Azure Machine Learning
Workspace Key
Service Name: Azure Machine Learning
Service Description: Azure Machine Learning is a cloud-based service that enables data scientists and developers to efficiently build, train, and deploy machine learning models. It provides a comprehensive environment for machine learning workflows, including data preparation, model training, evaluation, and deployment.
Service Address: https://ml.azure.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the Azure resource level using Network Security Groups (NSGs) and Virtual Networks (VNets).
Secret Access Scope: Grants programmatic access to Azure Machine Learning workspaces, allowing users to manage experiments, models, deployments, and other ML resources.
Secret Revokement URL: https://learn.microsoft.com/en-us/azure/machine-learning/how-to-manage-workspace?view=azureml-api-2#regenerate-workspace-keys
Secret Example: azml.ws.1a2b3c4d5e6f7g8h9i0j1k2l3m4n5o6p7q8r9s0t
Suspicious Activity Investigation Instructions:
- Review Azure Activity Logs for unusual operations related to the Machine Learning workspace.
- Check for unexpected model deployments or compute resource creations.
- Monitor for unusual data access patterns or large data exports.
-
Review authentication logs for access from unusual locations or times.
-
Check for modifications to workspace settings or permissions.
Mitigation Instructions:
- Immediately regenerate the workspace key in the Azure Portal.
- Navigate to your Azure Machine Learning workspace in the Azure Portal.
- Select "Keys" from the settings menu.
- Click "Regenerate" for the primary or secondary key that was compromised.
- Update any legitimate applications or scripts with the new key.
- Review and revoke any suspicious service principals or user accounts with access to the workspace.
- Enable Azure Defender for Machine Learning to enhance security monitoring.
- Consider implementing Azure Private Link to restrict network access to your workspace.