Securing AI in Azure: Identity, Access and Endpoint Pitfalls To Avoid -- Redmondmag.com

Securing AI in Azure: Identity, Access and Endpoint Pitfalls To Avoid

Microsoft MVP Markus Lintuala outlines the key security risks in AI service deployments and offers best practices ahead of his Live! 360 session on building secure Azure AI solutions.

By Chris Paoli
08/05/2025

INSIDE THE SESSION

What: What Security Engineers and Developers Must Know About Azure AI Solutions

When: Nov. 19, 8:00-9:15 .m.

Who: Markus Lintuala, Microsoft Security MVP

Why: "Security teams must ensure that AI service access is tightly scoped and contextualized."

Save $500 when you register for Live! 360 by Friday, Aug. 15!

As more organizations build applications with Azure AI services, security teams and developers are encountering new challenges tied to identity, data access and endpoint exposure. Traditional security patterns don't always map cleanly to AI-driven architectures, especially when services like Azure OpenAI or Cognitive Services are integrated without proper controls.

Ahead of his Live! 360 session, "What Security Engineers and Developers Must Know About Azure AI Solutions", speaker Markus Lintuala sat down with Redmond to highlight the most pressing security issues that arise when AI meets cloud infrastructure. Lintuala, a Microsoft Security MVP, brings deep experience helping development teams deploy secure, scalable AI workloads across Microsoft's cloud ecosystem.

In this Q&A, Lintuala explains where dev teams go wrong when securing AI endpoints, how Zero Trust principles can be applied to AI workflows and why identity mismanagement remains a leading cause of risk. He also shares best practices and tooling recommendations to help shift security left in AI development pipelines.

For those attending Live! 360 in Orlando (taking place Nov. 16-21), Lintuala's session will provide actionable guidance on building and maintaining secure Azure AI solutions from the ground up. Register by Aug. 15 to save $500 and we'll see you in Orlando!

Redmondmag: What are the top AI security risks unique to Azure that traditional dev teams might overlook?
Lintuala: Many teams underestimate the risks tied to how AI services are accessed and how data is exposed behind those services. In Azure, improper access control to services like Cognitive Services or Azure OpenAI can lead to unintended data exposure. Risks often emerge when services are published without proper identity-based access, network restrictions or logging. Traditional teams might overlook the need for fine-grained identity integration (like Entra ID) and assume default publishing methods are secure enough.

How do security teams adapt their policies and controls for Cognitive Services or Azure OpenAI?
Security teams must ensure that AI service access is tightly scoped and contextualized. For example, if a user's identity is part of the AI workflow, it's critical to propagate that identity through the AI process to enforce data-level security throughout the application. Policies should be applied to restrict misuse, prevent oversharing and ensure services are published through secure front-end layers like API Management, Azure Front Door or Application Gateway with a proper Web Application Firewall (WAF) configuration.

What best practices should developers follow to avoid insecure AI integration?
Developers should favor managed identities or Entra Agent IDs instead of embedding secrets or using shared credentials in code. It's important to avoid reusing service principals across different applications, even if they operate on the same data, to maintain strict access boundaries. Permissions should be assigned to security groups, not directly to service principals to streamline management and reduce the risk of misconfiguration. AI services should be published only through secured and monitored endpoints rather than exposing raw endpoints directly to the Internet. Additionally, developers should disable local authentication on services and enforce Entra-based authentication along with private endpoint or virtual network integration wherever it aligns with the architecture.

Are there specific identity, data or access policies Microsoft recommends for AI workloads?
Microsoft advocates for applying Zero Trust principles to AI workloads. This includes using least privilege access with role-based access controls and separating responsibilities using managed identities or dedicated Entra Agent IDs. All application interfaces should be published through designated front-door services like API Management and/or Front Door to prevent alternative or "side door" access routes. Furthermore, it's essential to continuously monitor, log and evaluate how AI services interact with data and users to ensure that access policies remain effective and responsive to potential threats.

What misconfigurations are most commonly exploited in AI environments?
Some of the most common misconfigurations stem from over-permissioned identities, whether service principals or managed identities, which can inadvertently grant excessive access to data or resources. Another frequent issue is exposing AI endpoints directly to the Internet without network controls, making them vulnerable to abuse. Manual deployment practices can also lead to security gaps, as they bypass automated validation pipelines that catch misconfigurations before code reaches production.

What are the most impactful tools available today for secure Azure AI development?
From a developer's perspective, some of the most impactful tools are those that integrate security directly into the development workflow. These include shift-left tools like static code analysis in the IDE and automated vulnerability scanning during CI/CD processes. GitHub Advanced Security, for example, provides real-time scanning for secrets, vulnerabilities and dependency issues. For runtime protection, services like Azure Defender for App Services and Microsoft Defender for Cloud help enforce policies and detect threats. Entra Conditional Access must be configured as well with Entra ID team to support application access requirements. Ultimately, the most effective approach combines these tools with strong collaboration. Embedding an Azure infrastructure or security expert within the dev team ensures secure deployment configurations and supports developers in delivering secure, scalable AI services from day one. Developers can focus on their duties same time Azure infrastructure specialist can work with the infrastructure side that they know best.

About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.

Featured

Data Hoarding: The Backup Problem that Nobody Wants to Admit To

Letting data pile up may feel safer than deleting it, but unchecked accumulation can make backups slower, costlier and harder to recover when something goes wrong.
Microsoft 365 Android Coding Error Put Account Tokens at Risk

A coding error in several Microsoft 365 Android apps could have allowed a malicious app on the same device to silently obtain account tokens and act as the signed-in user, according to new research from Enclave.
White House AI Order Focuses on Security Without New Regulatory Clampdown

President Donald Trump signed a new executive order Tuesday that aims to keep the United States ahead in AI while giving the federal government a limited role in reviewing the security risks tied to the most advanced models.
Bringing an Evaluation Server into Production

Brien Posey explains how to convert an expired Windows Server evaluation VM into a production server using DISM and proper license activation steps.
Microsoft Ties Majorana 2 Quantum Chip to Its Build AI Push

Microsoft used Build to show off Majorana 2, its latest quantum computing chip and the next step in a long-running effort to build a commercially useful quantum computer by 2029.