Use your data securely with the Microsoft Foundry portal playground

Note

This document refers to the Microsoft Foundry (classic) portal only.

This document is also specific to a hub-based project, and doesn't apply to a Foundry project. See How do I know which type of project I have? and Create a hub-based project.

Use this article to learn how to securely use Microsoft Foundry's playground chat on your data. The following sections provide our recommended configuration to protect your data and resources by using Microsoft Entra ID role-based access control, a managed network, and private endpoints. We recommend disabling public network access for Azure OpenAI resources, Azure AI Search resources, and storage accounts. Using selected networks with IP rules isn't supported because the services' IP addresses are dynamic.

Note

Foundry's managed virtual network settings apply only to Foundry's managed compute resources, not platform as a service (PaaS) services like Azure OpenAI or Azure AI Search. When you use PaaS services, there's no data exfiltration risk because Microsoft manages the services.

The following table summarizes the changes made in this article:

Configurations	Default	Secure	Notes
Data sent between services	Sent over the public network	Sent through a private network	Data is sent encrypted by using HTTPS even over the public network.
Service authentication	API keys	Microsoft Entra ID	Anyone with the API key can authenticate to the service. Microsoft Entra ID provides more granular and robust authentication.
Service permissions	API Keys	Role-based access control	API keys provide full access to the service. Role-based access control provides granular access to the service.
Network access	Public	Private	Using a private network prevents entities outside the private network from accessing resources secured by it.

Prerequisites

• Azure Subscription: You need an Azure subscription to create resources.
• Azure Roles:
  • Contributor or Owner on the Resource Group to configure networking and resources.
  • Cognitive Services OpenAI User on the Azure OpenAI resource to run the verification code.
• Foundry Hub: Ensure that the Foundry hub is deployed with the Identity-based access setting for the Storage account. This configuration is required for the correct access control and security of your Foundry Hub. You can verify this configuration using one of the following methods:
  • In the Azure portal, select the hub and then select Settings, Properties, and Options. At the bottom of the page, verify that Storage account access type is set to Identity-based access.
  • If deploying using Azure Resource Manager or Bicep templates, include the systemDatastoresAuthMode: 'identity' property in your deployment template.
• Python Environment: To run the verification code, you need Python 3.8 or later with the following packages installed:
  • openai
  • azure-identity
• Network Access: To run the verification code, you must have access to a machine within the virtual network (for example, an Azure VM) that has access to the private endpoints.
• RBAC Knowledge: You must be familiar with using Microsoft Entra ID role-based access control to assign roles to resources and users. For more information, visit the Role-based access control article.

Configure network isolated Foundry hub

If you're creating a new Foundry hub, use one of the following documents to create a hub with network isolation:

• Create a secure Foundry hub in Azure portal
• Create a secure Foundry hub using the Python SDK or Azure CLI

If you have an existing Foundry hub that isn't configured to use a managed network, use the following steps to configure it to use one:

1. From the Azure portal, select the hub, then select Settings, Networking, Public access.

2. To disable public network access for the hub, set Public network access to Disabled. Select Save to apply the changes.

   

3. Select Workspace managed outbound access and then select either the Allow Internet Outbound or Allow Only Approved Outbound network isolation mode. Select Save to apply the changes.

   

Configure Foundry Tools resource

Depending on your configuration, you might use a Foundry Tools resource that also includes Azure OpenAI or a standalone Azure OpenAI resource. The steps in this section configure an AI services resource. The same steps apply to an Azure OpenAI resource.

1. If you don't have an existing Foundry Tools resource for your Foundry hub, create one.

2. From the Azure portal, select the AI services resource, then select Resource Management, Identity, and System assigned.

3. To create a managed identity for the AI services resource, set the Status to On. Select Save to apply the changes.

   

4. To disable public network access, select Networking, Firewalls and virtual networks, and then set Allow access from to Disabled. Under Exceptions, make sure that Allow Azure services on the trusted services list is enabled. Select Save to apply the changes.

   

5. To create a private endpoint for the AI services resource, select Networking, Private endpoint connections, and then select + Private endpoint. This private endpoint is used to allow clients in your Azure Virtual Network to securely communicate with the AI services resource. For more information on using private endpoints with Foundry Tools, visit the Use private endpoints article.

   

   1. From the Basics tab, enter a unique name for the private endpoint, network interface, and select the region to create the private endpoint in.
   2. From the Resource tab, accept the target subresource of account.
   3. From the Virtual Network tab, select the Azure Virtual Network that the private endpoint connects to. This network should be the same one that your clients connect to, and that the Foundry hub has a private endpoint connection to.
   4. From the DNS tab, select the defaults for the DNS settings.
   5. Continue to the Review + create tab, then select Create to create the private endpoint.

6. Currently you can't disable local (shared key) authentication to Foundry Tools through the Azure portal. Instead, you can use the following Azure PowerShell cmdlet:

   # Connect to Azure
   Connect-AzAccount
   
   # Set variables
   $resourceGroupName = "your-resource-group-name"
   $accountName = "your-ai-services-account-name"
   
   # Disable local authentication
   Set-AzCognitiveServicesAccount -ResourceGroupName $resourceGroupName -Name $accountName -DisableLocalAuth $true
   

   Reference: Set-AzCognitiveServicesAccount

   For more information, visit the Disable local authentication in Foundry Tools article.

Configure Azure AI Search

Consider using an Azure AI Search index when you want to:

• Customize the index creation process.
• Reuse an index by ingesting data from other data sources.

To use an existing index, it must have at least one searchable field. Ensure at least one valid vector column is mapped when using vector search. 

Important

The information in this section applies only to securing the Azure AI Search resource for use with Foundry. If you're using Azure AI Search for other purposes, you might need to configure other settings. For related information on configuring Azure AI Search, see the following articles:

• Configure network access and firewall rules
• Enable or disable role-based access control
• Configure a search service to connect using a managed identity

1. If you don't have an existing Azure AI Search resource for your Foundry hub, create one.

2. From the Azure portal, select the AI Search resource, then select Settings, Identity, and System assigned.

3. To create a managed identity for the AI Search resource, set the Status to On. Select Save to apply the changes.

   

4. To disable public network access, select Settings, Networking, and Firewalls and virtual networks. Set Public network access to Disabled. Under Exceptions, make sure that Allow Azure services on the trusted services list is enabled. Select Save to apply the changes.

   

5. To create a private endpoint for the AI Search resource, select Networking, Private endpoint connections, and then select + Create a private endpoint.

   

   1. From the Basics tab, enter a unique name for the private endpoint, network interface, and select the region to create the private endpoint in.
   2. From the Resource tab, select the Subscription that contains the resource, set the Resource type to Microsoft.Search/searchServices, and select the Azure AI Search resource. The only available subresource is searchService.
   3. From the Virtual Network tab, select the Azure Virtual Network that the private endpoint connects to. This network should be the same one that your clients connect to, and that the Foundry hub has a private endpoint connection to.
   4. From the DNS tab, select the defaults for the DNS settings.
   5. Continue to the Review + create tab, then select Create to create the private endpoint.

6. To enable API access based on role-based access controls, select Settings, Keys, and then set API Access control to Role-based access control or Both. Select _Yes to apply the changes.

   Note

   Select Both if you have other services that use a key to access the Azure AI Search. Select Role-based access control to disable key-based access.

   

Configure Azure Storage (ingestion-only)

If you use Azure Storage for the ingestion scenario with the Foundry portal playground, you need to configure your Azure Storage Account.

1. Create a Storage Account resource.

2. From the Azure portal, select the Storage Account resource, then select Security + networking, Networking, and Firewalls and virtual networks.

3. To disable public network access and allow access from trusted services, set Public network access to Enabled from selected virtual networks and IP addresses. Under Exceptions, make sure that Allow Azure services on the trusted services list is enabled.

   

4. Set Public network access to Disabled and then select Save to apply the changes. The configuration to allow access from trusted services is still enabled.

5. To create a private endpoint for Azure Storage, select Networking, Private endpoint connections, and then select + Private endpoint.

   

   1. From the Basics tab, enter a unique name for the private endpoint, network interface, and select the region to create the private endpoint in.
   2. From the Resource tab, set the Target sub-resource to blob.
   3. From the Virtual Network tab, select the Azure Virtual Network that the private endpoint connects to. This network should be the same one that your clients connect to, and that the Foundry hub has a private endpoint connection to.
   4. From the DNS tab, select the defaults for the DNS settings.
   5. Continue to the Review + create tab, then select Create to create the private endpoint.

6. Repeat the previous step to create a private endpoint, but set the Target sub-resource to file. The previous private endpoint allows secure communication to blob storage, and this private endpoint allows secure communication to file storage.

7. To disable local (shared key) authentication to storage, select Configuration, under Settings. Set Allow storage account key access to Disabled, and then select Save to apply the changes. For more information, see the Prevent authorization with shared key article.

Configure Azure Key Vault

Foundry uses Azure Key Vault to securely store and manage secrets. To grant access to the key vault from trusted services, use the following steps.

Note

These steps assume that you already configured the key vault for network isolation when you created your Foundry Hub.

1. In the Azure portal, select the Key Vault resource, then select Settings, Networking, and Firewalls and virtual networks.
2. In the Exception section of the page, make sure that Allow trusted Microsoft services to bypass firewall is enabled.

Configure connections to use Microsoft Entra ID

Connections from Foundry to Foundry Tools and Azure AI Search should use Microsoft Entra ID for secure access. You create connections from Foundry instead of the Azure portal.

Important

Using Microsoft Entra ID with Azure AI Search is currently a preview feature. For more information on connections, visit the Add connections article.

1. From Foundry, select Connections. If you have existing connections to the resources, you can select the connection and then select the pencil icon in the Access details section to update the connection. Set the Authentication field to Microsoft Entra ID, then select Update.
2. To create a new connection, select + New connection, then select the resource type. Browse for the resource or enter the required information, then set Authentication to Microsoft Entra ID. Select Add connection to create the connection.

Repeat these steps for each resource that you want to connect to by using Microsoft Entra ID.

Assign roles to resources and users

The services need to authorize each other to access the connected resources. The admin performing the configuration needs to have the Owner role on these resources to add role assignments. The following table lists the required role assignments for each resource. The Assignee column refers to the system-assigned managed identity of the listed resource. The Resource column refers to the resource that the assignee needs to access. For example, the Azure AI Search has a system-assigned managed identity that needs to be assigned the Storage Blob Data Contributor role for the Azure Storage Account.

For more information on assigning roles, see Tutorial: Grant a user access to resources.

Resource	Role	Assignee	Description
Azure AI Search	Search Index Data Contributor	Foundry Tools/OpenAI	Read-write access to content in indexes. Import, refresh, or query the documents collection of an index. Only used for ingestion and inference scenarios.
Azure AI Search	Search Index Data Reader	Foundry Tools/OpenAI	Inference service queries the data from the index. Only used for inference scenarios.
Azure AI Search	Search Service Contributor	Foundry Tools/OpenAI	Read-write access to object definitions (indexes, aliases, synonym maps, indexers, data sources, and skillsets). Inference service queries the index schema for auto fields mapping. Data ingestion service creates index, data sources, skill set, indexer, and queries the indexer status.
Foundry Tools/OpenAI	Cognitive Services Contributor	Azure AI Search	Allow Search to create, read, and update AI Services resource.
Foundry Tools/OpenAI	Cognitive Services OpenAI Contributor	Azure AI Search	Allow Search the ability to fine-tune, deploy, and generate text
Azure Storage Account	Storage Blob Data Contributor	Azure AI Search	Reads blob and writes knowledge store.
Azure Storage Account	Storage Blob Data Contributor	Foundry Tools/OpenAI	Reads from the input container, and writes the preprocess result to the output container.
Azure Blob Storage private endpoint	Reader	Foundry project	For your Foundry project with managed network enabled to access Blob storage in a network restricted environment
Azure OpenAI Resource for chat model	Cognitive Services OpenAI User	Azure OpenAI resource for embedding model	[Optional] Required only if using two Azure OpenAI resources to communicate.

Note

The Cognitive Services OpenAI User role is only required if you're using two Azure OpenAI resources: one for your chat model and one for your embedding model. If this applies, enable Trusted Services AND ensure the Connection for your embedding model Azure OpenAI resource has EntraID enabled.

Assign roles to developers

To enable your developers to use these resources to build applications, assign the following roles to your developer's identity in Microsoft Entra ID. For example, assign the Search Services Contributor role to the developer's Microsoft Entra ID for the Azure AI Search resource.

For more information on assigning roles, see Tutorial: Grant a user access to resources.

Resource	Role	Assignee	Description
Azure AI Search	Search Services Contributor	Developer's Microsoft Entra ID	List API-Keys to list indexes from Foundry portal.
Azure AI Search	Search Index Data Contributor	Developer's Microsoft Entra ID	Required for the indexing scenario.
Foundry Tools/OpenAI	Cognitive Services OpenAI Contributor	Developer's Microsoft Entra ID	Call public ingestion API from Foundry portal.
Foundry Tools/OpenAI	Cognitive Services Contributor	Developer's Microsoft Entra ID	List API-Keys from Foundry portal.
Foundry Tools/OpenAI	Contributor	Developer's Microsoft Entra ID	Allows for calls to the control plane.
Azure Storage Account	Contributor	Developer's Microsoft Entra ID	List Account SAS to upload files from Foundry portal.
Azure Storage Account	Storage Blob Data Contributor	Developer's Microsoft Entra ID	Needed for developers to read and write to blob storage.
Azure Storage Account	Storage File Data Privileged Contributor	Developer's Microsoft Entra ID	Needed to Access File Share in Storage for Promptflow data.
The resource group or Azure subscription where the developer need to deploy the web app to	Contributor	Developer's Microsoft Entra ID	Deploy web app to the developer's Azure subscription.

Use your data in Foundry portal

Now, the data you add to Foundry is secured to the isolated network provided by your Foundry hub and project. For an example of using data, visit the build a question and answer copilot tutorial.

Deploy web apps

For information on configuring web app deployments, visit the Use Azure OpenAI on your data securely article.

Limitations

When using the Chat playground in Foundry portal, don't navigate to another tab within Studio. If you do navigate to another tab, when you return to the Chat tab you must remove your data and then add it back.

Verify secure connection

To verify that your secure connection works, run the following Python script from a machine within your virtual network (for example, an Azure VM). This script uses your Microsoft Entra ID credentials to authenticate.

import os
from azure.identity import DefaultAzureCredential
from openai import AzureOpenAI

# Set your Azure OpenAI details
endpoint = "https://<your-resource-name>.openai.azure.com/"
deployment_name = "<your-deployment-name>"

# Authenticate using DefaultAzureCredential
# This will use the identity of the VM or your local credentials if running locally
credential = DefaultAzureCredential()

# Initialize the Azure OpenAI client
client = AzureOpenAI(
    azure_endpoint=endpoint,
    azure_ad_token_provider=credential.get_token("https://cognitiveservices.azure.com/.default").token,
    api_version="2024-02-01" # Use a supported API version
)

# Test the connection with a simple chat completion
try:
    response = client.chat.completions.create(
        model=deployment_name,
        messages=[
            {"role": "system", "content": "You are a helpful assistant."},
            {"role": "user", "content": "Hello, can you confirm this connection is secure?"}
        ]
    )
    print("Connection successful!")
    print("Response:", response.choices[0].message.content)
except Exception as e:
    print("Connection failed.")
    print("Error:", e)

Reference: AzureOpenAI | DefaultAzureCredential

Related content

• Tutorial: Deploy an enterprise chat web app
• How to configure a managed network