Azure Machine Learning Workspace

Azure Machine Learning is a cloud service for accelerating and managing the machine learning project lifecycle. Machine learning professionals, data scientists, and engineers can use it in their day-to-day workflows: Train and deploy models, and manage MLOps.

View Source Code


Made by







Azure Machine Learning is a cloud service for accelerating and managing the machine learning project lifecycle. Machine learning professionals, data scientists, and engineers can use it in their day-to-day workflows: Train and deploy models, and manage MLOps.

Use Cases

Azure Machine Learning is for individuals and teams implementing MLOps within their organization to bring machine learning models into production in a secure and auditable production environment.

Cross-compatible platform tools

Anyone on an ML team can use their preferred tools to get the job done. Whether you’re running rapid experiments, hyperparameter-tuning, building pipelines, or managing inferences, you can use familiar interfaces including:

Train models

In Azure Machine Learning, you can run your training script in the cloud or build a model from scratch. Customers often bring models they’ve built and trained in open-source frameworks, so they can operationalize them in the cloud. Data scientists can use models in Azure Machine Learning that they’ve created in common Python frameworks, such as:

  • PyTorch
  • TensorFlow
  • scikit-learn
  • XGBoost
  • LightGBM Other languages and frameworks are supported as well, including:
  • R
  • .NET

Deploy models

To bring a model into production, it’s deployed. Azure Machine Learning’s managed endpoints abstract the required infrastructure for both batch or real-time (online) model scoring (inferencing).


Our bundle includes the following design choices to help simplify your deployment:

Deploy compute with ease

The compute wizard for ML Studio can be cumbersome to use, and it’s not always clear what the best compute type is for your use case. We’ve included a set of compute types that are optimized for the most common use cases. Deploying compute within the bundle is as simple as selecting the compute type you want and clicking “Deploy”.

Automatic service linking

The Azure services that must be deployed alongside the Azure Machine Learning Workspace are automatically deployed and linked to the workspace. This includes:

  • Storage
  • Key Vault
  • Application Insights (monitoring)
  • Compute

Best Practices

The bundle includes a number of best practices without needing any additional work on your part.

RBAC role assignments

The Azure Machine Learning Workspace uses a managed identity to communicate with other services. This managed identity is shared among the resources needed for Azure ML to operate, and the identity is granted the appropriate permissions to each of the other services.

Compute configuration

The compute clusters and instances provisioned within this bundle are configured with best practices in mind, such as assigning a managed identity and disabling SSH access.


Data encryption at rest

Azure Machine Learning stores snapshots, output, and logs in the Azure Blob storage account (default storage account) that’s tied to the Azure Machine Learning workspace and your subscription. All the data stored in Azure Blob storage is encrypted at rest with Microsoft-managed keys. All container images in your registry (Azure Container Registry) are encrypted at rest. Azure automatically encrypts an image before storing it and decrypts it when Azure Machine Learning pulls the image. The OS disk for each compute cluster and instance stored in Azure Storage are encrypted with Microsoft-managed keys in Azure Machine Learning storage accounts.

Data encryption in transit

Azure Machine Learning uses TLS to secure internal communication between various Azure Machine Learning microservices. All Azure Storage access also occurs over a secure channel. To secure external calls made to the scoring endpoint, Azure Machine Learning uses TLS.

Credential encryption

Azure Machine Learning uses the Azure Key Vault instance associated with the workspace to store credentials of various kinds:

  • The associated storage account connection string
  • Passwords to Azure Container Repository instances
  • Connection strings to data stores The workspace shares a user-assigned managed identity that has the same name as the workspace. This managed identity has access to all keys, secrets, and certificates in the key vault.


We do not currently support the following:

  • Customer-managed key encryption (every resource in the bundle uses Microsoft-managed keys)
  • Using a non-Massdriver managed Azure Container Registry
  • RBAC integration with Azure Key Vault
compute.cluster[].idle_durationstringThe Idle time before scaling down the cluster to the minimum node count.
compute.cluster[].max_nodesintegerThe maximum number of nodes in the compute cluster.
compute.cluster[].min_nodesintegerThe minimum number of nodes in the compute cluster.
compute.cluster[].namestringThe name of the compute cluster. Must be unique within the region.
compute.cluster[].sizestringThe size of the compute cluster.
compute.instance[].namestringThe name of the compute instance. Must be unique within the region.
compute.instance[].sizestringThe size of the compute instance.
compute.instance[].userstringMust be a valid Object ID for the Azure AD user.
workspace.high_business_impactbooleanIf your workspace contains sensitive data, you can enable high business impact features to help protect your data. This controls the amount of data Microsoft collects for diagnostic purposes and enables additional encryption in Microsoft managed environments. This cannot be changed after the workspace is created.
workspace.locationstringThe region of the workspace. This cannot be changed after the workspace is created.
No items found.