Service administration for Azure AI Search in the Azure portal

This article covers the Azure AI Search administration tasks that you can perform in the Azure portal.

Depending on your permission level, the portal provides coverage of most search service operations, including:

Each search service is managed as a standalone resource. The following image shows the portal pages for a single free search service called "demo-search-svc".

Overview (home) page

The overview page is the "home" page of each service. In the following screenshot, the red boxes indicate tasks, tools, and tiles that you might use often, especially if you're new to the service.

Portal pages for a search service

Area Description
1 A command bar at the top of the page includes Import data wizard and Search explorer, used for prototyping and exploration.
2 The Essentials section lists service properties, such as the service endpoint, service tier, and replica and partition counts.
3 Tabbed pages in the center provide quick access to usage statistics and service health metrics.
4 Navigation links to existing indexes, indexers, data sources, and skillsets.

Read-only service properties

Several aspects of a search service are determined when the service is provisioned and can't be easily changed:

  • Service name
  • Service location 1
  • Service tier 2

1 Although there are ARM and bicep templates for service deployment, moving content is a manual effort.

2 Switching a tier requires creating a new service or filing a support ticket to request a tier upgrade.

Management tasks

Service administration includes the following tasks:

There's feature parity across all modalities and languages except for preview management features. In general, preview management features are released through the Management REST API first. Programmatic support for service administration can be found in the following APIs and modules:

You can also use the management client libraries in the Azure SDKs for .NET, Python, Java, and JavaScript.

Data collection and retention

Because Azure AI Search is a monitored resource, you can review the built-in activity logs and platform metrics for insights into service operations. Activity logs and the data used to report on platform metrics are retained for the periods described in the following table.

If you opt in for resource logging, you'll specify durable storage over which you'll have full control over data retention and data access through Kusto queries. For more information on how to set up resource logging in Azure AI Search, see Collect and analyze log data.

Internally, Microsoft collects telemetry data about your service and the platform. It's stored internally in Microsoft data centers and made globally available to Microsoft support engineers when you open a support ticket.

Monitoring data Retention
Activity logs 90 days on a rolling schedule
Platform metrics 93 days on a rolling schedule, except that portal visualization is limited to a 30 day window
Resource logs User-managed
Telemetry One and a half years

Note

See the "Data residency" section of the security overview article for more information about data location and privacy.

Administrator permissions

When you open the search service overview page, the Azure role assigned to your account determines what portal content is available to you. The overview page at the beginning of the article shows the portal content available to an Owner or Contributor.

Azure roles used for service administration include:

  • Owner
  • Contributor (same as Owner, minus the ability to assign roles)
  • Reader (provides access to service information in the Essentials section and in the Monitoring tab)

By default, all search services start with at least one Owner. Owners, service administrators, and co-administrators have permission to create other administrators and other role assignments.

Also by default, search services start with API keys for content-related tasks that an Owner or Contributor might perform in the portal. However, it's possible to turn off API key authentication and use Azure role-based access control exclusively. If you turn off API keys, be sure to set up data access role assignments so that all features in the portal remain operational.

Tip

By default, any owner or administrator can create or delete services. To prevent accidental deletions, you can lock resources.

Next steps