add sample

Author: deeikele

samples/microsoft/infrastructure-setup/05-custom-policy-definitions/README.md

@@ -2,20 +2,6 @@
 
 Azure Policy enables you to put guardrails on resource configurations and enable self-serve resource creation in your organization. This repository shows examples for common scenarios in Azure AI Foundry.
 
-## Available Policies
-
-### 1. Deny Disallowed Connections (`deny-disallowed-connections.json`)
-This policy restricts AI Foundry project connections to only allow specific categories. By default, it only allows `CognitiveSearch` connections, but this can be customized via parameters.
-
-**Policy Effect**: Deny  
-**Scope**: Microsoft.CognitiveServices/accounts/projects/connections
-
-### 2. Deny Key Authentication Connections (`deny-key-auth-connections.json`)
-This policy prevents the creation of connections that use key-based authentication methods.
-
-### 3. Audit Enabled VNet Injection (`audit-enabled-vnet-injection.json`)
-This policy audits whether VNet injection is properly enabled for AI Foundry resources.
-
 ## Deployment
 
 ### Prerequisites

samples/microsoft/infrastructure-setup/05-custom-policy-definitions/deny-non-foundry-resource-kinds.json

@@ -0,0 +1,30 @@
+{
+  "properties": {
+    "displayName": "Deny account kinds that do not support the full AI Foundry capabilities.",
+    "policyType": "Custom",
+    "mode": "All",
+    "description": "This policy denies the creation of account kinds that do not support the full AI Foundry capabilities.",
+    "version": "1.0.0",
+    "parameters": {},
+    "policyRule": {
+      "if": {
+        "allOf": [
+          {
+            "field": "type",
+            "equals": "Microsoft.CognitiveServices/accounts"
+          },
+          {
+            "field": "kind",
+            "notEquals": "AIServices"
+          }
+        ]
+      },
+      "then": {
+        "effect": "deny"
+      }
+    },
+    "versions": [
+      "1.0.0"
+    ]
+  }
+}