AzureFeeds

Agents are transforming the way the world works, ushering in a new age of automation, efficiency, and exceptional customer experiences. These intelligent systems are revolutionizing industries, evolving from task-specific chatbots into interconnected networks of specialized agents capable of handling complex processes and adapting seamlessly to dynamic environments.  

To deploy AI agents responsibly and at scale, businesses must have confidence in the underlying platform—specifically, assurance that all agent activity and customer data is secure and fully under their control. We specifically designed the new Foundry Agent Service’s standard agent setup with these requirements in mind and prioritizes bringing building new observability, evaluation, and security features. 

We’re also excited to introduce support for Bring Your Own (BYO) Thread Storage with Azure Cosmos DB for NoSQL as a core component of the standard agent setup. With the addition of this feature, all Foundry projects created using the Standard Agent Setup will use customer managed, single tenant resources to store all customer data processed by the service. 

Built-in Enterprise Readiness with Foundry Agent Service Standard Setup 

Azure AI Foundry Agent Service offers three environment configuration modes tailored to different needs. Whether you’re a startup focused on speed and flexibility or an enterprise in a highly regulated industry, each setup is designed to meet you where you are—with the right balance of performance, security, and compliance. 

Like traditional applications, agents are stateful and require storage to retain information across interactions. Azure AI Foundry Agent Service’s standard agent setup is designed for enterprise customers and by default ensures that all sensitive customer data processed by your agents remains securely within your Azure resources. 

The required Bring Your Own (BYO) Azure resources include: 

• BYO File Storage: All files uploaded by developers (during agent configuration) or end-users (during interactions) are stored directly in the customer’s Azure Storage account. 

• BYO Search: All vector stores created by the agent leverage the customer’s Azure AI Search resource. 


• BYO Thread Storage: All customer messages and conversation history will be stored in the customer’s own Azure Cosmos DB account. 

Project-Level Data Isolation 

Standard setup enforces project-level data isolation by default. Two blob storage containers will automatically be provisioned in your storage account, one for files and one for intermediate system data (chunks, embeddings) and three containers will be provisioned in your Cosmos DB, one for user systems, one for system messages, and one for model inputs and outputs. This default behavior was chosen to reduce configuration complexity while still enforcing strict data boundaries—ensuring each project has a clean, isolated storage footprint without requiring manual setup. 

Private Network Isolation 

Standard setup supports private network isolation through virtual network injection, which gives you full control over the inbound and outbound communication paths for your agent. You can restrict access to only the resources explicitly required by your agent, such as storage accounts, databases, or APIs, while blocking all other traffic by default. This approach ensures that your agent operates within a tightly scoped network boundary, reducing the risk of data leakage or unauthorized access. By default, this setup simplifies security configuration while enforcing strong isolation guarantees—ensuring that each agent deployment remains secure, compliant, and aligned with enterprise networking policies. 

New Foundry Resource Provider 

The new Foundry resource type introduces a unified management experience for agents, models, evaluations, and finetuning under a single Azure resource provider namespace. We understand the need for interconnectivity between all our offerings across AI Foundry and want to provide you with the core building blocks to use them together seamlessly.  The consolidation enables administrators to apply all enterprise promises to not just agents-but all AI capabilities in your Foundry project. A few of these enterprise promises include:  

• New built-in RBAC roles provide up-to-date role definitions to help admins differentiate access between Administrator, Project Manager and Project Users.  

• Customer managed keys enable enterprises to bring their own encryption keys for securing sensitive agent data, ensuring compliance with internal security policies and regulatory requirements while maintaining full control over data access and lifecycle. 

Additionally, the new Foundry API, designed from the ground up for agentic applications, allows developers to build and evaluate across model providers using a consistent, API-first interface—further simplifying integration and accelerating development. These enhancements empower developers to accelerate experimentation and time-to-market, while giving IT admins a self-serve platform to manage agents, models, and Azure integrations cohesively. 

Why should you trust agents?  

Ensuring Robust Agent Evaluation and Monitoring (AgentOps) 

Azure AI Foundry Agent Service is revolutionizing enterprise AI by ensuring robust evaluation and monitoring for intelligent agents. Built-in evaluation tools allow developers to measure agent accuracy, task adherence, and overall performance under real-world conditions. This proactive approach highlights gaps and optimizes agent behavior, ensuring readiness for mission-critical tasks. 

To enhance transparency and efficiency, OpenTelemetry-based tracing offers detailed insights into data flows, intermediate steps, and function calls during agent processes. This capability helps identify performance bottlenecks and refine workflows, ensuring seamless integration within enterprise systems. Monitoring and reporting dashboards further track key metrics like response time, error rates, and task completion, enabling businesses to address issues promptly. 

Together, these features establish a foundation of reliability and security for multi-agent systems. Azure AI Foundry empowers organizations to deploy scalable, adaptable, and efficient AI agents, paving the way for smarter workflows and groundbreaking solutions in a connected world. 

Strengthening Security with Agent ID  

Built-In Governance and Safety  

Conclusion 

The future of AI depends on trust and collaboration—only with both can scalable systems truly redefine workflows and unlock groundbreaking solutions. Azure AI Foundry is empowering organizations to step boldly into this future, unlocking the limitless possibilities of AI agents to shape a smarter, more connected world.  

Whether you’re deploying an agent to deliver personalized shopping recommendations or to process confidential legal documents, each use case requires a different level of security, access control, and system safeguards. That’s why we’ve built transparency and control into the foundation of our platform—so you can tailor your deployment to match your specific risk profile and operational needs. 

Get started today by deploying one of our one-click “Deploy to Azure” ARM templates. 

What’s Next?  

• Build your first network secured Agent through ARM template 

• Explore the documentation to learn more about Azure AI Foundry Agent Service  

• Start building your agents today in Azure AI Foundry  

• Watch our Foundry Agent Service breakout session at Build