You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/search/search-security-overview.md
+4-4Lines changed: 4 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,5 +1,5 @@
1
1
---
2
-
title: Security overview
2
+
title: Secure your Azure AI Search deployment
3
3
titleSuffix: Azure AI Search
4
4
description: Learn about the security features in Azure AI Search to protect endpoints, content, and operations.
5
5
manager: nitinme
@@ -17,17 +17,17 @@ ms.date: 08/15/2025
17
17
18
18
Azure AI Search provides comprehensive security controls across network access, authentication, authorization, and data protection to meet enterprise requirements. As a solution architect, you should understand three key security domains:
19
19
20
-
+**Network traffic patterns** (inbound client requests, outbound service connections, and internal Microsoft-managed traffic)
20
+
+**Network traffic patterns and network security** (inbound client requests, outbound service connections, and internal Microsoft-managed traffic)
21
21
+**Access control mechanisms** (Microsoft Entra ID with role-based access control or API key authentication)
22
-
+**Data protection** (encryption in transit via TLS 1.2/1.3, encryption at rest with optional customer-managed keys for double encryption).
22
+
+**Data residency and protection** (encryption in transit via TLS 1.2/1.3, encryption at rest with optional customer-managed keys for double encryption).
23
23
24
24
A search service supports multiple network security topologies—from IP firewall restrictions for basic protection to private endpoints for complete network isolation. For enterprise scenarios requiring granular permissions, you can implement document-level access controls and leverage network security perimeters to create logical boundaries around your Azure PaaS resources. All security features integrate with Azure's compliance framework and support common enterprise patterns like multitenancy and cross-service authentication using managed identities.
25
25
26
26
This article details the implementation options for each security layer to help you design appropriate security architectures for development and production environments.
27
27
28
28
## Network traffic patterns
29
29
30
-
An Azure AI Search service is hosted on Azure and is typically accessed by client applications over public network connections. While that pattern is predominant, it's not the only traffic pattern that you need to care about. Understanding all points of entry as well as outbound traffic is necessary background for securing your development and production environments.
30
+
An Azure AI Search service can be hosted in the Azure public cloud, an Azure private cloud, or a sovereign cloud (such as Azure government). By default, for all cloud hosts, the search service is typically accessed by client applications over public network connections. While that pattern is predominant, it's not the only traffic pattern that you need to care about. Understanding all points of entry as well as outbound traffic is necessary background for securing your development and production environments.
31
31
32
32
Azure AI Search has three basic network traffic patterns:
0 commit comments