Workspace Managed Virtual Network Isolation
APPLIES TO: Azure CLI ml extension v2 (current) Python SDK azure-ai-ml v2 (current)
Azure Machine Learning provides support for managed virtual network (managed virtual network) isolation. Managed virtual network isolation streamlines and automates your network isolation configuration with a built-in, workspace-level Azure Machine Learning managed virtual network. The managed virtual network secures your managed Azure Machine Learning resources, such as compute instances, compute clusters, serverless compute, and managed online endpoints.
Securing your workspace with a managed network provides network isolation for outbound access from the workspace and managed computes. An Azure Virtual Network that you create and manage is used to provide network isolation inbound access to the workspace. For example, a private endpoint for the workspace is created in your Azure Virtual Network. Any clients connecting to the virtual network can access the workspace through the private endpoint. When running jobs on managed computes, the managed network restricts what the compute can access.
Managed Virtual Network Architecture
When you enable managed virtual network isolation, a managed virtual network is created for the workspace. Managed compute resources you create for the workspace automatically use this managed virtual network. The managed virtual network can use private endpoints for Azure resources that are used by your workspace, such as Azure Storage, Azure Key Vault, and Azure Container Registry.
There are two different configuration modes for outbound traffic from the managed virtual network:
Tip
Regardless of the outbound mode you use, traffic to Azure resources can be configured to use a private endpoint. For example, you may allow all outbound traffic to the internet, but restrict communication with Azure resources by adding outbound rules for the resources.
Outbound mode | Description | Scenarios |
---|---|---|
Allow internet outbound | Allow all internet outbound traffic from the managed virtual network. | You want unrestricted access to machine learning resources on the internet, such as python packages or pretrained models.1 |
Allow only approved outbound | Outbound traffic is allowed by specifying service tags. | * You want to minimize the risk of data exfiltration, but you need to prepare all required machine learning artifacts in your private environment. * You want to configure outbound access to an approved list of services, service tags, or FQDNs. |
Disabled | Inbound and outbound traffic isn't restricted or you're using your own Azure Virtual Network to protect resources. | You want public inbound and outbound from the workspace, or you're handling network isolation with your own Azure virtual network. |
1: You can use outbound rules with allow only approved outbound mode to achieve the same result as using allow internet outbound. The differences are:
- You must add rules for each outbound connection you need to allow.
- Adding FQDN outbound rules increase your costs as this rule type uses Azure Firewall. For more information, see Pricing
- The default rules for allow only approved outbound are designed to minimize the risk of data exfiltration. Any outbound rules you add might increase your risk.
The managed virtual network is preconfigured with required default rules. It's also configured for private endpoint connections to your workspace, workspace's default storage, container registry, and key vault if they're configured as private or the workspace isolation mode is set to allow only approved outbound. After choosing the isolation mode, you only need to consider other outbound requirements you might need to add.
The following diagram shows a managed virtual network configured to allow internet outbound:
The following diagram shows a managed virtual network configured to allow only approved outbound:
Note
In this configuration, the storage, key vault, and container registry used by the workspace are flagged as private. Since they are flagged as private, a private endpoint is used to communicate with them.
Note
Once a managed VNet workspace is configured to allow internet outbound, the workspace cannot be reconfigured to disabled. Similarily, once a managed VNet workspace is configured to allow only approved outbound, the workspace cannot be reconfigured to allow internet outbound. Please keep this in mind when selecting the isolation mode for managed VNet in your workspace.
Azure Machine Learning studio
If you want to use the integrated notebook or create datasets in the default storage account from studio, your client needs access to the default storage account. Create a private endpoint or service endpoint for the default storage account in the Azure Virtual Network that the clients use.
Part of Azure Machine Learning studio runs locally in the client's web browser, and communicates directly with the default storage for the workspace. Creating a private endpoint or service endpoint (for the default storage account) in the client's virtual network ensures that the client can communicate with the storage account.
If the workspace associated Azure storage account has public network access disabled, ensure the private endpoint created in the client virtual network is granted the Reader role to your workspace managed identity. This applies to both blog and file storage private endpoints. The role is not required for the private endpoint created by the managed virtual network.
For more information on creating a private endpoint or service endpoint, see the Connect privately to a storage account and Service Endpoints articles.
Secured associated resources
If you add the following services to the virtual network by using either a service endpoint or a private endpoint (disabling the public access), allow trusted Microsoft services to access these services:
Service | Endpoint information | Allow trusted information |
---|---|---|
Azure Key Vault | Service endpoint Private endpoint |
Allow trusted Microsoft services to bypass this firewall |
Azure Storage Account | Service and private endpoint Private endpoint |
Grant access from Azure resource instances or Grant access to trusted Azure services |
Azure Container Registry | Private endpoint | Allow trusted services |
Prerequisites
Before following the steps in this article, make sure you have the following prerequisites:
An Azure subscription. If you don't have an Azure subscription, create a free account before you begin. Try the free or paid version of Azure Machine Learning.
The Microsoft.Network resource provider must be registered for your Azure subscription. This resource provider is used by the workspace when creating private endpoints for the managed virtual network.
For information on registering resource providers, see Resolve errors for resource provider registration.
The Azure identity you use when deploying a managed network requires the following Azure role-based access control (Azure RBAC) actions to create private endpoints:
Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/read
Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/write
The Azure CLI and the
ml
extension to the Azure CLI. For more information, see Install, set up, and use the CLI (v2).Tip
Azure Machine Learning managed VNet was introduced on May 23rd, 2023. If you have an older version of the ml extension, you might need to update it for the examples in this article work. To update the extension, use the following Azure CLI command:
az extension update -n ml
The CLI examples in this article assume that you're using the Bash (or compatible) shell. For example, from a Linux system or Windows Subsystem for Linux.
The Azure CLI examples in this article use
ws
to represent the name of the workspace, andrg
to represent the name of the resource group. Change these values as needed when using the commands with your Azure subscription.
Note
If you are using UAI workspace please make sure to add the Azure AI Enterprise Network Connection Approver role to your identity. For more information, see User-assigned managed identity.
Configure a managed virtual network to allow internet outbound
Tip
The creation of the managed VNet is deferred until a compute resource is created or provisioning is manually started. When allowing automatic creation, it can take around 30 minutes to create the first compute resource as it is also provisioning the network. For more information, see Manually provision the network.
Important
If you plan to submit serverless Spark jobs, you must manually start provisioning. For more information, see the configure for serverless Spark jobs section.
To configure a managed virtual network that allows internet outbound communications, you can use either the --managed-network allow_internet_outbound
parameter or a YAML configuration file that contains the following entries:
managed_network:
isolation_mode: allow_internet_outbound
You can also define outbound rules to other Azure services that the workspace relies on. These rules define private endpoints that allow an Azure resource to securely communicate with the managed virtual network. The following rule demonstrates adding a private endpoint to an Azure Blob resource.
managed_network:
isolation_mode: allow_internet_outbound
outbound_rules:
- name: added-perule
destination:
service_resource_id: /subscriptions/<SUBSCRIPTION_ID>/resourceGroups/<RESOURCE_GROUP>/providers/Microsoft.Storage/storageAccounts/<STORAGE_ACCOUNT_NAME>
spark_enabled: true
subresource_target: blob
type: private_endpoint
You can configure a managed virtual network using either the az ml workspace create
or az ml workspace update
commands:
Create a new workspace:
The following example creates a new workspace. The
--managed-network allow_internet_outbound
parameter configures a managed virtual network for the workspace:az ml workspace create --name ws --resource-group rg --managed-network allow_internet_outbound
To create a workspace using a YAML file instead, use the
--file
parameter and specify the YAML file that contains the configuration settings:az ml workspace create --file workspace.yaml --resource-group rg --name ws
The following YAML example defines a workspace with a managed virtual network:
name: myworkspace location: EastUS managed_network: isolation_mode: allow_internet_outbound
Update an existing workspace:
Warning
Before updating an existing workspace to use a managed virtual network, you must delete all computing resources for the workspace. This includes compute instance, compute cluster, and managed online endpoints.
The following example updates an existing workspace. The
--managed-network allow_internet_outbound
parameter configures a managed virtual network for the workspace:az ml workspace update --name ws --resource-group rg --managed-network allow_internet_outbound
To update an existing workspace using the YAML file, use the
--file
parameter and specify the YAML file that contains the configuration settings:az ml workspace update --file workspace.yaml --name ws --resource-group MyGroup
The following YAML example defines a managed virtual network for the workspace. It also demonstrates how to add a private endpoint connection to a resource used by the workspace; in this example, a private endpoint for a blob store:
name: myworkspace managed_network: isolation_mode: allow_internet_outbound outbound_rules: - name: added-perule destination: service_resource_id: /subscriptions/<SUBSCRIPTION_ID>/resourceGroups/<RESOURCE_GROUP>/providers/Microsoft.Storage/storageAccounts/<STORAGE_ACCOUNT_NAME> spark_enabled: true subresource_target: blob type: private_endpoint
Configure a managed virtual network to allow only approved outbound
Tip
The managed VNet is automatically provisioned when you create a compute resource. When allowing automatic creation, it can take around 30 minutes to create the first compute resource as it is also provisioning the network. If you configured FQDN outbound rules, the first FQDN rule adds around 10 minutes to the provisioning time. For more information, see Manually provision the network.
Important
If you plan to submit serverless Spark jobs, you must manually start provisioning. For more information, see the configure for serverless Spark jobs section.
To configure a managed virtual network that allows only approved outbound communications, you can use either the --managed-network allow_only_approved_outbound
parameter or a YAML configuration file that contains the following entries:
managed_network:
isolation_mode: allow_only_approved_outbound
You can also define outbound rules to define approved outbound communication. An outbound rule can be created for a type of service_tag
, fqdn
, and private_endpoint
. The following rule demonstrates adding a private endpoint to an Azure Blob resource, a service tag to Azure Data Factory, and an FQDN to pypi.org
:
Important
- Adding an outbound for a service tag or FQDN is only valid when the managed VNet is configured to
allow_only_approved_outbound
. - If you add outbound rules, Microsoft can't guarantee data exfiltration.
Warning
FQDN outbound rules are implemented using Azure Firewall. If you use outbound FQDN rules, charges for Azure Firewall are added to your billing. For more information, see Pricing.
managed_network:
isolation_mode: allow_only_approved_outbound
outbound_rules:
- name: added-servicetagrule
destination:
port_ranges: 80, 8080
protocol: TCP
service_tag: DataFactory
type: service_tag
- name: add-fqdnrule
destination: 'pypi.org'
type: fqdn
- name: added-perule
destination:
service_resource_id: /subscriptions/<SUBSCRIPTION_ID>/resourceGroups/<RESOURCE_GROUP>/providers/Microsoft.Storage/storageAccounts/<STORAGE_ACCOUNT_NAME>
spark_enabled: true
subresource_target: blob
type: private_endpoint
You can configure a managed virtual network using either the az ml workspace create
or az ml workspace update
commands:
Create a new workspace:
The following example uses the
--managed-network allow_only_approved_outbound
parameter to configure the managed virtual network:az ml workspace create --name ws --resource-group rg --managed-network allow_only_approved_outbound
The following YAML file defines a workspace with a managed virtual network:
name: myworkspace location: EastUS managed_network: isolation_mode: allow_only_approved_outbound
To create a workspace using the YAML file, use the
--file
parameter:az ml workspace create --file workspace.yaml --resource-group rg --name ws
Update an existing workspace
Warning
Before updating an existing workspace to use a managed virtual network, you must delete all computing resources for the workspace. This includes compute instance, compute cluster, and managed online endpoints.
The following example uses the
--managed-network allow_only_approved_outbound
parameter to configure the managed virtual network for an existing workspace:az ml workspace update --name ws --resource-group rg --managed-network allow_only_approved_outbound
The following YAML file defines a managed virtual network for the workspace. It also demonstrates how to add an approved outbound to the managed virtual network. In this example, an outbound rule is added for both a service tag:
Warning
FQDN outbound rules are implemented using Azure Firewall. If you use outbound FQDN rules, charges for Azure Firewall are added to your billing.For more information, see Pricing.
name: myworkspace_dep managed_network: isolation_mode: allow_only_approved_outbound outbound_rules: - name: added-servicetagrule destination: port_ranges: 80, 8080 protocol: TCP service_tag: DataFactory type: service_tag - name: add-fqdnrule destination: 'pypi.org' type: fqdn - name: added-perule destination: service_resource_id: /subscriptions/<SUBSCRIPTION_ID>/resourceGroups/<RESOURCE_GROUP>/providers/Microsoft.Storage/storageAccounts/<STORAGE_ACCOUNT_NAME> spark_enabled: true subresource_target: blob type: private_endpoint
Configure for serverless Spark jobs
Tip
The steps in this section are only needed if you plan to submit serverless Spark jobs. If you aren't going to be submitting serverless Spark jobs, you can skip this section.
To enable the serverless Spark jobs for the managed virtual network, you must perform the following actions:
- Configure a managed virtual network for the workspace and add an outbound private endpoint for the Azure Storage Account.
- After you configure the managed virtual network, provision it and flag it to allow Spark jobs.
Configure an outbound private endpoint.
Use a YAML file to define the managed virtual network configuration and add a private endpoint for the Azure Storage Account. Also set
spark_enabled: true
:Tip
This example is for a managed VNet configured using
isolation_mode: allow_internet_outbound
to allow internet traffic. If you want to allow only approved outbound traffic, useisolation_mode: allow_only_approved_outbound
.name: myworkspace managed_network: isolation_mode: allow_internet_outbound outbound_rules: - name: added-perule destination: service_resource_id: /subscriptions/<SUBSCRIPTION_ID>/resourceGroups/<RESOURCE_GROUP>/providers/Microsoft.Storage/storageAccounts/<STORAGE_ACCOUNT_NAME> spark_enabled: true subresource_target: blob type: private_endpoint
You can use a YAML configuration file with the
az ml workspace update
command by specifying the--file
parameter and the name of the YAML file. For example, the following command updates an existing workspace using a YAML file namedworkspace_pe.yml
:az ml workspace update --file workspace_pe.yml --resource_group rg --name ws
Note
When Allow Only Approved Outbound is enabled (
isolation_mode: allow_only_approved_outbound
), conda package dependencies defined in Spark session configuration will fail to install. To resolve this problem, upload a self-contained Python package wheel with no external dependencies to an Azure storage account and create private endpoint to this storage account. Use the path to Python package wheel aspy_files
parameter in your Spark job. Setting an FQDN outbound rule will not bypass this issue as FQDN rule propagation is not supported by Spark.Provision the managed virtual network.
Note
If your workspace has public network access enabled, you must disable it before provisioning the managed VNet. If you don't disable public network access when provisioning the managed VNet, the private endpoints for the workspace may not be created automatically in the managed VNet. Otherwise, you would have to manually configure the private endpoint outbound rule for the workspace after the provisioning.
The following example shows how to provision a managed virtual network for serverless Spark jobs by using the
--include-spark
parameter.az ml workspace provision-network -g my_resource_group -n my_workspace_name --include-spark
Manually provision a managed VNet
The managed virtual network is automatically provisioned when you create a compute instance. When you rely on automatic provisioning, it can take around 30 minutes to create the first compute instance as it is also provisioning the network. If you configured FQDN outbound rules (only available with allow only approved mode), the first FQDN rule adds around 10 minutes to the provisioning time. If you have a large set of outbound rules to be provisioned in the managed network, it can take longer for provisioning to complete. The increased provisioning time can cause your first compute instance creation to time out.
To reduce the wait time and avoid potential timeout errors, we recommend manually provisioning the managed network. Then wait until the provisioning completes before you create a compute instance.
Alternatively, you can use the provision_network_now
flag to provision the managed network as part of workspace creation. This flag is in preview.
Note
To create an online deployment, you must manually provision the managed network, or create a compute instance first which will automatically provision it.
The following example shows how to provision a managed virtual network during workspace creation. The --provision-network-now
flag is in preview.
az ml workspace create -n myworkspace -g my_resource_group --managed-network AllowInternetOutbound --provision-network-now
The following example shows how to manually provision a managed virtual network.
Tip
If you plan to submit serverless Spark jobs, add the --include-spark
parameter.
az ml workspace provision-network -g my_resource_group -n my_workspace_name
To verify that the provisioning completed, use the following command:
az ml workspace show -n my_workspace_name -g my_resource_group --query managed_network
Configure image builds
When the Azure Container Registry for your workspace is behind a virtual network, it can't be used to directly build Docker images. Instead, configure your workspace to use a compute cluster or compute instance to build images.
Important
The compute resource used to build Docker images needs to be able to access the package repositories that are used to train and deploy your models. If you're using a network configured to allow only approved outbound, you might need to add rules that allow access to public repos or use private Python packages.
To update a workspace to use a compute cluster or compute instance to build Docker images, use the az ml workspace update
command with the --image-build-compute
parameter:
az ml workspace update --name ws --resource-group rg --image-build-compute mycompute
Manage outbound rules
To list the managed virtual network outbound rules for a workspace, use the following command:
az ml workspace outbound-rule list --workspace-name ws --resource-group rg
To view the details of a managed virtual network outbound rule, use the following command:
az ml workspace outbound-rule show --rule rule-name --workspace-name ws --resource-group rg
To remove an outbound rule from the managed virtual network, use the following command:
az ml workspace outbound-rule remove --rule rule-name --workspace-name ws --resource-group rg
List of required rules
Private endpoints:
- When the isolation mode for the managed virtual network is
Allow internet outbound
, private endpoint outbound rules are automatically created as required rules from the managed virtual network for the workspace and associated resources with public network access disabled (Key Vault, Storage Account, Container Registry, Azure Machine Learning workspace). - When the isolation mode for the managed virtual network is
Allow only approved outbound
, private endpoint outbound rules are automatically created as required rules from the managed virtual network for the workspace and associated resources regardless of public network access mode for those resources (Key Vault, Storage Account, Container Registry, Azure Machine Learning workspace). - These rules are automatically added to the managed virtual network.
For Azure Machine Learning to run normally, there are a set of required service tags, required in either a managed or custom virtual network set-up. There are no alternatives to replacing certain required service tags. Below is a table of each required service tag and its purpose within Azure Machine Learning.
Service tag rule | Inbound or Outbound | Purpose |
---|---|---|
AzureMachineLearning |
Inbound | Create, update, and delete of Azure Machine Learning compute instance/cluster. |
AzureMachineLearning |
Outbound | Using Azure Machine Learning services. Python intellisense in notebooks uses port 18881. Creating, updating, and deleting an Azure Machine Learning compute instance uses port 5831. |
AzureActiveDirectory |
Outbound | Authentication using Microsoft Entra ID. |
BatchNodeManagement.region |
Outbound | Communication with Azure Batch back-end for Azure Machine Learning compute instances/clusters. |
AzureResourceManager |
Outbound | Creation of Azure resources with Azure Machine Learning, Azure CLI, and Azure Machine Learning SDK. |
AzureFrontDoor.FirstParty |
Outbound | Access docker images provided by Microsoft. |
MicrosoftContainerRegistry |
Outbound | Access docker images provided by Microsoft. Setup of the Azure Machine Learning router for Azure Kubernetes Service. |
AzureMonitor |
Outbound | Used to log monitoring and metrics to Azure Monitor. Only needed if you haven't secured Azure Monitor for the workspace. This outbound is also used to log information for support incidents. |
VirtualNetwork |
Outbound | Required when private endpoints are present in the virtual network or peered virtual networks. |
Note
Service tags as the ONLY security boundary is not sufficient. For tenant level isolation, use private endpoints when possible.
List of scenario specific outbound rules
Scenario: Access public machine learning packages
To allow installation of Python packages for training and deployment, add outbound FQDN rules to allow traffic to the following host names:
Warning
FQDN outbound rules are implemented using Azure Firewall. If you use outbound FQDN rules, charges for Azure Firewall are added to your billing. For more information, see Pricing.
Note
This is not a complete list of the hosts required for all Python resources on the internet, only the most commonly used. For example, if you need access to a GitHub repository or other host, you must identify and add the required hosts for that scenario.
Host name | Purpose |
---|---|
anaconda.com *.anaconda.com |
Used to install default packages. |
*.anaconda.org |
Used to get repo data. |
pypi.org |
Used to list dependencies from the default index, if any, and the index isn't overwritten by user settings. If the index is overwritten, you must also allow *.pythonhosted.org . |
pytorch.org *.pytorch.org |
Used by some examples based on PyTorch. |
*.tensorflow.org |
Used by some examples based on Tensorflow. |
Scenario: Use Visual Studio Code desktop or web with compute instance
If you plan to use Visual Studio Code with Azure Machine Learning, add outbound FQDN rules to allow traffic to the following hosts:
Warning
FQDN outbound rules are implemented using Azure Firewall. If you use outbound FQDN rules, charges for Azure Firewall are added to your billing. For more information, see Pricing.
Note
This is not a complete list of the hosts required for all Visual Studio Code resources on the internet, only the most commonly used. For example, if you need access to a GitHub repository or other host, you must identify and add the required hosts for that scenario. For a complete list of host names, see Network Connections in Visual Studio Code.
Host name | Purpose |
---|---|
*.vscode.dev *.vscode-unpkg.net *.vscode-cdn.net *.vscodeexperiments.azureedge.net default.exp-tas.com |
Required to access vscode.dev (Visual Studio Code for the Web) |
code.visualstudio.com |
Required to download and install VS Code desktop. This host isn't required for VS Code Web. |
update.code.visualstudio.com *.vo.msecnd.net |
Used to retrieve VS Code server bits that are installed on the compute instance through a setup script. |
marketplace.visualstudio.com vscode.blob.core.windows.net *.gallerycdn.vsassets.io |
Required to download and install VS Code extensions. These hosts enable the remote connection to compute instances. For more information, see Manage Azure Machine Learning resources in VS Code. |
https://github.com/microsoft/vscode-tools-for-ai/tree/master/azureml_remote_websocket_server/* raw.githubusercontent.com |
Used to retrieve websocket server bits that are installed on the compute instance. The websocket server is used to transmit requests from Visual Studio Code client (desktop application) to Visual Studio Code server running on the compute instance. |
vscode.download.prss.microsoft.com |
Used for Visual Studio Code download CDN |
Scenario: Use batch endpoints or ParallelRunStep
If you plan to use Azure Machine Learning batch endpoints for deployment or ParallelRunStep, add outbound private endpoint rules to allow traffic to the following sub resources for the default storage account:
queue
table
Scenario: Use prompt flow with Azure OpenAI, content safety, and Azure AI Search
- Private endpoint to Azure AI Services
- Private endpoint to Azure AI Search
Scenario: Use HuggingFace models
If you plan to use HuggingFace models with Azure Machine Learning, add outbound FQDN rules to allow traffic to the following hosts:
Warning
FQDN outbound rules are implemented using Azure Firewall. If you use outbound FQDN rules, charges for Azure Firewall are added to your billing. For more information, see Pricing.
docker.io
*.docker.io
*.docker.com
production.cloudflare.docker.com
cdn.auth0.com
cdn-lfs.huggingface.co
Scenario: Enable access from selected IP Addresses
If you want to enable access from specific IP addresses, use the following actions:
Add an outbound private endpoint rule to allow traffic to the Azure Machine Learning workspace. This rule allows compute instances created in the managed virtual network to access the workspace.
Tip
You can't add this rule during workspace creation, as the workspace doesn't exist yet.
Enable public network access to the workspace. For more information, see public network access enabled.
Add your IP addresses to the firewall for Azure Machine Learning. For more information, see enable access only from IP ranges.
Note
Only IPv4 addresses are supported.
For more information, see Configure private link.
Private endpoints
Private endpoints are currently supported for the following Azure services:
- Azure Machine Learning
- Azure Machine Learning registries
- Azure Storage (all sub resource types)
- Azure Container Registry
- Azure Key Vault
- Azure AI services
- Azure AI Search (formerly Cognitive Search)
- Azure SQL Server
- Azure Data Factory
- Azure Cosmos DB (all sub resource types)
- Azure Event Hubs
- Azure Redis Cache
- Azure Databricks
- Azure Database for MariaDB
- Azure Database for PostgreSQL Single Server
- Azure Database for PostgreSQL Flexible Server
- Azure Database for MySQL
- Azure API Management
When you create a private endpoint, you provide the resource type and subresource that the endpoint connects to. Some resources have multiple types and subresources. For more information, see what is a private endpoint.
When you create a private endpoint for Azure Machine Learning dependency resources, such as Azure Storage, Azure Container Registry, and Azure Key Vault, the resource can be in a different Azure subscription. However, the resource must be in the same tenant as the Azure Machine Learning workspace.
Important
When configuring private endpoints for an Azure Machine Learning managed VNet, the private endpoints are only created when created when the first compute is created or when managed VNet provisioning is forced. For more information on forcing the managed VNet provisioning, see Configure for serverless Spark jobs.
Select an Azure Firewall version for allowed only approved outbound (Preview)
An Azure Firewall is deployed if an FQDN outbound rule is created while in the allow only approved outbound mode. Charges for the Azure Firewall are included in your billing. By default, a Standard version of AzureFirewall is created. Optionally, you can select to use a Basic version. You can change the firewall version used as needed. To figure out which version is best for you, visit Choose the right Azure Firewall version.
Important
The firewall isn't created until you add an outbound FQDN rule. For more information on pricing, see Azure Firewall pricing and view prices for the standard version.
Use the following tabs to learn how to select the firewall version for your managed virtual network.
To configure the firewall version from the CLI, use a YAML file and specify the firewall_sku
. The following example demonstrates a YAML file that sets the firewall SKU to basic
:
name: test-ws
resource_group: test-rg
location: eastus2
managed_network:
isolation_mode: allow_only_approved_outbound
outbound_rules:
- category: required
destination: 'contoso.com'
name: contosofqdn
type: fqdn
firewall_sku: basic
tags: {}
Pricing
The Azure Machine Learning managed virtual network feature is free. However, you're charged for the following resources that are used by the managed virtual network:
Azure Private Link - Private endpoints used to secure communications between the managed virtual network and Azure resources relies on Azure Private Link. For more information on pricing, see Azure Private Link pricing.
FQDN outbound rules - FQDN outbound rules are implemented using Azure Firewall. If you use outbound FQDN rules, charges for Azure Firewall are added to your billing. A standard version of Azure Firewall is used by default. For information on selecting the basic version, see Select an Azure Firewall version.
Important
The firewall isn't created until you add an outbound FQDN rule. For more information on pricing, see Azure Firewall pricing and view prices for the standard version.
Limitations
- Once you enable managed virtual network isolation of your workspace (either allow internet outbound or allow only approved outbound), you can't disable it.
- Managed virtual network uses private endpoint connection to access your private resources. You can't have a private endpoint and a service endpoint at the same time for your Azure resources, such as a storage account. We recommend using private endpoints in all scenarios.
- The managed virtual network is deleted when the workspace is deleted. When deleting Azure Machine Learning resources in your Azure subscription, disable any resource locks or locks which prevent deletion of resources you created, or were created by Microsoft for the managed virtual network.
- Data exfiltration protection is automatically enabled for the only approved outbound mode. If you add other outbound rules, such as to FQDNs, Microsoft can't guarantee that you're protected from data exfiltration to those outbound destinations.
- Creating a compute cluster in a different region than the workspace isn't supported when using a managed virtual network.
- Kubernetes and attached VMs aren't supported in an Azure Machine Learning managed virtual network.
- Using FQDN outbound rules increases the cost of the managed virtual network because FQDN rules use Azure Firewall. For more information, see Pricing.
- FQDN outbound rules only support ports 80 and 443.
- If your compute instance is in a managed network and is configured for no public IP, use the
az ml compute connect-ssh
command to connect to it using SSH. - When using Managed virtual network, you can't deploy compute resources inside your custom virtual network. Compute resources can only be created inside the managed virtual network.
- Managed network isolation can't establish a private connection from the managed virtual network to a user's on-premises resources. For the list of supported private connections, see Private Endpoints.
- If your managed network is configured to allow only approved outbound, you can't use an FQDN rule to access Azure Storage Accounts. You must use a private endpoint instead.
- Ensure to allowlist Microsoft-managed private endpoints created for the managed virtual network in your custom policy.
Migration of compute resources
If you have an existing workspace and want to enable managed virtual network for it, there's currently no supported migration path for existing manged compute resources. You'll need to delete all existing managed compute resources and recreate them after enabling the managed virtual network. The following list contains the compute resources that must be deleted and recreated:
- Compute cluster
- Compute instance
- Managed online endpoints