Azure OpenAI: data management and Abuse Monitoring

Question

Azure OpenAI: data management and Abuse Monitoring

De Ieso Francesco TRI-IS EXTERN 25

Hello,

we would like to use Azure OpenAI and would like to clarify some data management aspects. Here is an example use case: We have a B2C web app where users can upload documents. Our system must analyse them via Azure OpenAI and return the results to the user. Therefore, we are interested in understanding in detail how the data uploaded by users is managed, especially given the integration with OpenAI. In summary, it is as if I were using chatGPT by loading a document to obtain an analysis. Only, in this use case, the prompt is always the same, because we always want to obtain the same information.

My questions are related to the management of the user's personal data in the uploaded documents and in the service response:

For the management of the documents uploaded by the users, I imagine they should be historised in an Azure Blob Storage, so here it is possible to set up retention limitations and limit the presence of these documents in my tenant, right?

Instead, for the data in the service response, how is it handled? As I've read about Abuse Monitoring and it seems that the response and prompt are retained for 30 days? Where are they stored, in my tenant? Where do I find them? Is it possible to avoid this? Are they encrypted? (https://learn.microsoft.com/en-us/legal/cognitive-services/openai/data-privacy?tabs=azure-cli#how-does-the-azure-openai-service-process-data)

Also, I found this:

'If the customer's application is approved, Azure OpenAI abuse monitoring will be turned off and will not store any prompts and completions associated with the approved Azure subscription for which abuse monitoring is modified and the human review process is not performed.'

what does it depend on whether my app is accepted?

Thank you,

Francesco

Pavankumar Purilla 8,335 Reputation points Microsoft External Staff Moderator

2025-02-11T22:12:03.5266667+00:00

Hi De Ieso Francesco TRI-IS EXTERN
Greetings & Welcome to Microsoft Q&A forum! Thanks for posting your query!

For managing documents uploaded by users, Azure Blob Storage is a suitable choice. You can set up retention policies to control how long documents are stored. Azure Blob Storage offers lifecycle management policies that allow you to transition data to different access tiers or delete it after a specified period. This helps in limiting the presence of documents in your tenant.

Regarding the data in the service response, Azure OpenAI retains prompts and completions for 30 days for abuse monitoring purposes. This data is stored in Microsoft's Azure environment and is not accessible to other customers or OpenAI. The data is encrypted both in transit and at rest to ensure security.

If your application is approved for modified abuse monitoring, Azure OpenAI will not store any prompts and completions associated with the approved subscription. Approval depends on the specific use case and compliance with Microsoft's guidelines. You can apply for modified abuse monitoring by providing details about your application and its intended use.
For more information: Abuse Monitoring
I hope this information helps. Thank you.
De Ieso Francesco TRI-IS EXTERN 25 Reputation points

2025-02-12T11:44:14.7833333+00:00

Thanks for your reply!
As you said, regarding the data in the service response, this data is stored in Microsoft's Azure environment, but so in my tenant? If yes, where can I locate them in my tenant? can I manage access to this data only to a restricted functional group? I would like to understand how all this, linked to abuse monitoring, works in practice.

Thank you,

Francesco
Alex Burlachenko 9,780 Reputation points

2025-02-12T12:14:22.93+00:00

Hi there,

Chuck ‘em in Azure Blob Storage or whatever storage you fancy. u can set limits so you’re not stockpiling data like a hoarder. By default, Azure hangs onto your prompts and responses for 30 days to keep an eye out for dodgy stuff. These logs aren’t in your tenant, they’re stashed away in Microsoft’s system. U can’t see them, they’re just for compliance. Everything’s encrypted, so no one’s having a snoop. If your app gets approved, Azure stops logging so no data saved, no monitoring. Whether you get approved depends on how proper your use case is (big biz, compliance, etc.).

Where’s the Data? Your docs? In your Azure storage. Responses? Only in your app, azure doesn’t let you see the logs they keep.

Want to Dodge Logging? Only way is to get Microsoft’s approval and they’ll turn it off.
De Ieso Francesco TRI-IS EXTERN 25 Reputation points

2025-02-17T14:37:20.2366667+00:00

Hi @Alex Burlachenko @Pavankumar Purilla ,

can I check the approval of my application to these Microsoft policies before creating it? if yes, how? or do I need to first create the application on Azure OpenAI and then apply for approval?
Alex Burlachenko 9,780 Reputation points

2025-02-17T16:09:33.4933333+00:00

hi ) Microsoft will review your application to ensure it complies with their policies and usage guidelines. This process can take some time, and you will be notified of the approval status once the review is complete. I dont think it can be done before.

rgds,

Alex
De Ieso Francesco TRI-IS EXTERN 25 Reputation points

2025-02-18T09:21:37.4533333+00:00

thank you for your reply!

Who can I ask for certain information? csgate@microsoft.com?
Saideep Anchuri 9,425 Reputation points Microsoft External Staff Moderator

2025-02-18T10:34:46.7633333+00:00

Hi De Ieso Francesco TRI-IS EXTERN

csgate team only will follow up with you on validation of your use case.

Thank You.
De Ieso Francesco TRI-IS EXTERN 25 Reputation points

2025-02-18T11:03:08.2666667+00:00

Hi @Saideep Anchuri ,

thank you for your reply!

So only after creating my application, and not before by assuming my use case, right?
Saideep Anchuri 9,425 Reputation points Microsoft External Staff Moderator

2025-02-18T11:07:28.0066667+00:00

Hi De Ieso Francesco TRI-IS EXTERN

Yes, csgate team does cross validation with customer before approving abuse monitoring and content filtering.

Thank You.

Accepted answer

0 additional answers

Your answer

Pavankumar Purilla 8,335 Reputation points Microsoft External Staff Moderator

2025-02-11T22:12:03.5266667+00:00

Hi De Ieso Francesco TRI-IS EXTERN
Greetings & Welcome to Microsoft Q&A forum! Thanks for posting your query!

For managing documents uploaded by users, Azure Blob Storage is a suitable choice. You can set up retention policies to control how long documents are stored. Azure Blob Storage offers lifecycle management policies that allow you to transition data to different access tiers or delete it after a specified period. This helps in limiting the presence of documents in your tenant.

Regarding the data in the service response, Azure OpenAI retains prompts and completions for 30 days for abuse monitoring purposes. This data is stored in Microsoft's Azure environment and is not accessible to other customers or OpenAI. The data is encrypted both in transit and at rest to ensure security.

If your application is approved for modified abuse monitoring, Azure OpenAI will not store any prompts and completions associated with the approved subscription. Approval depends on the specific use case and compliance with Microsoft's guidelines. You can apply for modified abuse monitoring by providing details about your application and its intended use.
For more information: Abuse Monitoring
I hope this information helps. Thank you.
De Ieso Francesco TRI-IS EXTERN 25 Reputation points

2025-02-12T11:44:14.7833333+00:00

Thanks for your reply!
As you said, regarding the data in the service response, this data is stored in Microsoft's Azure environment, but so in my tenant? If yes, where can I locate them in my tenant? can I manage access to this data only to a restricted functional group? I would like to understand how all this, linked to abuse monitoring, works in practice.

Thank you,

Francesco
Alex Burlachenko 9,780 Reputation points

2025-02-12T12:14:22.93+00:00

Hi there,

Chuck ‘em in Azure Blob Storage or whatever storage you fancy. u can set limits so you’re not stockpiling data like a hoarder. By default, Azure hangs onto your prompts and responses for 30 days to keep an eye out for dodgy stuff. These logs aren’t in your tenant, they’re stashed away in Microsoft’s system. U can’t see them, they’re just for compliance. Everything’s encrypted, so no one’s having a snoop. If your app gets approved, Azure stops logging so no data saved, no monitoring. Whether you get approved depends on how proper your use case is (big biz, compliance, etc.).

Where’s the Data? Your docs? In your Azure storage. Responses? Only in your app, azure doesn’t let you see the logs they keep.

Want to Dodge Logging? Only way is to get Microsoft’s approval and they’ll turn it off.
De Ieso Francesco TRI-IS EXTERN 25 Reputation points

2025-02-17T14:37:20.2366667+00:00

Hi @Alex Burlachenko @Pavankumar Purilla ,

can I check the approval of my application to these Microsoft policies before creating it? if yes, how? or do I need to first create the application on Azure OpenAI and then apply for approval?
Alex Burlachenko 9,780 Reputation points

2025-02-17T16:09:33.4933333+00:00

hi ) Microsoft will review your application to ensure it complies with their policies and usage guidelines. This process can take some time, and you will be notified of the approval status once the review is complete. I dont think it can be done before.

rgds,

Alex
De Ieso Francesco TRI-IS EXTERN 25 Reputation points

2025-02-18T09:21:37.4533333+00:00

thank you for your reply!

Who can I ask for certain information? csgate@microsoft.com?
Saideep Anchuri 9,425 Reputation points Microsoft External Staff Moderator

2025-02-18T10:34:46.7633333+00:00

Hi De Ieso Francesco TRI-IS EXTERN

csgate team only will follow up with you on validation of your use case.

Thank You.
De Ieso Francesco TRI-IS EXTERN 25 Reputation points

2025-02-18T11:03:08.2666667+00:00

Hi @Saideep Anchuri ,

thank you for your reply!

So only after creating my application, and not before by assuming my use case, right?
Saideep Anchuri 9,425 Reputation points Microsoft External Staff Moderator

2025-02-18T11:07:28.0066667+00:00

Hi De Ieso Francesco TRI-IS EXTERN

Yes, csgate team does cross validation with customer before approving abuse monitoring and content filtering.

Thank You.

Answer 1

Pavankumar Purilla 8,335 Microsoft External Staff Moderator

Hi De Ieso Francesco TRI-IS EXTERN,
Hope you are doing well.

The data in the service response, including prompts and completions, is stored in Microsoft's Azure environment and not directly in your tenant. This data is retained for 30 days for abuse monitoring purposes.

Azure OpenAI's abuse monitoring involves several components:

Content Classification: Detects harmful content in prompts and completions.

Abuse Pattern Capture: Monitors usage patterns to detect potential abuse.

Review and Decision: Flagged content undergoes automated or human review to confirm potential abuse.
For more information: Components of abuse monitoring

If your application is approved for modified abuse monitoring, prompts and completions will not be stored. Approval depends on your application's compliance with Microsoft's guidelines.

Pavankumar Purilla 8,335 Reputation points Microsoft External Staff Moderator

2025-02-13T17:26:16.7033333+00:00

Hi De Ieso Francesco TRI-IS EXTERN,
Did you get any chance to check the above response. Thank you!
SriLakshmi C 6,010 Reputation points Microsoft External Staff Moderator

2025-02-14T11:57:21.99+00:00

Hi De Ieso Francesco TRI-IS EXTERN,

Just checking in to see if the below answer helped. If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

Thank you!
Killian Pernet 0 Reputation points

2025-05-15T16:01:04.6266667+00:00

Dear Microsoft staff,

I would also need a follow up on de ieso francesco question, could you provide me the exact link to the exact document (and page if possible) which stipulates in black and white that no content or prompts will be flagged if supending monitoring? I need the actual text for legal compliance, tech support message will not suffice, and the link you provided to francesco does not lead to your previous statement.

Thank you.

Killian

Share via

Azure OpenAI: data management and Abuse Monitoring

0 additional answers

Your answer