Table of Contents

Azure Computer Vision Baseline

In the previous article, “Azure Form Recognizer Baseline”, we went over an industry-standard security baseline for the deployment of Azure Form Recognizer. In this article, we’ll go over requirements and guidelines and share an example security baseline for Azure Computer Vision.


Azure Computer Vision can power many digital asset management (DAM) scenarios. DAM is the business process of organizing, storing, and retrieving rich media assets and managing digital rights and permissions. For example, a company may want to group and identify images based on visible logos, faces, objects, colors, and so on. 

Azure Computer Vision gives you access to advanced algorithms that process images and return information based on the visual features you’re interested in.  


Baseline considerations are based on security principles that are provided by stakeholders. Every decision made in the baseline discusses a security parameter of a configuration related to a service. It informs consumers on what to do and what not to do when setting up their service.  

We’ll describe each configuration name, requirements, and guidelines. 

Data Encryption

  • Encrypt sensitive information in transit. 
  • Enforce TLS 1.2 for service endpoints exposed over HTTPS. 
  • With an enforced security protocol, consumers attempting to call a Form Recognizer services endpoint should adhere to these guidelines. 


  • Resource group requirements. 
  • Must use the same region for resources, resource group, and subscription. 

Firewall Configuration Requirements

  • Internet IP ranges are not allowed. 
  • Allowed IP address subnet range within a network should be reviewed and approved with the design review process. 

Network Type

  • Access to the ACV service. 
  • Public access to the service is not allowed, must opt into the selected network, and configure network security for your cognitive resource. 
  • Restrict access to the applicable subnets from where you are going to access the particular required subnets. 

Ready to experience the full power of cloud technology?

Our cloud experts will speed up cloud deployment, and make your business more efficient.  


  • Encryption at rest. 
  • Use customer-managed keys.


  • Docker container requirements. 
  • Must use Docker Container Read OCR, as it is generally available.

Network Logging

  • Monitor and log the configuration and traffic of virtual networks, subnets, and network interfaces. 
  • Turn on NSG flow logs and enable Traffic Analytics.


  • Authenticate console services and data sources using Azure native security services. 
  • Authentication to data sources should be through managed system-assigned managed identity. 


  • API keys should be stored in key vaults as secrets. 
  • Can either create your own keys or store them in a key vault, or you can use Key Vault APIs to generate keys.


  • Collect platform logs and operation logs. 
  • Logs must be stored in Gas Power Cyber approved logging destination.


  • All search services must be tagged with a valid UAI. 
  • User lowercase name and value. 

Environment Tag

  • All search services must be tagged with a tag corresponding to the application environment. 
  • Follow the Cloud Controls Matrix document for valid environment names. 
  • Use lowercase name and value.

App name Tag

  • Applications must be tagged with application short-name where applicable. 
  • For example, your key may be called “appname”, and your value may be “ABC123”.

Naming Convention

  • Follow a standard, established naming convention. 
  • Refer to your own Naming & Tagging standards. 

Private Endpoints

  • Deny public internet access. 
  • Ensure the key vault is accessible only over the client’s private network. 

Standard Network Configuration

  • Apply a standard vnet, subnet, and NSG configuration. 
  • Refer to your own network baseline configuration. 

IAM RBAC Configuration

  • Apply standard RBAC definitions for speech services and assign them to users. 
  • Least access privilege model. 

API Key Rotation

  • Keys should be rotated periodically. 
  • Regenerate keys regularly and store keys in the key vault. 

Pricing Tier

  • Use “Standard” pricing for production use cases that require 20 calls per minute and 5,000 calls per month. 
  • For high endpoint traffic from your published app, it is recommended to upgrade to an S1 resource.


  • Use a storage account for pre-scan files. 
  • Configure CORS settings in the storage account, and secure the storage account to restrict traffic from only specific virtual networks and IP addresses. 

Backup and Recovery

  • Ensure regular automated backups.


Although this is not a comprehensive list of considerations when making a baseline for any cloud resource, it is sufficient for an Azure Computer Vision baseline configuration. For each resource in any business, such considerations must be made according to stakeholder security principles.

As your trusted partner, ISmile Technologies will ensure that your company’s cloud resource deployment is HIPAA-compliant and secure. For more information, Get Your Free Consultation.  

Cloud Engineer

Gabriel Chutuape

A technology enthusiast passionate about automation, Gabriel Chutuape is a Cloud Engineer at ISmile Technologies. He’s part of the ISmile Technologies Cloud enablement team that help customers to design/solution/project engineering, integrating and implementing infrastructure technologies & services.


Karthik Srinivas

Karthik Srinivas is a working Information Technology professional and part of operations. He contributes to streamlining the technology services and operational activities to meet business requirements and beyond.

Liked what you read !

Please leave a Feedback

Leave a Reply

Your email address will not be published. Required fields are marked *

Join the sustainability movement

Is your carbon footprint leaving a heavy mark? Learn how to lighten it! ➡️

Register Now

Calculate Your DataOps ROI with Ease!

Simplify your decision-making process with the DataOps ROI Calculator, optimize your data management and analytics capabilities.

Calculator ROI Now!

Related articles you may would like to read

The Transformative Power of Artificial Intelligence in Healthcare
How To Setup An AI Center of Excellence (COE) With Use Cases And Process 

Know the specific resource requirement for completing a specific project with us.


Keep yourself updated with the latest updates about Cloud technology, our latest offerings, security trends and much more.


Gain insights into latest aspects of cloud productivity, security, advanced technologies and more via our Virtual events.

ISmile Technologies delivers business-specific Cloud Solutions and Managed IT Services across all major platforms maximizing your competitive advantage at an unparalleled value.

Request a Consultation