Azure OpenAI DPA review for SaaS customer commitments
For Azure OpenAI, DPA review should follow the Microsoft cloud contract path, not the direct OpenAI DPA. The practical task is to connect the AI data path to Microsoft Product Terms, the Microsoft Products and Services DPA, and the exact customer agreement your company relies on.
Vendor
Azure OpenAI / Microsoft AI
Issue
dpa
Sources reviewed
3 official sources
Product and plan applicability
- Scope
- Azure customer agreement
- Applies to
- SaaS teams using Azure under Microsoft Customer Agreement, enterprise agreement, or reseller path.
- Watch for
- Which agreement controls, whether the Microsoft DPA is incorporated, and how subprocessor updates are handled.
- Scope
- Azure AI Foundry service use
- Applies to
- AI workloads hosted in Azure.
- Watch for
- Whether service-specific Product Terms or model terms add conditions to the DPA review.
- Scope
- Customer-facing DPA exhibit
- Applies to
- Your company's own customer DPA, Trust Center, and subprocessor list.
- Watch for
- Name Microsoft Azure correctly and avoid listing direct OpenAI unless that is also a real data path.
| Scope | Applies to | Watch for |
|---|---|---|
| Azure customer agreement | SaaS teams using Azure under Microsoft Customer Agreement, enterprise agreement, or reseller path. | Which agreement controls, whether the Microsoft DPA is incorporated, and how subprocessor updates are handled. |
| Azure AI Foundry service use | AI workloads hosted in Azure. | Whether service-specific Product Terms or model terms add conditions to the DPA review. |
| Customer-facing DPA exhibit | Your company's own customer DPA, Trust Center, and subprocessor list. | Name Microsoft Azure correctly and avoid listing direct OpenAI unless that is also a real data path. |
What official sources say
Microsoft DPA is the contract source to review
Microsoft publishes the Products and Services Data Protection Addendum through its licensing site. That source should be checked before updating customer DPA exhibits for Azure-hosted AI processing.
Azure Product Terms connect the service path
The Azure Product Terms help determine service-specific terms for Microsoft Azure. Use them alongside the DPA and Foundry data privacy page.
Why a SaaS team should review it
- Customers often ask whether OpenAI is a subprocessor, but Azure-hosted model calls may run under Microsoft's contract path.
- A DPA exhibit that names the wrong provider can create avoidable customer follow-up.
- Product Terms and model-specific limits may change faster than customer contract templates.
Potential customer commitment drift
- Your customer DPA lists OpenAI for a feature that now runs only through Azure OpenAI.
- A vendor review packet links to the OpenAI DPA but the service uses Microsoft's DPA path.
- A new Azure AI feature adds a data path that was not reflected in your subprocessor exhibit.
Review checklist
- Confirm the governing Azure agreement and whether the Microsoft DPA is incorporated.
- Attach Microsoft DPA, Azure Product Terms, and Foundry data privacy source links.
- Check whether the customer-facing subprocessor list should name Microsoft, OpenAI, or both based on real data paths.
- Record the review date, reviewer, service name, and model deployment.
- Escalate negotiated customer contract changes to legal review.
Source links
Sources were reviewed on 2026-05-21. This page supports a review packet or monitoring evidence packet; it is not legal advice.
Related pages
Scan Azure OpenAI / Microsoft AI against your own commitments.
Use this page as a starting point, then compare the vendor source to the exact promise in your Trust Center, DPA, security questionnaire, or sales answer. The $199 packet turns that review into cited evidence your team can route internally.