Error when connection to Azure OpenAI ""AuthenticationtypeDisable" message "Key based authentication is disable for this resource"."

Question

Error when connection to Azure OpenAI ""AuthenticationtypeDisable" message "Key based authentication is disable for this resource"."

System Administrator 0

I am connecting to Azure OpenAI but suddently from Dec 30, it shows the error "AuthenticationtypeDisable" message "Key based authentication is disable for this resource".
When checking Microsoft Foundry**| Azure OpenAI,** I noticed "API key authentication is disabled"
But can't enable it again.
Please help to suggest how we can fix it.
My connection like this:
const endpoint =

"https://admin-m99nsvyo-eastus2.cognitiveservices.azure.com/openai/.....................";

const apiKey = "..........................................";

User's image

Sina Salam 26,916 Reputation points Volunteer Moderator

2025-12-31T17:33:23.5466667+00:00

Hello System Administrator,

Welcome to the Microsoft Q&A and thank you for posting your questions here.

I understand that you are having error when connection to Azure OpenAI ""AuthenticationtypeDisable" message "Key based authentication is disable for this resource".

If API key authentication was deliberately disabled on the Azure OpenAI/Foundry resource. Move to Microsoft Entra ID authentication (recommended and required if key auth is disabled). Use Azure Identity libraries and assign appropriate roles.

Because you cannot call the API with an API key if key auth is disabled, until you or someone with Owner permissions re-enables it (if policy allows), that is if you would like to use API but it's not recommended. API key authentication was deliberately disabled on the Azure OpenAI/Foundry resource.

I hope this is helpful! Do not hesitate to let me know if you have any other questions or clarifications.

Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful.
SRILAKSHMI C 12,905 Reputation points Microsoft External Staff Moderator

2026-01-02T06:19:45.0433333+00:00

Hi System Administrator,

Did you get any chance to review the above response. Do let me know if you have any further queries.

Thank you!
System Administrator 0 Reputation points

2026-01-05T02:17:15.07+00:00
Hi SRILAKSHMI C,

Thank you for your recommendation.
I have reviewed two options and would like to enforcing keyless authentication (this requires Owner access to change or exempt), which is good for our operation.
However when I tried to create exemption for policy as below, the authentication key still not displayed. And I tried to search will Copilot, it says need to run the other script to show the option to enable it, but I am not sure which one to run.
Can you kindly guide me how to enforce keyless authentication.
Thank you so much.

Create exemption:

It still not allow to enable authen key:
System Administrator 0 Reputation points

2026-01-05T06:02:43.24+00:00

Hi SRILAKSHMI C,

I fixed the issue finally by running the script:
az resource update \

--name <name of Foundry/ OpenAI> \

--resource-group <name of resource group> \

--resource-type "Microsoft.CognitiveServices/accounts" \

--set properties.disableLocalAuth=false

Thank you so much for your information, much appreciated.

Cheers.
SRILAKSHMI C 12,905 Reputation points Microsoft External Staff Moderator

2026-01-05T11:47:32.5566667+00:00

Hi System Administrator,

That’s great to hear, thank you for sharing the resolution!

I’m glad you were able to identify the root cause and resolve the issue by re-enabling local authentication. This will be helpful for others who may run into a similar situation as well.

Since I’ve converted my earlier comment into an answer, could you please take a moment to mark it as Accepted? This helps others in the community with the same question find the solution more easily.

Thank you!

1 answer

Your answer

Sina Salam 26,916 Reputation points Volunteer Moderator

2025-12-31T17:33:23.5466667+00:00

Hello System Administrator,

Welcome to the Microsoft Q&A and thank you for posting your questions here.

I understand that you are having error when connection to Azure OpenAI ""AuthenticationtypeDisable" message "Key based authentication is disable for this resource".

If API key authentication was deliberately disabled on the Azure OpenAI/Foundry resource. Move to Microsoft Entra ID authentication (recommended and required if key auth is disabled). Use Azure Identity libraries and assign appropriate roles.

Because you cannot call the API with an API key if key auth is disabled, until you or someone with Owner permissions re-enables it (if policy allows), that is if you would like to use API but it's not recommended. API key authentication was deliberately disabled on the Azure OpenAI/Foundry resource.

I hope this is helpful! Do not hesitate to let me know if you have any other questions or clarifications.

Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful.
SRILAKSHMI C 12,905 Reputation points Microsoft External Staff Moderator

2026-01-02T06:19:45.0433333+00:00

Hi System Administrator,

Did you get any chance to review the above response. Do let me know if you have any further queries.

Thank you!
System Administrator 0 Reputation points

2026-01-05T02:17:15.07+00:00

Hi SRILAKSHMI C,

Thank you for your recommendation.
I have reviewed two options and would like to enforcing keyless authentication (this requires Owner access to change or exempt), which is good for our operation.
However when I tried to create exemption for policy as below, the authentication key still not displayed. And I tried to search will Copilot, it says need to run the other script to show the option to enable it, but I am not sure which one to run.
Can you kindly guide me how to enforce keyless authentication.
Thank you so much.

Create exemption:

It still not allow to enable authen key:
System Administrator 0 Reputation points

2026-01-05T06:02:43.24+00:00

Hi SRILAKSHMI C,

I fixed the issue finally by running the script:
az resource update \

--name <name of Foundry/ OpenAI> \

--resource-group <name of resource group> \

--resource-type "Microsoft.CognitiveServices/accounts" \

--set properties.disableLocalAuth=false

Thank you so much for your information, much appreciated.

Cheers.
SRILAKSHMI C 12,905 Reputation points Microsoft External Staff Moderator

2026-01-05T11:47:32.5566667+00:00

Hi System Administrator,

That’s great to hear, thank you for sharing the resolution!

I’m glad you were able to identify the root cause and resolve the issue by re-enabling local authentication. This will be helpful for others who may run into a similar situation as well.

Since I’ve converted my earlier comment into an answer, could you please take a moment to mark it as Accepted? This helps others in the community with the same question find the solution more easily.

Thank you!

Answer 1

Hello System Administrator,

Welcome to Microsoft Q&A and Thank you for reaching out.

This behavior is expected and due to a security configuration change, not a service outage or SDK issue.

What is happening

Your Azure OpenAI resource now has API key authentication disabled, which is why requests using apiKey are failing with:

AuthenticationTypeDisabled – Key based authentication is disabled for this resource

When this setting is disabled, all API key–based requests are rejected, even if the key itself is valid. This commonly happens when the resource is configured to use Microsoft Entra ID (Azure AD) authentication only, which is now the recommended and more secure approach.

Why you can’t re-enable API keys

If the “API key authentication is disabled” toggle cannot be turned back on in Azure AI Foundry or the Azure portal, it usually means one of the following applies:

An Azure Policy enforces keyless (Entra ID–only) authentication

The resource was created or migrated with AAD-only authentication enforced

You don’t have Owner-level permissions to override the policy

In these cases, the portal intentionally prevents re-enabling API keys.

Recommended fix: switch to keyless (Entra ID) authentication

Since key-based auth is disabled, you should update your application to use Microsoft Entra ID authentication.

Steps:

Assign the appropriate role (for example, Cognitive Services OpenAI User) to your identity on the Azure OpenAI resource.

Use an Azure Identity credential (Managed Identity or Service Principal).

Authenticate using the scope:

https://cognitiveservices.azure.com/.default

JavaScript example:

const { DefaultAzureCredential } = require("@azure/identity");
const { OpenAIClient } = require("@azure/openai");

const endpoint = "https://<your-resource-name>.cognitiveservices.azure.com/";
const credential = new DefaultAzureCredential();

const client = new OpenAIClient(endpoint, credential);

This approach works both locally (via Azure CLI login or service principal) and in Azure-hosted environments (via Managed Identity).

Also check

Ensure your user or managed identity has access to the Azure OpenAI resource.

Make sure you are using the correct Azure OpenAI endpoint.

If you must use API keys, check whether a subscription-level policy is enforcing keyless authentication (this requires Owner access to change or exempt).

Please refer this Use Azure OpenAI without keys

I Hope this helps. Do let me know if you have any further queries.

Thank you!

Share via

Error when connection to Azure OpenAI ""AuthenticationtypeDisable" message "Key based authentication is disable for this resource"."

1 answer

Your answer