Microsoft’s Azure OpenAI Service has recently been granted Federal Risk and Authorization Management Program (FedRAMP) high authorization. This authorization enables federal agencies with access to sensitive data to utilize powerful language models provided by Azure OpenAI, including ChatGPT. The approval allows government departments to integrate and adapt models like GPT-4, GPT-3.5, and DALL-E for various tasks, such as content generation, summarization, semantic search, and natural language-to-code translation.
FedRAMP is a security framework that grants cloud providers governmentwide authorization for their products. The high authorization permits the use of these products in cloud computing environments that house the government’s most sensitive, unclassified data. This includes data held by law enforcement agencies or financial regulators.
Microsoft’s Azure OpenAI Service was launched in early June specifically for government use through Azure Government, the company’s cloud service tailored for U.S. government agencies. Bill Chappell, CTO for Microsoft’s Strategic Missions and Technologies, expressed their commitment to maintaining strict security and compliance requirements while providing government agencies with the latest AI technologies. Chappell also highlighted the potential for Azure OpenAI to transform mission-critical operations and unlock new insights with Generative AI.
This recent FedRAMP authorization arrives amidst increased scrutiny on Microsoft’s security practices. The company faced criticism after hackers from China breached the email accounts of senior U.S. officials. The breach exploited a flaw in a Microsoft product and was discovered through an additional logging feature that incurs extra costs for customers. Members of the Biden administration, security researchers, and Congress have questioned Microsoft’s dedication to security and its upselling of essential security features.
In addition to the FedRAMP high authorization, Microsoft’s Azure OpenAI Service has also received the Defense Information Systems Agency’s (DISA) DoD IL2 Provisional Authorization. Notably, all traffic within the Azure OpenAI Service remains within Microsoft’s global network backbone and never enters the public internet. Microsoft boasts one of the world’s largest networks, consisting of over 250,000 km of lit fiber optic and undersea cable systems.
Microsoft ensures that the Azure OpenAI Service is independent of its corporate network and never uses government agency data to train the OpenAI model. Users can access the service through REST APIs, Python SDK, or Microsoft’s web-based interface in the Azure AI Studio. All models are available to Azure Government customers and partners.
To prioritize data privacy and security, Microsoft encrypts all Azure traffic within a region or between regions using MACsec, which relies on AES-128 block cipher encryption.
In conclusion, with the recent FedRAMP high authorization and DoD IL2 Provisional Authorization, Microsoft’s Azure OpenAI Service strengthens its position as a provider of powerful language models. The service offers government agencies the opportunity to leverage AI technologies while meeting strict security and compliance requirements, ultimately transforming their operations and gaining valuable insights with Generative AI.
