You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+4-20Lines changed: 4 additions & 20 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -306,27 +306,11 @@ The core pillars of MLOps on Azure are:
306
306
307
307
> These concerns apply across all phases and should be addressed from the start of the project.
308
308
309
-
|Security & Access Control Practice | Consideration|
309
+
|Category | Practices & Considerations|
310
310
|---|---|
311
-
|**Least-privilege RBAC**| Apply minimal permissions at every layer: Azure ML Workspace, Storage Account, Key Vault, and compute. |
312
-
|**Secret management**| Store all secrets in **Azure Key Vault**, never in code, baked-in environment variables, or `terraform.tfvars` committed to source control. |
313
-
|**Managed Identity**| Use System-Assigned or User-Assigned Managed Identity for all Azure ML resources to eliminate credential management entirely. |
314
-
|**Private endpoints**| Enable private endpoints for the Azure ML Workspace, Storage, Key Vault, and Container Registry in production to eliminate public internet exposure. |
315
-
316
-
| Governance & Compliance Practice | Consideration |
317
-
|---|---|
318
-
|**Azure Policy**| Assign policies to enforce organizational standards: allowed regions, required tags, mandatory encryption settings across all Azure ML resources. |
319
-
|**Resource tagging**| Attach required tags (`environment`, `project`, `owner`, `cost-center`) to all resources to enable cost allocation and governance reporting. |
320
-
|**Responsible AI artifacts**| Use the Azure ML Responsible AI Dashboard to generate an RAI assessment artifact for every model version promoted to production. |
321
-
|**Audit trail**| Maintain a record of all model registrations, deployments, and endpoint configuration changes via Azure Activity Log. |
322
-
323
-
| Cost Management Practice | Consideration |
324
-
|---|---|
325
-
|**Budget alerts**| Configure budget alerts in Azure Cost Management for the ML resource group to catch unexpected spend early. |
326
-
|**Scale-to-zero training**| Use compute clusters that scale to zero nodes when idle, never leave clusters running between jobs. |
327
-
|**Dev instance shutdown**| Schedule automatic shutdown for compute instances used for development (e.g., nightly shutdown policy). |
328
-
|**Workspace hygiene**| Regularly review and delete unused model versions, stale datasets, and old pipeline run logs that accumulate over time. |
329
-
|**Reserved Instances**| Use Reserved Instances for stable, predictable production endpoint compute to reduce costs by up to 40%. |
311
+
|**Security & Access Control**| - **Least-privilege RBAC**: Apply minimal permissions at every layer: Workspace, Storage Account, Key Vault, and compute.<br>- **Secret management**: Store all secrets in **Azure Key Vault**, never in code, baked-in environment variables, or `terraform.tfvars`.<br>- **Managed Identity**: Use System-Assigned or User-Assigned Managed Identity to eliminate credential management entirely.<br>- **Private endpoints**: Enable private endpoints for Workspace, Storage, Key Vault, and Container Registry in production. |
312
+
|**Governance & Compliance**| - **Azure Policy**: Enforce organizational standards, allowed regions, required tags, mandatory encryption settings.<br>- **Resource tagging**: Attach tags (`environment`, `project`, `owner`, `cost-center`) to all resources for cost allocation and reporting.<br>- **Responsible AI artifacts**: Generate an RAI assessment artifact for every model version promoted to production.<br>- **Audit trail**: Track all model registrations, deployments, and config changes via Azure Activity Log. |
313
+
|**Cost Management**| - **Budget alerts**: Configure alerts in Azure Cost Management for the ML resource group to catch unexpected spend early.<br>- **Scale-to-zero training**: Use compute clusters that scale to zero nodes when idle, never leave clusters running between jobs.<br>- **Dev instance shutdown**: Schedule automatic shutdown for development compute instances (e.g., nightly policy).<br>- **Workspace hygiene**: Regularly delete unused model versions, stale datasets, and old pipeline run logs.<br>- **Reserved Instances**: Use Reserved Instances for production endpoint compute to reduce costs by up to 40%. |
330
314
331
315
> CI/CD Pipeline Structure: A typical MLOps CI/CD pipeline on Azure looks like.
0 commit comments