[ml] secure defaults for managed network and pna disabled (#36965)

* if user specifies managed network or pna disabled, associated resources should match

* update changelog

---------

Co-authored-by: Josh Harrington <[email protected]>

Author: joshharrin

sdk/ml/azure-ai-ml/CHANGELOG.md

@@ -2,6 +2,9 @@
 
 ## 1.20.0 (unreleased)
 
+### Features Added
+- When a workspace is created with `managed_network` enabled or has `public_network_access` set to disabled, the resources created with the workspace (Key Vault, Storage Account) will be set to have restricted network access settings. This is only applicable when the user does not specify existing resources.
+
 ## 1.19.0 (2024-07-29)
 
 ### Feature Added

sdk/ml/azure-ai-ml/azure/ai/ml/_arm_deployments/arm_templates/workspace_base.json

@@ -39,6 +39,17 @@
                 "description": "Specifies the resource group name of the Azure Machine Learning workspace."
             }
         },
+        "associatedResourcePNA": {
+            "type": "string",
+            "defaultValue": "Enabled",
+            "allowedValues": [
+                "Enabled",
+                "Disabled"
+            ],
+            "metadata": {
+                "description": "Determines the PublicNetworkAccess mode of new workspace-associated resources provisioned alongside with workspace."
+            }
+        },
         "storageAccountOption": {
             "type": "string",
             "defaultValue": "new",
@@ -640,6 +651,10 @@
                 }
             ]
         },
+        "networkAclsForManagedNetworkDependencies": {
+            "defaultAction": "deny",
+            "bypass": "AzureServices"
+        },
         "privateEndpointSettings": {
             "name": "[concat(parameters('workspaceName'), '-PrivateEndpoint')]",
             "properties": {
@@ -706,7 +721,7 @@
         {
             "condition": "[and(variables('enablePE'), equals(parameters('storageAccountOption'), 'new'))]",
             "type": "Microsoft.Storage/storageAccounts",
-            "apiVersion": "2019-04-01",
+            "apiVersion": "2023-04-01",
             "name": "[parameters('storageAccountName')]",
             "tags": "[parameters('tagValues')]",
             "dependsOn": [
@@ -731,7 +746,8 @@
                 },
                 "supportsHttpsTrafficOnly": true,
                 "allowBlobPublicAccess": false,
-                "networkAcls": "[if(equals(parameters('storageAccountBehindVNet'), 'true'), variables('networkRuleSetBehindVNet'), json('null'))]",
+                "networkAcls": "[if(equals(parameters('associatedResourcePNA'), 'Disabled'), variables('networkAclsForManagedNetworkDependencies'), if(equals(parameters('storageAccountBehindVNet'), 'true'), variables('networkRuleSetBehindVNet'), json('null')))]",
+                "publicNetworkAccess": "[parameters('associatedResourcePNA')]",
                 "isHnsEnabled": "[equals(parameters('kind'), 'featurestore')]",
                 "minimumTlsVersion": "[if(equals(parameters('kind'), 'featurestore'), 'TLS1_2', 'TLS1_0')]"
             }
@@ -778,7 +794,7 @@
         {
             "condition": "[and(variables('enablePE'), equals(parameters('keyVaultOption'), 'new'))]",
             "type": "Microsoft.KeyVault/vaults",
-            "apiVersion": "2019-09-01",
+            "apiVersion": "2023-07-01",
             "tags": "[parameters('tagValues')]",
             "dependsOn": [
                 "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('vnetName'), parameters('subnetName'))]"
@@ -793,7 +809,8 @@
                 },
                 "accessPolicies": [],
                 "enableRbacAuthorization": true,
-                "networkAcls": "[if(equals(parameters('keyVaultBehindVNet'), 'true'), variables('networkRuleSetBehindVNet'), json('null'))]"
+                "networkAcls": "[if(equals(parameters('associatedResourcePNA'), 'Disabled'), variables('networkAclsForManagedNetworkDependencies'), if(equals(parameters('keyVaultBehindVNet'), 'true'), variables('networkRuleSetBehindVNet'), json('null')))]",
+                "publicNetworkAccess": "[parameters('associatedResourcePNA')]"
             }
         },
         {

sdk/ml/azure-ai-ml/azure/ai/ml/_arm_deployments/arm_templates/workspace_param.json

@@ -29,6 +29,9 @@
     "keyVaultResourceGroupName": {
         "value": ""
     },
+    "associatedResourcePNA": {
+        "value": "Enabled"
+    },
     "storageAccountOption": {
         "value": "new"
     },

sdk/ml/azure-ai-ml/azure/ai/ml/operations/_workspace_operations_base.py

@@ -654,6 +654,7 @@ def _populate_arm_parameters(self, workspace: Workspace, **kwargs: Any) -> Tuple
 
         if workspace.public_network_access:
             _set_val(param["publicNetworkAccess"], workspace.public_network_access)
+            _set_val(param["associatedResourcePNA"], workspace.public_network_access)
 
         if workspace.system_datastores_auth_mode:
             _set_val(param["systemDatastoresAuthMode"], workspace.system_datastores_auth_mode)
@@ -756,6 +757,11 @@ def _populate_arm_parameters(self, workspace: Workspace, **kwargs: Any) -> Tuple
         managed_network = None
         if workspace.managed_network:
             managed_network = workspace.managed_network._to_rest_object()
+            if workspace.managed_network.isolation_mode in [
+                IsolationMode.ALLOW_INTERNET_OUTBOUND,
+                IsolationMode.ALLOW_ONLY_APPROVED_OUTBOUND,
+            ]:
+                _set_val(param["associatedResourcePNA"], "Disabled")
         else:
             managed_network = ManagedNetwork(isolation_mode=IsolationMode.DISABLED)._to_rest_object()
         _set_obj_val(param["managedNetwork"], managed_network)