Skip to article
AI and Machine Learning Azure OpenAI

Customer managed key for Azure OpenAI

Customer managed key for Azure OpenAI is a production Azure concept tied to Azure OpenAI.

Source: Microsoft Learn - Azure OpenAI encryption of data at rest Reviewed 2026-05-13

Exam trap
Treating Customer managed key for Azure OpenAI as a label instead of checking the exact resource, identity, dependency, and monitoring evidence.
Production check
Verify the active Azure subscription, resource group, resource ID, and environment before interpreting the result.
Article details and learning context
Aliases
Customer-managed key for Azure OpenAI, Customer managed key for Azure OpenAI
Difficulty
advanced
CLI mappings
4
Last verified
2026-05-13
Review level
field-manual
Article depth
field-manual-complete

Understand the concept

In plain English

Customer managed key for Azure OpenAI is a production Azure concept tied to Azure OpenAI. It helps teams prove that sensitive model artifacts, fine-tuning assets, and persisted service data are protected by a key lifecycle the customer controls. Operators use it when regulated AI workloads are approved, fine-tuned models or uploaded files need audit evidence, or security teams require a documented key-revocation path. Good teams document the owner, scope, dependencies, evidence, and failure impact before making it part of production.

Why it matters

Customer managed key for Azure OpenAI matters because it turns encryption for AI workloads into an auditable control that compliance, security, and platform teams can operate together. In enterprise Azure work, the weak spot is rarely the feature name; it is the gap between design intent and live state. When teams skip this topic, they can create audit findings, production outages, ambiguous ownership, hidden costs, or brittle integrations that show up during an incident. A good glossary entry turns the idea into an operating checklist: confirm scope, dependencies, monitoring, approved owners, and measurable outcomes before the change reaches production. Keep owner, scope, evidence, and rollback visible.

Official wording and source

Customer managed key for Azure OpenAI is a production Azure concept tied to Azure OpenAI. Microsoft Learn places it in Azure OpenAI encryption of data at rest; operators confirm scope, configuration, dependencies, and production impact. Use the linked source for exact Azure behavior.

Open Microsoft Learn

Technical context

Technically, Customer managed key for Azure OpenAI is backed by Azure configuration, identities, dependencies, logs, and deployment records. Operators validate it by checking the live resource, related permissions, health signals, and approved design notes. Treat it as production configuration: capture resource IDs, test failure behavior, use least-privilege access, and keep rollback notes beside the change record. Keep owner, scope, evidence, and rollback visible. Keep owner, scope, evidence, and rollback visible. Keep owner, scope, evidence, and rollback visible.

Exam context

What to know

Customer managed key for Azure OpenAI is included in the top-250 priority set because it appears in production reviews, incident triage, governance conversations, and Microsoft Learn based Azure operations. Understanding it helps teams ask better questions before they change infrastructure.

Compare with

Where it is used

Where you see it

  1. In the Azure portal, Customer managed key for Azure OpenAI appears around Azure AI resource encryption, identity, networking, and associated Key Vault settings, where owners confirm scope, settings, dependency health, and recent changes before approvals.
  2. In CLI or IaC reviews, it appears in az cognitiveservices account, az keyvault key, az role assignment, and ARM template output, helping engineers compare intended configuration with live Azure state before release.
  3. In monitoring and governance, it appears through Key Vault diagnostics, Activity Log entries, Defender policy findings, and Azure Monitor alerts, where teams track drift, failures, usage, and policy exceptions tied to owners.

Common situations

  • Use a Key Vault key and managed identity to protect supported Azure OpenAI data-at-rest scenarios.
  • Prove AI encryption controls during regulated workload design reviews and audit evidence collection.
  • Check key URI, vault protections, role assignments, diagnostics, and activity logs before production approval.
  • Plan key rotation, disablement drills, and rollback steps before changing encryption for Azure OpenAI resources.
  • Distinguish Azure OpenAI customer-managed key controls from network isolation, content filtering, and model deployment settings.

Illustrative Azure scenarios

These examples show how the concept can affect design and operations. They are illustrative scenarios, not customer claims.

Scenario 01 Regulated claims assistant Scenario, objectives, solution, measured impact, and takeaway.
Scenario

Northstar Mutual, a insurance organization, wanted a claims summarization assistant using Azure OpenAI, but auditors required customer control over keys protecting persisted AI assets before production approval.

Goals
  • Protect Azure OpenAI persisted data with customer-managed encryption evidence
  • Pass the quarterly control review without manual screenshots
  • Keep model deployment changes under two hours of platform work
  • Document a tested key disablement and recovery path
Approach using Customer managed key for Azure OpenAI

The platform team enabled a managed identity on the Azure OpenAI resource and configured customer-managed key protection with a Key Vault key that had soft delete, purge protection, diagnostics, and restricted network access. They assigned only the required key permissions to the resource identity, kept AI Search and storage encryption documented separately, and added read-only CLI checks for the account, key, role assignment, and Activity Log. Change approvals required the key URI, vault firewall status, and rollback steps before any new model deployment was promoted. The architecture decision record captured owners, rollback steps, monitoring queries, and acceptance criteria so the operating team could support the design after launch.

Potential outcomes
  • Audit evidence collection dropped from six hours to forty minutes
  • Deployment approval time fell by thirty five percent
  • Security exceptions for AI encryption closed before launch
  • A key access drill restored service within the recovery target
What to learn

Customer-managed keys make Azure OpenAI encryption a verifiable operating control, not just a compliance phrase.

Scenario 02 Clinical note generation Scenario, objectives, solution, measured impact, and takeaway.
Scenario

Meridian Clinics, a healthcare organization, needed a controlled AI pilot for drafting visit summaries while privacy officers required proof that persisted service data used customer-owned key management.

Goals
  • Support five clinic groups without expanding secret exposure
  • Separate AI encryption evidence from storage and search evidence
  • Alert within fifteen minutes of key or vault permission drift
  • Maintain clinician workflow latency within approved limits
Approach using Customer managed key for Azure OpenAI

Meridian deployed the Azure OpenAI resource in a locked subscription, attached a managed identity, and configured the CMK through a Key Vault protected by private endpoint, purge protection, and diagnostic logging. The architecture board required separate encryption checks for the storage account used by the application and for Azure AI Search indexes used in retrieval. Platform automation captured the key identifier, account identity, role assignments, and recent Activity Log events during every release. The architecture decision record captured owners, rollback steps, monitoring queries, and acceptance criteria so the operating team could support the design after launch.

Potential outcomes
  • Privacy review approved the pilot for all five clinic groups
  • Permission drift alerts fired during a test change in eight minutes
  • No clinician workflow breach was recorded during the pilot
  • Evidence packages were reused for two follow-on deployments
What to learn

For healthcare AI, CMK value comes from clear ownership, dependency separation, and repeatable evidence.

Scenario 03 Citizen service chatbot Scenario, objectives, solution, measured impact, and takeaway.
Scenario

CivicPath Services, a public sector organization, planned an Azure OpenAI chatbot for permit questions and needed encryption evidence acceptable to central security before opening the service to residents.

Goals
  • Prove customer control over keys for persisted AI service data
  • Reduce manual security review effort by at least thirty percent
  • Keep dependent resources mapped to separate encryption owners
  • Create an emergency procedure for key revocation
Approach using Customer managed key for Azure OpenAI

The cloud team created a dedicated Key Vault key for the Azure OpenAI resource, enabled managed identity, restricted vault access, and documented why the same CMK setting did not automatically cover application storage, logging, or search resources. They connected Azure Monitor alerts to Key Vault diagnostics, added Azure Policy checks for purge protection, and used CLI probes in the release checklist to compare live identity and key state with approved architecture diagrams. The architecture decision record captured owners, rollback steps, monitoring queries, and acceptance criteria so the operating team could support the design after launch.

Potential outcomes
  • Security review effort dropped from ten days to six days
  • All dependent resource encryption owners were recorded
  • Key revocation testing completed without data loss
  • The chatbot launch met the agency control deadline
What to learn

CMK for Azure OpenAI helps public teams prove encryption control while still treating each dependency as its own risk.

Azure CLI

Use Azure CLI for Customer managed key for Azure OpenAI to collect repeatable evidence from live Azure resources without changing the JSON engine or relying on one-off portal screenshots.

Useful for

  • Confirm the live Azure scope, resource owner, and configuration state for Customer managed key for Azure OpenAI before an approval.
  • Capture repeatable evidence for audits, incidents, architecture reviews, and release checklists involving Customer managed key for Azure OpenAI.
  • Compare portal settings, IaC intent, and command output so drift is found before it becomes a production issue.
  • Show the Azure OpenAI account and encryption configuration before a compliance review.
  • Inspect the Key Vault key, identity, and role assignment used by the resource.

Before you run a command

  • Confirm the active tenant, subscription, resource group, resource names, and environment before trusting any command output.
  • Start with read-only commands; use mutating commands only when a change ticket, rollback plan, and owner approval exist.
  • Check whether the command touches identity, keys, networking, secrets, billing, or production traffic before running it.

What the output tells you

  • It shows whether Customer managed key for Azure OpenAI is configured at the expected Azure scope and whether live settings match the approved design.
  • It exposes resource IDs, identities, permissions, component names, encryption settings, logs, or status values needed for troubleshooting.
  • It helps reviewers connect a portal decision to concrete evidence that can be saved in an incident, audit, or release record.

Mapped commands

Customer managed key for Azure OpenAI operational checks

direct
az cognitiveservices account show --name <account> --resource-group <resource-group>
az cognitiveservices accountdiscoverAI and Machine Learning
az keyvault key show --vault-name <vault-name> --name <key-name>
az keyvault keydiscoverStorage
az role assignment list --assignee <principal-id> --scope <key-vault-id> --output table
az role assignmentdiscoverAI and Machine Learning
az monitor activity-log list --resource-group <resource-group> --max-events 50
az monitor activity-logdiscoverAI and Machine Learning

Architecture context

Customer managed key for Azure OpenAI connects architecture decisions to identity, dependency, monitoring, cost, and operations evidence for production Azure environments.

Security
Security for Customer managed key for Azure OpenAI starts with knowing which identity can unwrap the key, which humans can change the key, and whether dependent AI resources are encrypted separately. Apply the right Azure identity, RBAC, networking, secret, policy, and diagnostic controls for the workload. Verification should use live resource state, deployment records, and logs rather than informal screenshots. The main risk is a disabled, deleted, or inaccessible key can intentionally block access, while an overprivileged identity can weaken the control you meant to prove. Document the failure path if the Key Vault key, managed identity, vault firewall, or compliance exemption changes, because that is where security controls often become operational incidents.
Cost
Cost for Customer managed key for Azure OpenAI comes from Key Vault transactions, managed HSM choice, extra private networking, compliance evidence collection, AI resource usage, monitoring, and support effort. A configuration that looks free can still increase background usage, security reviews, monitoring volume, or support effort. Review pricing at the whole workflow level, not just the named feature. Good teams tag owners, compare environments, watch utilization, set budgets where possible, and retire unused components before small recurring charges become normalized platform waste. Cost reviews should include the dependency services that make the pattern work in production. Keep owner, scope, evidence, and rollback visible.
Reliability
Reliability for Customer managed key for Azure OpenAI depends on Key Vault availability, stable managed identity permissions, supported regional capacity, and clear behavior when key access fails. Test both the happy path and the failure path: vault firewall changes, expired or disabled keys, missing unwrap permissions, regional incidents, dependent storage failures, and deployment drift. Production owners should know which metric or log proves the behavior is healthy, what alert fires first, and who can approve an emergency change. The design should include environment parity, rollback notes, recovery expectations, and service-specific limits so support teams are not rebuilding context during an outage.
Performance
Performance for Customer managed key for Azure OpenAI depends on Key Vault access latency during unwrap operations, private network paths, service throttling, model deployment load, and diagnostic logging overhead. Measure it with production-shaped data and realistic failure modes, not a tiny test request. Check cold starts, retries, payload size, routing, scans, cache behavior, and logging overhead where they apply. Performance work should not weaken security or reliability; the best result is documented tuning that explains which metric improved, which tradeoff was accepted, and when the decision must be reviewed. Keep owner, scope, evidence, and rollback visible. Keep owner, scope, evidence, and rollback visible.
Operations
Operations for Customer managed key for Azure OpenAI should be repeatable enough that another engineer can verify the same state without guessing. Keep key ownership, exception approvals, deployment templates, identity assignments, model deployment inventory, and incident runbooks connected to the change record. Review the setting during deployments, access reviews, incident postmortems, cost reviews, and platform upgrades. Avoid one-off portal edits unless they are captured afterward in IaC or documented exception records. The operational goal is clear evidence: what exists, why it exists, how it is monitored, and when it should change. Keep owner, scope, evidence, and rollback visible. Keep owner, scope, evidence, and rollback visible.

Common mistakes

  • Treating Customer managed key for Azure OpenAI as a label instead of checking the exact resource, identity, dependency, and monitoring evidence.
  • Assuming development, test, and production are configured the same without comparing live output and deployment templates.
  • Running a mutating command during investigation before confirming blast radius, rollback steps, approval, and ownership.
  • Assuming a Key Vault key protects every AI dependency without checking supported scope and linked services separately.
  • Rotating or disabling keys without a tested recovery path, diagnostics, and production owner approval.