MS Ai Insider

Microsoft Entra Enhances Azure AI Search with Native Document-Level Security and Automated Access Control

Posted by

ailona

Microsoft Entra-based document-level security is now integrated into Azure AI Search, offering native ACL and RBAC enforcement from ingestion to query. This new feature streamlines secure access control, automates permission management, and enhances compliance for AI-powered enterprise search. Unique :

Microsoft Entra Access Control Now Powers Azure AI Search

Microsoft just rolled out a game-changing update for Azure AI Search. It now natively supports Microsoft Entra-based document-level security. This means tighter, enterprise-grade access control is built right into your AI search workflows. No more messy hand-coded security trimming or complex role management.

What’s New?

Starting with REST API version 2025-05-01-preview, Azure AI Search integrates POSIX-style Access Control Lists (ACLs) and Azure Role-Based Access Control (RBAC). These are enforced from data ingestion all the way through query time. The update also enhances the Azure Data Lake Storage Gen2 (ADLS Gen2) built-in indexer to automatically capture these permissions.

“Azure AI Search’s support for Microsoft Entra-based ACLs and RBAC roles eliminates the need for developers to manually handle security trimming.”

This means developers can push permission metadata alongside text and vector data directly into the index. At query time, Azure AI Search validates the user’s Microsoft Entra token and automatically trims results to only authorized documents.

Major Updates You Should Know

Native ACL and RBAC Enforcement

Permissions from Microsoft Entra-based systems can now be pushed via SDKs or REST API. This metadata lives inside the search index, ensuring secure access without extra coding.

Enhanced ADLS Gen2 Indexer

The indexer now captures ACLs and RBAC container roles automatically during data crawling. Minimal configuration is required, making low-code or no-code ingestion workflows easier.

3. Query-Time Validation and Trimming

Azure AI Search validates access tokens and applies permissions to filter results. This removes the need for developers to write custom filters or manage nested groups.

Why This Matters for AI and Security

Generative AI apps are only as safe as their data controls. One accidental leak of confidential info can break user trust or trigger compliance issues. By enforcing ACL and RBAC inside Azure AI Search, every query respects user permissions before hitting the AI model.

“Every query is trimmed to the user’s ACLs and RBAC roles before it reaches the Large Language Model.”

This approach protects sensitive data, supports audit-ready compliance, and prevents AI agents from oversharing restricted content.

Developer Benefits: Less Code, More Velocity

Previously, developers had to build parallel security systems to handle nested groups and role changes. Now, Azure AI Search manages this on the service side. Ingestion stays familiar, but query security logic disappears. Just add the user’s Entra token, and results are pre-filtered automatically.

Updating permissions is simple too. For ADLS Gen2, just bump timestamps or call a reset API—no code edits needed. This frees up time to focus on improving AI ranking, chunking, or user experience.

Getting Started

Choose your ingestion path:

  • ADLS Gen2 Built-in Indexer: Flip a setting to capture ACL/RBAC roles automatically. Documentation: Learn More
  • Push via API/SDK: Build your own pipeline and include permission metadata fields. Documentation: Learn More

Attach a Microsoft Entra token at query time to ensure secure, trimmed results. Documentation: Learn More

Final Thoughts

This update is a huge win for anyone building AI-powered search or agent apps on Azure. It slashes the complexity of enforcing document-level security while boosting compliance and user trust. By embedding Microsoft Entra ACL and RBAC enforcement into the core of Azure AI Search, Microsoft is making enterprise-grade security effortless and scalable.

Ready to secure your AI search? Dive into the preview and start building with confidence today.

  • Azure AI Search supports POSIX-style ACLs and Azure RBAC roles natively, storing permissions alongside indexed data.
  • The upgraded ADLS Gen2 indexer automatically captures and updates permission metadata during content ingestion.
  • Query-time validation uses Microsoft Entra tokens to filter search results, eliminating custom security code.
  • Developers can choose between built-in indexers or custom ingestion pipelines to push permissions into the search index.
  • Enhanced security trimming protects sensitive data in AI apps, ensuring compliance and maintaining user trust effortlessly.

    • From the New blog articles in Microsoft Community Hub


    Related Posts
    Unlock New Possibilities with Windows Server Devices in Intune!

      Windows Server Devices Now Recognized as a New OS in Intune Microsoft has announced that Windows Server devices are Read more

    Unlock the Power of the Platform: Your Guide to Power Platform at Microsoft Ignite 2022

    Microsoft Power Platform is leading the way in AI-generated low-code app development. With the help of AI, users can quickly Read more

    Unlock the Power of Microsoft Intune with the 2210 October Edition!

    Microsoft Intune is an enterprise mobility management platform that helps organizations manage mobile devices, applications, and data. The October edition Read more

    Unlock the Power of Intune 2.211: What’s New for November!

    Microsoft Intune has released its November edition, featuring new updates to help IT admins better manage their organization’s mobile devices. Read more

    , , , , , , , , , , , , , , , , ,

    ailona

    Follow Us

    [adinserter name=”Block 4″]

    Recent Posts

    Categories

    Tags

    365 and articles Azure blog build community copilot developer enhanced exploring features for how hub: insider latest microsoft microsoft’s new power preview Security stories: Teams the unlock Windows with your