{"id":345,"date":"2026-04-13T17:57:24","date_gmt":"2026-04-13T17:57:24","guid":{"rendered":"https:\/\/www.devopsschool.com\/tutorials\/azure-microsoft-foundry-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-ai-machine-learning\/"},"modified":"2026-04-13T17:57:24","modified_gmt":"2026-04-13T17:57:24","slug":"azure-microsoft-foundry-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-ai-machine-learning","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/tutorials\/azure-microsoft-foundry-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-ai-machine-learning\/","title":{"rendered":"Azure Microsoft Foundry Tutorial: Architecture, Pricing, Use Cases, and Hands-On Guide for AI + Machine Learning"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">Category<\/h2>\n\n\n\n<p>AI + Machine Learning<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">1. Introduction<\/h2>\n\n\n\n<p><strong>Important naming note (read first):<\/strong> As of my latest verified product knowledge (through 2025-08), Microsoft\u2019s official Azure service name for the \u201cFoundry\u201d experience is <strong>Azure AI Foundry<\/strong> (previously branded as <strong>Azure AI Studio<\/strong> at <code>https:\/\/ai.azure.com\/<\/code>). The term <strong>\u201cMicrosoft Foundry\u201d<\/strong> is <strong>not<\/strong> consistently used as the official Azure product name in public documentation. In this tutorial, I will use <strong>Microsoft Foundry<\/strong> as the <em>primary term<\/em> (as requested), and I will explicitly map it to the Azure experience that Microsoft documents as <strong>Azure AI Foundry \/ Azure AI Studio<\/strong>. <strong>Verify the current branding and SKU names in the official docs<\/strong> before production adoption.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">What this service is<\/h3>\n\n\n\n<p><strong>Microsoft Foundry (Azure AI Foundry\/Azure AI Studio)<\/strong> is an Azure-hosted environment for <strong>building, testing, evaluating, and deploying generative AI applications<\/strong>\u2014especially those using large language models (LLMs)\u2014with enterprise controls (identity, networking, safety, governance) and integrations with Azure services.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Simple explanation (one paragraph)<\/h3>\n\n\n\n<p>Microsoft Foundry helps you go from \u201cI have a model\u201d to \u201cI have a working AI app\u201d by giving you a web-based workspace to connect to models (like Azure OpenAI), ground them with your data (often via Azure AI Search), test prompts, evaluate outputs, apply safety controls, and move toward deployment\u2014without needing to assemble everything from scratch.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Technical explanation (one paragraph)<\/h3>\n\n\n\n<p>Technically, Microsoft Foundry is a <strong>control-plane and developer experience<\/strong> that organizes AI work into <strong>hubs\/projects<\/strong>, manages <strong>connections<\/strong> to model endpoints and data sources, provides <strong>prompt engineering\/playgrounds<\/strong>, and supports workflows like <strong>RAG (retrieval-augmented generation)<\/strong> and evaluation. It typically relies on <strong>underlying Azure resources<\/strong>\u2014for example <strong>Azure OpenAI<\/strong> (or other model providers), <strong>Azure AI Search<\/strong>, <strong>Storage<\/strong>, <strong>Key Vault<\/strong>, and <strong>Azure Monitor<\/strong>\u2014which do the actual data storage, retrieval, inference, logging, and networking enforcement.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">What problem it solves<\/h3>\n\n\n\n<p>It reduces the friction and risk of building production-grade AI solutions by providing:\n&#8211; A structured workspace for AI development (projects, connections, evaluations)\n&#8211; Repeatable pathways to ground models on enterprise data\n&#8211; Integration points for identity, networking, monitoring, and safety\n&#8211; A practical bridge between experimentation and operationalization<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">2. What is Microsoft Foundry?<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Official purpose<\/h3>\n\n\n\n<p>Microsoft Foundry\u2019s purpose (as documented under Azure AI Foundry \/ Azure AI Studio) is to provide a <strong>unified environment<\/strong> for building generative AI applications on Azure\u2014connecting to foundation models, orchestrating prompts\/flows, grounding on data, applying safety, and preparing solutions for production.<\/p>\n\n\n\n<p>Official documentation entry points (verify current):\n&#8211; Azure AI Foundry \/ Azure AI Studio documentation: https:\/\/learn.microsoft.com\/azure\/ai-studio\/<br\/>\n&#8211; Azure OpenAI documentation (often used with Foundry): https:\/\/learn.microsoft.com\/azure\/ai-services\/openai\/<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Core capabilities<\/h3>\n\n\n\n<p>Commonly documented capabilities include:\n&#8211; <strong>Project-based organization<\/strong> (hubs\/projects) for AI work\n&#8211; <strong>Model selection and deployment<\/strong> via Azure model providers (commonly Azure OpenAI)\n&#8211; <strong>Playgrounds<\/strong> for chat\/completions and prompt iteration\n&#8211; <strong>Grounding \/ RAG workflows<\/strong> (commonly using Azure AI Search as a retrieval layer)\n&#8211; <strong>Evaluation<\/strong> concepts and tooling (capabilities evolve; verify in official docs)\n&#8211; <strong>Safety<\/strong> features (content filtering, policy controls depend on provider; verify)\n&#8211; <strong>Connections management<\/strong> to underlying services (model endpoints, search, storage, etc.)<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Major components (conceptual)<\/h3>\n\n\n\n<p>Because Microsoft Foundry is a <em>workspace experience<\/em>, your solution typically consists of:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\n<p><strong>Foundry workspace (Hub\/Project)<\/strong>\n   &#8211; Organizes assets, connections, experiments, and evaluation artifacts.<\/p>\n<\/li>\n<li>\n<p><strong>Model provider resource<\/strong>\n   &#8211; Often <strong>Azure OpenAI<\/strong> for LLM inference (deployments like GPT family).\n   &#8211; In some cases, other model catalogs\/providers may be integrated\u2014<strong>verify availability<\/strong>.<\/p>\n<\/li>\n<li>\n<p><strong>Data grounding layer<\/strong>\n   &#8211; Frequently <strong>Azure AI Search<\/strong> (indexes enterprise content).\n   &#8211; Content often stored in <strong>Azure Blob Storage<\/strong>.<\/p>\n<\/li>\n<li>\n<p><strong>Security and secrets<\/strong>\n   &#8211; <strong>Microsoft Entra ID<\/strong> for identity and RBAC.\n   &#8211; <strong>Azure Key Vault<\/strong> for secrets\/keys (recommended).<\/p>\n<\/li>\n<li>\n<p><strong>Observability and governance<\/strong>\n   &#8211; <strong>Azure Monitor \/ Log Analytics<\/strong> for logs and metrics (where supported).\n   &#8211; Azure Policy, tagging, and resource locks for governance.<\/p>\n<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">Service type<\/h3>\n\n\n\n<p>Microsoft Foundry is best thought of as:\n&#8211; A <strong>managed Azure AI developer platform \/ control plane<\/strong> (web UX + APIs)\n&#8211; That <strong>orchestrates and configures<\/strong> underlying runtime services (model endpoints, search, storage, etc.)\n&#8211; Not typically billed as a single \u201ccompute\u201d SKU on its own; costs usually come from the connected services (details in Pricing section)<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Scope and locality (what to expect)<\/h3>\n\n\n\n<p>Because branding and implementation details evolve, validate for your tenant\/region. Typically:\n&#8211; <strong>Project-scoped<\/strong> for assets and configuration (within a hub\/workspace)\n&#8211; Backed by <strong>subscription-scoped<\/strong> Azure resources you create and pay for\n&#8211; <strong>Regional<\/strong> in the sense that connected resources (Azure OpenAI, AI Search, Storage) are deployed into regions you select and must comply with data residency requirements<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">How it fits into the Azure ecosystem<\/h3>\n\n\n\n<p>Microsoft Foundry sits in the Azure AI + Machine Learning stack alongside:\n&#8211; <strong>Azure OpenAI<\/strong> (LLM inference, deployments)\n&#8211; <strong>Azure Machine Learning<\/strong> (training\/ML ops; some overlap\u2014choose based on workload)\n&#8211; <strong>Azure AI Search<\/strong> (retrieval, indexing for RAG)\n&#8211; <strong>Azure AI Services<\/strong> (Vision, Language, Speech\u2014when integrated)\n&#8211; <strong>Azure Monitor<\/strong> and <strong>Microsoft Defender for Cloud<\/strong> for operations\/security<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">3. Why use Microsoft Foundry?<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Business reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Faster time-to-value:<\/strong> move from prototype to governed pilot more quickly.<\/li>\n<li><strong>Reuse and standardization:<\/strong> shared patterns for chat apps, RAG, and evaluation.<\/li>\n<li><strong>Reduced delivery risk:<\/strong> built-in guidance and integration points for enterprise controls.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Technical reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Unified workflow:<\/strong> model selection, prompt iteration, grounding, and testing in one place.<\/li>\n<li><strong>Easier RAG assembly:<\/strong> integrates the common building blocks (model + retrieval + data).<\/li>\n<li><strong>Production alignment:<\/strong> encourages use of Azure-native identity, networking, monitoring.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Operational reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Project separation:<\/strong> organize apps by environment\/team\/product.<\/li>\n<li><strong>Connection management:<\/strong> central handling of endpoints and data connectors.<\/li>\n<li><strong>Repeatable deployments:<\/strong> you can standardize how projects connect to shared services.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Security\/compliance reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Microsoft Entra ID integration<\/strong> and Azure RBAC.<\/li>\n<li><strong>Private networking options<\/strong> depend on the connected resources (Azure OpenAI private endpoints, AI Search private endpoints, Storage private endpoints).<\/li>\n<li><strong>Auditability<\/strong> via Azure activity logs and resource logs where enabled.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Scalability\/performance reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Inference scaling is handled by the <strong>model provider<\/strong> (for example Azure OpenAI deployment capacity and quotas).<\/li>\n<li>Retrieval scaling is handled by <strong>Azure AI Search<\/strong> (replicas\/partitions, query units).<\/li>\n<li>Data throughput depends on Storage and network design.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">When teams should choose it<\/h3>\n\n\n\n<p>Choose Microsoft Foundry when:\n&#8211; You are building <strong>generative AI apps<\/strong> (chat, assistants, summarization, Q&amp;A).\n&#8211; You need <strong>enterprise governance<\/strong> (RBAC, network isolation, logging).\n&#8211; You want a <strong>standard path<\/strong> for RAG with Azure-managed services.\n&#8211; You want a team-friendly workspace rather than ad-hoc notebooks\/scripts.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">When teams should not choose it<\/h3>\n\n\n\n<p>Avoid (or postpone) Microsoft Foundry if:\n&#8211; You need <strong>custom model training<\/strong> and full ML lifecycle (consider Azure Machine Learning).\n&#8211; You must deploy <strong>fully self-hosted<\/strong> models in your own cluster (consider AKS + open-source stacks).\n&#8211; Your use case is <strong>not generative AI<\/strong> (traditional ML pipelines may fit better elsewhere).\n&#8211; Your organization cannot use the required model provider regions\/quotas (Azure OpenAI availability and quota constraints are common blockers).<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">4. Where is Microsoft Foundry used?<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Industries<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Financial services:<\/strong> call-center assist, policy Q&amp;A, analyst summarization (with strict controls)<\/li>\n<li><strong>Healthcare\/life sciences:<\/strong> clinical documentation assistance, literature review (with compliance constraints)<\/li>\n<li><strong>Retail\/e-commerce:<\/strong> product support chat, catalog summarization, agent assist<\/li>\n<li><strong>Manufacturing:<\/strong> maintenance knowledge base, SOP Q&amp;A, incident summaries<\/li>\n<li><strong>Public sector:<\/strong> citizen services knowledge bots (subject to region\/data controls)<\/li>\n<li><strong>Software\/SaaS:<\/strong> in-product copilots, support deflection, developer assistants<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Team types<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Platform engineering teams building a <strong>shared AI platform<\/strong><\/li>\n<li>Application dev teams building <strong>chat\/RAG features<\/strong><\/li>\n<li>Security and compliance teams defining guardrails for AI usage<\/li>\n<li>Data\/analytics teams curating documents and search indexes<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Workloads<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Chatbots grounded in internal documents (RAG)<\/li>\n<li>Summarization pipelines (tickets, emails, meeting notes)<\/li>\n<li>Classification and routing (with LLMs)<\/li>\n<li>Content generation with safety filters and review loops<\/li>\n<li>Internal tools: \u201cask our policies\u201d, \u201cask our runbooks\u201d<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Architectures<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Web app + API backend + model inference endpoint + retrieval index<\/li>\n<li>Multi-tenant SaaS with per-tenant retrieval indexes<\/li>\n<li>Hub-and-spoke networking for AI services and data stores<\/li>\n<li>CI\/CD pipelines that promote configuration across dev\/test\/prod<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Real-world deployment contexts<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Dev\/test:<\/strong> prompt iteration, evaluation, small indexes, limited quotas<\/li>\n<li><strong>Production:<\/strong> private endpoints, monitored inference, controlled data ingestion, multi-region DR patterns (where supported), change management<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">5. Top Use Cases and Scenarios<\/h2>\n\n\n\n<p>Below are 10 realistic scenarios where Microsoft Foundry (Azure AI Foundry\/Azure AI Studio) commonly fits.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">1) Internal policy Q&amp;A (RAG)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> employees can\u2019t quickly find the right HR\/security policy.<\/li>\n<li><strong>Why this fits:<\/strong> Foundry helps connect an LLM deployment to a curated retrieval index (Azure AI Search).<\/li>\n<li><strong>Example:<\/strong> \u201cWhat\u2019s our travel reimbursement policy for international trips?\u201d answered with citations from the policy PDF.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">2) Customer support agent assist<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> agents waste time searching knowledge bases during live chats.<\/li>\n<li><strong>Why this fits:<\/strong> low-latency chat playground\/testing + retrieval integration.<\/li>\n<li><strong>Example:<\/strong> Agent tool suggests resolution steps based on product manuals and known issues.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">3) Ticket summarization and next-action drafting<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> long ticket threads reduce throughput and consistency.<\/li>\n<li><strong>Why this fits:<\/strong> prompt templates and evaluation allow consistent summarization quality.<\/li>\n<li><strong>Example:<\/strong> Summarize a 40-message incident thread and draft a customer update.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">4) RFP \/ proposal drafting with guardrails<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> sales teams need faster first drafts without leaking sensitive info.<\/li>\n<li><strong>Why this fits:<\/strong> enterprise identity, logging, and controlled data sources reduce risk.<\/li>\n<li><strong>Example:<\/strong> Draft an RFP response grounded only in approved product sheets.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">5) Engineering runbook assistant<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> on-call engineers lose time navigating runbooks and postmortems.<\/li>\n<li><strong>Why this fits:<\/strong> RAG over Markdown runbooks in Storage + search index.<\/li>\n<li><strong>Example:<\/strong> \u201cHow do we rotate the API signing key in service X?\u201d with step-by-step from runbooks.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">6) Compliance evidence collection assistant<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> audits require assembling evidence from many documents.<\/li>\n<li><strong>Why this fits:<\/strong> structured project workspace + retrieval reduces manual compilation.<\/li>\n<li><strong>Example:<\/strong> Generate a report of SOC2 evidence references with links to source docs.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">7) Document triage and routing<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> incoming emails\/forms must be classified and routed accurately.<\/li>\n<li><strong>Why this fits:<\/strong> iterative prompt testing and evaluation on labeled samples.<\/li>\n<li><strong>Example:<\/strong> Classify emails into \u201cbilling\u201d, \u201ctechnical\u201d, \u201caccount access\u201d and route to queues.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">8) Product catalog enrichment<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> inconsistent product descriptions and missing attributes.<\/li>\n<li><strong>Why this fits:<\/strong> prompt iteration and bulk testing patterns (implementation varies).<\/li>\n<li><strong>Example:<\/strong> Generate standardized descriptions, highlights, and safety disclaimers.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">9) Meeting notes summarization for regulated teams<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> meeting notes contain sensitive details and must be handled carefully.<\/li>\n<li><strong>Why this fits:<\/strong> Azure-native controls + logging and restricted data access.<\/li>\n<li><strong>Example:<\/strong> Summarize meeting transcript and generate action items with approved phrasing.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">10) Developer documentation assistant<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> engineers struggle to find the right internal API docs.<\/li>\n<li><strong>Why this fits:<\/strong> search index + chat interface reduces time-to-answer.<\/li>\n<li><strong>Example:<\/strong> \u201cHow do I request a token for service Y?\u201d answered from internal developer portal docs.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">6. Core Features<\/h2>\n\n\n\n<p>Because Microsoft Foundry is a product experience that evolves, <strong>verify feature availability in your tenant\/region<\/strong>. The items below reflect commonly documented Foundry\/AI Studio capabilities.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Feature 1: Hubs\/Projects (workspace organization)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> structures AI work into logical containers (projects) and shared governance\/configuration (hub).<\/li>\n<li><strong>Why it matters:<\/strong> supports separation of duties and clean dev\/test\/prod organization.<\/li>\n<li><strong>Practical benefit:<\/strong> consistent access control and resource connections across a team.<\/li>\n<li><strong>Limitations\/caveats:<\/strong> naming and structure may differ by release; verify in the current portal\/docs.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Feature 2: Model connection and deployments (often Azure OpenAI)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> allows you to use LLM deployments hosted by Azure OpenAI (and potentially other providers\/catalogs depending on region).<\/li>\n<li><strong>Why it matters:<\/strong> simplifies inference access for apps and playgrounds.<\/li>\n<li><strong>Practical benefit:<\/strong> faster setup and standardized authentication patterns.<\/li>\n<li><strong>Limitations\/caveats:<\/strong> model availability is <strong>region- and quota-dependent<\/strong>; approvals may be required.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Feature 3: Prompt\/Chat playgrounds<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> interactive UI for testing prompts, system messages, parameters, and sample conversations.<\/li>\n<li><strong>Why it matters:<\/strong> reduces iteration time and allows stakeholders to test behavior.<\/li>\n<li><strong>Practical benefit:<\/strong> faster prompt tuning and reproducible prompt patterns.<\/li>\n<li><strong>Limitations\/caveats:<\/strong> playground behavior is not always identical to your production app\u2019s runtime (middleware, safety filters, tool calling).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Feature 4: Grounding \/ \u201cchat with your data\u201d patterns (RAG)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> integrates retrieval (commonly Azure AI Search) with an LLM to answer using your documents.<\/li>\n<li><strong>Why it matters:<\/strong> reduces hallucinations and makes answers verifiable via citations.<\/li>\n<li><strong>Practical benefit:<\/strong> quick path to enterprise knowledge bots.<\/li>\n<li><strong>Limitations\/caveats:<\/strong> quality depends heavily on indexing, chunking, and query strategy; costs increase with search and tokens.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Feature 5: Connections management<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> manages references to underlying resources (model endpoints, search services, storage, keys).<\/li>\n<li><strong>Why it matters:<\/strong> reduces hardcoding and supports environment promotion patterns.<\/li>\n<li><strong>Practical benefit:<\/strong> easier rotation of keys\/endpoints and separation of secrets.<\/li>\n<li><strong>Limitations\/caveats:<\/strong> use managed identity where possible; avoid sharing broad-privilege keys.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Feature 6: Safety and content filtering (provider-dependent)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> uses built-in safety systems (commonly Azure OpenAI content filters) to reduce harmful content.<\/li>\n<li><strong>Why it matters:<\/strong> enterprise risk reduction and policy alignment.<\/li>\n<li><strong>Practical benefit:<\/strong> safer outputs and more controlled deployment.<\/li>\n<li><strong>Limitations\/caveats:<\/strong> safety filters are not a substitute for application-level policy checks; false positives\/negatives occur.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Feature 7: Evaluation concepts and workflows (capability varies)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> supports evaluating responses across datasets and prompts\/flows.<\/li>\n<li><strong>Why it matters:<\/strong> brings discipline to \u201cprompt changes\u201d and reduces regressions.<\/li>\n<li><strong>Practical benefit:<\/strong> more reliable releases and fewer surprises.<\/li>\n<li><strong>Limitations\/caveats:<\/strong> evaluation features and metrics evolve quickly; <strong>verify in official docs<\/strong> and test with your domain data.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Feature 8: Role-based access and governance alignment<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> uses Entra ID and Azure RBAC patterns to control access.<\/li>\n<li><strong>Why it matters:<\/strong> reduces data leakage and supports least privilege.<\/li>\n<li><strong>Practical benefit:<\/strong> predictable access reviews and audit trails.<\/li>\n<li><strong>Limitations\/caveats:<\/strong> misconfigured RBAC is common; private endpoints require careful DNS\/network planning.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">7. Architecture and How It Works<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">High-level service architecture<\/h3>\n\n\n\n<p>At a high level, Microsoft Foundry provides a <strong>workspace UX<\/strong> and configuration layer. Your app traffic typically does <strong>not<\/strong> \u201cgo through Foundry\u201d in production. Instead:\n&#8211; Developers use Foundry to configure and test.\n&#8211; Production apps call <strong>Azure OpenAI<\/strong> (or other model endpoints) directly.\n&#8211; RAG flows call <strong>Azure AI Search<\/strong> (retrieval) and may fetch documents from Storage.\n&#8211; Logs\/metrics flow to Azure Monitor where supported.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Request\/data\/control flow (typical RAG chat)<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>User asks a question in your app (web\/mobile\/Teams).<\/li>\n<li>App sends the question to your backend API.<\/li>\n<li>Backend queries Azure AI Search for relevant chunks (or uses an \u201con your data\u201d extension pattern).<\/li>\n<li>Backend sends prompt + retrieved context to Azure OpenAI chat completions.<\/li>\n<li>Backend returns answer (and citations) to the user.<\/li>\n<li>Telemetry and audit logs are emitted to monitoring systems.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">Integrations with related Azure services<\/h3>\n\n\n\n<p>Common integrations:\n&#8211; <strong>Azure OpenAI<\/strong> for LLM inference and safety filters<br\/>\n  https:\/\/learn.microsoft.com\/azure\/ai-services\/openai\/\n&#8211; <strong>Azure AI Search<\/strong> for indexing and retrieval<br\/>\n  https:\/\/learn.microsoft.com\/azure\/search\/\n&#8211; <strong>Azure Storage (Blob)<\/strong> for document storage<br\/>\n  https:\/\/learn.microsoft.com\/azure\/storage\/blobs\/\n&#8211; <strong>Azure Key Vault<\/strong> for secrets<br\/>\n  https:\/\/learn.microsoft.com\/azure\/key-vault\/\n&#8211; <strong>Azure Monitor \/ Log Analytics<\/strong> for observability<br\/>\n  https:\/\/learn.microsoft.com\/azure\/azure-monitor\/\n&#8211; <strong>Private Link<\/strong> for private endpoints (service-dependent)<br\/>\n  https:\/\/learn.microsoft.com\/azure\/private-link\/<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Dependency services (what you usually need)<\/h3>\n\n\n\n<p>Microsoft Foundry solutions typically rely on:\n&#8211; One or more <strong>model deployments<\/strong> (Azure OpenAI)\n&#8211; Optional <strong>search index<\/strong> (Azure AI Search) for RAG\n&#8211; <strong>Storage<\/strong> for documents and ingestion pipelines\n&#8211; <strong>Identity<\/strong> (Entra ID) + RBAC<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Security\/authentication model (typical)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Human access via <strong>Microsoft Entra ID<\/strong> authentication to Azure portal\/Foundry portal.<\/li>\n<li>App-to-service auth usually via:<\/li>\n<li><strong>Managed Identity<\/strong> (preferred) when supported, or<\/li>\n<li><strong>API keys<\/strong> stored in <strong>Key Vault<\/strong> (fallback), rotated regularly<\/li>\n<li>Authorization via <strong>Azure RBAC<\/strong> at subscription\/resource group\/resource scope.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Networking model (typical)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>In dev\/test, many teams start with public endpoints + IP firewalls.<\/li>\n<li>In production, use:<\/li>\n<li><strong>Private Endpoints<\/strong> for Azure OpenAI, Storage, AI Search (where supported)<\/li>\n<li>VNet integration, private DNS zones, controlled egress via firewall\/NVA<\/li>\n<li>Ensure DNS resolution works across VNets and on-prem.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Monitoring\/logging\/governance considerations<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Enable <strong>diagnostic settings<\/strong> for Azure OpenAI, AI Search, Storage (where available) to Log Analytics\/Event Hub\/Storage.<\/li>\n<li>Track:<\/li>\n<li>Token usage (model cost driver)<\/li>\n<li>Search queries and latency<\/li>\n<li>Error rates, throttling, and content filter blocks<\/li>\n<li>Apply <strong>resource tags<\/strong>, Azure Policy, and naming conventions from day 1.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Simple architecture diagram (Mermaid)<\/h3>\n\n\n\n<pre><code class=\"language-mermaid\">flowchart LR\n  U[User] --&gt; A[App (Web\/API)]\n  A --&gt; S[Azure AI Search (RAG Retrieval)]\n  A --&gt; O[Azure OpenAI (LLM Deployment)]\n  S --&gt; A\n  O --&gt; A\n  A --&gt; U\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Production-style architecture diagram (Mermaid)<\/h3>\n\n\n\n<pre><code class=\"language-mermaid\">flowchart TB\n  subgraph Client\n    U[Users]\n  end\n\n  subgraph Edge\n    FD[Front Door \/ App Gateway (optional)]\n  end\n\n  subgraph AppVNet[Application VNet]\n    API[Backend API Service\\n(App Service\/AKS\/Functions)]\n    KV[Azure Key Vault]\n    MON[Azure Monitor \/ Log Analytics]\n  end\n\n  subgraph DataVNet[Data\/AI VNet]\n    PE_OAI[Private Endpoint - Azure OpenAI]\n    PE_SRCH[Private Endpoint - Azure AI Search]\n    PE_STG[Private Endpoint - Blob Storage]\n    SRCH[Azure AI Search]\n    STG[Blob Storage]\n    OAI[Azure OpenAI]\n  end\n\n  U --&gt; FD --&gt; API\n\n  API --&gt; KV\n  API --&gt; MON\n\n  API --&gt; PE_SRCH --&gt; SRCH\n  API --&gt; PE_STG --&gt; STG\n  API --&gt; PE_OAI --&gt; OAI\n\n  SRCH --&gt; MON\n  OAI --&gt; MON\n  STG --&gt; MON\n<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">8. Prerequisites<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Account\/subscription\/tenant requirements<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>An <strong>Azure subscription<\/strong> where you can create resources.<\/li>\n<li>A <strong>resource group<\/strong> for the lab (recommended).<\/li>\n<li>Access to <strong>Azure OpenAI<\/strong> if you plan to use OpenAI models (this may require eligibility\/approval depending on your tenant and region). Verify: https:\/\/learn.microsoft.com\/azure\/ai-services\/openai\/overview<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Permissions \/ IAM roles<\/h3>\n\n\n\n<p>Minimum suggested roles for the lab (scope: resource group):\n&#8211; <strong>Contributor<\/strong> (to create resources)\n&#8211; Plus resource-specific roles if your organization restricts creation:\n  &#8211; Search service contributor\/admin (for Azure AI Search)\n  &#8211; Storage account contributor (for Blob)\n  &#8211; Key Vault administrator\/secrets officer (if using Key Vault)<\/p>\n\n\n\n<p>In production, separate duties (platform vs app vs security).<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Billing requirements<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A subscription with an active billing method.<\/li>\n<li>Be aware that <strong>Azure OpenAI<\/strong> and <strong>Azure AI Search<\/strong> are paid services; there is no safe guarantee of zero cost.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Tools needed<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Web browser access to:<\/li>\n<li>Azure portal: https:\/\/portal.azure.com\/<\/li>\n<li>Foundry\/AI Studio portal (commonly): https:\/\/ai.azure.com\/<\/li>\n<li>Optional (for validation via code):<\/li>\n<li>Python 3.10+ (recommended)<\/li>\n<li><code>pip<\/code> to install packages<\/li>\n<li>Azure CLI (optional): https:\/\/learn.microsoft.com\/cli\/azure\/install-azure-cli<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Region availability<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Choose regions where <strong>Azure OpenAI<\/strong> is available to your subscription\/tenant and where the model you need is offered.<\/li>\n<li>Choose a region for <strong>Azure AI Search<\/strong> and <strong>Storage<\/strong> that meets data residency.<\/li>\n<li><strong>Verify regional availability<\/strong>:<\/li>\n<li>Azure OpenAI regions\/models change over time; check official docs and your portal.<\/li>\n<li>Azure AI Search is regional; features vary by SKU.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Quotas\/limits<\/h3>\n\n\n\n<p>Common constraints to plan for:\n&#8211; Azure OpenAI <strong>quota and rate limits<\/strong> per model\/deployment.\n&#8211; Azure AI Search <strong>SKU limits<\/strong> (index size, replicas\/partitions, query volume).\n&#8211; Storage account limits (less often an issue for small labs).<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Prerequisite services<\/h3>\n\n\n\n<p>For the hands-on lab, you will typically create:\n&#8211; Azure OpenAI resource + model deployment\n&#8211; Azure AI Search service\n&#8211; Azure Storage account (Blob container for documents)<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">9. Pricing \/ Cost<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Pricing model (accurate, non-fabricated)<\/h3>\n\n\n\n<p>Microsoft Foundry itself is typically a <strong>management and development experience<\/strong>; the primary costs usually come from <strong>underlying Azure resources<\/strong> you connect and use:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\n<p><strong>Azure OpenAI<\/strong>\n   &#8211; Billed primarily by <strong>tokens<\/strong> (input\/output) and sometimes by additional dimensions depending on model and features.\n   &#8211; Pricing varies by <strong>model<\/strong>, <strong>region<\/strong>, and <strong>API\/version<\/strong>.\n   &#8211; Official pricing: https:\/\/azure.microsoft.com\/pricing\/details\/cognitive-services\/openai-service\/<\/p>\n<\/li>\n<li>\n<p><strong>Azure AI Search<\/strong>\n   &#8211; Billed by <strong>search units \/ SKU capacity<\/strong> (replicas\/partitions), plus optional features.\n   &#8211; Official pricing: https:\/\/azure.microsoft.com\/pricing\/details\/search\/<\/p>\n<\/li>\n<li>\n<p><strong>Azure Storage (Blob)<\/strong>\n   &#8211; Billed by <strong>data stored (GB-month)<\/strong>, <strong>transactions<\/strong>, and <strong>data transfer<\/strong>.\n   &#8211; Official pricing: https:\/\/azure.microsoft.com\/pricing\/details\/storage\/blobs\/<\/p>\n<\/li>\n<li>\n<p><strong>Networking<\/strong>\n   &#8211; <strong>Bandwidth\/egress<\/strong> charges may apply (especially cross-region or to internet).\n   &#8211; Private endpoints may add costs (Private Link) depending on configuration and traffic.\n   &#8211; Pricing varies; check the Azure Pricing Calculator.<\/p>\n<\/li>\n<li>\n<p><strong>Monitoring<\/strong>\n   &#8211; Log Analytics ingestion and retention costs can be significant at scale.\n   &#8211; Official pricing: https:\/\/azure.microsoft.com\/pricing\/details\/monitor\/<\/p>\n<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">Free tier (if applicable)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Azure has free tiers\/trials for some services, but <strong>Azure OpenAI is not generally \u201cfree tier\u201d<\/strong> in the way basic services might be.<\/li>\n<li>For AI Search, some tiers may be low-cost, but availability changes\u2014<strong>verify in the official pricing pages and in your subscription<\/strong>.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Cost drivers (what makes bills go up)<\/h3>\n\n\n\n<p>For LLM apps:\n&#8211; <strong>Tokens<\/strong>: longer prompts + longer answers + more retrieval context = higher cost.\n&#8211; <strong>Chat concurrency<\/strong>: more users and higher QPS increases spend.\n&#8211; <strong>RAG retrieval overhead<\/strong>: search queries, re-ranking, and large contexts can increase token usage and search load.\n&#8211; <strong>Index size and refresh rate<\/strong>: frequent ingestion and large indexes increase AI Search and storage usage.\n&#8211; <strong>Observability<\/strong>: verbose logging of prompts\/responses (also a security risk) increases Monitor costs.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Hidden or indirect costs<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>CI\/CD environments<\/strong> that deploy duplicate resources.<\/li>\n<li><strong>Data movement<\/strong> across regions (egress).<\/li>\n<li><strong>Private networking complexity<\/strong> leading to extra infrastructure (DNS, firewall, NAT).<\/li>\n<li><strong>Key Vault and secrets rotation pipelines<\/strong> (minor cost, but operational overhead).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Network\/data transfer implications<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Keep Azure OpenAI, AI Search, Storage, and your app in the <strong>same region<\/strong> when possible.<\/li>\n<li>Avoid cross-region retrieval + inference unless required for resiliency or residency.<\/li>\n<li>For on-prem clients, consider ExpressRoute\/peering strategies.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">How to optimize cost (practical)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Minimize tokens:<\/li>\n<li>Use shorter system prompts<\/li>\n<li>Cap max output tokens<\/li>\n<li>Summarize conversation history<\/li>\n<li>Retrieve fewer chunks; tune chunk size<\/li>\n<li>Choose the lowest-cost model that meets quality\/latency requirements.<\/li>\n<li>Use caching for repeated queries (application layer).<\/li>\n<li>Right-size AI Search (replicas\/partitions) and scale based on demand.<\/li>\n<li>Log safely:<\/li>\n<li>Avoid storing full prompts\/responses unless necessary and approved<\/li>\n<li>Use sampling and redaction where possible<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Example low-cost starter estimate (non-numeric)<\/h3>\n\n\n\n<p>A small pilot typically includes:\n&#8211; 1 Azure OpenAI deployment with low traffic (cost driven by tokens)\n&#8211; 1 small Azure AI Search service (lowest practical SKU in your region)\n&#8211; A small Blob container for documents\n&#8211; Minimal Log Analytics retention<\/p>\n\n\n\n<p>Because prices vary by region\/model\/SKU, build an estimate in the <strong>Azure Pricing Calculator<\/strong>:\nhttps:\/\/azure.microsoft.com\/pricing\/calculator\/<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Example production cost considerations<\/h3>\n\n\n\n<p>In production, plan for:\n&#8211; Multiple deployments (dev\/test\/prod) and possibly multiple models\n&#8211; Higher token volume and concurrency (peak hours)\n&#8211; AI Search scaling (replicas for availability, partitions for index size)\n&#8211; Private endpoints + firewall\/NVA costs\n&#8211; Monitoring ingestion and retention\n&#8211; If building a multi-tenant SaaS: per-tenant indexes and isolation increase AI Search cost<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">10. Step-by-Step Hands-On Tutorial<\/h2>\n\n\n\n<p>This lab is designed to be <strong>beginner-friendly<\/strong>, <strong>real<\/strong>, and <strong>low-risk<\/strong>, while staying aligned to how Microsoft Foundry (Azure AI Foundry\/Azure AI Studio) is commonly used: connect a model, add grounding data via search, and test a chat experience.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Objective<\/h3>\n\n\n\n<p>Create a minimal RAG-style \u201cchat with your data\u201d experience using Microsoft Foundry on Azure by:\n1. Deploying an LLM in Azure OpenAI\n2. Creating a small document corpus in Azure Blob Storage\n3. Indexing and querying that corpus with Azure AI Search\n4. Using the Foundry portal to test grounded Q&amp;A\n5. Validating access and cleaning up resources<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Lab Overview<\/h3>\n\n\n\n<p>You will create these resources in a single Azure resource group:\n&#8211; Azure OpenAI resource + model deployment\n&#8211; Azure Storage account + blob container + uploaded docs\n&#8211; Azure AI Search service + index (created via the Foundry\/assistant workflow or manually as supported)\n&#8211; A Foundry project\/workspace to connect everything and test chat<\/p>\n\n\n\n<p><strong>Expected outcome:<\/strong> You can ask a question in the Foundry chat experience and receive an answer that references (cites) the uploaded documents.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 1: Create a resource group<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Open Azure portal: https:\/\/portal.azure.com\/<\/li>\n<li>Go to <strong>Resource groups<\/strong> \u2192 <strong>Create<\/strong><\/li>\n<li>Set:\n   &#8211; Subscription: your subscription\n   &#8211; Resource group name: <code>rg-foundry-lab<\/code>\n   &#8211; Region: pick a region that supports Azure OpenAI for your tenant (verify in portal)<\/li>\n<li>Select <strong>Review + create<\/strong> \u2192 <strong>Create<\/strong><\/li>\n<\/ol>\n\n\n\n<p><strong>Expected outcome:<\/strong> A new resource group exists and is empty.<\/p>\n\n\n\n<p><strong>Verification<\/strong>\n&#8211; Open <code>rg-foundry-lab<\/code> and confirm it appears in the portal.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 2: Create an Azure OpenAI resource<\/h3>\n\n\n\n<blockquote>\n<p>If you don\u2019t have access to Azure OpenAI in your tenant, you will be blocked here. In that case, stop and request access per your organization\u2019s process and Microsoft\u2019s requirements.<\/p>\n<\/blockquote>\n\n\n\n<ol class=\"wp-block-list\">\n<li>In Azure portal, select <strong>Create a resource<\/strong><\/li>\n<li>Search for <strong>Azure OpenAI<\/strong> (or \u201cAzure AI services | OpenAI\u201d depending on portal labeling)<\/li>\n<li>Create the resource:\n   &#8211; Subscription: same as the lab\n   &#8211; Resource group: <code>rg-foundry-lab<\/code>\n   &#8211; Region: choose a supported region\n   &#8211; Name: <code>oai-foundry-lab-&lt;unique&gt;<\/code>\n   &#8211; Pricing tier: as available<\/li>\n<li>Select <strong>Review + create<\/strong> \u2192 <strong>Create<\/strong><\/li>\n<\/ol>\n\n\n\n<p><strong>Expected outcome:<\/strong> The Azure OpenAI resource is deployed successfully.<\/p>\n\n\n\n<p><strong>Verification<\/strong>\n&#8211; Open the resource and confirm it shows \u201cSucceeded\u201d deployment status.\n&#8211; Note the <strong>Endpoint<\/strong> value (you\u2019ll need it later if doing code validation).<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 3: Deploy a chat model in Azure OpenAI<\/h3>\n\n\n\n<p>The exact model list changes frequently (and varies by region). Use a small\/efficient chat model suitable for pilots if available.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Open your Azure OpenAI resource<\/li>\n<li>Go to <strong>Model deployments<\/strong> (wording may vary)<\/li>\n<li>Select <strong>Create deployment<\/strong><\/li>\n<li>Choose:\n   &#8211; Model: choose an available chat model (for example a GPT-family chat model)\n   &#8211; Deployment name: <code>chat-model<\/code><\/li>\n<li>Create the deployment<\/li>\n<\/ol>\n\n\n\n<p><strong>Expected outcome:<\/strong> You have a deployment named <code>chat-model<\/code>.<\/p>\n\n\n\n<p><strong>Verification<\/strong>\n&#8211; Confirm the deployment status is healthy\/available.\n&#8211; If the portal shows quota errors, see Troubleshooting.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 4: Create a Storage account and upload documents<\/h3>\n\n\n\n<p>You\u2019ll upload a few small text files to simulate enterprise knowledge.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>In Azure portal \u2192 <strong>Create a resource<\/strong> \u2192 search <strong>Storage account<\/strong><\/li>\n<li>Create:\n   &#8211; Resource group: <code>rg-foundry-lab<\/code>\n   &#8211; Name: <code>stfoundrylab&lt;unique&gt;<\/code>\n   &#8211; Region: same as OpenAI\/Search (recommended)\n   &#8211; Redundancy: choose a low-cost option appropriate for a lab<\/li>\n<li>Create the storage account<\/li>\n<\/ol>\n\n\n\n<p>Now upload sample documents:\n1. Open the storage account \u2192 <strong>Data storage<\/strong> \u2192 <strong>Containers<\/strong> \u2192 <strong>+ Container<\/strong>\n2. Name: <code>docs<\/code>\n3. Public access level: <strong>Private (no anonymous access)<\/strong>\n4. Create the container\n5. Open <code>docs<\/code> container \u2192 <strong>Upload<\/strong>\n6. Upload 2\u20135 small files, for example:\n   &#8211; <code>return-policy.txt<\/code>\n   &#8211; <code>warranty.txt<\/code>\n   &#8211; <code>support-contacts.txt<\/code><\/p>\n\n\n\n<p>Example content you can paste into files locally before upload:<\/p>\n\n\n\n<p><code>return-policy.txt<\/code><\/p>\n\n\n\n<pre><code class=\"language-text\">Return Policy (Lab)\n- Returns accepted within 30 days of delivery with proof of purchase.\n- Items must be in original condition.\n- Refunds processed within 7-10 business days after inspection.\n<\/code><\/pre>\n\n\n\n<p><code>support-contacts.txt<\/code><\/p>\n\n\n\n<pre><code class=\"language-text\">Support Contacts (Lab)\n- For billing questions: billing@example.com\n- For technical support: support@example.com\n- Support hours: Mon-Fri, 9am-5pm local time\n<\/code><\/pre>\n\n\n\n<p><strong>Expected outcome:<\/strong> A private blob container contains your documents.<\/p>\n\n\n\n<p><strong>Verification<\/strong>\n&#8211; In the container, confirm files are listed and sizes are &gt; 0 bytes.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 5: Create an Azure AI Search service<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>In Azure portal \u2192 <strong>Create a resource<\/strong> \u2192 search for <strong>Azure AI Search<\/strong> (may appear as \u201cAzure Cognitive Search\u201d in some UIs; verify current naming in your portal)<\/li>\n<li>Create:\n   &#8211; Resource group: <code>rg-foundry-lab<\/code>\n   &#8211; Name: <code>srch-foundry-lab-&lt;unique&gt;<\/code>\n   &#8211; Region: same as OpenAI and Storage (recommended)\n   &#8211; Pricing tier: choose a small tier for a lab<\/li>\n<li>Create the search service<\/li>\n<\/ol>\n\n\n\n<p><strong>Expected outcome:<\/strong> An Azure AI Search service is deployed.<\/p>\n\n\n\n<p><strong>Verification<\/strong>\n&#8211; Open the Search service and confirm provisioning succeeded.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 6: Open Microsoft Foundry (Azure AI Foundry\/Azure AI Studio) and create a project<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Navigate to the Foundry portal (commonly): https:\/\/ai.azure.com\/<\/li>\n<li>Sign in with the same Entra ID user that has access to the subscription.<\/li>\n<li>Create or select a <strong>Hub<\/strong> (if prompted).<\/li>\n<li>Create a <strong>Project<\/strong>:\n   &#8211; Name: <code>foundry-rag-lab<\/code>\n   &#8211; Associate it with your subscription and resource group (<code>rg-foundry-lab<\/code>) when asked.<\/li>\n<\/ol>\n\n\n\n<p><strong>Expected outcome:<\/strong> You have a Foundry project workspace.<\/p>\n\n\n\n<p><strong>Verification<\/strong>\n&#8211; Confirm the project dashboard loads and you can access its settings\/connections.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 7: Create connections to Azure OpenAI and Azure AI Search<\/h3>\n\n\n\n<p>Exact UI labels change. The general goal is:\n&#8211; Foundry can use your <strong>Azure OpenAI deployment<\/strong> (<code>chat-model<\/code>)\n&#8211; Foundry can use your <strong>Azure AI Search<\/strong> and <strong>Blob documents<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>In the Foundry project, find <strong>Connections<\/strong> (or <strong>Settings \u2192 Connections<\/strong>).<\/li>\n<li>Add a connection to your <strong>Azure OpenAI<\/strong> resource.\n   &#8211; Authentication method may be key-based or Entra-based depending on support.\n   &#8211; Prefer Entra\/managed identity where supported; otherwise store keys securely.<\/li>\n<li>Add a connection to your <strong>Azure AI Search<\/strong> service.<\/li>\n<li>Add a connection to your <strong>Blob Storage<\/strong> container (<code>docs<\/code>) if required by the \u201cadd data\u201d workflow.<\/li>\n<\/ol>\n\n\n\n<p><strong>Expected outcome:<\/strong> The project shows active connections to OpenAI and Search (and Storage if needed).<\/p>\n\n\n\n<p><strong>Verification<\/strong>\n&#8211; Each connection should show a \u201cConnected\u201d or equivalent status.\n&#8211; If connection tests fail, see Troubleshooting.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 8: Build \u201cchat with your data\u201d (RAG) in the Foundry chat experience<\/h3>\n\n\n\n<p>This step depends on the portal\u2019s current workflow. Many tenants provide an \u201cAdd your data\u201d or \u201cGrounding\u201d experience that:\n&#8211; ingests content from Blob\n&#8211; creates\/uses an Azure AI Search index\n&#8211; configures the chat runtime to retrieve relevant chunks and cite sources<\/p>\n\n\n\n<p>General steps:\n1. In the Foundry project, open <strong>Chat playground<\/strong> (or similar).\n2. Select your model deployment: <code>chat-model<\/code>.\n3. Look for <strong>Add your data<\/strong> \/ <strong>Grounding<\/strong> \/ <strong>Data sources<\/strong>.\n4. Select:\n   &#8211; Data source type: Azure Blob Storage (documents)\n   &#8211; Search service: <code>srch-foundry-lab-...<\/code>\n   &#8211; Storage container: <code>docs<\/code>\n5. Start ingestion\/index creation (the portal may create an index for you).\n6. After ingestion completes, ask questions like:\n   &#8211; \u201cWhat is the return window?\u201d\n   &#8211; \u201cHow do I contact billing support?\u201d<\/p>\n\n\n\n<p><strong>Expected outcome:<\/strong> The assistant answers using your uploaded content and (often) provides citations\/links to sources.<\/p>\n\n\n\n<p><strong>Verification<\/strong>\n&#8211; Confirm responses mention \u201c30 days\u201d and the support emails.\n&#8211; If citations are enabled, confirm it references the correct file(s).<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 9 (Optional): Validate with a minimal Python call to the deployed model<\/h3>\n\n\n\n<p>This optional step confirms your Azure OpenAI deployment works outside the portal. It does <strong>not<\/strong> include RAG\u2014just a basic chat completion.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Get an API key for Azure OpenAI (if you\u2019re using key auth) from the Azure OpenAI resource.<\/li>\n<li>On your machine:<\/li>\n<\/ol>\n\n\n\n<pre><code class=\"language-bash\">python -m venv .venv\n# Windows: .\\.venv\\Scripts\\activate\nsource .venv\/bin\/activate\n\npip install openai\n<\/code><\/pre>\n\n\n\n<ol class=\"wp-block-list\" start=\"3\">\n<li>Create <code>test_chat.py<\/code>:<\/li>\n<\/ol>\n\n\n\n<pre><code class=\"language-python\">import os\nfrom openai import AzureOpenAI\n\nendpoint = os.environ[\"AZURE_OPENAI_ENDPOINT\"]\napi_key = os.environ[\"AZURE_OPENAI_API_KEY\"]\ndeployment = os.environ[\"AZURE_OPENAI_DEPLOYMENT\"]  # e.g., \"chat-model\"\n\nclient = AzureOpenAI(\n    azure_endpoint=endpoint,\n    api_key=api_key,\n    api_version=os.environ.get(\"AZURE_OPENAI_API_VERSION\", \"2024-02-15-preview\"),\n)\n\nresp = client.chat.completions.create(\n    model=deployment,\n    messages=[\n        {\"role\": \"system\", \"content\": \"You are a helpful assistant.\"},\n        {\"role\": \"user\", \"content\": \"Say hello in one sentence and confirm you are running on Azure OpenAI.\"},\n    ],\n    temperature=0.2,\n)\n\nprint(resp.choices[0].message.content)\n<\/code><\/pre>\n\n\n\n<ol class=\"wp-block-list\" start=\"4\">\n<li>Set environment variables and run (Linux\/macOS):<\/li>\n<\/ol>\n\n\n\n<pre><code class=\"language-bash\">export AZURE_OPENAI_ENDPOINT=\"https:\/\/&lt;your-resource-name&gt;.openai.azure.com\/\"\nexport AZURE_OPENAI_API_KEY=\"&lt;your-key&gt;\"\nexport AZURE_OPENAI_DEPLOYMENT=\"chat-model\"\nexport AZURE_OPENAI_API_VERSION=\"2024-02-15-preview\"\n\npython test_chat.py\n<\/code><\/pre>\n\n\n\n<p><strong>Expected outcome:<\/strong> You see a coherent one-sentence response from the model.<\/p>\n\n\n\n<p><strong>Verification<\/strong>\n&#8211; If you get 401\/403, your endpoint\/key\/deployment name is wrong or blocked by policy.\n&#8211; If you get 404, the deployment name or API version may be incorrect. <strong>Verify in official docs<\/strong> for the latest supported API version.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Validation<\/h3>\n\n\n\n<p>Use this checklist to confirm the lab is working end-to-end:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>[ ] Azure OpenAI resource exists and has a model deployment <code>chat-model<\/code><\/li>\n<li>[ ] Blob container <code>docs<\/code> exists and contains your files<\/li>\n<li>[ ] Azure AI Search exists and the index\/ingestion completed<\/li>\n<li>[ ] Foundry project shows connections to OpenAI\/Search\/Storage (as applicable)<\/li>\n<li>[ ] Chat playground answers questions with facts from your documents (and citations if enabled)<\/li>\n<li>[ ] (Optional) Python script can call the Azure OpenAI deployment successfully<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Troubleshooting<\/h3>\n\n\n\n<p><strong>Issue: Azure OpenAI not available \/ cannot create resource<\/strong>\n&#8211; Cause: Tenant not approved, region not supported, or policy blocked.\n&#8211; Fix: Verify eligibility and follow Microsoft guidance: https:\/\/learn.microsoft.com\/azure\/ai-services\/openai\/overview<\/p>\n\n\n\n<p><strong>Issue: Quota exceeded \/ deployment creation fails<\/strong>\n&#8211; Cause: No quota for the chosen model\/region.\n&#8211; Fix: Request quota increase (process varies), choose a different model\/region, or delete unused deployments.<\/p>\n\n\n\n<p><strong>Issue: Foundry portal cannot connect to Azure OpenAI<\/strong>\n&#8211; Cause: Wrong auth method, missing RBAC, firewall restrictions, private endpoint\/DNS misconfig.\n&#8211; Fix:\n  &#8211; Confirm the account has access to the Azure OpenAI resource.\n  &#8211; If using private endpoints, verify DNS resolution from the environment and that the Foundry workflow supports your networking design.<\/p>\n\n\n\n<p><strong>Issue: Ingestion\/indexing fails<\/strong>\n&#8211; Cause: Storage permissions, unsupported file type, search SKU limitations.\n&#8211; Fix:\n  &#8211; Confirm container is accessible to the ingestion workflow (identity\/keys).\n  &#8211; Use simple <code>.txt<\/code> files first.\n  &#8211; Check Azure AI Search SKU and limits.<\/p>\n\n\n\n<p><strong>Issue: Answers don\u2019t reference documents<\/strong>\n&#8211; Cause: Grounding not enabled, retrieval not configured, poor chunking\/indexing, or the question doesn\u2019t match the doc terms.\n&#8211; Fix:\n  &#8211; Confirm data source is enabled for the chat session.\n  &#8211; Ask more specific questions (\u201creturn window\u201d, \u201cbilling email\u201d).\n  &#8211; Re-ingest after changing docs.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Cleanup<\/h3>\n\n\n\n<p>To avoid ongoing charges, delete the entire resource group:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Azure portal \u2192 Resource groups \u2192 <code>rg-foundry-lab<\/code><\/li>\n<li>Select <strong>Delete resource group<\/strong><\/li>\n<li>Type the resource group name to confirm \u2192 <strong>Delete<\/strong><\/li>\n<\/ol>\n\n\n\n<p><strong>Expected outcome:<\/strong> All lab resources (OpenAI\/Search\/Storage) are removed and billing stops for them.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">11. Best Practices<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Architecture best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Separate <strong>dev\/test\/prod<\/strong> subscriptions or at least resource groups.<\/li>\n<li>Keep OpenAI, Search, Storage, and your app in the <strong>same region<\/strong> to reduce latency and egress.<\/li>\n<li>Use a <strong>RAG reference architecture<\/strong>:<\/li>\n<li>Stable chunking strategy<\/li>\n<li>Explicit citations<\/li>\n<li>Query rewriting and guardrails (where appropriate)<\/li>\n<li>Build an \u201cevaluation gate\u201d into releases: prompt\/config changes should be tested.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">IAM\/security best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Prefer <strong>managed identity<\/strong> over API keys where supported.<\/li>\n<li>Use <strong>least privilege<\/strong>:<\/li>\n<li>App identity can query Search and call OpenAI, but should not manage resources.<\/li>\n<li>Store secrets in <strong>Key Vault<\/strong> and rotate them.<\/li>\n<li>Avoid copying keys into notebooks, wikis, or ticket systems.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Cost best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Track token usage per environment and per feature.<\/li>\n<li>Use <strong>lower-cost models<\/strong> for drafts and only escalate to higher-cost models when needed.<\/li>\n<li>Implement caching and deduplication for repeated queries.<\/li>\n<li>Control Log Analytics ingestion (sample, redact, and set retention limits).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Performance best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Keep prompts small and structured.<\/li>\n<li>Retrieve fewer, higher-quality chunks (tune Search ranking).<\/li>\n<li>Use streaming responses in apps when supported to reduce perceived latency.<\/li>\n<li>Monitor throttling and implement retry\/backoff.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Reliability best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Design for <strong>rate limits<\/strong>: queue and backpressure.<\/li>\n<li>Add circuit breakers and graceful fallbacks (\u201cI can\u2019t answer right now; try again\u201d).<\/li>\n<li>Use multi-region patterns only when required and supported; it increases complexity and cost.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Operations best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Enable diagnostic logs and set alerts for:<\/li>\n<li>4xx\/5xx error spikes<\/li>\n<li>Throttling\/rate-limit events<\/li>\n<li>Search latency increases<\/li>\n<li>Build dashboards for:<\/li>\n<li>Token volume, cost trends<\/li>\n<li>Top queries and failure reasons<\/li>\n<li>Use runbooks for key rotation and incident response.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Governance\/tagging\/naming best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use consistent names:<\/li>\n<li><code>rg-&lt;app&gt;-&lt;env&gt;<\/code>, <code>oai-&lt;app&gt;-&lt;env&gt;<\/code>, <code>srch-&lt;app&gt;-&lt;env&gt;<\/code><\/li>\n<li>Apply tags:<\/li>\n<li><code>env<\/code>, <code>owner<\/code>, <code>costCenter<\/code>, <code>dataClassification<\/code>, <code>app<\/code><\/li>\n<li>Use Azure Policy to enforce:<\/li>\n<li>approved regions<\/li>\n<li>private endpoints (if required)<\/li>\n<li>diagnostic settings (where possible)<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">12. Security Considerations<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Identity and access model<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use <strong>Microsoft Entra ID<\/strong> for user authentication to Azure\/Foundry.<\/li>\n<li>Use <strong>Azure RBAC<\/strong> to restrict:<\/li>\n<li>who can deploy models<\/li>\n<li>who can view keys\/endpoints<\/li>\n<li>who can modify search indexes and data sources<\/li>\n<li>For applications, use <strong>managed identity<\/strong> whenever supported; otherwise:<\/li>\n<li>store keys in Key Vault<\/li>\n<li>restrict Key Vault access tightly<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Encryption<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Azure services generally encrypt data <strong>at rest<\/strong> (service-managed keys by default).<\/li>\n<li>For higher assurance, consider <strong>customer-managed keys (CMK)<\/strong> where supported (OpenAI\/Search\/Storage vary\u2014verify current support).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Network exposure<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Prefer <strong>Private Link\/private endpoints<\/strong> for:<\/li>\n<li>Azure OpenAI<\/li>\n<li>Azure AI Search<\/li>\n<li>Azure Storage<\/li>\n<li>If using public endpoints:<\/li>\n<li>restrict with IP firewall rules<\/li>\n<li>avoid \u201callow all networks\u201d in production<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Secrets handling<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Never embed keys in client-side apps.<\/li>\n<li>Rotate keys and update connections automatically via deployment pipelines.<\/li>\n<li>Redact secrets from logs.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Audit\/logging<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use Azure Activity Log for control-plane actions.<\/li>\n<li>Enable resource diagnostic logs where available and route to:<\/li>\n<li>Log Analytics (for querying)<\/li>\n<li>Event Hub (for SIEM integration)<\/li>\n<li>Be careful with prompt\/response logging:<\/li>\n<li>treat it as sensitive data<\/li>\n<li>minimize retention<\/li>\n<li>apply access controls and redaction<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Compliance considerations<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Data residency depends on the region of OpenAI\/Search\/Storage.<\/li>\n<li>Validate whether your use of LLMs and document grounding complies with:<\/li>\n<li>internal data handling policies<\/li>\n<li>industry regulations (HIPAA, PCI, etc.)<\/li>\n<li><strong>Verify Microsoft\u2019s compliance documentation<\/strong> for each underlying service you use.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Common security mistakes<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Using shared admin keys across teams.<\/li>\n<li>Logging full prompts\/responses without classification and approvals.<\/li>\n<li>Allowing public network access to OpenAI\/Search\/Storage in production.<\/li>\n<li>Over-granting permissions to developers or CI\/CD service principals.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Secure deployment recommendations<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Create a secure baseline:<\/li>\n<li>private endpoints + private DNS<\/li>\n<li>Key Vault + managed identity<\/li>\n<li>diagnostic logs + alerting<\/li>\n<li>least-privilege RBAC<\/li>\n<li>Run threat modeling focusing on:<\/li>\n<li>prompt injection<\/li>\n<li>data exfiltration through model outputs<\/li>\n<li>retrieval poisoning (malicious docs in the index)<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">13. Limitations and Gotchas<\/h2>\n\n\n\n<p>Because Microsoft Foundry is tied to fast-evolving AI services, expect change. Key gotchas:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Branding and feature drift:<\/strong> \u201cAzure AI Studio\u201d vs \u201cAzure AI Foundry\u201d naming and UI paths can change. Keep runbooks updated.<\/li>\n<li><strong>Region\/model constraints:<\/strong> Azure OpenAI models and features vary by region and quota; migrations can be non-trivial.<\/li>\n<li><strong>Quota and throttling:<\/strong> rate limits can break production if not engineered for.<\/li>\n<li><strong>RAG quality pitfalls:<\/strong> poor chunking\/indexing leads to irrelevant retrieval and hallucinated answers.<\/li>\n<li><strong>Security boundary confusion:<\/strong> Foundry is not necessarily the runtime path; your app must still enforce authz, logging, and policy.<\/li>\n<li><strong>Private endpoint complexity:<\/strong> DNS and routing issues are frequent causes of outages.<\/li>\n<li><strong>Cost surprises:<\/strong> token usage grows quickly with:<\/li>\n<li>long conversation history<\/li>\n<li>large retrieved contexts<\/li>\n<li>verbose system prompts<\/li>\n<li><strong>Evaluation is not \u201cset and forget\u201d:<\/strong> domain drift and new documents require periodic re-evaluation.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">14. Comparison with Alternatives<\/h2>\n\n\n\n<p>Microsoft Foundry is a \u201cbuild and orchestrate GenAI apps\u201d experience. Depending on your needs, consider these alternatives.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Option<\/th>\n<th>Best For<\/th>\n<th>Strengths<\/th>\n<th>Weaknesses<\/th>\n<th>When to Choose<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>Microsoft Foundry (Azure AI Foundry\/Azure AI Studio)<\/strong><\/td>\n<td>Building GenAI apps on Azure with governance<\/td>\n<td>Integrated model + RAG workflow, Azure-native identity\/networking, faster prototyping<\/td>\n<td>Depends on underlying service availability\/quotas; UI and features evolve quickly<\/td>\n<td>You want an Azure-native workspace to build and operationalize GenAI apps<\/td>\n<\/tr>\n<tr>\n<td><strong>Azure Machine Learning<\/strong><\/td>\n<td>Full ML lifecycle (training, MLOps, registries)<\/td>\n<td>Strong for training, pipelines, model registry, deployment patterns<\/td>\n<td>Heavier learning curve for pure LLM app prototyping<\/td>\n<td>You need training + classic ML ops and managed endpoints<\/td>\n<\/tr>\n<tr>\n<td><strong>Direct Azure OpenAI + custom app<\/strong><\/td>\n<td>Teams who want full control<\/td>\n<td>Maximum flexibility; minimal platform coupling<\/td>\n<td>You must assemble RAG, evaluation, governance patterns yourself<\/td>\n<td>You already have platform maturity and want to code everything<\/td>\n<\/tr>\n<tr>\n<td><strong>Microsoft Copilot Studio<\/strong><\/td>\n<td>Low-code copilots and business automation<\/td>\n<td>Rapid low-code bot creation, integrations with M365<\/td>\n<td>Not the same as building custom RAG services; less infra-level control<\/td>\n<td>You want low-code copilots rather than custom app architecture<\/td>\n<\/tr>\n<tr>\n<td><strong>AWS Bedrock + Knowledge Bases<\/strong><\/td>\n<td>GenAI apps on AWS<\/td>\n<td>Managed model access and retrieval patterns<\/td>\n<td>Different IAM\/network model; migration friction if Azure-first<\/td>\n<td>You are AWS-standardized and want a managed GenAI platform there<\/td>\n<\/tr>\n<tr>\n<td><strong>Google Vertex AI (GenAI Studio\/Agent Builder)<\/strong><\/td>\n<td>GenAI apps on Google Cloud<\/td>\n<td>Strong model ecosystem and tooling<\/td>\n<td>Different ecosystem; org readiness may vary<\/td>\n<td>You are GCP-standardized or need specific Vertex features<\/td>\n<\/tr>\n<tr>\n<td><strong>Self-managed (LangChain\/LlamaIndex + vLLM on Kubernetes)<\/strong><\/td>\n<td>Maximum control and self-hosting<\/td>\n<td>Customization, on-prem\/hybrid flexibility<\/td>\n<td>Ops burden, scaling, security, patching, model hosting complexity<\/td>\n<td>You must self-host for compliance or cost\/control and accept ops overhead<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">15. Real-World Example<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Enterprise example: Regulated financial services knowledge assistant<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Relationship managers need quick, accurate answers about internal policies and approved product guidance. Mistakes create compliance risk.<\/li>\n<li><strong>Proposed architecture:<\/strong><\/li>\n<li>Microsoft Foundry project per environment (dev\/test\/prod)<\/li>\n<li>Azure OpenAI deployment for chat<\/li>\n<li>Azure AI Search indexing approved policy\/product docs<\/li>\n<li>Blob Storage as the document source<\/li>\n<li>Private endpoints for OpenAI\/Search\/Storage<\/li>\n<li>Entra ID + RBAC; managed identity for the app<\/li>\n<li>Central logging to Log Analytics + SIEM integration via Event Hub<\/li>\n<li><strong>Why Microsoft Foundry was chosen:<\/strong><\/li>\n<li>Provides a structured environment to test grounding and safety behavior<\/li>\n<li>Helps align app build process with Azure governance requirements<\/li>\n<li><strong>Expected outcomes:<\/strong><\/li>\n<li>Faster policy lookups and reduced manual searching<\/li>\n<li>Better audit posture through consistent resource configuration and logging<\/li>\n<li>Lower risk via grounding and controlled data sources<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Startup\/small-team example: SaaS support deflection bot<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> A small team needs to reduce support tickets by answering FAQs from docs and release notes.<\/li>\n<li><strong>Proposed architecture:<\/strong><\/li>\n<li>One Foundry project for the product<\/li>\n<li>Azure OpenAI small deployment for chat<\/li>\n<li>Azure AI Search index built from docs in Blob Storage<\/li>\n<li>Lightweight API backend (Functions\/App Service) to integrate with the website<\/li>\n<li>Basic monitoring and cost dashboards<\/li>\n<li><strong>Why Microsoft Foundry was chosen:<\/strong><\/li>\n<li>Faster setup than building a full RAG pipeline from scratch<\/li>\n<li>Easy iteration on prompts and retrieval settings using playgrounds<\/li>\n<li><strong>Expected outcomes:<\/strong><\/li>\n<li>Reduced ticket volume<\/li>\n<li>Faster onboarding for new users<\/li>\n<li>Clear path to production hardening (private networking, RBAC) as the company grows<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">16. FAQ<\/h2>\n\n\n\n<p>1) <strong>Is \u201cMicrosoft Foundry\u201d an official Azure product name?<\/strong><br\/>\nNot consistently in public Azure documentation. The Azure service is commonly documented as <strong>Azure AI Foundry<\/strong> (and historically <strong>Azure AI Studio<\/strong>). <strong>Verify current naming<\/strong> in Microsoft\u2019s docs and your Azure portal.<\/p>\n\n\n\n<p>2) <strong>Do I pay for Microsoft Foundry itself?<\/strong><br\/>\nUsually, you pay for the <strong>underlying resources<\/strong> you use (Azure OpenAI, Azure AI Search, Storage, Monitor). Foundry is typically the experience that ties them together. Confirm current billing in official docs.<\/p>\n\n\n\n<p>3) <strong>What\u2019s the difference between Foundry and Azure Machine Learning?<\/strong><br\/>\nFoundry focuses on <strong>generative AI application workflows<\/strong> (prompting, grounding, evaluation). Azure Machine Learning focuses on <strong>ML lifecycle<\/strong> (training, pipelines, registry, deployment). There can be overlap\u2014choose based on your primary workload.<\/p>\n\n\n\n<p>4) <strong>Do I need Azure OpenAI to use Foundry?<\/strong><br\/>\nMany Foundry workflows rely on Azure OpenAI for LLM inference. Some environments may support other providers or model catalogs\u2014<strong>verify in your tenant\/region<\/strong>.<\/p>\n\n\n\n<p>5) <strong>Can I use my own data securely (RAG) without sending documents to the model provider?<\/strong><br\/>\nIn typical RAG, documents are stored\/indexed in your Azure services (Blob\/Search). The model receives <strong>retrieved snippets<\/strong> in the prompt context, not the entire corpus. You must still apply governance and data minimization.<\/p>\n\n\n\n<p>6) <strong>How do I prevent hallucinations?<\/strong><br\/>\nYou can\u2019t eliminate them entirely, but you can reduce them by:\n&#8211; grounding via Azure AI Search\n&#8211; forcing citations\n&#8211; limiting response scope\n&#8211; adding system instructions and refusal policies\n&#8211; evaluating regularly with representative test sets<\/p>\n\n\n\n<p>7) <strong>How do private endpoints affect Foundry workflows?<\/strong><br\/>\nPrivate endpoints strengthen security but introduce DNS\/routing complexity. Ensure all components (app, ingestion pipeline, and any interactive tools) can resolve and reach private FQDNs.<\/p>\n\n\n\n<p>8) <strong>What\u2019s the biggest cost driver?<\/strong><br\/>\nUsually <strong>LLM tokens<\/strong>. Retrieval can also add costs (AI Search capacity), but token usage often dominates as traffic grows.<\/p>\n\n\n\n<p>9) <strong>How do I estimate cost before launch?<\/strong><br\/>\nUse the <strong>Azure Pricing Calculator<\/strong> and model:\n&#8211; expected requests per day\n&#8211; average prompt+completion tokens\n&#8211; expected search queries per request\nThen add monitoring and networking costs.<\/p>\n\n\n\n<p>10) <strong>Can I deploy to multiple environments safely?<\/strong><br\/>\nYes\u2014use separate resource groups\/subscriptions, separate model deployments, separate indexes, and separate Key Vaults. Automate with IaC and CI\/CD.<\/p>\n\n\n\n<p>11) <strong>What should I log for troubleshooting without leaking sensitive data?<\/strong><br\/>\nLog:\n&#8211; request IDs, latency, status codes, throttling reasons\n&#8211; token counts and cost metrics\nAvoid:\n&#8211; full prompts\/responses unless approved and redacted<\/p>\n\n\n\n<p>12) <strong>Can Foundry help with evaluation and regression testing?<\/strong><br\/>\nFoundry commonly includes evaluation concepts, but exact tooling changes. If your tenant lacks features, implement evaluation in code (golden dataset + automated checks) and keep it in CI.<\/p>\n\n\n\n<p>13) <strong>What if Azure OpenAI model availability changes?<\/strong><br\/>\nPlan for change:\n&#8211; keep prompts model-agnostic where possible\n&#8211; abstract model calls in your backend\n&#8211; test migrations to alternate models\/regions<\/p>\n\n\n\n<p>14) <strong>Is Foundry suitable for real-time customer-facing apps?<\/strong><br\/>\nYes, if you engineer for latency, rate limits, and reliability. Use caching, short prompts, tuned retrieval, and robust retries\/backoff.<\/p>\n\n\n\n<p>15) <strong>How do I handle prompt injection in RAG?<\/strong><br\/>\nTreat retrieved content as untrusted:\n&#8211; apply content validation and allowlists for sources\n&#8211; strip or isolate instructions from retrieved text\n&#8211; use system prompts that explicitly refuse to follow instructions from documents\n&#8211; monitor and test with adversarial examples<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">17. Top Online Resources to Learn Microsoft Foundry<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Resource Type<\/th>\n<th>Name<\/th>\n<th>Why It Is Useful<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>Official documentation<\/td>\n<td>Azure AI Studio \/ Foundry docs: https:\/\/learn.microsoft.com\/azure\/ai-studio\/<\/td>\n<td>Primary reference for the Foundry\/AI Studio portal concepts, projects, and workflows<\/td>\n<\/tr>\n<tr>\n<td>Official documentation<\/td>\n<td>Azure OpenAI docs: https:\/\/learn.microsoft.com\/azure\/ai-services\/openai\/<\/td>\n<td>Essential for deployments, authentication, quotas, and APIs used by Foundry-based solutions<\/td>\n<\/tr>\n<tr>\n<td>Official pricing<\/td>\n<td>Azure OpenAI pricing: https:\/\/azure.microsoft.com\/pricing\/details\/cognitive-services\/openai-service\/<\/td>\n<td>Understand token-based pricing dimensions and model-dependent costs<\/td>\n<\/tr>\n<tr>\n<td>Official pricing<\/td>\n<td>Azure AI Search pricing: https:\/\/azure.microsoft.com\/pricing\/details\/search\/<\/td>\n<td>Understand search capacity costs (replicas\/partitions) and SKU tradeoffs<\/td>\n<\/tr>\n<tr>\n<td>Official pricing\/tooling<\/td>\n<td>Azure Pricing Calculator: https:\/\/azure.microsoft.com\/pricing\/calculator\/<\/td>\n<td>Build region-specific estimates without guessing<\/td>\n<\/tr>\n<tr>\n<td>Official documentation<\/td>\n<td>Azure AI Search docs: https:\/\/learn.microsoft.com\/azure\/search\/<\/td>\n<td>Grounding\/RAG depends heavily on search indexing and query tuning<\/td>\n<\/tr>\n<tr>\n<td>Official documentation<\/td>\n<td>Azure Storage Blobs docs: https:\/\/learn.microsoft.com\/azure\/storage\/blobs\/<\/td>\n<td>Common document source for ingestion and indexing<\/td>\n<\/tr>\n<tr>\n<td>Official documentation<\/td>\n<td>Azure Monitor docs: https:\/\/learn.microsoft.com\/azure\/azure-monitor\/<\/td>\n<td>Logging, metrics, alerts, and operational readiness<\/td>\n<\/tr>\n<tr>\n<td>Official security<\/td>\n<td>Azure Private Link docs: https:\/\/learn.microsoft.com\/azure\/private-link\/<\/td>\n<td>Private endpoints and DNS design for securing AI services<\/td>\n<\/tr>\n<tr>\n<td>Official videos<\/td>\n<td>Microsoft Azure YouTube: https:\/\/www.youtube.com\/@MicrosoftAzure<\/td>\n<td>Often includes AI Studio\/Foundry and Azure OpenAI walkthroughs (search within channel)<\/td>\n<\/tr>\n<tr>\n<td>Code samples (official\/high-trust)<\/td>\n<td>Azure OpenAI samples on GitHub: https:\/\/github.com\/Azure-Samples<\/td>\n<td>Practical code patterns for Azure OpenAI integrations (verify repo relevance and recency)<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">18. Training and Certification Providers<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Institute<\/th>\n<th>Suitable Audience<\/th>\n<th>Likely Learning Focus<\/th>\n<th>Mode<\/th>\n<th>Website URL<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>DevOpsSchool.com<\/td>\n<td>DevOps engineers, cloud engineers, architects<\/td>\n<td>Azure, DevOps practices, CI\/CD, operations foundations that support AI deployments<\/td>\n<td>Check website<\/td>\n<td>https:\/\/www.devopsschool.com\/<\/td>\n<\/tr>\n<tr>\n<td>ScmGalaxy.com<\/td>\n<td>Beginners to intermediate engineers<\/td>\n<td>SCM, DevOps fundamentals, toolchains that complement cloud AI projects<\/td>\n<td>Check website<\/td>\n<td>https:\/\/www.scmgalaxy.com\/<\/td>\n<\/tr>\n<tr>\n<td>CLoudOpsNow.in<\/td>\n<td>Cloud ops and platform teams<\/td>\n<td>Cloud operations, monitoring, governance, production readiness<\/td>\n<td>Check website<\/td>\n<td>https:\/\/www.cloudopsnow.in\/<\/td>\n<\/tr>\n<tr>\n<td>SreSchool.com<\/td>\n<td>SREs, reliability engineers<\/td>\n<td>Reliability patterns, incident response, observability for production services<\/td>\n<td>Check website<\/td>\n<td>https:\/\/www.sreschool.com\/<\/td>\n<\/tr>\n<tr>\n<td>AiOpsSchool.com<\/td>\n<td>Ops + AI practitioners<\/td>\n<td>AIOps concepts, monitoring\/automation mindset useful for AI workloads<\/td>\n<td>Check website<\/td>\n<td>https:\/\/www.aiopsschool.com\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">19. Top Trainers<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Platform\/Site<\/th>\n<th>Likely Specialization<\/th>\n<th>Suitable Audience<\/th>\n<th>Website URL<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>RajeshKumar.xyz<\/td>\n<td>Cloud\/DevOps training content (verify current offerings)<\/td>\n<td>Learners seeking practical guidance<\/td>\n<td>https:\/\/rajeshkumar.xyz\/<\/td>\n<\/tr>\n<tr>\n<td>devopstrainer.in<\/td>\n<td>DevOps training and mentoring<\/td>\n<td>Beginners to working professionals<\/td>\n<td>https:\/\/www.devopstrainer.in\/<\/td>\n<\/tr>\n<tr>\n<td>devopsfreelancer.com<\/td>\n<td>Freelance DevOps\/Cloud guidance (verify services)<\/td>\n<td>Teams needing short-term expertise<\/td>\n<td>https:\/\/www.devopsfreelancer.com\/<\/td>\n<\/tr>\n<tr>\n<td>devopssupport.in<\/td>\n<td>DevOps support\/training (verify services)<\/td>\n<td>Ops teams needing troubleshooting help<\/td>\n<td>https:\/\/www.devopssupport.in\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">20. Top Consulting Companies<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Company Name<\/th>\n<th>Likely Service Area<\/th>\n<th>Where They May Help<\/th>\n<th>Consulting Use Case Examples<\/th>\n<th>Website URL<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>cotocus.com<\/td>\n<td>Cloud\/DevOps\/engineering services (verify offerings)<\/td>\n<td>Platform engineering, cloud delivery, operational readiness<\/td>\n<td>Azure landing zone setup, CI\/CD pipelines, production hardening<\/td>\n<td>https:\/\/cotocus.com\/<\/td>\n<\/tr>\n<tr>\n<td>DevOpsSchool.com<\/td>\n<td>Training + consulting (verify current scope)<\/td>\n<td>DevOps transformation, cloud operations practices<\/td>\n<td>IaC adoption, SRE practices, deployment automation for Azure workloads<\/td>\n<td>https:\/\/www.devopsschool.com\/<\/td>\n<\/tr>\n<tr>\n<td>DEVOPSCONSULTING.IN<\/td>\n<td>DevOps consulting (verify offerings)<\/td>\n<td>Automation, delivery pipelines, operational improvements<\/td>\n<td>Build\/review CI\/CD, monitoring strategy, governance processes<\/td>\n<td>https:\/\/devopsconsulting.in\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">21. Career and Learning Roadmap<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">What to learn before Microsoft Foundry<\/h3>\n\n\n\n<p>Foundry projects go smoother when you already know:\n&#8211; Azure fundamentals: subscriptions, resource groups, IAM\/RBAC, networking\n&#8211; Microsoft Entra ID basics: identities, roles, service principals\/managed identities\n&#8211; API fundamentals: REST, auth, rate limiting, retries\n&#8211; Data basics: document storage, indexing concepts, data classification\n&#8211; Security basics: secrets management, private endpoints, logging\/auditing<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">What to learn after Microsoft Foundry<\/h3>\n\n\n\n<p>To operate AI systems in production, learn:\n&#8211; RAG engineering: chunking strategies, ranking, evaluation\n&#8211; Observability: tracing, redaction, SIEM integration\n&#8211; Threat modeling for LLM apps: prompt injection, data exfiltration, abuse monitoring\n&#8211; MLOps\/LLMOps: CI\/CD for prompts\/config, evaluation gates\n&#8211; FinOps for AI: token economics, chargeback\/showback<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Job roles that use it<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Cloud Solutions Architect (AI workloads)<\/li>\n<li>Platform Engineer (AI platform enablement)<\/li>\n<li>DevOps Engineer \/ SRE (operationalizing AI services)<\/li>\n<li>Backend Engineer (integrating model inference + retrieval)<\/li>\n<li>Security Engineer (governance, identity, data protection for AI)<\/li>\n<li>AI Engineer (prompting, evaluation, RAG design)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Certification path (if available)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Azure AI-related certifications and learning paths evolve. Start by checking Microsoft Learn for:<\/li>\n<li>Azure AI Engineer pathways<\/li>\n<li>Azure fundamentals and security fundamentals\n<strong>Verify the latest certification lineup on Microsoft Learn<\/strong>: https:\/\/learn.microsoft.com\/credentials\/<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Project ideas for practice<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Build a RAG chatbot for:<\/li>\n<li>internal runbooks<\/li>\n<li>product documentation<\/li>\n<li>incident postmortems<\/li>\n<li>Implement evaluation:<\/li>\n<li>create a golden Q&amp;A dataset<\/li>\n<li>measure citation accuracy and refusal behavior<\/li>\n<li>Production hardening mini-project:<\/li>\n<li>private endpoints + Key Vault + managed identity<\/li>\n<li>logging with redaction<\/li>\n<li>cost dashboards for token usage<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">22. Glossary<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Azure OpenAI<\/strong>: Azure service offering hosted access to OpenAI model families with Azure security\/governance controls.<\/li>\n<li><strong>Azure AI Search<\/strong>: Managed search and indexing service commonly used for retrieval in RAG architectures.<\/li>\n<li><strong>Blob Storage<\/strong>: Object storage used to store documents for indexing and retrieval.<\/li>\n<li><strong>RAG (Retrieval-Augmented Generation)<\/strong>: Pattern where an LLM is given retrieved context from a search system to improve factual accuracy and allow citations.<\/li>\n<li><strong>Tokens<\/strong>: Units of text processed by LLMs; billing and limits often depend on token counts.<\/li>\n<li><strong>Deployment (Azure OpenAI)<\/strong>: A named configuration that exposes a specific model version for inference.<\/li>\n<li><strong>Hub\/Project<\/strong>: Organizational constructs used by Foundry\/AI Studio to group AI work and connections.<\/li>\n<li><strong>Managed Identity<\/strong>: Azure-provided identity for services to authenticate to other services without storing secrets.<\/li>\n<li><strong>Private Endpoint<\/strong>: Network interface that connects privately to an Azure service via Private Link.<\/li>\n<li><strong>RBAC<\/strong>: Role-Based Access Control; Azure authorization model for managing permissions.<\/li>\n<li><strong>Diagnostic settings<\/strong>: Azure configuration that routes resource logs\/metrics to Log Analytics\/Event Hub\/Storage.<\/li>\n<li><strong>Prompt injection<\/strong>: Attack where malicious instructions are placed in user input or retrieved documents to manipulate model behavior.<\/li>\n<li><strong>Grounding<\/strong>: Constraining model responses to trusted data sources (often via retrieval\/citations).<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">23. Summary<\/h2>\n\n\n\n<p>Microsoft Foundry (commonly documented as <strong>Azure AI Foundry \/ Azure AI Studio<\/strong>) is Azure\u2019s project-based environment for building <strong>generative AI<\/strong> solutions\u2014especially chat and RAG systems\u2014by connecting model deployments (often <strong>Azure OpenAI<\/strong>) with enterprise data sources (often <strong>Azure AI Search<\/strong> + <strong>Blob Storage<\/strong>) and applying operational and security controls.<\/p>\n\n\n\n<p>It matters because it shortens the path from experimentation to production by encouraging structured projects, managed connections, grounding patterns, and governance alignment. Cost-wise, the biggest drivers are usually <strong>Azure OpenAI token usage<\/strong> and <strong>Azure AI Search capacity<\/strong>, plus monitoring and networking. Security-wise, the most important choices are <strong>least-privilege access<\/strong>, <strong>managed identity<\/strong>, <strong>private endpoints<\/strong>, and careful handling of <strong>prompt\/response logs<\/strong>.<\/p>\n\n\n\n<p>Use Microsoft Foundry when you want an Azure-native, governed workflow for GenAI apps; avoid it if you primarily need full ML training pipelines (Azure Machine Learning) or if your model\/region\/quota constraints make Azure OpenAI unavailable.<\/p>\n\n\n\n<p><strong>Next step:<\/strong> Re-run the hands-on lab in a non-production subscription, then harden it with private endpoints, managed identity, Key Vault, and an evaluation gate before promoting to production.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>AI + Machine Learning<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3,40],"tags":[],"class_list":["post-345","post","type-post","status-publish","format-standard","hentry","category-ai-machine-learning","category-azure"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts\/345","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/comments?post=345"}],"version-history":[{"count":0,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts\/345\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/media?parent=345"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/categories?post=345"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/tags?post=345"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}