1.3 Security and Access Management
Key Takeaways
- Managed identities (system-assigned and user-assigned) eliminate the need to store credentials in code — the preferred authentication method for production.
- Azure Key Vault securely stores API keys, connection strings, and certificates — applications retrieve secrets at runtime.
- RBAC (Role-Based Access Control) provides fine-grained permissions: Cognitive Services User (read), Cognitive Services Contributor (manage), and custom roles.
- Virtual networks and private endpoints restrict AI service access to specific networks, preventing public internet exposure.
- Microsoft Entra ID (formerly Azure AD) authentication is preferred over key-based authentication for enterprise deployments.
Last updated: March 2026
Security and Access Management
Quick Answer: Secure Azure AI solutions using managed identities for authentication, Key Vault for secret storage, RBAC for permission control, and private endpoints for network isolation. Microsoft Entra ID is preferred over API keys for production deployments.
Authentication Methods
API Keys (Simplest, Least Secure)
- Two keys provided per resource
- Passed in the
Ocp-Apim-Subscription-Keyheader - Suitable for development and testing only
- Risk: Keys can be leaked in source code, logs, or configuration files
Microsoft Entra ID / OAuth 2.0 (Recommended for Production)
- Token-based authentication using Azure identity
- Supports managed identities, service principals, and user identities
- No secrets to manage — tokens are obtained automatically
- Integrates with RBAC for fine-grained access control
Managed Identities (Best Practice)
- System-assigned: Created automatically with the Azure resource, tied to its lifecycle
- User-assigned: Created independently, can be shared across multiple resources
- Eliminates all credential management — Azure handles token issuance and rotation
# Using managed identity — NO keys or secrets in code
from azure.identity import DefaultAzureCredential
from azure.ai.textanalytics import TextAnalyticsClient
credential = DefaultAzureCredential()
client = TextAnalyticsClient(
endpoint="https://my-language.cognitiveservices.azure.com/",
credential=credential
)
On the Exam: When a question describes a production scenario requiring secure authentication without storing secrets, the answer is almost always managed identity with DefaultAzureCredential. API keys are acceptable only for development/testing scenarios.
Azure Key Vault Integration
Azure Key Vault provides centralized, secure storage for secrets:
| Feature | Description |
|---|---|
| Secrets | Store API keys, connection strings, passwords |
| Keys | Cryptographic keys for encryption/decryption |
| Certificates | TLS/SSL certificates |
| Access Policies | Control who/what can read, write, or manage secrets |
| Soft Delete | Recover accidentally deleted secrets |
| Purge Protection | Prevent permanent deletion during retention period |
Storing AI Service Keys in Key Vault
# Store an AI service key in Key Vault
az keyvault secret set \
--vault-name my-keyvault \
--name "AiServiceKey" \
--value "a1b2c3d4e5f6..."
# Retrieve the key at runtime
az keyvault secret show \
--vault-name my-keyvault \
--name "AiServiceKey" \
--query "value" -o tsv
Application Pattern
from azure.identity import DefaultAzureCredential
from azure.keyvault.secrets import SecretClient
# Retrieve AI service key from Key Vault
credential = DefaultAzureCredential()
secret_client = SecretClient(
vault_url="https://my-keyvault.vault.azure.net/",
credential=credential
)
ai_key = secret_client.get_secret("AiServiceKey").value
Role-Based Access Control (RBAC)
RBAC controls what actions users and applications can perform on Azure AI resources:
| Role | Permissions | Use Case |
|---|---|---|
| Cognitive Services User | Call AI service APIs (read-only data plane) | Applications consuming AI services |
| Cognitive Services Contributor | Create, update, delete AI resources (management plane) | DevOps teams managing resources |
| Cognitive Services OpenAI User | Use Azure OpenAI completions and embeddings | Applications using OpenAI models |
| Cognitive Services OpenAI Contributor | Deploy models, manage fine-tuning jobs | AI engineers managing OpenAI deployments |
| Reader | View resource configuration (read-only) | Auditors and compliance teams |
Assigning RBAC Roles
# Assign "Cognitive Services User" to a managed identity
az role assignment create \
--assignee <managed-identity-object-id> \
--role "Cognitive Services User" \
--scope /subscriptions/<sub-id>/resourceGroups/<rg>/providers/Microsoft.CognitiveServices/accounts/<resource-name>
Network Security
Virtual Network Integration
- Restrict AI service access to specific virtual networks
- Deny all traffic from the public internet
- Allow only trusted Azure services to access the resource
Private Endpoints
- Create a private IP address for the AI service within your virtual network
- Traffic flows over the Microsoft backbone network, not the public internet
- DNS resolution maps the service endpoint to the private IP
Firewall Rules
# Restrict access to a specific virtual network
az cognitiveservices account network-rule add \
--resource-group rg-ai-prod \
--name my-ai-services \
--vnet-name my-vnet \
--subnet my-subnet
# Deny public access
az cognitiveservices account update \
--resource-group rg-ai-prod \
--name my-ai-services \
--public-network-access Disabled
On the Exam: Private endpoints + disabled public access is the most secure network configuration. Questions may present a scenario where the AI service must not be accessible from the internet — the answer is private endpoints combined with disabling public network access.
Diagnostic Logging and Monitoring
Azure Monitor Integration
- Enable diagnostic settings to capture API call logs, errors, and metrics
- Send logs to Log Analytics workspace, Storage Account, or Event Hub
- Create alerts for error rate spikes, latency thresholds, or quota exhaustion
Key Metrics to Monitor
| Metric | Description | Alert Threshold |
|---|---|---|
| Total Calls | Number of API calls | Baseline + 50% |
| Total Errors | Number of failed API calls | > 5% error rate |
| Latency | Response time per call | > 2 seconds (varies by service) |
| Blocked Calls | Calls rejected by rate limiting | Any occurrence |
| Token Usage | Tokens consumed (OpenAI) | Approaching quota |
Test Your Knowledge
Which authentication method is recommended for production Azure AI applications?
A
B
C
D
Test Your Knowledge
Which RBAC role allows an application to call Azure AI service APIs but NOT create or delete resources?
A
B
C
D
Test Your Knowledge
How do you prevent an Azure AI service from being accessed over the public internet?
A
B
C
D
Test Your Knowledge
What is the difference between a system-assigned and user-assigned managed identity?
A
B
C
D