Azure OpenAI", - "severity": "보통", - "subcategory": "관찰 가능성", - "text": "처리된 추론 토큰, 생성된 완료 토큰, 속도 제한 모니터링과 같은 메트릭 관찰", - "waf": "운영 우수성" - }, - { - "category": "운영 관리", - "guid": "fbdf4cc2-eec4-4d76-8c31-d25ffbb46a39", - "id": "AOAI.15", - "link": "https://techcommunity.microsoft.com/t5/apps-on-azure-blog/build-an-enterprise-ready-azure-openai-solution-with-azure-api/ba-p/3907562", - "service": "Azure OpenAI", - "severity": "낮다", - "subcategory": "관찰 가능성", - "text": "진단이 충분하지 않은 경우 Azure OpenAI 앞에 있는 Azure API Managements와 같은 게이트웨이를 사용하여 허용되는 경우 들어오는 프롬프트와 나가는 응답을 모두 기록하는 것이 좋습니다", - "waf": "운영 우수성" - }, - { - "category": "운영 관리", - "guid": "3af30ed3-2947-498b-8178-a2c5a46ceb54", - "id": "AOAI.16", - "link": "https://github.com/Azure-Samples/openai-enterprise-iac", - "service": "Azure OpenAI", - "severity": "높다", - "subcategory": "인프라스트럭처 구축", - "text": "Infrastructure as code를 사용하여 Azure OpenAI Service, 모델 배포 및 모든 관련 리소스를 배포합니다", - "waf": "운영 우수성" - }, - { - "category": "거버넌스 및 보안", - "guid": "4350d092-d234-4292-a752-8537a551c5bf", - "id": "AOAI.17", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/managed-identity", - "service": "Azure OpenAI", - "severity": "높다", - "subcategory": "인증", - "text": "API 키 대신 관리 ID로 Microsoft Entra 인증 사용", - "waf": "안전" - }, - { - "category": "책임감 있는 AI", - "guid": "4e4f1854-287d-45cd-a126-cc031af5b1fc", - "id": "AOAI.18", - "link": "https://learn.microsoft.com/azure/machine-learning/prompt-flow/how-to-bulk-test-evaluate-flow?view=azureml-api-2", - "service": "Azure OpenAI", - "severity": "높다", - "subcategory": "평가", - "text": "입력과 정답이 있는 알려진 골든 데이터 세트를 사용하여 시스템의 성능/정확도를 평가합니다. 평가를 위해 PromptFlow의 기능을 활용합니다.", - "waf": "운영 우수성" - }, - { - "category": "운영 관리", - "guid": "68889535-e327-4897-b31b-67d67be5962a", - "id": "AOAI.19", - "link": "https://learn.microsoft.com/azure/architecture/ai-ml/architecture/baseline-openai-e2e-chat#azure-openai---performance-efficiency", - "service": "Azure OpenAI", - "severity": "높다", - "subcategory": "호스팅 모델", - "text": "프로비저닝된 처리량 모델의 사용 평가 ", - "waf": "공연" - }, - { - "category": "책임감 있는 AI", - "guid": "cd288bed-6b17-4cb8-8454-51e1aed3453a", - "id": "AOAI.2", - "link": "https://learn.microsoft.com/azure/ai-services/content-safety/overview", - "service": "Azure OpenAI", - "severity": "높다", - "subcategory": "콘텐츠 안전성", - "text": "Azure AI 콘텐츠 안전성 검토 및 구현", - "waf": "운영 우수성" - }, - { - "category": "운영 관리", - "guid": "1193846d-697c-4b39-8ed1-6b2d186f0a02", - "id": "AOAI.20", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/latency#system-level-throughput", - "service": "Azure OpenAI", - "severity": "높다", - "subcategory": "처리량 정의", - "text": "분당 토큰 및 응답을 기반으로 시스템의 처리량을 정의 및 평가하고 요구 사항에 맞춥니다.", - "waf": "공연" - }, - { - "category": "운영 관리", - "guid": "41addde6-8a47-47cd-bb48-61bc3bc10ae6", - "id": "AOAI.21", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/latency#improve-performance", - "service": "Azure OpenAI", - "severity": "보통", - "subcategory": "지연 시간 개선", - "text": "토큰 크기, 스트리밍 옵션을 제한하여 시스템의 대기 시간을 개선합니다.", - "waf": "공연" - }, - { - "category": "운영 관리", - "guid": "6e25d4d5-a3ae-4c2c-9e24-36b0336cb45e", - "id": "AOAI.22", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/latency#batching", - "service": "Azure OpenAI", - "severity": "보통", - "subcategory": "탄력성 분리", - "text": "탄력성 요구를 예측하여 우선 순위에 따라 동기 및 일괄 처리 요청 분리를 결정합니다. 우선 순위가 높은 경우 동기 접근 방식을 사용하고 낮은 우선 순위의 경우 큐를 사용한 비동기 일괄 처리가 선호됩니다", - "waf": "공연" - }, - { - "category": "운영 관리", - "guid": "5bda4332-4f24-4811-9331-82ba51752694", - "id": "AOAI.23", - "link": "https://github.com/Azure/azure-openai-benchmark/", - "service": "Azure OpenAI", - "severity": "높다", - "subcategory": "벤치마킹", - "text": "소비자의 예상 수요를 기반으로 토큰 사용 요구 사항을 벤치마킹합니다. 프로비저닝된 처리량 단위 배포를 사용하는 경우 처리량의 유효성을 검사하는 데 도움이 되도록 Azure OpenAI 벤치마킹 도구를 사용하는 것이 좋습니다", - "waf": "공연" - }, - { - "category": "운영 관리", - "guid": "4008ae7d-7e47-4432-96d8-bdcf55bce619", - "id": "AOAI.24", - "link": "https://techcommunity.microsoft.com/t5/fasttrack-for-azure/optimizing-azure-openai-a-guide-to-limits-quotas-and-best/ba-p/4076268", - "service": "Azure OpenAI", - "severity": "보통", - "subcategory": "탄력 ", - "text": "PTU(프로비저닝된 처리량 단위)를 사용하는 경우 오버플로 요청에 대한 TPM(분당 토큰) 배포를 배포하는 것이 좋습니다. 게이트웨이를 사용하여 PTU 제한에 도달할 때 TPM 배포로 요청을 라우팅합니다.", - "waf": "공연" - }, - { - "category": "운영 관리", - "guid": "e8a13f98-8794-424d-9267-86d60b96c97b", - "id": "AOAI.25", - "link": "https://learn.microsoft.com/azure/ai-services/openai/concepts/models", - "service": "Azure OpenAI", - "severity": "높다", - "subcategory": "모델 선택", - "text": "올바른 작업에 적합한 모델을 선택하십시오. 속도, 응답 품질 및 출력 복잡성 간에 적절한 절충점이 있는 모델 선택", - "waf": "공연" - }, - { - "category": "운영 관리", - "guid": "e9951904-8384-45c9-a6cb-2912156a1147", - "id": "AOAI.26", - "link": "https://github.com/Azure/azure-openai-benchmark/", - "service": "Azure OpenAI", - "severity": "보통", - "subcategory": "미세 조정", - "text": "미세 조정으로 모델 성능이 향상되었는지 여부를 파악하기 위해 미세 조정 없이 성능에 대한 기준이 있습니다.", - "waf": "공연" - }, - { - "category": "BC 및 DR", - "guid": "5e39f541-accc-4d97-a376-bcdb3750ab2a", - "id": "AOAI.27", - "link": "https://learn.microsoft.com/azure/architecture/ai-ml/architecture/baseline-openai-e2e-chat#azure-openai---reliability", - "service": "Azure OpenAI", - "severity": "낮다", - "subcategory": "다중 지역 아키텍처Multi-region architecture", - "text": "여러 지역에 여러 OAI 인스턴스 배포", - "waf": "신뢰도" - }, - { - "category": "BC 및 DR", - "guid": "b039da6d-55d7-4c89-8adb-107d5325af62", - "id": "AOAI.28", - "link": "https://learn.microsoft.com/azure/architecture/ai-ml/architecture/baseline-openai-e2e-chat#azure-openai---reliability", - "service": "Azure OpenAI", - "severity": "높다", - "subcategory": "로드 밸런싱", - "text": "APIM과 같은 게이트웨이 패턴을 사용하여 재시도 및 상태 확인 구현Implement retry & healthchecks with gateway pattern like APIM", - "waf": "신뢰도" - }, - { - "category": "BC 및 DR", - "guid": "5ca44e46-85e2-4223-ace8-bb12308ca5f1", - "id": "AOAI.29", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/quota?tabs=rest#introduction-to-quota", - "service": "Azure OpenAI", - "severity": "보통", - "subcategory": "할당량", - "text": "워크로드에 대한 TPM 및 RPM의 적절한 할당량이 있는지 확인합니다.", - "waf": "신뢰도" - }, - { - "category": "책임감 있는 AI", - "guid": "ec723923-7a15-42d6-ac5e-402925387e5c", - "id": "AOAI.3", - "link": "https://www.microsoft.com/research/project/guidelines-for-human-ai-interaction/", - "service": "Azure OpenAI", - "severity": "보통", - "subcategory": "UX 모범 사례", - "text": "HAI 도구 키트 지침의 고려 사항을 검토하고 slution에 대한 이러한 상호 작용 방법을 적용합니다", - "waf": "운영 우수성" - }, - { - "category": "BC 및 DR", - "guid": "7f154e3a-a369-4282-ae7e-316183687a04", - "id": "AOAI.30", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/business-continuity-disaster-recovery", - "service": "Azure OpenAI", - "severity": "보통", - "subcategory": "로드 밸런싱", - "text": "미세 조정이 사용되는 경우 지역 간에 별도의 미세 조정된 모델을 배포합니다.", - "waf": "신뢰도" - }, - { - "category": "BC 및 DR", - "guid": "77a1f893-5bda-4433-84f2-4811633182ba", - "id": "AOAI.31", - "link": "https://learn.microsoft.com/azure/backup/backup-overview", - "service": "Azure OpenAI", - "severity": "보통", - "subcategory": "데이터 백업 및 재해 복구", - "text": "중요한 데이터를 정기적으로 백업 및 복제하여 데이터 손실 또는 시스템 장애 발생 시 데이터 가용성과 복구 가능성을 보장합니다. Azure의 백업 및 재해 복구 서비스를 활용하여 데이터를 보호하세요.", - "waf": "신뢰도" - }, - { - "category": "BC 및 DR", - "guid": "95b96ad8-844c-4e3b-8b38-b876ba2cf204", - "id": "AOAI.32", - "link": "https://www.microsoft.com/licensing/docs/view/Service-Level-Agreements-SLA-for-Online-Services?lang=1", - "service": "Azure OpenAI", - "severity": "높다", - "subcategory": "SLA 고려 사항", - "text": "SLA를 갖도록 Azure AI 검색 서비스 계층을 선택해야 합니다. ", - "waf": "신뢰도" - }, - { - "category": "거버넌스 및 보안", - "guid": "99013a5d-3ce4-474d-acbd-8682a6abca2a", - "id": "AOAI.33", - "link": "https://learn.microsoft.com/purview/purview", - "service": "Azure OpenAI", - "severity": "낮다", - "subcategory": "데이터 민감도", - "text": "임베딩을 생성하기 전에 데이터 및 민감도를 분류하고 Microsoft Purview를 사용하여 레이블을 지정하고 생성된 임베딩을 동일한 민감도 및 분류로 처리해야 합니다", - "waf": "안전" - }, - { - "category": "거버넌스 및 보안", - "guid": "4fda1dbf-3dd9-45d4-ac7c-891dca1f6d56", - "id": "AOAI.34", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/use-your-data-securely", - "service": "Azure OpenAI", - "severity": "높다", - "subcategory": "저장 데이터 암호화", - "text": "BYOK(옵션)를 사용한 SSE/디스크 암호화로 RAG에 사용되는 데이터 암호화", - "waf": "안전" - }, - { - "category": "거버넌스 및 보안", - "guid": "59ae558b-937d-4498-9e11-12dbd7ba012f", - "id": "AOAI.35", - "link": "https://learn.microsoft.com/azure/search/search-security-overview", - "service": "Azure OpenAI", - "severity": "높다", - "subcategory": "트랜짓 암호화", - "text": "데이터 소스 간 전송 중인 데이터, RAG(Retrieval-Augmented Generation) 및 LLM 통신에 사용되는 AI 검색에 TLS가 적용되는지 확인합니다.", - "waf": "안전" - }, - { - "category": "거버넌스 및 보안", - "guid": "7b94ef6e-047d-42ea-8992-b1cd6e2054b2", - "id": "AOAI.36", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/role-based-access-control", - "service": "Azure OpenAI", - "severity": "높다", - "subcategory": "출입 통제", - "text": "RBAC를 사용하여 Azure OpenAI 서비스에 대한 액세스를 관리합니다. 사용자에게 적절한 권한을 할당하고 사용자의 역할과 책임에 따라 액세스를 제한합니다.", - "waf": "안전" - }, - { - "category": "거버넌스 및 보안", - "guid": "9769e4a6-91e8-4838-ac93-6667e13c0056", - "id": "AOAI.37", - "link": "https://learn.microsoft.com/azure/security/fundamentals/data-encryption-best-practices", - "service": "Azure OpenAI", - "severity": "보통", - "subcategory": "데이터 마스킹 및 수정", - "text": "데이터 암호화, 마스킹 또는 수정 기술을 구현하여 비프로덕션 환경에서 또는 테스트 또는 문제 해결을 위해 데이터를 공유할 때 민감한 데이터를 숨기거나 난독화된 값으로 대체합니다.", - "waf": "안전" - }, - { - "category": "거버넌스 및 보안", - "guid": "74b1e945-b459-4837-be7a-d6c6d3b375a5", - "id": "AOAI.38", - "link": "https://learn.microsoft.com/azure/defender-for-cloud/defender-for-cloud-introduction", - "service": "Azure OpenAI", - "severity": "높다", - "subcategory": "위협 탐지 및 모니터링", - "text": "Azure Defender를 활용하여 보안 위협을 탐지 및 대응하고 의심스러운 활동 또는 위반을 식별하기 위한 모니터링 및 경고 메커니즘을 설정합니다. 고급 위협 탐지 및 대응을 위해 Azure Sentinel 활용", - "waf": "안전" - }, - { - "category": "거버넌스 및 보안", - "guid": "c7acbe48-abe5-44cd-99f2-e87768468c55", - "id": "AOAI.39", - "link": "https://techcommunity.microsoft.com/t5/azure-storage-blog/managing-long-term-log-retention-or-any-business-data/ba-p/2494791", - "service": "Azure OpenAI", - "severity": "보통", - "subcategory": "데이터 보유 및 폐기", - "text": "규정 준수 규정을 준수하기 위해 데이터 보존 및 폐기 정책을 수립합니다. 더 이상 필요하지 않은 데이터에 대한 안전한 삭제 방법을 구현하고 데이터 보존 및 폐기 활동에 대한 감사 추적을 유지 관리합니다.", - "waf": "안전" - }, - { - "category": "책임감 있는 AI", - "guid": "a9c27d9c-42bb-46bd-8c69-99a246f3389a", - "id": "AOAI.4", - "link": "https://learn.microsoft.com/azure/ai-services/content-safety/concepts/jailbreak-detection", - "service": "Azure OpenAI", - "severity": "높다", - "subcategory": "탈옥 안전", - "text": "Content Safety를 사용하여 Prompt shields 및 groundedness detection 구현 ", - "waf": "운영 우수성" - }, - { - "category": "거버넌스 및 보안", - "guid": "a775c6ee-95b9-46ad-a844-ce3b2b38b876", - "id": "AOAI.40", - "link": "https://learn.microsoft.com/azure/compliance/", - "service": "Azure OpenAI", - "severity": "높다", - "subcategory": "데이터 개인 정보 보호 및 규정 준수", - "text": "개인 정보 보호 제어를 구현하고 데이터 처리 활동에 필요한 동의 또는 권한을 얻어 GDPR 또는 HIPAA와 같은 관련 데이터 보호 규정을 준수하도록 합니다.", - "waf": "안전" - }, - { - "category": "거버넌스 및 보안", - "guid": "ba2cf204-9901-43a5-b3ce-474dccbd8682", - "id": "AOAI.41", - "service": "Azure OpenAI", - "severity": "보통", - "subcategory": "직원 인식 제고 및 교육", - "text": "데이터 보안 모범 사례, 데이터 안전한 처리의 중요성, 데이터 침해와 관련된 잠재적 위험에 대해 직원을 교육합니다. 데이터 보안 프로토콜을 성실히 따르도록 권장합니다.", - "waf": "안전" - }, - { - "category": "거버넌스 및 보안", - "guid": "eae01e6e-842e-452f-9721-d928c1b1cd52", - "id": "AOAI.42", - "service": "Azure OpenAI", - "severity": "높다", - "subcategory": "환경 분리", - "text": "생산 데이터를 개발 및 테스트 데이터와 분리합니다. 프로덕션에서는 실제 민감한 데이터만 사용하고 개발 및 테스트 환경에서는 익명 또는 합성 데이터를 활용합니다.", - "waf": "안전" - }, - { - "category": "거버넌스 및 보안", - "guid": "1e54a29a-9de3-499c-bd7b-28dc93555620", - "id": "AOAI.43", - "service": "Azure OpenAI", - "severity": "보통", - "subcategory": "인덱스 분리", - "text": "데이터 민감도 수준이 다양하다면 각 수준에 대해 별도의 인덱스를 만드는 것이 좋습니다. 예를 들어, 일반 데이터에 대한 인덱스와 민감한 데이터에 대한 인덱스가 있을 수 있으며, 각각 다른 액세스 프로토콜에 의해 제어됩니다", - "waf": "안전" - }, - { - "category": "거버넌스 및 보안", - "guid": "2bfe4564-b0d8-434a-948b-263e6dd60512", - "id": "AOAI.44", - "service": "Azure OpenAI", - "severity": "보통", - "subcategory": "별도의 인스턴스에 있는 민감한 데이터Sensitive Data in separate instances", - "text": "한 단계 더 나아가 중요한 데이터 세트를 서비스의 다른 인스턴스에 배치합니다. 각 인스턴스는 고유한 특정 RBAC 정책 집합으로 제어할 수 있습니다", - "waf": "안전" - }, - { - "category": "거버넌스 및 보안", - "guid": "a36498f6-dbad-438e-ad53-cc7ce1d7aaab", - "id": "AOAI.45", - "service": "Azure OpenAI", - "severity": "높다", - "subcategory": "임베딩 및 벡터 처리", - "text": "민감한 정보에서 생성된 임베딩과 벡터는 그 자체로 민감하다는 점을 인식해야 합니다. 이 데이터에는 원본 자료와 동일한 보호 조치가 제공되어야 합니다", - "waf": "안전" - }, - { - "category": "거버넌스 및 보안", - "guid": "3571449a-b805-43d8-af89-dc7b33be2a1a", - "id": "AOAI.46", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/role-based-access-control", - "service": "Azure OpenAI", - "severity": "높다", - "subcategory": "출입 통제", - "text": "임베딩 및 벡터가 있는 데이터 저장소에 RBAC를 적용하고 역할의 액세스 요구 사항에 따라 액세스 범위를 지정합니다.", - "waf": "안전" - }, - { - "category": "거버넌스 및 보안", - "guid": "27f7b9e9-1be1-4f38-aef3-9812bd463cbb", - "id": "AOAI.47", - "link": "https://techcommunity.microsoft.com/t5/azure-architecture-blog/azure-openai-private-endpoints-connecting-across-vnet-s/ba-p/3913325", - "service": "Azure OpenAI", - "severity": "높다", - "subcategory": "네트워크 보안", - "text": "AI 서비스에 대한 프라이빗 엔드포인트를 구성하여 네트워크 내 서비스 액세스를 제한합니다.", - "waf": "안전" - }, - { - "category": "거버넌스 및 보안", - "guid": "ac8ac199-ebb9-41a3-9d90-cae2cc881370", - "id": "AOAI.48", - "service": "Azure OpenAI", - "severity": "높다", - "subcategory": "네트워크 보안", - "text": "Azure Firewall 및 UDR을 사용하여 엄격한 인바운드 및 아웃바운드 트래픽 제어를 적용하고 외부 통합 지점을 제한합니다.", - "waf": "안전" - }, - { - "category": "거버넌스 및 보안", - "guid": "6f7c0cba-fe51-4464-add4-57e927138b82", - "id": "AOAI.49", - "service": "Azure OpenAI", - "severity": "높다", - "subcategory": "네트워크 액세스 제어", - "text": "네트워크 세분화 및 액세스 제어를 구현하여 LLM 애플리케이션에 대한 액세스를 인증된 사용자 및 시스템으로만 제한하고 측면 이동을 방지합니다.", - "waf": "안전" - }, - { - "category": "비용 최적화", - "guid": "7f42c78e-78cb-46a2-8ad1-90916e6a8d8f", - "id": "AOAI.5", - "link": "https://www.microsoft.com/research/blog/llmlingua-innovating-llm-efficiency-with-prompt-compression/", - "service": "Azure OpenAI", - "severity": "보통", - "subcategory": "토큰 최적화", - "text": "LLMLingua 또는 gprtrim과 같은 프롬프트 압축 도구 사용", - "waf": "비용 최적화" - }, - { - "category": "거버넌스 및 보안", - "guid": "1102cac6-eae0-41e6-b842-e52f4721d928", - "id": "AOAI.50", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/managed-identity", - "service": "Azure OpenAI", - "severity": "높다", - "subcategory": "API 및 엔드포인트 보안", - "text": "LLM 애플리케이션에서 사용하는 API 및 엔드포인트가 관리 ID, API 키 또는 OAuth와 같은 인증 및 권한 부여 메커니즘으로 적절하게 보호되어 무단 액세스를 방지해야 합니다.", - "waf": "안전" - }, - { - "category": "거버넌스 및 보안", - "guid": "c1b1cd52-1e54-4a29-a9de-399cfd7b28dc", - "id": "AOAI.51", - "link": "https://techcommunity.microsoft.com/t5/azure-architecture-blog/security-best-practices-for-genai-applications-openai-in-azure/ba-p/4027885", - "service": "Azure OpenAI", - "severity": "보통", - "subcategory": "강력한 인증 구현", - "text": "다단계 인증(multi-factor authentication)과 같은 강력한 최종 사용자 인증 메커니즘을 적용하여 LLM 애플리케이션 및 관련 네트워크 리소스에 대한 무단 액세스를 방지합니다.", - "waf": "안전" - }, - { - "category": "거버넌스 및 보안", - "guid": "93555620-2bfe-4456-9b0d-834a348b263e", - "id": "AOAI.52", - "service": "Azure OpenAI", - "severity": "보통", - "subcategory": "네트워크 모니터링 사용", - "text": "네트워크 모니터링 도구를 구현하여 의심스럽거나 악의적인 활동에 대한 네트워크 트래픽을 탐지하고 분석합니다. 로깅을 활성화하여 네트워크 이벤트를 캡처하고 보안 사고 발생 시 포렌식 분석을 용이하게 합니다.", - "waf": "안전" - }, - { - "category": "거버넌스 및 보안", - "guid": "6dd60512-a364-498f-9dba-d38ead53cc7c", - "id": "AOAI.53", - "service": "Azure OpenAI", - "severity": "보통", - "subcategory": "보안 감사 및 침투 테스트", - "text": "보안 감사 및 침투 테스트를 수행하여 LLM 애플리케이션의 네트워크 인프라에서 네트워크 보안 약점 또는 취약성을 식별하고 해결합니다.", - "waf": "안전" - }, - { - "category": "거버넌스 및 보안", - "guid": "e1d7aaab-3571-4449-ab80-53d89f89dc7b", - "id": "AOAI.54", - "link": "https://learn.microsoft.com/azure/azure-resource-manager/management/tag-resources?tabs=json", - "service": "Azure OpenAI", - "severity": "낮다", - "subcategory": "인프라스트럭처 구축", - "text": "Azure AI 서비스는 더 나은 관리를 위해 적절하게 태그가 지정됩니다.", - "waf": "운영 우수성" - }, - { - "category": "거버넌스 및 보안", - "guid": "77036e5e-6b4b-4ed3-b503-547c1347dc56", - "id": "AOAI.55", - "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations", - "service": "Azure OpenAI", - "severity": "낮다", - "subcategory": "인프라스트럭처 구축", - "text": "Azure AI Service 계정은 조직의 명명 규칙을 따릅니다.", - "waf": "운영 우수성" - }, - { - "category": "거버넌스 및 보안", - "guid": "028a71ff-e1ce-415d-b3f0-d5e772d41e36", - "id": "AOAI.56", - "link": "https://learn.microsoft.com/azure/ai-services/diagnostic-logging", - "service": "Azure OpenAI", - "severity": "높다", - "subcategory": "진단 로깅", - "text": "Azure AI Services 리소스의 진단 로그를 사용하도록 설정해야 함", - "waf": "운영 우수성" - }, - { - "category": "ID 및 액세스 관리", - "guid": "11cc57b4-a4b1-4410-b439-58a8c2289b3d", - "id": "AOAI.57", - "link": "https://learn.microsoft.com/azure/ai-services/authentication", - "service": "Azure OpenAI", - "severity": "높다", - "subcategory": "Entra ID 기반 액세스", - "text": "키 액세스(로컬 인증)는 보안을 위해 사용하지 않도록 설정하는 것이 좋습니다. 키 기반 액세스를 사용하지 않도록 설정하면 Microsoft Entra ID가 유일한 액세스 방법이 되어 최소 권한 원칙과 세분화된 제어를 유지할 수 있습니다. ", - "waf": "안전" - }, - { - "category": "거버넌스 및 보안", - "guid": "6b57cfc6-5546-41e1-a3e3-453a3c863964", - "id": "AOAI.58", - "link": "https://learn.microsoft.com/azure/key-vault/general/best-practices", - "service": "Azure OpenAI", - "severity": "높다", - "subcategory": "보안 키 관리", - "text": "Azure Key Vault를 사용하여 키를 안전하게 저장하고 관리하세요. LLM 애플리케이션의 코드 내에 중요한 키를 하드 코딩하거나 포함하지 않도록 하고 관리 ID를 사용하여 Azure Key Vault에서 안전하게 검색합니다.", - "waf": "안전" - }, - { - "category": "거버넌스 및 보안", - "guid": "8b652d6c-15f5-4129-9539-8e6ded227dd1", - "id": "AOAI.59", - "link": "https://learn.microsoft.com/azure/key-vault/general/best-practices", - "service": "Azure OpenAI", - "severity": "높다", - "subcategory": "키 순환 및 만료Key Rotation and Expiration", - "text": "Azure Key Vault에 저장된 키를 정기적으로 회전하고 만료하여 무단 액세스의 위험을 최소화합니다.", - "waf": "안전" - }, - { - "category": "비용 최적화", - "guid": "adfe27be-e297-401a-a352-baaab79b088d", - "id": "AOAI.6", - "link": "https://github.com/openai/tiktoken", - "service": "Azure OpenAI", - "severity": "높다", - "subcategory": "토큰 최적화", - "text": "tiktoken을 사용하여 대화 모드에서 토큰 최적화를 위한 토큰 크기 이해", - "waf": "비용 최적화" - }, - { - "category": "거버넌스 및 보안", - "guid": "42b06c21-d799-49a6-96f4-389a7f42c78e", - "id": "AOAI.60", - "link": "https://learn.microsoft.com/azure/security/develop/secure-dev-overview", - "service": "Azure OpenAI", - "severity": "높다", - "subcategory": "안전한 코딩 연습", - "text": "보안 코딩 관행에 따라 주입 공격, XSS(교차 사이트 스크립팅) 또는 보안 구성 오류와 같은 일반적인 취약성을 방지합니다", - "waf": "안전" - }, - { - "category": "거버넌스 및 보안", - "guid": "78c06a73-a22a-4495-9e6a-8dc4a20e27c3", - "id": "AOAI.61", - "link": "https://learn.microsoft.com/azure/devops/repos/security/github-advanced-security-dependency-scanning?view=azure-devops", - "service": "Azure OpenAI", - "severity": "높다", - "subcategory": "패치 및 업데이트", - "text": "LLM 라이브러리와 다른 시스템 컴포넌트를 정기적으로 업데이트하고 패치하는 프로세스를 설정합니다.", - "waf": "안전" - }, - { - "category": "책임감 있는 AI", - "guid": "e29711b1-352b-4eee-879b-588defc4972c", - "id": "AOAI.62", - "link": "https://learn.microsoft.com/legal/cognitive-services/openai/code-of-conduct", - "service": "Azure OpenAI", - "severity": "높다", - "subcategory": "지배구조", - "text": "Azure OpenAI 또는 기타 LLM 사용 약관, 정책 및 지침, 허용되는 사용 사례 준수", - "waf": "운영 우수성" - }, - { - "category": "비용 최적화", - "guid": "d3cd21bf-7703-46e5-b6b4-bed3d503547c", - "id": "AOAI.63", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/manage-costs#base-series-and-codex-series-fine-tuned-models", - "service": "Azure OpenAI", - "severity": "보통", - "subcategory": "비용 숙지", - "text": "기본 모델과 미세 조정된 모델 및 토큰 단계 크기의 비용 차이를 이해합니다.", - "waf": "비용 최적화" - }, - { - "category": "비용 최적화", - "guid": "1347dc56-028a-471f-be1c-e15dd3f0d5e7", - "id": "AOAI.64", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/latency#batching", - "service": "Azure OpenAI", - "severity": "높다", - "subcategory": "배치 처리", - "text": "가능한 경우 호출당 오버헤드를 최소화하여 전체 비용을 줄일 수 있는 일괄 처리 요청. 배치 크기를 최적화해야 합니다.", - "waf": "비용 최적화" - }, - { - "category": "비용 최적화", - "guid": "72d41e36-11cc-457b-9a4b-1410d43958a8", - "id": "AOAI.65", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/manage-costs", - "service": "Azure OpenAI", - "severity": "보통", - "subcategory": "비용 모니터링", - "text": "모델 사용을 모니터링하는 비용 추적 시스템을 설정하고 해당 정보를 사용하여 모델 선택 및 프롬프트 크기를 알립니다", - "waf": "비용 최적화" - }, - { - "category": "비용 최적화", - "guid": "166cd072-af9b-4141-a898-a535e737897e", - "id": "AOAI.66", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/quota?tabs=rest#understanding-rate-limits", - "service": "Azure OpenAI", - "severity": "보통", - "subcategory": "토큰 한도", - "text": "모델 응답당 토큰 수에 대한 최대 제한을 설정합니다. 유효한 응답에 사용할 수 있을 만큼 충분히 큰지 확인하기 위해 크기를 최적화합니다", - "waf": "비용 최적화" - }, - { - "category": "운영 관리", - "guid": "71ca7da8-cfa9-462a-8594-946da97dc3a2", - "id": "AOAI.67", - "link": "https://learn.microsoft.com/azure/search/search-reliability", - "service": "Azure OpenAI", - "severity": "보통", - "subcategory": "AI 검색 신뢰성", - "text": "안정성을 위한 AI 검색 설정에 대해 제공된 지침을 검토합니다.", - "waf": "운영 우수성" - }, - { - "category": "운영 관리", - "guid": "3266b225-86f4-4a16-92bd-ddea8a487cde", - "id": "AOAI.68", - "link": "https://learn.microsoft.com/azure/search/vector-search-index-size?tabs=portal-vector-quota", - "service": "Azure OpenAI", - "severity": "보통", - "subcategory": "AI 검색 벡터 한계", - "text": "AI Search Vector 스토리지 계획 및 관리", - "waf": "운영 우수성" - }, - { - "category": "운영 관리", - "guid": "b4861bc3-bc14-4aeb-9e66-e8d9a3aec218", - "id": "AOAI.69", - "link": "https://learn.microsoft.com/azure/machine-learning/prompt-flow/how-to-end-to-end-llmops-with-prompt-flow?view=azureml-api-2", - "service": "Azure OpenAI", - "severity": "보통", - "subcategory": "데브옵스", - "text": "LLMOps 사례를 적용하여 GenAI 애플리케이션의 라이프사이클 관리를 자동화합니다.", - "waf": "운영 우수성" - }, - { - "category": "비용 최적화", - "guid": "aa80932c-8ec9-4d1b-a770-26e5e6beba9e", - "id": "AOAI.7", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/provisioned-throughput-onboarding#understanding-the-provisioned-throughput-purchase-model", - "service": "Azure OpenAI", - "severity": "높다", - "subcategory": "원가 계산 모델", - "text": "청구 모델 사용 평가 - PAYG 대 PTU", - "waf": "비용 최적화" - }, - { - "category": "운영 관리", - "guid": "e6436b07-36db-455f-9796-03334bdf9cc2", - "id": "AOAI.70", - "link": "https://techcommunity.microsoft.com/t5/ai-azure-ai-services-blog/how-to-control-azure-openai-models/ba-p/4146793", - "service": "Azure OpenAI", - "severity": "보통", - "subcategory": "데브옵스", - "text": "모델 버전 간에 전환할 때 프롬프트와 응용 프로그램의 품질을 평가합니다.", - "waf": "운영 우수성" - }, - { - "category": "운영 관리", - "guid": "3418db61-2712-4650-9bb4-7a393a080327", - "id": "AOAI.71", - "link": "https://learn.microsoft.com/azure/machine-learning/prompt-flow/concept-model-monitoring-generative-ai-evaluation-metrics?view=azureml-api-2", - "service": "Azure OpenAI", - "severity": "보통", - "subcategory": "발달", - "text": "GenAI 앱을 평가, 모니터링 및 개선하여 근거, 관련성, 정확성, 일관성, 유창성 등의 기능을 제공합니다.", - "waf": "운영 우수성" - }, - { - "category": "운영 관리", - "guid": "294798b1-578b-4219-a46c-eb5443513592", - "id": "AOAI.72", - "service": "Azure OpenAI", - "severity": "보통", - "subcategory": "발달", - "text": "다양한 검색 매개 변수를 기반으로 Azure AI Search 결과를 평가합니다", - "waf": "운영 우수성" - }, - { - "category": "운영 관리", - "guid": "2744293b-b628-4537-a551-19b08e8f5854", - "id": "AOAI.73", - "link": "https://learn.microsoft.com/azure/ai-services/openai/concepts/fine-tuning-considerations", - "service": "Azure OpenAI", - "severity": "보통", - "subcategory": "발달", - "text": "데이터를 사용하여 프롬프트 엔지니어링 및 RAG와 같은 다른 기본 접근 방식을 시도한 경우에만 모델을 미세 조정하여 정확도를 높이는 방법으로 살펴보십시오", - "waf": "운영 우수성" - }, - { - "category": "운영 관리", - "guid": "287d9cec-166c-4d07-8af9-b141a898a535", - "id": "AOAI.74", - "link": "https://learn.microsoft.com/azure/ai-services/openai/concepts/advanced-prompt-engineering?pivots=programming-language-chat-completions", - "service": "Azure OpenAI", - "severity": "보통", - "subcategory": "발달", - "text": "프롬프트 엔지니어링 기법을 사용하여 LLM 응답의 정확도 향상", - "waf": "운영 우수성" - }, - { - "category": "거버넌스 및 보안", - "guid": "e737897e-71ca-47da-acfa-962a1594946d", - "id": "AOAI.75", - "link": "https://learn.microsoft.com/azure/ai-services/openai/concepts/red-teaming", - "service": "Azure OpenAI", - "severity": "보통", - "subcategory": "보안 감사 및 침투 테스트", - "text": "GenAI 애플리케이션을 위한 레드 팀", - "waf": "안전" - }, - { - "category": "운영 관리", - "guid": "edb117e6-76aa-4f66-aca4-8e5a95f2223e", - "id": "AOAI.76", - "link": "https://www.microsoft.com/haxtoolkit/guideline/encourage-granular-feedback/", - "service": "Azure OpenAI", - "severity": "보통", - "subcategory": "최종 사용자 피드백", - "text": "최종 사용자에게 LLM 응답에 대한 점수 매기기 옵션을 제공하고 이러한 점수를 추적합니다. ", - "waf": "운영 우수성" - }, - { - "category": "비용 최적화", - "guid": "d5f3547c-c346-4d81-9028-a71ffe1b9b5d", - "id": "AOAI.8", - "link": "https://techcommunity.microsoft.com/t5/fasttrack-for-azure/optimizing-azure-openai-a-guide-to-limits-quotas-and-best/ba-p/4076268", - "service": "Azure OpenAI", - "severity": "높다", - "subcategory": "할당량 관리", - "text": "할당량 관리 방법 고려", - "waf": "비용 최적화" - }, - { - "category": "운영 관리", - "guid": "9de0d5d7-31d4-41e3-911c-817bfafbc410", - "id": "AOAI.9", - "link": "https://github.com/Azure/aoai-apim/blob/main/README.md", - "service": "Azure OpenAI", - "severity": "보통", - "subcategory": "로드 밸런싱", - "text": "APIM 기반 게이트웨이와 같은 Load Balancer 솔루션을 사용하여 서비스 및 지역 간에 부하와 용량을 분산합니다", - "waf": "운영 우수성" - } - ], - "metadata": { - "name": "Azure OpenAI Review", - "state": "Preview", - "timestamp": "July 24, 2024", - "waf": "all" - }, - "severities": [ - { - "name": "높다" - }, - { - "name": "보통" - }, - { - "name": "낮다" - } - ], - "status": [ - { - "description": "이 검사는 아직 검토되지 않았습니다", - "name": "확인되지 않음" - }, - { - "description": "이 검사와 연관된 작업 항목이 있습니다", - "name": "열다" - }, - { - "description": "이 검사는 확인되었으며 이와 관련된 추가 작업 항목이 없습니다", - "name": "성취" - }, - { - "description": "권장 사항을 이해하지만 현재 요구 사항에 필요하지 않음", - "name": "필요 없음" - }, - { - "description": "현재 설계에는 적용되지 않습니다.", - "name": "해당 없음" - } - ], - "waf": [ - { - "name": "신뢰도" - }, - { - "name": "안전" - }, - { - "name": "비용" - }, - { - "name": "작업" - }, - { - "name": "공연" - } - ], - "yesno": [ - { - "name": "예" - }, - { - "name": "아니요" - } - ] -} \ No newline at end of file diff --git a/checklists/aoai_checklist.pt.json b/checklists/aoai_checklist.pt.json deleted file mode 100644 index 62f7d383f..000000000 --- a/checklists/aoai_checklist.pt.json +++ /dev/null @@ -1,920 +0,0 @@ -{ - "categories": [ - { - "name": "Gerenciamento de identidade e acesso" - }, - { - "name": "Topologia e conectividade de rede" - }, - { - "name": "BC e DR" - }, - { - "name": "Governança e segurança" - }, - { - "name": "Governança de custos" - }, - { - "name": "Gestão de Operações" - }, - { - "name": "Implantação de aplicativos" - }, - { - "name": "IA responsável" - } - ], - "items": [ - { - "category": "IA responsável", - "guid": "a85b86ad-884f-48e3-9273-4b875ba18f10", - "id": "AOAI.1", - "link": "https://learn.microsoft.com/azure/ai-services/openai/concepts/system-message#define-additional-safety-and-behavioral-guardrails", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Metaprompting", - "text": "Siga as proteções do Metaprompting para uma IA razoável", - "waf": "Excelência Operacional" - }, - { - "category": "Gestão de Operações", - "guid": "d4391898-cd28-48be-b6b1-7cb8245451e1", - "id": "AOAI.10", - "link": "https://github.com/Azure-Samples/AI-Gateway", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Balanceamento de carga", - "text": "Considere padrões de gateway com APIM ou soluções como AI central para melhor limitação de taxa, balanceamento de carga, autenticação e registro", - "waf": "Excelência Operacional" - }, - { - "category": "Gestão de Operações", - "guid": "aed3453a-ec72-4392-97a1-52d6cc5e4029", - "id": "AOAI.11", - "link": "https://techcommunity.microsoft.com/t5/fasttrack-for-azure/azure-openai-insights-monitoring-ai-with-confidence/ba-p/4026850", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Monitorização", - "text": "Habilitar o monitoramento para suas instâncias AOAI", - "waf": "Excelência Operacional" - }, - { - "category": "Gestão de Operações", - "guid": "697cb391-ed16-4b2d-886f-0a0241addde6", - "id": "AOAI.12", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/monitoring#set-up-alerts", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Alertas", - "text": "Crie alertas para notificar as equipes sobre eventos, como uma entrada no log de atividades criada por uma ação executada no recurso, como regenerar suas chaves de assinatura ou um limite de métrica, como o número de erros que excedem 10 em uma hora", - "waf": "Excelência Operacional" - }, - { - "category": "Gestão de Operações", - "guid": "8a477cde-b486-41bc-9bc1-0ae66e25d4d5", - "id": "AOAI.13", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/monitoring", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Monitorização", - "text": "Monitore o uso do token para evitar interrupções de serviço devido à capacidade", - "waf": "Excelência Operacional" - }, - { - "category": "Gestão de Operações", - "guid": "a3aec2c4-e243-46b0-936c-b45e17960eee", - "id": "AOAI.14", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/monitoring", - "service": "Azure OpenAI", - "severity": "Média", - "subcategory": "Observabilidade", - "text": "Observe métricas como tokens de inferência processados, monitoramento de tokens de conclusão gerados para limite de taxa", - "waf": "Excelência Operacional" - }, - { - "category": "Gestão de Operações", - "guid": "fbdf4cc2-eec4-4d76-8c31-d25ffbb46a39", - "id": "AOAI.15", - "link": "https://techcommunity.microsoft.com/t5/apps-on-azure-blog/build-an-enterprise-ready-azure-openai-solution-with-azure-api/ba-p/3907562", - "service": "Azure OpenAI", - "severity": "Baixo", - "subcategory": "Observabilidade", - "text": "Se o diagnóstico não for suficiente para você, considere usar um gateway como o Gerenciamento de API do Azure na frente do Azure OpenAI para registrar prompts de entrada e respostas de saída, quando permitido", - "waf": "Excelência Operacional" - }, - { - "category": "Gestão de Operações", - "guid": "3af30ed3-2947-498b-8178-a2c5a46ceb54", - "id": "AOAI.16", - "link": "https://github.com/Azure-Samples/openai-enterprise-iac", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Implantação de infraestrutura", - "text": "Usar a infraestrutura como código para implantar o serviço OpenAI do Azure, implantações de modelo e todos os recursos relacionados", - "waf": "Excelência Operacional" - }, - { - "category": "Governança e segurança", - "guid": "4350d092-d234-4292-a752-8537a551c5bf", - "id": "AOAI.17", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/managed-identity", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Autenticação", - "text": "Usar a autenticação do Microsoft Entra com identidade gerenciada em vez de chave de API", - "waf": "Segurança" - }, - { - "category": "IA responsável", - "guid": "4e4f1854-287d-45cd-a126-cc031af5b1fc", - "id": "AOAI.18", - "link": "https://learn.microsoft.com/azure/machine-learning/prompt-flow/how-to-bulk-test-evaluate-flow?view=azureml-api-2", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Avaliação", - "text": "Avalie o desempenho/precisão do sistema com um conjunto de dados dourado conhecido que tenha as entradas e as respostas corretas. Aproveite os recursos do PromptFlow para avaliação.", - "waf": "Excelência Operacional" - }, - { - "category": "Gestão de Operações", - "guid": "68889535-e327-4897-b31b-67d67be5962a", - "id": "AOAI.19", - "link": "https://learn.microsoft.com/azure/architecture/ai-ml/architecture/baseline-openai-e2e-chat#azure-openai---performance-efficiency", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Modelo de hospedagem", - "text": "Avaliar o uso do modelo de taxa de transferência provisionada ", - "waf": "Desempenho" - }, - { - "category": "IA responsável", - "guid": "cd288bed-6b17-4cb8-8454-51e1aed3453a", - "id": "AOAI.2", - "link": "https://learn.microsoft.com/azure/ai-services/content-safety/overview", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Segurança de conteúdo", - "text": "Examinar e implementar a segurança de conteúdo do Azure AI", - "waf": "Excelência Operacional" - }, - { - "category": "Gestão de Operações", - "guid": "1193846d-697c-4b39-8ed1-6b2d186f0a02", - "id": "AOAI.20", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/latency#system-level-throughput", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Definição de taxa de transferência", - "text": "Defina e avalie a taxa de transferência do sistema com base em tokens e resposta por minuto e alinhe-se aos requisitos", - "waf": "Desempenho" - }, - { - "category": "Gestão de Operações", - "guid": "41addde6-8a47-47cd-bb48-61bc3bc10ae6", - "id": "AOAI.21", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/latency#improve-performance", - "service": "Azure OpenAI", - "severity": "Média", - "subcategory": "Melhoria da latência", - "text": "Melhore a latência do sistema limitando os tamanhos dos tokens, as opções de streaming", - "waf": "Desempenho" - }, - { - "category": "Gestão de Operações", - "guid": "6e25d4d5-a3ae-4c2c-9e24-36b0336cb45e", - "id": "AOAI.22", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/latency#batching", - "service": "Azure OpenAI", - "severity": "Média", - "subcategory": "Segregação de elasticidade", - "text": "Estime as demandas de elasticidade para determinar a segregação de solicitações síncronas e em lote com base na prioridade. Para alta prioridade, use a abordagem síncrona e, para baixa prioridade, o processamento em lote assíncrono com fila é preferível", - "waf": "Desempenho" - }, - { - "category": "Gestão de Operações", - "guid": "5bda4332-4f24-4811-9331-82ba51752694", - "id": "AOAI.23", - "link": "https://github.com/Azure/azure-openai-benchmark/", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Avaliação comparativa", - "text": "Compare os requisitos de consumo de token com base nas demandas estimadas dos consumidores. Considere usar a ferramenta de benchmarking OpenAI do Azure para ajudá-lo a validar a taxa de transferência se você estiver usando implantações de Unidade de Produtividade Provisionada", - "waf": "Desempenho" - }, - { - "category": "Gestão de Operações", - "guid": "4008ae7d-7e47-4432-96d8-bdcf55bce619", - "id": "AOAI.24", - "link": "https://techcommunity.microsoft.com/t5/fasttrack-for-azure/optimizing-azure-openai-a-guide-to-limits-quotas-and-best/ba-p/4076268", - "service": "Azure OpenAI", - "severity": "Média", - "subcategory": "Elasticidade ", - "text": "Se você estiver usando PTUs (Unidades de Produtividade Provisionadas), considere implantar uma implantação de token por minuto (TPM) para solicitações de estouro. Use um gateway para rotear solicitações para a implantação do TPM quando os limites de PTU forem atingidos.", - "waf": "Desempenho" - }, - { - "category": "Gestão de Operações", - "guid": "e8a13f98-8794-424d-9267-86d60b96c97b", - "id": "AOAI.25", - "link": "https://learn.microsoft.com/azure/ai-services/openai/concepts/models", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Escolha do modelo", - "text": "Escolha o modelo certo para a tarefa certa. Escolha modelos com a compensação certa entre velocidade, qualidade de resposta e complexidade de saída", - "waf": "Desempenho" - }, - { - "category": "Gestão de Operações", - "guid": "e9951904-8384-45c9-a6cb-2912156a1147", - "id": "AOAI.26", - "link": "https://github.com/Azure/azure-openai-benchmark/", - "service": "Azure OpenAI", - "severity": "Média", - "subcategory": "Afinar", - "text": "Tenha uma linha de base para o desempenho sem ajuste fino para saber se o ajuste fino melhorou ou não o desempenho do modelo", - "waf": "Desempenho" - }, - { - "category": "BC e DR", - "guid": "5e39f541-accc-4d97-a376-bcdb3750ab2a", - "id": "AOAI.27", - "link": "https://learn.microsoft.com/azure/architecture/ai-ml/architecture/baseline-openai-e2e-chat#azure-openai---reliability", - "service": "Azure OpenAI", - "severity": "Baixo", - "subcategory": "Arquitetura multirregional", - "text": "Implantar várias instâncias de OAI em regiões", - "waf": "Fiabilidade" - }, - { - "category": "BC e DR", - "guid": "b039da6d-55d7-4c89-8adb-107d5325af62", - "id": "AOAI.28", - "link": "https://learn.microsoft.com/azure/architecture/ai-ml/architecture/baseline-openai-e2e-chat#azure-openai---reliability", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Balanceamento de carga", - "text": "Implemente novas tentativas e verificações de integridade com o padrão de Gateway como APIM", - "waf": "Fiabilidade" - }, - { - "category": "BC e DR", - "guid": "5ca44e46-85e2-4223-ace8-bb12308ca5f1", - "id": "AOAI.29", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/quota?tabs=rest#introduction-to-quota", - "service": "Azure OpenAI", - "severity": "Média", - "subcategory": "Quotas", - "text": "Garantir que tenha cotas adequadas de TPM e RPM para a carga de trabalho", - "waf": "Fiabilidade" - }, - { - "category": "IA responsável", - "guid": "ec723923-7a15-42d6-ac5e-402925387e5c", - "id": "AOAI.3", - "link": "https://www.microsoft.com/research/project/guidelines-for-human-ai-interaction/", - "service": "Azure OpenAI", - "severity": "Média", - "subcategory": "Prática recomendada de UX", - "text": "Revise as considerações nas diretrizes do kit de ferramentas HAI e aplique essas práticas de interação para a análise", - "waf": "Excelência Operacional" - }, - { - "category": "BC e DR", - "guid": "7f154e3a-a369-4282-ae7e-316183687a04", - "id": "AOAI.30", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/business-continuity-disaster-recovery", - "service": "Azure OpenAI", - "severity": "Média", - "subcategory": "Balanceamento de carga", - "text": "Implantar modelos ajustados separados entre regiões se o ajuste fino for empregado", - "waf": "Fiabilidade" - }, - { - "category": "BC e DR", - "guid": "77a1f893-5bda-4433-84f2-4811633182ba", - "id": "AOAI.31", - "link": "https://learn.microsoft.com/azure/backup/backup-overview", - "service": "Azure OpenAI", - "severity": "Média", - "subcategory": "Backup de dados e recuperação de desastres", - "text": "Faça backup e replique regularmente dados críticos para garantir a disponibilidade e a capacidade de recuperação dos dados em caso de perda de dados ou falhas do sistema. Aproveite os serviços de backup e recuperação de desastre do Azure para proteger seus dados.", - "waf": "Fiabilidade" - }, - { - "category": "BC e DR", - "guid": "95b96ad8-844c-4e3b-8b38-b876ba2cf204", - "id": "AOAI.32", - "link": "https://www.microsoft.com/licensing/docs/view/Service-Level-Agreements-SLA-for-Online-Services?lang=1", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Considerações sobre SLA", - "text": "As camadas de serviço de pesquisa de IA do Azure devem ser escolhidas para ter um SLA ", - "waf": "Fiabilidade" - }, - { - "category": "Governança e segurança", - "guid": "99013a5d-3ce4-474d-acbd-8682a6abca2a", - "id": "AOAI.33", - "link": "https://learn.microsoft.com/purview/purview", - "service": "Azure OpenAI", - "severity": "Baixo", - "subcategory": "Sensibilidade de dados", - "text": "Classifique os dados e a confidencialidade, rotulando com o Microsoft Purview antes de gerar as inserções e certifique-se de tratar as inserções geradas com a mesma confidencialidade e classificação", - "waf": "Segurança" - }, - { - "category": "Governança e segurança", - "guid": "4fda1dbf-3dd9-45d4-ac7c-891dca1f6d56", - "id": "AOAI.34", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/use-your-data-securely", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Criptografia em repouso", - "text": "Criptografar dados usados para RAG com criptografia SSE/Disco com BYOK opcional", - "waf": "Segurança" - }, - { - "category": "Governança e segurança", - "guid": "59ae558b-937d-4498-9e11-12dbd7ba012f", - "id": "AOAI.35", - "link": "https://learn.microsoft.com/azure/search/search-security-overview", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Criptografia de trânsito", - "text": "Certifique-se de que o TLS seja aplicado para dados em trânsito entre fontes de dados, pesquisa de IA usada para RG (Geração Aumentada por Recuperação) e comunicação LLM", - "waf": "Segurança" - }, - { - "category": "Governança e segurança", - "guid": "7b94ef6e-047d-42ea-8992-b1cd6e2054b2", - "id": "AOAI.36", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/role-based-access-control", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Controle de acesso", - "text": "Use o RBAC para gerenciar o acesso aos serviços do OpenAI do Azure. Atribua permissões apropriadas aos usuários e restrinja o acesso com base em suas funções e responsabilidades", - "waf": "Segurança" - }, - { - "category": "Governança e segurança", - "guid": "9769e4a6-91e8-4838-ac93-6667e13c0056", - "id": "AOAI.37", - "link": "https://learn.microsoft.com/azure/security/fundamentals/data-encryption-best-practices", - "service": "Azure OpenAI", - "severity": "Média", - "subcategory": "Mascaramento e redação de dados", - "text": "Implemente técnicas de criptografia, mascaramento ou redação de dados para ocultar dados confidenciais ou substituí-los por valores ofuscados em ambientes de não produção ou ao compartilhar dados para fins de teste ou solução de problemas", - "waf": "Segurança" - }, - { - "category": "Governança e segurança", - "guid": "74b1e945-b459-4837-be7a-d6c6d3b375a5", - "id": "AOAI.38", - "link": "https://learn.microsoft.com/azure/defender-for-cloud/defender-for-cloud-introduction", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Detecção e monitoramento de ameaças", - "text": "Utilize o Azure Defender para detectar e responder a ameaças de segurança e configurar mecanismos de monitoramento e alerta para identificar atividades suspeitas ou violações. Aproveite o Azure Sentinel para detecção e resposta avançadas a ameaças", - "waf": "Segurança" - }, - { - "category": "Governança e segurança", - "guid": "c7acbe48-abe5-44cd-99f2-e87768468c55", - "id": "AOAI.39", - "link": "https://techcommunity.microsoft.com/t5/azure-storage-blog/managing-long-term-log-retention-or-any-business-data/ba-p/2494791", - "service": "Azure OpenAI", - "severity": "Média", - "subcategory": "Retenção e descarte de dados", - "text": "Estabeleça políticas de retenção e descarte de dados para cumprir os regulamentos de conformidade. Implemente métodos de exclusão segura para dados que não são mais necessários e mantenha uma trilha de auditoria das atividades de retenção e descarte de dados", - "waf": "Segurança" - }, - { - "category": "IA responsável", - "guid": "a9c27d9c-42bb-46bd-8c69-99a246f3389a", - "id": "AOAI.4", - "link": "https://learn.microsoft.com/azure/ai-services/content-safety/concepts/jailbreak-detection", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Segurança de fuga da prisão", - "text": "Implementar proteções imediatas e detecção de aterramento usando a Segurança de conteúdo ", - "waf": "Excelência Operacional" - }, - { - "category": "Governança e segurança", - "guid": "a775c6ee-95b9-46ad-a844-ce3b2b38b876", - "id": "AOAI.40", - "link": "https://learn.microsoft.com/azure/compliance/", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Privacidade e conformidade de dados", - "text": "Garanta a conformidade com os regulamentos de proteção de dados relevantes, como GDPR ou HIPAA, implementando controles de privacidade e obtendo os consentimentos ou permissões necessários para atividades de processamento de dados.", - "waf": "Segurança" - }, - { - "category": "Governança e segurança", - "guid": "ba2cf204-9901-43a5-b3ce-474dccbd8682", - "id": "AOAI.41", - "service": "Azure OpenAI", - "severity": "Média", - "subcategory": "Conscientização e treinamento de funcionários", - "text": "Eduque seus funcionários sobre as melhores práticas de segurança de dados, a importância de lidar com dados com segurança e os possíveis riscos associados a violações de dados. Incentive-os a seguir os protocolos de segurança de dados diligentemente.", - "waf": "Segurança" - }, - { - "category": "Governança e segurança", - "guid": "eae01e6e-842e-452f-9721-d928c1b1cd52", - "id": "AOAI.42", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Segregação ambiental", - "text": "Mantenha os dados de produção separados dos dados de desenvolvimento e teste. Use apenas dados confidenciais reais na produção e utilize dados anônimos ou sintéticos em ambientes de desenvolvimento e teste.", - "waf": "Segurança" - }, - { - "category": "Governança e segurança", - "guid": "1e54a29a-9de3-499c-bd7b-28dc93555620", - "id": "AOAI.43", - "service": "Azure OpenAI", - "severity": "Média", - "subcategory": "Segregação de índice", - "text": "Se você tiver níveis variados de confidencialidade de dados, considere criar índices separados para cada nível. Por exemplo, você pode ter um índice para dados gerais e outro para dados confidenciais, cada um regido por diferentes protocolos de acesso", - "waf": "Segurança" - }, - { - "category": "Governança e segurança", - "guid": "2bfe4564-b0d8-434a-948b-263e6dd60512", - "id": "AOAI.44", - "service": "Azure OpenAI", - "severity": "Média", - "subcategory": "Dados confidenciais em instâncias separadas", - "text": "Leve a segregação um passo adiante, colocando conjuntos de dados confidenciais em diferentes instâncias do serviço. Cada instância pode ser controlada com seu próprio conjunto específico de políticas RBAC", - "waf": "Segurança" - }, - { - "category": "Governança e segurança", - "guid": "a36498f6-dbad-438e-ad53-cc7ce1d7aaab", - "id": "AOAI.45", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Incorporação e manipulação de vetores", - "text": "Reconheça que incorporações e vetores gerados a partir de informações confidenciais são eles próprios sensíveis. Esses dados devem receber as mesmas medidas de proteção que o material de origem", - "waf": "Segurança" - }, - { - "category": "Governança e segurança", - "guid": "3571449a-b805-43d8-af89-dc7b33be2a1a", - "id": "AOAI.46", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/role-based-access-control", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Controle de acesso", - "text": "Aplique o RBAC aos armazenamentos de dados com incorporações e vetores e acesso ao escopo com base nos requisitos de acesso da função", - "waf": "Segurança" - }, - { - "category": "Governança e segurança", - "guid": "27f7b9e9-1be1-4f38-aef3-9812bd463cbb", - "id": "AOAI.47", - "link": "https://techcommunity.microsoft.com/t5/azure-architecture-blog/azure-openai-private-endpoints-connecting-across-vnet-s/ba-p/3913325", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Segurança de rede", - "text": "Configurar o ponto de extremidade privado para serviços de IA para restringir o acesso ao serviço em sua rede", - "waf": "Segurança" - }, - { - "category": "Governança e segurança", - "guid": "ac8ac199-ebb9-41a3-9d90-cae2cc881370", - "id": "AOAI.48", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Segurança de rede", - "text": "Imponha um controle estrito de tráfego de entrada e saída com o Firewall do Azure e UDRs e limite os pontos de integração externos", - "waf": "Segurança" - }, - { - "category": "Governança e segurança", - "guid": "6f7c0cba-fe51-4464-add4-57e927138b82", - "id": "AOAI.49", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Controle o acesso à rede", - "text": "Implemente segmentação de rede e controles de acesso para restringir o acesso ao aplicativo LLM apenas a usuários e sistemas autorizados e evitar movimentos laterais", - "waf": "Segurança" - }, - { - "category": "Otimização de custos", - "guid": "7f42c78e-78cb-46a2-8ad1-90916e6a8d8f", - "id": "AOAI.5", - "link": "https://www.microsoft.com/research/blog/llmlingua-innovating-llm-efficiency-with-prompt-compression/", - "service": "Azure OpenAI", - "severity": "Média", - "subcategory": "Otimização de token", - "text": "Use ferramentas de compactação imediatas como LLMLingua ou gprtrim", - "waf": "Otimização de custos" - }, - { - "category": "Governança e segurança", - "guid": "1102cac6-eae0-41e6-b842-e52f4721d928", - "id": "AOAI.50", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/managed-identity", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "APIs e endpoints seguros", - "text": "Certifique-se de que as APIs e os endpoints usados pelo aplicativo LLM estejam devidamente protegidos com mecanismos de autenticação e autorização, como identidades gerenciadas, chaves de API ou OAuth, para impedir o acesso não autorizado.", - "waf": "Segurança" - }, - { - "category": "Governança e segurança", - "guid": "c1b1cd52-1e54-4a29-a9de-399cfd7b28dc", - "id": "AOAI.51", - "link": "https://techcommunity.microsoft.com/t5/azure-architecture-blog/security-best-practices-for-genai-applications-openai-in-azure/ba-p/4027885", - "service": "Azure OpenAI", - "severity": "Média", - "subcategory": "Implementar autenticação forte", - "text": "Aplique mecanismos fortes de autenticação do usuário final, como autenticação multifator, para impedir o acesso não autorizado ao aplicativo LLM e aos recursos de rede associados", - "waf": "Segurança" - }, - { - "category": "Governança e segurança", - "guid": "93555620-2bfe-4456-9b0d-834a348b263e", - "id": "AOAI.52", - "service": "Azure OpenAI", - "severity": "Média", - "subcategory": "Usar o monitoramento de rede", - "text": "Implemente ferramentas de monitoramento de rede para detectar e analisar o tráfego de rede em busca de atividades suspeitas ou maliciosas. Habilite o registro para capturar eventos de rede e facilitar a análise forense em caso de incidentes de segurança", - "waf": "Segurança" - }, - { - "category": "Governança e segurança", - "guid": "6dd60512-a364-498f-9dba-d38ead53cc7c", - "id": "AOAI.53", - "service": "Azure OpenAI", - "severity": "Média", - "subcategory": "Auditorias de segurança e testes de penetração", - "text": "Realize auditorias de segurança e testes de penetração para identificar e resolver quaisquer pontos fracos ou vulnerabilidades de segurança de rede na infraestrutura de rede do aplicativo LLM", - "waf": "Segurança" - }, - { - "category": "Governança e segurança", - "guid": "e1d7aaab-3571-4449-ab80-53d89f89dc7b", - "id": "AOAI.54", - "link": "https://learn.microsoft.com/azure/azure-resource-manager/management/tag-resources?tabs=json", - "service": "Azure OpenAI", - "severity": "Baixo", - "subcategory": "Implantação de infraestrutura", - "text": "Os Serviços de IA do Azure são marcados corretamente para melhor gerenciamento", - "waf": "Excelência Operacional" - }, - { - "category": "Governança e segurança", - "guid": "77036e5e-6b4b-4ed3-b503-547c1347dc56", - "id": "AOAI.55", - "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations", - "service": "Azure OpenAI", - "severity": "Baixo", - "subcategory": "Implantação de infraestrutura", - "text": "As contas do Serviço de IA do Azure seguem as convenções de nomenclatura organizacional", - "waf": "Excelência Operacional" - }, - { - "category": "Governança e segurança", - "guid": "028a71ff-e1ce-415d-b3f0-d5e772d41e36", - "id": "AOAI.56", - "link": "https://learn.microsoft.com/azure/ai-services/diagnostic-logging", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Log de diagnóstico", - "text": "Os logs de diagnóstico nos recursos de serviços de IA do Azure devem ser habilitados", - "waf": "Excelência Operacional" - }, - { - "category": "Gerenciamento de identidade e acesso", - "guid": "11cc57b4-a4b1-4410-b439-58a8c2289b3d", - "id": "AOAI.57", - "link": "https://learn.microsoft.com/azure/ai-services/authentication", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Acesso baseado em ID de entrada", - "text": "Recomenda-se que o acesso à chave (autenticação local) seja desabilitado por segurança. Depois de desabilitar o acesso baseado em chave, o Microsoft Entra ID se torna o único método de acesso, o que permite manter o princípio de privilégio mínimo e o controle granular. ", - "waf": "Segurança" - }, - { - "category": "Governança e segurança", - "guid": "6b57cfc6-5546-41e1-a3e3-453a3c863964", - "id": "AOAI.58", - "link": "https://learn.microsoft.com/azure/key-vault/general/best-practices", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Gerenciamento seguro de chaves", - "text": "Armazene e gerencie chaves com segurança usando o Azure Key Vault. Evite codificar ou inserir chaves confidenciais no código do aplicativo LLM e recuperá-las com segurança do Azure Key Vault usando identidades gerenciadas", - "waf": "Segurança" - }, - { - "category": "Governança e segurança", - "guid": "8b652d6c-15f5-4129-9539-8e6ded227dd1", - "id": "AOAI.59", - "link": "https://learn.microsoft.com/azure/key-vault/general/best-practices", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Rotação e expiração de chaves", - "text": "Gire e expire regularmente as chaves armazenadas no Azure Key Vault para minimizar o risco de acesso não autorizado.", - "waf": "Segurança" - }, - { - "category": "Otimização de custos", - "guid": "adfe27be-e297-401a-a352-baaab79b088d", - "id": "AOAI.6", - "link": "https://github.com/openai/tiktoken", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Otimização de token", - "text": "Use tiktoken para entender os tamanhos de token para otimizações de token no modo de conversação", - "waf": "Otimização de custos" - }, - { - "category": "Governança e segurança", - "guid": "42b06c21-d799-49a6-96f4-389a7f42c78e", - "id": "AOAI.60", - "link": "https://learn.microsoft.com/azure/security/develop/secure-dev-overview", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Prática de codificação segura", - "text": "Siga práticas de codificação segura para evitar vulnerabilidades comuns, como ataques de injeção, cross-site scripting (XSS) ou configurações incorretas de segurança", - "waf": "Segurança" - }, - { - "category": "Governança e segurança", - "guid": "78c06a73-a22a-4495-9e6a-8dc4a20e27c3", - "id": "AOAI.61", - "link": "https://learn.microsoft.com/azure/devops/repos/security/github-advanced-security-dependency-scanning?view=azure-devops", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Patches e atualizações", - "text": "Configure um processo para atualizar e corrigir regularmente as bibliotecas LLM e outros componentes do sistema", - "waf": "Segurança" - }, - { - "category": "IA responsável", - "guid": "e29711b1-352b-4eee-879b-588defc4972c", - "id": "AOAI.62", - "link": "https://learn.microsoft.com/legal/cognitive-services/openai/code-of-conduct", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Governança", - "text": "Aderir aos termos de uso, políticas e diretrizes do Azure OpenAI ou de outros LLMs e casos de uso permitidos", - "waf": "Excelência Operacional" - }, - { - "category": "Otimização de custos", - "guid": "d3cd21bf-7703-46e5-b6b4-bed3d503547c", - "id": "AOAI.63", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/manage-costs#base-series-and-codex-series-fine-tuned-models", - "service": "Azure OpenAI", - "severity": "Média", - "subcategory": "Familiarização com custos", - "text": "Entender a diferença no custo de modelos básicos e modelos ajustados e tamanhos de etapa de token", - "waf": "Otimização de custos" - }, - { - "category": "Otimização de custos", - "guid": "1347dc56-028a-471f-be1c-e15dd3f0d5e7", - "id": "AOAI.64", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/latency#batching", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Processamento em lote", - "text": "Solicitações em lote, sempre que possível, para minimizar a sobrecarga por chamada, o que pode reduzir os custos gerais. Certifique-se de otimizar o tamanho do lote", - "waf": "Otimização de custos" - }, - { - "category": "Otimização de custos", - "guid": "72d41e36-11cc-457b-9a4b-1410d43958a8", - "id": "AOAI.65", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/manage-costs", - "service": "Azure OpenAI", - "severity": "Média", - "subcategory": "Monitoramento de custos", - "text": "Configure um sistema de rastreamento de custos que monitore o uso do modelo e use essas informações para ajudar a informar as escolhas do modelo e solicitar tamanhos", - "waf": "Otimização de custos" - }, - { - "category": "Otimização de custos", - "guid": "166cd072-af9b-4141-a898-a535e737897e", - "id": "AOAI.66", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/quota?tabs=rest#understanding-rate-limits", - "service": "Azure OpenAI", - "severity": "Média", - "subcategory": "Limite de token", - "text": "Defina um limite máximo para o número de tokens por resposta do modelo. Otimize o tamanho para garantir que seja grande o suficiente para uma resposta válida", - "waf": "Otimização de custos" - }, - { - "category": "Gestão de Operações", - "guid": "71ca7da8-cfa9-462a-8594-946da97dc3a2", - "id": "AOAI.67", - "link": "https://learn.microsoft.com/azure/search/search-reliability", - "service": "Azure OpenAI", - "severity": "Média", - "subcategory": "Confiabilidade da pesquisa de IA", - "text": "Examine as diretrizes fornecidas sobre como configurar a pesquisa de IA para confiabilidade", - "waf": "Excelência Operacional" - }, - { - "category": "Gestão de Operações", - "guid": "3266b225-86f4-4a16-92bd-ddea8a487cde", - "id": "AOAI.68", - "link": "https://learn.microsoft.com/azure/search/vector-search-index-size?tabs=portal-vector-quota", - "service": "Azure OpenAI", - "severity": "Média", - "subcategory": "Limites de vetor de pesquisa de IA", - "text": "Planejar e gerenciar o armazenamento de vetores do AI Search", - "waf": "Excelência Operacional" - }, - { - "category": "Gestão de Operações", - "guid": "b4861bc3-bc14-4aeb-9e66-e8d9a3aec218", - "id": "AOAI.69", - "link": "https://learn.microsoft.com/azure/machine-learning/prompt-flow/how-to-end-to-end-llmops-with-prompt-flow?view=azureml-api-2", - "service": "Azure OpenAI", - "severity": "Média", - "subcategory": "DevOps", - "text": "Aplique as práticas do LLMOps para automatizar o gerenciamento do ciclo de vida de seus aplicativos GenAI", - "waf": "Excelência Operacional" - }, - { - "category": "Otimização de custos", - "guid": "aa80932c-8ec9-4d1b-a770-26e5e6beba9e", - "id": "AOAI.7", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/provisioned-throughput-onboarding#understanding-the-provisioned-throughput-purchase-model", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Modelo de Custeio", - "text": "Avalie o uso de modelos de faturamento - PAYG vs PTU", - "waf": "Otimização de custos" - }, - { - "category": "Gestão de Operações", - "guid": "e6436b07-36db-455f-9796-03334bdf9cc2", - "id": "AOAI.70", - "link": "https://techcommunity.microsoft.com/t5/ai-azure-ai-services-blog/how-to-control-azure-openai-models/ba-p/4146793", - "service": "Azure OpenAI", - "severity": "Média", - "subcategory": "DevOps", - "text": "Avaliar a qualidade de prompts e aplicativos ao alternar entre versões de modelo", - "waf": "Excelência Operacional" - }, - { - "category": "Gestão de Operações", - "guid": "3418db61-2712-4650-9bb4-7a393a080327", - "id": "AOAI.71", - "link": "https://learn.microsoft.com/azure/machine-learning/prompt-flow/concept-model-monitoring-generative-ai-evaluation-metrics?view=azureml-api-2", - "service": "Azure OpenAI", - "severity": "Média", - "subcategory": "Desenvolvimento", - "text": "Avalie, monitore e refine seus aplicativos GenAI para recursos como fundamentação, relevância, precisão, coerência, fluência,", - "waf": "Excelência Operacional" - }, - { - "category": "Gestão de Operações", - "guid": "294798b1-578b-4219-a46c-eb5443513592", - "id": "AOAI.72", - "service": "Azure OpenAI", - "severity": "Média", - "subcategory": "Desenvolvimento", - "text": "Avaliar os resultados do Azure AI Search com base em diferentes parâmetros de pesquisa", - "waf": "Excelência Operacional" - }, - { - "category": "Gestão de Operações", - "guid": "2744293b-b628-4537-a551-19b08e8f5854", - "id": "AOAI.73", - "link": "https://learn.microsoft.com/azure/ai-services/openai/concepts/fine-tuning-considerations", - "service": "Azure OpenAI", - "severity": "Média", - "subcategory": "Desenvolvimento", - "text": "Olhe para os modelos de ajuste fino como forma de aumentar a precisão somente quando você tiver tentado outras abordagens básicas, como engenharia rápida e RAG com seus dados", - "waf": "Excelência Operacional" - }, - { - "category": "Gestão de Operações", - "guid": "287d9cec-166c-4d07-8af9-b141a898a535", - "id": "AOAI.74", - "link": "https://learn.microsoft.com/azure/ai-services/openai/concepts/advanced-prompt-engineering?pivots=programming-language-chat-completions", - "service": "Azure OpenAI", - "severity": "Média", - "subcategory": "Desenvolvimento", - "text": "Use técnicas de engenharia rápida para melhorar a precisão das respostas do LLM", - "waf": "Excelência Operacional" - }, - { - "category": "Governança e segurança", - "guid": "e737897e-71ca-47da-acfa-962a1594946d", - "id": "AOAI.75", - "link": "https://learn.microsoft.com/azure/ai-services/openai/concepts/red-teaming", - "service": "Azure OpenAI", - "severity": "Média", - "subcategory": "Auditorias de segurança e testes de penetração", - "text": "Equipe vermelha de seus aplicativos GenAI", - "waf": "Segurança" - }, - { - "category": "Gestão de Operações", - "guid": "edb117e6-76aa-4f66-aca4-8e5a95f2223e", - "id": "AOAI.76", - "link": "https://www.microsoft.com/haxtoolkit/guideline/encourage-granular-feedback/", - "service": "Azure OpenAI", - "severity": "Média", - "subcategory": "Feedback do usuário final", - "text": "Forneça aos usuários finais opções de pontuação para respostas LLM e acompanhe essas pontuações. ", - "waf": "Excelência Operacional" - }, - { - "category": "Otimização de custos", - "guid": "d5f3547c-c346-4d81-9028-a71ffe1b9b5d", - "id": "AOAI.8", - "link": "https://techcommunity.microsoft.com/t5/fasttrack-for-azure/optimizing-azure-openai-a-guide-to-limits-quotas-and-best/ba-p/4076268", - "service": "Azure OpenAI", - "severity": "Alto", - "subcategory": "Gerenciamento de cotas", - "text": "Considere as práticas de gerenciamento de cotas", - "waf": "Otimização de custos" - }, - { - "category": "Gestão de Operações", - "guid": "9de0d5d7-31d4-41e3-911c-817bfafbc410", - "id": "AOAI.9", - "link": "https://github.com/Azure/aoai-apim/blob/main/README.md", - "service": "Azure OpenAI", - "severity": "Média", - "subcategory": "Balanceamento de carga", - "text": "Use soluções de balanceador de carga, como gateway baseado em APIM, para balancear carga e capacidade entre serviços e regiões", - "waf": "Excelência Operacional" - } - ], - "metadata": { - "name": "Azure OpenAI Review", - "state": "Preview", - "timestamp": "July 24, 2024", - "waf": "all" - }, - "severities": [ - { - "name": "Alto" - }, - { - "name": "Média" - }, - { - "name": "Baixo" - } - ], - "status": [ - { - "description": "Esta verificação ainda não foi analisada", - "name": "Não verificado" - }, - { - "description": "Há um item de ação associado a essa verificação", - "name": "Abrir" - }, - { - "description": "Essa verificação foi verificada e não há mais itens de ação associados a ela", - "name": "Cumprido" - }, - { - "description": "Recomendação compreendida, mas não necessária pelos requisitos atuais", - "name": "Não é necessário" - }, - { - "description": "Não aplicável para o projeto atual", - "name": "N/A" - } - ], - "waf": [ - { - "name": "Fiabilidade" - }, - { - "name": "Segurança" - }, - { - "name": "Custar" - }, - { - "name": "Operações" - }, - { - "name": "Desempenho" - } - ], - "yesno": [ - { - "name": "Sim" - }, - { - "name": "Não" - } - ] -} \ No newline at end of file diff --git a/checklists/aoai_checklist.zh-Hant.json b/checklists/aoai_checklist.zh-Hant.json deleted file mode 100644 index 0f017814a..000000000 --- a/checklists/aoai_checklist.zh-Hant.json +++ /dev/null @@ -1,920 +0,0 @@ -{ - "categories": [ - { - "name": "身份和訪問管理" - }, - { - "name": "網路拓撲和連接" - }, - { - "name": "BC 和DR" - }, - { - "name": "治理與安全" - }, - { - "name": "成本治理" - }, - { - "name": "運營管理" - }, - { - "name": "應用程式部署" - }, - { - "name": "負責任的 AI" - } - ], - "items": [ - { - "category": "負責任的 AI", - "guid": "a85b86ad-884f-48e3-9273-4b875ba18f10", - "id": "AOAI.1", - "link": "https://learn.microsoft.com/azure/ai-services/openai/concepts/system-message#define-additional-safety-and-behavioral-guardrails", - "service": "Azure OpenAI", - "severity": "高", - "subcategory": "元提示", - "text": "遵循 Metaprompting 護欄,實現 realible AI", - "waf": "卓越運營" - }, - { - "category": "運營管理", - "guid": "d4391898-cd28-48be-b6b1-7cb8245451e1", - "id": "AOAI.10", - "link": "https://github.com/Azure-Samples/AI-Gateway", - "service": "Azure OpenAI", - "severity": "高", - "subcategory": "負載均衡", - "text": "考慮使用APIM或 AI central 等解決方案的閘道模式,以實現更好的速率限制、負載均衡、身份驗證和日誌記錄", - "waf": "卓越運營" - }, - { - "category": "運營管理", - "guid": "aed3453a-ec72-4392-97a1-52d6cc5e4029", - "id": "AOAI.11", - "link": "https://techcommunity.microsoft.com/t5/fasttrack-for-azure/azure-openai-insights-monitoring-ai-with-confidence/ba-p/4026850", - "service": "Azure OpenAI", - "severity": "高", - "subcategory": "監測", - "text": "為您的 AOAI 實例啟用監控", - "waf": "卓越運營" - }, - { - "category": "運營管理", - "guid": "697cb391-ed16-4b2d-886f-0a0241addde6", - "id": "AOAI.12", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/monitoring#set-up-alerts", - "service": "Azure OpenAI", - "severity": "高", - "subcategory": "警報", - "text": "建立警報以通知團隊有關事件的通知,例如由對資源執行的操作(例如重新生成其訂閱金閜)創建的活動日誌中的條目或指標閾值(例如一小時內超過 10 的錯誤數)", - "waf": "卓越運營" - }, - { - "category": "運營管理", - "guid": "8a477cde-b486-41bc-9bc1-0ae66e25d4d5", - "id": "AOAI.13", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/monitoring", - "service": "Azure OpenAI", - "severity": "高", - "subcategory": "監測", - "text": "監控令牌使用方式,防止由於容量導致服務中斷", - "waf": "卓越運營" - }, - { - "category": "運營管理", - "guid": "a3aec2c4-e243-46b0-936c-b45e17960eee", - "id": "AOAI.14", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/monitoring", - "service": "Azure OpenAI", - "severity": "中等", - "subcategory": "可觀察性", - "text": "觀察已處理的推理令牌、生成的完成令牌等指標,監視速率限制", - "waf": "卓越運營" - }, - { - "category": "運營管理", - "guid": "fbdf4cc2-eec4-4d76-8c31-d25ffbb46a39", - "id": "AOAI.15", - "link": "https://techcommunity.microsoft.com/t5/apps-on-azure-blog/build-an-enterprise-ready-azure-openai-solution-with-azure-api/ba-p/3907562", - "service": "Azure OpenAI", - "severity": "低", - "subcategory": "可觀察性", - "text": "如果診斷對你來說還不夠,請考慮在 Azure OpenAI 前面使用閘道(例如 Azure API 管理)來記錄傳入提示和傳出回應(如果允許)", - "waf": "卓越運營" - }, - { - "category": "運營管理", - "guid": "3af30ed3-2947-498b-8178-a2c5a46ceb54", - "id": "AOAI.16", - "link": "https://github.com/Azure-Samples/openai-enterprise-iac", - "service": "Azure OpenAI", - "severity": "高", - "subcategory": "基礎設施部署", - "text": "使用基礎結構即代碼部署 Azure OpenAI 服務、模型部署和所有相關資源", - "waf": "卓越運營" - }, - { - "category": "治理與安全", - "guid": "4350d092-d234-4292-a752-8537a551c5bf", - "id": "AOAI.17", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/managed-identity", - "service": "Azure OpenAI", - "severity": "高", - "subcategory": "認證", - "text": "將 Microsoft Entra 身份驗證與託管標識(而不是 API 金鑰)配合使用", - "waf": "安全" - }, - { - "category": "負責任的 AI", - "guid": "4e4f1854-287d-45cd-a126-cc031af5b1fc", - "id": "AOAI.18", - "link": "https://learn.microsoft.com/azure/machine-learning/prompt-flow/how-to-bulk-test-evaluate-flow?view=azureml-api-2", - "service": "Azure OpenAI", - "severity": "高", - "subcategory": "評估", - "text": "使用已知的黃金數據集評估系統的性能/準確性,該數據集具有輸入和正確答案。利用 PromptFlow 中的功能進行評估。", - "waf": "卓越運營" - }, - { - "category": "運營管理", - "guid": "68889535-e327-4897-b31b-67d67be5962a", - "id": "AOAI.19", - "link": "https://learn.microsoft.com/azure/architecture/ai-ml/architecture/baseline-openai-e2e-chat#azure-openai---performance-efficiency", - "service": "Azure OpenAI", - "severity": "高", - "subcategory": "託管模型", - "text": "評估預配輸送量模型的使用方式", - "waf": "性能" - }, - { - "category": "負責任的 AI", - "guid": "cd288bed-6b17-4cb8-8454-51e1aed3453a", - "id": "AOAI.2", - "link": "https://learn.microsoft.com/azure/ai-services/content-safety/overview", - "service": "Azure OpenAI", - "severity": "高", - "subcategory": "內容安全", - "text": "查看和實施 Azure AI 內容安全性", - "waf": "卓越運營" - }, - { - "category": "運營管理", - "guid": "1193846d-697c-4b39-8ed1-6b2d186f0a02", - "id": "AOAI.20", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/latency#system-level-throughput", - "service": "Azure OpenAI", - "severity": "高", - "subcategory": "輸送量定義", - "text": "根據令牌數和每分鐘的回應來定義和評估系統的輸送量,並符合要求", - "waf": "性能" - }, - { - "category": "運營管理", - "guid": "41addde6-8a47-47cd-bb48-61bc3bc10ae6", - "id": "AOAI.21", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/latency#improve-performance", - "service": "Azure OpenAI", - "severity": "中等", - "subcategory": "延遲改善", - "text": "通過限制令牌大小、流式處理選項來改善系統的延遲", - "waf": "性能" - }, - { - "category": "運營管理", - "guid": "6e25d4d5-a3ae-4c2c-9e24-36b0336cb45e", - "id": "AOAI.22", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/latency#batching", - "service": "Azure OpenAI", - "severity": "中等", - "subcategory": "彈性分離", - "text": "估計彈性需求,以根據優先順序確定同步和批量請求分離。對於高優先順序,使用同步方法,對於低優先順序,首選使用佇列的異步批處理", - "waf": "性能" - }, - { - "category": "運營管理", - "guid": "5bda4332-4f24-4811-9331-82ba51752694", - "id": "AOAI.23", - "link": "https://github.com/Azure/azure-openai-benchmark/", - "service": "Azure OpenAI", - "severity": "高", - "subcategory": "標杆", - "text": "根據消費者的估計需求對代幣消費要求進行基準測試。如果使用的是預設輸送量單元部署,請考慮使用 Azure OpenAI 基準測試工具來幫助驗證輸送量", - "waf": "性能" - }, - { - "category": "運營管理", - "guid": "4008ae7d-7e47-4432-96d8-bdcf55bce619", - "id": "AOAI.24", - "link": "https://techcommunity.microsoft.com/t5/fasttrack-for-azure/optimizing-azure-openai-a-guide-to-limits-quotas-and-best/ba-p/4076268", - "service": "Azure OpenAI", - "severity": "中等", - "subcategory": "彈性", - "text": "如果您使用的是預設輸送量單位 (PTU),請考慮為溢出請求部署每分鐘令牌 (TPM) 部署。當達到 PTU 限制時,使用閘道將請求路由到 TPM 部署。", - "waf": "性能" - }, - { - "category": "運營管理", - "guid": "e8a13f98-8794-424d-9267-86d60b96c97b", - "id": "AOAI.25", - "link": "https://learn.microsoft.com/azure/ai-services/openai/concepts/models", - "service": "Azure OpenAI", - "severity": "高", - "subcategory": "型號選擇", - "text": "為正確的任務選擇正確的模型。選擇在速度、回應質量和輸出複雜性之間做出正確權衡的模型", - "waf": "性能" - }, - { - "category": "運營管理", - "guid": "e9951904-8384-45c9-a6cb-2912156a1147", - "id": "AOAI.26", - "link": "https://github.com/Azure/azure-openai-benchmark/", - "service": "Azure OpenAI", - "severity": "中等", - "subcategory": "微調", - "text": "有一個性能基線,而不進行微調,以瞭解微調是否提高了模型性能", - "waf": "性能" - }, - { - "category": "BC 和DR", - "guid": "5e39f541-accc-4d97-a376-bcdb3750ab2a", - "id": "AOAI.27", - "link": "https://learn.microsoft.com/azure/architecture/ai-ml/architecture/baseline-openai-e2e-chat#azure-openai---reliability", - "service": "Azure OpenAI", - "severity": "低", - "subcategory": "多區域架構", - "text": "跨區域部署多個 OAI 實例", - "waf": "可靠性" - }, - { - "category": "BC 和DR", - "guid": "b039da6d-55d7-4c89-8adb-107d5325af62", - "id": "AOAI.28", - "link": "https://learn.microsoft.com/azure/architecture/ai-ml/architecture/baseline-openai-e2e-chat#azure-openai---reliability", - "service": "Azure OpenAI", - "severity": "高", - "subcategory": "負載均衡", - "text": "使用閘道模式(如 APIM)實現重試和運行狀況檢查", - "waf": "可靠性" - }, - { - "category": "BC 和DR", - "guid": "5ca44e46-85e2-4223-ace8-bb12308ca5f1", - "id": "AOAI.29", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/quota?tabs=rest#introduction-to-quota", - "service": "Azure OpenAI", - "severity": "中等", - "subcategory": "配額", - "text": "確保為工作負載提供足夠的 TPM 和 RPM 配額", - "waf": "可靠性" - }, - { - "category": "負責任的 AI", - "guid": "ec723923-7a15-42d6-ac5e-402925387e5c", - "id": "AOAI.3", - "link": "https://www.microsoft.com/research/project/guidelines-for-human-ai-interaction/", - "service": "Azure OpenAI", - "severity": "中等", - "subcategory": "UX 最佳實踐", - "text": "查看 HAI 工具包指南中的注意事項,並將這些交互實踐應用於 slution", - "waf": "卓越運營" - }, - { - "category": "BC 和DR", - "guid": "7f154e3a-a369-4282-ae7e-316183687a04", - "id": "AOAI.30", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/business-continuity-disaster-recovery", - "service": "Azure OpenAI", - "severity": "中等", - "subcategory": "負載均衡", - "text": "如果採用微調,則跨區域部署單獨的微調模型", - "waf": "可靠性" - }, - { - "category": "BC 和DR", - "guid": "77a1f893-5bda-4433-84f2-4811633182ba", - "id": "AOAI.31", - "link": "https://learn.microsoft.com/azure/backup/backup-overview", - "service": "Azure OpenAI", - "severity": "中等", - "subcategory": "數據備份和災難恢復", - "text": "定期備份和複製關鍵數據,以確保數據丟失或系統故障時的數據可用性和可恢復性。利用 Azure 的備份和災難恢復服務來保護數據。", - "waf": "可靠性" - }, - { - "category": "BC 和DR", - "guid": "95b96ad8-844c-4e3b-8b38-b876ba2cf204", - "id": "AOAI.32", - "link": "https://www.microsoft.com/licensing/docs/view/Service-Level-Agreements-SLA-for-Online-Services?lang=1", - "service": "Azure OpenAI", - "severity": "高", - "subcategory": "SLA 注意事項", - "text": "應選擇 Azure AI 搜索服務層級以具有 SLA", - "waf": "可靠性" - }, - { - "category": "治理與安全", - "guid": "99013a5d-3ce4-474d-acbd-8682a6abca2a", - "id": "AOAI.33", - "link": "https://learn.microsoft.com/purview/purview", - "service": "Azure OpenAI", - "severity": "低", - "subcategory": "數據敏感度", - "text": "對數據和敏感度進行分類,在生成嵌入之前使用 Microsoft Purview 進行標記,並確保以相同的敏感度和分類處理生成的嵌入", - "waf": "安全" - }, - { - "category": "治理與安全", - "guid": "4fda1dbf-3dd9-45d4-ac7c-891dca1f6d56", - "id": "AOAI.34", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/use-your-data-securely", - "service": "Azure OpenAI", - "severity": "高", - "subcategory": "靜態加密", - "text": "使用 SSE/磁碟加密和可選的 BYOK 加密來加密用於 RAG 的數據", - "waf": "安全" - }, - { - "category": "治理與安全", - "guid": "59ae558b-937d-4498-9e11-12dbd7ba012f", - "id": "AOAI.35", - "link": "https://learn.microsoft.com/azure/search/search-security-overview", - "service": "Azure OpenAI", - "severity": "高", - "subcategory": "傳輸加密", - "text": "確保對跨數據源傳輸的數據實施 TLS,用於檢索增強生成 (RAG) 和 LLM 通信的 AI 搜索", - "waf": "安全" - }, - { - "category": "治理與安全", - "guid": "7b94ef6e-047d-42ea-8992-b1cd6e2054b2", - "id": "AOAI.36", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/role-based-access-control", - "service": "Azure OpenAI", - "severity": "高", - "subcategory": "存取控制", - "text": "使用 RBAC 管理對 Azure OpenAI 服務的訪問。為使用者分配適當的許可權,並根據其角色和職責限制訪問許可權", - "waf": "安全" - }, - { - "category": "治理與安全", - "guid": "9769e4a6-91e8-4838-ac93-6667e13c0056", - "id": "AOAI.37", - "link": "https://learn.microsoft.com/azure/security/fundamentals/data-encryption-best-practices", - "service": "Azure OpenAI", - "severity": "中等", - "subcategory": "數據遮罩和編輯", - "text": "實施數據加密、遮罩或編輯技術,以在非生產環境中或出於測試或故障排除目的共用數據時隱藏敏感數據或將其替換為混淆值", - "waf": "安全" - }, - { - "category": "治理與安全", - "guid": "74b1e945-b459-4837-be7a-d6c6d3b375a5", - "id": "AOAI.38", - "link": "https://learn.microsoft.com/azure/defender-for-cloud/defender-for-cloud-introduction", - "service": "Azure OpenAI", - "severity": "高", - "subcategory": "威脅檢測和監控", - "text": "利用 Azure Defender 來檢測和回應安全威脅,並設置監視和警報機制來識別可疑活動或違規行為。利用 Azure Sentinel 進行高級威脅檢測和回應", - "waf": "安全" - }, - { - "category": "治理與安全", - "guid": "c7acbe48-abe5-44cd-99f2-e87768468c55", - "id": "AOAI.39", - "link": "https://techcommunity.microsoft.com/t5/azure-storage-blog/managing-long-term-log-retention-or-any-business-data/ba-p/2494791", - "service": "Azure OpenAI", - "severity": "中等", - "subcategory": "數據保留和處置", - "text": "制定數據保留和處置策略,以遵守合規性法規。對不再需要的數據實施安全刪除方法,並維護數據保留和處置活動的審計跟蹤", - "waf": "安全" - }, - { - "category": "負責任的 AI", - "guid": "a9c27d9c-42bb-46bd-8c69-99a246f3389a", - "id": "AOAI.4", - "link": "https://learn.microsoft.com/azure/ai-services/content-safety/concepts/jailbreak-detection", - "service": "Azure OpenAI", - "severity": "高", - "subcategory": "越獄安全", - "text": "使用 Content Safety 實施 Prompt shields 和接地檢測", - "waf": "卓越運營" - }, - { - "category": "治理與安全", - "guid": "a775c6ee-95b9-46ad-a844-ce3b2b38b876", - "id": "AOAI.40", - "link": "https://learn.microsoft.com/azure/compliance/", - "service": "Azure OpenAI", - "severity": "高", - "subcategory": "數據隱私與合規", - "text": "通過實施隱私控制並獲得數據處理活動所需的同意或許可,確保遵守相關的數據保護法規,例如GDPR或HIPAA。", - "waf": "安全" - }, - { - "category": "治理與安全", - "guid": "ba2cf204-9901-43a5-b3ce-474dccbd8682", - "id": "AOAI.41", - "service": "Azure OpenAI", - "severity": "中等", - "subcategory": "員工意識和培訓", - "text": "對員工進行有關數據安全最佳實踐、安全處理數據的重要性以及與數據洩露相關的潛在風險的教育。鼓勵他們勤奮地遵循數據安全協定。", - "waf": "安全" - }, - { - "category": "治理與安全", - "guid": "eae01e6e-842e-452f-9721-d928c1b1cd52", - "id": "AOAI.42", - "service": "Azure OpenAI", - "severity": "高", - "subcategory": "環境隔離", - "text": "將生產數據與開發和測試數據分開。僅在生產中使用真實的敏感數據,並在開發和測試環境中使用匿名或合成數據。", - "waf": "安全" - }, - { - "category": "治理與安全", - "guid": "1e54a29a-9de3-499c-bd7b-28dc93555620", - "id": "AOAI.43", - "service": "Azure OpenAI", - "severity": "中等", - "subcategory": "索引分離", - "text": "如果您具有不同級別的數據敏感度,請考慮為每個級別創建單獨的索引。例如,您可以有一個用於常規數據的索引,另一個用於敏感數據的索引,每個索引都由不同的訪問協定管理", - "waf": "安全" - }, - { - "category": "治理與安全", - "guid": "2bfe4564-b0d8-434a-948b-263e6dd60512", - "id": "AOAI.44", - "service": "Azure OpenAI", - "severity": "中等", - "subcategory": "不同實例中的敏感數據", - "text": "通過將敏感數據集放置在服務的不同實例中,進一步實現隔離。每個實例都可以使用其自己的特定 RBAC 策略集進行控制", - "waf": "安全" - }, - { - "category": "治理與安全", - "guid": "a36498f6-dbad-438e-ad53-cc7ce1d7aaab", - "id": "AOAI.45", - "service": "Azure OpenAI", - "severity": "高", - "subcategory": "嵌入和向量處理", - "text": "認識到從敏感資訊生成的嵌入和向量本身就是敏感的。這些數據應得到與源材料相同的保護措施", - "waf": "安全" - }, - { - "category": "治理與安全", - "guid": "3571449a-b805-43d8-af89-dc7b33be2a1a", - "id": "AOAI.46", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/role-based-access-control", - "service": "Azure OpenAI", - "severity": "高", - "subcategory": "存取控制", - "text": "將 RBAC 應用於具有嵌入和向量的數據存儲,並根據角色的訪問要求確定存取範圍", - "waf": "安全" - }, - { - "category": "治理與安全", - "guid": "27f7b9e9-1be1-4f38-aef3-9812bd463cbb", - "id": "AOAI.47", - "link": "https://techcommunity.microsoft.com/t5/azure-architecture-blog/azure-openai-private-endpoints-connecting-across-vnet-s/ba-p/3913325", - "service": "Azure OpenAI", - "severity": "高", - "subcategory": "網路安全", - "text": "為 AI 服務配置專用終結點,以限制網路內的服務訪問", - "waf": "安全" - }, - { - "category": "治理與安全", - "guid": "ac8ac199-ebb9-41a3-9d90-cae2cc881370", - "id": "AOAI.48", - "service": "Azure OpenAI", - "severity": "高", - "subcategory": "網路安全", - "text": "使用 Azure 防火牆和 UDR 強制實施嚴格的入站和出站流量控制,並限制外部集成點", - "waf": "安全" - }, - { - "category": "治理與安全", - "guid": "6f7c0cba-fe51-4464-add4-57e927138b82", - "id": "AOAI.49", - "service": "Azure OpenAI", - "severity": "高", - "subcategory": "控制網路訪問", - "text": "實施網路分段和訪問控制,將 LLM 應用程式的存取限製為僅授權使用者和系統,並防止橫向行動", - "waf": "安全" - }, - { - "category": "成本優化", - "guid": "7f42c78e-78cb-46a2-8ad1-90916e6a8d8f", - "id": "AOAI.5", - "link": "https://www.microsoft.com/research/blog/llmlingua-innovating-llm-efficiency-with-prompt-compression/", - "service": "Azure OpenAI", - "severity": "中等", - "subcategory": "代幣優化", - "text": "使用提示壓縮工具,如 LLMLingua 或 gprtrim", - "waf": "成本優化" - }, - { - "category": "治理與安全", - "guid": "1102cac6-eae0-41e6-b842-e52f4721d928", - "id": "AOAI.50", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/managed-identity", - "service": "Azure OpenAI", - "severity": "高", - "subcategory": "保護 API 和端點", - "text": "確保 LLM 應用程式使用的 API 和端點使用身份驗證和授權機制(例如託管標識、API 金鑰或 OAuth)得到適當保護,以防止未經授權的訪問。", - "waf": "安全" - }, - { - "category": "治理與安全", - "guid": "c1b1cd52-1e54-4a29-a9de-399cfd7b28dc", - "id": "AOAI.51", - "link": "https://techcommunity.microsoft.com/t5/azure-architecture-blog/security-best-practices-for-genai-applications-openai-in-azure/ba-p/4027885", - "service": "Azure OpenAI", - "severity": "中等", - "subcategory": "實施強身份驗證", - "text": "實施強大的最終使用者身份驗證機制,例如多因素身份驗證,以防止對 LLM 應用程式和相關網路資源的未經授權的訪問", - "waf": "安全" - }, - { - "category": "治理與安全", - "guid": "93555620-2bfe-4456-9b0d-834a348b263e", - "id": "AOAI.52", - "service": "Azure OpenAI", - "severity": "中等", - "subcategory": "使用網路監控", - "text": "實施網路監控工具,以檢測和分析網路流量中的任何可疑或惡意活動。啟用日誌記錄以捕獲網路事件,並在發生安全事件時促進取證分析", - "waf": "安全" - }, - { - "category": "治理與安全", - "guid": "6dd60512-a364-498f-9dba-d38ead53cc7c", - "id": "AOAI.53", - "service": "Azure OpenAI", - "severity": "中等", - "subcategory": "安全審計和滲透測試", - "text": "進行安全審計和滲透測試,以識別和解決LLM應用程式的網路基礎設施中的任何網路安全弱點或漏洞", - "waf": "安全" - }, - { - "category": "治理與安全", - "guid": "e1d7aaab-3571-4449-ab80-53d89f89dc7b", - "id": "AOAI.54", - "link": "https://learn.microsoft.com/azure/azure-resource-manager/management/tag-resources?tabs=json", - "service": "Azure OpenAI", - "severity": "低", - "subcategory": "基礎設施部署", - "text": "Azure AI 服務已正確標記,以便更好地管理", - "waf": "卓越運營" - }, - { - "category": "治理與安全", - "guid": "77036e5e-6b4b-4ed3-b503-547c1347dc56", - "id": "AOAI.55", - "link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations", - "service": "Azure OpenAI", - "severity": "低", - "subcategory": "基礎設施部署", - "text": "Azure AI 服務帳戶遵循組織命名約定", - "waf": "卓越運營" - }, - { - "category": "治理與安全", - "guid": "028a71ff-e1ce-415d-b3f0-d5e772d41e36", - "id": "AOAI.56", - "link": "https://learn.microsoft.com/azure/ai-services/diagnostic-logging", - "service": "Azure OpenAI", - "severity": "高", - "subcategory": "診斷記錄", - "text": "應啟用 Azure AI 服務資源中的診斷日誌", - "waf": "卓越運營" - }, - { - "category": "身份和訪問管理", - "guid": "11cc57b4-a4b1-4410-b439-58a8c2289b3d", - "id": "AOAI.57", - "link": "https://learn.microsoft.com/azure/ai-services/authentication", - "service": "Azure OpenAI", - "severity": "高", - "subcategory": "基於 Entra ID 的訪問", - "text": "為了安全起見,建議禁用密鑰訪問(本地身份驗證)。 禁用基於密鑰的訪問后,Microsoft Entra ID 將成為唯一的訪問方法,該方法允許保持最小許可權原則和精細控制。", - "waf": "安全" - }, - { - "category": "治理與安全", - "guid": "6b57cfc6-5546-41e1-a3e3-453a3c863964", - "id": "AOAI.58", - "link": "https://learn.microsoft.com/azure/key-vault/general/best-practices", - "service": "Azure OpenAI", - "severity": "高", - "subcategory": "安全金鑰管理", - "text": "使用 Azure Key Vault 安全地存儲和管理密鑰。避免在 LLM 應用程式的代碼中硬編碼或嵌入敏感密鑰,並使用託管標識從 Azure Key Vault 中安全地檢索它們", - "waf": "安全" - }, - { - "category": "治理與安全", - "guid": "8b652d6c-15f5-4129-9539-8e6ded227dd1", - "id": "AOAI.59", - "link": "https://learn.microsoft.com/azure/key-vault/general/best-practices", - "service": "Azure OpenAI", - "severity": "高", - "subcategory": "密鑰輪換和過期", - "text": "定期輪換和過期存儲在 Azure Key Vault 中的密鑰,以最大程度地降低未經授權訪問的風險。", - "waf": "安全" - }, - { - "category": "成本優化", - "guid": "adfe27be-e297-401a-a352-baaab79b088d", - "id": "AOAI.6", - "link": "https://github.com/openai/tiktoken", - "service": "Azure OpenAI", - "severity": "高", - "subcategory": "代幣優化", - "text": "使用 tiktoken 了解對話模式下令牌優化的令牌大小", - "waf": "成本優化" - }, - { - "category": "治理與安全", - "guid": "42b06c21-d799-49a6-96f4-389a7f42c78e", - "id": "AOAI.60", - "link": "https://learn.microsoft.com/azure/security/develop/secure-dev-overview", - "service": "Azure OpenAI", - "severity": "高", - "subcategory": "安全編碼實踐", - "text": "遵循安全編碼做法,以防止常見漏洞,例如注入攻擊、跨網站腳本 (XSS) 或安全配置錯誤", - "waf": "安全" - }, - { - "category": "治理與安全", - "guid": "78c06a73-a22a-4495-9e6a-8dc4a20e27c3", - "id": "AOAI.61", - "link": "https://learn.microsoft.com/azure/devops/repos/security/github-advanced-security-dependency-scanning?view=azure-devops", - "service": "Azure OpenAI", - "severity": "高", - "subcategory": "修補和更新", - "text": "設置一個流程來定期更新和修補 LLM 庫和其他系統元件", - "waf": "安全" - }, - { - "category": "負責任的 AI", - "guid": "e29711b1-352b-4eee-879b-588defc4972c", - "id": "AOAI.62", - "link": "https://learn.microsoft.com/legal/cognitive-services/openai/code-of-conduct", - "service": "Azure OpenAI", - "severity": "高", - "subcategory": "統轄", - "text": "遵守 Azure OpenAI 或其他 LLM 的使用條款、策略和指南以及允許的用例", - "waf": "卓越運營" - }, - { - "category": "成本優化", - "guid": "d3cd21bf-7703-46e5-b6b4-bed3d503547c", - "id": "AOAI.63", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/manage-costs#base-series-and-codex-series-fine-tuned-models", - "service": "Azure OpenAI", - "severity": "中等", - "subcategory": "熟悉成本", - "text": "了解基礎模型和微調模型的成本差異以及令牌步長", - "waf": "成本優化" - }, - { - "category": "成本優化", - "guid": "1347dc56-028a-471f-be1c-e15dd3f0d5e7", - "id": "AOAI.64", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/latency#batching", - "service": "Azure OpenAI", - "severity": "高", - "subcategory": "批處理", - "text": "在可能的情況下,批量請求,以最大程度地減少每次調用的開銷,從而降低總體成本。確保優化批量大小", - "waf": "成本優化" - }, - { - "category": "成本優化", - "guid": "72d41e36-11cc-457b-9a4b-1410d43958a8", - "id": "AOAI.65", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/manage-costs", - "service": "Azure OpenAI", - "severity": "中等", - "subcategory": "成本監控", - "text": "設置成本跟蹤系統,用於監視模型使用方式,並使用該資訊來説明通知模型選擇和提示大小", - "waf": "成本優化" - }, - { - "category": "成本優化", - "guid": "166cd072-af9b-4141-a898-a535e737897e", - "id": "AOAI.66", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/quota?tabs=rest#understanding-rate-limits", - "service": "Azure OpenAI", - "severity": "中等", - "subcategory": "令牌限制", - "text": "為每個模型回應的令牌數設置最大限制。優化大小以確保其足夠大以實現有效的回應", - "waf": "成本優化" - }, - { - "category": "運營管理", - "guid": "71ca7da8-cfa9-462a-8594-946da97dc3a2", - "id": "AOAI.67", - "link": "https://learn.microsoft.com/azure/search/search-reliability", - "service": "Azure OpenAI", - "severity": "中等", - "subcategory": "AI 搜尋可靠性", - "text": "查看提供的有關設置 AI 搜索以實現可靠性的指南", - "waf": "卓越運營" - }, - { - "category": "運營管理", - "guid": "3266b225-86f4-4a16-92bd-ddea8a487cde", - "id": "AOAI.68", - "link": "https://learn.microsoft.com/azure/search/vector-search-index-size?tabs=portal-vector-quota", - "service": "Azure OpenAI", - "severity": "中等", - "subcategory": "AI 搜索向量限制", - "text": "規劃和管理 AI 搜索向量存儲", - "waf": "卓越運營" - }, - { - "category": "運營管理", - "guid": "b4861bc3-bc14-4aeb-9e66-e8d9a3aec218", - "id": "AOAI.69", - "link": "https://learn.microsoft.com/azure/machine-learning/prompt-flow/how-to-end-to-end-llmops-with-prompt-flow?view=azureml-api-2", - "service": "Azure OpenAI", - "severity": "中等", - "subcategory": "DevOps的", - "text": "應用 LLMOps 實踐來自動化 GenAI 應用程式的生命週期管理", - "waf": "卓越運營" - }, - { - "category": "成本優化", - "guid": "aa80932c-8ec9-4d1b-a770-26e5e6beba9e", - "id": "AOAI.7", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/provisioned-throughput-onboarding#understanding-the-provisioned-throughput-purchase-model", - "service": "Azure OpenAI", - "severity": "高", - "subcategory": "成本核算模型", - "text": "評估計費模型的使用方式 - PAYG 與 PTU", - "waf": "成本優化" - }, - { - "category": "運營管理", - "guid": "e6436b07-36db-455f-9796-03334bdf9cc2", - "id": "AOAI.70", - "link": "https://techcommunity.microsoft.com/t5/ai-azure-ai-services-blog/how-to-control-azure-openai-models/ba-p/4146793", - "service": "Azure OpenAI", - "severity": "中等", - "subcategory": "DevOps的", - "text": "在模型版本之間切換時評估提示和應用程式的品質", - "waf": "卓越運營" - }, - { - "category": "運營管理", - "guid": "3418db61-2712-4650-9bb4-7a393a080327", - "id": "AOAI.71", - "link": "https://learn.microsoft.com/azure/machine-learning/prompt-flow/concept-model-monitoring-generative-ai-evaluation-metrics?view=azureml-api-2", - "service": "Azure OpenAI", - "severity": "中等", - "subcategory": "發展", - "text": "評估、監控和優化您的 GenAI 應用程式的特性,如接地氣、相關性、準確性、連貫性、流暢性、", - "waf": "卓越運營" - }, - { - "category": "運營管理", - "guid": "294798b1-578b-4219-a46c-eb5443513592", - "id": "AOAI.72", - "service": "Azure OpenAI", - "severity": "中等", - "subcategory": "發展", - "text": "根據不同的搜索參數評估 Azure AI 搜尋結果", - "waf": "卓越運營" - }, - { - "category": "運營管理", - "guid": "2744293b-b628-4537-a551-19b08e8f5854", - "id": "AOAI.73", - "link": "https://learn.microsoft.com/azure/ai-services/openai/concepts/fine-tuning-considerations", - "service": "Azure OpenAI", - "severity": "中等", - "subcategory": "發展", - "text": "只有在嘗試了其他基本方法(如提示工程和RAG處理數據)時,才將微調模型視為提高準確性的方法", - "waf": "卓越運營" - }, - { - "category": "運營管理", - "guid": "287d9cec-166c-4d07-8af9-b141a898a535", - "id": "AOAI.74", - "link": "https://learn.microsoft.com/azure/ai-services/openai/concepts/advanced-prompt-engineering?pivots=programming-language-chat-completions", - "service": "Azure OpenAI", - "severity": "中等", - "subcategory": "發展", - "text": "使用提示工程技術來提高 LLM 回應的準確性", - "waf": "卓越運營" - }, - { - "category": "治理與安全", - "guid": "e737897e-71ca-47da-acfa-962a1594946d", - "id": "AOAI.75", - "link": "https://learn.microsoft.com/azure/ai-services/openai/concepts/red-teaming", - "service": "Azure OpenAI", - "severity": "中等", - "subcategory": "安全審計和滲透測試", - "text": "紅隊您的 GenAI 應用程式", - "waf": "安全" - }, - { - "category": "運營管理", - "guid": "edb117e6-76aa-4f66-aca4-8e5a95f2223e", - "id": "AOAI.76", - "link": "https://www.microsoft.com/haxtoolkit/guideline/encourage-granular-feedback/", - "service": "Azure OpenAI", - "severity": "中等", - "subcategory": "最終用戶反饋", - "text": "為最終使用者提供 LLM 回應的評分選項並跟蹤這些分數。", - "waf": "卓越運營" - }, - { - "category": "成本優化", - "guid": "d5f3547c-c346-4d81-9028-a71ffe1b9b5d", - "id": "AOAI.8", - "link": "https://techcommunity.microsoft.com/t5/fasttrack-for-azure/optimizing-azure-openai-a-guide-to-limits-quotas-and-best/ba-p/4076268", - "service": "Azure OpenAI", - "severity": "高", - "subcategory": "配額管理", - "text": "考慮配額管理做法", - "waf": "成本優化" - }, - { - "category": "運營管理", - "guid": "9de0d5d7-31d4-41e3-911c-817bfafbc410", - "id": "AOAI.9", - "link": "https://github.com/Azure/aoai-apim/blob/main/README.md", - "service": "Azure OpenAI", - "severity": "中等", - "subcategory": "負載均衡", - "text": "使用負載均衡器解決方案(如基於APIM的閘道)在服務和區域之間平衡負載和容量", - "waf": "卓越運營" - } - ], - "metadata": { - "name": "Azure OpenAI Review", - "state": "Preview", - "timestamp": "July 24, 2024", - "waf": "all" - }, - "severities": [ - { - "name": "高" - }, - { - "name": "中等" - }, - { - "name": "低" - } - ], - "status": [ - { - "description": "此檢查尚未查看", - "name": "未驗證" - }, - { - "description": "有一個與此檢查關聯的操作項", - "name": "打開" - }, - { - "description": "此檢查已經過驗證,並且沒有與之關聯的其他操作項", - "name": "實現" - }, - { - "description": "建議已理解,但當前要求不需要", - "name": "不需要" - }, - { - "description": "不適用於當前設計", - "name": "N/A" - } - ], - "waf": [ - { - "name": "可靠性" - }, - { - "name": "安全" - }, - { - "name": "成本" - }, - { - "name": "操作" - }, - { - "name": "性能" - } - ], - "yesno": [ - { - "name": "是的" - }, - { - "name": "不" - } - ] -} \ No newline at end of file diff --git a/checklists/cognitivesearch_checklist.en.json b/checklists/cognitivesearch_checklist.en.json deleted file mode 100644 index 7d9898432..000000000 --- a/checklists/cognitivesearch_checklist.en.json +++ /dev/null @@ -1,175 +0,0 @@ -{ - "items": [ - { - "category": "Operations Management", - "subcategory": "High Availablity", - "text": "Enable 2 replicas to have 99.9% availability for read operations", - "waf": "Reliability", - "service": "Cognitive Search", - "guid": "41faa1ed-b7f0-447d-8cba-4a4905e5bb83", - "id": "A01.01", - "cost": 1, - "severity": "High", - "link": "https://learn.microsoft.com/azure/search/search-reliability#high-availability" - }, - { - "category": "Operations Management", - "subcategory": "High Availablity", - "text": "Enable 3 replicas to have 99.9% availability for read/write operations", - "waf": "Reliability", - "service": "Cognitive Search", - "guid": "7d956fd9-788a-4845-9b9f-c0340972d810", - "id": "A01.02", - "cost": 1, - "severity": "Medium", - "link": "https://learn.microsoft.com/azure/search/search-reliability#high-availability" - }, - { - "category": "Operations Management", - "subcategory": "High Availablity", - "text": "Leverage Availability Zones by enabling read and/or write replicas", - "waf": "Reliability", - "service": "Cognitive Search", - "guid": "44dc5f2b-a032-4d03-aae8-90c3f2c0a4c3", - "id": "A01.03", - "cost": 1, - "severity": "High", - "link": "https://learn.microsoft.com/azure/search/search-reliability#availability-zone-support" - }, - { - "category": "Operations Management", - "subcategory": "Georeplication", - "text": "For regional redudancy, Manually create services in 2 or more regions for Search as it doesn't provide an automated method of replicating search indexes across geographic regions", - "waf": "Reliability", - "service": "Cognitive Search", - "guid": "cd0730f0-0ff1-4b77-9a2b-2a1f7dd5e291", - "id": "A02.01", - "cost": 1, - "severity": "Medium", - "link": "https://learn.microsoft.com/azure/search/search-reliability#multiple-services-in-separate-geographic-regions" - }, - { - "category": "Operations Management", - "subcategory": "Georeplication", - "text": "To synchronize data across multiple services either Use indexers for updating content on multiple services or Use REST APIs for pushing content updates on multiple services", - "waf": "Reliability", - "service": "Cognitive Search", - "guid": "3c964882-aec9-4d44-9f68-4b5f2efbbdb6", - "id": "A02.02", - "cost": 1, - "severity": "Medium", - "link": "https://learn.microsoft.com/azure/search/search-reliability#synchronize-data-across-multiple-services" - }, - { - "category": "Operations Management", - "subcategory": "Georeplication", - "text": "Use Azure Traffic Manager to coordinate requests", - "waf": "Reliability", - "service": "Cognitive Search", - "guid": "85ee93c9-f53c-4803-be51-e6e4aa37ff4e", - "id": "A02.03", - "cost": 1, - "severity": "Medium", - "link": "https://learn.microsoft.com/azure/search/search-reliability#use-azure-traffic-manager-to-coordinate-requests" - }, - { - "category": "Operations Management", - "subcategory": "Disaster Recovery", - "text": "Backup and Restore an Azure Cognitive Search Index. Use this sample code to back up index definition and snapshot to a series of Json files", - "waf": "Reliability", - "service": "Cognitive Search", - "guid": "7be10278-57c1-4a61-8ee3-895aebfec5aa", - "id": "A03.01", - "cost": 1, - "severity": "High", - "link": "https://learn.microsoft.com/azure/search/search-reliability#back-up-and-restore-alternatives" - } - ], - "categories": [ - { - "name": "Identity and Access Management" - }, - { - "name": "Network Topology and Connectivity" - }, - { - "name": "BC and DR" - }, - { - "name": "Governance and Security" - }, - { - "name": "Cost Governance" - }, - { - "name": "Operations Management" - }, - { - "name": "Application Deployment" - } - ], - "waf": [ - { - "name": "Reliability" - }, - { - "name": "Security" - }, - { - "name": "Cost" - }, - { - "name": "Operations" - }, - { - "name": "Performance" - } - ], - "yesno": [ - { - "name": "Yes" - }, - { - "name": "No" - } - ], - "status": [ - { - "name": "Not verified", - "description": "This check has not been looked at yet" - }, - { - "name": "Open", - "description": "There is an action item associated to this check" - }, - { - "name": "Fulfilled", - "description": "This check has been verified, and there are no further action items associated to it" - }, - { - "name": "Not required", - "description": "Recommendation understood, but not needed by current requirements" - }, - { - "name": "N/A", - "description": "Not applicable for current design" - } - ], - "severities": [ - { - "name": "High" - }, - { - "name": "Medium" - }, - { - "name": "Low" - } - ], - "metadata": { - "name": "Cognitive Search Review Checklist", - "state": "Preview", - "waf": "Reliability", - "timestamp": "April 26, 2024" - } -} \ No newline at end of file diff --git a/checklists/cognitivesearch_checklist.es.json b/checklists/cognitivesearch_checklist.es.json deleted file mode 100644 index 51caa3317..000000000 --- a/checklists/cognitivesearch_checklist.es.json +++ /dev/null @@ -1,175 +0,0 @@ -{ - "categories": [ - { - "name": "Gestión de identidades y accesos" - }, - { - "name": "Topología y conectividad de red" - }, - { - "name": "BC y DR" - }, - { - "name": "Gobernanza y seguridad" - }, - { - "name": "Gobernanza de costos" - }, - { - "name": "Gestión de Operaciones" - }, - { - "name": "Implementación de aplicaciones" - } - ], - "items": [ - { - "category": "Gestión de Operaciones", - "cost": 1, - "guid": "41faa1ed-b7f0-447d-8cba-4a4905e5bb83", - "id": "A01.01", - "link": "https://learn.microsoft.com/azure/search/search-reliability#high-availability", - "service": "Cognitive Search", - "severity": "Alto", - "subcategory": "Alta disponibilidad", - "text": "Habilitación de 2 réplicas para que tengan una disponibilidad del 99,9 % para las operaciones de lectura", - "waf": "Fiabilidad" - }, - { - "category": "Gestión de Operaciones", - "cost": 1, - "guid": "7d956fd9-788a-4845-9b9f-c0340972d810", - "id": "A01.02", - "link": "https://learn.microsoft.com/azure/search/search-reliability#high-availability", - "service": "Cognitive Search", - "severity": "Medio", - "subcategory": "Alta disponibilidad", - "text": "Habilitación de 3 réplicas para que tengan una disponibilidad del 99,9 % para las operaciones de lectura y escritura", - "waf": "Fiabilidad" - }, - { - "category": "Gestión de Operaciones", - "cost": 1, - "guid": "44dc5f2b-a032-4d03-aae8-90c3f2c0a4c3", - "id": "A01.03", - "link": "https://learn.microsoft.com/azure/search/search-reliability#availability-zone-support", - "service": "Cognitive Search", - "severity": "Alto", - "subcategory": "Alta disponibilidad", - "text": "Aproveche las zonas de disponibilidad habilitando réplicas de lectura o escritura", - "waf": "Fiabilidad" - }, - { - "category": "Gestión de Operaciones", - "cost": 1, - "guid": "cd0730f0-0ff1-4b77-9a2b-2a1f7dd5e291", - "id": "A02.01", - "link": "https://learn.microsoft.com/azure/search/search-reliability#multiple-services-in-separate-geographic-regions", - "service": "Cognitive Search", - "severity": "Medio", - "subcategory": "Replicación geográfica", - "text": "En el caso de la reincidencia regional, cree manualmente servicios en 2 o más regiones para la búsqueda, ya que no proporciona un método automatizado para replicar índices de búsqueda en regiones geográficas", - "waf": "Fiabilidad" - }, - { - "category": "Gestión de Operaciones", - "cost": 1, - "guid": "3c964882-aec9-4d44-9f68-4b5f2efbbdb6", - "id": "A02.02", - "link": "https://learn.microsoft.com/azure/search/search-reliability#synchronize-data-across-multiple-services", - "service": "Cognitive Search", - "severity": "Medio", - "subcategory": "Replicación geográfica", - "text": "Para sincronizar datos entre varios servicios, use indexadores para actualizar contenido en varios servicios o use las API de REST para insertar actualizaciones de contenido en varios servicios", - "waf": "Fiabilidad" - }, - { - "category": "Gestión de Operaciones", - "cost": 1, - "guid": "85ee93c9-f53c-4803-be51-e6e4aa37ff4e", - "id": "A02.03", - "link": "https://learn.microsoft.com/azure/search/search-reliability#use-azure-traffic-manager-to-coordinate-requests", - "service": "Cognitive Search", - "severity": "Medio", - "subcategory": "Replicación geográfica", - "text": "Uso de Azure Traffic Manager para coordinar solicitudes", - "waf": "Fiabilidad" - }, - { - "category": "Gestión de Operaciones", - "cost": 1, - "guid": "7be10278-57c1-4a61-8ee3-895aebfec5aa", - "id": "A03.01", - "link": "https://learn.microsoft.com/azure/search/search-reliability#back-up-and-restore-alternatives", - "service": "Cognitive Search", - "severity": "Alto", - "subcategory": "Recuperación ante desastres", - "text": "Realice una copia de seguridad y restaure un índice de Azure Cognitive Search. Use este código de ejemplo para realizar una copia de seguridad de la definición del índice y la instantánea en una serie de archivos JSON", - "waf": "Fiabilidad" - } - ], - "metadata": { - "name": "Cognitive Search Review Checklist", - "state": "Preview", - "timestamp": "April 26, 2024", - "waf": "Reliability" - }, - "severities": [ - { - "name": "Alto" - }, - { - "name": "Medio" - }, - { - "name": "Bajo" - } - ], - "status": [ - { - "description": "Esta comprobación aún no se ha examinado", - "name": "No verificado" - }, - { - "description": "Hay un elemento de acción asociado a esta comprobación", - "name": "Abrir" - }, - { - "description": "Esta comprobación se ha verificado y no hay más elementos de acción asociados a ella", - "name": "Cumplido" - }, - { - "description": "Recomendación entendida, pero no necesaria por los requisitos actuales", - "name": "No es necesario" - }, - { - "description": "No aplicable para el diseño actual", - "name": "N/A" - } - ], - "waf": [ - { - "name": "Fiabilidad" - }, - { - "name": "Seguridad" - }, - { - "name": "Costar" - }, - { - "name": "Operaciones" - }, - { - "name": "Rendimiento" - } - ], - "yesno": [ - { - "name": "Sí" - }, - { - "name": "No" - } - ] -} \ No newline at end of file diff --git a/checklists/cognitivesearch_checklist.ja.json b/checklists/cognitivesearch_checklist.ja.json deleted file mode 100644 index c84dd6989..000000000 --- a/checklists/cognitivesearch_checklist.ja.json +++ /dev/null @@ -1,175 +0,0 @@ -{ - "categories": [ - { - "name": "IDおよびアクセス管理" - }, - { - "name": "ネットワークトポロジと接続性" - }, - { - "name": "BCとDR" - }, - { - "name": "ガバナンスとセキュリティ" - }, - { - "name": "コストガバナンス" - }, - { - "name": "運用管理" - }, - { - "name": "アプリケーションの展開" - } - ], - "items": [ - { - "category": "運用管理", - "cost": 1, - "guid": "41faa1ed-b7f0-447d-8cba-4a4905e5bb83", - "id": "A01.01", - "link": "https://learn.microsoft.com/azure/search/search-reliability#high-availability", - "service": "Cognitive Search", - "severity": "高い", - "subcategory": "高い可用性", - "text": "2 つのレプリカで読み取り操作の可用性を 99.9% にする", - "waf": "確実" - }, - { - "category": "運用管理", - "cost": 1, - "guid": "7d956fd9-788a-4845-9b9f-c0340972d810", - "id": "A01.02", - "link": "https://learn.microsoft.com/azure/search/search-reliability#high-availability", - "service": "Cognitive Search", - "severity": "中程度", - "subcategory": "高い可用性", - "text": "3 つのレプリカで読み取り/書き込み操作の可用性を 99.9% に向上させる", - "waf": "確実" - }, - { - "category": "運用管理", - "cost": 1, - "guid": "44dc5f2b-a032-4d03-aae8-90c3f2c0a4c3", - "id": "A01.03", - "link": "https://learn.microsoft.com/azure/search/search-reliability#availability-zone-support", - "service": "Cognitive Search", - "severity": "高い", - "subcategory": "高い可用性", - "text": "読み取りレプリカや書き込みレプリカを有効にすることでアベイラビリティーゾーンを活用する", - "waf": "確実" - }, - { - "category": "運用管理", - "cost": 1, - "guid": "cd0730f0-0ff1-4b77-9a2b-2a1f7dd5e291", - "id": "A02.01", - "link": "https://learn.microsoft.com/azure/search/search-reliability#multiple-services-in-separate-geographic-regions", - "service": "Cognitive Search", - "severity": "中程度", - "subcategory": "ジオレプリケーション", - "text": "リージョンの冗長性については、地理的リージョン間で検索インデックスをレプリケートする自動化された方法が提供されないため、検索用に 2 つ以上のリージョンにサービスを手動で作成します", - "waf": "確実" - }, - { - "category": "運用管理", - "cost": 1, - "guid": "3c964882-aec9-4d44-9f68-4b5f2efbbdb6", - "id": "A02.02", - "link": "https://learn.microsoft.com/azure/search/search-reliability#synchronize-data-across-multiple-services", - "service": "Cognitive Search", - "severity": "中程度", - "subcategory": "ジオレプリケーション", - "text": "複数のサービス間でデータを同期するには、複数のサービスでコンテンツを更新するためにインデクサーを使用するか、複数のサービスでコンテンツの更新をプッシュするために REST API を使用する", - "waf": "確実" - }, - { - "category": "運用管理", - "cost": 1, - "guid": "85ee93c9-f53c-4803-be51-e6e4aa37ff4e", - "id": "A02.03", - "link": "https://learn.microsoft.com/azure/search/search-reliability#use-azure-traffic-manager-to-coordinate-requests", - "service": "Cognitive Search", - "severity": "中程度", - "subcategory": "ジオレプリケーション", - "text": "Azure Traffic Manager を使用して要求を調整する", - "waf": "確実" - }, - { - "category": "運用管理", - "cost": 1, - "guid": "7be10278-57c1-4a61-8ee3-895aebfec5aa", - "id": "A03.01", - "link": "https://learn.microsoft.com/azure/search/search-reliability#back-up-and-restore-alternatives", - "service": "Cognitive Search", - "severity": "高い", - "subcategory": "災害復旧", - "text": "Azure Cognitive Search インデックスをバックアップおよび復元します。このサンプル コードを使用して、インデックス定義とスナップショットを一連の Json ファイルにバックアップします", - "waf": "確実" - } - ], - "metadata": { - "name": "Cognitive Search Review Checklist", - "state": "Preview", - "timestamp": "April 26, 2024", - "waf": "Reliability" - }, - "severities": [ - { - "name": "高い" - }, - { - "name": "中程度" - }, - { - "name": "低い" - } - ], - "status": [ - { - "description": "このチェックはまだ検討されていません", - "name": "未確認" - }, - { - "description": "このチェックにはアクションアイテムが関連付けられています", - "name": "開ける" - }, - { - "description": "このチェックは検証済みで、これ以上のアクションアイテムは関連付けられていません", - "name": "達成" - }, - { - "description": "推奨事項は理解されているが、現在の要件では不要", - "name": "必要なし" - }, - { - "description": "現在のデザインには適用されません", - "name": "該当なし" - } - ], - "waf": [ - { - "name": "確実" - }, - { - "name": "安全" - }, - { - "name": "費用" - }, - { - "name": "オペレーションズ" - }, - { - "name": "パフォーマンス" - } - ], - "yesno": [ - { - "name": "はい" - }, - { - "name": "いいえ" - } - ] -} \ No newline at end of file diff --git a/checklists/cognitivesearch_checklist.ko.json b/checklists/cognitivesearch_checklist.ko.json deleted file mode 100644 index cbbc86cee..000000000 --- a/checklists/cognitivesearch_checklist.ko.json +++ /dev/null @@ -1,175 +0,0 @@ -{ - "categories": [ - { - "name": "ID 및 액세스 관리" - }, - { - "name": "네트워크 토폴로지 및 연결" - }, - { - "name": "BC 및 DR" - }, - { - "name": "거버넌스 및 보안" - }, - { - "name": "비용 거버넌스" - }, - { - "name": "운영 관리" - }, - { - "name": "응용 프로그램 배포" - } - ], - "items": [ - { - "category": "운영 관리", - "cost": 1, - "guid": "41faa1ed-b7f0-447d-8cba-4a4905e5bb83", - "id": "A01.01", - "link": "https://learn.microsoft.com/azure/search/search-reliability#high-availability", - "service": "Cognitive Search", - "severity": "높다", - "subcategory": "높은 가용성", - "text": "읽기 작업에 대해 99.9%의 가용성을 갖도록 복제본 2개 사용", - "waf": "신뢰도" - }, - { - "category": "운영 관리", - "cost": 1, - "guid": "7d956fd9-788a-4845-9b9f-c0340972d810", - "id": "A01.02", - "link": "https://learn.microsoft.com/azure/search/search-reliability#high-availability", - "service": "Cognitive Search", - "severity": "보통", - "subcategory": "높은 가용성", - "text": "읽기/쓰기 작업에 대해 99.9%의 가용성을 갖도록 복제본 3개 사용", - "waf": "신뢰도" - }, - { - "category": "운영 관리", - "cost": 1, - "guid": "44dc5f2b-a032-4d03-aae8-90c3f2c0a4c3", - "id": "A01.03", - "link": "https://learn.microsoft.com/azure/search/search-reliability#availability-zone-support", - "service": "Cognitive Search", - "severity": "높다", - "subcategory": "높은 가용성", - "text": "읽기 및/또는 쓰기 복제본을 활성화하여 가용 영역 활용Leverage Availability Zones by enabling read and/or write replicas", - "waf": "신뢰도" - }, - { - "category": "운영 관리", - "cost": 1, - "guid": "cd0730f0-0ff1-4b77-9a2b-2a1f7dd5e291", - "id": "A02.01", - "link": "https://learn.microsoft.com/azure/search/search-reliability#multiple-services-in-separate-geographic-regions", - "service": "Cognitive Search", - "severity": "보통", - "subcategory": "지리 복제", - "text": "지역 중복의 경우 Manually create services in 2 or more regions for Search는 지리적 지역 간에 검색 인덱스를 복제하는 자동화된 방법을 제공하지 않습니다", - "waf": "신뢰도" - }, - { - "category": "운영 관리", - "cost": 1, - "guid": "3c964882-aec9-4d44-9f68-4b5f2efbbdb6", - "id": "A02.02", - "link": "https://learn.microsoft.com/azure/search/search-reliability#synchronize-data-across-multiple-services", - "service": "Cognitive Search", - "severity": "보통", - "subcategory": "지리 복제", - "text": "여러 서비스에서 데이터를 동기화하려면 인덱서를 사용하여 여러 서비스의 콘텐츠를 업데이트하거나 REST API를 사용하여 여러 서비스에서 콘텐츠 업데이트를 푸시합니다.", - "waf": "신뢰도" - }, - { - "category": "운영 관리", - "cost": 1, - "guid": "85ee93c9-f53c-4803-be51-e6e4aa37ff4e", - "id": "A02.03", - "link": "https://learn.microsoft.com/azure/search/search-reliability#use-azure-traffic-manager-to-coordinate-requests", - "service": "Cognitive Search", - "severity": "보통", - "subcategory": "지리 복제", - "text": "Azure Traffic Manager를 사용하여 요청 조정", - "waf": "신뢰도" - }, - { - "category": "운영 관리", - "cost": 1, - "guid": "7be10278-57c1-4a61-8ee3-895aebfec5aa", - "id": "A03.01", - "link": "https://learn.microsoft.com/azure/search/search-reliability#back-up-and-restore-alternatives", - "service": "Cognitive Search", - "severity": "높다", - "subcategory": "재해 복구", - "text": "Azure Cognitive Search 인덱스를 백업 및 복원합니다. 이 샘플 코드를 사용하여 인덱스 정의 및 스냅샷을 일련의 Json 파일에 백업합니다", - "waf": "신뢰도" - } - ], - "metadata": { - "name": "Cognitive Search Review Checklist", - "state": "Preview", - "timestamp": "April 26, 2024", - "waf": "Reliability" - }, - "severities": [ - { - "name": "높다" - }, - { - "name": "보통" - }, - { - "name": "낮다" - } - ], - "status": [ - { - "description": "이 검사는 아직 검토되지 않았습니다", - "name": "확인되지 않음" - }, - { - "description": "이 검사와 연관된 작업 항목이 있습니다", - "name": "열다" - }, - { - "description": "이 검사는 확인되었으며 이와 관련된 추가 작업 항목이 없습니다", - "name": "성취" - }, - { - "description": "권장 사항은 이해되었지만 현재 요구 사항에 필요하지 않음", - "name": "필요 없음" - }, - { - "description": "현재 설계에는 적용되지 않습니다.", - "name": "해당 없음" - } - ], - "waf": [ - { - "name": "신뢰도" - }, - { - "name": "안전" - }, - { - "name": "비용" - }, - { - "name": "작업" - }, - { - "name": "공연" - } - ], - "yesno": [ - { - "name": "예" - }, - { - "name": "아니요" - } - ] -} \ No newline at end of file diff --git a/checklists/cognitivesearch_checklist.pt.json b/checklists/cognitivesearch_checklist.pt.json deleted file mode 100644 index 182350327..000000000 --- a/checklists/cognitivesearch_checklist.pt.json +++ /dev/null @@ -1,175 +0,0 @@ -{ - "categories": [ - { - "name": "Gerenciamento de identidades e acesso" - }, - { - "name": "Topologia de rede e conectividade" - }, - { - "name": "BC e DR" - }, - { - "name": "Governança e Segurança" - }, - { - "name": "Governança de Custos" - }, - { - "name": "Gestão de Operações" - }, - { - "name": "Implantação de aplicativos" - } - ], - "items": [ - { - "category": "Gestão de Operações", - "cost": 1, - "guid": "41faa1ed-b7f0-447d-8cba-4a4905e5bb83", - "id": "A01.01", - "link": "https://learn.microsoft.com/azure/search/search-reliability#high-availability", - "service": "Cognitive Search", - "severity": "Alto", - "subcategory": "Alta disponibilidade", - "text": "Permitir que 2 réplicas tenham 99,9% de disponibilidade para operações de leitura", - "waf": "Fiabilidade" - }, - { - "category": "Gestão de Operações", - "cost": 1, - "guid": "7d956fd9-788a-4845-9b9f-c0340972d810", - "id": "A01.02", - "link": "https://learn.microsoft.com/azure/search/search-reliability#high-availability", - "service": "Cognitive Search", - "severity": "Média", - "subcategory": "Alta disponibilidade", - "text": "Permitir que 3 réplicas tenham 99,9% de disponibilidade para operações de leitura/gravação", - "waf": "Fiabilidade" - }, - { - "category": "Gestão de Operações", - "cost": 1, - "guid": "44dc5f2b-a032-4d03-aae8-90c3f2c0a4c3", - "id": "A01.03", - "link": "https://learn.microsoft.com/azure/search/search-reliability#availability-zone-support", - "service": "Cognitive Search", - "severity": "Alto", - "subcategory": "Alta disponibilidade", - "text": "Aproveite as zonas de disponibilidade habilitando réplicas de leitura e/ou gravação", - "waf": "Fiabilidade" - }, - { - "category": "Gestão de Operações", - "cost": 1, - "guid": "cd0730f0-0ff1-4b77-9a2b-2a1f7dd5e291", - "id": "A02.01", - "link": "https://learn.microsoft.com/azure/search/search-reliability#multiple-services-in-separate-geographic-regions", - "service": "Cognitive Search", - "severity": "Média", - "subcategory": "Replicação geográfica", - "text": "Para redução regional, crie manualmente serviços em 2 ou mais regiões para a Pesquisa, pois não fornece um método automatizado de replicação de índices de pesquisa entre regiões geográficas", - "waf": "Fiabilidade" - }, - { - "category": "Gestão de Operações", - "cost": 1, - "guid": "3c964882-aec9-4d44-9f68-4b5f2efbbdb6", - "id": "A02.02", - "link": "https://learn.microsoft.com/azure/search/search-reliability#synchronize-data-across-multiple-services", - "service": "Cognitive Search", - "severity": "Média", - "subcategory": "Replicação geográfica", - "text": "Para sincronizar dados em vários serviços: Use indexadores para atualizar conteúdo em vários serviços ou Use APIs REST para enviar atualizações de conteúdo em vários serviços", - "waf": "Fiabilidade" - }, - { - "category": "Gestão de Operações", - "cost": 1, - "guid": "85ee93c9-f53c-4803-be51-e6e4aa37ff4e", - "id": "A02.03", - "link": "https://learn.microsoft.com/azure/search/search-reliability#use-azure-traffic-manager-to-coordinate-requests", - "service": "Cognitive Search", - "severity": "Média", - "subcategory": "Replicação geográfica", - "text": "Usar o Gerenciador de Tráfego do Azure para coordenar solicitações", - "waf": "Fiabilidade" - }, - { - "category": "Gestão de Operações", - "cost": 1, - "guid": "7be10278-57c1-4a61-8ee3-895aebfec5aa", - "id": "A03.01", - "link": "https://learn.microsoft.com/azure/search/search-reliability#back-up-and-restore-alternatives", - "service": "Cognitive Search", - "severity": "Alto", - "subcategory": "Recuperação de desastres", - "text": "Backup e restauração de um índice de pesquisa cognitiva do Azure. Use este código de exemplo para fazer backup da definição de índice e instantâneo em uma série de arquivos Json", - "waf": "Fiabilidade" - } - ], - "metadata": { - "name": "Cognitive Search Review Checklist", - "state": "Preview", - "timestamp": "April 26, 2024", - "waf": "Reliability" - }, - "severities": [ - { - "name": "Alto" - }, - { - "name": "Média" - }, - { - "name": "Baixo" - } - ], - "status": [ - { - "description": "Esta verificação ainda não foi analisada", - "name": "Não verificado" - }, - { - "description": "Há um item de ação associado a essa verificação", - "name": "Abrir" - }, - { - "description": "Essa verificação foi verificada e não há outros itens de ação associados a ela", - "name": "Cumprido" - }, - { - "description": "Recomendação compreendida, mas não necessária pelos requisitos atuais", - "name": "Não é necessário" - }, - { - "description": "Não aplicável ao projeto atual", - "name": "N/A" - } - ], - "waf": [ - { - "name": "Fiabilidade" - }, - { - "name": "Segurança" - }, - { - "name": "Custar" - }, - { - "name": "Operações" - }, - { - "name": "Desempenho" - } - ], - "yesno": [ - { - "name": "Sim" - }, - { - "name": "Não" - } - ] -} \ No newline at end of file diff --git a/checklists/cognitivesearch_checklist.zh-Hant.json b/checklists/cognitivesearch_checklist.zh-Hant.json deleted file mode 100644 index 2d1e80122..000000000 --- a/checklists/cognitivesearch_checklist.zh-Hant.json +++ /dev/null @@ -1,175 +0,0 @@ -{ - "categories": [ - { - "name": "身份和訪問管理" - }, - { - "name": "網路拓撲和連接" - }, - { - "name": "BC 和DR" - }, - { - "name": "治理與安全" - }, - { - "name": "成本治理" - }, - { - "name": "運營管理" - }, - { - "name": "應用程式部署" - } - ], - "items": [ - { - "category": "運營管理", - "cost": 1, - "guid": "41faa1ed-b7f0-447d-8cba-4a4905e5bb83", - "id": "A01.01", - "link": "https://learn.microsoft.com/azure/search/search-reliability#high-availability", - "service": "Cognitive Search", - "severity": "高", - "subcategory": "高可用性", - "text": "使 2 個副本具有 99.9% 的讀取操作可用性", - "waf": "可靠性" - }, - { - "category": "運營管理", - "cost": 1, - "guid": "7d956fd9-788a-4845-9b9f-c0340972d810", - "id": "A01.02", - "link": "https://learn.microsoft.com/azure/search/search-reliability#high-availability", - "service": "Cognitive Search", - "severity": "中等", - "subcategory": "高可用性", - "text": "使 3 個副本具有 99.9% 的讀/寫操作可用性", - "waf": "可靠性" - }, - { - "category": "運營管理", - "cost": 1, - "guid": "44dc5f2b-a032-4d03-aae8-90c3f2c0a4c3", - "id": "A01.03", - "link": "https://learn.microsoft.com/azure/search/search-reliability#availability-zone-support", - "service": "Cognitive Search", - "severity": "高", - "subcategory": "高可用性", - "text": "通過啟用讀取和/或寫入副本來利用可用區", - "waf": "可靠性" - }, - { - "category": "運營管理", - "cost": 1, - "guid": "cd0730f0-0ff1-4b77-9a2b-2a1f7dd5e291", - "id": "A02.01", - "link": "https://learn.microsoft.com/azure/search/search-reliability#multiple-services-in-separate-geographic-regions", - "service": "Cognitive Search", - "severity": "中等", - "subcategory": "異地複製", - "text": "對於區域冗餘,請在2個或更多區域中為搜索手動創建服務,因為它不提供跨地理區域複製搜索索引的自動方法", - "waf": "可靠性" - }, - { - "category": "運營管理", - "cost": 1, - "guid": "3c964882-aec9-4d44-9f68-4b5f2efbbdb6", - "id": "A02.02", - "link": "https://learn.microsoft.com/azure/search/search-reliability#synchronize-data-across-multiple-services", - "service": "Cognitive Search", - "severity": "中等", - "subcategory": "異地複製", - "text": "若要跨多個服務同步數據,請使用索引器更新多個服務上的內容,或使用 REST API 推送多個服務上的內容更新", - "waf": "可靠性" - }, - { - "category": "運營管理", - "cost": 1, - "guid": "85ee93c9-f53c-4803-be51-e6e4aa37ff4e", - "id": "A02.03", - "link": "https://learn.microsoft.com/azure/search/search-reliability#use-azure-traffic-manager-to-coordinate-requests", - "service": "Cognitive Search", - "severity": "中等", - "subcategory": "異地複製", - "text": "使用 Azure 流量管理器協調請求", - "waf": "可靠性" - }, - { - "category": "運營管理", - "cost": 1, - "guid": "7be10278-57c1-4a61-8ee3-895aebfec5aa", - "id": "A03.01", - "link": "https://learn.microsoft.com/azure/search/search-reliability#back-up-and-restore-alternatives", - "service": "Cognitive Search", - "severity": "高", - "subcategory": "災難恢復", - "text": "備份和還原 Azure 認知搜索索引。使用此範例代碼將索引定義和快照備份到一系列 Json 檔", - "waf": "可靠性" - } - ], - "metadata": { - "name": "Cognitive Search Review Checklist", - "state": "Preview", - "timestamp": "April 26, 2024", - "waf": "Reliability" - }, - "severities": [ - { - "name": "高" - }, - { - "name": "中等" - }, - { - "name": "低" - } - ], - "status": [ - { - "description": "此檢查尚未查看", - "name": "未驗證" - }, - { - "description": "有一個與此檢查關聯的操作項", - "name": "打開" - }, - { - "description": "此檢查已通過驗證,並且沒有與之關聯的進一步操作項", - "name": "實現" - }, - { - "description": "建議已理解,但當前需求不需要", - "name": "不需要" - }, - { - "description": "不適用於當前設計", - "name": "不適用" - } - ], - "waf": [ - { - "name": "可靠性" - }, - { - "name": "安全" - }, - { - "name": "成本" - }, - { - "name": "操作" - }, - { - "name": "性能" - } - ], - "yesno": [ - { - "name": "是的" - }, - { - "name": "不" - } - ] -} \ No newline at end of file diff --git a/checklists/cognitiveservices_checklist.en.json b/checklists/cognitiveservices_checklist.en.json deleted file mode 100644 index 7646a049e..000000000 --- a/checklists/cognitiveservices_checklist.en.json +++ /dev/null @@ -1,163 +0,0 @@ -{ - "items": [ - { - "category": "Operations Management", - "subcategory": "Best Practice", - "text": "Leverage FTA HandBook for Cognitive Services", - "waf": "Reliability", - "service": "Cognitive Services", - "guid": "21c30d25-ffb7-4f6a-b9ea-b3fec328f787", - "id": "A01.01", - "cost": 1, - "severity": "Medium", - "link": "https://github.com/Azure/fta-resiliencyplaybooks/blob/main/paas-foundations-playbooks-cog_svcs_v1.docx" - }, - { - "category": "Operations Management", - "subcategory": "Backup", - "text": "Backup Your Prompts", - "waf": "Reliability", - "service": "Cognitive Services", - "guid": "78c34698-16b2-4763-aefe-1b9b599de0d5", - "id": "A02.01", - "cost": 1, - "severity": "Medium", - "link": "https://learn.microsoft.com/azure/ai-services/openai/concepts/advanced-prompt-engineering?pivots=programming-language-chat-completions" - }, - { - "category": "Operations Management", - "subcategory": "Backup", - "text": "Business Continuity and Disaster Recovery (BCDR) considerations with Azure OpenAI Service", - "waf": "Reliability", - "service": "Cognitive Services", - "guid": "750ab2ab-039d-4a6d-95d7-c892adb107d5", - "id": "A02.02", - "cost": 1, - "severity": "High", - "link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/business-continuity-disaster-recovery" - }, - { - "category": "Operations Management", - "subcategory": "Backup", - "text": "Backup Your ChatGPT conversations", - "waf": "Reliability", - "service": "Cognitive Services", - "guid": "325af625-ca44-4e46-a5e2-223ace8bb123", - "id": "A02.03", - "cost": 1, - "severity": "Medium", - "link": "https://github.com/abacaj/chatgpt-backup#backup-your-chatgpt-conversations" - }, - { - "category": "Operations Management", - "subcategory": "DevOps", - "text": "CI/CD for custom speech", - "waf": "Reliability", - "service": "Cognitive Services", - "guid": "07ca5f17-f154-4e3a-a369-2829e7e31618", - "id": "A03.01", - "cost": 1, - "severity": "Medium", - "link": "https://learn.microsoft.com/azure/ai-services/speech-service/how-to-custom-speech-continuous-integration-continuous-deployment" - }, - { - "category": "Operations Management", - "subcategory": "QnA Service", - "text": "Move a knowledge base using export-import", - "waf": "Reliability", - "service": "Cognitive Services", - "guid": "3687a046-7a1f-4893-9bda-43324f248116", - "id": "A04.01", - "cost": 1, - "severity": "Low", - "link": "https://learn.microsoft.com/azure/ai-services/qnamaker/tutorials/export-knowledge-base" - } - ], - "categories": [ - { - "name": "Identity and Access Management" - }, - { - "name": "Network Topology and Connectivity" - }, - { - "name": "BC and DR" - }, - { - "name": "Governance and Security" - }, - { - "name": "Cost Governance" - }, - { - "name": "Operations Management" - }, - { - "name": "Application Deployment" - } - ], - "waf": [ - { - "name": "Reliability" - }, - { - "name": "Security" - }, - { - "name": "Cost" - }, - { - "name": "Operations" - }, - { - "name": "Performance" - } - ], - "yesno": [ - { - "name": "Yes" - }, - { - "name": "No" - } - ], - "status": [ - { - "name": "Not verified", - "description": "This check has not been looked at yet" - }, - { - "name": "Open", - "description": "There is an action item associated to this check" - }, - { - "name": "Fulfilled", - "description": "This check has been verified, and there are no further action items associated to it" - }, - { - "name": "Not required", - "description": "Recommendation understood, but not needed by current requirements" - }, - { - "name": "N/A", - "description": "Not applicable for current design" - } - ], - "severities": [ - { - "name": "High" - }, - { - "name": "Medium" - }, - { - "name": "Low" - } - ], - "metadata": { - "name": "Cognitive Services Review Checklist", - "state": "Preview", - "waf": "Reliability", - "timestamp": "April 15, 2024" - } -}