Skip to content

Commit 549ca0b

Browse files
Merge pull request #228003 from Blackmist/revert-227348-conditional-access-update
Revert "conditional access update"
2 parents 28ac29a + d8020b5 commit 549ca0b

File tree

3 files changed

+9
-3
lines changed

3 files changed

+9
-3
lines changed

articles/machine-learning/how-to-integrate-azure-policy.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -54,7 +54,7 @@ You can also assign policies by using [Azure PowerShell](../governance/policy/as
5454

5555
## Conditional access policies
5656

57-
You can't use [Azure AD Conditional Access policies](/azure/active-directory/conditional-access/overview) to control access to Azure Machine Learning studio, as it's a client application. Azure Machine Learning does honor conditional access policies you may have created for other cloud apps or services. For example, when attempting to access approved apps from a Jupyter Notebook running on an Azure Machine Learning compute instance.
57+
To control who can access your Azure Machine Learning workspace, use Azure Active Directory [Conditional Access](../active-directory/conditional-access/overview.md).
5858

5959
## Enable self-service using landing zones
6060

articles/machine-learning/how-to-setup-authentication.md

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -33,6 +33,8 @@ Learn how to set up authentication to your Azure Machine Learning workspace from
3333

3434
Regardless of the authentication workflow used, Azure role-based access control (Azure RBAC) is used to scope the level of access (authorization) allowed to the resources. For example, an admin or automation process might have access to create a compute instance, but not use it, while a data scientist could use it, but not delete or create it. For more information, see [Manage access to Azure Machine Learning workspace](how-to-assign-roles.md).
3535

36+
Azure AD Conditional Access can be used to further control or restrict access to the workspace for each authentication workflow. For example, an admin can allow workspace access from managed devices only.
37+
3638
## Prerequisites
3739

3840
* Create an [Azure Machine Learning workspace](how-to-manage-workspace.md).
@@ -314,7 +316,8 @@ print(ml_client)
314316

315317
## Use Conditional Access
316318

317-
You can't use [Azure AD Conditional Access policies](/azure/active-directory/conditional-access/overview) to control access to Azure Machine Learning studio, as it's a client application. Azure Machine Learning does honor conditional access policies you may have created for other cloud apps or services. For example, when attempting to access approved apps from a Jupyter Notebook running on an Azure Machine Learning compute instance.
319+
As an administrator, you can enforce [Azure AD Conditional Access policies](../active-directory/conditional-access/overview.md) for users signing in to the workspace. For example, you
320+
can require two-factor authentication, or allow sign in only from managed devices. To use Conditional Access for Azure Machine Learning workspaces specifically, [assign the Conditional Access policy](../active-directory/conditional-access/concept-conditional-access-cloud-apps.md) to Machine Learning Cloud app.
318321

319322
## Next steps
320323

articles/machine-learning/v1/how-to-setup-authentication.md

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -33,6 +33,8 @@ Learn how to set up authentication to your Azure Machine Learning workspace. Aut
3333

3434
Regardless of the authentication workflow used, Azure role-based access control (Azure RBAC) is used to scope the level of access (authorization) allowed to the resources. For example, an admin or automation process might have access to create a compute instance, but not use it, while a data scientist could use it, but not delete or create it. For more information, see [Manage access to Azure Machine Learning workspace](../how-to-assign-roles.md).
3535

36+
Azure AD Conditional Access can be used to further control or restrict access to the workspace for each authentication workflow. For example, an admin can allow workspace access from managed devices only.
37+
3638
## Prerequisites
3739

3840
* Create an [Azure Machine Learning workspace](../how-to-manage-workspace.md).
@@ -252,7 +254,8 @@ ws = Workspace(subscription_id="your-sub-id",
252254

253255
## Use Conditional Access
254256

255-
You can't use [Azure AD Conditional Access policies](/azure/active-directory/conditional-access/overview) to control access to Azure Machine Learning studio, as it's a client application. Azure Machine Learning does honor conditional access policies you may have created for other cloud apps or services. For example, when attempting to access approved apps from a Jupyter Notebook running on an Azure Machine Learning compute instance.
257+
As an administrator, you can enforce [Azure AD Conditional Access policies](../../active-directory/conditional-access/overview.md) for users signing in to the workspace. For example, you
258+
can require two-factor authentication, or allow sign in only from managed devices. To use Conditional Access for Azure Machine Learning workspaces specifically, [assign the Conditional Access policy](../../active-directory/conditional-access/concept-conditional-access-cloud-apps.md) to Machine Learning Cloud app.
256259

257260
## Next steps
258261

0 commit comments

Comments
 (0)