Service administration for Azure AI Search in the Azure portal
This article covers the Azure AI Search administration tasks that you can perform in the Azure portal.
Depending on your permission level, the portal provides coverage of most search service operations, including:
- Service administration
- Content management
- Content exploration
Each search service is managed as a standalone resource. The following image shows the portal pages for a single free search service called "demo-search-svc".
Overview (home) page
The overview page is the "home" page of each service. In the following screenshot, the red boxes indicate tasks, tools, and tiles that you might use often, especially if you're new to the service.
|A command bar at the top of the page includes Import data wizard and Search explorer, used for prototyping and exploration.
|The Essentials section lists service properties, such as the service endpoint, service tier, and replica and partition counts.
|Tabbed pages in the center provide quick access to usage statistics and service health metrics.
|Navigation links to existing indexes, indexers, data sources, and skillsets.
Read-only service properties
Several aspects of a search service are determined when the service is provisioned and can't be easily changed:
- Service name
- Service location 1
- Service tier 2
1 Although there are ARM and bicep templates for service deployment, moving content is a manual effort.
2 Switching a tier requires creating a new service or filing a support ticket to request a tier upgrade.
Service administration includes the following tasks:
- Adjust capacity by adding or removing replicas and partitions
- Manage API keys used for content access
- Manage Azure roles used for content and service access
- Configure IP firewall rules to restrict access by IP address
- Configure a private endpoint using Azure Private Link and a private virtual network
- Monitor service health and operations: storage, query volumes, and latency
There's feature parity across all modalities and languages except for preview management features. In general, preview management features are released through the Management REST API first. Programmatic support for service administration can be found in the following APIs and modules:
Data collection and retention
Because Azure AI Search is a monitored resource, you can review the built-in activity logs and platform metrics for insights into service operations. Activity logs and the data used to report on platform metrics are retained for the periods described in the following table.
If you opt in for resource logging, you'll specify durable storage over which you'll have full control over data retention and data access through Kusto queries. For more information on how to set up resource logging in Azure AI Search, see Collect and analyze log data.
Internally, Microsoft collects telemetry data about your service and the platform. It's stored internally in Microsoft data centers and made globally available to Microsoft support engineers when you open a support ticket.
|90 days on a rolling schedule
|93 days on a rolling schedule, except that portal visualization is limited to a 30 day window
|One and a half years
See the "Data residency" section of the security overview article for more information about data location and privacy.
When you open the search service overview page, the Azure role assigned to your account determines what portal content is available to you. The overview page at the beginning of the article shows the portal content available to an Owner or Contributor.
Azure roles used for service administration include:
- Contributor (same as Owner, minus the ability to assign roles)
- Reader (provides access to service information in the Essentials section and in the Monitoring tab)
By default, all search services start with at least one Owner. Owners, service administrators, and co-administrators have permission to create other administrators and other role assignments.
Also by default, search services start with API keys for content-related tasks that an Owner or Contributor might perform in the portal. However, it's possible to turn off API key authentication and use Azure role-based access control exclusively. If you turn off API keys, be sure to set up data access role assignments so that all features in the portal remain operational.
By default, any owner or administrator can create or delete services. To prevent accidental deletions, you can lock resources.