Share via

403 In Azure OpenAI when using vector embedding in Azure AI Search Index

slimane hicham 20 Reputation points
2024-08-04T15:25:18.49+00:00

I have an AI Search and Azure OpenAI deployed in private mode, meaning access is only allowed through private endpoints. I also configured Azure AI Search with a shared private endpoint to my Azure OpenAI. Additionally, I deployed a WebApp in Azure App Service that provides a chat web interface, and this WebApp is also deployed in private mode. The environment works perfectly, and communication between different components is private.

The issue arises when I try to use the vectorization endpoint; I encounter a 403 Forbidden error when AI Search tries to access Azure OpenAI. I noticed in the Azure OpenAI logs (in the Log Analytics Workspace) that AI Search is trying to access Azure OpenAI via a public IP (20.105.245.*).
When I added this public IP to the Azure OpenAI firewall, the vector embedding in AI Search works

My concerns are as follows:

  1. Why does the vector embedding use a public IP instead of a private endpoint, while all other functionalities work fine and use private endpoints?
  2. This public IP is different from the public IP attached to my AI Search instance and may be shared with other AI Search clients.

Has anyone else experienced a similar issue, or does anyone have insights into potential causes or solutions? Any help or guidance on this matter would be greatly appreciated.

Thank you!

Azure AI Search
Azure AI Search
An Azure search service with built-in artificial intelligence capabilities that enrich information to help identify and explore relevant content at scale.
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Amira Bedhiafi 39,106 Reputation points Volunteer Moderator
    2025-10-20T18:47:00.91+00:00

    Hello Slimane !

    Thank you for posting on Microsoft Learn Q&A.

    Your search service is calling Azure OpenAI from the multitenant processing plane for vectorization, so OpenAI sees a Microsoft egress IP, that’s why allow listing that IP fixes it.

    So to keep everything private, switch vectorization to a shared private link + private execution environment and use a managed identity.

    Integrated vectorization will use a Microsoft hosted processing plane unless you explicitly run the indexer in the private execution environment. From there it will call OpenAI over the public internet unless you set up a Shared Private Link to OpenAI.

    https://free.blessedness.top/en-us/azure/search/search-indexer-howto-access-private

    You need to create a shared private link from search in Azure OpenAI and pick your Azure OpenAI resource, group ID openai_account, and create the link and approve the pending private endpoint in the OpenAI resource.

    https://free.blessedness.top/en-us/azure/search/search-indexer-howto-access-private

    In the indexer definition set executionEnvironment: "Private". Without this, Search uses the multitenant plane and will still egress publicly.

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.