Module: Module 2 - Developing AI Apps with Cognitive Services

Lab/Demo: Manage Cognitive Services Security

Task: Secure key access with Azure Key Vault / Create a key vault and add a secret

Step: 2

Our team at Skillable has identified a content issue within the above-referenced module while investigating a user report. It is our understanding that the Key Vault resource created at the above-referenced step has recently become subject to a new default setting in Azure portal: the permission model of "Azure role-based access control" is now selected by default rather than the old default of "Vault access policy". In our testing, we determined that this lab module cannot be successfully completed under the "Azure role-based access control" (RBAC) permission model setting.

At under the task "Create a service principal", the az keyvault set-policy command in step 3 fails with error message "Cannot set policies to a vault with '--enable-rbac-authorization' specified" when the RBAC permission model is set.

Additionally, earlier in the lab under the "Create a key vault and add a secret" task, creation of a new secret at step 5 fails with the RBAC permission model set, unless additional RBAC permissions are assigned to the lab Azure user.

In our testing, selecting the "Vault access policy" Permission model setting on the Access configuration tab of the Create a key vault page when performing the step referenced at the top of this issue, rather than leaving that setting at its default, worked around all issues and allowed all subsequent lab steps to be completed.

Resolved with commit directly to master