ML Workspace has public access disabled#
Security · Machine Learning · Rule · 2023_12 · Critical
Disable public network access from a Azure Machine Learning workspace.
Description#
Disabling public network access improves security by ensuring that the Machine Learning Workspaces aren't exposed on the public internet. You can control exposure of your workspaces by creating private endpoints instead. By default, a public endpoint is enabled for Machine Learning workspaces. The public endpoint is used for all access except for requests that use a Private Endpoint. Access through the public endpoint can be disabled or restricted to authorized virtual networks.
Data exfiltration is an attack where an malicious actor does an unauthorized data transfer. Private Endpoints help control exposure of a workspace to data exfiltration by an internal or external malicious actor. They do this by providing clear separation between public and private endpoints. As a result, broad access to public endpoints which could be operated by a malicious actor are not required.
Recommendation#
Consider disabling access from public endpoints by setting the publicNetworkAccess property to Disabled as part of a broader security strategy.
Examples#
Configure with Azure template#
To deploy an ML - Workspace that passes this rule:
- Set the
properties.publicNetworkAccessproperty toDisabled. - If the
properties.allowPublicAccessWhenBehindVnetproperty is defined remove the property. Switch to using theproperties.publicNetworkAccessproperty instead. Configuring both properties is not required.
For example:
{
"type": "Microsoft.MachineLearningServices/workspaces",
"apiVersion": "2023-04-01",
"name": "[parameters('name')]",
"location": "[parameters('location')]",
"sku": {
"name": "basic",
"tier": "basic"
},
"identity": {
"type": "SystemAssigned"
},
"properties": {
"friendlyName": "[parameters('name')]",
"keyVault": "[resourceId('Microsoft.KeyVault/vaults', parameters('KeyVaultName'))]",
"storageAccount": "[resourceId('Microsoft.Storage/storageAccounts', parameters('StorageAccountName'))]",
"applicationInsights": "[resourceId('Microsoft.Insights/components', parameters('AppInsightsName'))]",
"containerRegistry": "[resourceId('Microsoft.ContainerRegistry/registries', parameters('ContainerRegistryName'))]",
"publicNetworkAccess": "Disabled"
}
}
Configure with Bicep#
To deploy an ML - Workspace that passes this rule:
- Set the
properties.publicNetworkAccessproperty toDisabled. - If the
properties.allowPublicAccessWhenBehindVnetproperty is defined remove the property. Switch to using theproperties.publicNetworkAccessproperty instead. Configuring both properties is not required.
For example:
resource workspace 'Microsoft.MachineLearningServices/workspaces@2023-04-01' = {
name: name
location: location
sku: {
name: 'basic'
tier: 'basic'
}
identity: {
type: 'UserAssigned'
userAssignedIdentities: {
'${identity.id}': {}
}
}
properties: {
friendlyName: friendlyName
keyVault: keyVault.id
storageAccount: storageAccount.id
applicationInsights: appInsights.id
containerRegistry: containerRegistry.id
publicNetworkAccess: 'Disabled'
primaryUserAssignedIdentity: identity.id
}
}
Links#
- WAF - Azure services for securing network connectivity
- Configure a private endpoint for an Azure Machine Learning workspace
- ML - Public access to Workspaces
- NS-2: Secure cloud services with network controls
- Security and governance for ML
- Azure deployment reference