Skip to content

Commit b859674

Browse files
nibaccamnibaccam
committed
customer feedback
1 parent fbd2dac commit b859674

File tree

1 file changed

+7
-7
lines changed

1 file changed

+7
-7
lines changed

articles/machine-learning/how-to-identity-based-data-access.md

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -8,24 +8,25 @@ ms.topic: how-to
88
ms.author: yogipandey
99
author: ynpandey
1010
ms.reviewer: nibaccam
11-
ms.date: 10/21/2021
11+
ms.date: 01/18/2021
1212
ms.custom: contperf-fy21q1, devx-track-python, data4ml
1313

14-
# Customer intent: As an experienced Python developer, I need to make my data in Azure Storage available to my compute to train my machine learning models.
14+
# Customer intent: As an experienced Python developer, I need to make my data in Azure Storage available to my compute for training my machine learning models.
1515
---
1616

1717
# Connect to storage by using identity-based data access
1818

1919
In this article, you learn how to connect to storage services on Azure by using identity-based data access and Azure Machine Learning datastores via the [Azure Machine Learning SDK for Python](/python/api/overview/azure/ml/intro).
2020

21-
Typically, datastores use credential-based data access to confirm you have permission to access the storage service. They keep connection information, like your subscription ID and token authorization, in the [key vault](https://azure.microsoft.com/services/key-vault/) that's associated with the workspace. When you create a datastore that uses identity-based data access, your Azure account ([Azure Active Directory token](../active-directory/fundamentals/active-directory-whatis.md)) is used to confirm you have permission to access the storage service. In this scenario, no authentication credentials are saved. Only the storage account information is stored in the datastore.
21+
Typically, datastores use credential-based data access to confirm you have permission to access the storage service. They keep connection information, like your subscription ID and token authorization, in the [key vault](https://azure.microsoft.com/services/key-vault/) that's associated with the workspace. When you create a datastore that uses **identity-based data access**, your Azure account ([Azure Active Directory token](../active-directory/fundamentals/active-directory-whatis.md)) is used to confirm you have permission to access the storage service. In the **identity-based data access** scenario, no authentication credentials are saved. Only the storage account information is stored in the datastore.
2222

2323
To create datastores that use credential-based authentication, like access keys or service principals, see [Connect to storage services on Azure](how-to-access-data.md).
2424

2525
## Identity-based data access in Azure Machine Learning
2626

2727
There are two scenarios in which you can apply identity-based data access in Azure Machine Learning. These scenarios are a good fit for identity-based access when you're working with confidential data and need more granular data access management:
28-
> [!IMPORTANT]
28+
29+
> [!WARNING]
2930
> Identity-based data access is not supported for [automated ML experiments](how-to-configure-auto-train.md).
3031
3132
- Accessing storage services
@@ -49,8 +50,7 @@ The same behavior applies when you:
4950
5051
### Model training on private data
5152

52-
Certain machine learning scenarios involve training models with private data. In such cases, data scientists need to run training workflows without being exposed to the confidential input data. In this scenario, a managed identity of the training compute is used for data access authentication. This approach allows storage admins to grant Storage Blob Data Reader access to the managed identity that the training compute uses to run the training job. The individual data scientists don't need to be granted access. For more information, see [Set up managed identity on a compute cluster](how-to-create-attach-compute-cluster.md#managed-identity).
53-
53+
Certain machine learning scenarios involve training models with private data. In such cases, data scientists need to run training workflows without being exposed to the confidential input data. In this scenario, a [managed identity](how-to-use-managed-identities.md) of the training compute is used for data access authentication. This approach allows storage admins to grant Storage Blob Data Reader access to the managed identity that the training compute uses to run the training job. The individual data scientists don't need to be granted access. For more information, see [Set up managed identity on a compute cluster](how-to-create-attach-compute-cluster.md#managed-identity).
5454

5555
## Prerequisites
5656

@@ -72,7 +72,7 @@ Certain machine learning scenarios involve training models with private data. In
7272

7373
To help ensure that you securely connect to your storage service on Azure, Azure Machine Learning requires that you have permission to access the corresponding data storage.
7474

75-
Identity-based data access supports connections to only the following storage services:
75+
Identity-based data access supports connections to **only** the following storage services.
7676

7777
* Azure Blob Storage
7878
* Azure Data Lake Storage Gen1

0 commit comments

Comments
 (0)