![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 26%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EL%3C/text%3E%3C/svg%3E)
Azure AI Search
An Azure search service with built-in artificial intelligence capabilities that enrich information to help identify and explore relevant content at scale.
Hello !
Thank you for posting on Microsoft Learn Q&A.
In your search service go to settings then keys, set authentication to role based access control (or both during migration). If it’s still keys only then AAD tokens are rejected with 401.
https://free.blessedness.top/en-us/azure/search/search-get-started-rbac
Assign the managed identity of your web app these roles at the search service scope:
- search service contributor required to list/create/delete indexers, data sources, skillsets
- search index data contributor if you’ll run indexers or push docs (this is optional)
- reader, index data reader or index data contributor alone won’t let you list indexers https://free.blessedness.top/en-us/azure/search/search-security-rbac
Don't forget that role propagation can take a bit and recycle the app to force a fresh token.
https://free.blessedness.top/en-us/azure/search/search-security-rbac
You can use the data plane endpoint: https://<your-service>.search.windows.net not the ARM management endpoint and when you use the official SDKs with DefaultAzureCredential, they request a token for the search resource automatically so if you create tokens yourself, make sure the audience matches that value, or you’ll get 401/403.