As enterprises adopt Generative AI using Azure OpenAI, securing access to AI services becomes critical. By default, Azure OpenAI exposes a public endpoint, which allows access over the internet. However, this model does not meet enterprise security standards. This blog explains how to design a secure Azure OpenAI architecture using Private Endpoints and Private DNS Zones, ensuring that all traffic stays within the Azure backbone network.
Problem Statement
- Azure OpenAI is publicly accessible by default Azure OpenAI frequently asked questions | Microsoft Learn
- Any application with API access can call it from anywhere
- Violates:
- Enterprise security policies
- Zero Trust architecture Key principles of the Zero Trust network model
- Regulatory compliance
π Enterprises require:
- Private connectivity
- Controlled access via VNet
- DNS-based secure resolution
ποΈ Architecture Overview
β Key Components
- Azure OpenAI Service
- Azure Virtual Network (VNet)
- Private Endpoint
- Private DNS Zone
- Application (VM / App Service / AKS)
β High-Level Flow
- Application sends request to OpenAI endpoint
- DNS resolves endpoint β Private IP
- Traffic routed inside VNet
- No internet exposure
π Private endpoints assign a private IP inside VNet, ensuring secure communication over Azure backbone.
πΉ Architecture Diagram Description
Diagram 01: Architecture Enhancing Enterprise AI Deployments with Zero Trust NetworkingEnd-to-End Flow
- User authenticates via Entra ID (MFA) Microsoft Entra multifactor authentication
- Traffic passes through WAF (threat filtering)
- Enters private Azure VNet
- API Management enforces policies
- AI services are accessed via private endpoints
- Data is securely fetched from private storage/databases
- Monitoring tools track all activity continuously
Key Value Proposition: This architecture ensures:
- π« No public exposure of AI services or data
- π Identity-based access instead of network trust
- π Fully private, isolated network communication
- β‘ Secure and scalable AI workloads
- π‘οΈ Defense-in-depth with monitoring and policy enforcement
Note: This architecture demonstrates how enterprises can securely operationalize AI at scale by combining private networking, identity-driven access, and continuous monitoringβfully aligned with Zero Trust principles.
π Critical Concept: Private Endpoint
A Private Endpoint:
- Creates a network interface in your VNet
- Assigns a private IP address
- Maps to Azure OpenAI service
- Redirects traffic internally
π Result:
- No public internet usage
- Fully isolated communication
π Critical Concept: DNS Resolution
Why DNS is critical?
- OpenAI endpoint still uses public FQDN
- Must resolve to private IP instead
π Without correct DNS:
- Traffic goes to public endpoint
- Security is broken
How it works
- Public DNS CNAME β Private Link domain
- Private DNS overrides resolution
- FQDN resolves to Private Endpoint IP
π DNS ensures that traffic routes correctly to private endpoint
𧱠Required Private DNS Zones
For Azure OpenAI:
- privatelink.openai.azure.com
- privatelink.cognitiveservices.azure.com
π These zones map:
- OpenAI endpoint β Private IP
π Important: Each Private Endpoint must have proper DNS mapping
βοΈ Step-by-Step Configuration
β Step 1: Create Virtual Network
- Create VNet with:
- App subnet
- Private Endpoint subnet
π Best practice:
Use dedicated subnet for private endpoints
β Step 2: Create Azure OpenAI Resource
- Go to Azure Portal
- Create Azure OpenAI
- Select region & resource group
π Note:
OpenAI resource doesnβt need same region as VNet (optional)
β Step 3: Disable Public Network Access
- Navigate to:
- Networking β Public Access
- Set:
Public Network Access = Disabled
π Ensures service is not accessible via internet
β Step 4: Create Private Endpoint
- Go to OpenAI β Networking β Private Endpoint
Configure:
|
Setting |
Value |
|
VNet |
Your VNet |
|
Subnet |
Private Endpoint Subnet |
|
Resource Type |
Cognitive Services |
|
Sub-resource |
account |
π This creates:
- Private IP in subnet
- Network interface mapping
β Step 5: Configure Private DNS Zone
Create:
privatelink.openai.azure.com
Then:
- Link DNS zone to VNet
- Add A record automatically (or manually)
π DNS maps:
<your-openai-name>.openai.azure.com β Private IP
π DNS resolution ensures traffic flows internally
β Step 6: Validate Connectivity
From VM inside VNet:
nslookup <openai-name>.openai.azure.com
β Expected output:
- Private IP (e.g., 10.x.x.x)
Then test API call β should work
β Step 7: Application Integration
Your application (AKS / VM / App Service):
- Calls OpenAI endpoint
- Traffic resolves to private IP
- Routed via VNet
π Fully secure AI access
π Security Best Practices
β Disable public access completely
β Use Private Endpoint for all AI services
β Use NSG + Firewall for segmentation
β Use Managed Identity instead of API keys
β Monitor via Azure Monitor
π Private endpoints ensure traffic stays inside Azure backbone network
π’ Real-World Enterprise Use Case
Example:
- Banking application using OpenAI
- Hosted on AKS
- Uses:
- Private Endpoint
- APIM
- DNS resolution
π Result:
- No internet exposure
- Compliance with regulations
- Secure data processing
β Key Benefits
- π Zero internet exposure
- π Private connectivity
- π‘οΈ Zero Trust architecture
- β‘ Reliable and low latency
- 𧩠Seamless app integration
π§Ύ Conclusion
Azure OpenAI is powerful, but security architecture is critical for enterprise adoption.
By using:
- Private Endpoints
- Private DNS Zones
- VNet integration
You can build a secure, scalable, and compliant AI solution.
Microsoft