adding Protocol column to Public internet access table

Author: msakande

includes/machine-learning-public-internet-access.md

@@ -10,22 +10,22 @@ ms.author: larryfr
 ms.custom: include file
 ---
 
-Azure Machine Learning requires both inbound and outbound access to the public internet. The following tables provide an overview of what access is required and what it is for. The __protocol__ for all items is __TCP__. For service tags that end in `.region`, replace `region` with the Azure region that contains your workspace. For example, `Storage.westus`:
+Azure Machine Learning requires both inbound and outbound access to the public internet. The following tables provide an overview of what access is required and what purpose it serves. For service tags that end in `.region`, replace `region` with the Azure region that contains your workspace. For example, `Storage.westus`:
 
-| Direction | Ports | Service tag | Purpose |
+| Direction | Ports | Service tag | Protocol | Purpose |
 | ----- |:-----:| ----- | ----- |
-| Inbound | 29876-29877 | BatchNodeManagement | Create, update, and delete of Azure Machine Learning compute instance and compute cluster. It isn't required if you use No Public IP option.|
-| Inbound | 44224 | AzureMachineLearning | Create, update, and delete of Azure Machine Learning compute instance. It isn't required if you use No Public IP option.|
-| Outbound | 80, 443 | AzureActiveDirectory | Authentication using Azure AD. |
-| Outbound | 443, 8787, 18881 | AzureMachineLearning | Using Azure Machine Learning services. |
-| Outbound | 443 | BatchNodeManagement.region | Communication with Azure Batch back-end for computes. Replace `region` with the Azure region of your workspace. |
-| Outbound | 443 | AzureResourceManager | Creation of Azure resources with Azure Machine Learning. |
-| Outbound | 443, 445 (*)| Storage.region | Access data stored in the Azure Storage Account for compute cluster and compute instance. This outbound can be used to exfiltrate data. For more information, see [Data exfiltration protection](../articles/machine-learning/how-to-prevent-data-loss-exfiltration.md).<br>(*) 445 is only required if you have a firewall between your virtual network for Azure ML and a private endpoint for your storage accounts.|
-| Outbound | 443 | AzureFrontDoor.FrontEnd</br>* Not needed in Azure China. | Global entry point for [Azure Machine Learning studio](https://ml.azure.com). Store images and environments for AutoML. |
-| Outbound | 443 | MicrosoftContainerRegistry.region</br>**Note** that this  tag has a dependency on the **AzureFrontDoor.FirstParty** tag | Access docker images provided by Microsoft. Setup of the Azure Machine Learning router for Azure Kubernetes Service. |
-| Outbound | 443 | AzureMonitor | Used to log monitoring and metrics to App Insights and Azure Monitor. |
-| Outbound | 443 | Keyvault.region | Access the key vault for the Azure Batch service. Only needed if your workspace was created with the [hbi_workspace](/python/api/azureml-core/azureml.core.workspace%28class%29#create-name--auth-none--subscription-id-none--resource-group-none--location-none--create-resource-group-true--sku--basic---friendly-name-none--storage-account-none--key-vault-none--app-insights-none--container-registry-none--cmk-keyvault-none--resource-cmk-uri-none--hbi-workspace-false--default-cpu-compute-target-none--default-gpu-compute-target-none--exist-ok-false--show-output-true-) flag enabled. |
-| Outbound | 5831 | AzureMachineLearning | Communication with Azure Machine Learning for compute instances. |
+| Inbound | 29876-29877 | BatchNodeManagement | TCP | Create, update, and delete of Azure Machine Learning compute instance and compute cluster. It isn't required if you use No Public IP option.|
+| Inbound | 44224 | AzureMachineLearning | TCP | Create, update, and delete of Azure Machine Learning compute instance. It isn't required if you use No Public IP option.|
+| Outbound | 80, 443 | AzureActiveDirectory | TCP | Authentication using Azure AD. |
+| Outbound | 443, 8787, 18881 | AzureMachineLearning | TCP | Using Azure Machine Learning services. |
+| Outbound | 443 | BatchNodeManagement.region | TCP | Communication with Azure Batch back-end for computes. Replace `region` with the Azure region of your workspace. |
+| Outbound | 443 | AzureResourceManager | TCP | Creation of Azure resources with Azure Machine Learning. |
+| Outbound | 443, 445 (*)| Storage.region | TCP | Access data stored in the Azure Storage Account for compute cluster and compute instance. This outbound can be used to exfiltrate data. For more information, see [Data exfiltration protection](../articles/machine-learning/how-to-prevent-data-loss-exfiltration.md).<br>(*) 445 is only required if you have a firewall between your virtual network for Azure ML and a private endpoint for your storage accounts.|
+| Outbound | 443 | AzureFrontDoor.FrontEnd</br>* Not needed in Azure China. | TCP | Global entry point for [Azure Machine Learning studio](https://ml.azure.com). Store images and environments for AutoML. |
+| Outbound | 443 | MicrosoftContainerRegistry.region</br>**Note** that this  tag has a dependency on the **AzureFrontDoor.FirstParty** tag | TCP | Access docker images provided by Microsoft. Setup of the Azure Machine Learning router for Azure Kubernetes Service. |
+| Outbound | 443 | AzureMonitor | TCP | Used to log monitoring and metrics to App Insights and Azure Monitor. |
+| Outbound | 443 | Keyvault.region | TCP | Access the key vault for the Azure Batch service. Only needed if your workspace was created with the [hbi_workspace](/python/api/azureml-core/azureml.core.workspace%28class%29#create-name--auth-none--subscription-id-none--resource-group-none--location-none--create-resource-group-true--sku--basic---friendly-name-none--storage-account-none--key-vault-none--app-insights-none--container-registry-none--cmk-keyvault-none--resource-cmk-uri-none--hbi-workspace-false--default-cpu-compute-target-none--default-gpu-compute-target-none--exist-ok-false--show-output-true-) flag enabled. |
+| Outbound | 5831 | AzureMachineLearning | UDP | Communication with Azure Machine Learning for compute instances. |
 
 > [!TIP]
 > If you need the IP addresses instead of service tags, use one of the following options: