Learn the best practices for securing Azure OpenAI resources by disabling public network access, using private endpoints, and ensuring secure connections across regions. Protect your data and reduce risks with these expert tips.
Table of Contents
Question
Another team member in your company, Greg, is in the process of creating an Azure OpenAI resource using the Azure portal.
The resource should be secure, with the following characteristics:
- Traffic to access the resource is not exposed on the public Internet.
- Consumers of the Azure OpenAI resource can only access that resource, thus reducing the risk of data leakage
- The resource can connect to services running in other regions.
Greg sets the following network type on the Networking tab for the Azure OpenAI resource:
Does Greg’s solution meet the objectives?
A. Yes
B. No
Answer
B. No
Explanation
No. When you choose Selected networks, you can configure the resource to use a specific VNet, but that does not guarantee that traffic to and from the resource is not exposed to the public Internet or reduce the risk of data leakage.
By choosing the Disabled option, you can use a private endpoint to establish a secure, isolated connection to the resource. This endpoint, deployed on a subnet, ensures that all communication is protected as it traverses the Azure Private Link, thereby preventing any exposure to the public Internet.
Although the private endpoint and the Azure OpenAI resource are in the same location as the resource, this does not prevent the resource from connecting privately to services running in other regions using the Private Link.
When a private endpoint is mapped to a resource, it ensures that consumers of that resource only connect to that specific resource within the service. This effectively blocks access to other resources, significantly reducing the risk of data leakage.
Microsoft Azure AI Engineer Associate AI-102 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Microsoft Azure AI Engineer Associate AI-102 exam and earn Microsoft Azure AI Engineer Associate AI-102 certification.