You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
## Enable Public Access only from internet IP ranges (preview)
256
+
257
+
You can use IP network rules to allow access to your secured hub from specific public internet IP address ranges by creating IP network rules. Each Azure AI Foundry hub supports up to 200 rules. These rules grant access to specific internet-based services and on-premises networks and block general internet traffic. This feature is currently in preview.
258
+
259
+
> [!WARNING]
260
+
> * Enable your endpoint's public network access flag if you want to allow access to your endpoint from specific public internet IP address ranges.
261
+
> * You can only use IPv4 addresses.
262
+
> * If the workspace goes from __Enable from selected IPs__ to __Disabled__ or __Enabled__, the IP ranges will be reset.
263
+
264
+
# [Portal](#tab/azure-portal)
265
+
266
+
1. From the [Azure portal](https://portal.azure.com), select your Azure Machine AI Foundry hub.
267
+
1. From the left side of the page, select __Networking__ and then select the __Public access__ tab.
268
+
1. Select __Enabled from selected IP addresses__, input address ranges and then select __Save__.
269
+
270
+
<!-- :::image type="content" source="./media/how-to-configure-private-link/workspace-public-access-ip-ranges.png" alt-text="Screenshot of the UI to enable access from internet IP ranges."::: -->
271
+
272
+
# [Azure CLI](#tab/cli)
273
+
274
+
Use the `az ml workspace update` Azure CLI command to manage public access from an IP address or address range:
275
+
276
+
> [!TIP]
277
+
> The configurations for the selected IP addresses are stored in the hub's properties, under `network_acls`:
278
+
> ```yml
279
+
> name: sample_hub
280
+
> location: centraluseuap
281
+
> display_name: sample hub
282
+
> description: desc
283
+
> public_network_access: enabled
284
+
> network_acls:
285
+
> ip_rules:
286
+
> value: "X.X.X.X/X"
287
+
> value: "X.X.X.X"
288
+
> default_action: Deny
289
+
> ```
290
+
291
+
1. Disabled:
292
+
`az ml workspace update -n test-ws -g test-rg --public-network-access Disabled`
You can also use the [Workspace](/python/api/azure-ai-ml/azure.ai.ml.entities.workspace) class from the Azure Machine Learning [Python SDK](/python/api/azure-ai-ml/azure.ai.ml.entities.networkacls) to define which IP addresses are allowed inbound access:
301
+
302
+
```python
303
+
class Workspace(Resource):
304
+
"""Azure ML workspace.
305
+
:param public_network_access: Whether to allow public endpoint connectivity
306
+
when a workspace is private link enabled.
307
+
:type public_network_access: str
308
+
:param network_acls: The network access control list (ACL) settings of the workspace.
The following restrictions apply to IP address ranges:
321
+
322
+
- IP network rules are allowed only for _public internet_ IP addresses.
323
+
324
+
[Reserved IP address ranges](https://en.wikipedia.org/wiki/Reserved_IP_addresses) aren't allowed in IP rules such as private addresses that start with 10, 172.16 to 172.31, and 192.168.
325
+
326
+
- You must provide allowed internet address ranges by using [CIDR notation](https://tools.ietf.org/html/rfc4632) in the form 16.17.18.0/24 or as individual IP addresses like 16.17.18.19.
327
+
328
+
- Only IPv4 addresses are supported for configuration of storage firewall rules.
329
+
330
+
- When this feature is enabled, you can test public endpoints using any client tool such as Curl, but the Endpoint Test tool in the portal isn't supported.
331
+
332
+
- You can only set the IP addresses for the AI Foundry hub after the hub has been created.
333
+
257
334
## Private storage configuration
258
335
259
336
If your storage account is private (uses a private endpoint to communicate with your project), you perform the following steps:
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments