RohitMungi-MSFT
commented
2 years ago Closed pnarsi closed 2 years ago
RohitMungi-MSFT
commented
2 years ago RohitMungi-MSFT
commented
2 years ago @jhirono Could you please confirm if this is a supported feature with AKV and update the document? I have referenced the issue raised with AKV team which confirms that AML is not listed as a trusted service. Thanks!!
pnarsi
commented
2 years ago @RohitMungi-MSFT @jhirono
I did a bit of testing and it does seem that AML does require the "Trusted Microsoft Service Service" feature to be enabled on a firewall enabled AKV otherwise when attempting to set/get secrets via a AML notebook we get an error message similar to the below. The client IP in the error message is part of the AzureMachineLearning service tag.
nibaccam
commented
2 years ago @Blackmist to follow up with @jhirono
jhirono
commented
2 years ago Thank you very much. Let me follow this up with key vault team.
jhirono
commented
2 years ago I confirmed with KeyVault team that AzureML will be added soon. We can close this issue.
nibaccam
commented
2 years ago We will now proceed to close this thread.
This mentions that we can use AML experimentation capabilities with a AKV with a firewall enabled by selecting "Allow trusted Microsoft service to bypass the firewall".
However AML is not listed as a valid trusted Microsoft service on this AKV page https://docs.microsoft.com/en-us/azure/key-vault/general/overview-vnet-service-endpoints#trusted-services. Furthermore when I raised a github ticket on that page, it was closed with a note saying that "It has been verified with the Key vault engineering team that AML is not in the list of Trusted Services."
Is there a reason for this discrepancy? This is support for AML experimentation capability with AKV via trusted Microsoft Services still a preview feature?
Document Details
⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.