Service administration for Azure Cognitive Search in the Azure portal
Azure Cognitive Search is a fully managed, cloud-based search service used for building a rich search experience into custom apps. This article covers the administration tasks that you can perform in the Azure portal for a search service that you've already created.
Depending on your permission level, the portal covers virtually all aspects of search service operations, including:
- Service administration
- Content management
- Content exploration
Each search service is managed as a standalone resource. The following image shows the portal pages for a single free search service called "demo-search-svc".
Overview (home) page
The overview page is the "home" page of each service. In the following screenshot, the areas on the screen enclosed in red boxes indicate tasks, tools, and tiles that you might use often, especially if you're new to the service.
| Area | Description |
|---|---|
| 1 | The Essentials section lists service properties, such as the service endpoint, service tier, and replica and partition counts. |
| 2 | A command bar at the top of the page includes Import data and Search explorer, used for prototyping and exploration. |
| 3 | Tabbed pages in the center provide quick access to usage statistics, service health metrics, and access to all of the existing indexes, indexers, data sources, and skillsets. |
| 4 | Navigation links to other pages. |
Read-only service properties
Several aspects of a search service are determined when the service is provisioned and can't be easily changed:
- Service name
- Service location 1
- Service tier 2
1 Although there are ARM and bicep templates for service deployment, moving content is a manual job.
2 Switching a tier requires creating a new service or filing a support ticket to request a tier upgrade.
Management tasks
Service administration includes the following tasks:
- Adjust capacity by adding or removing replicas and partitions
- Manage API keys used for content access
- Manage Azure roles used for content and service access
- Configure IP firewall rules to restrict access by IP address
- Configure a private endpoint using Azure Private Link and a private virtual network
- Monitor service health and operations: storage, query volumes, and latency
There's feature parity across all modalities and languages except for preview management features. In general, preview management features are released through the Management REST API first. Programmatic support for service administration can be found in the following APIs and modules:
You can also use the management client libraries in the Azure SDKs for .NET, Python, Java, and JavaScript.
Data collection and retention
Because Azure Cognitive Search is a monitored resource, you can review the built-in activity logs and platform metrics for insights into service operations. Activity logs and the data used to report on platform metrics are retained for the periods described in the following table.
If you opt in for resource logging, you'll specify durable storage over which you'll have full control over data retention and data access through Kusto queries. For more information on how to set up resource logging in Cognitive Search, see Collect and analyze log data.
Internally, Microsoft collects telemetry data about your service and the platform. It's stored internally in Microsoft data centers and made globally available to Microsoft support engineers when you open a support ticket.
| Monitoring data | Retention |
|---|---|
| Activity logs | 90 days on a rolling schedule |
| Platform metrics | 93 days on a rolling schedule, except that portal visualization is limited to a 30 day window |
| Resource logs | User-managed |
| Telemetry | One and a half years |
Note
See the "Data residency" section of the security overview article for more information about data location and privacy.
Administrator permissions
When you open the search service overview page, the Azure role assigned to your account determines what portal content is available to you. The overview page at the beginning of the article shows the portal content available to an Owner or Contributor.
Azure roles used for service administration include:
- Owner
- Contributor (same as Owner, minus the ability to assign roles)
- Reader (provides access to service information in the Essentials section and in the Monitoring tab)
By default, all search services start with at least one Owner. Owners, service administrators, and co-administrators have permission to create other administrators and other role assignments.
Also by default, search services start with API keys for content-related tasks that an Owner or Contributor might perform in the portal. However, it's possible to turn off API key authentication and use Azure role-based access control exclusively. If you turn off API keys, be sure to set up data access role assignments so that all features in the portal remain operational.
Tip
By default, any owner or administrator can create or delete services. To prevent accidental deletions, you can lock resources.
Next steps
- Review monitoring capabilities available in the portal
- Automate with PowerShell or Azure CLI
- Review security features to protect content and operations
- Enable resource logging to monitor query and indexing workloads
Feedback
Submit and view feedback for