This private preview feature aims to:
-
Address the security concern for AzureML datastore storing secrets. Today, users have to register datastore with credentials, which is then accessible to anyone with datastore reader role in the workspace. Blob, ADLS Gen1, ADLS Gen2 are supported.
-
Enable eyes-off training. For companies with sensitive data, we make it possible for data scientists to do training without access to the actual data content. You can grant data access to AML compute. So that data scientists won't be able to access or read the data using their own identity but they can still submit experiments to train with the data using compute identity.
Sample notebook using estimator
Sample notebook using pipeline -
Enable credential passthrough for granular data access control. For workspace shared by users with different level of data access permission, it is now possible to always authenticate data access with users' AAD token. Admin only needs to manage access control at storage (e.g. adlsgen2). AzureML will passthrough users' AAD token for both interactive experiment and training on remote compute.
NOTE: For private preview, we only support ScriptRun on AML compute* for ADLS Gen2 storage. We will expand support for automl, pipelines in public preview. Whitelisting is reqruied to enable credential passthrough. Please reach out to May Hu (sihhu@microsoft.com) to participate.
*AML compute (Compute clusters) backed with all VM skus EXCEPT the following skus:- "standard_nc24r"
- "standard_a8"
- "standard_a9"
- "standard_h16r"
- "standard_h16mr"
- "standard_nc24rs_v2"
- "standard_nc24rs_v3"
- "standard_nd24rs"
How data access authenticaiton works:
This is a private preview feature of Azure Machine Learning and is subject to the Azure Legal Terms and the Supplemental Terms for Azure Previews