Skip to content

Commit d0d8708

Browse files
prmerger-automator[bot]prmerger-automator[bot]
authored
Merge pull request #251429 from cloga/lochen-private-storage
Lochen private storage
2 parents 7a9969b + d6e9610 commit d0d8708

File tree

1 file changed

+9
-0
lines changed

1 file changed

+9
-0
lines changed

articles/machine-learning/prompt-flow/how-to-secure-prompt-flow.md

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,7 @@ When you're developing your LLM application using prompt flow, you may want a se
3131
- Endpoint: you may want to limit Azure services or IP address to access your endpoint.
3232
- Related Azure Cognitive Services as such Azure OpenAI, Azure content safety and Azure cognitive search, you can use network config to make them as private then using private endpoint to let Azure Machine Learning services communicate with them.
3333
- Other non Azure resources such as SerpAPI, pinecone etc. If you have strict outbound rule, you need add FQDN rule to access them.
34+
3435
## Secure prompt flow with workspace managed virtual network
3536

3637
Workspace managed virtual network is the recommended way to support network isolation in prompt flow. It provides easily configuration to secure your workspace. After you enable managed virtual network in the workspace level, resources related to workspace in the same virtual network, will use the same network setting in the workspace level. You can also configure the workspace to use private endpoint to access other Azure resources such as Azure OpenAI, Azure content safety, and Azure cognitive search. You also can configure FQDN rule to approve outbound to non-Azure resources use by your prompt flow such as OpenAI, Pinecone etc.
@@ -65,6 +66,14 @@ Workspace managed virtual network is the recommended way to support network isol
6566
- Workspace hub / lean workspace and AI studio don't support bring your own virtual network.
6667
- Managed online endpoint only supports workspace managed virtual network. If you want to use your own virtual network, you may need one workspace for prompt flow authoring with your virtual network and another workspace for prompt flow deployment using managed online endpoint with workspace managed virtual network.
6768
69+
## FAQ
70+
71+
### Why I can't create or upgrade my flow when I disable public network access of storage account?
72+
Prompt flow rely on fileshare to store snapshot of flow. Prompt flow didn't support private storage account now. Here are some workarounds you can try:
73+
- Make the storage account as public access enabled if there is no security concern.
74+
- If you are only use UI to authoring promptflow, you can add following flights (flight=PromptFlowCodeFirst=false) to use our old UI.
75+
- You can use our CLI/SDK to authoring promptflow, CLI/SDK authong didn't rely on fileshare. See [Integrate Prompt Flow with LLM-based application DevOps ](how-to-integrate-with-llm-app-devops.md).
76+
6877
## Next steps
6978

7079
- [Secure workspace resources](../how-to-secure-workspace-vnet.md)

0 commit comments

Comments
 (0)