Microsoft continues to develop and advance cloud services to meet all government needs while complying with US regulatory standards for classification and security. The latest in these tools, generative AI capabilities through the Microsoft Azure OpenAI Service, helps government agencies improve efficiency, improve productivity, and derive new insights from data.
Many government agencies require higher levels of security given the sensitivity of government data. Microsoft Azure Government provides the rigorous security and compliance standards required to meet government requirements for sensitive data.
Large language models that power generative AI tools now exist in commercial clouds. For government customers, Microsoft has developed a new architecture that enables government agencies to securely access large-scale language models in commercial environments from Azure Government. This helps users maintain the stringent security requirements required for government cloud operations.
Azure Government customers (U.S. federal, state, and local governments, or their partners) can use Microsoft You can now use the Azure OpenAI service. model.
Azure OpenAI service
The Azure OpenAI Service REST API provides access to OpenAI’s powerful language models such as GPT-4, GPT-3 and Embeddings. These models can be adapted for specific tasks such as, but not limited to, content generation, summarization, semantic search, and natural language-to-code conversion.
You can also access the service using the REST API, Python SDK, or Azure AI Studio’s web-based interface. Azure Government customers or partners can access and operate advanced AI models and algorithms at scale. Developers can use Azure OpenAI Service to access pre-trained GPT models to build and deploy AI-enabled applications faster with minimal effort.
Enhanced with Azure OpenAI Service
Azure OpenAI Services help government customers accelerate operations and unlock new insights to meet mission needs. This service enables major new features to help our customers.
- Accelerate content generation: Reduce the time and effort required for research and analysis by automatically generating responses based on mission or project inquiries, allowing teams to focus on higher-level decision-making and strategic tasks .
- Streamline content summarization: Generate log summaries and quickly analyze articles, analysts, and field reports.
- Optimize semantic search: Enable enhanced information discovery and knowledge mining.
- Simplify code generation: Build custom applications using natural language, query your own data models, and quickly generate code documentation.
One of the most effective ways to generate reliable answers is to prompt the model to elicit a response. ground data. If your use case relies on reliable and up-to-date information and is not a purely creative scenario, we strongly recommend providing underlying data based on trusted internal data sources. In general, the closer the source material is to the final form of the desired answer, the less work the model has to do and the less chance there is of error.
Connectivity from Azure Government to Azure Commercial Network
Azure Government peers directly to commercial Microsoft Azure networks, including routing and transport capabilities to the Internet and Microsoft corporate networks. Azure Government limits the exposed surface area by enforcing the additional protections and communication capabilities of the commercial Azure network. Additional information highlighting isolation for the Azure Government environment is available on the Azure Government Security website.
Microsoft encrypts all Azure traffic within or between regions using MACsec, which relies on the AES-128 block cipher for encryption. This traffic stays entirely within the Microsoft global network backbone and never enters the public Internet. This backbone is one of the largest in the world with over 250,000 km of fiber optic and submarine cable systems.
Access and reference architecture
Access to Azure OpenAI services is available through the Azure Government environment. Azure Government peers directly with commercial Azure networks and not directly with public internet or Microsoft corporate networks. As shown in the reference architecture in Figure 1, connectivity to Azure OpenAI is over the Microsoft backbone network, making advanced AI models and algorithms securely accessible and operational at scale.
Protecting data, privacy and security
Microsoft Azure Government provides the rigorous security and compliance standards necessary to meet government requirements for sensitive data. Through this architecture, government applications and data environments remain on Azure Government. Only queries sent to the Azure OpenAI service are transferred over an encrypted network to the Azure OpenAI model in the production environment and do not remain in the production environment. Government data is not used to learn about data or train OpenAI models.
Microsoft allows customers who meet additional Limited Access eligibility criteria and demonstrate specific use cases to request changes to Azure OpenAI content management capabilities. If Microsoft approves a customer’s request for data logging changes, Microsoft will not store prompts and inputs associated with approved Azure subscriptions that have data logging turned off in Azure Commercial.
As part of the reference architecture, we recommend that you complete the approval process for modifying content filters and data logs via this online form to ensure no log data exists in Azure commercials. An example of how to change data log settings is available on the Azure OpenAI Service data, privacy, and security website.
Microsoft Responsible AI Principles
We believe that if we develop technology that can change the world, we must ensure that it is used responsibly. That’s why we’re committed to creating responsible AI by design. Our commitment combines decades of research in AI, grounding, and privacy-preserving machine learning with our responsible AI standards and our commitment to fairness, trust and safety, privacy and security, inclusivity, and transparency. , guided by a core set of AI principles such as accountability. . We practice these principles across our company to develop and deploy AI that positively impacts society. We take a cross-enterprise approach through cutting-edge research, best-in-class engineering systems, and superior policy and governance. Additional information about Microsoft’s Responsible AI Principles can be found on the Microsoft website, “Approaches to Responsible AI.”
Frequently asked questions about the Azure OpenAI service
How does Microsoft recommend implementing this reference architecture?
- I have an Azure Government and Azure Commercial account and subscription.
- Recommended steps per environment:
| Azure commercial | Azure Government |
|---|---|
| Request access to Azure OpenAI. | Deploy your application with access to the Azure OpenAI API. |
| Request changes to content filters and data logs. | Complete the required approvals (IATT and ATO) for customer-specific workloads. |
| Prompts are for inference only. Do not use Controlled Unclassified Information (CUI) Data Tweaking. |
When will Azure Government customers have access to Azure OpenAI?
Access to Azure OpenAI services is available for approved enterprise customers and partners through the Microsoft Azure Government environment. As highlighted in the reference architecture above, customers can access Azure OpenAI service REST APIs on Azure Commercial from Azure Government.
How do Azure OpenAI Service features compare to OpenAI?
Azure OpenAI Service provides customers with advanced linguistic AI using OpenAI GPT-4, GPT-3 and Embeddings. Azure OpenAI APIs are compatible with OpenAI APIs and provide efficiencies for developers and users. Azure OpenAI Service allows customers to benefit from the security capabilities of Microsoft Azure Government leveraging OpenAI’s model.
How do I enable secure access to Azure OpenAI Service?
Access to Azure OpenAI services is enabled through Transport Layer Security (TLS). Azure Government peers directly with commercial Microsoft Azure networks, but not directly with the public internet or Microsoft corporate networks. Your data is never used to train OpenAI models (your data is your data).
Get started with Azure OpenAI services
Government enterprise workloads can be complex and mission-critical with requirements such as high throughput, low latency, compliance, availability and data sovereignty. Azure OpenAI services require registration and are available only to approved enterprise customers and partners.
Sign up here to learn how AI can accelerate your mission and get the latest on Microsoft’s AI for Government Advancement.
We have published the Azure OpenAI Access quickstart. It uses the Azure CLI to deploy an isolated Docker container to Azure Container Instances in Azure Government using code from the Azure OpenAI quickstart.
