Machine Learning best practices

Best practice rules for Machine Learning

• Approved VM Size Compliance

  Ensure that your Machine Learning compute instances are of a given, approved size (e.g., Standard_DS3_v2).

• Check OS Image Version

  Ensure that your Machine Learning compute instances are using the latest OS image version.

• Check for Appropriate Admin SSH Public Key Management

  Ensure that admin SSH public key is properly configured when SSH access is enabled.

• Check for Non-Standard SSH Port Configuration

  Ensure that Azure Machine Learning compute instances are not using the standard port (22) for SSH access.

• Check for Subnet Isolation

  Ensure that your Azure Machine Learning compute instances are deployed to dedicated VNet subnets.

• Compute Instance State Management

  Ensure monitoring of idle compute instances to prevent unnecessary compute costs from forgotten running instances.

• Disable Root Access

  Ensure that your Azure Machine Learning compute instances have root access disabled.

• Disable SSH Public Access

  Ensure that your Machine Learning compute instances have SSH public access disabled.

• Enable Diagnostic Logs for Machine Learning Workspaces

  Ensure that Diagnostic Logs are enabled for your Azure Machine Learning workspaces.

• Enable High Business Impact for Machine Learning Workspaces

  Enable High Business Impact feature for your Azure Machine Learning workspaces.

• Enable Managed Virtual Network Isolation with Internet Outbound Access

  Ensure that managed VNet isolation with Internet outbound access is enabled for your Azure Machine Learning workspaces.

• Enable Network Isolation for Azure Machine Learning Registries

  Ensure that network isolation is enabled for your Azure Machine Learning registries.

• Machine Learning Workspace Encryption using Customer-Managed Keys

  Use Customer Managed Keys (CMKs) to encrypt Azure Machine Learning workspaces.

• Mandatory Resource Tagging

  Ensure there is a tagging strategy in use for identifying and organizing Azure Machine Learning compute instances by name, purpose, environment, and other criteria.

• Use Managed Identities

  Ensure that Azure Machine Learning compute instances are using managed identities for authentication.

• Use System-Assigned Managed Identities for Azure Machine Learning Workspaces

  Ensure that Azure Machine Learning workspaces are using system-assigned managed identities.