Skip to content

Commit 0aa3edb

Browse files
BlackmistBlackmist
committed
incorporating feedback
1 parent c76705b commit 0aa3edb

File tree

1 file changed

+74
-18
lines changed

1 file changed

+74
-18
lines changed

articles/machine-learning/how-to-integrate-azure-policy.md

Lines changed: 74 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -1,15 +1,17 @@
11
---
22
title: Audit and manage Azure Machine Learning
33
titleSuffix: Azure Machine Learning
4-
description: Learn how to use Azure Policy to use built-in policies for Azure Machine Learning to make sure your workspaces are compliant with your requirements.
4+
description: Learn how to use Azure Policy with Azure Machine Learning to make sure your workspaces are compliant with your requirements.
55
author: Blackmist
66
ms.author: larryfr
7-
ms.date: 08/30/2024
7+
ms.date: 09/04/2024
88
services: machine-learning
99
ms.service: azure-machine-learning
1010
ms.subservice: enterprise-readiness
1111
ms.topic: how-to
1212
ms.reviewer: jhirono
13+
ms.custom: FY25Q1-Linter
14+
# Customer Intent: As an admin, I want to understand how I can use Azure Policy to audit and manage Azure Machine Learning resources so that I can ensure compliance with my organization's requirements.
1315
---
1416

1517
# Audit and manage Azure Machine Learning
@@ -174,32 +176,86 @@ To discover the allowed values for a specific alias, visit the [Azure Machine Le
174176

175177
For a tutorial (not Azure Machine Learning specific) on how to create custom policies, visit [Create a custom policy definition](/azure/governance/policy/tutorials/create-custom-policy-definition).
176178

177-
### How to find values to use in policies
178-
179179
### Example: Block serverless spark compute jobs
180180

181181
```json
182182
{
183-
"mode": "All",
184-
"policyRule": {
185-
"if": {
186-
"allOf": [
187-
{
188-
"field": "Microsoft.MachineLearningServices/workspaces/jobs/jobType",
189-
"in": [
190-
"Spark"
191-
]
183+
"properties": {
184+
"displayName": "Deny serverless Spark compute jobs",
185+
"description": "Deny serverless Spark compute jobs",
186+
"mode": "All",
187+
"policyRule": {
188+
"if": {
189+
"allOf": [
190+
{
191+
"field": "Microsoft.MachineLearningServices/workspaces/jobs/jobType",
192+
"in": [
193+
"Spark"
194+
]
195+
}
196+
]
197+
},
198+
"then": {
199+
"effect": "Deny"
200+
}
201+
},
202+
"parameters": {}
203+
}
204+
}
205+
```
206+
207+
### Example: Configure no public IP for managed computes
208+
209+
```json
210+
{
211+
"properties": {
212+
"displayName": "Deny compute instance and compute cluster creation with public IP",
213+
"description": "Deny compute instance and compute cluster creation with public IP",
214+
"mode": "all",
215+
"parameters": {
216+
"effectType": {
217+
"type": "string",
218+
"defaultValue": "Deny",
219+
"allowedValues": [
220+
"Deny",
221+
"Disabled"
222+
],
223+
"metadata": {
224+
"displayName": "Effect",
225+
"description": "Enable or disable the execution of the policy"
192226
}
193-
]
227+
}
194228
},
195-
"then": {
196-
"effect": "Deny"
229+
"policyRule": {
230+
"if": {
231+
"allOf": [
232+
{
233+
"field": "type",
234+
"equals": "Microsoft.MachineLearningServices/workspaces/computes"
235+
},
236+
{
237+
"allOf": [
238+
{
239+
"field": "Microsoft.MachineLearningServices/workspaces/computes/computeType",
240+
"notEquals": "AKS"
241+
},
242+
{
243+
"field": "Microsoft.MachineLearningServices/workspaces/computes/enableNodePublicIP",
244+
"equals": true
245+
}
246+
]
247+
}
248+
]
249+
},
250+
"then": {
251+
"effect": "[parameters('effectType')]"
252+
}
197253
}
198-
},
199-
"parameters": {}
254+
}
200255
}
201256
```
202257

258+
203259
## Related content
204260

205261
* [Azure Policy documentation](/azure/governance/policy/overview)

0 commit comments

Comments
 (0)