You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/machine-learning/how-to-prevent-data-loss-exfiltration.md
+12-7Lines changed: 12 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -92,11 +92,16 @@ Select the configuration that you're using:
92
92
93
93
# [Service tag/NSG](#tab/servicetag)
94
94
95
-
__Allow__ outbound traffic over __ANY port 443__to the following __service tags__. Replace `<region>` with the Azure region that contains your compute cluster or instance:
95
+
__Allow__ outbound traffic to the following __service tags__. Replace `<region>` with the Azure region that contains your compute cluster or instance:
96
96
97
-
*`BatchNodeManagement.<region>`
98
-
*`AzureMachineLearning`
99
-
*`Storage.<region>` - A Service Endpoint Policy will be applied in a later step to limit outbound traffic.
97
+
| Service tag | Protocol | Port |
98
+
| ----- | ----- | ----- |
99
+
|`BatchNodeManagement.<region>`| ANY | 443 |
100
+
|`AzureMachineLearning`| TCP | 443 |
101
+
|`Storage.<region>`| TCP | 443 |
102
+
103
+
> [!NOTE]
104
+
> For the storage outbound, a Service Endpoint Policy will be applied in a later step to limit outbound traffic.
100
105
101
106
# [Firewall](#tab/firewall)
102
107
@@ -106,7 +111,7 @@ __Allow__ outbound traffic over __ANY port 443__ to the following FQDNs. Replace
106
111
*`<region>.service.batch.com`
107
112
108
113
> [!WARNING]
109
-
> If you enable the service endpoint on the subnet used by your firewall, you must open outbound traffic to the following hosts:
114
+
> If you enable the service endpoint on the subnet used by your firewall, you must open outbound traffic to the following hosts over __TCP port 443__:
110
115
> *`*.blob.core.windows.net`
111
116
> *`*.queue.core.windows.net`
112
117
> *`*.table.core.windows.net`
@@ -138,14 +143,14 @@ When using Azure Machine Learning curated environments, make sure to use the lat
138
143
139
144
# [Service tag/NSG](#tab/servicetag)
140
145
141
-
__Allow__ outbound traffic over __ANY port 443__ to the following service tags. Replace `<region>` with the Azure region that contains your compute cluster or instance.
146
+
__Allow__ outbound traffic over __TCP port 443__ to the following service tags. Replace `<region>` with the Azure region that contains your compute cluster or instance.
142
147
143
148
*`MicrosoftContainerRegistry.<region>`
144
149
*`AzureFrontDoor.FirstParty`
145
150
146
151
# [Firewall](#tab/firewall)
147
152
148
-
__Allow__ outbound traffic over __ANY port 443__ to the following FQDNs:
153
+
__Allow__ outbound traffic over __TCP port 443__ to the following FQDNs:
0 commit comments