Skip to content

Commit 6e43e85

Browse files
author
Larry Franks
committed
incorporating feedback
1 parent 7388c93 commit 6e43e85

File tree

2 files changed

+5
-5
lines changed

2 files changed

+5
-5
lines changed

articles/machine-learning/how-to-network-security-overview.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -79,7 +79,7 @@ The next sections show you how to secure the network scenario described above. T
7979
## Public workspace and secured resources
8080

8181
> [!IMPORTANT]
82-
> While this is a supported configuration for Azure Machine Learning, Microsoft doesn't recommend it. You should verify this configuration with your security team before using it in production.
82+
> While this is a supported configuration for Azure Machine Learning, Microsoft doesn't recommend. The data in the Azure Storage Account behind the virtual network can be exposed on the public workspace. You should verify this configuration with your security team before using it in production.
8383
8484
If you want to access the workspace over the public internet while keeping all the associated resources secured in a virtual network, use the following steps:
8585

@@ -213,7 +213,7 @@ Microsoft Sentinel is a security solution that can integrate with Azure Machine
213213

214214
### Public access
215215

216-
Microsoft Sentinel can automatically create a workspace for you if you are OK with a public endpoint. In this configuration, the security operations center (SOC) analysts and system administrators connect to notebooks in your workspace through Sentinel.
216+
Microsoft Sentinel can automatically create a workspace for you if you're OK with a public endpoint. In this configuration, the security operations center (SOC) analysts and system administrators connect to notebooks in your workspace through Sentinel.
217217

218218
For information on this process, see [Create an Azure Machine Learning workspace from Microsoft Sentinel](../sentinel/notebooks-hunt.md?tabs=public-endpoint#create-an-azure-ml-workspace-from-microsoft-sentinel)
219219

articles/machine-learning/how-to-secure-workspace-vnet.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -80,7 +80,7 @@ In this article you learn how to enable the following workspaces resources in a
8080

8181
### Azure Container Instances
8282

83-
When your Azure Machine Learning workspace is configured with a private endpoint, deploying to Azure Container Instances in a VNet is not supported. Instead, consider using a [Managed online endpoint with network isolation](how-to-secure-online-endpoint.md).
83+
When your Azure Machine Learning workspace is configured with a private endpoint, deploying to Azure Container Instances in a VNet isn't supported. Instead, consider using a [Managed online endpoint with network isolation](how-to-secure-online-endpoint.md).
8484

8585
### Azure Container Registry
8686

@@ -216,7 +216,7 @@ Azure Container Registry can be configured to use a private endpoint. Use the fo
216216

217217
[!INCLUDE [cli v2](../../includes/machine-learning-cli-v2.md)]
218218

219-
If you've [installed the Machine Learning extension v2 for Azure CLI](how-to-configure-cli.md), you can use the `az ml workspace show` command to show the workspace information. The v1 extension does not return this information.
219+
If you've [installed the Machine Learning extension v2 for Azure CLI](how-to-configure-cli.md), you can use the `az ml workspace show` command to show the workspace information. The v1 extension doesn't return this information.
220220

221221
```azurecli-interactive
222222
az ml workspace show -n yourworkspacename -g resourcegroupname --query 'container_registry'
@@ -349,7 +349,7 @@ In some cases, you may need to allow access to the workspace from the public net
349349
To enable public network access to the workspace, use the following steps:
350350
351351
1. [Enable public access](how-to-configure-private-link.md#enable-public-access) to the workspace after configuring the workspace's private endpoint.
352-
1. [Configure the Azure Storage firewall](../storage/common/storage-network-security.md?toc=%2fazure%2fstorage%2fblobs%2ftoc.json#grant-access-from-an-internet-ip-range) to allow communication with the IP address of clients that connect over the public internet. You may need to change the allowed IP address if the clients don't have a static IP. For example, if one of your Data Scientists is traveling and using the WIFI connection from a hotel.
352+
1. [Configure the Azure Storage firewall](../storage/common/storage-network-security.md?toc=%2fazure%2fstorage%2fblobs%2ftoc.json#grant-access-from-an-internet-ip-range) to allow communication with the IP address of clients that connect over the public internet. You may need to change the allowed IP address if the clients don't have a static IP. For example, if one of your Data Scientists is working from home and can't establish a VPN connection to the VNet.
353353
354354
## Next steps
355355

0 commit comments

Comments
 (0)