Troubleshoot Azure Machine Learning managed virtual network

This article provides information on troubleshooting common issues with Azure Machine Learning managed virtual network.

Can I still use an Azure Virtual Network?

Yes, you can still use an Azure Virtual Network for network isolation. If you're using the v2 Azure CLI and Python SDK, the process is the same as before the introduction of the managed virtual network feature. The process through the Azure portal has changed slightly.

To use an Azure Virtual Network when creating a workspace through the Azure portal, use the following steps:

1. When creating a workspace, select the Networking tag.
2. Select Private with Internet Outbound.
3. In the Workspace inbound access section, select Add and add a private endpoint for the Azure Virtual Network to use for network isolation.
4. In the Workspace Outbound access section, select Use my own virtual network.
5. Continue to create the workspace as normal.

Does not have authorization to perform action 'Microsoft.MachineLearningServices
/workspaces/privateEndpointConnections/read'

When you create a managed virtual network, the operation can fail with an error similar to the following text:

"The client '<GUID>' with object id '<GUID>' does not have authorization to perform action 'Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/read' over scope '/subscriptions/<GUID>/resourceGroups/<resource-group-name>/providers/Microsoft.MachineLearningServices/workspaces/<workspace-name>' or the scope is invalid."

This error occurs when the Azure identity used to create the managed virtual network doesn't have the following Azure role-based access control permissions:

• Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/read
• Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/write

Next steps

For more information, see Managed virtual networks.