Documentation Index
Fetch the complete documentation index at: https://docs.unstructured.io/llms.txt
Use this file to discover all available pages before exploring further.
This page describes how to establish private connectivity between your dedicated instance and Azure-managed services. For self-hosted applications, see Connecting to customer-managed services on Azure.
Azure managed services
This section covers Azure-managed services that have service-specific private connectivity requirements.
The tables below use Order to indicate the general sequence of the information exchange — items with the same Order value can usually be provided at the same stage. Values like <UNSTRUCTURED_SP_ID> and <DI_AZURE_SUBSCRIPTION_ID> are placeholders; contact your Unstructured account team or open a ticket in the Unstructured Support Portal to get the actual values for your dedicated instance.
Each Azure service you connect to via Private Link must be in the same Azure region as your dedicated instance — cross-region Private Link is not supported. The example region codes in the tables below are illustrative; use the region your dedicated instance is deployed in. See Known limitations. Azure Blob Storage
This applies to Azure Blob Storage and Azure Data Lake Storage Gen2 (ADLS Gen2).
| Order | Information Required | Description | Example | Owner |
|---|
| 1 | Storage Account Name | Name of the Azure Storage Account | customerstorageacct | Customer |
| 1 | Storage Account Resource ID | Full Azure Resource ID of the storage account | /subscriptions/…/providers/Microsoft.Storage/storageAccounts/customerstorageacct | Customer |
| 1 | Container Name(s) | Containers Unstructured needs to access | documents, processed-data | Customer |
| 1 | Storage Account Region | Region where storage account is located | eastus | Customer |
| 1 | Sub-resource Type | blob, dfs (for ADLS Gen2), file, table, queue | blob, dfs | Customer |
| 2 | Unstructured Service Principal ID | Service Principal ID for RBAC role assignment | <UNSTRUCTURED_SP_ID> | Unstructured |
| 2 | Unstructured Subscription ID | Subscription ID for private endpoint approval | <DI_AZURE_SUBSCRIPTION_ID> | Unstructured |
dfs for hierarchical namespace operations. You must approve the private endpoint connection request. To do so, navigate to Storage Account > Networking > Private endpoint connections.
Example: Azure role assignment
The following Azure CLI command assigns the Storage Blob Data Reader role to Unstructured’s service principal so the platform can read blobs in your storage account.
az role assignment create \
--assignee "<UNSTRUCTURED_SP_ID>" \
--role "Storage Blob Data Reader" \
--scope "/subscriptions/<SUBSCRIPTION_ID>/resourceGroups/<RESOURCE_GROUP>/providers/Microsoft.Storage/storageAccounts/<STORAGE_ACCOUNT>"
<UNSTRUCTURED_SP_ID> — Service principal ID for Unstructured (provided during onboarding)<SUBSCRIPTION_ID> — Your Azure subscription ID<RESOURCE_GROUP> — Resource group that contains the storage account<STORAGE_ACCOUNT> — Storage account name
Azure OpenAI
Azure OpenAI supports private endpoint access. Unstructured creates a private endpoint in our VNet to access the your Azure OpenAI resource privately.
| Order | Information Required | Description | Example | Owner |
|---|
| 1 | Azure OpenAI Resource Name | Name of the Azure OpenAI resource | customer-openai | Customer |
| 1 | Azure OpenAI Resource ID | Full Azure Resource ID | /subscriptions/…/providers/Microsoft.CognitiveServices/accounts/customer-openai | Customer |
| 1 | Azure OpenAI Region | Region where the resource is deployed | eastus | Customer |
| 1 | Deployment Name(s) | Model deployment names to access | gpt-4-deployment, embedding-deployment | Customer |
| 1 | Sub-resource Type | Always account for Azure OpenAI | account | Customer |
| 2 | Unstructured Service Principal ID | Service Principal ID for RBAC role assignment | <UNSTRUCTURED_SP_ID> | Unstructured |
| 2 | Unstructured Subscription ID | Subscription ID for private endpoint approval | <DI_AZURE_SUBSCRIPTION_ID> | Unstructured |
az role assignment create \
--assignee "<UNSTRUCTURED_SP_ID>" \
--role "Cognitive Services OpenAI User" \
--scope "/subscriptions/<SUBSCRIPTION_ID>/resourceGroups/<RESOURCE_GROUP>/providers/Microsoft.CognitiveServices/accounts/<OPENAI_RESOURCE>"
<UNSTRUCTURED_SP_ID> — Service principal ID for Unstructured (provided during onboarding)<SUBSCRIPTION_ID> — Your Azure subscription ID<RESOURCE_GROUP> — Resource group that contains the storage account<OPENAI_RESOURCE> — Your Azure OpenAI Resource ID
After the role assignment:
- Firewall: On the Azure OpenAI resource, configure networking so public access is disabled and traffic is allowed only as required for your private endpoint design.
- Approve the connection: In the Azure portal, go to the OpenAI resource > Networking > Private endpoint connections, then approve the pending private endpoint connection from Unstructured.
Azure Databricks
Azure Databricks supports Private Link for both front-end (user-to-workspace) and back-end (compute-to-control plane) connectivity. You must have Private Link enabled on your workspace.
| Order | Information Required | Description | Example | Owner |
|---|
| 1 | Databricks Workspace URL | The workspace URL | adb-1234567890123456.12.azuredatabricks.net | Customer |
| 1 | Databricks Workspace Resource ID | Full Azure Resource ID of the workspace | /subscriptions/…/providers/Microsoft.Databricks/workspaces/customer-workspace | Customer |
| 1 | Databricks Workspace Region | Azure region where workspace is deployed | eastus | Customer |
| 1 | Sub-resource Type | databricks_ui_api for workspace access | databricks_ui_api | Customer |
| 2 | Unstructured Subscription ID | Subscription ID for private endpoint approval | <DI_AZURE_SUBSCRIPTION_ID> | Unstructured |
| 3 | Private endpoint DNS | The private endpoint DNS for the workspace | adb-1234567890123456.12.privatelink.azuredatabricks.net | Customer |
az network private-endpoint-connection approve \
--resource-group "<RESOURCE_GROUP>" \
--resource-name "<WORKSPACE_NAME>" \
--name "<PRIVATE_ENDPOINT_NAME>" \
--type Microsoft.Databricks/workspaces
<RESOURCE_GROUP> — Resource group that contains the Databricks workspace<WORKSPACE_NAME> — Name of the Databricks workspace resource<PRIVATE_ENDPOINT_NAME> — Name of the private endpoint connection (shown in the portal or provided by Unstructured)
Azure Managed Services with private endpoint access
This section applies to Azure Managed Services that support private endpoint access, including: Azure AI Search, Azure SQL Database, Azure SQL Managed Instance, Azure Cosmos DB, Azure Database for PostgreSQL, Azure Database for MySQL, and Azure Synapse Analytics.
The Order column indicates the general sequence for the information exchange. Items with the same order value can usually be provided at the same stage.
| Order | Information Required | Description | Example | Owner |
|---|
| 1 | Service Type | The Azure managed service being accessed | Azure AI Search, Azure SQL | Customer |
| 1 | Resource Name | Name of the Azure resource | my-search-service | Customer |
| 1 | Resource ID | Full Azure Resource ID | /subscriptions/…/providers/Microsoft.Search/searchServices/my-search | Customer |
| 1 | Service Region | Region where the service is hosted | eastus | Customer |
| 1 | Sub-Resource Type | The sub-resource type for Private Link (see table below) | searchService, sqlServer | Customer |
| 1 | Service Port | Port the service listens on | 443 (AI Search), 1433 (SQL) | Customer |
| 2 | Unstructured Service Principal ID | Service Principal ID for RBAC role assignment | <UNSTRUCTURED_SP_ID> | Unstructured |
| 2 | Unstructured Subscription ID | Subscription ID to approve for private endpoint | <DI_AZURE_SUBSCRIPTION_ID> | Unstructured |
| Service | Sub-Resource Type |
|---|
| AI Search | searchService |
| Azure SQL Database | sqlServer |
| Azure SQL Managed Instance | managedInstance |
| Azure Cosmos DB (SQL API) | Sql |
| Azure Cosmos DB (MongoDB API) | MongoDB |
| Azure Database for PostgreSQL | postgresqlServer |
| Azure Database for MySQL | mysqlServer |
| Azure Synapse Analytics | Sql, SqlOnDemand, Dev |
