Merge pull request #3136 from msakande/update-model-monitoring-article

prmerger-automator[bot] · web-flow · commit 8e23b2b908a6 · 2025-02-25T22:25:08.000Z
PM update: authentication options and network limitations
diff --git a/articles/machine-learning/concept-model-monitoring.md b/articles/machine-learning/concept-model-monitoring.md
@@ -9,7 +9,7 @@ ms.service: azure-machine-learning
 ms.subservice: mlops
 ms.reviewer: alehughes
 ms.topic: concept-article
-ms.date: 09/27/2024
+ms.date: 02/25/2025
 ms.custom: devplatv2, FY25Q1-Linter
 #Customer intent: As a data scientist, I want to understand Azure Machine Learning monitoring so I can keep my machine learning models fresh and performant.
 ---
@@ -170,6 +170,26 @@ You can use events generated by Azure Machine Learning model monitoring runs to
 
 For example, if the accuracy of your classification model in production dips below a certain threshold, you can use Event Grid to begin a retraining job that uses collected ground truth data. To learn how to integrate Azure Machine Learning with Event Grid, see [Monitor performance of models deployed to production](how-to-monitor-model-performance.md).
 
+## Model monitoring authentication options
+
+Azure Machine Learning model monitoring supports both credential-based and credential-less authentication to the datastore with the collected production inference data from your model. To configure credential-less authentication, follow these steps:
+
+1. Create a User-Assigned Managed Identity (UAMI) and attach it to your Azure Machine Learning workspace.
+1. Grant the UAMI [proper permissions](how-to-identity-based-service-authentication.md#user-assigned-managed-identity) to access your datastore.
+1. Update the value of the workspace level property `systemDatastoresAuthMode` to `'identity'`.
+
+Alternatively, you can add credentials to the datastore where your production inference data is stored.
+
+To learn more about credential-less authentication with Azure Machine Learning, see [User-assigned managed identity](how-to-identity-based-service-authentication.md#user-assigned-managed-identity).
+
+## Model monitoring limitations
+
+Azure Machine Learning model monitoring has the following limitations:
+
+- It doesn't support the `AllowOnlyApprovedOutbound` managed virtual network isolation setting. To learn more about managed virtual network isolation in Azure Machine Learning, see [Workspace Managed Virtual Network Isolation](how-to-managed-network.md).
+
+- It depends on `Spark` to compute metrics over large-scale datasets. Because `MLTable` isn't well-supported by `Spark`, it's best to avoid using `MLTable` whenever possible with model monitoring jobs. Only basic `MLTable` files have guaranteed support. For complex or custom operations, consider using the `Spark` API directly in your code.
+
 ## Related content
 
 - [Model data collection](concept-data-collection.md)
