Microsoft, Amazon offer dedicated AI instances for enterprise data privacy
Serge Bulaev
Microsoft and Amazon now offer special AI setups that may help keep enterprise data private, which is something banks and health networks often ask for. These solutions separate the company's data from the tech provider's main systems, which might stop chat logs from leaking or being reused. Some experts say this could help companies meet privacy rules and audit needs without slowing down their AI projects. However, there appear to be some issues, like more work for the customer to manage safety and certain data still being stored unless deleted. This trend suggests companies may continue to use both private and public AI systems to balance privacy, cost, and speed.

Microsoft and Amazon are now offering dedicated AI instances for enterprise data privacy, a critical safeguard for organizations like large banks, insurers, and health networks. This approach addresses common fears that chat logs could leak or be reused by separating model execution and storage from public provider infrastructure.
As regulatory pressure mounts, tech executives describe these isolated deployments as a pragmatic solution. They allow enterprises to maintain momentum with generative AI while satisfying strict internal audit requirements that prohibit sharing sensitive data with external services.
How Microsoft Implements Tenant Isolation
Microsoft's dedicated instances run on isolated hardware within a customer's Azure tenant, preventing data from reaching public OpenAI servers. Enterprises can prevent data use for training/human review, but stopping all logging requires active configuration of zero-retention policies and is not automatically guaranteed for all audit purposes.
Through the Azure OpenAI Service, clients with Enterprise or Microsoft Customer Agreements can deploy a dedicated resource directly in their own Azure tenant. Prompts and completions can be set for "zero retention" by enabling Modified Abuse Monitoring via a support ticket, as detailed in the How to opt-in for zero data retention guide. Unlike standard endpoints that log data for 30 days, this dedicated path bypasses storage in Microsoft-managed queues and prevents human review.
Key implementation details include:
- Azure OpenAI ensures data is retained in the selected Azure region, though the infrastructure involves hybrid Microsoft/OpenAI components.
- Zero retention (mode: none) can be configured at account or project level and applies to inference prompts and outputs across Messages, Chat Completions, and Responses APIs. Fine-tuning datasets are stored separately and retained until manually deleted, but zero retention does not apply to them as they are not part of transient inference calls.
- The zero retention setting is not self-service and must be requested via a support ticket for each individual resource.
Microsoft and Amazon Offer Dedicated Instances to Keep Enterprise Data Off Model Providers' Systems in Practice
Amazon Bedrock provides a similar private environment for using Anthropic's Claude models. According to the Claude by Anthropic - Models in Amazon Bedrock - AWS page, most inputs and outputs are retained within the customer's AWS account when zero retention is configured, but models requiring provider_data_share share data with Anthropic for up to 30 days, and abuse detection may retain data under default mode. For auditing, all activity is logged in CloudTrail, and Bedrock Guardrails can be configured to automatically redact Personally Identifiable Information (PII) and block restricted topics.
Zero retention is configured directly via the Bedrock API, SDK, or console under Data retention settings. No support ticket is needed.
Adoption Trends and Remaining Gaps
Security remains a significant obstacle to mass LLM adoption according to industry reports. In response, hybrid strategies are becoming popular, where firms use cheaper public APIs for low-risk tasks and reserve private, dedicated instances for workloads involving confidential data.
Furthermore, the cost-effectiveness of private hosting improves with scale. Industry analysis suggests that self-hosted servers can achieve cost parity with cloud APIs over time when usage reaches substantial volumes.
In regulated industries like financial services, a structured approach is essential. Ippon USA proposes a four-step playbook for adopting services like Bedrock: assess compliance gaps, build with PrivateLink for network isolation, guard with SIEM and PII filters, and scale only after passing audits. This framework helps align deployments with regulations like GDPR and HIPAA.
Practical Limitations
Despite the significant privacy benefits of dedicated instances, enterprises should be aware of several practical limitations often discussed in customer forums:
1. Increased Operational Overhead: When zero retention is enabled, responsibility for content safety monitoring shifts to the client, as Microsoft's human review process is disabled.
2. Persistent Data in Stateful Features: In Azure, stateful services like the Assistants API will store data indefinitely. This data is not covered by zero retention policies and requires explicit deletion by the user.
3. Trade-offs for Newest Models: Gaining access to the latest Anthropic models might require agreeing to a 30-day external data retention policy, forcing a choice between cutting-edge features and maximum data privacy.
Enterprises evaluating these trade-offs see dedicated instances as a strategic middle ground between fully public APIs and building models in-house. This trend points toward a lasting industry shift to hybrid AI architectures, allowing organizations to strategically balance development speed, cost, and stringent data control.