Merge pull request #209177 from Blackmist/v2-ga-identity

centralizing managed identity

Author: 19BMG00

articles/machine-learning/.openpublishing.redirection.machine-learning.json

@@ -1,6 +1,10 @@
 {
     "redirections": [ 
-        
+    {
+        "source_path_from_root": "/articles/machine-learning/how-to-use-managed-identities.md",
+        "redirect_url": "/azure/machine-learning/how-to-identity-based-service-authentication",
+        "redirect_document_id": true
+    },
     {
         "source_path_from_root": "/articles/machine-learning/tutorial-convert-ml-experiment-to-production.md",
         "redirect_url": "/azure/machine-learning/v1/how-to-convert-ml-experiment-to-production",

articles/machine-learning/concept-enterprise-security.md

@@ -58,7 +58,7 @@ We don't recommend that admins revoke the access of the managed identity to the
 > 
 > If your workspace has attached AKS clusters, _and they were created before May 14th, 2021_, __do not delete this Azure AD account__. In this scenario, you must first delete and recreate the AKS cluster before you can delete the Azure AD account.
 
-You can provision the workspace to use user-assigned managed identity, and grant the managed identity additional roles, for example to access your own Azure Container Registry for base Docker images. For more information, see [Use managed identities for access control](how-to-use-managed-identities.md).
+You can provision the workspace to use user-assigned managed identity, and grant the managed identity additional roles, for example to access your own Azure Container Registry for base Docker images. For more information, see [Use managed identities for access control](how-to-identity-based-service-authentication.md).
 
 You can also configure managed identities for use with Azure Machine Learning compute cluster. This managed identity is independent of workspace managed identity. With a compute cluster, the managed identity is used to access resources such as secured datastores that the user running the training job may not have access to. For more information, see [Identity-based data access to storage services on Azure](how-to-identity-based-data-access.md).
 
@@ -72,7 +72,7 @@ For more information, see the following articles:
 * [Manage access to Azure Machine Learning](how-to-assign-roles.md)
 * [Connect to storage services](how-to-access-data.md)
 * [Use Azure Key Vault for secrets when training](how-to-use-secrets-in-runs.md)
-* [Use Azure AD managed identity with Azure Machine Learning](how-to-use-managed-identities.md)
+* [Use Azure AD managed identity with Azure Machine Learning](how-to-identity-based-service-authentication.md)
 
 ## Network security and isolation
 

articles/machine-learning/how-to-create-attach-compute-cluster.md

@@ -10,7 +10,7 @@ ms.custom: devx-track-azurecli, cliv2, sdkv1, event-tier1-build-2022
 ms.author: sgilley
 author: sdgilley
 ms.reviewer: sgilley
-ms.date: 09/20/2022
+ms.date: 09/21/2022
 ---
 
 # Create an Azure Machine Learning compute cluster
@@ -197,58 +197,7 @@ In the studio, choose **Low Priority** when you create a VM.
 
 ## Set up managed identity
 
-[!INCLUDE [aml-clone-in-azure-notebook](../../includes/aml-managed-identity-intro.md)]
-
-# [Python SDK](#tab/python)
-
-
-# [Azure CLI](#tab/azure-cli)
-
-[!INCLUDE [cli v2](../../includes/machine-learning-cli-v2.md)]
-
-
-### Create a new managed compute cluster with managed identity
-
-Use this command:
-
-```azurecli
-az ml compute create -f create-cluster.yml
-```
-
-Where the contents of *create-cluster.yml* are as follows: 
-
-* User-assigned managed identity
-
-    :::code language="yaml" source="~/azureml-examples-main/cli/resources/compute/cluster-user-identity.yml":::
-
-* System-assigned managed identity
-
-    :::code language="yaml" source="~/azureml-examples-main/cli/resources/compute/cluster-system-identity.yml":::
-
-### Add a managed identity to an existing cluster
-
-To update an existing cluster:
-
-* User-assigned managed identity
-
-    :::code language="azurecli" source="~/azureml-examples-main/cli/deploy-mlcompute-update-to-user-identity.sh":::
-
-* System-assigned managed identity
-
-    :::code language="azurecli" source="~/azureml-examples-main/cli/deploy-mlcompute-update-to-system-identity.sh":::
-
-
-# [Studio](#tab/azure-studio)
-
-During cluster creation or when editing compute cluster details, in the **Advanced settings**, toggle **Assign a managed identity** and specify a system-assigned identity or user-assigned identity.
-
----
-
-[!INCLUDE [aml-clone-in-azure-notebook](../../includes/aml-managed-identity-note.md)]
-
-### Managed identity usage
-
-[!INCLUDE [aml-clone-in-azure-notebook](../../includes/aml-managed-identity-default.md)]
+For information on how to configure a managed identity with your compute cluster, see [Set up authentication between Azure Machine Learning and other services](how-to-identity-based-service-authentication.md#compute-cluster).
 
 ## Troubleshooting
 

articles/machine-learning/how-to-create-workspace-template.md

@@ -68,7 +68,7 @@ The example template has two **required** parameters:
 > [!TIP]
 > While the template associated with this document creates a new Azure Container Registry, you can also create a new workspace without creating a container registry. One will be created when you perform an operation that requires a container registry. For example, training or deploying a model.
 >
-> You can also reference an existing container registry or storage account in the Azure Resource Manager template, instead of creating a new one. When doing so, you must either [use a managed identity](how-to-use-managed-identities.md) (preview), or [enable the admin account](../container-registry/container-registry-authentication.md#admin-account) for the container registry.
+> You can also reference an existing container registry or storage account in the Azure Resource Manager template, instead of creating a new one. When doing so, you must either [use a managed identity](how-to-identity-based-service-authentication.md) (preview), or [enable the admin account](../container-registry/container-registry-authentication.md#admin-account) for the container registry.
 
 [!INCLUDE [machine-learning-delete-acr](../../includes/machine-learning-delete-acr.md)]
 

articles/machine-learning/how-to-identity-based-data-access.md

@@ -48,7 +48,7 @@ The same behavior applies when you:
 
 ### Model training on private data
 
-Certain machine learning scenarios involve training models with private data. In such cases, data scientists need to run training workflows without being exposed to the confidential input data. In this scenario, a [managed identity](how-to-use-managed-identities.md) of the training compute is used for data access authentication. This approach allows storage admins to grant Storage Blob Data Reader access to the managed identity that the training compute uses to run the training job. The individual data scientists don't need to be granted access. For more information, see [Set up managed identity on a compute cluster](how-to-create-attach-compute-cluster.md#set-up-managed-identity).
+Certain machine learning scenarios involve training models with private data. In such cases, data scientists need to run training workflows without being exposed to the confidential input data. In this scenario, a [managed identity](how-to-identity-based-service-authentication.md) of the training compute is used for data access authentication. This approach allows storage admins to grant Storage Blob Data Reader access to the managed identity that the training compute uses to run the training job. The individual data scientists don't need to be granted access. For more information, see [Set up managed identity on a compute cluster](how-to-create-attach-compute-cluster.md#set-up-managed-identity).
 
 ## Prerequisites