include custom policy samples

deeikele · deeikele · commit 5379c704c121 · 2025-10-29T16:52:52.000-07:00
diff --git a/samples/microsoft/infrastructure-setup/05-custom-policy-definitions/deny-disallowed-connections.json b/samples/microsoft/infrastructure-setup/05-custom-policy-definitions/deny-disallowed-connections.json
@@ -13,7 +13,7 @@
           "displayName": "Allowed connection categories"
         },
         "defaultValue": [
-          "CognitiveSearch"
+          "BingLLMSearch"
         ]
       }
     },
diff --git a/samples/microsoft/infrastructure-setup/05-custom-policy-definitions/deny-disallowed-mcp-tools.json b/samples/microsoft/infrastructure-setup/05-custom-policy-definitions/deny-disallowed-mcp-tools.json
@@ -0,0 +1,65 @@
+{
+  "properties": {
+    "displayName": "Only allow Foundry MCP connections from select sources",
+    "policyType": "Custom",
+    "mode": "All",
+    "description": "Only selected Foundry MCP connection sources are allowed",
+    "version": "1.0.0",
+    "parameters": {
+      "allowedSources": {
+        "type": "Array",
+        "metadata": {
+          "description": "Only select target addresses are allowed for MCP connections.",
+          "displayName": "Allowed connection targets"
+        },
+        "defaultValue": [
+          "https://api.githubcopilot.com/mcp"
+        ]
+      }
+    },
+    "policyRule": {
+      "if": {
+        "anyOf": [
+          {
+            "allOf": [
+              {
+                "field": "type",
+                "equals": "Microsoft.CognitiveServices/accounts/connections"
+              },
+              {
+                "field": "Microsoft.CognitiveServices/accounts/connections/category",
+                "equals": "RemoteTool"
+              },
+              {
+                "field": "Microsoft.CognitiveServices/accounts/connections/target",
+                "notIn": "[parameters('allowedSources')]"
+              }
+            ]
+          },
+          {
+            "allOf": [
+              {
+                "field": "type",
+                "equals": "Microsoft.CognitiveServices/accounts/projects/connections"
+              },
+              {
+                "field": "Microsoft.CognitiveServices/accounts/connections/category",
+                "equals": "RemoteTool"
+              },
+              {
+                "field": "Microsoft.CognitiveServices/accounts/projects/connections/target",
+                "notIn": "[parameters('allowedSources')]"
+              }
+            ]
+          }
+        ]
+      },
+      "then": {
+        "effect": "deny"
+      }
+    },
+    "versions": [
+      "1.0.0"
+    ]
+  }
+}

Original file line number	Diff line number	Diff line change
`@@ -13,7 +13,7 @@`
`13`	`13`	`"displayName": "Allowed connection categories"`
`14`	`14`	`},`
`15`	`15`	`"defaultValue": [`
`16`		`- "CognitiveSearch"`
	`16`	`+ "BingLLMSearch"`
`17`	`17`	`]`
`18`	`18`	`}`
`19`	`19`	`},`