How can I get a zero data retention agreement so I can use Azure OpenAI Service within my platform?

Question

Our platform processes user-uploaded real estate appraisal documents that may contain personally identifiable information (PII) such as property addresses, individual names, financial data, and embedded document images; as a result, prompts and model outputs may include extracted text, contextual summaries, and vision inputs derived from this sensitive data. For compliance with our internal privacy policies and customer commitments, we require that prompts and completions are not logged or retained beyond in-memory processing. How can we obtain a zero data retention plan with Azure?

Answer 1

Hello Jordan Lesson,

Welcome to Microsoft Q&A and Thank you for reaching out.

I understand that you have strong privacy and compliance requirements, and you’re trying to understand whether Azure OpenAI can support a zero-data-retention model and how to formally engage Microsoft if exceptions or confirmations are needed. Here’s the best, accurate, and realistic answer, merging all the points and aligning with Microsoft’s current position.

Azure OpenAI & Zero Data Retention – What’s Possible Today

1. Default Azure OpenAI data handling (important baseline)

By default, Azure OpenAI:

Does NOT use your prompts or completions to train models

Temporarily retains prompts and completions for up to 30 days

Purpose: abuse monitoring, debugging, and service reliability

Soft-delete window: up to 48 hours after deletion before permanent purge

This behavior is standard and documented, even for sensitive workloads.

2. Is a “Zero Data Retention” plan available?

No public, self-service “zero data retention” plan exists today for Azure OpenAI.

However:

Azure OpenAI already operates in a “no training, limited retention” mode

Retention is service-side and not customer-accessible

Microsoft does not provide a toggle to reduce retention below the documented window

That said, large enterprise customers may receive:

Formal data-handling attestations

Contractual clarifications via Microsoft Legal / Account Teams

Documented assurances aligned to internal compliance needs

This requires direct engagement, not portal configuration.

3. What you can do today to achieve “practical zero retention”

Even without a special plan, many regulated customers operate safely by design:

Application-side controls (critical)

Ensure no prompts, completions, or embeddings are logged in:

• application logs
• telemetry
• request tracing

Keep all sensitive content in-memory only

Avoid storing:

• raw prompts
• raw model outputs

Immediately discard responses after downstream processing

Platform security controls

Use:

• Private Endpoints
• VNET integration
• Managed Identity

Disable diagnostic logs for payload content

Apply RBAC and least-privilege access

Optional data minimization

Mask or tokenize PII before sending prompts

Avoid sending original documents when summaries suffice

This is how many finance, healthcare, and legal platforms meet internal privacy policies today.

4. DLP and compliance alignment

While Azure OpenAI itself doesn’t expose fine-grained DLP switches:

You can integrate Azure Purview / Microsoft Purview

Enforce DLP at:

• storage
• ingress/egress
• logging pipelines

Combine with:

• Customer-managed keys (CMK)
• Private networking

5. How to formally engage Microsoft for zero-retention assurances

Since this is not a portal feature, you must go through human channels:

• https://azure.microsoft.com/contact/

Ask for:

“Formal clarification or contractual assurances regarding Azure OpenAI data retention for a production system processing PII.”

If you have:

• paid support
• meaningful Azure spend
• production workloads

this will route to the right internal team, not Q&A.

Please reach out to support team,

Go to Azure Portal

1. Search for “Help + support”

Open Support plans

Look for:

Account Manager

  *Customer Success Manager*
  
     *Technical Account Manager*
     

If listed, that is your direct Microsoft contact.

I Hope this helps. Do let me know if you have any further queries.

Thank you!

Answer 2

Hello Jordan Lesson,

Welcome to the Microsoft Q&A and thank you for posting your questions here.

I understand that you need on how I get a zero data retention agreement so I can use Azure OpenAI Service within my platform.

Try the followings steps to ensure prompts and completions are not stored beyond in‑memory processing for abuse monitoring (“Zero Data Retention”), and your deployment remains compliant for PII/PHI or sensitive documents.

1. Zero Data Retention (ZDR) on Azure OpenAI/Azure Direct Models is only achieved by Modified Abuse Monitoring under Microsoft’s Limited Access program; it’s not a self‑serve portal toggle and typically requires being a managed EA/MCA customer. - https://learn.microsoft.com/en-us/azure/ai-foundry/responsible-ai/openai/limited-access?view=foundry-classic, and https://learn.microsoft.com/en-us/answers/questions/4372674/how-to-opt-in-for-zero-data-retention-with-azure-o gives you more details.
2. Deploy a dedicated resource in your required region and avoid Global/DataZone deployment types if strict data‑residency is mandated, since those can process prompts across regions within a geography. - https://learn.microsoft.com/en-us/azure/ai-foundry/responsible-ai/openai/data-privacy?view=foundry-classic
3. Apply via your Microsoft account team for Modified Abuse Monitoring (and Modified Guardrails if needed); this is the only documented path to stop storing prompts/completions for abuse‑monitoring logs. See Limited access (program & approvals) and Abuse Monitoring (concepts).
4. After approval, verify ZDR by confirming ContentLogging=false on the resource/subscription (property appears only when logging is off): - https://learn.microsoft.com/en-us/azure/ai-foundry/responsible-ai/openai/data-privacy?view=foundry-classic, and https://github.com/orgs/microsoft-foundry/discussions/170 show more details:

      az cognitiveservices account show \
        -n <resourceName> -g <resourceGroup> \
        --query "properties.capabilities[?name=='ContentLogging'] | [0].value" -o tsv
   

5. To keep “no at‑rest storage” end‑to‑end, avoid stateful features (Files API, vector store, fine‑tune artifacts, Responses API, Assistants Threads, Stored Completions); ZDR covers abuse‑monitoring storage only. Note that automated in‑line checks can still trigger enforcement for severe/recurring abuse. - https://learn.microsoft.com/en-us/azure/ai-foundry/responsible-ai/openai/data-privacy?view=foundry-classic, https://learn.microsoft.com/en-us/azure/ai-foundry/openai/concepts/abuse-monitoring?view=foundry-classic

I hope this is helpful! Do not hesitate to let me know if you have any other questions or clarifications.

---

Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful.

Answer 3

To secure a zero data retention agreement for the Azure OpenAI Service, you should directly engage with Microsoft to discuss your specific needs regarding data handling, particularly concerning personally identifiable information (PII). Azure OpenAI Service has provisions that ensure prompts and completions are not accessible to other customers and are not utilized to enhance models without your consent.

For your requirements, it is advisable to reach out to your Microsoft account representative or Azure support to negotiate a tailored agreement that aligns with your internal privacy policies and customer commitments. Additionally, reviewing the Microsoft Products and Services Data Protection Addendum may provide further insights into data processing commitments relevant to your situation.

---

References:

• Data, privacy, and security for Azure Direct Models in Microsoft Foundry
• FAQ for Copilot data security and privacy for Dynamics 365 and Power Platform