Governance Policies Azure AI Machine Learning - Azure/az-prototype GitHub Wiki
Governance policies for Machine Learning
Domain: azure-ai
| Name | Description |
|---|---|
| ML workspace with managed network and CMK | Secure ML workspace with network isolation, CMK encryption, and associated resources |
| Description | Instead |
|---|---|
| Do not deploy ML workspace without associated Key Vault, Storage, and App Insights | Always provision the four required dependency resources before workspace creation |
| Do not use workspace access keys for programmatic access | Use managed identity and RBAC role assignments (AzureML Data Scientist) |
| Do not deploy compute with public IPs | Set enableNodePublicIp=false and use managed network isolation |
| Check | Severity | Description |
|---|---|---|
| AZ-ML-001 | Required | Deploy Azure Machine Learning workspace with managed identity, high business impact, and no public access |
| AZ-ML-002 | Required | Deploy compute instances and clusters with managed identity and no public IP |
| AZ-ML-003 | Recommended | Use managed online endpoints with managed identity for model serving |
Deploy Azure Machine Learning workspace with managed identity, high business impact, and no public access
Severity: Required
Rationale: ML workspaces handle sensitive training data and models; managed identity eliminates credential sprawl
Agents: terraform-agent, bicep-agent, cloud-architect
- Microsoft.MachineLearningServices/workspaces
| Resource | Name | Purpose |
|---|---|---|
| Microsoft.Network/privateEndpoints | pe-ml-workspace | Private endpoint for ML workspace to eliminate public network exposure |
| Microsoft.Network/privateDnsZones | privatelink.api.azureml.ms | Private DNS zone for ML workspace API endpoint |
| Microsoft.Network/privateDnsZones | privatelink.notebooks.azure.net | Private DNS zone for ML workspace notebook endpoint |
| Microsoft.Insights/diagnosticSettings | diag-ml-workspace | Diagnostic settings to route ML workspace activity logs to Log Analytics |
| Microsoft.Authorization/roleAssignments | AzureML Data Scientist / Compute Operator | RBAC role assignments for data scientists and compute operators |
Deploy compute instances and clusters with managed identity and no public IP
Severity: Required
Rationale: Compute resources with public IPs and no identity create attack surface and credential risk
Agents: terraform-agent, bicep-agent, cloud-architect
- Microsoft.MachineLearningServices/workspaces
Use managed online endpoints with managed identity for model serving
Severity: Recommended
Rationale: Managed endpoints handle scaling, versioning, and traffic splitting; managed identity secures model access
Agents: terraform-agent, bicep-agent, cloud-architect, app-developer, csharp-developer, python-developer
- Microsoft.MachineLearningServices/workspaces