DataStrict
Integrations

Integrations

Microsoft Azure

Govern Azure OpenAI with identity bound to Microsoft Entra ID, all inside your Azure subscription.

Overview

DataStrict runs on AKS or Azure Container Apps inside your subscription, so Azure OpenAI traffic is governed without data leaving your tenant.

Policy decisions bind to Microsoft Entra ID, tying every AI request to a real identity and purpose.

How it works

Your app calls the gateway, which evaluates the request against policy and forwards allowed traffic to your Azure OpenAI deployment. Blocked and redacted requests never reach the model. Decisions are written to Azure Database for PostgreSQL.

Entra ID tokens supply the caller identity, so least-privilege and purpose limitation are enforced per user or per service principal.

Connect

Deploy the gateway to AKS or Container Apps, grant it access to your Azure OpenAI resource, and set your SDK endpoint to the gateway.

# datastrict.yaml
gateway:
  provider: azure-openai
  endpoint: https://my-aoai.openai.azure.com
  identity: entra   # bind decisions to Entra ID
  ledger: postgres://ledger.internal:5432/datastrict

What you can enforce

  • Azure OpenAI prompts and responses, evaluated against policy before the model answers.
  • PII and confidential content redacted or blocked at the boundary.
  • Access bound to Entra ID identity, with deny-by-default tool permissions.
  • An immutable Ledger in your own Azure Postgres.

Was this page helpful?