Skip to content

ML Workspace has public access disabled#

Security · Machine Learning · Rule · 2023_12

Disable public network access from a Azure Machine Learning workspace.

Description#

Disabling public network access improves security by ensuring that the Machine Learning Workspaces aren't exposed on the public internet. You can control exposure of your workspaces by creating private endpoints instead. By default, a public endpoint is enabled for Machine Learning workspaces. The public endpoint is used for all access except for requests that use a Private Endpoint. Access through the public endpoint can be disabled or restricted to authorized virtual networks.

Data exfiltration is an attack where an malicious actor does an unauthorized data transfer. Private Endpoints help control exposure of a workspace to data exfiltration by an internal or external malicious actor. They do this by providing clear separation between public and private endpoints. As a result, broad access to public endpoints which could be operated by a malicious actor are not required.

Recommendation#

Consider disabling access from public endpoints by setting the publicNetworkAccess property to Disabled as part of a broader security strategy.

Examples#

Configure with Azure template#

To deploy an ML - Workspace that passes this rule:

  • Set the properties.publicNetworkAccess property to Disabled.
  • If the properties.allowPublicAccessWhenBehindVnet property is defined remove the property. Switch to using the properties.publicNetworkAccess property instead. Configuring both properties is not required.

For example:

Azure Template snippet
{
  "type": "Microsoft.MachineLearningServices/workspaces",
  "apiVersion": "2023-04-01",
  "name": "[parameters('name')]",
  "location": "[parameters('location')]",
  "sku": {
    "name": "basic",
    "tier": "basic"
  },
  "identity": {
    "type": "SystemAssigned"
  },
  "properties": {
    "friendlyName": "[parameters('name')]",
    "keyVault": "[resourceId('Microsoft.KeyVault/vaults', parameters('KeyVaultName'))]",
    "storageAccount": "[resourceId('Microsoft.Storage/storageAccounts', parameters('StorageAccountName'))]",
    "applicationInsights": "[resourceId('Microsoft.Insights/components', parameters('AppInsightsName'))]",
    "containerRegistry": "[resourceId('Microsoft.ContainerRegistry/registries', parameters('ContainerRegistryName'))]",
    "publicNetworkAccess": "Disabled"
  }
}

Configure with Bicep#

To deploy an ML - Workspace that passes this rule:

  • Set the properties.publicNetworkAccess property to Disabled.
  • If the properties.allowPublicAccessWhenBehindVnet property is defined remove the property. Switch to using the properties.publicNetworkAccess property instead. Configuring both properties is not required.

For example:

Azure Bicep snippet
resource workspace 'Microsoft.MachineLearningServices/workspaces@2023-04-01' = {
  name: name
  location: location
  sku: {
    name: 'basic'
    tier: 'basic'
  }
  identity: {
    type: 'UserAssigned'
    userAssignedIdentities: {
      '${identity.id}': {}
    }
  }
  properties: {
    friendlyName: friendlyName
    keyVault: keyVault.id
    storageAccount: storageAccount.id
    applicationInsights: appInsights.id
    containerRegistry: containerRegistry.id
    publicNetworkAccess: 'Disabled'
    primaryUserAssignedIdentity: identity.id
  }
}

Comments