MicrosoftDocs
diff --git a/‎learn-pr/wwl-azure/implement-security-controls-azure-ai-ready-infrastructure/includes/4-apply-azure-policy-primary-governance.md‎
Lines changed: 1 addition & 1 deletion b/‎learn-pr/wwl-azure/implement-security-controls-azure-ai-ready-infrastructure/includes/4-apply-azure-policy-primary-governance.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎learn-pr/wwl-azure/implement-security-controls-azure-ai-ready-infrastructure/media/foundry-account-structure-central-hub.png‎
-165 KB b/‎learn-pr/wwl-azure/implement-security-controls-azure-ai-ready-infrastructure/media/foundry-account-structure-central-hub.png‎
-165 KB
@@ -18,7 +18,7 @@ At the same time, you must balance enforcement strictness with operational flexi
 
 ## Implementing policies for AI infrastructure compliance
 
-Now that you understand policy effects, let's explore common policy patterns for AI workloads. Azure provides built-in policies for many AI-specific requirements, eliminating the need to write custom policy definitions from scratch. The policy "Azure Machine Learning workspaces should use private link" ensures your ML infrastructure isn't accessible from the public internet, reducing attack surface. The policy "Azure AI Services accounts should restrict network access" prevents accidental exposure of API keys through public endpoints. The policy "Require a tag and its value on resources" enforces cost allocation tags on all AI resources, ensuring accurate project chargeback. These built-in policies cover 70-80% of common governance requirements, and you assign them to your AI scopes with a few select.
+Now that you understand policy effects, let's explore common policy patterns for AI workloads. Azure provides built-in policies for many AI-specific requirements, eliminating the need to write custom policy definitions from scratch. The policy "Azure Machine Learning workspaces should use private link" ensures your ML infrastructure isn't accessible from the public internet, reducing attack surface. The policy "Azure AI Services accounts should restrict network access" prevents accidental exposure of API keys through public endpoints. The policy "Require a tag and its value on resources" enforces cost allocation tags on all AI resources, ensuring accurate project chargeback. These built-in policies cover 70-80% of the common governance requirements assigned to your AI scopes.
 
 However, this changes when your organization has requirements that built-in policies don't address. Suppose your compliance team mandates that all Azure Machine Learning compute clusters must use specific virtual machine SKUs that meet data processing certifications. No built-in policy enforces this requirement, so you create a custom policy definition using JSON that checks the "vmSize" property of compute clusters and denies deployment if the SKU isn't in your approved list. Custom policies follow the same assignment and evaluation workflow as built-in policies—once defined, you assign them to appropriate scopes and Azure enforces them automatically. Organizations with mature AI governance platforms typically use 60-70% built-in policies and 30-40% custom policies that address industry-specific or regulatory requirements unique to their environment.