Private Network access for Blob Storage URIs from Azure OpenAI Service

Question

Private Network access for Blob Storage URIs from Azure OpenAI Service

Sean K 20

I'm working on a project that requires all resources to be inaccessible via public endpoints. To simplify, the service consists of three core resources: A web app (App Service), Azure OpenAI, and Azure Storage Account. The web app is the only resource that's publicly accessible, and is connected to a VNet through a delegated subnet. The blob store and OpenAI service are not accessible publicly and are accessible from the web app via the web app subnet.

I'm having trouble with the following scenario: I'd like users to be able to upload images through the web app, have them stored in the blob store, and then pass the images to OpenAI service as an SAS URI so OpenAI models can process the image and respond to user prompts. I have image upload and viewing on the web app working, but I can't seem to get Azure OpenAI to be able to access images served from my Azure blob store.

I've tried a few variations of the following configurations:

Create a service subnet that both my storage account and OpenAI service attach to
Create private endpoints for OpenAI Service and Storage Account (blob sub-service) service to access a new "service subnet"

Could anyone point me in the right direction? I was pretty surprised that having a dedicated subnet with access to both services didn't end up working, but maybe I have some fundamental misconception of how some of this is working... Thanks in advance!

Accepted answer

0 additional answers

Your answer

Answer 1

Marcin Policht 44,245 MVP

As far as I can tell, the primary reason for the behavior you're seeing is that Private Endpoints and SAS URIs don’t play well together — unless public network access is enabled. When you generate an SAS URI, you're giving a public-facing URL (e.g., https://yourstorage.blob.core.windows.net/...) with an access token. Azure OpenAI tries to fetch the image using this URI.

If your storage account disables public access, then even valid SAS URIs won't work from Azure OpenAI, unless Azure OpenAI is somehow accessing storage internally (not via the public blob endpoint).

Unfortunately, Azure OpenAI does not currently access blob URIs over private endpoints. It fetches them via the public internet, even when operating inside a VNet.

As far as resolving this, you might consider re-enable public access on Storage but scope it to trusted services and shortening the duration of validity of your SAS keys...

Alternatively, consider the approach described at https://learn.microsoft.com/en-us/answers/questions/1183111/azure-blob-sas-url-for-blob-private-endpoint

If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

hth

Marcin

Sean K 20 Reputation points

2025-04-05T17:54:21.79+00:00

This is really helpful - thank you! That's a bummer that OpenAI Service always accesses image_urls via public endpoints...

If I wanted to re-enable public access on storage and scope it to trusted services only (App Service & OpenAI Service), how would I do that? I've tried removing the network rule with default action of deny and adding a resource access for CognitiveAccount, but that didn't seem to work either...
Marcin Policht 44,245 Reputation points MVP

2025-04-05T18:29:29.65+00:00

Make sure to enable Allow Azure services on the trusted services list to access this storage account

If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

hth

Marcin
Sean K 20 Reputation points

2025-04-05T19:14:09.1166667+00:00

I have that option set as well, but still not able to access the service. From the documentation (https://learn.microsoft.com/en-us/azure/storage/common/storage-network-security?tabs=azure-portal#trusted-access-based-on-a-managed-identity) it seems like CognitiveServices are on the trusted services list already, but that my resource might need specific permissions to access the storage account. Anything I should double check on my Azure OpenAI service?
Marcin Policht 44,245 Reputation points MVP

2025-04-05T20:45:55.03+00:00

Try enabling managed identity for the Azure OpenAI instance (more at https://learn.microsoft.com/en-us/azure/ai-services/cognitive-services-virtual-networks?tabs=portal#grant-access-to-trusted-azure-services-for-azure-openai )

The caveat is that trusted services leverages Entra ID authentication and you are using SAS for authorization - but it might be worth trying this

If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

hth

Marcin
Sean K 20 Reputation points

2025-04-05T20:52:38.0766667+00:00

I assume using SAS URI would eliminate usage of any Entra ID authentication, but if I use the non-signed blob URL then Entra ID auth would be used?
Marcin Policht 44,245 Reputation points MVP

2025-04-05T21:20:37.2133333+00:00

You'd need to follow https://learn.microsoft.com/en-us/azure/storage/blobs/authorize-access-azure-active-directory (this includes support for delegation SAS - which might be possibly a way to address your security concerns regarding opening access to the public endpoint).

https://learn.microsoft.com/en-us/azure/storage/blobs/authorize-access-azure-active-directory
SriLakshmi C 4,310 Reputation points Microsoft External Staff

2025-04-08T12:37:49.8766667+00:00

@Sean K,

Did you get any chance to check the above response. Thank you!

Share via

Private Network access for Blob Storage URIs from Azure OpenAI Service

0 additional answers

Your answer