ML Workspace has public access disabled

March 21, 2025 ยท View on GitHub

SYNOPSIS

Disable public network access from a Azure Machine Learning workspace.

DESCRIPTION

Disabling public network access improves security by ensuring that the Machine Learning Workspaces aren't exposed on the public internet. You can control exposure of your workspaces by creating private endpoints instead. By default, a public endpoint is enabled for Machine Learning workspaces. The public endpoint is used for all access except for requests that use a Private Endpoint. Access through the public endpoint can be disabled or restricted to authorized virtual networks.

Data exfiltration is an attack where an malicious actor does an unauthorized data transfer. Private Endpoints help control exposure of a workspace to data exfiltration by an internal or external malicious actor. They do this by providing clear separation between public and private endpoints. As a result, broad access to public endpoints which could be operated by a malicious actor are not required.

RECOMMENDATION

Consider disabling access from public endpoints by setting the publicNetworkAccess property to Disabled as part of a broader security strategy.

EXAMPLES

Configure with Azure template

To deploy an ML - Workspace that passes this rule:

  • Set the properties.publicNetworkAccess property to Disabled.
  • If the properties.allowPublicAccessWhenBehindVnet property is defined remove the property. Switch to using the properties.publicNetworkAccess property instead. Configuring both properties is not required.

For example:

{
  "type": "Microsoft.MachineLearningServices/workspaces",
  "apiVersion": "2023-04-01",
  "name": "[parameters('name')]",
  "location": "[parameters('location')]",
  "sku": {
    "name": "basic",
    "tier": "basic"
  },
  "identity": {
    "type": "SystemAssigned"
  },
  "properties": {
    "friendlyName": "[parameters('name')]",
    "keyVault": "[resourceId('Microsoft.KeyVault/vaults', parameters('KeyVaultName'))]",
    "storageAccount": "[resourceId('Microsoft.Storage/storageAccounts', parameters('StorageAccountName'))]",
    "applicationInsights": "[resourceId('Microsoft.Insights/components', parameters('AppInsightsName'))]",
    "containerRegistry": "[resourceId('Microsoft.ContainerRegistry/registries', parameters('ContainerRegistryName'))]",
    "publicNetworkAccess": "Disabled"
  }
}

Configure with Bicep

To deploy an ML - Workspace that passes this rule:

  • Set the properties.publicNetworkAccess property to Disabled.
  • If the properties.allowPublicAccessWhenBehindVnet property is defined remove the property. Switch to using the properties.publicNetworkAccess property instead. Configuring both properties is not required.

For example:

resource workspace 'Microsoft.MachineLearningServices/workspaces@2023-04-01' = {
  name: name
  location: location
  sku: {
    name: 'basic'
    tier: 'basic'
  }
  identity: {
    type: 'UserAssigned'
    userAssignedIdentities: {
      '${identity.id}': {}
    }
  }
  properties: {
    friendlyName: friendlyName
    keyVault: keyVault.id
    storageAccount: storageAccount.id
    applicationInsights: appInsights.id
    containerRegistry: containerRegistry.id
    publicNetworkAccess: 'Disabled'
    primaryUserAssignedIdentity: identity.id
  }
}