Integrations
Microsoft Azure
Govern Azure OpenAI with identity bound to Microsoft Entra ID, all inside your Azure subscription.
Overview
DataStrict runs on AKS or Azure Container Apps inside your subscription, so Azure OpenAI traffic is governed without data leaving your tenant.
Policy decisions bind to Microsoft Entra ID, tying every AI request to a real identity and purpose.
How it works
Your app calls the gateway, which evaluates the request against policy and forwards allowed traffic to your Azure OpenAI deployment. Blocked and redacted requests never reach the model. Decisions are written to Azure Database for PostgreSQL.
Entra ID tokens supply the caller identity, so least-privilege and purpose limitation are enforced per user or per service principal.
Connect
Deploy the gateway to AKS or Container Apps, grant it access to your Azure OpenAI resource, and set your SDK endpoint to the gateway.
# datastrict.yaml
gateway:
provider: azure-openai
endpoint: https://my-aoai.openai.azure.com
identity: entra # bind decisions to Entra ID
ledger: postgres://ledger.internal:5432/datastrictWhat you can enforce
- Azure OpenAI prompts and responses, evaluated against policy before the model answers.
- PII and confidential content redacted or blocked at the boundary.
- Access bound to Entra ID identity, with deny-by-default tool permissions.
- An immutable Ledger in your own Azure Postgres.
Was this page helpful?