| description | page_type | products | urlFragment | languages | ||||
|---|---|---|---|---|---|---|---|---|
This set of templates demonstrates how to set up Azure AI Studio with private link and egress disabled, using Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI resource. |
sample |
|
aistudio-network-restricted |
|
This set of templates demonstrates how to set up Azure AI Studio with a network-restricted configuration, meaning with public internet access disabled and egress disabled. It uses Microsoft-managed keys for encryption and Microsoft-managed identity configuration for the AI hub resource. Customization is required to create rules for the managed outbound access, and setup does not include additional rules to facilitate traffic access to the managed VNet. This template works as-is.
Azure AI Studio is built on Azure Machine Learning as the primary resource provider and takes a dependency on the Cognitive Services (Azure AI Services) resource provider to surface model-as-a-service endpoints for Azure Speech, Azure Content Safety, and Azure OpenAI service.
An 'Azure AI hub' is a special kind of 'Azure Machine Learning workspace', that is kind = "hub".
To facilitate proper roles and permissions, please be sure to review the following documentation
Limitations are maintained and kept up-to-date here:
- You might encounter problems trying to access the private endpoint for your hub if you're using Mozilla Firefox. This problem might be related to DNS over HTTPS in Mozilla Firefox. We recommend using Microsoft Edge or Google Chrome.
- Users can select either "Allow Internet Outbound" or "Allow Only Approved Outbound" as the two modes for managed vnet.
This template expects that you have private VNet setup for your organization, and that you have traffic patterns established to access it securely. You must have access to creating private endpoints for the VNet setup you wish to connect.
| Provider and type | Description |
|---|---|
Microsoft.Resources/resourceGroups |
The resource group all resources get deployed into |
Microsoft.Insights/components |
An Azure Application Insights instance associated with the Azure Machine Learning workspace |
Microsoft.KeyVault/vaults |
An Azure Key Vault instance associated with the Azure Machine Learning workspace |
Microsoft.Storage/storageAccounts |
An Azure Storage instance associated with the Azure Machine Learning workspace |
Microsoft.ContainerRegistry/registries |
An Azure Container Registry instance associated with the Azure Machine Learning workspace |
Microsoft.MachineLearningServices/workspaces |
An Azure AI hub (Azure Machine Learning RP workspace of kind 'hub') |
Microsoft.CognitiveServices/accounts |
An Azure AI Services as the model-as-a-service endpoint provider (allowed kinds: 'AIServices' and 'OpenAI') |
With Azure CLI:
# Pre-reqs, if required
az group create --name networkRg --location westus
az deployment group create --resource-group networkRg --template-file prereqs/prereq.main.bicep
# Main Deployment
az group create --name privateAiHub --location westus
az deployment group create --resource-group privateAiHub --template-file main.bicepIf you are new to Azure AI Studio, see:
- Azure AI Studio
Tags: ``Tags: