Microsoft.MachineLearningServices workspaces 2021-01-01
Article 12/09/2024
2 contributors
Feedback
In this article
Bicep resource definition
The workspaces resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log .
To create a Microsoft.MachineLearningServices/workspaces resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.MachineLearningServices/workspaces@2021-01-01' = {
identity: {
type: 'string'
userAssignedIdentities: {
{customized property}: {}
}
}
location: 'string'
name: 'string'
properties: {
allowPublicAccessWhenBehindVnet: bool
applicationInsights: 'string'
containerRegistry: 'string'
description: 'string'
discoveryUrl: 'string'
encryption: {
identity: {
userAssignedIdentity: 'string'
}
keyVaultProperties: {
identityClientId: 'string'
keyIdentifier: 'string'
keyVaultArmId: 'string'
}
status: 'string'
}
friendlyName: 'string'
hbiWorkspace: bool
imageBuildCompute: 'string'
keyVault: 'string'
primaryUserAssignedIdentity: 'string'
serviceManagedResourcesSettings: {
cosmosDb: {
collectionsThroughput: int
}
}
sharedPrivateLinkResources: [
{
name: 'string'
properties: {
groupId: 'string'
privateLinkResourceId: 'string'
requestMessage: 'string'
status: 'string'
}
}
]
storageAccount: 'string'
}
sku: {
name: 'string'
tier: 'string'
}
tags: {
{customized property}: 'string'
}
}
Property values
CosmosDbSettings
Name
Description
Value
collectionsThroughput
The throughput of the collections in cosmosdb database
int
EncryptionProperty
Name
Description
Value
identity
The identity that will be used to access the key vault for encryption at rest.
IdentityForCmk
keyVaultProperties
Customer Key vault properties.
KeyVaultProperties (required)
status
Indicates whether or not the encryption is enabled for the workspace.
'Disabled' 'Enabled' (required)
Identity
Name
Description
Value
type
The identity type.
'None' 'SystemAssigned' 'SystemAssigned,UserAssigned' 'UserAssigned'
userAssignedIdentities
The user assigned identities associated with the resource.
UserAssignedIdentities
IdentityForCmk
Name
Description
Value
userAssignedIdentity
The ArmId of the user assigned identity that will be used to access the customer managed key vault
string (required)
KeyVaultProperties
Name
Description
Value
identityClientId
For future use - The client id of the identity which will be used to access key vault.
string
keyIdentifier
Key vault uri to access the encryption key.
string (required)
keyVaultArmId
The ArmId of the keyVault where the customer owned encryption key is present.
string (required)
Microsoft.MachineLearningServices/workspaces
Name
Description
Value
identity
The identity of the resource.
Identity
location
Specifies the location of the resource.
string
name
The resource name
string (required)
properties
The properties of the machine learning workspace.
WorkspaceProperties
sku
The sku of the workspace.
Sku
tags
Resource tags
Dictionary of tag names and values. See Tags in templates
ServiceManagedResourcesSettings
Name
Description
Value
cosmosDb
The settings for the service managed cosmosdb account.
CosmosDbSettings
SharedPrivateLinkResource
SharedPrivateLinkResourceProperty
Name
Description
Value
groupId
The private link resource group id.
string
privateLinkResourceId
The resource id that private link links to.
string
requestMessage
Request message.
string
status
Indicates whether the connection has been Approved/Rejected/Removed by the owner of the service.
'Approved' 'Disconnected' 'Pending' 'Rejected' 'Timeout'
Sku
Name
Description
Value
name
Name of the sku
string
tier
Tier of the sku like Basic or Enterprise
string
UserAssignedIdentities
UserAssignedIdentity
WorkspaceProperties
Name
Description
Value
allowPublicAccessWhenBehindVnet
The flag to indicate whether to allow public access when behind VNet.
bool
applicationInsights
ARM id of the application insights associated with this workspace. This cannot be changed once the workspace has been created
string
containerRegistry
ARM id of the container registry associated with this workspace. This cannot be changed once the workspace has been created
string
description
The description of this workspace.
string
discoveryUrl
Url for the discovery service to identify regional endpoints for machine learning experimentation services
string
encryption
The encryption settings of Azure ML workspace.
EncryptionProperty
friendlyName
The friendly name for this workspace. This name in mutable
string
hbiWorkspace
The flag to signal HBI data in the workspace and reduce diagnostic data collected by the service
bool
imageBuildCompute
The compute name for image build
string
keyVault
ARM id of the key vault associated with this workspace. This cannot be changed once the workspace has been created
string
primaryUserAssignedIdentity
The user assigned identity resource id that represents the workspace identity.
string
serviceManagedResourcesSettings
The service managed resource settings.
ServiceManagedResourcesSettings
sharedPrivateLinkResources
The list of shared private link resources in this workspace.
SharedPrivateLinkResource []
storageAccount
ARM id of the storage account associated with this workspace. This cannot be changed once the workspace has been created
string
Quickstart samples
The following quickstart samples deploy this resource type.
Bicep File
Description
Azure AI Studio basic setup
This set of templates demonstrates how to set up Azure AI Studio with the basic setup, meaning with public internet access enabled, Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource.
Azure AI Studio basic setup
This set of templates demonstrates how to set up Azure AI Studio with the basic setup, meaning with public internet access enabled, Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource.
Azure AI Studio basic setup
This set of templates demonstrates how to set up Azure AI Studio with the basic setup, meaning with public internet access enabled, Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource.
Azure AI Studio Network Restricted
This set of templates demonstrates how to set up Azure AI Studio with private link and egress disabled, using Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource.
Azure AI Studio Network Restricted
This set of templates demonstrates how to set up Azure AI Studio with private link and egress disabled, using Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource.
Azure AI Studio with Microsoft Entra ID Authentication
This set of templates demonstrates how to set up Azure AI Studio with Microsoft Entra ID authentication for dependent resources, such as Azure AI Services and Azure Storage.
Azure Machine Learning end-to-end secure setup
This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster.
Azure Machine Learning end-to-end secure setup (legacy)
This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster.
Create an AKS compute target with a Private IP address
This template creates an AKS compute target in given Azure Machine Learning service workspace with a private IP address.
Create an Azure Machine Learning service workspace
This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the minimal set of resources you require to get started with Azure Machine Learning.
Create an Azure Machine Learning service workspace (CMK)
This deployment template specifies how to create an Azure Machine Learning workspace with service-side encryption using your encryption keys.
Create an Azure Machine Learning service workspace (CMK)
This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. The example shows how to configure Azure Machine Learning for encryption with a customer-managed encryption key.
Create an Azure Machine Learning service workspace (legacy)
This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the set of resources you require to get started with Azure Machine Learning in a network isolated set up.
Create an Azure Machine Learning service workspace (vnet)
This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the set of resources you require to get started with Azure Machine Learning in a network isolated set up.
Deploy Secure Azure AI Studio with a managed virtual network
This template creates a secure Azure AI Studio environment with robust network and identity security restrictions.
ARM template resource definition
The workspaces resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log .
To create a Microsoft.MachineLearningServices/workspaces resource, add the following JSON to your template.
{
"type": "Microsoft.MachineLearningServices/workspaces",
"apiVersion": "2021-01-01",
"name": "string",
"identity": {
"type": "string",
"userAssignedIdentities": {
"{customized property}": {
}
}
},
"location": "string",
"properties": {
"allowPublicAccessWhenBehindVnet": "bool",
"applicationInsights": "string",
"containerRegistry": "string",
"description": "string",
"discoveryUrl": "string",
"encryption": {
"identity": {
"userAssignedIdentity": "string"
},
"keyVaultProperties": {
"identityClientId": "string",
"keyIdentifier": "string",
"keyVaultArmId": "string"
},
"status": "string"
},
"friendlyName": "string",
"hbiWorkspace": "bool",
"imageBuildCompute": "string",
"keyVault": "string",
"primaryUserAssignedIdentity": "string",
"serviceManagedResourcesSettings": {
"cosmosDb": {
"collectionsThroughput": "int"
}
},
"sharedPrivateLinkResources": [
{
"name": "string",
"properties": {
"groupId": "string",
"privateLinkResourceId": "string",
"requestMessage": "string",
"status": "string"
}
}
],
"storageAccount": "string"
},
"sku": {
"name": "string",
"tier": "string"
},
"tags": {
"{customized property}": "string"
}
}
Property values
CosmosDbSettings
Name
Description
Value
collectionsThroughput
The throughput of the collections in cosmosdb database
int
EncryptionProperty
Name
Description
Value
identity
The identity that will be used to access the key vault for encryption at rest.
IdentityForCmk
keyVaultProperties
Customer Key vault properties.
KeyVaultProperties (required)
status
Indicates whether or not the encryption is enabled for the workspace.
'Disabled' 'Enabled' (required)
Identity
Name
Description
Value
type
The identity type.
'None' 'SystemAssigned' 'SystemAssigned,UserAssigned' 'UserAssigned'
userAssignedIdentities
The user assigned identities associated with the resource.
UserAssignedIdentities
IdentityForCmk
Name
Description
Value
userAssignedIdentity
The ArmId of the user assigned identity that will be used to access the customer managed key vault
string (required)
KeyVaultProperties
Name
Description
Value
identityClientId
For future use - The client id of the identity which will be used to access key vault.
string
keyIdentifier
Key vault uri to access the encryption key.
string (required)
keyVaultArmId
The ArmId of the keyVault where the customer owned encryption key is present.
string (required)
Microsoft.MachineLearningServices/workspaces
Name
Description
Value
apiVersion
The api version
'2021-01-01'
identity
The identity of the resource.
Identity
location
Specifies the location of the resource.
string
name
The resource name
string (required)
properties
The properties of the machine learning workspace.
WorkspaceProperties
sku
The sku of the workspace.
Sku
tags
Resource tags
Dictionary of tag names and values. See Tags in templates
type
The resource type
'Microsoft.MachineLearningServices/workspaces'
ServiceManagedResourcesSettings
Name
Description
Value
cosmosDb
The settings for the service managed cosmosdb account.
CosmosDbSettings
SharedPrivateLinkResource
SharedPrivateLinkResourceProperty
Name
Description
Value
groupId
The private link resource group id.
string
privateLinkResourceId
The resource id that private link links to.
string
requestMessage
Request message.
string
status
Indicates whether the connection has been Approved/Rejected/Removed by the owner of the service.
'Approved' 'Disconnected' 'Pending' 'Rejected' 'Timeout'
Sku
Name
Description
Value
name
Name of the sku
string
tier
Tier of the sku like Basic or Enterprise
string
UserAssignedIdentities
UserAssignedIdentity
WorkspaceProperties
Name
Description
Value
allowPublicAccessWhenBehindVnet
The flag to indicate whether to allow public access when behind VNet.
bool
applicationInsights
ARM id of the application insights associated with this workspace. This cannot be changed once the workspace has been created
string
containerRegistry
ARM id of the container registry associated with this workspace. This cannot be changed once the workspace has been created
string
description
The description of this workspace.
string
discoveryUrl
Url for the discovery service to identify regional endpoints for machine learning experimentation services
string
encryption
The encryption settings of Azure ML workspace.
EncryptionProperty
friendlyName
The friendly name for this workspace. This name in mutable
string
hbiWorkspace
The flag to signal HBI data in the workspace and reduce diagnostic data collected by the service
bool
imageBuildCompute
The compute name for image build
string
keyVault
ARM id of the key vault associated with this workspace. This cannot be changed once the workspace has been created
string
primaryUserAssignedIdentity
The user assigned identity resource id that represents the workspace identity.
string
serviceManagedResourcesSettings
The service managed resource settings.
ServiceManagedResourcesSettings
sharedPrivateLinkResources
The list of shared private link resources in this workspace.
SharedPrivateLinkResource []
storageAccount
ARM id of the storage account associated with this workspace. This cannot be changed once the workspace has been created
string
Quickstart templates
The following quickstart templates deploy this resource type.
Template
Description
Azure AI Studio basic setup
This set of templates demonstrates how to set up Azure AI Studio with the basic setup, meaning with public internet access enabled, Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource.
Azure AI Studio basic setup
This set of templates demonstrates how to set up Azure AI Studio with the basic setup, meaning with public internet access enabled, Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource.
Azure AI Studio basic setup
This set of templates demonstrates how to set up Azure AI Studio with the basic setup, meaning with public internet access enabled, Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource.
Azure AI Studio Network Restricted
This set of templates demonstrates how to set up Azure AI Studio with private link and egress disabled, using Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource.
Azure AI Studio Network Restricted
This set of templates demonstrates how to set up Azure AI Studio with private link and egress disabled, using Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource.
Azure AI Studio with Microsoft Entra ID Authentication
This set of templates demonstrates how to set up Azure AI Studio with Microsoft Entra ID authentication for dependent resources, such as Azure AI Services and Azure Storage.
Azure Machine Learning end-to-end secure setup
This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster.
Azure Machine Learning end-to-end secure setup (legacy)
This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster.
Azure Machine Learning Workspace
This template creates a new Azure Machine Learning Workspace, along with an encrypted Storage Account, KeyVault and Applications Insights Logging
Create AML workspace with multiple Datasets & Datastores
This template creates Azure Machine Learning workspace with multiple datasets & datastores.
Create an AKS compute target with a Private IP address
This template creates an AKS compute target in given Azure Machine Learning service workspace with a private IP address.
Create an Azure Machine Learning service workspace
This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the minimal set of resources you require to get started with Azure Machine Learning.
Create an Azure Machine Learning service workspace (CMK)
This deployment template specifies how to create an Azure Machine Learning workspace with service-side encryption using your encryption keys.
Create an Azure Machine Learning service workspace (CMK)
This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. The example shows how to configure Azure Machine Learning for encryption with a customer-managed encryption key.
Create an Azure Machine Learning service workspace (legacy)
This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the set of resources you require to get started with Azure Machine Learning in a network isolated set up.
Create an Azure Machine Learning service workspace (vnet)
This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the set of resources you require to get started with Azure Machine Learning in a network isolated set up.
Deploy Secure Azure AI Studio with a managed virtual network
This template creates a secure Azure AI Studio environment with robust network and identity security restrictions.
The workspaces resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log .
To create a Microsoft.MachineLearningServices/workspaces resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.MachineLearningServices/workspaces@2021-01-01"
name = "string"
identity = {
type = "string"
userAssignedIdentities = {
{customized property} = {
}
}
}
location = "string"
sku = {
name = "string"
tier = "string"
}
tags = {
{customized property} = "string"
}
body = jsonencode({
properties = {
allowPublicAccessWhenBehindVnet = bool
applicationInsights = "string"
containerRegistry = "string"
description = "string"
discoveryUrl = "string"
encryption = {
identity = {
userAssignedIdentity = "string"
}
keyVaultProperties = {
identityClientId = "string"
keyIdentifier = "string"
keyVaultArmId = "string"
}
status = "string"
}
friendlyName = "string"
hbiWorkspace = bool
imageBuildCompute = "string"
keyVault = "string"
primaryUserAssignedIdentity = "string"
serviceManagedResourcesSettings = {
cosmosDb = {
collectionsThroughput = int
}
}
sharedPrivateLinkResources = [
{
name = "string"
properties = {
groupId = "string"
privateLinkResourceId = "string"
requestMessage = "string"
status = "string"
}
}
]
storageAccount = "string"
}
})
}
Property values
CosmosDbSettings
Name
Description
Value
collectionsThroughput
The throughput of the collections in cosmosdb database
int
EncryptionProperty
Name
Description
Value
identity
The identity that will be used to access the key vault for encryption at rest.
IdentityForCmk
keyVaultProperties
Customer Key vault properties.
KeyVaultProperties (required)
status
Indicates whether or not the encryption is enabled for the workspace.
'Disabled' 'Enabled' (required)
Identity
Name
Description
Value
type
The identity type.
'None' 'SystemAssigned' 'SystemAssigned,UserAssigned' 'UserAssigned'
userAssignedIdentities
The user assigned identities associated with the resource.
UserAssignedIdentities
IdentityForCmk
Name
Description
Value
userAssignedIdentity
The ArmId of the user assigned identity that will be used to access the customer managed key vault
string (required)
KeyVaultProperties
Name
Description
Value
identityClientId
For future use - The client id of the identity which will be used to access key vault.
string
keyIdentifier
Key vault uri to access the encryption key.
string (required)
keyVaultArmId
The ArmId of the keyVault where the customer owned encryption key is present.
string (required)
Microsoft.MachineLearningServices/workspaces
Name
Description
Value
identity
The identity of the resource.
Identity
location
Specifies the location of the resource.
string
name
The resource name
string (required)
properties
The properties of the machine learning workspace.
WorkspaceProperties
sku
The sku of the workspace.
Sku
tags
Resource tags
Dictionary of tag names and values.
type
The resource type
"Microsoft.MachineLearningServices/workspaces@2021-01-01"
ServiceManagedResourcesSettings
Name
Description
Value
cosmosDb
The settings for the service managed cosmosdb account.
CosmosDbSettings
SharedPrivateLinkResource
SharedPrivateLinkResourceProperty
Name
Description
Value
groupId
The private link resource group id.
string
privateLinkResourceId
The resource id that private link links to.
string
requestMessage
Request message.
string
status
Indicates whether the connection has been Approved/Rejected/Removed by the owner of the service.
'Approved' 'Disconnected' 'Pending' 'Rejected' 'Timeout'
Sku
Name
Description
Value
name
Name of the sku
string
tier
Tier of the sku like Basic or Enterprise
string
UserAssignedIdentities
UserAssignedIdentity
WorkspaceProperties
Name
Description
Value
allowPublicAccessWhenBehindVnet
The flag to indicate whether to allow public access when behind VNet.
bool
applicationInsights
ARM id of the application insights associated with this workspace. This cannot be changed once the workspace has been created
string
containerRegistry
ARM id of the container registry associated with this workspace. This cannot be changed once the workspace has been created
string
description
The description of this workspace.
string
discoveryUrl
Url for the discovery service to identify regional endpoints for machine learning experimentation services
string
encryption
The encryption settings of Azure ML workspace.
EncryptionProperty
friendlyName
The friendly name for this workspace. This name in mutable
string
hbiWorkspace
The flag to signal HBI data in the workspace and reduce diagnostic data collected by the service
bool
imageBuildCompute
The compute name for image build
string
keyVault
ARM id of the key vault associated with this workspace. This cannot be changed once the workspace has been created
string
primaryUserAssignedIdentity
The user assigned identity resource id that represents the workspace identity.
string
serviceManagedResourcesSettings
The service managed resource settings.
ServiceManagedResourcesSettings
sharedPrivateLinkResources
The list of shared private link resources in this workspace.
SharedPrivateLinkResource []
storageAccount
ARM id of the storage account associated with this workspace. This cannot be changed once the workspace has been created
string