Skip to content

Commit 5ed23c9

Browse files
authored
Merge pull request #209177 from Blackmist/v2-ga-identity
centralizing managed identity
2 parents 1b49cbd + 3106d42 commit 5ed23c9

13 files changed

+426
-416
lines changed

articles/machine-learning/.openpublishing.redirection.machine-learning.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,10 @@
11
{
22
"redirections": [
3-
3+
{
4+
"source_path_from_root": "/articles/machine-learning/how-to-use-managed-identities.md",
5+
"redirect_url": "/azure/machine-learning/how-to-identity-based-service-authentication",
6+
"redirect_document_id": true
7+
},
48
{
59
"source_path_from_root": "/articles/machine-learning/tutorial-convert-ml-experiment-to-production.md",
610
"redirect_url": "/azure/machine-learning/v1/how-to-convert-ml-experiment-to-production",

articles/machine-learning/concept-enterprise-security.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -58,7 +58,7 @@ We don't recommend that admins revoke the access of the managed identity to the
5858
>
5959
> If your workspace has attached AKS clusters, _and they were created before May 14th, 2021_, __do not delete this Azure AD account__. In this scenario, you must first delete and recreate the AKS cluster before you can delete the Azure AD account.
6060
61-
You can provision the workspace to use user-assigned managed identity, and grant the managed identity additional roles, for example to access your own Azure Container Registry for base Docker images. For more information, see [Use managed identities for access control](how-to-use-managed-identities.md).
61+
You can provision the workspace to use user-assigned managed identity, and grant the managed identity additional roles, for example to access your own Azure Container Registry for base Docker images. For more information, see [Use managed identities for access control](how-to-identity-based-service-authentication.md).
6262

6363
You can also configure managed identities for use with Azure Machine Learning compute cluster. This managed identity is independent of workspace managed identity. With a compute cluster, the managed identity is used to access resources such as secured datastores that the user running the training job may not have access to. For more information, see [Identity-based data access to storage services on Azure](how-to-identity-based-data-access.md).
6464

@@ -72,7 +72,7 @@ For more information, see the following articles:
7272
* [Manage access to Azure Machine Learning](how-to-assign-roles.md)
7373
* [Connect to storage services](how-to-access-data.md)
7474
* [Use Azure Key Vault for secrets when training](how-to-use-secrets-in-runs.md)
75-
* [Use Azure AD managed identity with Azure Machine Learning](how-to-use-managed-identities.md)
75+
* [Use Azure AD managed identity with Azure Machine Learning](how-to-identity-based-service-authentication.md)
7676

7777
## Network security and isolation
7878

articles/machine-learning/how-to-create-attach-compute-cluster.md

Lines changed: 2 additions & 53 deletions
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ ms.custom: devx-track-azurecli, cliv2, sdkv1, event-tier1-build-2022
1010
ms.author: sgilley
1111
author: sdgilley
1212
ms.reviewer: sgilley
13-
ms.date: 09/20/2022
13+
ms.date: 09/21/2022
1414
---
1515

1616
# Create an Azure Machine Learning compute cluster
@@ -197,58 +197,7 @@ In the studio, choose **Low Priority** when you create a VM.
197197

198198
## Set up managed identity
199199

200-
[!INCLUDE [aml-clone-in-azure-notebook](../../includes/aml-managed-identity-intro.md)]
201-
202-
# [Python SDK](#tab/python)
203-
204-
205-
# [Azure CLI](#tab/azure-cli)
206-
207-
[!INCLUDE [cli v2](../../includes/machine-learning-cli-v2.md)]
208-
209-
210-
### Create a new managed compute cluster with managed identity
211-
212-
Use this command:
213-
214-
```azurecli
215-
az ml compute create -f create-cluster.yml
216-
```
217-
218-
Where the contents of *create-cluster.yml* are as follows:
219-
220-
* User-assigned managed identity
221-
222-
:::code language="yaml" source="~/azureml-examples-main/cli/resources/compute/cluster-user-identity.yml":::
223-
224-
* System-assigned managed identity
225-
226-
:::code language="yaml" source="~/azureml-examples-main/cli/resources/compute/cluster-system-identity.yml":::
227-
228-
### Add a managed identity to an existing cluster
229-
230-
To update an existing cluster:
231-
232-
* User-assigned managed identity
233-
234-
:::code language="azurecli" source="~/azureml-examples-main/cli/deploy-mlcompute-update-to-user-identity.sh":::
235-
236-
* System-assigned managed identity
237-
238-
:::code language="azurecli" source="~/azureml-examples-main/cli/deploy-mlcompute-update-to-system-identity.sh":::
239-
240-
241-
# [Studio](#tab/azure-studio)
242-
243-
During cluster creation or when editing compute cluster details, in the **Advanced settings**, toggle **Assign a managed identity** and specify a system-assigned identity or user-assigned identity.
244-
245-
---
246-
247-
[!INCLUDE [aml-clone-in-azure-notebook](../../includes/aml-managed-identity-note.md)]
248-
249-
### Managed identity usage
250-
251-
[!INCLUDE [aml-clone-in-azure-notebook](../../includes/aml-managed-identity-default.md)]
200+
For information on how to configure a managed identity with your compute cluster, see [Set up authentication between Azure Machine Learning and other services](how-to-identity-based-service-authentication.md#compute-cluster).
252201

253202
## Troubleshooting
254203

articles/machine-learning/how-to-create-workspace-template.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -68,7 +68,7 @@ The example template has two **required** parameters:
6868
> [!TIP]
6969
> While the template associated with this document creates a new Azure Container Registry, you can also create a new workspace without creating a container registry. One will be created when you perform an operation that requires a container registry. For example, training or deploying a model.
7070
>
71-
> You can also reference an existing container registry or storage account in the Azure Resource Manager template, instead of creating a new one. When doing so, you must either [use a managed identity](how-to-use-managed-identities.md) (preview), or [enable the admin account](../container-registry/container-registry-authentication.md#admin-account) for the container registry.
71+
> You can also reference an existing container registry or storage account in the Azure Resource Manager template, instead of creating a new one. When doing so, you must either [use a managed identity](how-to-identity-based-service-authentication.md) (preview), or [enable the admin account](../container-registry/container-registry-authentication.md#admin-account) for the container registry.
7272
7373
[!INCLUDE [machine-learning-delete-acr](../../includes/machine-learning-delete-acr.md)]
7474

articles/machine-learning/how-to-identity-based-data-access.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -48,7 +48,7 @@ The same behavior applies when you:
4848
4949
### Model training on private data
5050

51-
Certain machine learning scenarios involve training models with private data. In such cases, data scientists need to run training workflows without being exposed to the confidential input data. In this scenario, a [managed identity](how-to-use-managed-identities.md) of the training compute is used for data access authentication. This approach allows storage admins to grant Storage Blob Data Reader access to the managed identity that the training compute uses to run the training job. The individual data scientists don't need to be granted access. For more information, see [Set up managed identity on a compute cluster](how-to-create-attach-compute-cluster.md#set-up-managed-identity).
51+
Certain machine learning scenarios involve training models with private data. In such cases, data scientists need to run training workflows without being exposed to the confidential input data. In this scenario, a [managed identity](how-to-identity-based-service-authentication.md) of the training compute is used for data access authentication. This approach allows storage admins to grant Storage Blob Data Reader access to the managed identity that the training compute uses to run the training job. The individual data scientists don't need to be granted access. For more information, see [Set up managed identity on a compute cluster](how-to-create-attach-compute-cluster.md#set-up-managed-identity).
5252

5353
## Prerequisites
5454

0 commit comments

Comments
 (0)