5.2 Azure OpenAI Service
Key Takeaways
- Azure OpenAI Service provides access to OpenAI models (GPT-4o, GPT-4, GPT-3.5-Turbo) through Azure's enterprise-grade cloud platform with security, compliance, and content filtering.
- Azure OpenAI combines OpenAI's generative models with Azure's enterprise features: RBAC, managed identities, virtual networks, content filtering, and compliance certifications.
- You must create a deployment of a specific model before you can use it — the deployment determines which model, version, and capacity you have.
- Azure OpenAI supports text generation (chat completions), image generation (GPT-Image), embeddings (vector representations), and speech (Whisper for transcription).
- Access to Azure OpenAI Service requires an approved application — it is not available to all Azure subscribers by default.
Azure OpenAI Service
Quick Answer: Azure OpenAI Service provides access to OpenAI models (GPT-4o, GPT-4, GPT-3.5-Turbo) through Azure with enterprise-grade security, compliance, and content filtering. You create deployments of specific models and access them via REST API or SDK. Access requires an approved application.
What Is Azure OpenAI Service?
Azure OpenAI Service is a cloud service that provides REST API access to OpenAI's powerful generative AI models. It combines OpenAI's models with Azure's enterprise capabilities:
Azure OpenAI vs. OpenAI Direct
| Feature | Azure OpenAI | OpenAI Direct |
|---|---|---|
| Models | Same OpenAI models (GPT-4o, GPT-4, etc.) | Same models |
| Security | Azure RBAC, managed identities, private endpoints | API key authentication |
| Compliance | SOC 2, HIPAA, ISO 27001, GDPR certifications | Standard compliance |
| Content filtering | Built-in Azure AI Content Safety filters | Moderation API |
| Data privacy | Your data is NOT used to train models | Your data is NOT used to train models |
| Networking | Virtual networks, private endpoints | Public internet |
| SLA | Enterprise SLA with guaranteed uptime | Best-effort availability |
| Billing | Azure subscription billing | OpenAI billing |
| Access | Requires approved application | Generally available |
On the Exam: The key differentiator is ENTERPRISE FEATURES. Azure OpenAI offers the SAME models as OpenAI but adds Azure security, compliance, content filtering, and networking capabilities that enterprises require.
Available Models
Text Generation Models
| Model | Description | Best For |
|---|---|---|
| GPT-4o | Multimodal model (text + image input, text output) | Most capable; complex reasoning, coding, analysis |
| GPT-4o mini | Smaller, faster, cheaper version of GPT-4o | Quick responses, cost-sensitive applications |
| GPT-4 | Previous generation flagship model | Complex tasks when GPT-4o is unavailable |
| GPT-3.5-Turbo | Fast and cost-effective text generation | Simple tasks, chatbots, high-volume applications |
Image Generation Models
| Model | Description | Status |
|---|---|---|
| GPT-Image-1 | Latest image generation model | Currently available |
| DALL-E 3 | Previous image generation model | Retired (March 2026) |
Embeddings Models
| Model | Description | Best For |
|---|---|---|
| text-embedding-3-large | High-dimensional text embeddings | Semantic search, RAG, similarity matching |
| text-embedding-3-small | Efficient text embeddings | Cost-effective embedding applications |
| text-embedding-ada-002 | Previous generation embeddings | Legacy applications |
Speech Models
| Model | Description | Best For |
|---|---|---|
| Whisper | Speech-to-text transcription | Audio transcription |
Creating a Deployment
Before using a model, you must create a deployment in your Azure OpenAI resource:
- Create an Azure OpenAI resource in the Azure portal
- Navigate to Azure AI Foundry (the management portal)
- Select a model from the model catalog
- Create a deployment — specify model version, capacity (TPM - Tokens Per Minute), and deployment name
- Use the deployment via the REST API or SDK with your endpoint and key
Deployment Types
| Type | Description | When to Use |
|---|---|---|
| Standard | Pay-per-token, shared capacity | Development, testing, variable workloads |
| Provisioned | Reserved capacity with guaranteed throughput | Production workloads with predictable demand |
| Global | Automatically routes to the best available region | Applications needing high availability |
Enterprise Features
Security
- Azure RBAC — control who can access the resource and deployments
- Managed identities — authenticate without storing credentials in code
- Private endpoints — keep traffic on your private network
- Customer-managed keys — encrypt data with your own keys
Compliance
Azure OpenAI inherits Azure's compliance certifications:
- SOC 2 Type II
- ISO 27001
- HIPAA (with BAA)
- GDPR
- FedRAMP (select regions)
Content Filtering
Built-in content filters that scan both prompts and responses:
- Hate speech detection and blocking
- Violence detection and blocking
- Sexual content detection and blocking
- Self-harm content detection and blocking
- Jailbreak attempt detection (Prompt Shields)
Data Privacy
- Your prompts and responses are NOT used to train OpenAI models
- Data is processed in the Azure region you select
- Data is not shared with OpenAI for model improvement
- You can opt into or out of abuse monitoring
On the Exam: The most important point about Azure OpenAI data privacy is that YOUR DATA IS NOT USED TO TRAIN MODELS. This is a common question — enterprises need assurance that their proprietary data remains private.
What is the primary advantage of Azure OpenAI Service over using OpenAI directly?
In Azure OpenAI Service, what must you create before you can use a model?
Is your prompt and response data used to train OpenAI models when using Azure OpenAI Service?
Which Azure OpenAI model is the most capable multimodal model that accepts both text and image input?
Which THREE are enterprise features that Azure OpenAI Service provides over OpenAI direct? (Select three)
Select all that apply