-
Notifications
You must be signed in to change notification settings - Fork 330
/
Copy pathaoai_checklist.zh-Hant.json
920 lines (920 loc) · 40.9 KB
/
aoai_checklist.zh-Hant.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
{
"categories": [
{
"name": "身份和訪問管理"
},
{
"name": "網路拓撲和連接"
},
{
"name": "BC 和DR"
},
{
"name": "治理與安全"
},
{
"name": "成本治理"
},
{
"name": "運營管理"
},
{
"name": "應用程式部署"
},
{
"name": "負責任的 AI"
}
],
"items": [
{
"category": "負責任的 AI",
"guid": "a85b86ad-884f-48e3-9273-4b875ba18f10",
"id": "AOAI.1",
"link": "https://learn.microsoft.com/azure/ai-services/openai/concepts/system-message#define-additional-safety-and-behavioral-guardrails",
"service": "Azure OpenAI",
"severity": "高",
"subcategory": "元提示",
"text": "遵循 Metaprompting 護欄,實現 realible AI",
"waf": "卓越運營"
},
{
"category": "運營管理",
"guid": "d4391898-cd28-48be-b6b1-7cb8245451e1",
"id": "AOAI.10",
"link": "https://github.com/Azure-Samples/AI-Gateway",
"service": "Azure OpenAI",
"severity": "高",
"subcategory": "負載均衡",
"text": "考慮使用APIM或 AI central 等解決方案的閘道模式,以實現更好的速率限制、負載均衡、身份驗證和日誌記錄",
"waf": "卓越運營"
},
{
"category": "運營管理",
"guid": "aed3453a-ec72-4392-97a1-52d6cc5e4029",
"id": "AOAI.11",
"link": "https://techcommunity.microsoft.com/t5/fasttrack-for-azure/azure-openai-insights-monitoring-ai-with-confidence/ba-p/4026850",
"service": "Azure OpenAI",
"severity": "高",
"subcategory": "監測",
"text": "為您的 AOAI 實例啟用監控",
"waf": "卓越運營"
},
{
"category": "運營管理",
"guid": "697cb391-ed16-4b2d-886f-0a0241addde6",
"id": "AOAI.12",
"link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/monitoring#set-up-alerts",
"service": "Azure OpenAI",
"severity": "高",
"subcategory": "警報",
"text": "建立警報以通知團隊有關事件的通知,例如由對資源執行的操作(例如重新生成其訂閱金閜)創建的活動日誌中的條目或指標閾值(例如一小時內超過 10 的錯誤數)",
"waf": "卓越運營"
},
{
"category": "運營管理",
"guid": "8a477cde-b486-41bc-9bc1-0ae66e25d4d5",
"id": "AOAI.13",
"link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/monitoring",
"service": "Azure OpenAI",
"severity": "高",
"subcategory": "監測",
"text": "監控令牌使用方式,防止由於容量導致服務中斷",
"waf": "卓越運營"
},
{
"category": "運營管理",
"guid": "a3aec2c4-e243-46b0-936c-b45e17960eee",
"id": "AOAI.14",
"link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/monitoring",
"service": "Azure OpenAI",
"severity": "中等",
"subcategory": "可觀察性",
"text": "觀察已處理的推理令牌、生成的完成令牌等指標,監視速率限制",
"waf": "卓越運營"
},
{
"category": "運營管理",
"guid": "fbdf4cc2-eec4-4d76-8c31-d25ffbb46a39",
"id": "AOAI.15",
"link": "https://techcommunity.microsoft.com/t5/apps-on-azure-blog/build-an-enterprise-ready-azure-openai-solution-with-azure-api/ba-p/3907562",
"service": "Azure OpenAI",
"severity": "低",
"subcategory": "可觀察性",
"text": "如果診斷對你來說還不夠,請考慮在 Azure OpenAI 前面使用閘道(例如 Azure API 管理)來記錄傳入提示和傳出回應(如果允許)",
"waf": "卓越運營"
},
{
"category": "運營管理",
"guid": "3af30ed3-2947-498b-8178-a2c5a46ceb54",
"id": "AOAI.16",
"link": "https://github.com/Azure-Samples/openai-enterprise-iac",
"service": "Azure OpenAI",
"severity": "高",
"subcategory": "基礎設施部署",
"text": "使用基礎結構即代碼部署 Azure OpenAI 服務、模型部署和所有相關資源",
"waf": "卓越運營"
},
{
"category": "治理與安全",
"guid": "4350d092-d234-4292-a752-8537a551c5bf",
"id": "AOAI.17",
"link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/managed-identity",
"service": "Azure OpenAI",
"severity": "高",
"subcategory": "認證",
"text": "將 Microsoft Entra 身份驗證與託管標識(而不是 API 金鑰)配合使用",
"waf": "安全"
},
{
"category": "負責任的 AI",
"guid": "4e4f1854-287d-45cd-a126-cc031af5b1fc",
"id": "AOAI.18",
"link": "https://learn.microsoft.com/azure/machine-learning/prompt-flow/how-to-bulk-test-evaluate-flow?view=azureml-api-2",
"service": "Azure OpenAI",
"severity": "高",
"subcategory": "評估",
"text": "使用已知的黃金數據集評估系統的性能/準確性,該數據集具有輸入和正確答案。利用 PromptFlow 中的功能進行評估。",
"waf": "卓越運營"
},
{
"category": "運營管理",
"guid": "68889535-e327-4897-b31b-67d67be5962a",
"id": "AOAI.19",
"link": "https://learn.microsoft.com/azure/architecture/ai-ml/architecture/baseline-openai-e2e-chat#azure-openai---performance-efficiency",
"service": "Azure OpenAI",
"severity": "高",
"subcategory": "託管模型",
"text": "評估預配輸送量模型的使用方式",
"waf": "性能"
},
{
"category": "負責任的 AI",
"guid": "cd288bed-6b17-4cb8-8454-51e1aed3453a",
"id": "AOAI.2",
"link": "https://learn.microsoft.com/azure/ai-services/content-safety/overview",
"service": "Azure OpenAI",
"severity": "高",
"subcategory": "內容安全",
"text": "查看和實施 Azure AI 內容安全性",
"waf": "卓越運營"
},
{
"category": "運營管理",
"guid": "1193846d-697c-4b39-8ed1-6b2d186f0a02",
"id": "AOAI.20",
"link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/latency#system-level-throughput",
"service": "Azure OpenAI",
"severity": "高",
"subcategory": "輸送量定義",
"text": "根據令牌數和每分鐘的回應來定義和評估系統的輸送量,並符合要求",
"waf": "性能"
},
{
"category": "運營管理",
"guid": "41addde6-8a47-47cd-bb48-61bc3bc10ae6",
"id": "AOAI.21",
"link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/latency#improve-performance",
"service": "Azure OpenAI",
"severity": "中等",
"subcategory": "延遲改善",
"text": "通過限制令牌大小、流式處理選項來改善系統的延遲",
"waf": "性能"
},
{
"category": "運營管理",
"guid": "6e25d4d5-a3ae-4c2c-9e24-36b0336cb45e",
"id": "AOAI.22",
"link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/latency#batching",
"service": "Azure OpenAI",
"severity": "中等",
"subcategory": "彈性分離",
"text": "估計彈性需求,以根據優先順序確定同步和批量請求分離。對於高優先順序,使用同步方法,對於低優先順序,首選使用佇列的異步批處理",
"waf": "性能"
},
{
"category": "運營管理",
"guid": "5bda4332-4f24-4811-9331-82ba51752694",
"id": "AOAI.23",
"link": "https://github.com/Azure/azure-openai-benchmark/",
"service": "Azure OpenAI",
"severity": "高",
"subcategory": "標杆",
"text": "根據消費者的估計需求對代幣消費要求進行基準測試。如果使用的是預設輸送量單元部署,請考慮使用 Azure OpenAI 基準測試工具來幫助驗證輸送量",
"waf": "性能"
},
{
"category": "運營管理",
"guid": "4008ae7d-7e47-4432-96d8-bdcf55bce619",
"id": "AOAI.24",
"link": "https://techcommunity.microsoft.com/t5/fasttrack-for-azure/optimizing-azure-openai-a-guide-to-limits-quotas-and-best/ba-p/4076268",
"service": "Azure OpenAI",
"severity": "中等",
"subcategory": "彈性",
"text": "如果您使用的是預設輸送量單位 (PTU),請考慮為溢出請求部署每分鐘令牌 (TPM) 部署。當達到 PTU 限制時,使用閘道將請求路由到 TPM 部署。",
"waf": "性能"
},
{
"category": "運營管理",
"guid": "e8a13f98-8794-424d-9267-86d60b96c97b",
"id": "AOAI.25",
"link": "https://learn.microsoft.com/azure/ai-services/openai/concepts/models",
"service": "Azure OpenAI",
"severity": "高",
"subcategory": "型號選擇",
"text": "為正確的任務選擇正確的模型。選擇在速度、回應質量和輸出複雜性之間做出正確權衡的模型",
"waf": "性能"
},
{
"category": "運營管理",
"guid": "e9951904-8384-45c9-a6cb-2912156a1147",
"id": "AOAI.26",
"link": "https://github.com/Azure/azure-openai-benchmark/",
"service": "Azure OpenAI",
"severity": "中等",
"subcategory": "微調",
"text": "有一個性能基線,而不進行微調,以瞭解微調是否提高了模型性能",
"waf": "性能"
},
{
"category": "BC 和DR",
"guid": "5e39f541-accc-4d97-a376-bcdb3750ab2a",
"id": "AOAI.27",
"link": "https://learn.microsoft.com/azure/architecture/ai-ml/architecture/baseline-openai-e2e-chat#azure-openai---reliability",
"service": "Azure OpenAI",
"severity": "低",
"subcategory": "多區域架構",
"text": "跨區域部署多個 OAI 實例",
"waf": "可靠性"
},
{
"category": "BC 和DR",
"guid": "b039da6d-55d7-4c89-8adb-107d5325af62",
"id": "AOAI.28",
"link": "https://learn.microsoft.com/azure/architecture/ai-ml/architecture/baseline-openai-e2e-chat#azure-openai---reliability",
"service": "Azure OpenAI",
"severity": "高",
"subcategory": "負載均衡",
"text": "使用閘道模式(如 APIM)實現重試和運行狀況檢查",
"waf": "可靠性"
},
{
"category": "BC 和DR",
"guid": "5ca44e46-85e2-4223-ace8-bb12308ca5f1",
"id": "AOAI.29",
"link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/quota?tabs=rest#introduction-to-quota",
"service": "Azure OpenAI",
"severity": "中等",
"subcategory": "配額",
"text": "確保為工作負載提供足夠的 TPM 和 RPM 配額",
"waf": "可靠性"
},
{
"category": "負責任的 AI",
"guid": "ec723923-7a15-42d6-ac5e-402925387e5c",
"id": "AOAI.3",
"link": "https://www.microsoft.com/research/project/guidelines-for-human-ai-interaction/",
"service": "Azure OpenAI",
"severity": "中等",
"subcategory": "UX 最佳實踐",
"text": "查看 HAI 工具包指南中的注意事項,並將這些交互實踐應用於 slution",
"waf": "卓越運營"
},
{
"category": "BC 和DR",
"guid": "7f154e3a-a369-4282-ae7e-316183687a04",
"id": "AOAI.30",
"link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/business-continuity-disaster-recovery",
"service": "Azure OpenAI",
"severity": "中等",
"subcategory": "負載均衡",
"text": "如果採用微調,則跨區域部署單獨的微調模型",
"waf": "可靠性"
},
{
"category": "BC 和DR",
"guid": "77a1f893-5bda-4433-84f2-4811633182ba",
"id": "AOAI.31",
"link": "https://learn.microsoft.com/azure/backup/backup-overview",
"service": "Azure OpenAI",
"severity": "中等",
"subcategory": "數據備份和災難恢復",
"text": "定期備份和複製關鍵數據,以確保數據丟失或系統故障時的數據可用性和可恢復性。利用 Azure 的備份和災難恢復服務來保護數據。",
"waf": "可靠性"
},
{
"category": "BC 和DR",
"guid": "95b96ad8-844c-4e3b-8b38-b876ba2cf204",
"id": "AOAI.32",
"link": "https://www.microsoft.com/licensing/docs/view/Service-Level-Agreements-SLA-for-Online-Services?lang=1",
"service": "Azure OpenAI",
"severity": "高",
"subcategory": "SLA 注意事項",
"text": "應選擇 Azure AI 搜索服務層級以具有 SLA",
"waf": "可靠性"
},
{
"category": "治理與安全",
"guid": "99013a5d-3ce4-474d-acbd-8682a6abca2a",
"id": "AOAI.33",
"link": "https://learn.microsoft.com/purview/purview",
"service": "Azure OpenAI",
"severity": "低",
"subcategory": "數據敏感度",
"text": "對數據和敏感度進行分類,在生成嵌入之前使用 Microsoft Purview 進行標記,並確保以相同的敏感度和分類處理生成的嵌入",
"waf": "安全"
},
{
"category": "治理與安全",
"guid": "4fda1dbf-3dd9-45d4-ac7c-891dca1f6d56",
"id": "AOAI.34",
"link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/use-your-data-securely",
"service": "Azure OpenAI",
"severity": "高",
"subcategory": "靜態加密",
"text": "使用 SSE/磁碟加密和可選的 BYOK 加密來加密用於 RAG 的數據",
"waf": "安全"
},
{
"category": "治理與安全",
"guid": "59ae558b-937d-4498-9e11-12dbd7ba012f",
"id": "AOAI.35",
"link": "https://learn.microsoft.com/azure/search/search-security-overview",
"service": "Azure OpenAI",
"severity": "高",
"subcategory": "傳輸加密",
"text": "確保對跨數據源傳輸的數據實施 TLS,用於檢索增強生成 (RAG) 和 LLM 通信的 AI 搜索",
"waf": "安全"
},
{
"category": "治理與安全",
"guid": "7b94ef6e-047d-42ea-8992-b1cd6e2054b2",
"id": "AOAI.36",
"link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/role-based-access-control",
"service": "Azure OpenAI",
"severity": "高",
"subcategory": "存取控制",
"text": "使用 RBAC 管理對 Azure OpenAI 服務的訪問。為使用者分配適當的許可權,並根據其角色和職責限制訪問許可權",
"waf": "安全"
},
{
"category": "治理與安全",
"guid": "9769e4a6-91e8-4838-ac93-6667e13c0056",
"id": "AOAI.37",
"link": "https://learn.microsoft.com/azure/security/fundamentals/data-encryption-best-practices",
"service": "Azure OpenAI",
"severity": "中等",
"subcategory": "數據遮罩和編輯",
"text": "實施數據加密、遮罩或編輯技術,以在非生產環境中或出於測試或故障排除目的共用數據時隱藏敏感數據或將其替換為混淆值",
"waf": "安全"
},
{
"category": "治理與安全",
"guid": "74b1e945-b459-4837-be7a-d6c6d3b375a5",
"id": "AOAI.38",
"link": "https://learn.microsoft.com/azure/defender-for-cloud/defender-for-cloud-introduction",
"service": "Azure OpenAI",
"severity": "高",
"subcategory": "威脅檢測和監控",
"text": "利用 Azure Defender 來檢測和回應安全威脅,並設置監視和警報機制來識別可疑活動或違規行為。利用 Azure Sentinel 進行高級威脅檢測和回應",
"waf": "安全"
},
{
"category": "治理與安全",
"guid": "c7acbe48-abe5-44cd-99f2-e87768468c55",
"id": "AOAI.39",
"link": "https://techcommunity.microsoft.com/t5/azure-storage-blog/managing-long-term-log-retention-or-any-business-data/ba-p/2494791",
"service": "Azure OpenAI",
"severity": "中等",
"subcategory": "數據保留和處置",
"text": "制定數據保留和處置策略,以遵守合規性法規。對不再需要的數據實施安全刪除方法,並維護數據保留和處置活動的審計跟蹤",
"waf": "安全"
},
{
"category": "負責任的 AI",
"guid": "a9c27d9c-42bb-46bd-8c69-99a246f3389a",
"id": "AOAI.4",
"link": "https://learn.microsoft.com/azure/ai-services/content-safety/concepts/jailbreak-detection",
"service": "Azure OpenAI",
"severity": "高",
"subcategory": "越獄安全",
"text": "使用 Content Safety 實施 Prompt shields 和接地檢測",
"waf": "卓越運營"
},
{
"category": "治理與安全",
"guid": "a775c6ee-95b9-46ad-a844-ce3b2b38b876",
"id": "AOAI.40",
"link": "https://learn.microsoft.com/azure/compliance/",
"service": "Azure OpenAI",
"severity": "高",
"subcategory": "數據隱私與合規",
"text": "通過實施隱私控制並獲得數據處理活動所需的同意或許可,確保遵守相關的數據保護法規,例如GDPR或HIPAA。",
"waf": "安全"
},
{
"category": "治理與安全",
"guid": "ba2cf204-9901-43a5-b3ce-474dccbd8682",
"id": "AOAI.41",
"service": "Azure OpenAI",
"severity": "中等",
"subcategory": "員工意識和培訓",
"text": "對員工進行有關數據安全最佳實踐、安全處理數據的重要性以及與數據洩露相關的潛在風險的教育。鼓勵他們勤奮地遵循數據安全協定。",
"waf": "安全"
},
{
"category": "治理與安全",
"guid": "eae01e6e-842e-452f-9721-d928c1b1cd52",
"id": "AOAI.42",
"service": "Azure OpenAI",
"severity": "高",
"subcategory": "環境隔離",
"text": "將生產數據與開發和測試數據分開。僅在生產中使用真實的敏感數據,並在開發和測試環境中使用匿名或合成數據。",
"waf": "安全"
},
{
"category": "治理與安全",
"guid": "1e54a29a-9de3-499c-bd7b-28dc93555620",
"id": "AOAI.43",
"service": "Azure OpenAI",
"severity": "中等",
"subcategory": "索引分離",
"text": "如果您具有不同級別的數據敏感度,請考慮為每個級別創建單獨的索引。例如,您可以有一個用於常規數據的索引,另一個用於敏感數據的索引,每個索引都由不同的訪問協定管理",
"waf": "安全"
},
{
"category": "治理與安全",
"guid": "2bfe4564-b0d8-434a-948b-263e6dd60512",
"id": "AOAI.44",
"service": "Azure OpenAI",
"severity": "中等",
"subcategory": "不同實例中的敏感數據",
"text": "通過將敏感數據集放置在服務的不同實例中,進一步實現隔離。每個實例都可以使用其自己的特定 RBAC 策略集進行控制",
"waf": "安全"
},
{
"category": "治理與安全",
"guid": "a36498f6-dbad-438e-ad53-cc7ce1d7aaab",
"id": "AOAI.45",
"service": "Azure OpenAI",
"severity": "高",
"subcategory": "嵌入和向量處理",
"text": "認識到從敏感資訊生成的嵌入和向量本身就是敏感的。這些數據應得到與源材料相同的保護措施",
"waf": "安全"
},
{
"category": "治理與安全",
"guid": "3571449a-b805-43d8-af89-dc7b33be2a1a",
"id": "AOAI.46",
"link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/role-based-access-control",
"service": "Azure OpenAI",
"severity": "高",
"subcategory": "存取控制",
"text": "將 RBAC 應用於具有嵌入和向量的數據存儲,並根據角色的訪問要求確定存取範圍",
"waf": "安全"
},
{
"category": "治理與安全",
"guid": "27f7b9e9-1be1-4f38-aef3-9812bd463cbb",
"id": "AOAI.47",
"link": "https://techcommunity.microsoft.com/t5/azure-architecture-blog/azure-openai-private-endpoints-connecting-across-vnet-s/ba-p/3913325",
"service": "Azure OpenAI",
"severity": "高",
"subcategory": "網路安全",
"text": "為 AI 服務配置專用終結點,以限制網路內的服務訪問",
"waf": "安全"
},
{
"category": "治理與安全",
"guid": "ac8ac199-ebb9-41a3-9d90-cae2cc881370",
"id": "AOAI.48",
"service": "Azure OpenAI",
"severity": "高",
"subcategory": "網路安全",
"text": "使用 Azure 防火牆和 UDR 強制實施嚴格的入站和出站流量控制,並限制外部集成點",
"waf": "安全"
},
{
"category": "治理與安全",
"guid": "6f7c0cba-fe51-4464-add4-57e927138b82",
"id": "AOAI.49",
"service": "Azure OpenAI",
"severity": "高",
"subcategory": "控制網路訪問",
"text": "實施網路分段和訪問控制,將 LLM 應用程式的存取限製為僅授權使用者和系統,並防止橫向行動",
"waf": "安全"
},
{
"category": "成本優化",
"guid": "7f42c78e-78cb-46a2-8ad1-90916e6a8d8f",
"id": "AOAI.5",
"link": "https://www.microsoft.com/research/blog/llmlingua-innovating-llm-efficiency-with-prompt-compression/",
"service": "Azure OpenAI",
"severity": "中等",
"subcategory": "代幣優化",
"text": "使用提示壓縮工具,如 LLMLingua 或 gprtrim",
"waf": "成本優化"
},
{
"category": "治理與安全",
"guid": "1102cac6-eae0-41e6-b842-e52f4721d928",
"id": "AOAI.50",
"link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/managed-identity",
"service": "Azure OpenAI",
"severity": "高",
"subcategory": "保護 API 和端點",
"text": "確保 LLM 應用程式使用的 API 和端點使用身份驗證和授權機制(例如託管標識、API 金鑰或 OAuth)得到適當保護,以防止未經授權的訪問。",
"waf": "安全"
},
{
"category": "治理與安全",
"guid": "c1b1cd52-1e54-4a29-a9de-399cfd7b28dc",
"id": "AOAI.51",
"link": "https://techcommunity.microsoft.com/t5/azure-architecture-blog/security-best-practices-for-genai-applications-openai-in-azure/ba-p/4027885",
"service": "Azure OpenAI",
"severity": "中等",
"subcategory": "實施強身份驗證",
"text": "實施強大的最終使用者身份驗證機制,例如多因素身份驗證,以防止對 LLM 應用程式和相關網路資源的未經授權的訪問",
"waf": "安全"
},
{
"category": "治理與安全",
"guid": "93555620-2bfe-4456-9b0d-834a348b263e",
"id": "AOAI.52",
"service": "Azure OpenAI",
"severity": "中等",
"subcategory": "使用網路監控",
"text": "實施網路監控工具,以檢測和分析網路流量中的任何可疑或惡意活動。啟用日誌記錄以捕獲網路事件,並在發生安全事件時促進取證分析",
"waf": "安全"
},
{
"category": "治理與安全",
"guid": "6dd60512-a364-498f-9dba-d38ead53cc7c",
"id": "AOAI.53",
"service": "Azure OpenAI",
"severity": "中等",
"subcategory": "安全審計和滲透測試",
"text": "進行安全審計和滲透測試,以識別和解決LLM應用程式的網路基礎設施中的任何網路安全弱點或漏洞",
"waf": "安全"
},
{
"category": "治理與安全",
"guid": "e1d7aaab-3571-4449-ab80-53d89f89dc7b",
"id": "AOAI.54",
"link": "https://learn.microsoft.com/azure/azure-resource-manager/management/tag-resources?tabs=json",
"service": "Azure OpenAI",
"severity": "低",
"subcategory": "基礎設施部署",
"text": "Azure AI 服務已正確標記,以便更好地管理",
"waf": "卓越運營"
},
{
"category": "治理與安全",
"guid": "77036e5e-6b4b-4ed3-b503-547c1347dc56",
"id": "AOAI.55",
"link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations",
"service": "Azure OpenAI",
"severity": "低",
"subcategory": "基礎設施部署",
"text": "Azure AI 服務帳戶遵循組織命名約定",
"waf": "卓越運營"
},
{
"category": "治理與安全",
"guid": "028a71ff-e1ce-415d-b3f0-d5e772d41e36",
"id": "AOAI.56",
"link": "https://learn.microsoft.com/azure/ai-services/diagnostic-logging",
"service": "Azure OpenAI",
"severity": "高",
"subcategory": "診斷記錄",
"text": "應啟用 Azure AI 服務資源中的診斷日誌",
"waf": "卓越運營"
},
{
"category": "身份和訪問管理",
"guid": "11cc57b4-a4b1-4410-b439-58a8c2289b3d",
"id": "AOAI.57",
"link": "https://learn.microsoft.com/azure/ai-services/authentication",
"service": "Azure OpenAI",
"severity": "高",
"subcategory": "基於 Entra ID 的訪問",
"text": "為了安全起見,建議禁用密鑰訪問(本地身份驗證)。 禁用基於密鑰的訪問后,Microsoft Entra ID 將成為唯一的訪問方法,該方法允許保持最小許可權原則和精細控制。",
"waf": "安全"
},
{
"category": "治理與安全",
"guid": "6b57cfc6-5546-41e1-a3e3-453a3c863964",
"id": "AOAI.58",
"link": "https://learn.microsoft.com/azure/key-vault/general/best-practices",
"service": "Azure OpenAI",
"severity": "高",
"subcategory": "安全金鑰管理",
"text": "使用 Azure Key Vault 安全地存儲和管理密鑰。避免在 LLM 應用程式的代碼中硬編碼或嵌入敏感密鑰,並使用託管標識從 Azure Key Vault 中安全地檢索它們",
"waf": "安全"
},
{
"category": "治理與安全",
"guid": "8b652d6c-15f5-4129-9539-8e6ded227dd1",
"id": "AOAI.59",
"link": "https://learn.microsoft.com/azure/key-vault/general/best-practices",
"service": "Azure OpenAI",
"severity": "高",
"subcategory": "密鑰輪換和過期",
"text": "定期輪換和過期存儲在 Azure Key Vault 中的密鑰,以最大程度地降低未經授權訪問的風險。",
"waf": "安全"
},
{
"category": "成本優化",
"guid": "adfe27be-e297-401a-a352-baaab79b088d",
"id": "AOAI.6",
"link": "https://github.com/openai/tiktoken",
"service": "Azure OpenAI",
"severity": "高",
"subcategory": "代幣優化",
"text": "使用 tiktoken 了解對話模式下令牌優化的令牌大小",
"waf": "成本優化"
},
{
"category": "治理與安全",
"guid": "42b06c21-d799-49a6-96f4-389a7f42c78e",
"id": "AOAI.60",
"link": "https://learn.microsoft.com/azure/security/develop/secure-dev-overview",
"service": "Azure OpenAI",
"severity": "高",
"subcategory": "安全編碼實踐",
"text": "遵循安全編碼做法,以防止常見漏洞,例如注入攻擊、跨網站腳本 (XSS) 或安全配置錯誤",
"waf": "安全"
},
{
"category": "治理與安全",
"guid": "78c06a73-a22a-4495-9e6a-8dc4a20e27c3",
"id": "AOAI.61",
"link": "https://learn.microsoft.com/azure/devops/repos/security/github-advanced-security-dependency-scanning?view=azure-devops",
"service": "Azure OpenAI",
"severity": "高",
"subcategory": "修補和更新",
"text": "設置一個流程來定期更新和修補 LLM 庫和其他系統元件",
"waf": "安全"
},
{
"category": "負責任的 AI",
"guid": "e29711b1-352b-4eee-879b-588defc4972c",
"id": "AOAI.62",
"link": "https://learn.microsoft.com/legal/cognitive-services/openai/code-of-conduct",
"service": "Azure OpenAI",
"severity": "高",
"subcategory": "統轄",
"text": "遵守 Azure OpenAI 或其他 LLM 的使用條款、策略和指南以及允許的用例",
"waf": "卓越運營"
},
{
"category": "成本優化",
"guid": "d3cd21bf-7703-46e5-b6b4-bed3d503547c",
"id": "AOAI.63",
"link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/manage-costs#base-series-and-codex-series-fine-tuned-models",
"service": "Azure OpenAI",
"severity": "中等",
"subcategory": "熟悉成本",
"text": "了解基礎模型和微調模型的成本差異以及令牌步長",
"waf": "成本優化"
},
{
"category": "成本優化",
"guid": "1347dc56-028a-471f-be1c-e15dd3f0d5e7",
"id": "AOAI.64",
"link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/latency#batching",
"service": "Azure OpenAI",
"severity": "高",
"subcategory": "批處理",
"text": "在可能的情況下,批量請求,以最大程度地減少每次調用的開銷,從而降低總體成本。確保優化批量大小",
"waf": "成本優化"
},
{
"category": "成本優化",
"guid": "72d41e36-11cc-457b-9a4b-1410d43958a8",
"id": "AOAI.65",
"link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/manage-costs",
"service": "Azure OpenAI",
"severity": "中等",
"subcategory": "成本監控",
"text": "設置成本跟蹤系統,用於監視模型使用方式,並使用該資訊來説明通知模型選擇和提示大小",
"waf": "成本優化"
},
{
"category": "成本優化",
"guid": "166cd072-af9b-4141-a898-a535e737897e",
"id": "AOAI.66",
"link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/quota?tabs=rest#understanding-rate-limits",
"service": "Azure OpenAI",
"severity": "中等",
"subcategory": "令牌限制",
"text": "為每個模型回應的令牌數設置最大限制。優化大小以確保其足夠大以實現有效的回應",
"waf": "成本優化"
},
{
"category": "運營管理",
"guid": "71ca7da8-cfa9-462a-8594-946da97dc3a2",
"id": "AOAI.67",
"link": "https://learn.microsoft.com/azure/search/search-reliability",
"service": "Azure OpenAI",
"severity": "中等",
"subcategory": "AI 搜尋可靠性",
"text": "查看提供的有關設置 AI 搜索以實現可靠性的指南",
"waf": "卓越運營"
},
{
"category": "運營管理",
"guid": "3266b225-86f4-4a16-92bd-ddea8a487cde",
"id": "AOAI.68",
"link": "https://learn.microsoft.com/azure/search/vector-search-index-size?tabs=portal-vector-quota",
"service": "Azure OpenAI",
"severity": "中等",
"subcategory": "AI 搜索向量限制",
"text": "規劃和管理 AI 搜索向量存儲",
"waf": "卓越運營"
},
{
"category": "運營管理",
"guid": "b4861bc3-bc14-4aeb-9e66-e8d9a3aec218",
"id": "AOAI.69",
"link": "https://learn.microsoft.com/azure/machine-learning/prompt-flow/how-to-end-to-end-llmops-with-prompt-flow?view=azureml-api-2",
"service": "Azure OpenAI",
"severity": "中等",
"subcategory": "DevOps的",
"text": "應用 LLMOps 實踐來自動化 GenAI 應用程式的生命週期管理",
"waf": "卓越運營"
},
{
"category": "成本優化",
"guid": "aa80932c-8ec9-4d1b-a770-26e5e6beba9e",
"id": "AOAI.7",
"link": "https://learn.microsoft.com/azure/ai-services/openai/how-to/provisioned-throughput-onboarding#understanding-the-provisioned-throughput-purchase-model",
"service": "Azure OpenAI",
"severity": "高",
"subcategory": "成本核算模型",
"text": "評估計費模型的使用方式 - PAYG 與 PTU",
"waf": "成本優化"
},
{
"category": "運營管理",
"guid": "e6436b07-36db-455f-9796-03334bdf9cc2",
"id": "AOAI.70",
"link": "https://techcommunity.microsoft.com/t5/ai-azure-ai-services-blog/how-to-control-azure-openai-models/ba-p/4146793",
"service": "Azure OpenAI",
"severity": "中等",
"subcategory": "DevOps的",
"text": "在模型版本之間切換時評估提示和應用程式的品質",
"waf": "卓越運營"
},
{
"category": "運營管理",
"guid": "3418db61-2712-4650-9bb4-7a393a080327",
"id": "AOAI.71",
"link": "https://learn.microsoft.com/azure/machine-learning/prompt-flow/concept-model-monitoring-generative-ai-evaluation-metrics?view=azureml-api-2",
"service": "Azure OpenAI",
"severity": "中等",
"subcategory": "發展",
"text": "評估、監控和優化您的 GenAI 應用程式的特性,如接地氣、相關性、準確性、連貫性、流暢性、",
"waf": "卓越運營"
},
{
"category": "運營管理",
"guid": "294798b1-578b-4219-a46c-eb5443513592",
"id": "AOAI.72",
"service": "Azure OpenAI",
"severity": "中等",
"subcategory": "發展",
"text": "根據不同的搜索參數評估 Azure AI 搜尋結果",
"waf": "卓越運營"
},
{
"category": "運營管理",
"guid": "2744293b-b628-4537-a551-19b08e8f5854",
"id": "AOAI.73",
"link": "https://learn.microsoft.com/azure/ai-services/openai/concepts/fine-tuning-considerations",
"service": "Azure OpenAI",
"severity": "中等",
"subcategory": "發展",
"text": "只有在嘗試了其他基本方法(如提示工程和RAG處理數據)時,才將微調模型視為提高準確性的方法",
"waf": "卓越運營"
},
{
"category": "運營管理",
"guid": "287d9cec-166c-4d07-8af9-b141a898a535",
"id": "AOAI.74",
"link": "https://learn.microsoft.com/azure/ai-services/openai/concepts/advanced-prompt-engineering?pivots=programming-language-chat-completions",
"service": "Azure OpenAI",
"severity": "中等",
"subcategory": "發展",
"text": "使用提示工程技術來提高 LLM 回應的準確性",
"waf": "卓越運營"
},
{
"category": "治理與安全",
"guid": "e737897e-71ca-47da-acfa-962a1594946d",
"id": "AOAI.75",
"link": "https://learn.microsoft.com/azure/ai-services/openai/concepts/red-teaming",
"service": "Azure OpenAI",
"severity": "中等",
"subcategory": "安全審計和滲透測試",
"text": "紅隊您的 GenAI 應用程式",
"waf": "安全"
},
{
"category": "運營管理",
"guid": "edb117e6-76aa-4f66-aca4-8e5a95f2223e",
"id": "AOAI.76",
"link": "https://www.microsoft.com/haxtoolkit/guideline/encourage-granular-feedback/",
"service": "Azure OpenAI",
"severity": "中等",
"subcategory": "最終用戶反饋",
"text": "為最終使用者提供 LLM 回應的評分選項並跟蹤這些分數。",
"waf": "卓越運營"
},
{
"category": "成本優化",
"guid": "d5f3547c-c346-4d81-9028-a71ffe1b9b5d",
"id": "AOAI.8",
"link": "https://techcommunity.microsoft.com/t5/fasttrack-for-azure/optimizing-azure-openai-a-guide-to-limits-quotas-and-best/ba-p/4076268",
"service": "Azure OpenAI",
"severity": "高",
"subcategory": "配額管理",
"text": "考慮配額管理做法",
"waf": "成本優化"
},
{
"category": "運營管理",
"guid": "9de0d5d7-31d4-41e3-911c-817bfafbc410",
"id": "AOAI.9",
"link": "https://github.com/Azure/aoai-apim/blob/main/README.md",
"service": "Azure OpenAI",
"severity": "中等",
"subcategory": "負載均衡",
"text": "使用負載均衡器解決方案(如基於APIM的閘道)在服務和區域之間平衡負載和容量",
"waf": "卓越運營"
}
],
"metadata": {
"name": "Azure OpenAI Review",
"state": "Preview",
"timestamp": "July 24, 2024",
"waf": "all"
},
"severities": [
{
"name": "高"
},
{
"name": "中等"
},
{
"name": "低"
}
],
"status": [
{
"description": "此檢查尚未查看",
"name": "未驗證"
},
{
"description": "有一個與此檢查關聯的操作項",
"name": "打開"
},
{
"description": "此檢查已經過驗證,並且沒有與之關聯的其他操作項",
"name": "實現"
},
{
"description": "建議已理解,但當前要求不需要",
"name": "不需要"
},
{
"description": "不適用於當前設計",
"name": "N/A"
}
],
"waf": [
{
"name": "可靠性"
},
{
"name": "安全"
},
{
"name": "成本"
},
{
"name": "操作"
},
{
"name": "性能"
}
],
"yesno": [
{
"name": "是的"
},
{
"name": "不"
}
]
}