Registry / Azure OpenAI Service
Azure OpenAI Service
OpenAI GPT models served by Microsoft as "Models sold by Azure" within Microsoft Foundry (formerly Azure OpenAI Service / Azure AI Foundry). Microsoft hosts the models in its own Azure environment; customer data does not flow to OpenAI-operated services, and vendor-trust and data-handling commitments are Microsoft's/Azure's.
Watch-outs 2
The cells where this offering is not a clean public yes. This is what to check before you sign.
- SOC 2 Type II: Yes, sales-gated Azure's SOC 2 Type II report is gated by Microsoft account and service agreement.
- Retention / ZDR: Yes, sales-gated Zero-data-retention requires Limited Access eligibility and manual approval.
Two-level rule: this is Azure's (the serving platform's) SOC 2 Type 2 attestation, not OpenAI's. Microsoft publicly documents the Azure SOC 2 Type 2 attestation; the report itself is gated behind Service Trust Portal sign-in (Microsoft account with services agreement). Service-level confirmation that Azure OpenAI / Microsoft Foundry is in audit scope is in the report's scope appendix and the "Microsoft Azure Compliance Offerings" STP document (also gated), so scope inclusion was not independently re-verified from a public page.
tier: self_serve · route: trust_center_nda · default: enabled ·
report_cadence: semi-annual (audit periods end 31-Mar and 30-Sep, rolling 12-month window) · report_location: Service Trust Portal SOC reports section
Azure's (platform) certification. The Azure ISO/IEC 27001:2022 certificate covers Azure, Dynamics 365, Power Platform, and select Microsoft 365 services; certificate and audit documents are distributed via the Service Trust Portal. Exact in-scope service list for Azure OpenAI / Microsoft Foundry lives in the certificate scope statement (STP). [human 2026-07-05] Dismissed: Azure OpenAI covered under broad Azure ISO 27001 cert; service-level scope lives in gated appendix.
tier: self_serve · route: public · default: enabled ·
standard_version: ISO/IEC 27001:2022 · certificate_location: Service Trust Portal ISO reports section
Microsoft holds ISO/IEC 42001:2023 certification with "Microsoft Foundry" (the service that hosts Azure OpenAI models, per Microsoft's 2025 Azure blog announcement covering "Azure AI Foundry Models") on the public in-scope list. This is Microsoft's AIMS certification as deployer/platform, not an OpenAI certification. Certificates/audit reports are on the Service Trust Portal.
tier: self_serve · route: public · default: enabled ·
certificate_location: Service Trust Portal ISO reports section · in_scope_service_name: Microsoft Foundry
Microsoft maintains both a public Trust Center (https://www.microsoft.com/trust-center) and the Service Trust Portal for audit artifacts (SOC, ISO, etc.). Portal browsing is public; report downloads require Microsoft-account sign-in and acceptance of terms. Azure OpenAI is covered as part of Azure/Microsoft Foundry rather than having a dedicated product trust center.
tier: self_serve · route: public · default: enabled ·
Microsoft's HIPAA BAA is included by default in customer agreements: the DPA states "execution of customer's volume licensing agreement includes execution of the HIPAA Business Associate Agreement", no separate signature required. BAA applies to in-scope Azure services; the service-level scope list (confirming Azure OpenAI / Microsoft Foundry) is in the gated STP "Microsoft Azure Compliance Offerings" appendix, so confirm scope inclusion before relying on it for PHI workloads.
tier: self_serve · route: public · default: enabled ·
mechanism: BAA incorporated by default via Microsoft Product Terms + DPA
The Microsoft Products and Services DPA is publicly downloadable (most recent version May 2026) and, per Microsoft's EU Model Clauses compliance page, Microsoft "makes the EU Model Clauses available to customers as described in the ... Data Protection Addendum (DPA)" with Azure in scope. The Azure OpenAI data-privacy page states the DPA governs data processing for Models sold by Azure. Microsoft also publishes an online-services subprocessor list, but that list was not re-verified in this pass (see review flag).
tier: self_serve · route: public · default: enabled ·
scc_mechanism: EU Standard Contractual Clauses made available via the DPA
Microsoft's public commitment (data-privacy page, verified 2026-07-05): prompts, completions, embeddings, and training data "are NOT available to OpenAI", "are NOT used by providers of Models sold by Azure to improve their models", and "are NOT used to train any generative AI foundation models without your permission or instruction". Models are stateless; fine-tuned models are exclusive to the customer. Original URL learn.microsoft.com/en-us/legal/cognitive-services/openai/data-privacy now canonicalizes to the Foundry responsible-ai path.
tier: self_serve · route: public · default: enabled ·
not_available_to_openai: True · not_used_to_train_foundation_models: True
Retention is documented: standard inference is stateless, but flagged prompts/completions may be stored in a per-geography abuse-monitoring data store for human review; stateful features (Responses/Assistants APIs, stored completions, files) persist data until customer deletion. The ZDR-equivalent is "modified abuse monitoring": customers meeting Limited Access eligibility criteria (in practice managed/enterprise customers) apply via a Microsoft form; once approved, prompt/completion storage and human review are turned off (automated in-flight review still runs, without storage). CAUTION: the widely cited 30-day abuse-monitoring retention figure no longer appears on the current data-privacy or abuse-monitoring pages as fetched 2026-07-05; only Microsoft Q&A answers state it, so no retention_days fact is recorded.
tier: enterprise_only · route: sales_contract · default: requires_approval ·
verification: ContentLogging=false visible in Azure portal / CLI once approved · zdr_equivalent: modified abuse monitoring (approved customers) - no storage, no human review · inference_storage: models are stateless; no prompt/completion storage in the model · abuse_monitoring_store: prompts/completions may be stored for human review, in-geography, logically separated per customer
Residency is deployment-type dependent, hence default:requires_config. Standard deployments keep prompts/responses in the customer-specified geography; "DataZone" EU deployments confine processing to EU member states; "Global" deployments may process anywhere the model is deployed (data at rest, including the abuse-monitoring store, stays in the designated geography). Azure regional services deployed in EU/EFTA regions are additionally in scope for Microsoft's EU Data Boundary commitments (learn.microsoft.com/en-us/privacy/eudb/eu-data-boundary-learn). For EEA deployments, abuse-monitoring human reviewers are located in the EEA.
tier: self_serve · route: public · default: requires_config · geography: EU available (EU Data Boundary; DataZone EU deployments)
datazone_eu: processing confined to EU member states · data_at_rest: stored in customer-designated geography for all deployment types · global_deployments: processing may occur in any geography where the model is deployed · standard_deployments: processed within customer-specified Azure geography
Layered reality: the GPAI Code of Practice is a provider (model developer) obligation, and the developer here is OpenAI, a full signatory on the EC's list (verified 2026-07-05). Microsoft, the serving platform, is ALSO a full signatory in its own right as a GPAI provider. Neither is a partial signatory (contrast xAI, Safety & Security chapter only). Cell graded on OpenAI per the two-level rule; Microsoft's status recorded as corroborating platform posture.
route: public · geography: EU
platform_signatory: Microsoft (full code) · developer_signatory: OpenAI (full code)
EU AI Act Art 53(1)(d) is a developer obligation, graded on OpenAI, not Microsoft. OpenAI's official EU AI Act help-center article states that "in accordance with its obligations under Article 53(1)(d) of the AI Act, OpenAI publishes summaries about the content used for training" (per the EC's July 2025 template). Confidence medium: help.openai.com and openai.com returned HTTP 403 to automated fetching on 2026-07-05, so the statement was corroborated via search-index snippets and an existing Wayback snapshot rather than a direct page read, and the actual summary document(s) and per-model (GPT) coverage were not inspected.
route: public · geography: EU
Spotted an error? Submit a correction with evidence, corrections with a primary source are folded in and credited in the changelog.