You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/ai-services/openai/how-to/use-your-data-securely.md
+10-9Lines changed: 10 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -14,7 +14,7 @@ recommendations: false
14
14
15
15
# Securely use Azure OpenAI On Your Data
16
16
17
-
Use this article to learn how to use Azure OpenAI On Your Data securely by protecting data and resources with Microsoft Entra ID role-based access control, virtual networks and private endpoints.
17
+
Use this article to learn how to use Azure OpenAI On Your Data securely by protecting data and resources with Microsoft Entra ID role-based access control, virtual networks, and private endpoints.
18
18
19
19
This article is only applicable when using [Azure OpenAI On Your Data with text](/azure/ai-services/openai/concepts/use-your-data). It does not apply to [Azure OpenAI On Your Data with images](/azure/ai-services/openai/concepts/use-your-image-data).
20
20
@@ -163,7 +163,7 @@ To allow your Azure AI Search to call your Azure OpenAI `preprocessing-jobs` as
163
163
164
164
Set `networkAcls.bypass` as `AzureServices` from the management API. For more information, see [Virtual networks article](/azure/ai-services/cognitive-services-virtual-networks?tabs=portal#grant-access-to-trusted-azure-services-for-azure-openai).
165
165
166
-
This step can be skipped only if you have [shared private link](#create-shared-private-link)from Azure Search resource.
166
+
This step can be skipped only if you have a [shared private link](#create-shared-private-link)for your Azure AI Search resource.
167
167
168
168
### Disable public network access
169
169
@@ -174,7 +174,7 @@ To allow access to your Azure OpenAI service from your client machines, like usi
174
174
175
175
## Configure Azure AI Search
176
176
177
-
You can use basic pricing tier and higher for the configuration below. You don’t have to, but if you use S2 pricing tier, you will have an advanced option described in [this section](#create-shared-private-link).
177
+
You can use basic pricing tier and higher for the configuration below. It's not necessary, but if you use the S2 pricing tier you will see [additional options](#create-shared-private-link) available for selection.
178
178
179
179
### Enable managed identity
180
180
@@ -221,17 +221,18 @@ Learn more about the [manual approval workflow](/azure/private-link/private-endp
221
221
222
222
### Create shared private link
223
223
224
-
If you are using Basic or Standard pricing tier, or if it is your first time to setup all the resources securely, please skip this advanced topic.
224
+
> [!TIP]
225
+
> If you are using a basic or standard pricing tier, or if it is your first time to setup all of your resources securely, you should skip this advanced topic.
225
226
226
227
This section is only applicable for S2 pricing tier search resource, because it requires [private endpoint support for indexers with a skill set](/azure/search/search-limits-quotas-capacity#shared-private-link-resource-limits).
227
228
228
-
To create shared private link from your search resource connecting to your Azure OpenAI resource, please follow [this instruction](/azure/search/search-indexer-howto-access-private). Select **Resource type** as `Microsoft.CognitiveServices/accounts` and **Group ID** as `openai_account`.
229
+
To create shared private link from your search resource connecting to your Azure OpenAI resource, see the [search documentation](/azure/search/search-indexer-howto-access-private). Select **Resource type** as `Microsoft.CognitiveServices/accounts` and **Group ID** as `openai_account`.
229
230
230
-
With shared private link, [step 8](#data-ingestion-architecture) of the data ingestion architecture diagram is changed from **bypass trusted service** to **private endpoint**.
231
+
With shared private link, [step eight](#data-ingestion-architecture) of the data ingestion architecture diagram is changed from **bypass trusted service** to **private endpoint**.
231
232
232
-
:::image type="content" source="../media/use-your-data/ingestion-architecture-s2.png" alt-text="A diagram showing the process of ingesting data with s2 search resource." lightbox="../media/use-your-data/ingestion-architecture-s2.png":::
233
+
:::image type="content" source="../media/use-your-data/ingestion-architecture-s2.png" alt-text="A diagram showing the process of ingesting data with an S2 search resource." lightbox="../media/use-your-data/ingestion-architecture-s2.png":::
233
234
234
-
The Azure Search shared private link you created is also in Microsoft managed virtual network, not your virtual network. The difference comparing to the other managed private endpoint created in [this step](#disable-public-network-access-1) is: the managed private endpoint [1] from Azure OpenAI to Azure Search is provisioned through the [form application](#disable-public-network-access-1), while the managed private endpoint [2] from Azure Search to Azure OpenAI is provisioned via Azure portal or REST API of Azure Search.
235
+
The Azure AI Search shared private link you created is also in a Microsoft managed virtual network, not your virtual network. The difference compared to the other managed private endpoint created [earlier](#disable-public-network-access-1) is that the managed private endpoint `[1]` from Azure OpenAI to Azure Search is provisioned through the [form application](#disable-public-network-access-1), while the managed private endpoint `[2]` from Azure Search to Azure OpenAI is provisioned via Azure portal or REST API of Azure Search.
235
236
236
237
:::image type="content" source="../media/use-your-data/virtual-network-s2.png" alt-text="A diagram showing the virtual network architecture with S2 search resource." lightbox="../media/use-your-data/virtual-network-s2.png":::
237
238
@@ -264,7 +265,7 @@ So far you have already setup each resource work independently. Next you need to
264
265
|`Search Service Contributor`| Azure OpenAI | Azure AI Search | Inference service queries the index schema for auto fields mapping. Data ingestion service creates index, data sources, skill set, indexer, and queries the indexer status. |
265
266
|`Storage Blob Data Contributor`| Azure OpenAI | Storage Account | Reads from the input container, and writes the preprocess result to the output container. |
0 commit comments