Skip to main content

Securing AI Apps on Azure

Join Microsoft Reactor and engage with developers, entrepreneurs, and startups live

Ready to get started with AI and the latest technologies? Microsoft Reactor provides events, training, and community resources to help developers, entrepreneurs and startups build on AI technology and more. Join us!

Securing AI Apps on Azure

Join Microsoft Reactor and engage with developers, entrepreneurs, and startups live

Ready to get started with AI and the latest technologies? Microsoft Reactor provides events, training, and community resources to help developers, entrepreneurs and startups build on AI technology and more. Join us!

Go back

Securing AI Apps on Azure

  • Format:
  • alt##LivestreamLivestream

Topic: Security, AI Security and Data Governance

Language: English

  • Events in this Series:
  • 6

Learn how to secure your AI apps on Azure in this multi-part series! We'll start off by setting up keyless authentication for Azure AI services. Then we'll show you how to set up user authentication using Microsoft Entra for both server-side apps and SPA apps, and explain how to enforce data access control based on the current user for RAG scenarios. Finally, we'll demonstrate how you can deploy an AI app inside a virtual network for private endpoints for Azure OpenAI and Azure AI Search. Join our series to take your AI app security to the next level!

Speakers

Past Events in this Series

All times in - Coordinated Universal Time

Jul

02

Tuesday

2024

Using Keyless Auth with Azure AI Services

5:00 PM - 6:00 PM (UTC)

Ready to go keyless and never worry about compromised keys again? All the Azure AI services support keyless authentication using role-based access control, making it possible for you to authenticate to the services with either your logged in local user identity or your deployed app's managed identity. We'll show you how to use keyless authentication with Azure OpenAI, demonstrating how to set up the access controls in the Portal, with the Azure CLI, or with infrastructure-as-code (Bicep). Then we'll connect to that Azure OpenAI service in our application code, using both the OpenAI SDK and the popular Langchain SDK. Our examples will be in Python, but you can use keyless auth with most modern OpenAI packages. Join us to go keyless today! Part of our Reactor series on Securing AI Apps on Azure!

  • Format:
  • alt##LivestreamLivestream

Topic: Security

Language: English

View on Demand

Jul

08

Monday

2024

Add User Login to AI Apps using Built-in Auth

5:00 PM - 6:00 PM (UTC)

Building an AI app on Azure and want to know the easiest way to let users sign-in? We'll show you how to setup built-in authentication on Azure App Service and Azure Container Apps. With built-in auth, employees can sign-in to either a workforce tenant or, thanks to Entra External ID, consumers can sign-in with a one-time passcode, username/password, or Google/Facebook login. Then your Azure app can display user details like their name, with minimal code changes. We'll demonstrate how to setup built-in auth to your apps using either the Graph SDK and the newly released Graph Bicep provider, and provide links to samples with full code provided. Part of our Reactor series on Securing AI Apps on Azure!

  • Format:
  • alt##LivestreamLivestream

Topic: Security

Language: English

View on Demand

Jul

09

Tuesday

2024

Add User Login to AI Apps using MSAL SDK

7:00 PM - 8:00 PM (UTC)

Need a user sign-in feature for your AI app? We'll show you how to setup an OAuth2 OIDC flow in Python using the the MSAL SDK with the open source identity package. You can use this approach to either enable employees to sign-in to a workforce tenant or, thanks to Entra External ID, let customers sign-in with a one-time passcode, username/password, or Google/Facebook login. Then your app can use user details from the Graph SDK, like their name and email. We'll also demonstrate how to automate the creation of Microsoft Entra applications using the Graph SDK. Part of our Reactor series on Securing AI Apps on Azure!

  • Format:
  • alt##LivestreamLivestream

Topic: Security

Language: English

View on Demand

Jul

10

Wednesday

2024

Handling User Auth for a SPA App on Azure

7:00 PM - 8:00 PM (UTC)

Many modern web applications use a SPA architecture: a single-page web app for the frontend and an API for the backend. In this talk, we'll discover how you can add user authentication to a SPA app using Microsoft Entra, using the MSAL.JS SDK on the frontend and the MSAL Python SDK on the backend. Learn how to set up Entra applications correctly, one for the client and one for the server, and how to use the on-behalf-of-flow on the server for handling tokens sent from the client. Our example application will be an AI RAG application with a React frontend and Python backend, but you can apply the same principles to any SPA applications that need user authentication. Part of our Reactor series on Securing AI Apps on Azure!

  • Format:
  • alt##LivestreamLivestream

Topic: Security

Language: English

View on Demand

Jul

17

Wednesday

2024

Data Access Control for AI RAG Apps on Azure

7:00 PM - 8:00 PM (UTC)

If you're trying to get an LLM to accurately answer questions about your own documents, you need RAG: Retrieval Augmented Generation. With a RAG approach, the app first searches a knowledge base for relevant matches to a user's query, then sends the results to the LLM along with the original question. What if you have documents that should only be accessed by a subset of your users, like a group or a single user? Then you need data access controls to ensure that document visibility is respected during the RAG flow. In this session, we'll show an approach using Azure AI Search with data access controls to only search the documents that can be seen by the logged in user. We'll also demonstrate a feature for user-uploaded documents that uses data access controls along with Azure Data Lake Storage Gen2. Part of our Reactor series on Securing AI Apps on Azure!

  • Format:
  • alt##LivestreamLivestream

Topic: AI Security and Data Governance

Language: English

View on Demand

Jul

25

Thursday

2024

Deploying an AI App to a Private Network on Azure

11:00 PM - 12:00 AM (UTC)

To ensure that your AI app can only be accessed within your enterprise network, you should deploy it to an Azure virtual network with private endpoints for each Azure service used. In this session, we'll show how to deploy an AI RAG application to a virtual network that includes App Service, AI Search, OpenAI, Document Intelligence, and Blob storage, and we'll do it entirely with infrastructure-as-code (Bicep) so that you can do the same deployment. Then we'll log in to the virtual network using Azure Bastion with a virtual machine to demonstrate that we can access the RAG app from inside the network, and only inside the network. Part of our Reactor series on Securing AI Apps on Azure!

  • Format:
  • alt##LivestreamLivestream

Topic: Security

Language: English

View on Demand

Past Events in this Series

All times in - Coordinated Universal Time

Jul

02

Tuesday

2024

Using Keyless Auth with Azure AI Services

5:00 PM - 6:00 PM (UTC)

Ready to go keyless and never worry about compromised keys again? All the Azure AI services support keyless authentication using role-based access control, making it possible for you to authenticate to the services with either your logged in local user identity or your deployed app's managed identity. We'll show you how to use keyless authentication with Azure OpenAI, demonstrating how to set up the access controls in the Portal, with the Azure CLI, or with infrastructure-as-code (Bicep). Then we'll connect to that Azure OpenAI service in our application code, using both the OpenAI SDK and the popular Langchain SDK. Our examples will be in Python, but you can use keyless auth with most modern OpenAI packages. Join us to go keyless today! Part of our Reactor series on Securing AI Apps on Azure!

  • Format:
  • alt##LivestreamLivestream

Topic: Security

Language: English

View on Demand

Jul

08

Monday

2024

Add User Login to AI Apps using Built-in Auth

5:00 PM - 6:00 PM (UTC)

Building an AI app on Azure and want to know the easiest way to let users sign-in? We'll show you how to setup built-in authentication on Azure App Service and Azure Container Apps. With built-in auth, employees can sign-in to either a workforce tenant or, thanks to Entra External ID, consumers can sign-in with a one-time passcode, username/password, or Google/Facebook login. Then your Azure app can display user details like their name, with minimal code changes. We'll demonstrate how to setup built-in auth to your apps using either the Graph SDK and the newly released Graph Bicep provider, and provide links to samples with full code provided. Part of our Reactor series on Securing AI Apps on Azure!

  • Format:
  • alt##LivestreamLivestream

Topic: Security

Language: English

View on Demand

Jul

09

Tuesday

2024

Add User Login to AI Apps using MSAL SDK

7:00 PM - 8:00 PM (UTC)

Need a user sign-in feature for your AI app? We'll show you how to setup an OAuth2 OIDC flow in Python using the the MSAL SDK with the open source identity package. You can use this approach to either enable employees to sign-in to a workforce tenant or, thanks to Entra External ID, let customers sign-in with a one-time passcode, username/password, or Google/Facebook login. Then your app can use user details from the Graph SDK, like their name and email. We'll also demonstrate how to automate the creation of Microsoft Entra applications using the Graph SDK. Part of our Reactor series on Securing AI Apps on Azure!

  • Format:
  • alt##LivestreamLivestream

Topic: Security

Language: English

View on Demand

Jul

10

Wednesday

2024

Handling User Auth for a SPA App on Azure

7:00 PM - 8:00 PM (UTC)

Many modern web applications use a SPA architecture: a single-page web app for the frontend and an API for the backend. In this talk, we'll discover how you can add user authentication to a SPA app using Microsoft Entra, using the MSAL.JS SDK on the frontend and the MSAL Python SDK on the backend. Learn how to set up Entra applications correctly, one for the client and one for the server, and how to use the on-behalf-of-flow on the server for handling tokens sent from the client. Our example application will be an AI RAG application with a React frontend and Python backend, but you can apply the same principles to any SPA applications that need user authentication. Part of our Reactor series on Securing AI Apps on Azure!

  • Format:
  • alt##LivestreamLivestream

Topic: Security

Language: English

View on Demand

Jul

17

Wednesday

2024

Data Access Control for AI RAG Apps on Azure

7:00 PM - 8:00 PM (UTC)

If you're trying to get an LLM to accurately answer questions about your own documents, you need RAG: Retrieval Augmented Generation. With a RAG approach, the app first searches a knowledge base for relevant matches to a user's query, then sends the results to the LLM along with the original question. What if you have documents that should only be accessed by a subset of your users, like a group or a single user? Then you need data access controls to ensure that document visibility is respected during the RAG flow. In this session, we'll show an approach using Azure AI Search with data access controls to only search the documents that can be seen by the logged in user. We'll also demonstrate a feature for user-uploaded documents that uses data access controls along with Azure Data Lake Storage Gen2. Part of our Reactor series on Securing AI Apps on Azure!

  • Format:
  • alt##LivestreamLivestream

Topic: AI Security and Data Governance

Language: English

View on Demand

Jul

25

Thursday

2024

Deploying an AI App to a Private Network on Azure

11:00 PM - 12:00 AM (UTC)

To ensure that your AI app can only be accessed within your enterprise network, you should deploy it to an Azure virtual network with private endpoints for each Azure service used. In this session, we'll show how to deploy an AI RAG application to a virtual network that includes App Service, AI Search, OpenAI, Document Intelligence, and Blob storage, and we'll do it entirely with infrastructure-as-code (Bicep) so that you can do the same deployment. Then we'll log in to the virtual network using Azure Bastion with a virtual machine to demonstrate that we can access the RAG app from inside the network, and only inside the network. Part of our Reactor series on Securing AI Apps on Azure!

  • Format:
  • alt##LivestreamLivestream

Topic: Security

Language: English

View on Demand

For questions please contact us at reactor@microsoft.com