question

gepirvu avatar image
2 Votes"
gepirvu asked NickGraham-9856 edited

Azure ML MSI deployment over ARM Templates enables purge protection on Key Vault

I have discovered lately that when you deploy an Azure ML instance from the ARM Template, the MSI will override the purge protection settings of the Key Vault. It will enable purge protection on the Key Vault. This is not the behavior that I am looking for, because when trying to deploy it again, the template will fail saying that the Key Vault with the name already exists and you can't deleted before the retention period. This was my conclusion after doing several tests. Is my assumption correct?

If you deploy the Azure ML instance manually and select the Key Vault, it will keep the disable purge settings. Any ideas how can we keep purge disabled hier?

The Azure ML properties that we used are mentioned bellow:

   {
     "type": "Microsoft.MachineLearningServices/workspaces",
     "apiVersion": "2020-09-01-preview",
     "name": "[variables('machineLearningWorkspaceName')]",
     "location": "[parameters('location')]",
     "identity": {
       "type": "[parameters('amlManagedIdentityOption')]"
     },
     "dependsOn": [
       "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]",
       "[resourceId('Microsoft.Insights/components', variables('applicationInsightsName'))]",
       "[resourceId('Microsoft.ContainerRegistry/registries', variables('containerRegistryName'))]"
     ],
     "tags": "[parameters('resourceTags')]",
     "properties": {
       "friendlyName": "[variables('machineLearningWorkspaceName')]",
       "storageAccount": "[variables('storageAccount')]",
       **"keyVault": "[variables('keyVault')]",**
       "applicationInsights": "[variables('applicationInsights')]",
       "containerRegistry": "[ variables('containerRegistry')]",
       "adbWorkspace": "[variables('adbWorkSpace')]",
       "hbiWorkspace": "[parameters('confidential_data')]",
       "allowPublicAccessWhenBehindVnet": "[parameters('allowPublicAccessWhenBehindVnet')]"
     }
   }



On the Key Vault created also via ARM we have:

         "properties": {
                 "enabledForDeployment": "[parameters('enabledForDeployment')]",
                 "enabledForTemplateDeployment": "[parameters('enabledForTemplateDeployment')]",
                 "enabledForVolumeEncryption": "[parameters('enableVaultForVolumeEncryption')]",
                 "softDeleteRetentionInDays": 7,
                 "tenantId": "[subscription().tenantId]",
                 "copy": [
                     {
                         "name": "accessPolicies",
                         "count": "[length(parameters('userObjectId'))]",
                         "input": {
                             "tenantId": "[subscription().tenantId]",
                             "objectId": "[parameters('userObjectId')[copyIndex('accessPolicies')].Id]",
                             "permissions": "[parameters('userObjectId')[copyIndex('accessPolicies')].Permissions]"
                         }
 }


azure-machine-learning
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

GiftA-MSFT avatar image
0 Votes"
GiftA-MSFT answered NickGraham-9856 edited

Hi, thanks for your feedback. Soft delete is enabled by default on new key vaults that are created with a new workspace (without bringing existing key vault).


· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@GiftA-MSFT is it possible to investigate the issues explained in the comment above?

2 Votes 2 ·

That doesn't actually answer the question. The issue relates to Purge Protection not Soft Delete, these are two separate properties of KeyVault. When a KeyVault is created PurgeProtection is disabled by default (https://docs.microsoft.com/en-us/azure/key-vault/general/soft-delete-overview#purge-protection). When that KeyVault is then set as the KeyVault associated with a Machine Learning Workspace Purge Protection is enabled. This cannot be reversed and is undesirable behaviour.

1 Vote 1 ·