Share via

PII Entity Recognition: `Password` category never detected

Mory 20 Reputation points
2026-02-05T06:29:00.0066667+00:00

Hello, I’m using Azure AI Services – Language PII Entity Recognition via REST, but the Password category is never detected, even when explicitly included in piiCategories.

  • Azure Region: Japan East
  • Service: Azure AI services
  • API: 2025-11-15-preview
  • Client: REST
  • API: Analyze Text
  • Path: /language/:analyze-text
  • api-version: 2025-11-15-preview
  • kind: PiiEntityRecognition

Person / URL detected depending on input. Password is never returned in the entities list.

payload

{
  "kind": "PiiEntityRecognition",
  "parameters": {
	"modelVersion": "2025-11-15-preview",
    "piiCategories": ["Password", "Person", "URL"],
	},
	"analysisInput": {     
		"documents": [  
		     { 
		        "id": "1", 
		        "language": "en",
		        "text": "Dummy text for testing. My name is 
			}
    ]
  }
}

result

{'kind': 'PiiEntityRecognitionResults', 'results': {'statistics': {'documentsCount': 1, 'validDocumentsCount': 1, 'erroneousDocumentsCount': 0, 'transactionsCount': 1}, 'documents': [{'redactedText': 'Dummy text for testing. My name is ****. Password is test_password_1234. Link: *******************', 'id': '1', 'statistics': {'charactersCount': 98, 'transactionsCount': 1}, 'entities': [{'text': 'john', 'category': 'Person', 'type': 'Person', 'offset': 35, 'length': 4, 'mask': '****', 'maskOffset': 35, 'maskLength': 4, 'confidenceScore': 1.0, 'tags': [{'name': 'Person', 'confidenceScore': 1.0}]}, {'text': 'https://example.com', 'category': 'URL', 'type': 'URL', 'offset': 79, 'length': 19, 'mask': '*******************', 'maskOffset': 79, 'maskLength': 19, 'confidenceScore': 0.8, 'tags': [{'name': 'URL', 'confidenceScore': 0.8}]}], 'warnings': []}], 'errors': [], 'modelVersion': '2025-11-15-preview'}}
  1. Is Password expected to detect generic “password is …” patterns in text, or is it limited to specific Azure-related formats (e.g., AzurePublishSettingPassword)?
  2. Are there any known limitations (Preview behavior, English Only, region/model availability) that would explain why Password is never detected?
  3. Is my usage of POST /language/:analyze-text with api-version=2025-11-15-preview correct for Password detection?
Foundry Tools
Foundry Tools

Formerly known as Azure AI Services or Azure Cognitive Services is a unified collection of prebuilt AI capabilities within the Microsoft Foundry platform

0 comments
Answer accepted by question author
  1. Jerald Felix 11,130 Reputation points Volunteer Moderator
    2026-02-05T09:09:45.04+00:00

    Hello Mory,

    Thanks for raising it in the Q&A forum! Azure AI Language's PII detection does not have a general "Password" category for detecting plain-text passwords in arbitrary text. The service focuses on structured, identifiable PII entities like Social Security Numbers, phone numbers, email addresses, and identification documents.

    However, Azure does detect specific password-related entities that follow recognizable patterns:

    AzurePublishSettingPassword: Azure-specific publish setting passwords

    SQL Server Connection Strings: Which may contain embedded passwords

    Azure Storage Account Keys: Authentication keys that function as passwords

    Azure Document DB Auth Keys: Database authentication credentials

    These require the password to be part of a structured format (like connection strings or Azure-specific credentials) rather than standalone plain-text passwords.

    Why Generic Passwords Aren't Detected

    PII detection relies on Named Entity Recognition (NER) with machine learning models trained on structured patterns. Generic passwords in free-form text (like "my password is xyz123") don't follow predictable patterns that distinguish them from regular words, making reliable detection extremely difficult.

    The service is designed to identify formatted, standardized PII rather than context-dependent sensitive information that requires semantic understanding.

    Recommended Approaches

    Use Specific PII Categories: If you're trying to detect Azure-related credentials, explicitly specify the relevant categories in your piiCategories parameter:

    json
{
  "piiCategories": [
    "AzurePublishSettingPassword",
    "SQLServerConnectionString",
    "AzureStorageAccountKey"
  ]
}

    Custom Detection: For plain-text password detection in unstructured text, consider implementing custom pattern matching or keyword-based detection alongside Azure PII detection. Look for contextual phrases like "password:", "pwd:", "pass:", followed by alphanumeric strings.​

    PHI Domain Filtering: If you're dealing with healthcare data where passwords might be mentioned in medical records, use domain=phi to focus on Protected Health Information entities, though this still won't detect generic passwords.l

    Known Limitations

    Azure AI Language PII detection accuracy varies based on language, locale, and entity type. The documentation doesn't provide detailed mapping of which categories are fully supported per language, and some expected entities may not be detected even when formatting appears correct.

    If this helps, kindly accept the answer.

    Best Regards,

    Jerald Felix

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.