Azure Machine Learning end-to-end secure setup

Azure Public Test Date Azure Public Test Result

Azure US Gov Last Test Date Azure US Gov Last Test Result

Best Practice Check Cred Scan Check

Bicep Version

Deploy To Azure Deploy To Azure US Gov Visualize

This set of templates demonstrates how to set up Azure Machine Learning end-to-end in a secure set up.

This reference implementation includes the Workspace, a compute cluster, compute instance and attached private AKS cluster. It includes the configuration of associated resources including Azure Key Vault, Azure Storage, and Azure Container Registry in a network-isolated setup.


Provider and type Description
Microsoft.Resources/resourceGroups The resource group all resources get deployed into
Microsoft.Insights/components An Azure Application Insights instance associated to the Azure Machine Learning workspace
Microsoft.KeyVault/vaults An Azure Key Vault instance associated to the Azure Machine Learning workspace
Microsoft.Storage/storageAccounts An Azure Storage instance associated to the Azure Machine Learning workspace
Microsoft.ContainerRegistry/registries An Azure Container Registry instance associated to the Azure Machine Learning workspace
Microsoft.MachineLearningServices/workspaces An Azure Machine Learning workspace instance
Microsoft.MachineLearningServices workspaces/computes Azure Machine Learning workspace compute types: cluster and compute instance
Microsoft.Network/privateDnsZones Private DNS zones for Azure Machine Learning and the dependent resources
Microsoft.Network/networkSecurityGroups A Network Security Group pre-configured for use with Azure Machine Learning
Microsoft.ContainerService/managedClusters An Azure Kubernetes Services cluster for inferencing
Microsoft.Compute/virtualMachines A Data Science Virtual Machine jumpbox to access the workspace over the private link endpoint
Microsoft.Network/virtualNetworks A virtual network to deploy all resources in

Learn more

If you are new to Azure Machine Learning, see:

If you are new to template development, see:

Tags: Microsoft.Resources/deployments, Microsoft.Network/networkSecurityGroups, Microsoft.Network/virtualNetworks, Microsoft.KeyVault/vaults, Microsoft.Network/privateEndpoints, Microsoft.Network/privateDnsZones, Microsoft.Network/privateEndpoints/privateDnsZoneGroups, Microsoft.Network/privateDnsZones/virtualNetworkLinks, Microsoft.Storage/storageAccounts, Microsoft.ContainerRegistry/registries, Notary, Microsoft.Insights/components, Microsoft.MachineLearningServices/workspaces, SystemAssigned, Microsoft.MachineLearningServices/workspaces/computes, Microsoft.ContainerService/managedClusters, VirtualMachineScaleSets, Microsoft.Network/networkInterfaces, Microsoft.Compute/virtualMachines, Microsoft.Compute/virtualMachines/extensions, [variables('aadLoginExtensionName')], Microsoft.Network/virtualNetworks/subnets, Microsoft.Network/publicIPAddresses, Microsoft.Network/bastionHosts