Merge pull request #188479 from Blackmist/1917584-cli-network

adding cli v2 info

Author: denrea

articles/machine-learning/how-to-secure-workspace-vnet.md

@@ -75,7 +75,7 @@ In this article you learn how to enable the following workspaces resources in a
 
 ### Azure Container Registry
 
-When ACR is behind a virtual network, Azure Machine Learning cannot use it to directly build Docker images. Instead, the compute cluster is used to build the images.
+When ACR is behind a virtual network, Azure Machine Learning can’t use it to directly build Docker images. Instead, the compute cluster is used to build the images.
 
 > [!IMPORTANT]
 > The compute cluster used to build Docker images needs to be able to access the package repositories that are used to train and deploy your models. You may need to add network security rules that allow access to public repos, [use private Python packages](how-to-use-private-python-packages.md), or use [custom Docker images](how-to-train-with-custom-image.md) that already include the packages.
@@ -110,7 +110,7 @@ Azure Machine Learning supports storage accounts configured to use either a priv
 # [Private endpoint](#tab/pe)
 
 1. In the Azure portal, select the Azure Storage Account.
-1. Use the information in [Use private endpoints for Azure Storage](../storage/common/storage-private-endpoints.md#creating-a-private-endpoint) to add private endpoints for the following storage sub-resources:
+1. Use the information in [Use private endpoints for Azure Storage](../storage/common/storage-private-endpoints.md#creating-a-private-endpoint) to add private endpoints for the following storage resources:
 
     * **Blob**
     * **File**
@@ -122,7 +122,7 @@ Azure Machine Learning supports storage accounts configured to use either a priv
     > [!TIP]
     > When configuring a storage account that is **not** the default storage, select the **Target subresource** type that corresponds to the storage account you want to add.
 
-1. After creating the private endpoints for thee sub-resources, select the __Firewalls and virtual networks__ tab under __Networking__ for the storage account.
+1. After creating the private endpoints for the storage resources, select the __Firewalls and virtual networks__ tab under __Networking__ for the storage account.
 1. Select __Selected networks__, and then under __Resource instances__, select `Microsoft.MachineLearningServices/Workspace` as the __Resource type__. Select your workspace using __Instance name__. For more information, see [Trusted access based on system-assigned managed identity](../storage/common/storage-network-security.md#trusted-access-based-on-system-assigned-managed-identity).
 
     > [!TIP]
@@ -203,29 +203,65 @@ Azure Container Registry can be configured to use a private endpoint. Use the fo
 
 1. Find the name of the Azure Container Registry for your workspace, using one of the following methods:
 
-    __Azure portal__
+    # [Azure CLI](#tab/cli)
 
-    From the overview section of your workspace, the __Registry__ value links to the Azure Container Registry.
+    If you've [installed the Machine Learning extension v2 for Azure CLI](how-to-configure-cli.md), you can use the `az ml workspace show` command to show the workspace information.
 
-    :::image type="content" source="./media/how-to-enable-virtual-network/azure-machine-learning-container-registry.png" alt-text="Azure Container Registry for the workspace" border="true":::
+    ```azurecli-interactive
+    az ml workspace show -w yourworkspacename -g resourcegroupname --query 'container_registry'
+    ```
 
-    __Azure CLI__
+    This command returns a value similar to `"/subscriptions/{GUID}/resourceGroups/{resourcegroupname}/providers/Microsoft.ContainerRegistry/registries/{ACRname}"`. The last part of the string is the name of the Azure Container Registry for the workspace.
 
-    If you have [installed the Machine Learning extension for Azure CLI](reference-azure-machine-learning-cli.md), you can use the `az ml workspace show` command to show the workspace information.
+    # [Python SDK](#tab/python)
 
-    ```azurecli-interactive
-    az ml workspace show -w yourworkspacename -g resourcegroupname --query 'containerRegistry'
+    The following code snippet demonstrates how to get the container registry information using the [Azure Machine Learning SDK](/python/api/overview/azure/ml/):
+
+    ```python
+    from azureml.core import Workspace
+    # Load workspace from an existing config file
+    ws = Workspace.from_config()
+    # Get details on the workspace
+    details = ws.get_details()
+    # Print container registry information
+    print(details['containerRegistry'])
     ```
 
-    This command returns a value similar to `"/subscriptions/{GUID}/resourceGroups/{resourcegroupname}/providers/Microsoft.ContainerRegistry/registries/{ACRname}"`. The last part of the string is the name of the Azure Container Registry for the workspace.
+    This code returns a value similar to `"/subscriptions/{GUID}/resourceGroups/{resourcegroupname}/providers/Microsoft.ContainerRegistry/registries/{ACRname}"`. The last part of the string is the name of the Azure Container Registry for the workspace.
+
+    # [Azure portal](#tab/portal)
+
+    From the overview section of your workspace, the __Registry__ value links to the Azure Container Registry.
+
+    :::image type="content" source="./media/how-to-enable-virtual-network/azure-machine-learning-container-registry.png" alt-text="Azure Container Registry for the workspace" border="true":::
+
+    ---
 
 1. Limit access to your virtual network using the steps in [Connect privately to an Azure Container Registry](../container-registry/container-registry-private-link.md). When adding the virtual network, select the virtual network and subnet for your Azure Machine Learning resources.
 
 1. Configure the ACR for the workspace to [Allow access by trusted services](../container-registry/allow-access-trusted-services.md).
 
-1. Create an Azure Machine Learning compute cluster. This is used to build Docker images when ACR is behind a VNet. For more information, see [Create a compute cluster](how-to-create-attach-compute-cluster.md).
+1. Create an Azure Machine Learning compute cluster. This cluster is used to build Docker images when ACR is behind a VNet. For more information, see [Create a compute cluster](how-to-create-attach-compute-cluster.md).
+
+1. Use one of the following methods to configure the workspace to build Docker images using the compute cluster.
+
+    > [!IMPORTANT]
+    > When using a compute cluster for image builds, only a CPU SKU is supported.
+
+    # [Azure CLI](#tab/cli)
 
-1. Use the Azure Machine Learning Python SDK to configure the workspace to build Docker images using the compute cluster. The following code snippet demonstrates how to update the workspace to set a build compute. Replace `mycomputecluster` with the name of the cluster to use:
+    If you've [installed the Machine Learning extension v2 for Azure CLI](how-to-configure-cli.md), you can use the `az ml workspace update` command to set a build compute. In the following command, replace `myworkspace` with your workspace name, `myresourcegroup` with the resource group that contains the workspace, and `mycomputecluster` with the compute cluster name:
+
+    ```azurecli
+    az ml workspace update \
+      -n myworkspace \
+      -g myresourcegroup \
+      -i mycomputecluster
+    ```
+
+    # [Python SDK](#tab/python)
+
+    The following code snippet demonstrates how to update the workspace to set a build compute using the [Azure Machine Learning SDK](/python/api/overview/azure/ml/). Replace `mycomputecluster` with the name of the cluster to use:
 
     ```python
     from azureml.core import Workspace
@@ -236,12 +272,15 @@ Azure Container Registry can be configured to use a private endpoint. Use the fo
     # To switch back to using ACR to build (if ACR is not in the VNet):
     # ws.update(image_build_compute = '')
     ```
-
-    > [!IMPORTANT]
-    > Only AzureML Compute cluster of CPU SKU is supported for the image build on compute.
     
     For more information, see the [update()](/python/api/azureml-core/azureml.core.workspace.workspace#update-friendly-name-none--description-none--tags-none--image-build-compute-none--enable-data-actions-none-) method reference.
 
+    # [Azure portal](#tab/portal)
+
+    Currently there isn't a way to set the image build compute from the Azure portal.
+
+    ---
+
 > [!TIP]
 > When ACR is behind a VNet, you can also [disable public access](../container-registry/container-registry-access-selected-networks.md#disable-public-network-access) to it.