Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Note
This document refers to the Microsoft Foundry (classic) portal only.
This document is also specific to a hub-based project, and doesn't apply to a Foundry project. See How do I know which type of project I have? and Create a hub-based project.
As a platform administrator, you can use policies to lay out guardrails for teams to manage their own resources. Azure Policy helps audit and govern resource state. This article explains how you can use audit controls and governance practices for Microsoft Foundry.
Policies for Foundry hubs and projects
Azure Policy is a governance tool that allows you to ensure that Azure resources are compliant with your policies.
Azure Policy provides a set of policies that you can use for common scenarios with Foundry hubs and projects. You can assign these policy definitions to your existing subscription or use them as the basis to create your own custom definitions.
The following table lists the built-in policies that apply to both Foundry and Azure Machine Learning. For a list of all Azure built-in policies, see Built-in policies.
Important
Once a policy is assigned, it's applied to both Foundry and Azure Machine Learning workspaces. For example, a policy at the subscription level that disables public network access would apply to all Foundry hubs and projects, and Azure Machine Learning workspaces.
| Name (Azure portal) |
Description | Effects | Version (GitHub) |
|---|---|---|---|
| Compute Instance should have idle shutdown. | Having an idle shutdown schedule reduces cost by shutting down computes that are idle after a predetermined period of activity. | Audit, Deny, Disabled | 1.0.0 |
| Compute instances should be recreated to get the latest software updates | Ensure compute instances run on the latest available operating system. Security is improved and vulnerabilities reduced by running with the latest security patches. For more information, visit https://aka.ms/azureml-ci-updates/. | [parameters('effects')] | 1.0.3 |
| Computes should be in a virtual network | Azure Virtual Networks provide enhanced security and isolation for your compute clusters and instances, as well as subnets, access control policies, and other features to further restrict access. When a compute is configured with a virtual network, it isn't publicly addressable and can only be accessed from virtual machines and applications within the virtual network. | Audit, Disabled | 1.0.1 |
| Computes should have local authentication methods disabled | Disabling local authentication methods improves security by ensuring that computes require Microsoft Entra ID identities exclusively for authentication. Learn more at: https://aka.ms/azure-ml-aad-policy. | Audit, Deny, Disabled | 2.1.0 |
| Hubs should be encrypted with a customer-managed key | Manage encryption at rest of data with customer-managed keys. By default, customer data is encrypted with service-managed keys, but customer-managed keys are commonly required to meet regulatory compliance standards. Customer-managed keys enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more at https://aka.ms/azureml-workspaces-cmk. | Audit, Deny, Disabled | 1.1.0 |
| Hubs should disable public network access | Disabling public network access improves security by ensuring that hubs and projects aren't exposed on the public internet. You can control exposure of your workspaces by creating private endpoints instead. Learn more at: https://learn.microsoft.com/azure/ai-studio/how-to\configure-private-link. | Audit, Deny, Disabled | 2.0.1 |
| Hubs should use private link | Azure Private Link lets you connect your virtual network to Azure services without a public IP address at the source or destination. The Private Link platform handles the connectivity between the consumer and services over the Azure backbone network. By mapping private endpoints to hubs, data leakage risks are reduced. Learn more about private links at: https://learn.microsoft.com/azure/ai-studio/how-to/configure-private-link. | Audit, Disabled | 1.0.0 |
| Hubs should use user-assigned managed identity | Manage access to hubs and associated resources, Azure Container Registry, KeyVault, Storage, and App Insights using user-assigned managed identity. By default, system-assigned managed identity is used by a hub to access the associated resources. User-assigned managed identity allows you to create the identity as an Azure resource and maintain the life cycle of that identity. | Audit, Deny, Disabled | 1.0.0 |
| Computes to disable local authentication methods | Disable location authentication methods so that your computes require Microsoft Entra ID identities exclusively for authentication. Learn more at: https://aka.ms/azure-ml-aad-policy. | Modify, Disabled | 2.1.0 |
| Configure hubs to use private DNS zones | Use private DNS zones to override the DNS resolution for a private endpoint. A private DNS zone links to your virtual network to resolve to Foundry hubs. | DeployIfNotExists, Disabled | 1.1.0 |
| Configure hubs to disable public network access | Disable public network access for hubs and projects so that they aren't accessible over the public internet. This helps protect the workspaces against data leakage risks. You can control exposure of your workspaces by creating private endpoints instead. Learn more at: https://learn.microsoft.com/azure/ai-studio/how-to/configure-private-link. | Modify, Disabled | 1.0.3 |
| Configure Azure hubs with private endpoints | Private endpoints connect your virtual network to Azure services without a public IP address at the source or destination. By mapping private endpoints to your hub, you can reduce data leakage risks. Learn more about private links at: https://learn.microsoft.com/azure/ai-studio/how-to/configure-private-link. | DeployIfNotExists, Disabled | 1.0.0 |
| Configure diagnostic settings for hubs to Log Analytics workspace | Deploys the diagnostic settings for Foundry hubs to stream resource logs to a Log Analytics Workspace when any hub which is missing this diagnostic setting is created or updated. | DeployIfNotExists, Disabled | 1.0.1 |
| Resource logs in hubs should be enabled | Resource logs enable recreating activity trails to use for investigation purposes when a security incident occurs or when your network is compromised. | AuditIfNotExists, Disabled | 1.0.1 |
Policies can be set at different scopes, such as at the subscription or resource group level. For more information, see the Azure Policy documentation.
Assign built-in policies
To view the built-in policy definitions, use the following steps:
- Go to Azure Policy in the Azure portal.
- Select Definitions.
- For Type, select Built-in. For Category, select Machine Learning.
Select a policy definition to view it. While viewing a definition, select Assign to assign the policy to a scope and configure its parameters. For more information, see Create a policy assignment to identify noncompliant resources using Azure portal.
Assign policies by using Azure PowerShell, Azure CLI, or templates.
Conditional access policies
Control access to Foundry hubs and projects by using Microsoft Entra Conditional Access. For hubs, assign the Conditional Access policy to these apps:
| App name | App ID | Description |
|---|---|---|
| Foundry App | cb2ff863-7f30-4ced-ab89-a00194bcf6d9 | Controls access to the Foundry portal. |
| Azure Machine Learning Web App | d7304df8-741f-47d3-9bc2-df0e24e2071f | Controls access to Azure Machine Learning studio. |
| Azure Machine Learning | 0736f41a-0425-bdb5-1563eff02385 | Controls direct access to the Azure Machine Learning API (for example, when using the SDK or REST API). Foundry hub-based projects rely on this API. |
Configure built-in policies
Compute instance should have idle shutdown
This policy controls whether a compute instance should have idle shutdown enabled. Idle shutdown automatically stops the compute instance when it's idle for a specified period of time. This policy is useful for cost savings and to ensure that resources aren't being used unnecessarily.
To configure this policy, set the effect parameter to Audit, Deny, or Disabled. If you set the effect to Audit, you can create a compute instance without idle shutdown. The service creates a warning event in the activity log.
Compute instances should be recreated to get software updates
Controls whether compute instances should be audited to make sure they're running the latest available software updates. This policy is useful to ensure that compute instances are running the latest software updates to maintain security and performance. For more information, see Vulnerability management.
To configure this policy, set the effect parameter to Audit or Disabled. If set to Audit, a warning event is created in the activity log when a compute isn't running the latest software updates.
Compute cluster and instance should be in a virtual network
Controls auditing of compute cluster and instance resources behind a virtual network.
To configure this policy, set the effect parameter to Audit or Disabled. If set to Audit, you can create a compute that isn't configured behind a virtual network and a warning event is created in the activity log.
Compute clusters and instances should have local authentication disabled
Controls whether a compute cluster or instance should disable local authentication (SSH).
To configure this policy, set the effect parameter to Audit, Deny, or Disabled. If set to Audit, you can create a compute with SSH enabled and a warning event is created in the activity log.
If the policy is set to Deny, then you can't create a compute unless SSH is disabled. Attempting to create a compute with SSH enabled results in an error. The error is also logged in the activity log. The policy identifier is returned as part of this error.
Hubs should be encrypted with a customer-managed key
Controls whether a hub and its projects should be encrypted with a customer-managed key, or with a Microsoft-managed key to encrypt metrics and metadata. For more information on using customer-managed key, see the Customer-managed keys article.
To configure this policy, set the effect parameter to Audit or Deny. If set to Audit, you can create a hub without a customer-managed key and a warning event is created in the activity log.
If the policy is set to Deny, then you can't create a hub unless it specifies a customer-managed key. Attempting to create a hub without a customer-managed key results in an error similar to Resource 'clustername' was disallowed by policy and creates an error in the activity log. The policy identifier is also returned as part of this error.
Configure hubs to disable public network access
Controls whether a hub and its projects should disable network access from the public internet.
To configure this policy, set the effect parameter to Audit, Deny, or Disabled. If set to Audit, you can create a hub with public access and a warning event is created in the activity log.
If the policy is set to Deny, then you can't create a hub that allows network access from the public internet.
Hubs should use Azure Private Link
Controls whether a hub and its projects should use Azure Private Link to communicate with Azure Virtual Network. For more information on using private link, see Configure a private endpoint.
To configure this policy, set the effect parameter to Audit or Deny. If set to Audit, you can create a hub without using private link and a warning event is created in the activity log.
If the policy is set to Deny, then you can't create a hub unless it uses a private link. Attempting to create a hub without a private link results in an error. The error is also logged in the activity log. The policy identifier is returned as part of this error.
Hubs should use a user-assigned managed identity
Controls whether a hub is created using a system-assigned managed identity (default) or a user-assigned managed identity. The managed identity for the hub is used to access associated resources such as Azure Storage, Azure Container Registry, Azure Key Vault, and Azure Application Insights.
To configure this policy, set the effect parameter to Audit, Deny, or Disabled. If set to Audit, you can create a hub without specifying a user-assigned managed identity. A system-assigned identity is used, and a warning event is created in the activity log.
If the policy is set to Deny, then you can't create a hub unless you provide a user-assigned identity during the creation process. Attempting to create a hub without providing a user-assigned identity results in an error. The error is also logged to the activity log. The policy identifier is returned as part of this error.
Configure compute resources to modify or disable local authentication
This policy modifies any compute cluster or instance creation request to disable local authentication (SSH).
To configure this policy, set the effect parameter to Modify or Disabled. If set Modify, any creation of a compute cluster or instance within the scope where the policy applies automatically has local authentication disabled.
Configure a hub to use private DNS zones
This policy configures a hub to use a private DNS zone, overriding the default DNS resolution for a private endpoint.
To configure this policy, set the effect parameter to DeployIfNotExists. Set the privateDnsZoneId to the Azure Resource Manager ID of the private DNS zone to use.
Configure a hub to disable public network access
Configures a hub and its projects to disable network access from the public internet. Disabling public network access helps protect against data leakage risks. You can instead access your hub and projects by creating private endpoints. For more information, see Configure a private endpoint.
To configure this policy, set the effect parameter to Modify or Disabled. If set to Modify, any creation of a hub within the scope where the policy applies automatically has public network access disabled.
Configure a hub with private endpoints
Configures a hub to create a private endpoint within the specified subnet of an Azure Virtual Network.
To configure this policy, set the effect parameter to DeployIfNotExists. Set the privateEndpointSubnetID to the Azure Resource Manager ID of the subnet.
Configure diagnostic hub to send logs to Log Analytics workspaces
Configures the diagnostic settings for a hub to send logs to a Log Analytics workspace.
To configure this policy, set the effect parameter to DeployIfNotExists or Disabled. If set to DeployIfNotExists, the policy creates a diagnostic setting to send logs to a Log Analytics workspace if it doesn't already exist.
Resource logs in a hub should be enabled
Audits whether resource logs are enabled for a hub. Resource logs provide detailed information about operations performed on resources in the hub.
To configure this policy, set the effect parameter to AuditIfNotExists or Disabled. If set to AuditIfNotExists, the policy audits if resource logs aren't enabled for the hub.
Create custom definitions
Create custom policies by using the Azure Policy definition structure. Use the Azure Policy Visual Studio Code extension to author and test policies.
List policy aliases for Azure Machine Learning with this Azure CLI command:
az provider show --namespace Microsoft.MachineLearningServices --expand "resourceTypes/aliases" --query "resourceTypes[].aliases[].name"
Find allowed values for a specific alias in the Azure Machine Learning REST API reference.
For a general tutorial on creating custom policies, see Create a custom policy definition.
Example: Deny serverless Spark compute jobs
{
"properties": {
"displayName": "Deny serverless Spark compute jobs",
"description": "Deny serverless Spark compute jobs",
"mode": "All",
"policyRule": {
"if": {
"allOf": [
{
"field": "Microsoft.MachineLearningServices/workspaces/jobs/jobType",
"in": [
"Spark"
]
}
]
},
"then": {
"effect": "Deny"
}
},
"parameters": {}
}
}
Example: Deny public IPs for managed computes
{
"properties": {
"displayName": "Deny compute instance and compute cluster creation with public IP",
"description": "Deny compute instance and compute cluster creation with public IP",
"mode": "All",
"parameters": {
"effectType": {
"type": "string",
"defaultValue": "Deny",
"allowedValues": [
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
}
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.MachineLearningServices/workspaces/computes"
},
{
"allOf": [
{
"field": "Microsoft.MachineLearningServices/workspaces/computes/computeType",
"notEquals": "AKS"
},
{
"field": "Microsoft.MachineLearningServices/workspaces/computes/enableNodePublicIP",
"equals": true
}
]
}
]
},
"then": {
"effect": "[parameters('effectType')]"
}
}
}
}
Related content
- Azure Policy documentation
- Working with security policies with Microsoft Defender for Cloud
- The Cloud Adoption Framework scenario for data management and analytics outlines considerations for running data and analytics workloads in the cloud.
- Use policy to integrate Azure Private Link with Azure Private DNS zones