An Azure search service with built-in artificial intelligence capabilities that enrich information to help identify and explore relevant content at scale.
Hello Andrei Sanzharov,
Apologies for delay, thanking Moritz Goeke for prompt response. However, to summarize the cause and resolution, I am adding some details:
The 403 Forbidden error you're seeing means your Azure AI Search service is blocking the connection from your chatbot. As Moritz correctly pointed out, this is a permissions issue.
Now, I will share the two most common causes, starting with the one that's easiest to check.
1: Check the Network Firewall
This is a very common reason for a 403 error. Your AI Search service might have a firewall that is blocking access from other Azure services.
- In the Azure Portal, go to your Azure AI Search resource.
- On the left menu, find and click on Networking.
- You will likely see that "Public network access" is set to "Disabled" or "Selected Networks".
- To fix this, either:
A) Allow Trusted Services (Recommended): Under "Exceptions", check the box for "Allow trusted Microsoft services to access this search service". This is the secure way to let services like Azure OpenAI connect.
B) Enable All Networks: Set "Public network access" to "All networks". This is simpler but less secure.
After changing this setting, wait a minute and test your chatbot again. This often resolves the issue immediately.
2: Check the Authentication Key
If the network settings are correct, the next step is to ensure you're using the correct key. The screenshot provided by Moritz shows you exactly where to look. Your chatbot needs a powerful Admin Key, not a limited Query Key.
- In your Azure AI Search resource, navigate to the Keys blade on the left menu, just as shown in the screenshot.
- You will see two Admin Keys (Primary and Secondary). A common mistake that causes a 403 error is accidentally using a Query Key, which doesn't have enough permission for this task.
- Copy one of the full Admin Keys.
- Go back to your Azure OpenAI Studio where you configured the chatbot's data source. Edit the connection and paste this Admin Key into the authentication field.
Future suggestion:
Managed Identity - While using the Admin Key works perfectly, the most secure, long-term approach is to use a Managed Identity. This method is passwordless and works by granting permission to the Azure OpenAI service itself, rather than using a key that could be misplaced. If you rebuild your bot in the future, this is the recommended approach.
Add authentication to a bot in Bot Framework SDK
Configure Azure OpenAI with Microsoft Entra ID authentication
Provision an Azure Bot using User Assigned Managed Identity
Please feel free to accept the answer and upvote.