Azure 机器学习的 Azure Policy 内置策略定义Azure Policy built-in policy definitions for Azure Machine Learning

此页是 Azure 机器学习的 Azure Policy 内置策略定义的索引。This page is an index of Azure Policy built-in policy definitions for Azure Machine Learning. Azure Policy 的常见用例包括实施监管来满足资源一致性、法规遵从性、安全性、成本和管理方面的要求。Common use cases for Azure Policy include implementing governance for resource consistency, regulatory compliance, security, cost, and management. Azure 环境中已经内置了这些常见用例的策略定义,帮助你入门。Policy definitions for these common use cases are already available in your Azure environment as built-ins to help you get started. 有关其他服务的其他 Azure Policy 内置定义,请参阅 Azure Policy 内置定义For additional Azure Policy built-ins for other services, see Azure Policy built-in definitions.

每个内置策略定义链接(指向 Azure 门户中的策略定义)的名称。The name of each built-in policy definition links to the policy definition in the Azure portal. 使用“GitHub”列中的链接查看 Azure Policy GitHub 存储库上的源。Use the link in the GitHub column to view the source on the Azure Policy GitHub repo.

内置策略定义Built-in policy definitions

名称Name
(Azure 门户)(Azure portal)
说明Description 效果Effect(s) 版本Version
(GitHub)(GitHub)
Azure 机器学习工作区应使用客户托管密钥 (CMK) 进行加密Azure Machine Learning workspaces should be encrypted with a customer-managed key (CMK) 评估未使用客户托管密钥 (CMK) 启用加密的 Azure 机器学习工作区。Evaluate Azure Machine Learning workspaces that do not have encryption enabled with customer-managed keys (CMK). 客户托管密钥为工作区添加了额外一层安全。Customer-managed keys add an aditional layer of security for workspaces. 有关详细信息,请访问 https://aka.ms/azureml-workspaces-cmkFor more information, visit https://aka.ms/azureml-workspaces-cmk. Audit、Deny、DisabledAudit, Deny, Disabled 1.0.01.0.0
Azure 机器学习工作区应使用专用链接Azure Machine Learning workspaces should use private link 评估没有达到“至少有一个已批准的专用终结点连接”标准的 Azure 机器学习工作区。Evaluate Azure Machine Learning workspaces that do not have at least one approved private endpoint connection. 虚拟网络中的客户端可以安全地访问通过专用链接获得专用终结点连接的资源。Clients in a virtual network can securely access resources that have private endpoint connections through private links. 有关详细信息,请访问:https://aka.ms/azureml-workspaces-privatelinkFor more information, visit: https://aka.ms/azureml-workspaces-privatelink. Audit、DisabledAudit, Disabled 1.0.01.0.0
为指定的 Azure 机器学习计算配置允许的模块作者Configure allowed module authors for specified Azure Machine Learning computes 此策略有助于提供在指定的 Azure 机器学习计算中允许的模块作者,并可以在工作区中分配这些模块作者。This policy helps provide allowed module authors in specified Azure Machine Learning computes and can be assigned at the workspace. 有关详细信息,请访问 https://aka.ms/amlpolicydocFor more information, visit https://aka.ms/amlpolicydoc. enforceSetting,已禁用enforceSetting, disabled 1.0.1-preview1.0.1-preview
为指定的 Azure 机器学习计算配置允许的 Python 包Configure allowed Python packages for specified Azure Machine Learning computes 此策略有助于提供在指定的 Azure 机器学习计算中允许的 Python 包,并可以在工作区中分配这些包。This policy helps provide allowed Python packages in specified Azure Machine Learning computes and can be assigned at the workspace. 有关详细信息,请访问 https://aka.ms/amlpolicydocFor more information, visit https://aka.ms/amlpolicydoc. enforceSetting,已禁用enforceSetting, disabled 1.0.0-preview1.0.0-preview
为指定的 Azure 机器学习计算配置允许的注册表Configure allowed registries for specified Azure Machine Learning computes 此策略有助于提供在指定的 Azure 机器学习计算中允许的注册表,并可以在工作区中分配这些注册表。This policy helps provide registries that are allowed in specified Azure Machine Learning computes and can be assigned at the workspace. 有关详细信息,请访问 https://aka.ms/amlpolicydocFor more information, visit https://aka.ms/amlpolicydoc. enforceSetting,已禁用enforceSetting, disabled 1.0.0-preview1.0.0-preview
为指定的 Azure 机器学习计算配置在运行作业之前调用的审批终结点Configure an approval endpoint called prior to jobs running for specified Azure Machine Learning computes 此策略有助于为指定的 Azure 机器学习计算配置在运行作业之前调用的审批终结点,并能将其分配到工作区。This policy helps configure an approval endpoint called prior to jobs running for specified Azure Machine Learning computes and can be assigned at the workspace. 有关详细信息,For more information. 有关详细信息,请访问 https://aka.ms/amlpolicydocFor more information, visit https://aka.ms/amlpolicydoc. enforceSetting,已禁用enforceSetting, disabled 1.0.0-preview1.0.0-preview
为指定的 Azure 机器学习计算配置用于定型代码的代码签名Configure code signing for training code for specified Azure Machine Learning computes 此策略有助于在指定的 Azure 机器学习计算中为定型代码提供代码签名,可在工作区中分配此策略。This policy helps provide code signing for training code in specified Azure Machine Learning computes and can be assigned at the workspace. 有关详细信息,请访问 https://aka.ms/amlpolicydocFor more information, visit https://aka.ms/amlpolicydoc. enforceSetting,已禁用enforceSetting, disabled 1.0.0-preview1.0.0-preview
为指定的 Azure 机器学习计算配置用于完整日志的日志筛选表达式以及数据存储Configure log filter expressions and datastore to be used for full logs for specified Azure Machine Learning computes 此策略有助于在指定的 Azure 机器学习计算中提供用于完整日志的日志筛选表达式和数据存储,并能将其分配到工作区。This policy helps provide log filter expression and datastore to be used for full logs in specified Azure Machine Learning computes and can be assigned at the workspace. 有关详细信息,请访问 https://aka.ms/amlpolicydocFor more information, visit https://aka.ms/amlpolicydoc. enforceSetting,已禁用enforceSetting, disabled 1.0.0-preview1.0.0-preview

后续步骤Next steps