Ensure Azure Machine learning workspace is configured with private endpoint
Description
This policy checks whether an Azure Machine Learning workspace is configured with a private endpoint. Configuring a private endpoint for Azure Machine Learning workspace ensures that it is not exposed to the public internet, reducing the risk of unauthorized access. This is important because Azure Machine Learning workspaces often contain sensitive data and models, and exposing them to the public internet could lead to data breaches or other security incidents. By using a private endpoint, organizations can better control access to their Azure Machine Learning workspaces and reduce the risk of security threats.
Code Example
{"properties": {
"managedNetwork": {
"outboundRules": {
"rule1": {
"type": "PrivateEndpoint"
}
}
}
}}Remediation
Ensure the Azure Machine Learning workspace is configured with a private endpoint by setting the type of an outbound rule to 'PrivateEndpoint' in the managed network configuration.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0750 |
| Severity | MEDIUM |
| IaC Type | arm |
| Frameworks | Microsoft.MachineLearningServices/workspaces, Microsoft.MachineLearningServices/workspaces |
| Checkov ID | CKV_AZURE_243 |