Skip to content

Commit 119a825

Browse files
deeikeledeeikele
authored
describe networking controls
1 parent f68e9e9 commit 119a825

File tree

1 file changed

+3
-1
lines changed

1 file changed

+3
-1
lines changed

articles/machine-learning/concept-customer-managed-keys.md

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -51,7 +51,7 @@ In addition to customer-managed keys, Azure Machine Learning also provides a [hb
5151

5252
## How and what workspace metadata is stored
5353

54-
When you bring your own encryption key, service metadata will be stored on dedicated resources in your Azure subscription. Microsoft creates a seperate resource group in your subscription for this named *"azureml-rg-workspacename_GUID"*. Resource in this managed resource group can only be modified by Microsoft. Additional networking controls are configured when you create a private link endpoint on your workspace.
54+
When you bring your own encryption key, service metadata will be stored on dedicated resources in your Azure subscription. Microsoft creates a seperate resource group in your subscription for this named *"azureml-rg-workspacename_GUID"*. Resource in this managed resource group can only be modified by Microsoft.
5555

5656
The following resources are created and store metadata for your workspace:
5757

@@ -65,6 +65,8 @@ From a data lifecyle management point of view, data in the above resources are c
6565

6666
Your Azure Machine Learning workspace reads and writes data using its managed identity. This identity is granted access to the resources using a role assignment (Azure role-based access control) on the data resources. The encryption key you provide is used to encrypt data that is stored on Microsoft-managed resources. It's also used to create indices for Azure AI Search, which are created at runtime.
6767

68+
Additional networking controls are configured when you create a private link endpoint on your workspace to allow for inbound connectivity. In this configuration, a private link endpoint connection will be created to the CosmosDB instance and network access will be restricted to only trusted Microsoft services.
69+
6870
## Customer-managed keys
6971

7072
When you __don't use a customer-managed key__, Microsoft creates and manages these resources in a Microsoft owned Azure subscription and uses a Microsoft-managed key to encrypt the data.

0 commit comments

Comments
 (0)