Skip to main content

Overview

Bifrost Enterprise supports Azure AI Language PII as a guardrail provider for detecting personally identifiable information in request and response text. This provider is separate from Azure Content Safety. Azure Content Safety focuses on harmful content, jailbreaks, and blocklists. Azure AI Language PII focuses on PII entity recognition.

How It Works

  1. You create an Azure AI Language resource.
  2. You create a Bifrost guardrail provider with provider_name: "azure-pii".
  3. You optionally choose PII categories, language, model version, and domain.
  4. You attach the provider to one or more guardrail rules.
  5. Bifrost calls Azure Language PII analysis for selected request or response text.
  6. Bifrost applies the configured action.
Azure AI Language PII currently evaluates text content. It does not inspect image pixels or arbitrary binary file contents.

Capabilities

  • PII detection through Azure AI Language
  • Category filtering with pii_categories
  • Optional phi domain for protected health information scenarios
  • API key, default credential, and Entra ID authentication
  • detect_only, block, and redact actions
  • Bifrost-managed redaction strategies and modes

Configuration Fields

FieldTypeRequiredDefaultDescription
endpointstringYes-Azure AI Language endpoint. Supports env.AZURE_LANGUAGE_ENDPOINT.
auth_typeenumNoapi_keyapi_key, default_credential, or entra_id.
api_keystringConditional-Required when auth_type is api_key. Supports env.AZURE_LANGUAGE_KEY.
client_idstringConditional-Required when auth_type is entra_id.
client_secretstringConditional-Required when auth_type is entra_id.
tenant_idstringConditional-Required when auth_type is entra_id.
scopesarrayNoAzure defaultOAuth scopes for token authentication.
api_versionstringNo2026-05-01Azure Language API version.
languagestringNoenDocument language.
model_versionstringNolatestAzure model version.
domainenumNononenone or phi.
pii_categoriesarrayNoall categoriesAzure PII categories to detect.
actionenumNodetect_onlydetect_only, block, or redact.
redaction_strategyenumNoreplacereplace, mask, or hash. Used when action is redact.
redaction_modeenumNoruntimeruntime, logs_only, or runtime_reversible. Used when action is redact.
logging_opt_outbooleanNoAzure defaultRequests Azure not to log input text when supported by the service.
string_index_typestringNoUnicodeCodePointMust be UnicodeCodePoint; other Azure offset modes are rejected.
timeoutintegerNoprovider defaultProvider execution timeout in seconds.
For the full redaction behavior matrix, see Guardrail Redaction.

Configuration

  1. Go to Guardrails > Providers.
  2. Select Azure AI Language PII.
  3. Click Add Configuration.
  4. Enter the endpoint and authentication settings.
  5. Optionally choose PII categories, language, model version, and domain.
  6. Choose an action. Select Redact to enable Bifrost-managed redaction.
  7. If redacting, choose the redaction strategy and mode.
  8. Save the configuration and attach it to a guardrail rule.

Authentication Modes

auth_typeRequired fieldsNotes
api_keyendpoint, api_keySimple key-based authentication.
default_credentialendpointUses Azure default credentials, such as managed identity or Azure CLI credentials.
entra_idendpoint, client_id, client_secret, tenant_idUses an Entra ID service principal.

Category Filters

Leave pii_categories empty to let Azure evaluate all supported categories for the selected language, model, and domain. Set pii_categories when you want a narrower policy, such as Email, PhoneNumber, or USSocialSecurityNumber.
Bifrost requires string_index_type: "UnicodeCodePoint" because Azure’s returned offsets must map correctly back to Bifrost’s text ranges. Other Azure string index modes are rejected during configuration validation.

Operational Notes

  • The default action is detect_only, so set action: "redact" or action: "block" when you want enforcement.
  • domain: "phi" enables Azure’s protected health information domain where supported by the service.
  • logging_opt_out controls Azure service-side logging behavior; it is separate from Bifrost’s own content logging settings.
  • Redaction modes affect Bifrost runtime payloads, Bifrost logs, and trace-export connectors as described in Guardrail Redaction.