Hi!
Azure Container Registry can allow select trusted Azure services to access a registry that’s configured with network access rules. When trusted services are allowed, a trusted service instance can securely bypass the registry’s network rules and perform operations such as pull or push images.
| Trusted service | Supported usage scenarios | Configure managed identity with RBAC role |
|---|---|---|
| Azure Container Instances | Deploy to Azure Container Instances from Azure Container Registry using a managed identity | Yes, either system-assigned or user-assigned identity |
| Microsoft Defender for Cloud | Vulnerability scanning by Microsoft Defender for container registries | No |
| ACR Tasks | Access the parent registry or a different registry from an ACR Task | Yes |
| Machine Learning | Deploy or train a model in a Machine Learning workspace using a custom Docker container image | Yes |
| Azure Container Registry | Import images to or from a network-restricted Azure container registry | No |
To enable:
az acr update --name myregistry --allow-trusted-services true
To disable:
az acr update --name myregistry --allow-trusted-services false
Maxime.