Merge pull request #227199 from Blackmist/revert-227027-conditional-access

prmerger-automator[bot] · web-flow · commit a0a66701fe07 · 2023-02-13T21:00:14.000Z
Revert "Flagging as unsupported"
diff --git a/articles/machine-learning/how-to-integrate-azure-policy.md b/articles/machine-learning/how-to-integrate-azure-policy.md
@@ -54,8 +54,10 @@ You can also assign policies by using [Azure PowerShell](../governance/policy/as
 
 ## Conditional access policies
 
+To control who can access your Azure Machine Learning workspace, use Azure Active Directory [Conditional Access](../active-directory/conditional-access/overview.md).
+
 > [!IMPORTANT]
-> [Azure AD Conditional Access](/azure/active-directory/conditional-access/overview) is __not__ supported with Azure Machine Learning.
+> Azure Machine Learning studio cannot be added in cloud apps in Azure AD Conditional Access, as the studio UI is a client application.
 
 ## Enable self-service using landing zones
 
diff --git a/articles/machine-learning/how-to-setup-authentication.md b/articles/machine-learning/how-to-setup-authentication.md
@@ -33,6 +33,8 @@ Learn how to set up authentication to your Azure Machine Learning workspace from
 
 Regardless of the authentication workflow used, Azure role-based access control (Azure RBAC) is used to scope the level of access (authorization) allowed to the resources. For example, an admin or automation process might have access to create a compute instance, but not use it, while a data scientist could use it, but not delete or create it. For more information, see [Manage access to Azure Machine Learning workspace](how-to-assign-roles.md).
 
+Azure AD Conditional Access can be used to further control or restrict access to the workspace for each authentication workflow. For example, an admin can allow workspace access from managed devices only.
+
 ## Prerequisites
 
 * Create an [Azure Machine Learning workspace](how-to-manage-workspace.md).
@@ -314,8 +316,11 @@ print(ml_client)
 
 ## Use Conditional Access
 
+As an administrator, you can enforce [Azure AD Conditional Access policies](../active-directory/conditional-access/overview.md) for users signing in to the workspace. For example, you 
+can require two-factor authentication, or allow sign in only from managed devices. To use Conditional Access for Azure Machine Learning workspaces specifically, [assign the Conditional Access policy](../active-directory/conditional-access/concept-conditional-access-cloud-apps.md) to Machine Learning Cloud app.
+
 > [!IMPORTANT]
-> [Azure AD Conditional Access](/azure/active-directory/conditional-access/overview) is __not__ supported with Azure Machine Learning.
+> Azure Machine Learning studio cannot be added in cloud apps in Azure AD Conditional Access, as the studio UI is a client application.
 
 ## Next steps
 
diff --git a/articles/machine-learning/v1/how-to-setup-authentication.md b/articles/machine-learning/v1/how-to-setup-authentication.md
@@ -33,6 +33,8 @@ Learn how to set up authentication to your Azure Machine Learning workspace. Aut
 
 Regardless of the authentication workflow used, Azure role-based access control (Azure RBAC) is used to scope the level of access (authorization) allowed to the resources. For example, an admin or automation process might have access to create a compute instance, but not use it, while a data scientist could use it, but not delete or create it. For more information, see [Manage access to Azure Machine Learning workspace](../how-to-assign-roles.md).
 
+Azure AD Conditional Access can be used to further control or restrict access to the workspace for each authentication workflow. For example, an admin can allow workspace access from managed devices only.
+
 ## Prerequisites
 
 * Create an [Azure Machine Learning workspace](../how-to-manage-workspace.md).
@@ -252,8 +254,11 @@ ws = Workspace(subscription_id="your-sub-id",
 
 ## Use Conditional Access
 
+As an administrator, you can enforce [Azure AD Conditional Access policies](../../active-directory/conditional-access/overview.md) for users signing in to the workspace. For example, you 
+can require two-factor authentication, or allow sign in only from managed devices. To use Conditional Access for Azure Machine Learning workspaces specifically, [assign the Conditional Access policy](../../active-directory/conditional-access/concept-conditional-access-cloud-apps.md) to Machine Learning Cloud app.
+
 > [!IMPORTANT]
-> [Azure AD Conditional Access](/azure/active-directory/conditional-access/overview) is __not__ supported with Azure Machine Learning.
+> Azure Machine Learning studio cannot be added in cloud apps in Azure AD Conditional Access, as the studio UI is a client application.
 
 ## Next steps
 
