Merge pull request #227674 from dem108/patch-16

prmerger-automator[bot] · web-flow · commit b96a017be4de · 2023-03-09T20:11:56.000Z
Remove limitation for online endpoint
diff --git a/articles/machine-learning/concept-data-encryption.md b/articles/machine-learning/concept-data-encryption.md
@@ -10,7 +10,7 @@ ms.topic: conceptual
 ms.author: jhirono
 author: jhirono
 ms.reviewer: larryfr
-ms.date: 12/20/2022
+ms.date: 03/07/2023
 ---
 
 # Data encryption with Azure Machine Learning
@@ -129,6 +129,8 @@ The OS disk for each compute node stored in Azure Storage is encrypted with Micr
 
 Each virtual machine also has a local temporary disk for OS operations. If you want, you can use the disk to stage training data. If the workspace was created with the `hbi_workspace` parameter set to `TRUE`, the temporary disk is encrypted. This environment is short-lived (only during your job,) and encryption support is limited to system-managed keys only.
 
+Managed online endpoint and batch endpoint use machine learning compute in the backend, and follows the same encryption mechanism.
+
 **Compute instance**
 The OS disk for compute instance is encrypted with Microsoft-managed keys in Azure Machine Learning storage accounts. If the workspace was created with the `hbi_workspace` parameter set to `TRUE`, the local OS and temporary disks on compute instance are encrypted with Microsoft managed keys. Customer managed key encryption is not supported for OS and temporary disks.
 
diff --git a/articles/machine-learning/how-to-setup-customer-managed-keys.md b/articles/machine-learning/how-to-setup-customer-managed-keys.md
@@ -41,7 +41,8 @@ In the [customer-managed keys concepts article](concept-customer-managed-keys.md
 * Resources managed by Microsoft in your subscription can’t transfer ownership to you.
 * You can't delete Microsoft-managed resources used for customer-managed keys without also deleting your workspace.
 * The key vault that contains your customer-managed key must be in the same Azure subscription as the Azure Machine Learning workspace.
-* Workspace with customer-managed key doesn't currently support v2 online endpoint and batch endpoint.
+* OS disk of machine learning compute can't be encrypted with customer-managed key, but can be encrypted with Microsoft-managed key if the workspace is created with `hbi_workspace` parameter set to `TRUE`. For more details, see [Data encryption](concept-data-encryption.md#machine-learning-compute).
+* Workspace with customer-managed key doesn't currently support v2 batch endpoint.
 
 > [!IMPORTANT]
 > When using a customer-managed key, the costs for your subscription will be higher because of the additional resources in your subscription. To estimate the cost, use the [Azure pricing calculator](https://azure.microsoft.com/pricing/calculator/).
