How to create and manage an Azure AI hub resource
Note
Azure AI Studio is currently in public preview. This preview is provided without a service-level agreement, and we don't recommend it for production workloads. Certain features might not be supported or might have constrained capabilities. For more information, see Supplemental Terms of Use for Microsoft Azure Previews.
As an administrator, you can create and manage Azure AI hub resources. Azure AI hub resources provide a hosting environment for the projects of a team, and help you as an IT admin centrally set up security settings and govern usage and spend. You can create and manage an Azure AI hub resource from the Azure portal or from the Azure AI Studio.
In this article, you learn how to create and manage an Azure AI hub resource in Azure AI Studio (for getting started).
Create an Azure AI hub resource in AI Studio
To create a new Azure AI hub resource, you need either the Owner or Contributor role on the resource group or on an existing Azure AI hub resource. If you're unable to create an Azure AI hub resource due to permissions, reach out to your administrator. If your organization is using Azure Policy, don't create the resource in AI Studio. Create the Azure AI hub resource in the Azure portal instead.
Follow these steps to create a new Azure AI hub resource in AI Studio.
Go to the Manage page in Azure AI Studio.
Select + New AI hub.
Enter your AI hub name, subscription, resource group, and location details.
In the Azure OpenAI dropdown, you can select an existing Azure OpenAI resource to bring all your deployments into AI Studio. If you don't bring one, we'll create one for you.
Optionally, connect an existing Azure AI Search instance to share search indices with all projects in this Azure AI hub resource. An Azure AI Search instance isn't created for you if you don't provide one.
Select Next.
On the Review and finish page, you see the AI Services provider for you to access the Azure AI services such as Azure OpenAI.
Select Create.
When the AI hub is created, you can see it on the Manage page in AI Studio. You can see that initially no projects are created in the AI hub. You can create a new project.
Create a secure Azure AI hub resource in the Azure portal
If your organization is using Azure Policy, set up an Azure AI hub resource that meets your organization's requirements instead of using AI Studio for resource creation.
From the Azure portal, search for
Azure AI Studio
and create a new resource by selecting + New Azure AIEnter your AI hub name, subscription, resource group, and location details.
For advanced settings, select Next: Resources to specify resources, networking, encryption, identity, and tags.
Select an existing Azure AI services resource or create a new one. New Azure AI services include multiple API endpoints for Speech, Content Safety and Azure OpenAI. You can also bring an existing Azure OpenAI resource. Optionally, choose an existing Storage account, Key vault, Container Registry, and Application insights to host artifacts generated when you use AI Studio.
Set up Network isolation. Read more on network isolation. For a walkthrough of creating a secure Azure AI hub resource, see Create a secure Azure AI hub resource.
Set up data encryption. You can either use Microsoft-managed keys or enable Customer-managed keys.
By default, System assigned identity is enabled, but you can switch to User assigned identity if existing storage, key vault, and container registry are selected in Resources.
Note
If you select User assigned identity, your identity needs to have the
Cognitive Services Contributor
role in order to successfully create a new Azure AI hub resource.Add tags.
Select Review + create
Manage your Azure AI hub resource from the Azure portal
Azure AI hub resource keys
View your keys and endpoints for your Azure AI hub resource from the overview page within the Azure portal.
Manage access control
Manage role assignments from Access control (IAM) within the Azure portal. Learn more about Azure AI hub resource role-based access control.
To add grant users permissions:
Select + Add to add users to your Azure AI hub resource
Select the Role you want to assign.
Select the Members you want to give the role to.
Review + assign. It can take up to an hour for permissions to be applied to users.
Networking
Azure AI hub resource networking settings can be set during resource creation or changed in the Networking tab in the Azure portal view. Creating a new Azure AI hub resource invokes a Managed Virtual Network. This streamlines and automates your network isolation configuration with a built-in Managed Virtual Network. The Managed Virtual Network settings are applied to all projects created within an Azure AI hub resource.
At Azure AI hub resource creation, select between the networking isolation modes: Public, Private with Internet Outbound, and Private with Approved Outbound. To secure your resource, select either Private with Internet Outbound or Private with Approved Outbound for your networking needs. For the private isolation modes, a private endpoint should be created for inbound access. For more information on network isolation, see Managed virtual network isolation. To create a secure Azure AI hub resource, see Create a secure Azure AI hub resource.
At Azure AI hub resource creation in the Azure portal, creation of associated Azure AI services, Storage account, Key vault, Application insights, and Container registry is given. These resources are found on the Resources tab during creation.
To connect to Azure AI services (Azure OpenAI, Azure AI Search, and Azure AI Content Safety) or storage accounts in Azure AI Studio, create a private endpoint in your virtual network. Ensure the public network access (PNA) flag is disabled when creating the private endpoint connection. For more about Azure AI services connections, follow documentation here. You can optionally bring your own (BYO) search, but this requires a private endpoint connection from your virtual network.
Encryption
Projects that use the same Azure AI hub resource, share their encryption configuration. Encryption mode can be set only at the time of Azure AI hub resource creation between Microsoft-managed keys and Customer-managed keys.
From the Azure portal view, navigate to the encryption tab, to find the encryption settings for your Azure AI hub resource. For Azure AI hub resources that use CMK encryption mode, you can update the encryption key to a new key version. This update operation is constrained to keys and key versions within the same Key Vault instance as the original key.
Update Azure Application Insights and Azure Container Registry
To use custom environments for Prompt Flow, you're required to configure an Azure Container Registry for your AI hub. To use Azure Application Insights for Prompt Flow deployments, a configured Azure Application Insights resource is required for your AI hub.
You can configure your AI hub for these resources during creation or update after creation. To update Azure Application Insights from the Azure portal, navigate to the Properties for your Azure AI hub resource in the Azure portal, then select Change Application Insights. You can also use the Azure SDK/CLI options or infrastructure-as-code templates to update both Azure Application Insights and Azure Container Registry for the AI Hub.
Manage your Azure AI hub resource from the Manage tab within the AI Studio
Getting started with the AI Studio
On the Manage page in Azure AI Studio, you have the options to create a new Azure AI hub resource, manage an existing Azure AI hub resource, or view your quota.
Managing an Azure AI hub resource
When you manage a resource, you see an Overview page that lists Projects, Description, Resource Configuration, Connections, and Permissions. You also see pages to further manager Permissions, Compute instances, Connections, Policies, and Billing.
You can view all Projects that use this Azure AI hub resource. Be linked to the Azure portal to manage the Resource Configuration. Manage who has access to this Azure AI hub resource. View all of the connections within the resource. Manage who has access to this Azure AI hub resource.
Permissions
Within Permissions you can view who has access to the Azure AI hub resource and also manage permissions. Learn more about permissions. To add members:
- Select + Add member
- Enter the member's name in Add member and assign a Role. For most users, we recommend the AI Developer role. This permission applies to the entire Azure AI hub resource. If you wish to only grant access to a specific Project, manage permissions in the Project
Compute instances
View and manage computes for your Azure AI hub resource. Create computes, delete computes, and review all compute resources you have in one place.
Connections
From the Connections page, you can view all Connections in your Azure AI hub resource by their Name, Authentication method, Category type, if the connection is shared to all projects in the resource or specifically to a Project, Target, Owner, and Provisioning state.
You can also add a connection through + Connection
Learn more on how to create and manage Connections. Connections created in the Azure AI hub resource Manage page are automatically shared across all projects. If you want to make a project specific connection, make that within the Project.
Policies
View and configure policies for your Azure AI hub resource. See all the policies you have in one place. Policies are applied across all Projects.
Billing
Here you're linked to the Azure portal to review the cost analysis information for your Azure AI hub resource.
Next steps
Feedback
https://aka.ms/ContentUserFeedback.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see:Submit and view feedback for