7.3 Responsible AI Across All Domains
Key Takeaways
- Responsible AI is woven through the exam: "Implement AI solutions responsibly" is a named objective covering content moderation, content filters, blocklists, prompt shields, harm detection, and a governance framework.
- Azure AI Content Safety uses a full 0-7 severity scale; the text classifier returns the trimmed levels 0, 2, 4, 6 mapped to Safe, Low, Medium, High across four categories: hate and fairness, sexual, violence, self-harm.
- Azure AI Face restricts identification and verification behind a Limited Access application; emotion, age, and gender attributes were retired for Responsible AI reasons.
- Microsoft contractually does not use customer data submitted to Azure AI services to train or improve its models; data is encrypted in transit (TLS 1.2+) and at rest.
- High-stakes decisions (medical, legal, financial, identity) require human-in-the-loop review, typically driven by confidence thresholds that route low-confidence outputs to a human.
Quick Answer: Content Safety scores four categories (hate/fairness, sexual, violence, self-harm) on a 0-7 scale, with the text classifier returning trimmed levels 0/2/4/6 = Safe/Low/Medium/High. Face identification needs Limited Access approval; emotion/age/gender attributes are retired. Microsoft does not train on your data. High-stakes outputs route to a human by confidence.
Azure AI Content Safety: Scale and Categories
This is the single highest-yield Responsible AI fact set. Content Safety analyzes text and images across four harm categories and assigns a severity per category.
| Category | What it flags |
|---|---|
| Hate and fairness | Attacks or discrimination targeting identity groups |
| Sexual | Explicit sexual language, acts, or assault |
| Violence | Physical harm, weapons, threats |
| Self-harm | Self-injury, suicide-related content |
The full severity range is 0-7. The current text model returns a trimmed scale of 0, 2, 4, 6, where each pair of adjacent full levels collapses to one returned value:
| Returned level | Label |
|---|---|
| 0 | Safe |
| 2 | Low |
| 4 | Medium |
| 6 | High |
You set a threshold per category to allow or block. A common exam stem gives a severity (for example 4 = Medium) and a threshold and asks whether the content passes. Do not confuse this with a 0-3 or 0-10 scale — both are wrong-answer bait.
Service-Specific Restrictions
| Service | Restriction | Reason |
|---|---|---|
| Face | Identification/verification behind Limited Access approval | Prevent surveillance misuse |
| Face | Emotion, age, gender attributes retired | Unreliable, bias and privacy risk |
| Custom Neural Voice | Limited Access approval required | Prevent voice impersonation |
| Azure OpenAI | Content filters always on at minimum level | Block harmful generation |
| DALL-E | Will not produce real public-figure faces | Prevent deepfakes |
| Spatial Analysis | No facial recognition, no image retention | Privacy by design |
Generative AI Guardrails
For Azure OpenAI and Foundry, the objective lists specific controls you must recognize:
- Content filters — screen prompt (input) and completion (output) across the four categories; configurable severity per category but cannot be fully disabled without approval.
- Blocklists — organization-specific banned terms layered on top of the categories.
- Prompt Shields — detect and block jailbreak / indirect prompt-injection attacks before generation.
- Groundedness detection — flags ungrounded (hallucinated) claims not supported by your source data in RAG.
- Protected material detection — flags copyrighted text or code in completions.
Data Privacy Guarantees
| Guarantee | Detail |
|---|---|
| No model training | Customer data is not used to train/improve Microsoft models |
| Encryption in transit | TLS 1.2+ on all calls |
| Encryption at rest | Microsoft-managed or customer-managed keys |
| Data residency | Processed in the resource's deployed region |
| Compliance | GDPR, HIPAA, SOC 2, ISO 27001 |
On the Exam: "A healthcare customer worries about privacy" almost always points to the no-training guarantee plus encryption and regional residency.
Human-in-the-Loop Routing
AI output confidence
> 0.90 -> auto-approve / auto-process
0.60 - 0.90 -> route to human reviewer
< 0.60 -> reject or escalate
High-stakes domains always keep a human in the loop: medical advice reviewed by a clinician, contract terms verified by counsel, investment recommendations approved by an advisor, and failed identity-liveness checks escalated to in-person verification. The exam rewards the answer that adds human oversight for uncertain, consequential outputs rather than fully automating them.
The Six Responsible AI Principles
Microsoft frames governance around six principles, and scenario questions expect you to map a concern to the right one. Fairness means the system treats people equitably — the answer when bias across demographic groups is raised. Reliability and safety means consistent, safe operation under expected and unexpected conditions — the answer for testing, monitoring, and graceful degradation. Privacy and security covers data protection, encryption, and the no-training guarantee. Inclusiveness means the solution works for people of all abilities — the answer for accessibility and captioning needs.
Transparency means users understand how and why the system decided something, which drives explanations and disclosure that AI was involved. Accountability means humans remain responsible for outcomes, which is why governance, audit logs, and human oversight exist. When a stem says "the bank must explain loan decisions to applicants", the principle is transparency; when it says "outputs must be reviewable and someone must own the result", it is accountability.
Configuring Filters, Blocklists, and Severity Thresholds
In practice you tune Responsible AI through configuration, and the exam tests the mechanics. An Azure OpenAI content filter configuration sets an action (allow or block) per category and per severity band for both the prompt and the completion, so you can, for example, block Medium-and-above violence on input while allowing Low. Blocklists add deterministic term matching on top of the AI categories for organization-specific words a classifier might miss, such as a competitor's name or an internal codeword.
Default filters cannot be turned off entirely; loosening them beyond the standard configuration requires a Microsoft modified-content-filter approval. The correct exam move when content is wrongly blocked is to adjust the per-category threshold or add an allowlist exception, never to "disable content filtering".
Governance Frameworks and Documentation
The "Design a responsible AI governance framework" objective expects familiarity with operational artifacts. Transparency Notes are Microsoft-published documents describing a service's intended uses, limitations, and fairness considerations, and you are expected to consult them when assessing fit. Impact assessments document who could be harmed and how risks are mitigated before deployment. Azure Policy enforces the framework at scale — for instance requiring private endpoints, restricting AI resources to approved regions, mandating diagnostic logging, and enforcing content filtering on every Azure OpenAI deployment.
Together these turn principles into enforceable controls, and exam answers favor the option that operationalizes governance rather than relying on developer goodwill.
Azure AI Content Safety analyzes a comment and returns a severity of 4 for the violence category. On the standard returned text scale, what does this indicate?
A company wants to use Azure AI Face for one-to-many identification to control building access. What must they do before deploying it?
In a RAG application, which Azure OpenAI guardrail detects model claims that are NOT supported by the retrieved source documents?