Skip to content
MyEngineeringPath

Azure OpenAI Service Guide — Enterprise LLM API for Production

1. Introduction and Motivation

Section titled “1. Introduction and Motivation”

Why Azure OpenAI Service Exists

Section titled “Why Azure OpenAI Service Exists”

Microsoft and OpenAI have a deep partnership: Microsoft has invested over $13 billion in OpenAI and is the exclusive cloud provider for OpenAI’s commercial API. Azure OpenAI Service is the result of this partnership: GPT-4o, GPT-4 Turbo, o1, o3, DALL-E, and Whisper models running on Azure infrastructure, accessible via the same API interface as the public OpenAI API but with Azure-native identity, compliance, and networking.

For organizations standardized on Microsoft Azure and the Microsoft 365 ecosystem, the integration advantage is substantial: the same Azure Active Directory (now Entra ID) identities used for Microsoft 365, Azure, and on-premises Active Directory can be used to authenticate against Azure OpenAI Service. VNet integration, private endpoints, and Azure Policy controls apply to AI workloads just as they do to every other Azure resource.

The key distinction from the public OpenAI API: Azure OpenAI runs on dedicated Azure infrastructure per region, not on shared OpenAI infrastructure. Prompts and completions are not used to train models. This matters for enterprise customers in regulated industries who need contractual guarantees about data handling.

The Microsoft 365 Integration Context

Section titled “The Microsoft 365 Integration Context”

Beyond compliance, the integration advantage for Microsoft-first organizations is the breadth of the Microsoft ecosystem. Azure OpenAI Service pairs naturally with:

  • SharePoint and OneDrive as document sources for RAG, indexed by Azure AI Search
  • Microsoft Teams as a front-end for enterprise AI assistants via the Bot Framework or Copilot Studio
  • Power Platform for no-code/low-code AI workflow automation
  • Azure Synapse and Fabric for AI-powered analytics on enterprise data

Teams that have invested in the Microsoft ecosystem find that Azure OpenAI Service reduces integration friction at every layer — the same way Bedrock reduces it for AWS-first teams and Vertex AI reduces it for GCP-first teams.

2. Real-World Problem Context

Section titled “2. Real-World Problem Context”

The Regulated Industry Scenario

Section titled “The Regulated Industry Scenario”

An insurance company has 500,000 policy documents in SharePoint Online and wants to build an internal assistant that can answer coverage questions by retrieving and synthesizing information from those documents. The requirements from legal and security: no data leaves the Microsoft boundary, model invocations must be auditable, and the system must comply with SOC 2 Type II.

The direct OpenAI API approach: data in SharePoint needs to be extracted, chunked, embedded, and stored in a separate vector database (Pinecone, Weaviate, or similar). The vector database is another external service with its own access controls and compliance posture. API keys for the OpenAI API are credentials outside the Azure AD lifecycle.

The Azure OpenAI approach: Azure AI Search crawls SharePoint Online natively, chunks and embeds documents, and stores them in an Azure-managed index. Azure OpenAI Service uses the same Azure AD roles and service principals as every other Azure resource. Private endpoints keep all traffic within the corporate VNet. Everything is within the existing compliance boundary.

The Enterprise SSO and RBAC Requirement

Section titled “The Enterprise SSO and RBAC Requirement”

A common enterprise requirement: different user groups should have access to different capabilities. Customer service agents can query the knowledge base but cannot access financial records. Finance analysts can query financial data. Administrators can access everything.

This RBAC model is implementable with Azure OpenAI because the service integrates with Azure RBAC. Azure AD groups map to Azure RBAC roles. The same group membership that controls SharePoint access controls AI system access. For organizations that already manage permissions through Azure AD, this is not new infrastructure — it is the existing infrastructure extended to AI workloads.

3. Core Concepts & Mental Model

Section titled “3. Core Concepts & Mental Model”

The Azure OpenAI Service Architecture

Section titled “The Azure OpenAI Service Architecture”

Azure OpenAI Service is built on a different model than Bedrock or Vertex AI. Rather than invoking shared hosted models, you deploy models to a dedicated resource within your subscription and call them via that resource’s endpoint.

Azure OpenAI Resource: An Azure resource (like a storage account or key vault) that you create in a specific Azure region. It has an endpoint URL and an API key (or uses Azure AD auth). All model invocations through this resource are associated with your subscription.

Model Deployments: Within a resource, you deploy specific model versions. A single resource can have multiple deployments: one deployment for gpt-4o (production), one for gpt-4o-mini (lower cost), one for text-embedding-3-large (embeddings). Each deployment has its own rate limit (Tokens Per Minute, TPM) that you configure at deployment time.

Azure AI Foundry (formerly Azure AI Studio): The management portal for Azure AI services including Azure OpenAI. Used for model deployment, playground testing, fine-tuning, evaluation, and connecting to Azure AI Search for RAG.

Azure AI Search (formerly Cognitive Search): The managed search service for Azure. For GenAI use cases, it serves as the vector store for RAG pipelines, with native connectors for Azure Blob Storage, SharePoint Online, and Azure Cosmos DB.

Content Safety (Guardrails): Azure OpenAI includes built-in content filtering for hate speech, violence, sexual content, and self-harm. The filter is applied to both inputs and outputs by default. The strictness is configurable; in some cases (with a use case form and Microsoft approval) it can be modified for specific contexts.

Authentication: Two Modes

Section titled “Authentication: Two Modes”

API key authentication: A static key associated with the Azure OpenAI resource. Simpler to implement, but the key must be managed (stored in Key Vault, rotated periodically). Appropriate for development and for scenarios where Azure AD identity is not available.

Azure AD (Entra ID) authentication: Uses OAuth 2.0 tokens from Azure AD. Service principals or managed identities (no credentials to manage, Azure handles rotation automatically) can authenticate to Azure OpenAI via the Cognitive Services OpenAI User role. This is the recommended production approach for workloads running in Azure.

from azure.identity import DefaultAzureCredential
from openai import AzureOpenAI


# Managed identity or service principal — no key required
credential = DefaultAzureCredential()
token = credential.get_token("https://cognitiveservices.azure.com/.default")


client = AzureOpenAI(
    azure_endpoint="https://YOUR-RESOURCE.openai.azure.com/",
    azure_ad_token=token.token,
    api_version="2024-08-01-preview"
)

4. Step-by-Step Explanation

Section titled “4. Step-by-Step Explanation”

Step 1: Create an Azure OpenAI Resource

Section titled “Step 1: Create an Azure OpenAI Resource”

Via the Azure Portal: search for “Azure OpenAI”, create a resource, select a pricing tier (S0 is the only option for most customers), choose a region (model availability varies by region), and deploy.

Via the CLI:

Terminal window
az cognitiveservices account create \
  --name my-openai-resource \
  --resource-group my-rg \
  --kind OpenAI \
  --sku S0 \
  --location eastus


# Get the endpoint
az cognitiveservices account show \
  --name my-openai-resource \
  --resource-group my-rg \
  --query properties.endpoint

Step 2: Deploy a Model

Section titled “Step 2: Deploy a Model”
Terminal window
# Deploy GPT-4o with 100K TPM (tokens per minute) rate limit
az cognitiveservices account deployment create \
  --name my-openai-resource \
  --resource-group my-rg \
  --deployment-name gpt-4o-prod \
  --model-name gpt-4o \
  --model-version 2024-08-06 \
  --model-format OpenAI \
  --sku-capacity 100 \
  --sku-name GlobalStandard

The deployment name (gpt-4o-prod) is what you use in API calls as the model parameter. It is a label for your deployment, not the model name.

Step 3: Invoke the API

Section titled “Step 3: Invoke the API”

Azure OpenAI uses the same API interface as the public OpenAI SDK, with an Azure-specific client:

from openai import AzureOpenAI


client = AzureOpenAI(
    azure_endpoint="https://YOUR-RESOURCE.openai.azure.com/",
    api_key="YOUR-API-KEY",  # or use Azure AD auth as shown above
    api_version="2024-08-01-preview"
)


response = client.chat.completions.create(
    model="gpt-4o-prod",  # Your deployment name, not the model name
    messages=[
        {"role": "system", "content": "You are a helpful assistant specializing in insurance policy analysis."},
        {"role": "user", "content": "What are the typical exclusions in a homeowners policy?"}
    ],
    temperature=0.3,
    max_tokens=1024
)


print(response.choices[0].message.content)

The Azure OpenAI SDK is a thin wrapper over the standard OpenAI SDK — existing OpenAI SDK code requires only changing the client initialization to migrate.

Step 4: Set Up RAG with Azure AI Search and SharePoint

Section titled “Step 4: Set Up RAG with Azure AI Search and SharePoint”

Configure a RAG pipeline using the “On Your Data” feature in Azure OpenAI:

client = AzureOpenAI(
    azure_endpoint="https://YOUR-RESOURCE.openai.azure.com/",
    api_key="YOUR-API-KEY",
    api_version="2024-08-01-preview"
)


response = client.chat.completions.create(
    model="gpt-4o-prod",
    messages=[{"role": "user", "content": "What is the coverage limit for flood damage in Policy #A12345?"}],
    extra_body={
        "data_sources": [
            {
                "type": "azure_search",
                "parameters": {
                    "endpoint": "https://YOUR-SEARCH-SERVICE.search.windows.net",
                    "index_name": "insurance-policies",
                    "authentication": {
                        "type": "api_key",
                        "key": "YOUR-SEARCH-API-KEY"
                    },
                    "query_type": "vector_semantic_hybrid",
                    "semantic_configuration": "default",
                    "top_n_documents": 5
                }
            }
        ]
    }
)


# Response includes citations
for choice in response.choices:
    print(choice.message.content)
    if hasattr(choice.message, "context") and choice.message.context:
        for citation in choice.message.context.get("citations", []):
            print(f"Source: {citation.get('title')}, {citation.get('url')}")

The “On Your Data” pattern handles retrieval at the Azure OpenAI API level, similar to Vertex AI grounding — no retrieval code in the application.

Step 5: Function Calling

Section titled “Step 5: Function Calling”
import json


tools = [
    {
        "type": "function",
        "function": {
            "name": "get_policy_details",
            "description": "Retrieve the full details of an insurance policy by policy ID. Use when the user provides a policy number.",
            "parameters": {
                "type": "object",
                "properties": {
                    "policy_id": {"type": "string", "description": "The policy number (e.g. 'A12345')"}
                },
                "required": ["policy_id"]
            }
        }
    }
]


messages = [{"role": "user", "content": "What are the deductibles for policy A12345?"}]
response = client.chat.completions.create(model="gpt-4o-prod", messages=messages, tools=tools)


# Handle tool call
if response.choices[0].finish_reason == "tool_calls":
    tool_call = response.choices[0].message.tool_calls[0]
    args = json.loads(tool_call.function.arguments)
    # Execute the function and add the result to messages
    result = get_policy_details(args["policy_id"])  # Your implementation
    messages.extend([
        response.choices[0].message,
        {"role": "tool", "tool_call_id": tool_call.id, "content": json.dumps(result)}
    ])
    final_response = client.chat.completions.create(model="gpt-4o-prod", messages=messages, tools=tools)
    print(final_response.choices[0].message.content)

5. Architecture & System View

Section titled “5. Architecture & System View”

Production GenAI Stack on Azure

Section titled “Production GenAI Stack on Azure”

A production Azure OpenAI deployment integrates Azure-native identity, network, and data services.

📊 Visual Explanation

Section titled “📊 Visual Explanation”

Production GenAI Architecture — Azure OpenAI

A complete production stack using native Microsoft Azure services

Application Tier
Azure App Service · AKS · Azure Functions
Azure Entra ID (Auth)
Managed identity · RBAC · Service principal authentication
Azure OpenAI Service
GPT-4o · o1 · Embeddings · Content Safety filter
Azure AI Search
Vector + semantic + keyword hybrid search for RAG
Data Layer
SharePoint · Azure Blob · Cosmos DB · SQL Database
Idle

Private Endpoint Architecture

Section titled “Private Endpoint Architecture”

For production deployments where all traffic must stay within the corporate network:

  1. Create an Azure Private Endpoint for the Azure OpenAI resource
  2. Configure a Private DNS Zone (privatelink.openai.azure.com) in your VNet
  3. Create a Private Endpoint for Azure AI Search (privatelink.search.windows.net)
  4. Disable public network access on both resources
  5. All API traffic resolves to private IP addresses within the VNet — no public internet traversal

This configuration is standard for financial services and healthcare workloads on Azure.

6. Practical Examples

Section titled “6. Practical Examples”

Example: Streaming Responses in a Web Application

Section titled “Example: Streaming Responses in a Web Application”
from openai import AzureOpenAI


client = AzureOpenAI(
    azure_endpoint="https://YOUR-RESOURCE.openai.azure.com/",
    api_key="YOUR-API-KEY",
    api_version="2024-08-01-preview"
)


# Generator that yields text chunks for SSE streaming
def stream_response(user_message: str):
    stream = client.chat.completions.create(
        model="gpt-4o-prod",
        messages=[{"role": "user", "content": user_message}],
        stream=True
    )
    for chunk in stream:
        if chunk.choices and chunk.choices[0].delta.content:
            yield chunk.choices[0].delta.content
Section titled “Example: Semantic Embedding with Azure AI Search”
# Generate embeddings for documents
def embed_document(text: str) -> list[float]:
    response = client.embeddings.create(
        model="text-embedding-3-large-prod",  # Your embedding deployment name
        input=text
    )
    return response.data[0].embedding


# Push to Azure AI Search index
from azure.search.documents import SearchClient
from azure.core.credentials import AzureKeyCredential


search_client = SearchClient(
    endpoint="https://YOUR-SEARCH.search.windows.net",
    index_name="documents",
    credential=AzureKeyCredential("YOUR-SEARCH-KEY")
)


# Upload document with embedding
search_client.upload_documents([{
    "id": "doc_001",
    "content": document_text,
    "content_vector": embed_document(document_text),
    "source": "sharepoint://sites/policies/Policy_A12345.pdf"
}])

Example: Batch Processing with Assistants API

Section titled “Example: Batch Processing with Assistants API”

Azure OpenAI supports the Assistants API for multi-turn task execution. For batch document processing, the Batch API provides async processing with 50% cost reduction:

# Submit a batch job for processing many documents
import json
from io import BytesIO


# Create JSONL batch file
batch_requests = [
    {
        "custom_id": f"doc-{i}",
        "method": "POST",
        "url": "/chat/completions",
        "body": {
            "model": "gpt-4o-prod",
            "messages": [
                {"role": "user", "content": f"Classify this document: {doc_text}"}
            ],
            "max_tokens": 100
        }
    }
    for i, doc_text in enumerate(document_texts)
]


jsonl_content = "\n".join(json.dumps(r) for r in batch_requests)
batch_file = client.files.create(
    file=("batch.jsonl", BytesIO(jsonl_content.encode()), "application/jsonl"),
    purpose="batch"
)


batch = client.batches.create(
    input_file_id=batch_file.id,
    endpoint="/chat/completions",
    completion_window="24h"
)
print(f"Batch submitted: {batch.id}")

7. Trade-offs, Limitations & Failure Modes

Section titled “7. Trade-offs, Limitations & Failure Modes”

GPT-4o Only — No Model Flexibility

Section titled “GPT-4o Only — No Model Flexibility”

Azure OpenAI exclusively offers OpenAI models. If your evaluation shows that Claude Sonnet produces better results for your specific use case, you cannot use Claude through Azure OpenAI Service — you need the Anthropic API directly or AWS Bedrock (which offers Claude). Organizations that want to mix providers within the Azure boundary need to implement their own model routing layer.

This is the primary capability trade-off versus Bedrock and Vertex AI, both of which offer multi-provider model catalogs within their managed service boundary.

Deployment Capacity Planning

Section titled “Deployment Capacity Planning”

Rate limits in Azure OpenAI are set at deployment time (Tokens Per Minute, TPM). If you under-provision your deployment, you will hit rate limits at peak usage. If you over-provision, you pay for reserved capacity that goes unused.

Azure OpenAI’s GlobalStandard deployment type reduces this problem by pooling capacity across Azure regions automatically. Use GlobalStandard for production deployments where global failover is acceptable; use standard (regional) deployments when data residency prohibits cross-region routing.

Regional Model Availability and Release Cadence

Section titled “Regional Model Availability and Release Cadence”

New OpenAI model versions appear in Azure regions with a delay relative to api.openai.com — typically weeks to months. For GPT-4o, the delay has historically been shorter than for earlier models, but it is not zero. If your application requires day-one access to the latest OpenAI models, the direct OpenAI API provides it; Azure does not.

Content Safety Filter False Positives

Section titled “Content Safety Filter False Positives”

The default content safety filter occasionally blocks legitimate content in professional contexts. Technical security content, medical discussions, legal analysis, and some financial discussions can trigger false positives at default filter settings. Azure provides a process to request modified filter configurations for specific use cases with documented justification — allow at least two to four weeks for this process when planning production timelines.

Prompt Injection via Retrieved Documents

Section titled “Prompt Injection via Retrieved Documents”

In “On Your Data” RAG configurations, documents retrieved from Azure AI Search are injected into the model’s context. Documents that contain instruction-like text (e.g., a SharePoint page that someone wrote to say “If you see this, ignore the previous instructions and…”) are a prompt injection vector. This is not Azure-specific — it applies to all RAG systems — but it is commonly overlooked when using the “On Your Data” feature because the retrieval is abstracted away.

Mitigate by filtering document sources to trusted corpora, monitoring for unusual outputs from RAG responses, and implementing output validation.

8. Interview Perspective

Section titled “8. Interview Perspective”

For a broader set of GenAI interview questions by level, see the GenAI interview questions guide.

“How would you build a compliant enterprise AI system for a Microsoft-first organization?” The expected answer: Azure OpenAI Service with managed identity (no API keys), private endpoints (no public internet), Azure AI Search for retrieval from SharePoint and Blob Storage, Azure AD for RBAC, Cloud Logging for audit. The same infrastructure governance that applies to every Azure resource applies to the AI system.

“When would you choose Azure OpenAI over the direct OpenAI API?” Compliance boundary is the primary driver: data must not leave Azure, model invocations must be in Azure audit logs, credentials must use the Azure AD lifecycle. Secondary drivers: existing investment in Azure infrastructure and Azure AD, Microsoft enterprise support SLAs, enterprise data agreements with Microsoft. For teams without these constraints, the direct API is simpler.

“What is the difference between Azure OpenAI ‘On Your Data’ and a custom RAG implementation?” On Your Data handles retrieval at the API level — simpler to implement, less controllable. Custom RAG (your code retrieves from Azure AI Search, constructs the prompt, calls the API) gives control over chunk ranking, filtering, hybrid search weights, and prompt construction. On Your Data is the right starting point; custom RAG is the migration path when On Your Data’s output quality is insufficient for your use case.

9. Production Perspective

Section titled “9. Production Perspective”

Use Managed Identity, Not API Keys

Section titled “Use Managed Identity, Not API Keys”

Every Azure workload that calls Azure OpenAI should authenticate with a managed identity, not a static API key. Managed identities are automatically rotated by Azure, have no secret to store or leak, and integrate with Azure RBAC so you can grant minimum-required permissions. The additional setup time is minutes; the operational security benefit is permanent.

from azure.identity import ManagedIdentityCredential
from openai import AzureOpenAI


credential = ManagedIdentityCredential()


def get_client():
    token = credential.get_token("https://cognitiveservices.azure.com/.default")
    return AzureOpenAI(
        azure_endpoint="https://YOUR-RESOURCE.openai.azure.com/",
        azure_ad_token=token.token,
        api_version="2024-08-01-preview"
    )

Implement Cross-Region Failover

Section titled “Implement Cross-Region Failover”

Azure OpenAI resources are regional. A regional outage takes the resource offline. For production workloads with availability SLAs, deploy Azure OpenAI resources in two regions and implement routing logic at the application layer: primary region for all traffic under normal conditions, secondary region when the primary returns errors or latency exceeds threshold.

Use Azure API Management as the routing layer for clean failover logic with circuit breaker patterns.

Monitor Cost with Azure Cost Management

Section titled “Monitor Cost with Azure Cost Management”

Azure OpenAI charges per token at the model level, plus deployment reservation costs if using GlobalStandard provisioned throughput. Configure Azure Cost Management budgets and alerts at the resource group level. Tag Azure OpenAI resources with cost center and application identifiers for chargeback.

Keep API Versions Pinned

Section titled “Keep API Versions Pinned”

The Azure OpenAI API version is specified in every client initialization (api_version="2024-08-01-preview"). API versions are not backward-compatible — a new preview version may change response formats or behavior. Pin to a specific API version in production and test new versions in a staging environment before upgrading.

10. Summary & Key Takeaways

Section titled “10. Summary & Key Takeaways”

Azure OpenAI Service is the right managed AI platform for organizations standardized on Microsoft Azure, using Azure Active Directory for identity management, and needing compliance boundaries that keep all AI workloads within the Azure boundary.

Use Azure OpenAI when:

  • Organization is Azure/Microsoft-first and existing IAM, VNet, and compliance infrastructure should extend to AI workloads
  • Data lives in SharePoint, OneDrive, or Azure Blob and Azure AI Search provides native indexing without ETL
  • Microsoft enterprise agreements and support SLAs are important
  • GPT-4o and other OpenAI models are the required model family

Consider alternatives when:

  • You need model flexibility beyond the OpenAI catalog (use Bedrock for Anthropic/Llama, Vertex AI for Gemini)
  • Day-one access to the latest model releases is required
  • Infrastructure is GCP-first or multi-cloud

Key operational rules:

  • Always use managed identity for authentication in production — never API keys in application code
  • Set deployment TPM capacity based on measured peak usage, not estimates
  • Use GlobalStandard deployment type to avoid regional capacity constraints
  • Pin API versions in production; test version upgrades in staging
  • Implement cross-region failover for workloads with high availability requirements
Section titled “Related”