adding steps

Larry Franks · Larry Franks · commit 8cf30500c717 · 2023-02-22T10:15:13.000-05:00
diff --git a/articles/machine-learning/how-to-secure-workspace-vnet.md b/articles/machine-learning/how-to-secure-workspace-vnet.md
@@ -320,6 +320,13 @@ Azure Container Registry can be configured to use a private endpoint. Use the fo
 > [!TIP]
 > When ACR is behind a VNet, you can also [disable public access](../container-registry/container-registry-access-selected-networks.md#disable-public-network-access) to it.
 
+## Secure Azure Monitor and Application Insights
+
+To enable network isolation for Azure Monitor and the Application Insights instance for the workspace, use the following steps:
+
+1. Upgrade the Application Insights instance for your workspace. For steps on how to upgrade, see [Migrate to workspace-based Application Insights resources](/azure/azure-monitor/app/convert-classic-resource).
+1. Create an Azure Monitor Private Link Scope and add the Application Insights instance from step 1 to the scope. For steps on how to do this, see [Configure your Azure Monitor private link](/azure/azure-monitor/logs/private-link-configure).
+
 ## Securely connect to your workspace
 
 [!INCLUDE [machine-learning-connect-secure-workspace](../../includes/machine-learning-connect-secure-workspace.md)]
