Skip to main content

Foundry Agent Service

Foundry Agent Service is Microsoft’s production-ready platform for building intelligent agents that can automate complex business workflows. It provides the infrastructure, tools, and governance needed to move from prototype to production with confidence.

Why Foundry Agent Service?

Most businesses want automation that’s faster and has fewer errors—whether it’s summarizing documents, processing invoices, managing support tickets, or publishing content. Large language models (LLMs) enable a new type of automation with systems that can understand unstructured data, make decisions, and generate content. However, moving beyond demos into production is challenging. LLMs can drift, be incorrect, and lack accountability. Without visibility, policy enforcement, and orchestration, these models are hard to trust in real business workflows. Foundry Agent Service solves these challenges by combining models, tools, frameworks, and governance into a unified system for building production-ready agents.

Architecture

Foundry Agent Service acts as the central hub connecting four key components:

AI Models

Access Azure OpenAI, Foundry Direct, and partner models

Tools & Frameworks

Code Interpreter, File Search, Azure Functions, and more

Governance & Compliance

Content Safety, RBAC, audit logs, network isolation

Orchestration

Manage conversations, coordinate tools, enforce policies
Agent Service connects these pieces into a single runtime that manages conversations, orchestrates tool calls, enforces content safety, and integrates with identity, networking, and observability systems.

Key Capabilities

Production-Ready Infrastructure

  • Persistent threads for multi-turn conversations
  • Automatic context management (up to 100,000 messages per thread)
  • Thread lifecycle management
  • Message history and retrieval
  • Server-side execution of tool calls
  • Automatic retry logic
  • Structured logging of all invocations
  • Parallel tool execution
  • Multi-step workflows
  • Integrated content filters for inputs and outputs
  • Prompt injection protection (including XPIA)
  • Policy-governed outputs
  • Jailbreak detection
  • Harmful content blocking
  • Bring your own Azure Storage
  • Bring your own Azure Cosmos DB
  • Bring your own Azure AI Search
  • Virtual network support
  • Customer-managed encryption keys
  • Full conversation tracing
  • Tool invocation logs
  • Performance metrics
  • Application Insights integration
  • Debug and replay capabilities
  • Microsoft Entra ID integration
  • Role-based access control (RBAC)
  • Managed identities
  • Audit logs
  • Conditional access support

The Agent Factory

Think of Foundry as an assembly line for intelligent agents. Like a modern factory, it brings together specialized stations that shape the final product:
1

1. Models

Select a model that gives your agent intelligence:
  • GPT-4o for complex reasoning
  • GPT-4 for advanced understanding
  • GPT-3.5-turbo for cost-effective scenarios
  • Other models from the catalog
2

2. Customizability

Shape the model to fit your use case:
  • Fine-tuning with domain data
  • Custom prompts and instructions
  • Model distillation
  • Few-shot learning
3

3. Knowledge and Tools

Equip your agent with capabilities:
  • File Search for document retrieval
  • Code Interpreter for analysis
  • Azure AI Search for enterprise data
  • Azure Functions for system integration
4

4. Orchestration

Coordinate the full lifecycle:
  • Handle tool calls automatically
  • Update conversation state
  • Manage retries and failures
  • Log all outputs
5

5. Observability

Monitor and improve:
  • Capture logs and traces
  • Run evaluations
  • Track performance metrics
  • Integrate with Application Insights
6

6. Trust

Ensure reliability and safety:
  • Microsoft Entra authentication
  • RBAC and permissions
  • Content filters
  • Network isolation
  • Data encryption
The result is an agent ready for production: reliable, extensible, and safe to deploy.

Getting Started

Prerequisites

  • Azure subscription with permission to create Foundry resources
  • A Foundry project (setup guide)
  • A deployed model compatible with agents

Quick Start

from azure.ai.projects import AIProjectClient
from azure.identity import DefaultAzureCredential
import os

# Initialize client
project = AIProjectClient(
    endpoint=os.environ["PROJECT_ENDPOINT"],
    credential=DefaultAzureCredential(),
)

# Create agent
agent = project.agents.create_agent(
    model="gpt-4o",
    name="customer-support",
    instructions="You are a helpful customer support assistant.",
)

# Create thread
thread = project.agents.threads.create()

# Send message
message = project.agents.messages.create(
    thread_id=thread.id,
    role="user",
    content="Hello, I need help with my order.",
)

# Run agent
run = project.agents.runs.create_and_poll(
    thread_id=thread.id,
    agent_id=agent.id
)

# Get response
if run.status == "completed":
    messages = project.agents.messages.list(thread_id=thread.id)
    for msg in messages:
        print(f"{msg['role']}: {msg['content']}")

Setup Options

Agent Service offers three environment configurations:
Quick start with managed resources
  • Platform-managed storage
  • Fastest setup time
  • Compatible with OpenAI Assistants API
  • Supports non-OpenAI models
  • Includes Azure AI Search and Bing tools
Best for: Development, testing, proof of concepts

Supported Models

Agent Service supports multiple model families:
Model FamilyModelsBest For
Azure OpenAIGPT-4o, GPT-4, GPT-3.5-turboGeneral purpose, tool calling
Foundry DirectDeepSeek, xAILatest innovations
Partner ModelsLlama 3, Claude, MistralSpecialized tasks
For the latest model support, see Model region support.

Security and Compliance

Safety Controls

  • Content Filters: Block harmful inputs and outputs
  • Prompt Injection Protection: Defend against XPIA attacks
  • Jailbreak Detection: Identify attempts to bypass safety
  • Policy Enforcement: Govern all agent outputs

Data Controls

  • Network Isolation: Private endpoints and VNet support
  • Data Residency: Choose your storage location
  • Encryption: At-rest and in-transit encryption
  • Customer-Managed Keys: Full control over encryption

Access Controls

  • Microsoft Entra ID: Enterprise authentication
  • RBAC: Fine-grained permissions
  • Managed Identities: Secure service-to-service auth
  • Audit Logs: Complete activity tracking

Business Continuity

Agent Service supports resilience through customer-provisioned resources:
  • Azure Cosmos DB: Provision your own account for BCDR
  • Multi-Region: Automatic failover to secondary regions
  • State Preservation: All agent state in your Cosmos DB
  • Recovery: Seamless continuation after outages
For configuration guidance, see Use your own resources.

Pricing

Using Agent Service incurs costs from:
  • Model deployments: Token-based or provisioned throughput
  • Azure resources: Storage, Cosmos DB, AI Search (if using Standard Setup)
  • Tool usage: Code Interpreter sessions (additional charges)
  • Data transfer: Network egress charges
To understand cost drivers, see Plan and manage costs.

Regional Availability

Agent Service availability varies by region and model. Check the Model region support page for details.

Next Steps

Environment Setup

Deploy your agent infrastructure

Standard Setup

Configure enterprise features

Threads & Runs

Understand agent execution

Agent Tools

Explore built-in capabilities

Build docs developers (and LLMs) love

Get started for freeTalk to us