Azure OpenAI enterprise compliance
Quick answer
Azure OpenAI supports enterprise compliance by integrating with Azure Active Directory for secure access control, providing data residency options, and enabling audit logging via Azure Monitor. It complies with standards like ISO 27001, HIPAA, and FedRAMP, making it suitable for regulated enterprise environments.
PREREQUISITES
Python 3.8+Azure subscription with Azure OpenAI resourceAzure CLI installed and logged inpip install openai>=1.0 or azure-ai-openai>=1.0Azure Active Directory configured
Setup Azure OpenAI compliance
Start by creating an Azure OpenAI resource in your Azure portal with the appropriate region to meet data residency requirements. Configure Azure Active Directory (AAD) for role-based access control (RBAC) to restrict API usage to authorized users. Enable diagnostic logging to Azure Monitor for audit trails.
az login
az group create --name myResourceGroup --location eastus
az cognitiveservices account create \
--name myOpenAIResource \
--resource-group myResourceGroup \
--kind OpenAI \
--sku S0 \
--location eastus \
--yes
az monitor diagnostic-settings create \
--resource /subscriptions/<subscription-id>/resourceGroups/myResourceGroup/providers/Microsoft.CognitiveServices/accounts/myOpenAIResource \
--name OpenAIDiagnostics \
--workspace <log-analytics-workspace-id> \
--logs '[{"category": "AllLogs", "enabled": true}]' output
Login succeeded.
{
"id": "/subscriptions/.../resourceGroups/myResourceGroup/providers/Microsoft.CognitiveServices/accounts/myOpenAIResource",
"name": "myOpenAIResource",
"type": "Microsoft.CognitiveServices/accounts",
"location": "eastus",
"sku": {"name": "S0"}
}
Diagnostic setting created successfully. Step by step usage with compliance
Use the azure-ai-openai Python SDK with AAD authentication to call the Azure OpenAI API securely. This ensures enterprise-grade identity management and auditability. Below is a sample code to generate a chat completion with compliance best practices.
import os
from azure.identity import DefaultAzureCredential
from azure.ai.openai import OpenAIClient
endpoint = os.environ["AZURE_OPENAI_ENDPOINT"]
client = OpenAIClient(endpoint, credential=DefaultAzureCredential())
response = client.get_chat_completions(
deployment_name=os.environ["AZURE_OPENAI_DEPLOYMENT"],
messages=[{"role": "user", "content": "Explain enterprise compliance in Azure OpenAI."}]
)
print(response.choices[0].message.content) output
Azure OpenAI ensures enterprise compliance by integrating with Azure Active Directory for secure access, providing data residency options, and enabling audit logging through Azure Monitor.
Common variations
- Use API key authentication instead of AAD by passing
api_keytoOpenAIClient, but AAD is recommended for enterprise compliance. - Enable network security with
Private Endpointsto restrict access within your virtual network. - Use
Azure Policyto enforce compliance rules on your Azure OpenAI resources.
from azure.ai.openai import OpenAIClient
from azure.core.credentials import AzureKeyCredential
client = OpenAIClient(
endpoint=os.environ["AZURE_OPENAI_ENDPOINT"],
credential=AzureKeyCredential(os.environ["AZURE_OPENAI_API_KEY"])
)
# Private endpoint and network security are configured in Azure Portal or CLI, not in SDK code. output
No direct output; network and policy configurations are managed in Azure Portal or CLI.
Troubleshooting compliance issues
- If you see
401 Unauthorized, verify your Azure Active Directory permissions and token scopes. - For missing audit logs, ensure diagnostic settings are correctly configured to send logs to Azure Monitor or Log Analytics.
- Check that your Azure OpenAI resource is deployed in a compliant region matching your data residency requirements.
Key Takeaways
- Use Azure Active Directory for secure, compliant authentication to Azure OpenAI.
- Enable diagnostic logging to Azure Monitor for audit and compliance tracking.
- Deploy Azure OpenAI resources in regions that meet your enterprise data residency needs.