Your team has been using Azure OpenAI for three months. Everything works. Then someone runs a security review and asks a simple question: where does the prompt data go? You pull up the docs and find out that every Copilot prompt—containing your internal service names, API patterns, and architectural …

Your Azure bill arrives and one line item is $47,000. Nobody on your team knows which subscription it came from. You trace it back to a developer who spun up a GPU cluster three weeks ago “just to test something.” There was no policy to stop them. There was no budget alert configured. …

You open your CI/CD pipeline logs, and there it is: a curl call to your-resource.openai.azure.com — a public FQDN, resolving to a Microsoft-owned IP, carrying your internal service names and proprietary logic over the public internet. TLS encrypts the session body, but the endpoint itself is still …

Six months after the initial landing zone deployment, a new VP reorganizes the business units. Your management group tree — which you built to mirror the org chart — is now wrong. Every policy assignment, every RBAC scope, every cost report that referenced “BU-Finance” and …

Your GDPR review is two weeks out. Someone asks whether Azure OpenAI retains prompts. You check the docs. There it is, in plain language: prompts and completions are stored for up to 30 days in Microsoft-operated infrastructure — outside your Azure tenant, not queryable, not deletable. Every …

Your new workload team files their first support ticket three weeks after go-live. A developer can’t reach the database. You pull the logs. The VM is making an outbound call to a public IP on port 1433—in plain text, no firewall inspection, straight out to the internet. You ask who approved …

The security team’s Slack message arrives on a Tuesday afternoon: “We’re seeing resource deletions in prod. Investigating.” Your heart rate goes up. You pull the Azure Activity Log. The deletions are attributed to a service principal—one your team created eight months ago for …

You followed the quickstart. You grabbed the key from the portal, pasted it into a .env file, and your app worked. Now that key lives on your laptop, in your CI/CD secrets, probably in a Slack message from six months ago, and quite possibly in a git log you haven’t checked. It does not expire. …

The compliance report arrives on a Friday afternoon. You scan through it and stop on a finding: a Storage Account with public network access enabled, sitting in your production subscription, deployed three weeks ago. Someone bypassed the documented standard, the ARM deployment succeeded, and nobody …