Azure Cognitive Services containers

Azure Cognitive Services provides several Docker containers that let you use the same APIs that are available in Azure, on-premises. Using these containers gives you the flexibility to bring Cognitive Services closer to your data for compliance, security or other operational reasons. Container support is currently available for a subset of Azure Cognitive Services.

Containerization is an approach to software distribution in which an application or service, including its dependencies & configuration, is packaged together as a container image. With little or no modification, a container image can be deployed on a container host. Containers are isolated from each other and the underlying operating system, with a smaller footprint than a virtual machine. Containers can be instantiated from container images for short-term tasks, and removed when no longer needed.

Features and benefits

  • Immutable infrastructure: Enable DevOps teams' to leverage a consistent and reliable set of known system parameters, while being able to adapt to change. Containers provide the flexibility to pivot within a predictable ecosystem and avoid configuration drift.
  • Control over data: Choose where your data gets processed by Cognitive Services. This can be essential if you can't send data to the cloud but need access to Cognitive Services APIs. Support consistency in hybrid environments – across data, management, identity, and security.
  • Control over model updates: Flexibility in versioning and updating of models deployed in their solutions.
  • Portable architecture: Enables the creation of a portable application architecture that can be deployed on Azure, on-premises and the edge. Containers can be deployed directly to Azure Kubernetes Service, Azure Container Instances, or to a Kubernetes cluster deployed to Azure Stack. For more information, see Deploy Kubernetes to Azure Stack.
  • High throughput / low latency: Provide customers the ability to scale for high throughput and low latency requirements by enabling Cognitive Services to run physically close to their application logic and data. Containers do not cap transactions per second (TPS) and can be made to scale both up and out to handle demand if you provide the necessary hardware resources.
  • Scalability: With the ever growing popularity of containerization and container orchestration software, such as Kubernetes; scalability is at the forefront of technological advancements. Building on a scalable cluster foundation, application development caters to high availability.

Containers in Azure Cognitive Services

Azure Cognitive Services containers provide the following set of Docker containers, each of which contains a subset of functionality from services in Azure Cognitive Services. You can find instructions and image locations in the tables below. A list of container images is also available.

Decision containers

Service Container Description Availability
Anomaly detector Anomaly Detector (image) The Anomaly Detector API enables you to monitor and detect abnormalities in your time series data with machine learning. Generally available

Language containers

Service Container Description Availability
LUIS LUIS (image) Loads a trained or published Language Understanding model, also known as a LUIS app, into a docker container and provides access to the query predictions from the container's API endpoints. You can collect query logs from the container and upload these back to the LUIS portal to improve the app's prediction accuracy. Generally available
Language service Key Phrase Extraction (image) Extracts key phrases to identify the main points. For example, for the input text "The food was delicious and there were wonderful staff", the API returns the main talking points: "food" and "wonderful staff". Generally available
Language service Text Language Detection (image) For up to 120 languages, detects which language the input text is written in and report a single language code for every document submitted on the request. The language code is paired with a score indicating the strength of the score. Generally available
Language service Sentiment Analysis (image) Analyzes raw text for clues about positive or negative sentiment. This version of sentiment analysis returns sentiment labels (for example positive or negative) for each document and sentence within it. Generally available
Language service Text Analytics for health Extract and label medical information from unstructured clinical text. Generally available
Translator Translator Translate text in several languages and dialects. Gated preview. Request access.

Speech containers


To use Speech containers, you will need to complete an online request form.

Service Container Description Availability
Speech Service API Speech-to-text (image) Transcribes continuous real-time speech into text. Generally available
Speech Service API Custom Speech-to-text (image) Transcribes continuous real-time speech into text using a custom model. Generally available
Speech Service API Text-to-speech (image) Converts text to natural-sounding speech. Generally available
Speech Service API Custom Text-to-speech (image) Converts text to natural-sounding speech using a custom model. Gated preview
Speech Service API Neural Text-to-speech (image) Converts text to natural-sounding speech using deep neural network technology, allowing for more natural synthesized speech. Generally available
Speech Service API Speech language detection (image) Determines the language of spoken audio. Gated preview

Vision containers

Service Container Description Availability
Computer Vision Read OCR (image) The Read OCR container allows you to extract printed and handwritten text from images and documents with support for JPEG, PNG, BMP, PDF, and TIFF file formats. For more information, see the Read API documentation. Gated preview. Request access.
Spatial Analysis Spatial analysis (image) Analyzes real-time streaming video to understand spatial relationships between people, their movement, and interactions with objects in physical environments. Preview

Additionally, some containers are supported in the Cognitive Services multi-service resource offering. You can create one single Cognitive Services All-In-One resource and use the same billing key across supported services for the following services:

  • Computer Vision
  • LUIS
  • Language service


You must satisfy the following prerequisites before using Azure Cognitive Services containers:

Docker Engine: You must have Docker Engine installed locally. Docker provides packages that configure the Docker environment on macOS, Linux, and Windows. On Windows, Docker must be configured to support Linux containers. Docker containers can also be deployed directly to Azure Kubernetes Service or Azure Container Instances.

Docker must be configured to allow the containers to connect with and send billing data to Azure.

Familiarity with Microsoft Container Registry and Docker: You should have a basic understanding of both Microsoft Container Registry and Docker concepts, like registries, repositories, containers, and container images, as well as knowledge of basic docker commands.

For a primer on Docker and container basics, see the Docker overview.

Individual containers can have their own requirements, as well, including server and memory allocation requirements.

Azure Cognitive Services container security

Security should be a primary focus whenever you're developing applications. The importance of security is a metric for success. When you're architecting a software solution that includes Cognitive Services containers, it's vital to understand the limitations and capabilities available to you. For more information about network security, see Configure Azure Cognitive Services virtual networks.


By default there is no security on the Cognitive Services container API. The reason for this is that most often the container will run as part of a pod which is protected from the outside by a network bridge. However, it is possible to enable authentication which works identically to the authentication used when accessing the cloud-based Cognitive Services.

The diagram below illustrates the default and non-secure approach:

Container security

As an alternative and secure approach, consumers of Cognitive Services containers could augment a container with a front-facing component, keeping the container endpoint private. Let's consider a scenario where we use Istio as an ingress gateway. Istio supports HTTPS/TLS and client-certificate authentication. In this scenario, the Istio frontend exposes the container access, presenting the client certificate that is approved beforehand with Istio.

Nginx is another popular choice in the same category. Both Istio and Nginx act as a service mesh and offer additional features including things like load-balancing, routing, and rate-control.

Container networking

The Cognitive Services containers are required to submit metering information for billing purposes. Failure to allow list various network channels that the Cognitive Services containers rely on will prevent the container from working.

Allow list Cognitive Services domains and ports

The host should allow list port 443 and the following domains:

  • *
  • *

Disable deep packet inspection

Deep packet inspection (DPI) is a type of data processing that inspects in detail the data being sent over a computer network, and usually takes action by blocking, re-routing, or logging it accordingly.

Disable DPI on the secure channels that the Cognitive Services containers create to Microsoft servers. Failure to do so will prevent the container from functioning correctly.

Developer samples

Developer samples are available at our GitHub repository.

Next steps

Learn about container recipes you can use with the Cognitive Services.

Install and explore the functionality provided by containers in Azure Cognitive Services: