Azure OpenAI data use review for SaaS customer commitments
Azure OpenAI data-use answers should cite Microsoft's AI Foundry data privacy documentation and name the Azure scope. Microsoft states how prompts, completions, uploaded data, and provider access are handled for models sold by Azure in Microsoft Foundry. Teams should confirm model, region, deployment type, and logging before using that language with customers.
Vendor
Azure OpenAI / Microsoft AI
Issue
data use
Sources reviewed
4 official sources
Product and plan applicability
- Scope
- Models sold by Azure in Microsoft Foundry
- Applies to
- Azure-hosted models covered by Microsoft's data privacy documentation.
- Watch for
- Model, deployment type, tenant, region, abuse monitoring, and any configured logging or diagnostics.
- Scope
- Publisher or marketplace models
- Applies to
- Models with additional publisher terms or data paths.
- Watch for
- Check the publisher terms and Microsoft source before applying Azure OpenAI claims.
- Scope
- Direct OpenAI API
- Applies to
- Non-Azure calls to OpenAI.
- Watch for
- Use OpenAI source evidence instead of Azure evidence.
| Scope | Applies to | Watch for |
|---|---|---|
| Models sold by Azure in Microsoft Foundry | Azure-hosted models covered by Microsoft's data privacy documentation. | Model, deployment type, tenant, region, abuse monitoring, and any configured logging or diagnostics. |
| Publisher or marketplace models | Models with additional publisher terms or data paths. | Check the publisher terms and Microsoft source before applying Azure OpenAI claims. |
| Direct OpenAI API | Non-Azure calls to OpenAI. | Use OpenAI source evidence instead of Azure evidence. |
What official sources say
Microsoft's Foundry source is the primary data-use evidence
The Microsoft Learn page describes data, privacy, and security for models sold by Azure in Microsoft Foundry, including how prompts and completions are handled in that service scope.
Cloud contract sources still matter
Azure Product Terms, the Microsoft DPA, and the Microsoft Privacy Statement provide the broader contract and privacy context for customer review packets.
Why a SaaS team should review it
- Azure-hosted AI commitments can be confused with direct OpenAI commitments even though the provider and contract path differ.
- Customers may ask whether OpenAI can see prompts or whether data trains models; the answer needs the Microsoft source and deployment scope.
- Diagnostics, logs, and downstream Azure services can add storage outside the model call.
Potential customer commitment drift
- A Trust Center says OpenAI processes customer prompts, but the product actually uses Azure OpenAI.
- A sales answer uses Microsoft model training language for a model that is not covered by the same Foundry source.
- The product team enables diagnostic logging and retention commitments are not updated.
Review checklist
- Confirm the Azure service, model name, deployment type, region, and subscription.
- Attach the Microsoft Foundry data privacy source to model training and provider access answers.
- Review logs, diagnostics, and downstream storage around the AI feature.
- Map Azure Product Terms and DPA evidence to the customer contract path.
- Keep direct OpenAI and Azure OpenAI commitments separate in the source record.
Source links
Sources were reviewed on 2026-05-21. This page supports a review packet or monitoring evidence packet; it is not legal advice.
Related pages
Scan Azure OpenAI / Microsoft AI against your own commitments.
Use this page as a starting point, then compare the vendor source to the exact promise in your Trust Center, DPA, security questionnaire, or sales answer. The $199 packet turns that review into cited evidence your team can route internally.