Exam DP-100 topic 5 question 33 discussion

Managed identity can be done see https://learn.microsoft.com/en-us/azure/machine-learning/how-to-datastore?view=azureml-api-2&tabs=cli-identity-based-access%2Csdk-adls-identity-access%2Csdk-azfiles-accountkey%2Csdk-adlsgen1-identity-access%2Csdk-onelake-identity-access

The latest UI in the Machine Learning Studio only have two options in Authentication type when creating a datastore : Account Key or SAS Token. This is consistent with what you can specify in the constructor: https://learn.microsoft.com/en-us/python/api/azure-ai-ml/azure.ai.ml.entities.azureblobdatastore?view=azure-python

You can have either Account Key or SAS while defining datastore. I guess SAS is the answer.

In exam on 2023-03-27

A. the most secure and recommended method is to use a Service principal. A Service principal is an Azure Active Directory (Azure AD) object that you can use to authenticate and authorize access to Azure resources. By using a Service principal, you can provide granular access to specific resources, without exposing the account key or SAS token. It also provides a centralized location to manage access to resources. While using a Managed identity is a valid option for authenticating when running code within a workspace or compute instance, it's not applicable for configuring authentication for datastores. A Managed identity provides an identity for a resource that can be used to authenticate to Azure services without requiring the use of credentials such as account keys or SAS tokens.

In exam on 2023-02-15

Managed Identity works for privilege control.

on exam 09/09/2022

service principal, SAS an auth are credential-based methods, which require the user to have Reader access on the whole workspace. I guess Managed identity is the answer we are looking for, since it enables a more fine-grained access control https://docs.microsoft.com/en-us/azure/machine-learning/concept-data?tabs=uri-file-example%2Ccli-data-create-example#datastore