Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Microsoft Defender for Cloud's threat protection for AI services lets you enhance the actionability and security value of generated AI alerts by providing both end-user and application context.
Most AI service scenarios are built as part of an application, so API calls to the AI service originate from a web application, compute instance, or AI gateway. This setup introduces complexity because investigators lack context when they review AI requests to determine the business application or end-user involved.
Together, Microsoft Defender for Cloud and Azure AI let you add parameters to Azure AI API calls so Defender for Cloud can capture critical end-user or application context in AI alerts. This leads to more effective triage and results. For example, when you add end-user IP or identity, you can block that user or correlate incidents and alerts by that user. When you add application context, you can prioritize or determine whether suspicious behavior is standard for that application in the organization.
Prerequisites
Read up on AI threat protection.
Enable threat protection for AI services on an AI application, with Azure OpenAI underlying model, directly through the Azure OpenAI Service. Note, this feature is currently not supported when applying models consumed through the Azure AI model inference API.
Add security parameters to your Azure OpenAI call
To receive AI security alerts with more context, you can add any or all of the following sample UserSecurityContext parameters to your Azure OpenAI API calls.
All of the fields in the UserSecurityContext are optional.
For end-user context, we recommend passing the EndUserId and SourceIP fields at a minimum. The EndUserId and SourceIP fields provide Security Operations Center (SOC) analysts the ability to investigate security incidents that involve AI resources and generative AI applications.
For application context, pass the applicationName field, as a simple string.
If a field’s name is misspelled, the Azure OpenAI API call will still result in success.
Note
The EndUserId is the Microsoft Entra ID (formerly Azure Active Directory) user object ID used to authenticate end-users within the generative AI application. Sensitive personal information should not be included in this field.
UserSecurityContext schema
The exact schema can be found in Azure OpenAI REST API reference documentation.
The user security context object is part of the request body of the chat completion API.
This feature is currently not supported when applying models deployed through the Azure AI model inference API.
Availability
| Source | Version support | Code Example | Comments |
|---|---|---|---|
| Azure OpenAI REST API | 2025-01-01 version | - | - |
| Azure .NET SDK | v2.2.0-beta.1 (2025-02-07) or higher | GitHub code example | - |
| Azure Python SDK | v1.61.1 or higher | GitHub code example | The support is provided by appending to the extra_body object. |
| Azure JS/Node SDK | v4.83.0 or higher | GitHub code example | The support is provided by appending to the extra_body object. |
| Azure Go SDK | v0.7.2 or higher | - | - |