Configure network access and firewall rules for Azure AI Search

This article explains how to restrict network access to a search service's public endpoint. You can configure IP firewall rules to allow only specific IP addresses, ranges, or subnets, and optionally enable exceptions for trusted Azure services.

To block all data plane access to the public endpoint, use private endpoints instead.

Prerequisites

• • Azure AI Search service (Basic tier or higher). Firewall configuration isn't supported on the Free tier.

• Owner or Contributor role on the search service resource.

• You can also use the Management REST API, Azure PowerShell, or the Azure CLI instead of the Azure portal.

Configure network access in the Azure portal

1. Sign in to Azure portal and find your search service.

2. Under Settings, select Networking on the leftmost pane. If you don't see this option, check your service tier. Networking options are available on the Basic tier and higher.

3. Choose Selected IP addresses. Avoid the Disabled option unless you're configuring a private endpoint.

   

4. Under IP Firewall, select Add your client IP address. This step creates an inbound rule for the public IP address of your personal device to Azure AI Search. See Allow access from the Azure portal IP address for details.

   

5. Add other client IP addresses for other devices and services that send requests to a search service.

   Specify IP addresses and ranges in the CIDR format. An example of CIDR notation is 8.8.8.0/24, which represents the IPs that range from 8.8.8.0 to 8.8.8.255.

   To get the public IP addresses of Azure services, see Azure IP Ranges and Service Tags. If your search client is hosted within an Azure function, see IP addresses in Azure Functions.

6. Under Exceptions, select Allow Azure services on the trusted services list to access this search service.

   

   The trusted service list includes:

   • Microsoft.CognitiveServices for Azure OpenAI and Azure AI services
   • Microsoft.MachineLearningServices for Azure Machine Learning

   When you enable this exception, you take a dependency on Microsoft Entra ID authentication, managed identities, and role assignments. Any Azure AI service or AML feature that has a valid role assignment on your search service can bypass the firewall. See Grant access to trusted services for more details.

7. Save your changes.

After you enable the IP access control policy for your Azure AI Search service, all requests to the data plane from machines outside the allowed list of IP address ranges are rejected.

When requests originate from IP addresses that aren't in the allowed list, a generic 403 Forbidden response is returned with no other details.

Allow access from the Azure portal IP address

The Azure portal uses your client IP address for a direct connection to Azure AI Search. If your client is in the allowed IP list, you can use almost all portal capabilities with no extra configuration required. However, there's an exception for the legacy Import data wizard when you import from either Azure Cosmos DB or Azure SQL.

This scenario requires a separate IP address for the connection:

• Identify the IP address used by the legacy wizard for this connection.

• Add a firewall rule on Azure Cosmos DB or Azure SQL to accept connections from the IP address.

To get the Azure portal's IP address, perform nslookup (or ping) on:

In the following example, the IP address that you should copy is 52.252.175.48.

$ nslookup stamp2.ext.search.azure.cn
Server:  ZenWiFi_ET8-0410
Address:  192.168.50.1

Non-authoritative answer:
Name:    azsyrie.chinaeast.cloudapp.chinacloudapi.cn
Address:  52.252.175.48
Aliases:  stamp2.ext.search.azure.cn
          azs-ux-prod.trafficmanager.cn
          azspncuux.management.search.azure.cn

The IP address in the Address field (52.252.175.48 in this example) is the value to add to your firewall rules for legacy wizard connections.

Reference: nslookup command

Grant access to trusted Azure services

Did you select the trusted services exception? If yes, your search service admits requests and responses from a trusted Azure resource without checking for an IP address. A trusted resource must have a managed identity (either system or user-assigned, but usually system). A trusted resource must have a role assignment on Azure AI Search that gives it permission to data and operations.

The trusted service list for Azure AI Search includes:

• Microsoft.CognitiveServices for Azure OpenAI and Azure AI services
• Microsoft.MachineLearningServices for Azure Machine Learning

Workflows for this network exception are requests originating from Azure AI Foundry or other AML features to Azure AI Search. The trusted services exception is typically for Azure OpenAI On Your Data scenarios for retrieval augmented generation (RAG) and playground environments.

Trusted resources must have a managed identity

To set up managed identities for Azure OpenAI and Azure Machine Learning:

• How to configure Azure OpenAI in Azure AI Foundry Models with managed identities
• How to set up authentication between Azure Machine Learning and other services.

To set up a managed identity for an Azure AI service:

1. Find your multi-service account.

2. From the left pane, select Resource management > Identity.

3. Set System assigned to On.

Trusted resources must have a role assignment

Once your Azure resource has a managed identity, assign roles on Azure AI Search to grant permissions to data and operations.

The trusted services are used for vectorization workloads: generating vectors from text and image content, and sending payloads back to the search service for query execution or indexing. Connections from a trusted service are used to deliver payloads to Azure AI search.

1. Find your search service.

2. On the leftmost pane, under Access control (IAM), select Identity.

3. Select Add and then select Add role assignment.

4. On the Roles page:

   • Select Search Index Data Contributor to load a search index with vectors generated by an embedding model. Choose this role if you intend to use integrated vectorization during indexing.
   • Or, select Search Index Data Reader to provide queries containing a vector generated by an embedding model at query time. The embedding used in a query isn't written to an index, so no write permissions are required.

5. Select Next.

6. On the Members page, select Managed identity and Select members.

7. Filter by system-managed identity and then select the managed identity of your Azure AI services multi-service account.

Limitations and considerations

Consider the following when configuring network access:

• Some workflows require access to a public endpoint. Specifically, the Import data wizard in the Azure portal connects to built-in (hosted) sample data and embedding models over a public endpoint. For more information, see Secure connections in the import wizards.

• If you're in early stages of proof-of-concept testing with sample data, you might want to defer network access controls until you actually need them.

• Network rules are scoped to data plane operations against the search service's public endpoint (creating or querying indexes, and all other actions described by the Search REST APIs).

• For control plane operations that target service administration, refer to the network protections supported by Azure Resource Manager.

Next steps

Once a request is allowed through the firewall, it must be authenticated and authorized. You have two options:

• Key-based authentication, where an admin or query API key is provided on the request. This option is the default.

• Role-based access control using Microsoft Entra ID, where the caller is a member of a security role on a search service. This is the most secure option. It uses Microsoft Entra ID for authentication and role assignments on Azure AI Search for permissions to data and operations.