[Launched] Generally Available: Required role assignment for private endpoint approvals in AzureML workspaces and/or AI Foundry hubs with managed network

-


Summary of Azure Update and Private Endpoint Configurations

Overview of Azure Update

As of June 3, 2025, Microsoft Azure has made a required role assignment for private endpoint approvals generally available in Azure Machine Learning (AzureML) workspaces and/or AI Foundry hubs with managed networks[1]. This update emphasizes the need for explicit role assignments for securing private endpoint connections.

Details on Private Endpoint Configurations

To configure private endpoints in Azure Machine Learning, users must follow specific steps to ensure secure connections:

  • Role Assignment: The Azure Machine Learning workspace's managed identity must have permissions to approve Private Endpoint connections on target resources. This is typically done by assigning the Azure AI Enterprise Network Connection Approver role or a custom role with similar permissions[3].

  • Target Resources: The Azure AI Enterprise Network Connection Approver role covers a wide range of Azure resources, including Azure Application Gateway, Azure Monitor, Azure SQL Database, and more[3].

  • Custom Roles for Non-Covered Resources: For resources not covered by the Azure AI Enterprise Network Connection Approver role (e.g., Azure Data Factory, Azure Databricks), a custom scoped-down role is recommended to define the necessary actions for approving private endpoint connections[3].

  • Configuration Process: Users can configure private endpoints by accessing the Azure portal and following the role assignment process within the Access Control (IAM) section[4].

Key Points

  • Security Enhancement: The shift from automatic to manual role assignment enhances security by reducing potential vulnerabilities associated with automatic role assignments[3].
  • Role-Based Access Control (RBAC): Proper RBAC permissions are crucial for creating and approving private endpoints, requiring specific actions like Microsoft.[ServiceProvider]/[resourceType]/privateEndpointConnectionsApproval/action[5].
  • General Availability: The update is now generally available, indicating that it is fully supported and recommended for use in production environments[1].
อ้างอิงค์ : https://azure.microsoft.com/updates?id=495600

ความคิดเห็น

แสดงความคิดเห็น

โพสต์ยอดนิยมจากบล็อกนี้

Retirement: MICROSOFT AZURE OPERATED BY 21VIANET - Action required to migrate to Azure China North 3 region by July 1, 2026 due to China North 1 and China East 1 region retirement

-
รูปภาพ
Retirement of Azure Regions in China Microsoft Azure operated by 21Vianet is planning significant changes to its regional infrastructure in China. Specifically, the China North 1 and China East 1 regions are scheduled for retirement. Key Points About the Retirement Retirement Date : Both China North 1 and China East 1 regions will be retired on July 1, 2026 [1]. Impact : Customers with services in these regions will experience disruptions if they do not migrate their services to other regions by the retirement date[1]. Recommended Action : Microsoft advises customers to migrate their services to alternative regions, such as China North 3 , to avoid service disruptions. Additional Service Updates Beyond the region retirement, there are other service updates relevant to Azure in China: Azure Batch Service Retirement : The Azure Batch service will also be retired on March 31, 2026 , in regions like India West , China North 1 , and China East 1 , due to regional constraints...
อ่านเพิ่มเติม

[Launched] Generally Available: Private subnet

-
รูปภาพ
Here is a structured summary of the Generally Available: Private Subnet launch announcement and key information from the official Azure Updates page referenced (https://azure.microsoft.com/updates?id=492953): General Availability of Azure Private Subnet Announcement Date: May 2025[1] Feature Status: Launched (now generally available for all Azure customers) Description: The "private subnet" feature for Azure Virtual Network is now production-ready, enabling customers to create subnets with enhanced network isolation and security. Key Benefits: Enhanced Security: Private subnets help restrict outbound internet access, reducing the risk of unauthorized data exfiltration. Explicit Internet Access: VMs in a private subnet do not have default outbound internet access, requiring explicit configuration of NAT gateways or other routes for connectivity[5]. Greater Control: Organizations gain more granular management over their Azure VM network traffic, allowing them t...
อ่านเพิ่มเติม

[Launched] Generally Available: Fallback to Internet on Private DNS Zones

-
รูปภาพ
Here's a concise summary of Azure's Generally Available: Fallback to Internet on Private DNS Zones based on available documentation and relevant sources: Overview The Fallback to Internet feature for Azure Private DNS Zones is now generally available, allowing DNS queries for non-private records to resolve via public DNS servers when no matching record exists in the configured private zones[1][3][5]. This ensures seamless hybrid environments and reduces DNS resolution failures. Key Functionality Automatic Public DNS Resolution : Queries for records not defined in private DNS zones automatically resolve using public internet DNS servers if enabled[5]. Hybrid Environment Support : Ideal for scenarios requiring access to both private endpoints and public resources without manual DNS configuration[3][4]. Enhanced Resilience : Minimizes application downtime caused by DNS resolution failures in isolated or on-premises environments[2][4]. Configuration Steps Enabl...
อ่านเพิ่มเติม