Workspaces - Create Or Update

Service:

Machine Learning

API Version:

2023-04-01

Creates or updates a workspace with the specified parameters.

PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.MachineLearningServices/workspaces/{workspaceName}?api-version=2023-04-01

URI Parameters

Name	In	Required	Type	Description
resourceGroupName	path	True	string	The name of the resource group. The name is case insensitive.
subscriptionId	path	True	string	The ID of the target subscription.
workspaceName	path	True	string	Name of Azure Machine Learning workspace. Regex pattern: ^[a-zA-Z0-9][a-zA-Z0-9_-]{2,32}$
api-version	query	True	string	The API version to use for this operation.

Request Body

Name	Type	Description
identity	ManagedServiceIdentity	The identity of the resource.
location	string	Specifies the location of the resource.
properties.allowPublicAccessWhenBehindVnet	boolean	The flag to indicate whether to allow public access when behind VNet.
properties.applicationInsights	string	ARM id of the application insights associated with this workspace.
properties.containerRegistry	string	ARM id of the container registry associated with this workspace.
properties.description	string	The description of this workspace.
properties.discoveryUrl	string	Url for the discovery service to identify regional endpoints for machine learning experimentation services
properties.encryption	EncryptionProperty	The encryption settings of Azure ML workspace.
properties.friendlyName	string	The friendly name for this workspace. This name in mutable
properties.hbiWorkspace	boolean	The flag to signal HBI data in the workspace and reduce diagnostic data collected by the service
properties.imageBuildCompute	string	The compute name for image build
properties.keyVault	string	ARM id of the key vault associated with this workspace. This cannot be changed once the workspace has been created
properties.primaryUserAssignedIdentity	string	The user assigned identity resource id that represents the workspace identity.
properties.publicNetworkAccess	PublicNetworkAccess	Whether requests from Public Network are allowed.
properties.serviceManagedResourcesSettings	ServiceManagedResourcesSettings	The service managed resource settings.
properties.sharedPrivateLinkResources	SharedPrivateLinkResource[]	The list of shared private link resources in this workspace.
properties.storageAccount	string	ARM id of the storage account associated with this workspace. This cannot be changed once the workspace has been created
properties.v1LegacyMode	boolean	Enabling v1_legacy_mode may prevent you from using features provided by the v2 API.
sku	Sku	The sku of the workspace.
tags	object	Contains resource tags defined as key/value pairs.

Responses

Name	Type	Description
200 OK	Workspace	The request was successful; the request was well-formed and received properly.
202 Accepted		The request was successful; the request was well-formed and received properly.
Other Status Codes	ErrorResponse	Error response describing why the operation failed

Security

azure_auth

Azure Active Directory OAuth2 Flow.

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name	Description
user_impersonation	impersonate your user account

Examples

Create Workspace

Sample Request

HTTP

PUT https://management.azure.com/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/workspace-1234/providers/Microsoft.MachineLearningServices/workspaces/testworkspace?api-version=2023-04-01

{
  "location": "eastus2euap",
  "identity": {
    "type": "SystemAssigned,UserAssigned",
    "userAssignedIdentities": {
      "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/workspace-1234/providers/Microsoft.ManagedIdentity/userAssignedIdentities/testuai": {}
    }
  },
  "properties": {
    "friendlyName": "HelloName",
    "description": "test description",
    "containerRegistry": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/workspace-1234/providers/Microsoft.ContainerRegistry/registries/testRegistry",
    "keyVault": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/workspace-1234/providers/Microsoft.KeyVault/vaults/testkv",
    "applicationInsights": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/workspace-1234/providers/microsoft.insights/components/testinsights",
    "storageAccount": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/accountcrud-1234/providers/Microsoft.Storage/storageAccounts/testStorageAccount",
    "encryption": {
      "status": "Enabled",
      "identity": {
        "userAssignedIdentity": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/workspace-1234/providers/Microsoft.ManagedIdentity/userAssignedIdentities/testuai"
      },
      "keyVaultProperties": {
        "keyVaultArmId": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/workspace-1234/providers/Microsoft.KeyVault/vaults/testkv",
        "keyIdentifier": "https://testkv.vault.azure.net/keys/testkey/aabbccddee112233445566778899aabb",
        "identityClientId": ""
      }
    },
    "hbiWorkspace": false,
    "sharedPrivateLinkResources": [
      {
        "name": "testdbresource",
        "properties": {
          "privateLinkResourceId": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/workspace-1234/providers/Microsoft.DocumentDB/databaseAccounts/testdbresource/privateLinkResources/Sql",
          "groupId": "Sql",
          "requestMessage": "Please approve",
          "status": "Approved"
        }
      }
    ]
  }
}

Python

from azure.identity import DefaultAzureCredential
from azure.mgmt.machinelearningservices import MachineLearningServicesMgmtClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-machinelearningservices
# USAGE
    python create.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = MachineLearningServicesMgmtClient(
        credential=DefaultAzureCredential(),
        subscription_id="00000000-1111-2222-3333-444444444444",
    )

    response = client.workspaces.begin_create_or_update(
        resource_group_name="workspace-1234",
        workspace_name="testworkspace",
        parameters={
            "identity": {
                "type": "SystemAssigned,UserAssigned",
                "userAssignedIdentities": {
                    "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/workspace-1234/providers/Microsoft.ManagedIdentity/userAssignedIdentities/testuai": {}
                },
            },
            "location": "eastus2euap",
            "properties": {
                "applicationInsights": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/workspace-1234/providers/microsoft.insights/components/testinsights",
                "containerRegistry": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/workspace-1234/providers/Microsoft.ContainerRegistry/registries/testRegistry",
                "description": "test description",
                "encryption": {
                    "identity": {
                        "userAssignedIdentity": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/workspace-1234/providers/Microsoft.ManagedIdentity/userAssignedIdentities/testuai"
                    },
                    "keyVaultProperties": {
                        "identityClientId": "",
                        "keyIdentifier": "https://testkv.vault.azure.net/keys/testkey/aabbccddee112233445566778899aabb",
                        "keyVaultArmId": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/workspace-1234/providers/Microsoft.KeyVault/vaults/testkv",
                    },
                    "status": "Enabled",
                },
                "friendlyName": "HelloName",
                "hbiWorkspace": False,
                "keyVault": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/workspace-1234/providers/Microsoft.KeyVault/vaults/testkv",
                "sharedPrivateLinkResources": [
                    {
                        "name": "testdbresource",
                        "properties": {
                            "groupId": "Sql",
                            "privateLinkResourceId": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/workspace-1234/providers/Microsoft.DocumentDB/databaseAccounts/testdbresource/privateLinkResources/Sql",
                            "requestMessage": "Please approve",
                            "status": "Approved",
                        },
                    }
                ],
                "storageAccount": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/accountcrud-1234/providers/Microsoft.Storage/storageAccounts/testStorageAccount",
            },
        },
    ).result()
    print(response)


# x-ms-original-file: specification/machinelearningservices/resource-manager/Microsoft.MachineLearningServices/stable/2023-04-01/examples/Workspace/create.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:

200

{
  "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/workspace-1234/providers/Microsoft.MachineLearningServices/workspaces/testworkspace",
  "name": "testworkspace",
  "type": "Microsoft.MachineLearningServices/workspaces",
  "location": "eastus2euap",
  "identity": {
    "principalId": "00000000-1111-2222-3333-444444444444",
    "tenantId": "00000000-1111-2222-3333-444444444444",
    "type": "SystemAssigned,UserAssigned",
    "userAssignedIdentities": {
      "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/workspace-1234/providers/Microsoft.ManagedIdentity/userAssignedIdentities/testuai": {
        "principalId": "00000000-1111-2222-3333-444444444444",
        "clientId": "00000000-1111-2222-3333-444444444444"
      }
    }
  },
  "properties": {
    "containerRegistry": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/workspace-1234/providers/Microsoft.ContainerRegistry/registries/testRegistry",
    "keyVault": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/workspace-1234/providers/Microsoft.KeyVault/vaults/testkv",
    "applicationInsights": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/workspace-1234/providers/microsoft.insights/components/testinsights",
    "storageAccount": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/accountcrud-1234/providers/Microsoft.Storage/storageAccounts/testStorageAccount",
    "discoveryUrl": "http://example.com",
    "friendlyName": "HelloName",
    "description": "test description",
    "encryption": {
      "status": "Enabled",
      "identity": {
        "userAssignedIdentity": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/workspace-1234/providers/Microsoft.ManagedIdentity/userAssignedIdentities/testuai"
      },
      "keyVaultProperties": {
        "keyVaultArmId": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/workspace-1234/providers/Microsoft.KeyVault/vaults/testkv",
        "keyIdentifier": "https://testkv.vault.azure.net/keys/testkey/aabbccddee112233445566778899aabb",
        "identityClientId": ""
      }
    },
    "hbiWorkspace": false,
    "allowPublicAccessWhenBehindVnet": false,
    "publicNetworkAccess": "Disabled",
    "sharedPrivateLinkResources": [
      {
        "name": "testdbresource",
        "properties": {
          "privateLinkResourceId": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/workspace-1234/providers/Microsoft.DocumentDB/databaseAccounts/testdbresource/privateLinkResources/Sql",
          "groupId": "Sql",
          "requestMessage": "Please approve",
          "status": "Approved"
        }
      }
    ]
  }
}

Status code:

202

Location: example_location

Definitions

Name	Description
CosmosDbSettings
createdByType	The type of identity that created the resource.
EncryptionKeyVaultProperties
EncryptionProperty
EncryptionStatus	Indicates whether or not the encryption is enabled for the workspace.
ErrorAdditionalInfo	The resource management error additional info.
ErrorDetail	The error detail.
ErrorResponse	Error response
IdentityForCmk	Identity that will be used to access key vault for encryption at rest
ManagedServiceIdentity	Managed service identity (system assigned and/or user assigned identities)
ManagedServiceIdentityType	Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed).
NotebookPreparationError
NotebookResourceInfo
PrivateEndpoint	The Private Endpoint resource.
PrivateEndpointConnection	The Private Endpoint Connection resource.
PrivateEndpointConnectionProvisioningState	The current provisioning state.
PrivateEndpointServiceConnectionStatus	The private endpoint connection status.
PrivateLinkServiceConnectionState	A collection of information about the state of the connection between service consumer and provider.
ProvisioningState	The current deployment state of workspace resource. The provisioningState is to indicate states for resource provisioning.
PublicNetworkAccess	Whether requests from Public Network are allowed.
ServiceManagedResourcesSettings
SharedPrivateLinkResource
Sku	The resource model definition representing SKU
SkuTier	This field is required to be implemented by the Resource Provider if the service has more than one tier, but is not required on a PUT.
systemData	Metadata pertaining to creation and last modification of the resource.
UserAssignedIdentity	User assigned identity properties
Workspace	An object that represents a machine learning workspace.

CosmosDbSettings

Name	Type	Description
collectionsThroughput	integer	The throughput of the collections in cosmosdb database

createdByType

The type of identity that created the resource.

Name	Type	Description
Application	string
Key	string
ManagedIdentity	string
User	string

EncryptionKeyVaultProperties

Name	Type	Description
identityClientId	string	For future use - The client id of the identity which will be used to access key vault.
keyIdentifier	string	Key vault uri to access the encryption key.
keyVaultArmId	string	The ArmId of the keyVault where the customer owned encryption key is present.

EncryptionProperty

Name	Type	Description
identity	IdentityForCmk	The identity that will be used to access the key vault for encryption at rest.
keyVaultProperties	EncryptionKeyVaultProperties	Customer Key vault properties.
status	EncryptionStatus	Indicates whether or not the encryption is enabled for the workspace.

EncryptionStatus

Indicates whether or not the encryption is enabled for the workspace.

Name	Type	Description
Disabled	string
Enabled	string

ErrorAdditionalInfo

The resource management error additional info.

Name	Type	Description
info	object	The additional info.
type	string	The additional info type.

ErrorDetail

The error detail.

Name	Type	Description
additionalInfo	ErrorAdditionalInfo[]	The error additional info.
code	string	The error code.
details	ErrorDetail[]	The error details.
message	string	The error message.
target	string	The error target.

ErrorResponse

Error response

Name	Type	Description
error	ErrorDetail	The error object.

IdentityForCmk

Identity that will be used to access key vault for encryption at rest

Name	Type	Description
userAssignedIdentity	string	The ArmId of the user assigned identity that will be used to access the customer managed key vault

ManagedServiceIdentity

Managed service identity (system assigned and/or user assigned identities)

Name	Type	Description
principalId	string	The service principal ID of the system assigned identity. This property will only be provided for a system assigned identity.
tenantId	string	The tenant ID of the system assigned identity. This property will only be provided for a system assigned identity.
type	ManagedServiceIdentityType	Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed).
userAssignedIdentities	<string,  UserAssignedIdentity>	User-Assigned Identities The set of user assigned identities associated with the resource. The userAssignedIdentities dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. The dictionary values can be empty objects ({}) in requests.

ManagedServiceIdentityType

Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed).

Name	Type	Description
None	string
SystemAssigned	string
SystemAssigned,UserAssigned	string
UserAssigned	string

NotebookPreparationError

Name	Type	Description
errorMessage	string
statusCode	integer

NotebookResourceInfo

Name	Type	Description
fqdn	string
notebookPreparationError	NotebookPreparationError	The error that occurs when preparing notebook.
resourceId	string	the data plane resourceId that used to initialize notebook component

PrivateEndpoint

The Private Endpoint resource.

Name	Type	Description
id	string	The ARM identifier for Private Endpoint

PrivateEndpointConnection

The Private Endpoint Connection resource.

Name	Type	Description
id	string	Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
identity	ManagedServiceIdentity	The identity of the resource.
location	string	Specifies the location of the resource.
name	string	The name of the resource
properties.privateEndpoint	PrivateEndpoint	The resource of private end point.
properties.privateLinkServiceConnectionState	PrivateLinkServiceConnectionState	A collection of information about the state of the connection between service consumer and provider.
properties.provisioningState	PrivateEndpointConnectionProvisioningState	The provisioning state of the private endpoint connection resource.
sku	Sku	The sku of the workspace.
systemData	systemData	Azure Resource Manager metadata containing createdBy and modifiedBy information.
tags	object	Contains resource tags defined as key/value pairs.
type	string	The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

PrivateEndpointConnectionProvisioningState

The current provisioning state.

Name	Type	Description
Creating	string
Deleting	string
Failed	string
Succeeded	string

PrivateEndpointServiceConnectionStatus

The private endpoint connection status.

Name	Type	Description
Approved	string
Disconnected	string
Pending	string
Rejected	string
Timeout	string

PrivateLinkServiceConnectionState

A collection of information about the state of the connection between service consumer and provider.

Name	Type	Description
actionsRequired	string	A message indicating if changes on the service provider require any updates on the consumer.
description	string	The reason for approval/rejection of the connection.
status	PrivateEndpointServiceConnectionStatus	Indicates whether the connection has been Approved/Rejected/Removed by the owner of the service.

ProvisioningState

The current deployment state of workspace resource. The provisioningState is to indicate states for resource provisioning.

Name	Type	Description
Canceled	string
Creating	string
Deleting	string
Failed	string
Succeeded	string
Unknown	string
Updating	string

PublicNetworkAccess

Whether requests from Public Network are allowed.

Name	Type	Description
Disabled	string
Enabled	string

ServiceManagedResourcesSettings

Name	Type	Description
cosmosDb	CosmosDbSettings	The settings for the service managed cosmosdb account.

SharedPrivateLinkResource

Name	Type	Description
name	string	Unique name of the private link.
properties.groupId	string	The private link resource group id.
properties.privateLinkResourceId	string	The resource id that private link links to.
properties.requestMessage	string	Request message.
properties.status	PrivateEndpointServiceConnectionStatus	Indicates whether the connection has been Approved/Rejected/Removed by the owner of the service.

Sku

The resource model definition representing SKU

Name	Type	Description
capacity	integer	If the SKU supports scale out/in then the capacity integer should be included. If scale out/in is not possible for the resource this may be omitted.
family	string	If the service has different generations of hardware, for the same SKU, then that can be captured here.
name	string	The name of the SKU. Ex - P3. It is typically a letter+number code
size	string	The SKU size. When the name field is the combination of tier and some other value, this would be the standalone code.
tier	SkuTier	This field is required to be implemented by the Resource Provider if the service has more than one tier, but is not required on a PUT.

SkuTier

This field is required to be implemented by the Resource Provider if the service has more than one tier, but is not required on a PUT.

Name	Type	Description
Basic	string
Free	string
Premium	string
Standard	string

systemData

Metadata pertaining to creation and last modification of the resource.

Name	Type	Description
createdAt	string	The timestamp of resource creation (UTC).
createdBy	string	The identity that created the resource.
createdByType	createdByType	The type of identity that created the resource.
lastModifiedAt	string	The timestamp of resource last modification (UTC)
lastModifiedBy	string	The identity that last modified the resource.
lastModifiedByType	createdByType	The type of identity that last modified the resource.

UserAssignedIdentity

User assigned identity properties

Name	Type	Description
clientId	string	The client ID of the assigned identity.
principalId	string	The principal ID of the assigned identity.

Workspace

An object that represents a machine learning workspace.

Name	Type	Default Value	Description
id	string		Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
identity	ManagedServiceIdentity		The identity of the resource.
location	string		Specifies the location of the resource.
name	string		The name of the resource
properties.allowPublicAccessWhenBehindVnet	boolean	False	The flag to indicate whether to allow public access when behind VNet.
properties.applicationInsights	string		ARM id of the application insights associated with this workspace.
properties.containerRegistry	string		ARM id of the container registry associated with this workspace.
properties.description	string		The description of this workspace.
properties.discoveryUrl	string		Url for the discovery service to identify regional endpoints for machine learning experimentation services
properties.encryption	EncryptionProperty		The encryption settings of Azure ML workspace.
properties.friendlyName	string		The friendly name for this workspace. This name in mutable
properties.hbiWorkspace	boolean	False	The flag to signal HBI data in the workspace and reduce diagnostic data collected by the service
properties.imageBuildCompute	string		The compute name for image build
properties.keyVault	string		ARM id of the key vault associated with this workspace. This cannot be changed once the workspace has been created
properties.mlFlowTrackingUri	string		The URI associated with this workspace that machine learning flow must point at to set up tracking.
properties.notebookInfo	NotebookResourceInfo		The notebook info of Azure ML workspace.
properties.primaryUserAssignedIdentity	string		The user assigned identity resource id that represents the workspace identity.
properties.privateEndpointConnections	PrivateEndpointConnection[]		The list of private endpoint connections in the workspace.
properties.privateLinkCount	integer		Count of private connections in the workspace
properties.provisioningState	ProvisioningState		The current deployment state of workspace resource. The provisioningState is to indicate states for resource provisioning.
properties.publicNetworkAccess	PublicNetworkAccess		Whether requests from Public Network are allowed.
properties.serviceManagedResourcesSettings	ServiceManagedResourcesSettings		The service managed resource settings.
properties.serviceProvisionedResourceGroup	string		The name of the managed resource group created by workspace RP in customer subscription if the workspace is CMK workspace
properties.sharedPrivateLinkResources	SharedPrivateLinkResource[]		The list of shared private link resources in this workspace.
properties.storageAccount	string		ARM id of the storage account associated with this workspace. This cannot be changed once the workspace has been created
properties.storageHnsEnabled	boolean		If the storage associated with the workspace has hierarchical namespace(HNS) enabled.
properties.tenantId	string		The tenant id associated with this workspace.
properties.v1LegacyMode	boolean	False	Enabling v1_legacy_mode may prevent you from using features provided by the v2 API.
properties.workspaceId	string		The immutable id associated with this workspace.
sku	Sku		The sku of the workspace.
systemData	systemData		Azure Resource Manager metadata containing createdBy and modifiedBy information.
tags	object		Contains resource tags defined as key/value pairs.
type	string		The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"