Microsoft.MachineLearningServices workspaces 2021-04-01
- Latest
- 2024-07-01-preview
- 2024-04-01
- 2024-04-01-preview
- 2024-01-01-preview
- 2023-10-01
- 2023-08-01-preview
- 2023-06-01-preview
- 2023-04-01
- 2023-04-01-preview
- 2023-02-01-preview
- 2022-12-01-preview
- 2022-10-01
- 2022-10-01-preview
- 2022-06-01-preview
- 2022-05-01
- 2022-02-01-preview
- 2022-01-01-preview
- 2021-07-01
- 2021-04-01
- 2021-03-01-preview
- 2021-01-01
- 2020-09-01-preview
- 2020-08-01
- 2020-06-01
- 2020-05-15-preview
- 2020-05-01-preview
- 2020-04-01
- 2020-03-01
- 2020-02-18-preview
- 2020-01-01
- 2019-11-01
- 2019-06-01
- 2019-05-01
- 2018-11-19
- 2018-03-01-preview
Bicep resource definition
The workspaces resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.MachineLearningServices/workspaces resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.MachineLearningServices/workspaces@2021-04-01' = {
name: 'string'
location: 'string'
tags: {
tagName1: 'tagValue1'
tagName2: 'tagValue2'
}
sku: {
name: 'string'
tier: 'string'
}
identity: {
type: 'string'
userAssignedIdentities: {
{customized property}: {}
}
}
properties: {
allowPublicAccessWhenBehindVnet: bool
applicationInsights: 'string'
containerRegistry: 'string'
description: 'string'
discoveryUrl: 'string'
encryption: {
identity: {
userAssignedIdentity: 'string'
}
keyVaultProperties: {
identityClientId: 'string'
keyIdentifier: 'string'
keyVaultArmId: 'string'
}
status: 'string'
}
friendlyName: 'string'
hbiWorkspace: bool
imageBuildCompute: 'string'
keyVault: 'string'
primaryUserAssignedIdentity: 'string'
serviceManagedResourcesSettings: {
cosmosDb: {
collectionsThroughput: int
}
}
sharedPrivateLinkResources: [
{
name: 'string'
properties: {
groupId: 'string'
privateLinkResourceId: 'string'
requestMessage: 'string'
status: 'string'
}
}
]
storageAccount: 'string'
}
}
Property values
workspaces
Name | Description | Value |
---|---|---|
name | The resource name | string (required) Character limit: 3-33 Valid characters: Alphanumerics, hyphens, and underscores. |
location | Specifies the location of the resource. | string |
tags | Contains resource tags defined as key/value pairs. | Dictionary of tag names and values. See Tags in templates |
sku | The sku of the workspace. | Sku |
identity | The identity of the resource. | Identity |
properties | The properties of the machine learning workspace. | WorkspaceProperties |
Identity
Name | Description | Value |
---|---|---|
type | The identity type. | 'None' 'SystemAssigned' 'SystemAssigned,UserAssigned' 'UserAssigned' |
userAssignedIdentities | The user assigned identities associated with the resource. | UserAssignedIdentities |
UserAssignedIdentities
Name | Description | Value |
---|---|---|
{customized property} | UserAssignedIdentity |
UserAssignedIdentity
This object doesn't contain any properties to set during deployment. All properties are ReadOnly.
WorkspaceProperties
Name | Description | Value |
---|---|---|
allowPublicAccessWhenBehindVnet | The flag to indicate whether to allow public access when behind VNet. | bool |
applicationInsights | ARM id of the application insights associated with this workspace. This cannot be changed once the workspace has been created | string |
containerRegistry | ARM id of the container registry associated with this workspace. This cannot be changed once the workspace has been created | string |
description | The description of this workspace. | string |
discoveryUrl | Url for the discovery service to identify regional endpoints for machine learning experimentation services | string |
encryption | The encryption settings of Azure ML workspace. | EncryptionProperty |
friendlyName | The friendly name for this workspace. This name in mutable | string |
hbiWorkspace | The flag to signal HBI data in the workspace and reduce diagnostic data collected by the service | bool |
imageBuildCompute | The compute name for image build | string |
keyVault | ARM id of the key vault associated with this workspace. This cannot be changed once the workspace has been created | string |
primaryUserAssignedIdentity | The user assigned identity resource id that represents the workspace identity. | string |
serviceManagedResourcesSettings | The service managed resource settings. | ServiceManagedResourcesSettings |
sharedPrivateLinkResources | The list of shared private link resources in this workspace. | SharedPrivateLinkResource[] |
storageAccount | ARM id of the storage account associated with this workspace. This cannot be changed once the workspace has been created | string |
EncryptionProperty
Name | Description | Value |
---|---|---|
identity | The identity that will be used to access the key vault for encryption at rest. | IdentityForCmk |
keyVaultProperties | Customer Key vault properties. | KeyVaultProperties (required) |
status | Indicates whether or not the encryption is enabled for the workspace. | 'Disabled' 'Enabled' (required) |
IdentityForCmk
Name | Description | Value |
---|---|---|
userAssignedIdentity | The ArmId of the user assigned identity that will be used to access the customer managed key vault | string |
KeyVaultProperties
Name | Description | Value |
---|---|---|
identityClientId | For future use - The client id of the identity which will be used to access key vault. | string |
keyIdentifier | Key vault uri to access the encryption key. | string (required) |
keyVaultArmId | The ArmId of the keyVault where the customer owned encryption key is present. | string (required) |
ServiceManagedResourcesSettings
Name | Description | Value |
---|---|---|
cosmosDb | The settings for the service managed cosmosdb account. | CosmosDbSettings |
CosmosDbSettings
Name | Description | Value |
---|---|---|
collectionsThroughput | The throughput of the collections in cosmosdb database | int |
SharedPrivateLinkResource
Name | Description | Value |
---|---|---|
name | Unique name of the private link. | string |
properties | Resource properties. | SharedPrivateLinkResourceProperty |
SharedPrivateLinkResourceProperty
Name | Description | Value |
---|---|---|
groupId | The private link resource group id. | string |
privateLinkResourceId | The resource id that private link links to. | string |
requestMessage | Request message. | string |
status | Indicates whether the connection has been Approved/Rejected/Removed by the owner of the service. | 'Approved' 'Disconnected' 'Pending' 'Rejected' 'Timeout' |
Sku
Name | Description | Value |
---|---|---|
name | Name of the sku | string |
tier | Tier of the sku like Basic or Enterprise | string |
Quickstart templates
The following quickstart templates deploy this resource type.
Template | Description |
---|---|
Azure Machine Learning Workspace |
This template creates a new Azure Machine Learning Workspace, along with an encrypted Storage Account, KeyVault and Applications Insights Logging |
Azure AI Studio basic setup |
This set of templates demonstrates how to set up Azure AI Studio with the basic setup, meaning with public internet access enabled, Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. |
Azure AI Studio basic setup |
This set of templates demonstrates how to set up Azure AI Studio with the basic setup, meaning with public internet access enabled, Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. |
Azure AI Studio with Microsoft Entra ID Authentication |
This set of templates demonstrates how to set up Azure AI Studio with Microsoft Entra ID authentication for dependent resources, such as Azure AI Services and Azure Storage. |
Azure AI Studio Network Restricted |
This set of templates demonstrates how to set up Azure AI Studio with private link and egress disabled, using Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. |
Create AML workspace with multiple Datasets & Datastores |
This template creates Azure Machine Learning workspace with multiple datasets & datastores. |
Azure Machine Learning end-to-end secure setup |
This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster. |
Azure Machine Learning end-to-end secure setup (legacy) |
This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster. |
Azure AI Studio Network Restricted |
This set of templates demonstrates how to set up Azure AI Studio with private link and egress disabled, using Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. |
Create an AKS compute target with a Private IP address |
This template creates an AKS compute target in given Azure Machine Learning service workspace with a private IP address. |
Create an Azure Machine Learning service workspace |
This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the minimal set of resources you require to get started with Azure Machine Learning. |
Create an Azure Machine Learning service workspace (CMK) |
This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. The example shows how to configure Azure Machine Learning for encryption with a customer-managed encryption key. |
Create an Azure Machine Learning service workspace (CMK) |
This deployment template specifies how to create an Azure Machine Learning workspace with service-side encryption using your encryption keys. |
Create an Azure Machine Learning service workspace (vnet) |
This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the set of resources you require to get started with Azure Machine Learning in a network isolated set up. |
Create an Azure Machine Learning service workspace (legacy) |
This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the set of resources you require to get started with Azure Machine Learning in a network isolated set up. |
ARM template resource definition
The workspaces resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.MachineLearningServices/workspaces resource, add the following JSON to your template.
{
"type": "Microsoft.MachineLearningServices/workspaces",
"apiVersion": "2021-04-01",
"name": "string",
"location": "string",
"tags": {
"tagName1": "tagValue1",
"tagName2": "tagValue2"
},
"sku": {
"name": "string",
"tier": "string"
},
"identity": {
"type": "string",
"userAssignedIdentities": {
"{customized property}": {}
}
},
"properties": {
"allowPublicAccessWhenBehindVnet": "bool",
"applicationInsights": "string",
"containerRegistry": "string",
"description": "string",
"discoveryUrl": "string",
"encryption": {
"identity": {
"userAssignedIdentity": "string"
},
"keyVaultProperties": {
"identityClientId": "string",
"keyIdentifier": "string",
"keyVaultArmId": "string"
},
"status": "string"
},
"friendlyName": "string",
"hbiWorkspace": "bool",
"imageBuildCompute": "string",
"keyVault": "string",
"primaryUserAssignedIdentity": "string",
"serviceManagedResourcesSettings": {
"cosmosDb": {
"collectionsThroughput": "int"
}
},
"sharedPrivateLinkResources": [
{
"name": "string",
"properties": {
"groupId": "string",
"privateLinkResourceId": "string",
"requestMessage": "string",
"status": "string"
}
}
],
"storageAccount": "string"
}
}
Property values
workspaces
Name | Description | Value |
---|---|---|
type | The resource type | 'Microsoft.MachineLearningServices/workspaces' |
apiVersion | The resource api version | '2021-04-01' |
name | The resource name | string (required) Character limit: 3-33 Valid characters: Alphanumerics, hyphens, and underscores. |
location | Specifies the location of the resource. | string |
tags | Contains resource tags defined as key/value pairs. | Dictionary of tag names and values. See Tags in templates |
sku | The sku of the workspace. | Sku |
identity | The identity of the resource. | Identity |
properties | The properties of the machine learning workspace. | WorkspaceProperties |
Identity
Name | Description | Value |
---|---|---|
type | The identity type. | 'None' 'SystemAssigned' 'SystemAssigned,UserAssigned' 'UserAssigned' |
userAssignedIdentities | The user assigned identities associated with the resource. | UserAssignedIdentities |
UserAssignedIdentities
Name | Description | Value |
---|---|---|
{customized property} | UserAssignedIdentity |
UserAssignedIdentity
This object doesn't contain any properties to set during deployment. All properties are ReadOnly.
WorkspaceProperties
Name | Description | Value |
---|---|---|
allowPublicAccessWhenBehindVnet | The flag to indicate whether to allow public access when behind VNet. | bool |
applicationInsights | ARM id of the application insights associated with this workspace. This cannot be changed once the workspace has been created | string |
containerRegistry | ARM id of the container registry associated with this workspace. This cannot be changed once the workspace has been created | string |
description | The description of this workspace. | string |
discoveryUrl | Url for the discovery service to identify regional endpoints for machine learning experimentation services | string |
encryption | The encryption settings of Azure ML workspace. | EncryptionProperty |
friendlyName | The friendly name for this workspace. This name in mutable | string |
hbiWorkspace | The flag to signal HBI data in the workspace and reduce diagnostic data collected by the service | bool |
imageBuildCompute | The compute name for image build | string |
keyVault | ARM id of the key vault associated with this workspace. This cannot be changed once the workspace has been created | string |
primaryUserAssignedIdentity | The user assigned identity resource id that represents the workspace identity. | string |
serviceManagedResourcesSettings | The service managed resource settings. | ServiceManagedResourcesSettings |
sharedPrivateLinkResources | The list of shared private link resources in this workspace. | SharedPrivateLinkResource[] |
storageAccount | ARM id of the storage account associated with this workspace. This cannot be changed once the workspace has been created | string |
EncryptionProperty
Name | Description | Value |
---|---|---|
identity | The identity that will be used to access the key vault for encryption at rest. | IdentityForCmk |
keyVaultProperties | Customer Key vault properties. | KeyVaultProperties (required) |
status | Indicates whether or not the encryption is enabled for the workspace. | 'Disabled' 'Enabled' (required) |
IdentityForCmk
Name | Description | Value |
---|---|---|
userAssignedIdentity | The ArmId of the user assigned identity that will be used to access the customer managed key vault | string |
KeyVaultProperties
Name | Description | Value |
---|---|---|
identityClientId | For future use - The client id of the identity which will be used to access key vault. | string |
keyIdentifier | Key vault uri to access the encryption key. | string (required) |
keyVaultArmId | The ArmId of the keyVault where the customer owned encryption key is present. | string (required) |
ServiceManagedResourcesSettings
Name | Description | Value |
---|---|---|
cosmosDb | The settings for the service managed cosmosdb account. | CosmosDbSettings |
CosmosDbSettings
Name | Description | Value |
---|---|---|
collectionsThroughput | The throughput of the collections in cosmosdb database | int |
SharedPrivateLinkResource
Name | Description | Value |
---|---|---|
name | Unique name of the private link. | string |
properties | Resource properties. | SharedPrivateLinkResourceProperty |
SharedPrivateLinkResourceProperty
Name | Description | Value |
---|---|---|
groupId | The private link resource group id. | string |
privateLinkResourceId | The resource id that private link links to. | string |
requestMessage | Request message. | string |
status | Indicates whether the connection has been Approved/Rejected/Removed by the owner of the service. | 'Approved' 'Disconnected' 'Pending' 'Rejected' 'Timeout' |
Sku
Name | Description | Value |
---|---|---|
name | Name of the sku | string |
tier | Tier of the sku like Basic or Enterprise | string |
Quickstart templates
The following quickstart templates deploy this resource type.
Template | Description |
---|---|
Azure Machine Learning Workspace |
This template creates a new Azure Machine Learning Workspace, along with an encrypted Storage Account, KeyVault and Applications Insights Logging |
Azure AI Studio basic setup |
This set of templates demonstrates how to set up Azure AI Studio with the basic setup, meaning with public internet access enabled, Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. |
Azure AI Studio basic setup |
This set of templates demonstrates how to set up Azure AI Studio with the basic setup, meaning with public internet access enabled, Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. |
Azure AI Studio with Microsoft Entra ID Authentication |
This set of templates demonstrates how to set up Azure AI Studio with Microsoft Entra ID authentication for dependent resources, such as Azure AI Services and Azure Storage. |
Azure AI Studio Network Restricted |
This set of templates demonstrates how to set up Azure AI Studio with private link and egress disabled, using Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. |
Create AML workspace with multiple Datasets & Datastores |
This template creates Azure Machine Learning workspace with multiple datasets & datastores. |
Azure Machine Learning end-to-end secure setup |
This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster. |
Azure Machine Learning end-to-end secure setup (legacy) |
This set of Bicep templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up. This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster. |
Azure AI Studio Network Restricted |
This set of templates demonstrates how to set up Azure AI Studio with private link and egress disabled, using Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. |
Create an AKS compute target with a Private IP address |
This template creates an AKS compute target in given Azure Machine Learning service workspace with a private IP address. |
Create an Azure Machine Learning service workspace |
This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the minimal set of resources you require to get started with Azure Machine Learning. |
Create an Azure Machine Learning service workspace (CMK) |
This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. The example shows how to configure Azure Machine Learning for encryption with a customer-managed encryption key. |
Create an Azure Machine Learning service workspace (CMK) |
This deployment template specifies how to create an Azure Machine Learning workspace with service-side encryption using your encryption keys. |
Create an Azure Machine Learning service workspace (vnet) |
This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the set of resources you require to get started with Azure Machine Learning in a network isolated set up. |
Create an Azure Machine Learning service workspace (legacy) |
This deployment template specifies an Azure Machine Learning workspace, and its associated resources including Azure Key Vault, Azure Storage, Azure Application Insights and Azure Container Registry. This configuration describes the set of resources you require to get started with Azure Machine Learning in a network isolated set up. |
Terraform (AzAPI provider) resource definition
The workspaces resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.MachineLearningServices/workspaces resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.MachineLearningServices/workspaces@2021-04-01"
name = "string"
location = "string"
parent_id = "string"
tags = {
tagName1 = "tagValue1"
tagName2 = "tagValue2"
}
identity {
type = "string"
identity_ids = []
}
body = jsonencode({
properties = {
allowPublicAccessWhenBehindVnet = bool
applicationInsights = "string"
containerRegistry = "string"
description = "string"
discoveryUrl = "string"
encryption = {
identity = {
userAssignedIdentity = "string"
}
keyVaultProperties = {
identityClientId = "string"
keyIdentifier = "string"
keyVaultArmId = "string"
}
status = "string"
}
friendlyName = "string"
hbiWorkspace = bool
imageBuildCompute = "string"
keyVault = "string"
primaryUserAssignedIdentity = "string"
serviceManagedResourcesSettings = {
cosmosDb = {
collectionsThroughput = int
}
}
sharedPrivateLinkResources = [
{
name = "string"
properties = {
groupId = "string"
privateLinkResourceId = "string"
requestMessage = "string"
status = "string"
}
}
]
storageAccount = "string"
}
sku = {
name = "string"
tier = "string"
}
})
}
Property values
workspaces
Name | Description | Value |
---|---|---|
type | The resource type | "Microsoft.MachineLearningServices/workspaces@2021-04-01" |
name | The resource name | string (required) Character limit: 3-33 Valid characters: Alphanumerics, hyphens, and underscores. |
location | Specifies the location of the resource. | string |
parent_id | To deploy to a resource group, use the ID of that resource group. | string (required) |
tags | Contains resource tags defined as key/value pairs. | Dictionary of tag names and values. |
sku | The sku of the workspace. | Sku |
identity | The identity of the resource. | Identity |
properties | The properties of the machine learning workspace. | WorkspaceProperties |
Identity
Name | Description | Value |
---|---|---|
type | The identity type. | "SystemAssigned" "SystemAssigned,UserAssigned" "UserAssigned" |
identity_ids | The user assigned identities associated with the resource. | Array of user identity IDs. |
UserAssignedIdentities
Name | Description | Value |
---|---|---|
{customized property} | UserAssignedIdentity |
UserAssignedIdentity
This object doesn't contain any properties to set during deployment. All properties are ReadOnly.
WorkspaceProperties
Name | Description | Value |
---|---|---|
allowPublicAccessWhenBehindVnet | The flag to indicate whether to allow public access when behind VNet. | bool |
applicationInsights | ARM id of the application insights associated with this workspace. This cannot be changed once the workspace has been created | string |
containerRegistry | ARM id of the container registry associated with this workspace. This cannot be changed once the workspace has been created | string |
description | The description of this workspace. | string |
discoveryUrl | Url for the discovery service to identify regional endpoints for machine learning experimentation services | string |
encryption | The encryption settings of Azure ML workspace. | EncryptionProperty |
friendlyName | The friendly name for this workspace. This name in mutable | string |
hbiWorkspace | The flag to signal HBI data in the workspace and reduce diagnostic data collected by the service | bool |
imageBuildCompute | The compute name for image build | string |
keyVault | ARM id of the key vault associated with this workspace. This cannot be changed once the workspace has been created | string |
primaryUserAssignedIdentity | The user assigned identity resource id that represents the workspace identity. | string |
serviceManagedResourcesSettings | The service managed resource settings. | ServiceManagedResourcesSettings |
sharedPrivateLinkResources | The list of shared private link resources in this workspace. | SharedPrivateLinkResource[] |
storageAccount | ARM id of the storage account associated with this workspace. This cannot be changed once the workspace has been created | string |
EncryptionProperty
Name | Description | Value |
---|---|---|
identity | The identity that will be used to access the key vault for encryption at rest. | IdentityForCmk |
keyVaultProperties | Customer Key vault properties. | KeyVaultProperties (required) |
status | Indicates whether or not the encryption is enabled for the workspace. | "Disabled" "Enabled" (required) |
IdentityForCmk
Name | Description | Value |
---|---|---|
userAssignedIdentity | The ArmId of the user assigned identity that will be used to access the customer managed key vault | string |
KeyVaultProperties
Name | Description | Value |
---|---|---|
identityClientId | For future use - The client id of the identity which will be used to access key vault. | string |
keyIdentifier | Key vault uri to access the encryption key. | string (required) |
keyVaultArmId | The ArmId of the keyVault where the customer owned encryption key is present. | string (required) |
ServiceManagedResourcesSettings
Name | Description | Value |
---|---|---|
cosmosDb | The settings for the service managed cosmosdb account. | CosmosDbSettings |
CosmosDbSettings
Name | Description | Value |
---|---|---|
collectionsThroughput | The throughput of the collections in cosmosdb database | int |
SharedPrivateLinkResource
Name | Description | Value |
---|---|---|
name | Unique name of the private link. | string |
properties | Resource properties. | SharedPrivateLinkResourceProperty |
SharedPrivateLinkResourceProperty
Name | Description | Value |
---|---|---|
groupId | The private link resource group id. | string |
privateLinkResourceId | The resource id that private link links to. | string |
requestMessage | Request message. | string |
status | Indicates whether the connection has been Approved/Rejected/Removed by the owner of the service. | "Approved" "Disconnected" "Pending" "Rejected" "Timeout" |
Sku
Name | Description | Value |
---|---|---|
name | Name of the sku | string |
tier | Tier of the sku like Basic or Enterprise | string |