last sync: 2025-Jul-03 17:22:55 UTC

[Deprecated]: Azure Machine Learning workspaces should use private link

Azure BuiltIn Policy definition

Source Azure Portal
Display name [Deprecated]: Azure Machine Learning workspaces should use private link
Id 40cec1dd-a100-4920-b15b-3024fe8901ab
Version 1.1.0-deprecated
Details on versioning
Versioning Versions supported for Versioning: 1
1.1.0 (1.1.0-deprecated)
Built-in Versioning [Preview]
Category Machine Learning
Microsoft Learn
Description This policy is deprecated because private link is created after workspace creation, deny action can never succeed. Instead of continuing to use this policy, we recommend you instead assign this replacement policy with policy ID 45e05259-1eb5-4f70-9574-baf73e9d219b. Learn more about policy definition deprecation at aka.ms/policydefdeprecation.
Cloud environments AzureCloud = true
AzureUSGovernment = unknown
AzureChinaCloud = unknown
Available in AzUSGov Unknown, no evidence if Policy definition is/not available in AzureUSGovernment
Assessment(s) Assessments count: 1
Assessment Id: 692343df-7e70-b082-7b0e-67f97146cea3
DisplayName: Azure Machine Learning workspaces should use private link
Description: Azure Private Link provides a secure connection between your virtual network and Azure services, eliminating the need for a public IP address.
It ensures that the connectivity between the consumer and services is handled over the Azure backbone network.
By mapping private endpoints to your Azure Machine Learning workspaces, you can protect against data leakage risks.

Remediation description: To enable private link on Azure Machine Learning workspaces, follow the instructions here: https://aka.ms/azureml-workspaces-privatelink.
Categories: Data
Severity: Medium
preview: True
Mode Indexed
Type BuiltIn
Preview False
Deprecated True
Reference Reference to 1 related Policy definition (taken from description)
Azure Machine Learning workspaces should use private link (45e05259-1eb5-4f70-9574-baf73e9d219b)
Effect Default
Audit
Allowed
Audit, Deny, Disabled
RBAC role(s) none
Rule aliases IF (2)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.MachineLearningServices/workspaces/privateEndpointConnections[*] Microsoft.MachineLearningServices workspaces properties.privateEndpointConnections[*] True False
Microsoft.MachineLearningServices/workspaces/privateEndpointConnections[*].privateLinkServiceConnectionState.status Microsoft.MachineLearningServices workspaces properties.privateEndpointConnections[*].properties.privateLinkServiceConnectionState.status True False
Rule resource types IF (1)
Compliance
The following 1 compliance controls are associated with this Policy definition '[Deprecated]: Azure Machine Learning workspaces should use private link' (40cec1dd-a100-4920-b15b-3024fe8901ab)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
K_ISMS_P_2018 2.6.7 K_ISMS_P_2018_2.6.7 K ISMS P 2018 2.6.7 2.6 Establish Internet Connection Control Policies Shared n/a Establish and implement internet connection control policies to prevent data leakage from critical information systems or terminals that perform key roles or handle personal information. 34
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type polSet in AzUSGov
K ISMS P 2018 e0782c37-30da-4a78-9f92-50bfe7aa2553 Regulatory Compliance GA BuiltIn unknown
History
Date/Time (UTC ymd) (i) Change type Change detail
2023-03-17 18:44:06 change Version remains equal, new suffix: deprecated (1.1.0 > 1.1.0-deprecated)
2021-03-24 14:32:48 change Minor (1.0.0 > 1.1.0)
2021-03-16 16:49:20 change Patch (1.0.1 > 1.0.0)
2020-12-11 15:42:52 change Patch (1.0.0 > 1.0.1)
2020-08-27 15:39:26 add 40cec1dd-a100-4920-b15b-3024fe8901ab
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC