- Knowledge Base
- Microsoft Azure
- AI Services
- Use Private Endpoints for OpenAI Service Instances
To reduce the risk of exposure to external threats and strengthens overall security for your Azure OpenAI interactions, ensure that your Azure OpenAI service instances are accessed exclusively through private endpoint connections.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
Security Using private endpoints for Azure OpenAI service instances enables secure data access over Azure Private Link. The private endpoint uses an IP address from the virtual network, ensuring traffic stays within the Microsoft Azure backbone network, avoiding public Internet exposure. This setup blocks public endpoint connections, enhances virtual network security, prevents data exfiltration, and supports secure on-premises connections via Azure VPN Gateway or ExpressRoutes with private-peering. Additionally, it helps maintain compliance with regulatory requirements and organizational policies by enforcing strict network access controls and minimizing the surface area for potential security breaches.
Audit
To determine if network access to OpenAI service instances is allowed via private endpoints only, perform the following actions:
Using Azure Console
01 Sign in to the Azure Management Console.
02 Navigate to Azure OpenAI blade at https://portal.azure.com/#view/Microsoft_Azure_ProjectOxford/CognitiveServicesHub/~/OpenAI.
03 Select the Azure subscription that you want to examine from the Subscription equals all filter box, and choose Apply.
04 Click on the name (link) of the Azure OpenAI service instance that you want to examine. An OpenAI service instance has Kind set to OpenAI.
05 In the navigation panel, under Resource Management, select Networking to access the networking configuration settings available for the selected OpenAI resource.
06 Select the Firewalls and virtual networks tab and check the Allow access from configuration setting to determine the level of access configured for the selected OpenAI instance. If Allow access from is set to Disabled, network access via public endpoints or selected networks is disabled, therefore, you can continue the Audit process with the next step. Otherwise, the Audit process stops here.
07 Select the Private endpoint connections tab and check for any private endpoints configured for your instance. If there are no private endpoints available on this page, the selected Azure OpenAI service instance is not configured to allow network access via private endpoints only.
08 Repeat steps no. 4 – 7 for each Azure OpenAI instance available within the selected subscription.
09 Repeat steps no. 3 – 8 for each subscription created in your Microsoft Azure cloud account.
Using Azure CLI
01 Run cognitiveservices account list command (Windows/macOS/Linux) with custom output filters to list the name and the associated resource group for each Azure OpenAI service instance available in the current subscription:
az cognitiveservices account list
--output table
--query '[?(kind==`OpenAI`)].{name:name, resourceGroup:resourceGroup}'
02 The command output should return the requested OpenAI service instance identifiers:
Name ResourceGroup --------------------------- ------------------------------ tm-openai-project5-instance cloud-shell-storage-westeurope tm-openai-workspace-server cloud-shell-storage-westeurope
03 Run cognitiveservices account show command (Windows/macOS/Linux) with the name of the Azure OpenAI service instance that you want to examine as the identifier parameter and custom output filters to determine if the public network access to the selected OpenAI instance is disabled:
az cognitiveservices account show
--name tm-openai-project5-instance
--resource-group cloud-shell-storage-westeurope
--query '{networkAcls:properties.networkAcls.defaultAction,publicNetworkAccess:properties.publicNetworkAccess}'
04 The command output should return the status of the default network access rule used by the selected instance (i.e. "networkAcls" value) and the status of the "publicNetworkAccess" setting configured for the instance:
{
"networkAcls": "Deny",
"publicNetworkAccess": "Disabled"
}
If the cognitiveservices account show command output returns "Deny" for "networkAcls" and "Disabled" for "publicNetworkAccess", as shown in the example above, network access via public endpoints or selected networks is disabled, therefore, you can continue the Audit process with the next step. Otherwise, the Audit process stops here.
05 Run cognitiveservices account show command (Windows/macOS/Linux) to describe the private endpoint connections configured for the selected Azure OpenAI service instance:
az cognitiveservices account show --name tm-openai-project5 --resource-group cloud-shell-storage-westeurope --query 'properties.privateEndpointConnections'
06 The command output should return the information available for the configured private endpoints:
[]
If the cognitiveservices account show command output returns an empty array, i.e. [], there are no private endpoint connections associated with your instance, therefore, the selected Azure OpenAI service instance is not configured to allow network access via private endpoints only.
07 Repeat steps no. 3 - 6 for each Azure OpenAI instance available in the selected Azure subscription.
08 Repeat steps no. 1 – 7 for each subscription created in your Microsoft Azure cloud account.
Remediation / Resolution
To ensure that your Azure OpenAI service instances are accessed exclusively through private endpoint connections, perform the following operations:
Using Azure Console
01 Sign in to the Azure Management Console.
02 Navigate to Azure OpenAI blade at https://portal.azure.com/#view/Microsoft_Azure_ProjectOxford/CognitiveServicesHub/~/OpenAI.
03 Select the Azure subscription that you want to access from the Subscription equals all filter box, and choose Apply.
04 Click on the name (link) of the Azure OpenAI service instance that you want to configure.
05 In the navigation panel, under Resource Management, select Networking to access the networking configuration settings available for the selected OpenAI resource.
06 Select the Firewalls and virtual networks tab, set Allow access from to Disabled, and choose Save to apply the changes. Once the network configuration is updated, no networks can access your resource. Private endpoint connections will be the exclusive way to access your OpenAI instance.
07 Select the Private endpoint connections tab, choose + Private endpoint, and perform the following actions:
- For Basics, provide the following information:
- For Subscription, choose your Azure subscription.
- For Resource group, select the correct resource group.
- Provide a unique name for the private endpoint instance in the Name box.
- For Region, select the Azure cloud region where the private endpoint instance will be deployed.
- Choose Next : Resource > to continue the setup process.
- For Resource, select account from the Target sub-resource dropdown list. Choose Next : Virtual Network > to continue the setup.
- For Virtual Network, perform the following actions:
- For Virtual network, choose the name of the Azure virtual network (VNet) that you want to use for your private endpoint.
- For Subnet, select the VNet subnet where the private endpoint will be deployed.
- (Optional) For Network policy for private endpoints, choose (edit) next to Disabled to configure network policies for the selected VNet subnet.
- For Private IP configuration, choose whether to dynamically or statically allocate the private IP address.
- (Optional) For Application security group, choose + Create to create an Application Security Group (ASG) if required. ASGs allow you to configure network security by grouping virtual machines and defining policies based on these groups.
- Choose Next : DNS > to continue.
- For DNS, select Yes for Integrate with private DNS zone under Private DNS integration, to integrate your private endpoint with a private DNS zone. Ensure that the correct subscription and resource group are selected for the private DNS zone. Choose Next : Tags > to continue the setup.
- For Tags, use the Name, Value, and Resource fields to create tags that will help organize the identity of the selected resource. Choose Next : Review + create > to validate the private endpoint setup.
- For Review + create, review the resource configuration details, then choose Create to create your new private endpoint.
08 Repeat steps no. 4 - 7 for each Azure OpenAI instance that you want to configure, available within the selected Azure subscription.
09 Repeat steps no. 3 – 8 for each subscription available in your Microsoft Azure cloud account.
Using Azure CLI
01 Run cognitiveservices account list command (Windows/macOS/Linux) with custom output filters to list the identifier (ID) of each Azure OpenAI service instance available in the current subscription:
az cognitiveservices account list --query '[?(kind==`OpenAI`)].id'
02 The command output should return the requested OpenAI service instance identifiers:
[ "/subscriptions/abcd1234-abcd-1234-abcd-1234abcd1234/resourceGroups/cloud-shell-storage-westeurope/providers/Microsoft.CognitiveServices/accounts/tm-openai-project5-instance", "/subscriptions/abcd1234-abcd-1234-abcd-1234abcd1234/resourceGroups/cloud-shell-storage-westeurope/providers/Microsoft.CognitiveServices/accounts/tm-openai-workspace-server" ]
03 Run resource update command (Windows/macOS/Linux) with the ID of the Azure OpenAI service instance that you want to configure as the identifier parameter, to disable network access to the selected OpenAI instance. Once the network configuration changes are applied to the instance, no networks can access your resource. Private endpoint connections will be the exclusive way to access your OpenAI instance:
az resource update
--ids "/subscriptions/abcd1234-abcd-1234-abcd-1234abcd1234/resourceGroups/cloud-shell-storage-westeurope/providers/Microsoft.CognitiveServices/accounts/tm-openai-project5-instance"
--set properties.networkAcls="{'defaultAction':'Deny'}"
--set properties.publicNetworkAccess="Disabled"
04 The command output should return the information available for the configured OpenAI service instance:
{
"id": "/subscriptions/abcd1234-abcd-1234-abcd-1234abcd1234/resourceGroups/cloud-shell-storage-westeurope/providers/Microsoft.CognitiveServices/accounts/tm-openai-project5-instance",
"identity": {
"principalId": "abcd1234-abcd-1234-abcd-1234abcd1234",
"tenantId": "abcd1234-abcd-1234-abcd-1234abcd1234",
"type": "SystemAssigned",
},
"kind": "OpenAI",
"location": "westus",
"name": "tm-openai-project5-instance",
"properties": {
"encryption": {
"keySource": "Microsoft.KeyVault",
"keyVaultProperties": {
"keyName": "tm-openai-key",
"keyVaultUri": "https://tm-project5-vault.vault.azure.net",
"keyVersion": "abcd1234abcd1234abcd1234abcd1234"
}
},
...
"isMigrated": false,
"locations": null,
"migrationToken": null,
"networkAcls": {
"defaultAction": "Deny"
},
"privateEndpointConnections": [],
"provisioningState": "Succeeded",
"publicNetworkAccess": "Disabled",
"quotaLimit": null,
"restore": null,
"restrictOutboundNetworkAccess": null,
"scheduledPurgeDate": null,
"skuChangeInfo": null,
"userOwnedStorage": null
},
"resourceGroup": "cloud-shell-storage-westeurope",
"type": "Microsoft.CognitiveServices/accounts"
}
05 Run network private-endpoint create command (Windows/macOS/Linux) to create and attach a private endpoint to your Azure OpenAI service instance. Use the --private-connection-resource-id command parameter to specify the resource ID of your OpenAI instance:
az network private-endpoint create --name tm-private-endpoint --resource-group cloud-shell-storage-westeurope --vnet-name tm-project5-vnet --subnet tm-vnet-subnet-001 --private-connection-resource-id "/subscriptions/abcd1234-abcd-1234-abcd-1234abcd1234/resourceGroups/cloud-shell-storage-westeurope/providers/Microsoft.CognitiveServices/accounts/tm-openai-project5-instance" --connection-name tm-project5-openai-private-connection --group-id account --location westeurope
06 The command output should return the new private endpoint configuration information:
{
"customDnsConfigs": [
{
"fqdn": "tm-openai-project5-instance.openai.azure.com",
"ipAddresses": [
"10.0.0.4"
]
}
],
"customNetworkInterfaceName": "",
"etag": "W/\"abcd1234-abcd-1234-abcd-1234abcd1234\"",
"id": "/subscriptions/abcd1234-abcd-1234-abcd-1234abcd1234/resourceGroups/cloud-shell-storage-westeurope/providers/Microsoft.Network/privateEndpoints/tm-private-endpoint",
"ipConfigurations": [],
"location": "westeurope",
"manualPrivateLinkServiceConnections": [],
"name": "tm-private-endpoint",
"networkInterfaces": [
{
"id": "/subscriptions/abcd1234-abcd-1234-abcd-1234abcd1234/resourceGroups/cloud-shell-storage-westeurope/providers/Microsoft.Network/networkInterfaces/tm-private-endpoint.nic.abcd1234-abcd-1234-abcd-1234abcd1234",
"resourceGroup": "cloud-shell-storage-westeurope"
}
],
"privateLinkServiceConnections": [
{
"etag": "W/\"abcd1234-abcd-1234-abcd-1234abcd1234\"",
"groupIds": [
"account"
],
"id": "/subscriptions/abcd1234-abcd-1234-abcd-1234abcd1234/resourceGroups/cloud-shell-storage-westeurope/providers/Microsoft.Network/privateEndpoints/tm-private-endpoint/privateLinkServiceConnections/tm-project5-openai-private-connection",
"name": "tm-project5-openai-private-connection",
"privateLinkServiceConnectionState": {
"actionsRequired": "None",
"description": "Approved",
"status": "Approved"
},
"privateLinkServiceId": "/subscriptions/abcd1234-abcd-1234-abcd-1234abcd1234/resourceGroups/cloud-shell-storage-westeurope/providers/Microsoft.CognitiveServices/accounts/tm-openai-project5-instance",
"provisioningState": "Succeeded",
"resourceGroup": "cloud-shell-storage-westeurope",
"type": "Microsoft.Network/privateEndpoints/privateLinkServiceConnections"
}
],
"provisioningState": "Succeeded",
"resourceGroup": "cloud-shell-storage-westeurope",
"subnet": {
"id": "/subscriptions/abcd1234-abcd-1234-abcd-1234abcd1234/resourceGroups/cloud-shell-storage-westeurope/providers/Microsoft.Network/virtualNetworks/tm-project5-vnet/subnets/tm-vnet-subnet-001",
"resourceGroup": "cloud-shell-storage-westeurope"
},
"type": "Microsoft.Network/privateEndpoints"
}
07 Repeat steps no. 3 - 6 for each Azure OpenAI instance that you want to configure, available in the selected Azure subscription.
08 Repeat steps no. 1 – 7 for each subscription available in your Microsoft Azure cloud account.
References
- Azure Official Documentation
- Azure AI services security
- Configure Azure AI services virtual networks (portal)
- Configure Azure AI services virtual networks (azure-cli)
- Quickstart: Create a private endpoint by using the Azure portal
- Quickstart: Create a private endpoint by using the Azure CLI
- Azure Command Line Interface (CLI) Documentation
- az cognitiveservices account list
- az cognitiveservices account show
- az resource update
- az network private-endpoint create
Related AIServices rules
- Use Private Endpoints for OpenAI Service Instances (Security)
- Use Managed Identities for OpenAI Service Instances (Security, operational-excellence)
- OpenAI Encryption using Customer-Managed Keys (Security)
- Enable Diagnostic Logs for OpenAI Service Instances (Security, reliability, operational-excellence, cost-optimisation, performance-efficiency)