Problem reaching openai through the Azure API

I am trying to use the Azure API in the Cursor Settings. The base URL, deployment name and API Key is valid and the switch is green.

When testing the AI I got a problem reaching openai.azure.com with the following error: {"error":{"code":"403","message": "Access denied due to Virtual Network/Firewall rules."}}

I’ve tried to go through the openai resource in Azure, checking the firewalls and virtual networks. Making sure my ip address has access and a whole bunch of other things, but I keep getting the same error. Do I need to allow access from ‘All networks’ (including the internet)?

Anyone know what I can do to fix this?
Many thanks in advance!
Dan

Allow access from ‘All networks’ in ‘Networking’ in my Azure OpenAI resource makes it work. But ideally I would like to have some sort of Firewall or Vnet on, but that seem to break it? (Even though I have my own IP access listed as ok). Anyone with similar solutions?

Azure configuration is weird, I went through some tutorials where yes: many things only work if you allow access from ‘All networks’ in a variety of tutorials. However how exposed you are depends on where that service/resource resides in your cloud network.

MSFT does sell as an upcharge/additional service azure-bastion. Following the recommended config (and paying up per month) will likely help explain how this outer bastion can protect your cloud-internal networks.
https://azure.microsoft.com/en-us/products/azure-bastion

Looks like it has been a while since I’ve completed those tutorials. However from the linked material it seems the solution is to pay for Azure Bastion (first cost) → connect to VM on internal network (jump server additional cost) → connect to internal cloud network with your AI service (third cost).