How to Intermediate · 3 min read

Azure OpenAI private endpoints

Q: Azure OpenAI private endpoints

Use Azure OpenAI private endpoints to securely access Azure OpenAI models within your Azure Virtual Network by configuring private endpoint connections. This setup enables private IP access to the Azure OpenAI service, isolating traffic from the public internet and enhancing security.

Quick answer

Use Azure OpenAI private endpoints to securely access Azure OpenAI models within your Azure Virtual Network by configuring private endpoint connections. This setup enables private IP access to the Azure OpenAI service, isolating traffic from the public internet and enhancing security.

PREREQUISITES

Python 3.8+
Azure subscription with Azure OpenAI resource
Azure CLI installed and logged in
pip install openai>=1.0
Azure OpenAI API key with private endpoint enabled

Setup Azure private endpoint

First, create an Azure OpenAI resource and configure a private endpoint within your Azure Virtual Network (VNet). This allows your applications to access the Azure OpenAI service over a private IP address, avoiding exposure to the public internet.

Create an Azure OpenAI resource in the Azure portal.
Navigate to the resource's Networking tab.
Add a private endpoint linked to your VNet and subnet.
Approve the private endpoint connection.
Ensure your client environment can route to the private IP.

Step by step Python example

Use the Azure OpenAI private endpoint by setting the azure_endpoint parameter to your private endpoint URL and authenticating with your API key. This example shows a simple chat completion call using the AzureOpenAI client.

python

import os
from openai import AzureOpenAI

client = AzureOpenAI(
    api_key=os.environ["AZURE_OPENAI_API_KEY"],
    azure_endpoint=os.environ["AZURE_OPENAI_PRIVATE_ENDPOINT"],
    api_version="2024-02-01"
)

response = client.chat.completions.create(
    model=os.environ["AZURE_OPENAI_DEPLOYMENT"],
    messages=[{"role": "user", "content": "Hello from private endpoint!"}]
)
print(response.choices[0].message.content)

output

Hello from private endpoint! How can I assist you today?

Common variations

You can use async calls with AzureOpenAI by leveraging asyncio. Also, switch models by changing the deployment name in AZURE_OPENAI_DEPLOYMENT. Streaming responses are supported by setting stream=True in chat.completions.create.

python

import os
import asyncio
from openai import AzureOpenAI

async def main():
    client = AzureOpenAI(
        api_key=os.environ["AZURE_OPENAI_API_KEY"],
        azure_endpoint=os.environ["AZURE_OPENAI_PRIVATE_ENDPOINT"],
        api_version="2024-02-01"
    )
    stream = await client.chat.completions.create(
        model=os.environ["AZURE_OPENAI_DEPLOYMENT"],
        messages=[{"role": "user", "content": "Stream from private endpoint"}],
        stream=True
    )
    async for chunk in stream:
        print(chunk.choices[0].delta.content or "", end="", flush=True)

asyncio.run(main())

output

Streaming response text appears here in real time...

Troubleshooting tips

If you get connection refused errors, verify your VNet routing and DNS resolution to the private endpoint.
Ensure your API key has permissions for the Azure OpenAI resource.
Check that the private endpoint connection is approved in the Azure portal.
Use nslookup or ping to confirm private endpoint DNS resolves correctly.

✅

Key Takeaways

Configure Azure OpenAI private endpoints in your Azure VNet for secure, private access.
Use the AzureOpenAI client with azure_endpoint set to your private endpoint URL.
Private endpoints isolate traffic from the public internet, enhancing security and compliance.
Async and streaming calls are fully supported with private endpoints.
Verify network routing and private endpoint approval to avoid connectivity issues.

Verified 2026-04 · gpt-4o, gpt-4o-mini, azure_openai_deployment

Verify ↗