Share via

Azure AI Foundry: Private IP Compute Creation Confusion

Boopathi Sarvesan 1 Reputation point
2025-03-09T14:58:16.0133333+00:00

Using Azure AI Foundry with the following settings:

  • Public network access: Disabled
  • Workspace managed outbound access: Disabled

The goal is to create compute resources using private IPs from a virtual network (subnet) to connect with enterprise resources. However, there's an inability to select the virtual network or opt for no public IP in the Azure AI Foundry portal, unlike in Azure Machine Learning.

A limitation noted in the documentation (see below) is causing confusion, as compute resources can be created via the CLI without a public IP and using a virtual network.

Documentation Limitation:

User's image

Clarification is needed on the following:

  1. Is it permitted to create compute resources in a virtual network without a public IP in Azure AI Foundry when managed network outbound mode is set to "Disabled"?
  2. Is this behavior indicative of a bug considering the documented limitations?

Examples or insights would be greatly appreciated to better understand this limitation.

Thank you!

User's image

Azure Machine Learning
Azure Machine Learning
An Azure machine learning service for building and deploying models.
3,177 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. kothapally Snigdha 1,715 Reputation points Microsoft External Staff
    2025-03-11T00:19:07.93+00:00

    Hi Boopathi Sarvesan

    In Azure AI Foundry, the creation of compute resources within a virtual network without a public IP is constrained by the managed virtual network settings. As per the documentation, Azure AI Foundry does not allow the use of custom virtual networks for securing compute resources. Consequently, with a managed network, it is not possible to disable public network access while configuring compute resources to use only private IP addresses.

    • It is not permitted to create compute resources in a virtual network without a public IP in Azure AI Foundry when the managed network outbound mode is set to "Disabled." The managed virtual network isolation is designed to secure compute resources without allowing public IP configurations.
    • This behavior is not indicative of a bug but rather a limitation of the Azure AI Foundry's managed network feature. The documentation clearly states that once managed virtual network isolation is enabled, you cannot disable it, and it does not support bringing your own virtual network.
    • kindly refer these https://learn.microsoft.com/en-us/azure/ai-foundry/how-to/configure-managed-network?tabs=portal#limitations

    Hope this helps. Do let us know if you any further queries.

    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.