2_ZeroTrustOverview.md

Zero Trust RAG Architecture - Overview

Costa Rica

Cloud2BR OSS - Learning Hub

Last updated: 2026-04-06

---

For Azure AI Search and OpenAI in a Retrieval-Augmented Generation (RAG) setup, find below an example of how these components are interconnected within a secure Azure environment.

References (Click to expand)

• RAG Microsoft Enterprise RAG Solution Accelerator (GPT-RAG) - github repo
• Overview – Apply Zero Trust principles to Azure IaaS
• Zero Trust defined
• Zero Trust Essentials eBook

Overview

Zero Trust AI architecture in Microsoft Azure is a security framework designed to protect data, applications, and infrastructure by assuming that threats can come from both inside and outside the network. This model operates on the principle of "never trust, always verify", meaning every access request is thoroughly authenticated and authorized based on all available data points, regardless of its origin. The architecture integrates multiple layers of security, including strong identity verification, device compliance checks, and least privilege access, ensuring that only authorized users and devices can access sensitive resources. By continuously monitoring and validating each request, Zero Trust AI architecture helps organizations minimize risks and enhance their overall security posture. As Microsoft defined Zero Trust:

From Microsoft Security

Components

1. Azure Services Subscription: The overarching subscription under which all services are organized.
2. Resource Group (RG) for RAG: A logical container that holds related resources, ensuring they are managed and secured together.
3. Storage Account: Used to store data securely.
4. AI + Machine Learning Services: This includes:
   • Azure AI Search: For indexing and searching documents.
   • Azure OpenAI: For generating responses based on retrieved documents.
   • Azure Key Vault: For securely storing secrets like API keys and connection strings.
5. Virtual Network (VNet): Provides network isolation and security. It contains subnets such as:
   • AI-services-subnet: Hosts AI-related services.
   • app-service-subnet: Hosts application services.
6. VM for Data Science: A virtual machine used for data science tasks within the AI-services-subnet.
7. App Service Plan and Web App: Part of the app-service-subnet, used to host web applications.

Workflow in Zero Trust Architecture

Network Interface & Network Security Groups:

Zero trust: Initial Phase

Microsoft Enterprise RAG Solution Accelerator:

1. User Interaction: The user initiates a request from their device.
2. Azure Front Door and WAF: The request is routed through Azure Front Door and Web Application Firewall (WAF) for initial security checks.
3. App Service (Frontend): The request reaches the frontend application hosted on Azure App Service via a private endpoint.
4. Orchestrator (Azure Function): The frontend communicates with an orchestrator function within the VNet, which manages the flow of data.
5. Database Access: The orchestrator accesses Azure Cosmos DB to retrieve conversation history.
6. Vector Embedding: The orchestrator requests Azure OpenAI to generate vector embeddings from the user’s query.
7. Key Vault Access: The orchestrator retrieves the AI Search API key from Azure Key Vault.
8. Document Retrieval: The orchestrator queries Azure AI Search to retrieve relevant documents.
9. Response Generation: The orchestrator uses Azure OpenAI to generate a response based on the retrieved documents.
10. Response Delivery: The response is sent back to the user through the same secure path.

From Zero Trust Architecture Deployment

Refresh Date: 2026-04-06