{"id":351,"date":"2026-04-13T18:32:15","date_gmt":"2026-04-13T18:32:15","guid":{"rendered":"https:\/\/www.devopsschool.com\/tutorials\/azure-foundry-tools-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-ai-machine-learning\/"},"modified":"2026-04-13T18:32:15","modified_gmt":"2026-04-13T18:32:15","slug":"azure-foundry-tools-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-ai-machine-learning","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/tutorials\/azure-foundry-tools-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-ai-machine-learning\/","title":{"rendered":"Azure Foundry Tools Tutorial: Architecture, Pricing, Use Cases, and Hands-On Guide for AI + Machine Learning"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">Category<\/h2>\n\n\n\n<p>AI + Machine Learning<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">1. Introduction<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">What this service is<\/h3>\n\n\n\n<p><strong>Foundry Tools<\/strong> in <strong>Azure<\/strong> refers to the practical, developer-and-ops-oriented tooling surfaced through <strong>Azure AI Foundry<\/strong> (the Azure experience for building generative AI apps and agents). In current Microsoft documentation and product messaging, \u201cAzure AI Foundry\u201d is the umbrella experience\/portal, while <strong>Foundry Tools<\/strong> is best understood as the <strong>set of tools inside that experience<\/strong>\u2014for example model discovery, prototyping\/playgrounds, prompt orchestration (prompt flows), evaluation, and safety\/quality workflows.<\/p>\n\n\n\n<p><strong>Important naming note (verify in official docs):<\/strong> Microsoft has evolved the branding from <strong>Azure AI Studio<\/strong> to <strong>Azure AI Foundry<\/strong>. If you still see \u201cAzure AI Studio\u201d in your tenant or documentation, it generally refers to the same evolving product line\/portal experience. Start here for the current entry point:\n&#8211; Portal: https:\/\/ai.azure.com<br\/>\n&#8211; Docs (current branding): https:\/\/learn.microsoft.com\/azure\/ai-foundry\/ (verify; may redirect)\n&#8211; Docs (older branding you may still encounter): https:\/\/learn.microsoft.com\/azure\/ai-studio\/<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">One-paragraph simple explanation<\/h3>\n\n\n\n<p>Foundry Tools helps you <strong>go from idea to working AI app<\/strong> faster by providing a single place in Azure to <strong>choose models<\/strong>, <strong>test prompts<\/strong>, <strong>wire up data grounding<\/strong>, <strong>evaluate output quality<\/strong>, and <strong>prepare deployments<\/strong>\u2014while using Azure identity, security, and governance.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">One-paragraph technical explanation<\/h3>\n\n\n\n<p>Technically, Foundry Tools is a <strong>toolchain layer<\/strong> that sits above billable Azure AI services (such as <strong>Azure OpenAI<\/strong>, <strong>Azure AI Search<\/strong>, and other Azure resources). You use Foundry Tools through the Azure AI Foundry portal and related SDKs to create \u201cprojects\u201d that manage model endpoints, connections to data sources, prompt\/flow artifacts, evaluations, and operational configurations. The actual inferencing, storage, networking, and monitoring are performed by the underlying Azure resources you connect.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">What problem it solves<\/h3>\n\n\n\n<p>Teams adopting GenAI typically struggle with:\n&#8211; Picking a model and operationalizing it safely\n&#8211; Reproducible prompt engineering (versioning, testing, evaluation)\n&#8211; Integrating enterprise data (RAG\/grounding) without ad hoc glue code\n&#8211; Establishing security controls, access boundaries, and monitoring<\/p>\n\n\n\n<p>Foundry Tools addresses these problems by <strong>standardizing the build-test-evaluate-operate lifecycle<\/strong> of GenAI applications in Azure.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">2. What is Foundry Tools?<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Official purpose (as represented by current Azure AI Foundry positioning)<\/h3>\n\n\n\n<p>Foundry Tools is the collection of tools within <strong>Azure AI Foundry<\/strong> used to <strong>build, evaluate, and operationalize AI applications<\/strong>\u2014especially generative AI apps, copilots, and agents\u2014on Azure, with enterprise controls.<\/p>\n\n\n\n<p>Because the term \u201cFoundry Tools\u201d can be used loosely in different contexts, treat it as <strong>the tools you use inside the Azure AI Foundry experience<\/strong> rather than a single standalone resource type with its own SKU. <strong>Billing is driven by the underlying Azure services<\/strong> you use.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Core capabilities<\/h3>\n\n\n\n<p>Common capabilities associated with Foundry Tools in Azure AI Foundry include (availability can vary by region\/tenant and can be preview vs GA\u2014verify in official docs for your subscription):<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Model discovery and selection<\/strong><\/li>\n<li>Browse model catalogs and pick models appropriate for tasks and cost\/latency targets.<\/li>\n<li><strong>Model endpoint management<\/strong><\/li>\n<li>Use or manage endpoints (often via Azure OpenAI deployments or other Azure model hosting options available in the portal).<\/li>\n<li><strong>Prompt prototyping<\/strong><\/li>\n<li>Test prompts and system messages quickly in a playground-like UI.<\/li>\n<li><strong>Prompt flows \/ orchestration<\/strong><\/li>\n<li>Build multi-step prompt workflows, tool calls, and structured output pipelines.<\/li>\n<li><strong>Evaluation<\/strong><\/li>\n<li>Run quality evaluations (accuracy, relevance, groundedness, safety) using test datasets and compare versions.<\/li>\n<li><strong>Safety &amp; content controls<\/strong><\/li>\n<li>Apply safety guidance and integrate content moderation patterns (often via Azure AI Content Safety).<\/li>\n<li><strong>Project organization<\/strong><\/li>\n<li>Group artifacts, connections, and access control into projects to support teams and environments.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Major components (conceptual)<\/h3>\n\n\n\n<p>The exact UI labels may change, but most tenants will see a structure similar to:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Azure AI Foundry portal (https:\/\/ai.azure.com)<\/strong><\/li>\n<li><strong>Hubs and Projects<\/strong> (organizational scaffolding; verify the exact resource mapping in your tenant)<\/li>\n<li><strong>Connections<\/strong> to underlying Azure resources (e.g., Azure OpenAI, Azure AI Search, Storage, Key Vault)<\/li>\n<li><strong>Playgrounds<\/strong> (chat\/completions testing)<\/li>\n<li><strong>Prompt flow \/ flow authoring tools<\/strong><\/li>\n<li><strong>Evaluation tools<\/strong><\/li>\n<li><strong>Deployment and monitoring hooks<\/strong> (often relying on Azure Monitor \/ Application Insights and the deployed endpoint\u2019s own telemetry)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Service type<\/h3>\n\n\n\n<p>Foundry Tools is best treated as:\n&#8211; A <strong>portal-based and SDK-assisted toolchain<\/strong> for building GenAI apps\n&#8211; A <strong>control-plane and developer experience<\/strong> over underlying Azure resources\n&#8211; Not typically a \u201csingle metered compute service\u201d by itself (cost comes from what you connect and run)<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Scope: subscription\/tenant and project-scoped<\/h3>\n\n\n\n<p>In practice:\n&#8211; <strong>Identity scope:<\/strong> Microsoft Entra ID tenant\n&#8211; <strong>Billing scope:<\/strong> Azure subscription(s) containing the underlying resources\n&#8211; <strong>Management scope:<\/strong> \u201cProject\u201d\/\u201cHub\u201d constructs in the portal (verify how these map to Azure resources in your tenant)\n&#8211; <strong>Regionality:<\/strong> The portal is global, but <strong>resources and model deployments are region-bound<\/strong> (Azure OpenAI region availability is a key constraint)<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">How it fits into the Azure ecosystem<\/h3>\n\n\n\n<p>Foundry Tools typically sits at the center of an Azure GenAI stack:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Model provider \/ inference:<\/strong> Azure OpenAI (and other model hosting options surfaced in Foundry)<\/li>\n<li><strong>Enterprise data grounding:<\/strong> Azure AI Search (common), Azure Storage, databases<\/li>\n<li><strong>Security:<\/strong> Entra ID, Key Vault, Private Link\/VNet integration (depends on underlying services)<\/li>\n<li><strong>Operations:<\/strong> Azure Monitor, Application Insights, Log Analytics<\/li>\n<li><strong>DevOps\/IaC:<\/strong> Azure CLI, Bicep, Terraform, GitHub Actions\/Azure DevOps<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">3. Why use Foundry Tools?<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Business reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Faster time-to-value:<\/strong> centralized tooling reduces the \u201ctool sprawl\u201d of prompt experimentation, evaluation, and deployment handoffs.<\/li>\n<li><strong>Governance and repeatability:<\/strong> projects provide a structure for teams, environments, and approvals.<\/li>\n<li><strong>Risk reduction:<\/strong> safety\/evaluation practices reduce reputational and compliance risk when moving from demo to production.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Technical reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Reduced glue code:<\/strong> common tasks (prompt testing, flow orchestration, evaluation) are integrated.<\/li>\n<li><strong>Better model selection:<\/strong> easier comparison of models, deployments, and configurations.<\/li>\n<li><strong>Standardized lifecycle:<\/strong> consistent build \u2192 test \u2192 evaluate \u2192 deploy loop.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Operational reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Environment separation:<\/strong> organize dev\/test\/prod via projects\/subscriptions.<\/li>\n<li><strong>Observability alignment:<\/strong> integrate with Azure Monitor\/App Insights through the deployed services.<\/li>\n<li><strong>Reproducibility:<\/strong> evaluation datasets and run history help regression-test prompt or model changes.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Security\/compliance reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Entra ID + RBAC alignment:<\/strong> access can be governed with Azure-native identity.<\/li>\n<li><strong>Centralized connection management:<\/strong> reduce accidental key leakage by using managed identities and Key Vault where supported.<\/li>\n<li><strong>Auditability:<\/strong> Azure Activity Log plus service logs can support investigations.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Scalability\/performance reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Scales with underlying services:<\/strong> scaling is generally handled by the model endpoint service (e.g., Azure OpenAI quotas\/capacity) and surrounding Azure components (Search, compute).<\/li>\n<li><strong>Performance testing via evaluations:<\/strong> you can incorporate latency\/cost checks into evaluation and CI processes (exact capabilities vary\u2014verify).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">When teams should choose it<\/h3>\n\n\n\n<p>Choose Foundry Tools when you:\n&#8211; Are building <strong>GenAI apps\/agents<\/strong> in Azure and want a structured portal + tooling workflow.\n&#8211; Need <strong>enterprise governance<\/strong>, team collaboration, and evaluation discipline.\n&#8211; Want to reduce friction between <strong>prototype and production<\/strong>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">When teams should not choose it<\/h3>\n\n\n\n<p>Foundry Tools may be a poor fit when:\n&#8211; You require an entirely <strong>offline\/air-gapped<\/strong> workflow and cannot use Azure-hosted portals (unless your organization has specific arrangements\u2014verify).\n&#8211; You already have a mature internal platform for prompt\/versioning\/evaluation and you only need raw model APIs.\n&#8211; Your primary workloads are classic ML training pipelines better served directly by <strong>Azure Machine Learning<\/strong> without GenAI-focused tooling (though they can coexist).<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">4. Where is Foundry Tools used?<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Industries<\/h3>\n\n\n\n<p>Common adoption patterns include:\n&#8211; <strong>Financial services:<\/strong> customer support copilots, internal knowledge assistants, compliance summarization\n&#8211; <strong>Healthcare &amp; life sciences:<\/strong> clinical documentation assistance, research summarization (with strict PHI controls)\n&#8211; <strong>Retail &amp; e-commerce:<\/strong> product Q&amp;A, personalization, support automation\n&#8211; <strong>Manufacturing:<\/strong> maintenance copilots, SOP assistants, incident summarization\n&#8211; <strong>Public sector:<\/strong> policy Q&amp;A, document triage (subject to compliance)\n&#8211; <strong>Software\/SaaS:<\/strong> in-product assistants, onboarding copilots<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Team types<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Application engineering teams building chat\/agent experiences<\/li>\n<li>Platform engineering teams creating internal GenAI platforms<\/li>\n<li>Data\/analytics teams enabling RAG against enterprise knowledge<\/li>\n<li>Security teams defining safe deployment patterns<\/li>\n<li>DevOps\/SRE teams operating endpoints and telemetry<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Workloads<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Chatbots and copilots (internal or customer-facing)<\/li>\n<li>Retrieval-augmented generation (RAG) on enterprise content<\/li>\n<li>Summarization pipelines<\/li>\n<li>Document classification\/extraction with LLMs<\/li>\n<li>Agentic workflows that call tools\/APIs<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Architectures<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Single-tenant internal assistants<\/li>\n<li>Multi-tenant SaaS copilots<\/li>\n<li>Event-driven summarization (queue-based)<\/li>\n<li>API-based inference with caching and rate limiting<\/li>\n<li>Hybrid architectures with private networking for data sources<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Real-world deployment contexts<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Dev\/test:<\/strong> rapid prompt iteration in playgrounds; small evaluation datasets<\/li>\n<li><strong>Production:<\/strong> gated deployments, strict RBAC, private networking, monitoring, and cost controls<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">5. Top Use Cases and Scenarios<\/h2>\n\n\n\n<p>Below are realistic scenarios where Foundry Tools is commonly used in Azure AI + Machine Learning solutions.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">1) Prompt prototyping for a support chatbot<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Support team needs a consistent prompt that follows company tone and policy.<\/li>\n<li><strong>Why Foundry Tools fits:<\/strong> Playgrounds and prompt iteration reduce trial-and-error coding.<\/li>\n<li><strong>Example:<\/strong> A team tests system prompts against common user questions and saves a \u201cbaseline\u201d version for later regression tests.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">2) RAG assistant over internal policies (HR\/IT)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Employees need accurate answers grounded in internal documents.<\/li>\n<li><strong>Why it fits:<\/strong> Projects and connections help manage the LLM + search index + evaluation as one unit.<\/li>\n<li><strong>Example:<\/strong> Connect Azure OpenAI with Azure AI Search indexing HR PDFs; evaluate groundedness before rollout.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">3) Evaluation-driven prompt release management<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Prompt tweaks break behavior in subtle ways (hallucinations, tone drift).<\/li>\n<li><strong>Why it fits:<\/strong> Evaluation tools make prompt changes measurable and reviewable.<\/li>\n<li><strong>Example:<\/strong> A PR to update a prompt must pass evaluation thresholds on a curated dataset.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">4) Safety review workflow for customer-facing chat<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Need to reduce harmful or policy-violating outputs.<\/li>\n<li><strong>Why it fits:<\/strong> Foundry workflows commonly integrate safety testing patterns and content controls.<\/li>\n<li><strong>Example:<\/strong> Test jailbreak prompts and validate refusal behavior and escalation messaging.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">5) Multi-environment GenAI app management (dev\/test\/prod)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Teams need separation of duties and clean promotion paths.<\/li>\n<li><strong>Why it fits:<\/strong> Projects plus Azure subscriptions\/RBAC support environment boundaries.<\/li>\n<li><strong>Example:<\/strong> Dev project uses a cheaper model; prod uses more capable model with stricter logging and throttles.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">6) Tool-calling \/ agent workflows for IT automation<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> LLM must call internal APIs (ticketing, CMDB) reliably.<\/li>\n<li><strong>Why it fits:<\/strong> Flow orchestration supports multi-step logic and structured outputs (capabilities vary\u2014verify).<\/li>\n<li><strong>Example:<\/strong> A flow calls \u201ccreate_ticket\u201d tool after verifying user intent and extracting required fields.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">7) Cost-aware model selection and A\/B testing<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Need to balance quality vs cost and latency.<\/li>\n<li><strong>Why it fits:<\/strong> Tooling helps compare model behaviors across prompts and test sets.<\/li>\n<li><strong>Example:<\/strong> Compare a smaller model for routine questions vs a larger model for complex queries.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">8) Document summarization pipeline for compliance reports<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Analysts spend hours summarizing long documents.<\/li>\n<li><strong>Why it fits:<\/strong> Central tools to design prompts, batch tests, and enforce output schema.<\/li>\n<li><strong>Example:<\/strong> Generate executive summaries with consistent sections and citations.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">9) Internal knowledge assistant with private networking requirements<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Data cannot traverse public internet; must use private endpoints where possible.<\/li>\n<li><strong>Why it fits:<\/strong> Azure-native security model and networking patterns can be applied to connected services.<\/li>\n<li><strong>Example:<\/strong> Use Private Link for storage\/search and restrict outbound access from app runtime.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">10) Centralized connection and secret management for GenAI apps<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Developers hardcode API keys and endpoints in code.<\/li>\n<li><strong>Why it fits:<\/strong> Projects\/connections encourage controlled access patterns (exact mechanisms depend on service configuration).<\/li>\n<li><strong>Example:<\/strong> Use managed identity to reach Key Vault; rotate keys without redeploying apps.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">11) Continuous improvement loop using user feedback<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Need to incorporate real user feedback to improve answers.<\/li>\n<li><strong>Why it fits:<\/strong> Evaluation datasets can be updated and rerun against the newest prompt\/model.<\/li>\n<li><strong>Example:<\/strong> Add \u201cbad answers\u201d to the test set and re-evaluate before the next release.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">12) Rapid POC with enterprise-ready controls<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> POC must not become an ungoverned production system.<\/li>\n<li><strong>Why it fits:<\/strong> Encourages early structure: projects, access control, and repeatable evaluation.<\/li>\n<li><strong>Example:<\/strong> A 2-week POC uses the same hub\/project pattern that production will use later.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">6. Core Features<\/h2>\n\n\n\n<p>Because \u201cFoundry Tools\u201d is a toolchain rather than a single compute SKU, features below are described as <strong>capabilities you typically access via Azure AI Foundry<\/strong>. Availability can differ by region and release channel\u2014<strong>verify in official docs<\/strong> for your tenant.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">6.1 Portal-based workbench (Azure AI Foundry)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Provides a unified UI to manage projects, models, prompts\/flows, evaluations, and connections.<\/li>\n<li><strong>Why it matters:<\/strong> Reduces context switching between multiple services and dashboards.<\/li>\n<li><strong>Practical benefit:<\/strong> Faster prototyping and clearer team collaboration.<\/li>\n<li><strong>Limitations\/caveats:<\/strong> UI options change frequently; some features may be preview-only.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">6.2 Projects (and hub\/workspace organization)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Organizes artifacts and access boundaries for a team or application.<\/li>\n<li><strong>Why it matters:<\/strong> Supports separation of environments and least privilege access.<\/li>\n<li><strong>Practical benefit:<\/strong> Cleaner audits and safer collaboration.<\/li>\n<li><strong>Limitations\/caveats:<\/strong> The underlying Azure resource mapping can be non-obvious (often tied to AI\/ML workspace constructs). Verify what gets created and billed.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">6.3 Model catalog \/ model selection experience<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Helps you find models by capability (chat, reasoning, embeddings) and choose deployment options.<\/li>\n<li><strong>Why it matters:<\/strong> Model choice is the biggest lever for quality, latency, and cost.<\/li>\n<li><strong>Practical benefit:<\/strong> Faster iteration and fewer misfits.<\/li>\n<li><strong>Limitations\/caveats:<\/strong> Not every model is available in every region; governance may restrict which models are allowed.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">6.4 Model endpoint \/ deployment management (often via Azure OpenAI)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Connects to and manages model deployments\/endpoints used by apps.<\/li>\n<li><strong>Why it matters:<\/strong> Provides consistent endpoints and deployment naming for apps and flows.<\/li>\n<li><strong>Practical benefit:<\/strong> Teams can standardize on deployment names like <code>chat-prod<\/code> and rotate underlying models.<\/li>\n<li><strong>Limitations\/caveats:<\/strong> Capacity\/quota constraints can block deployments; approval may be required for Azure OpenAI.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">6.5 Playgrounds for prompt testing<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Lets you test prompts, system messages, and parameters interactively.<\/li>\n<li><strong>Why it matters:<\/strong> Prompt tuning is iterative and benefits from rapid feedback.<\/li>\n<li><strong>Practical benefit:<\/strong> Non-developers (PM, QA, compliance) can participate.<\/li>\n<li><strong>Limitations\/caveats:<\/strong> Playground results are not a substitute for automated evaluation and load tests.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">6.6 Prompt flow \/ flow orchestration tools<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Builds multi-step LLM workflows (prompt + data + tool calls + post-processing).<\/li>\n<li><strong>Why it matters:<\/strong> Production apps need more than \u201cone prompt \u2192 one response.\u201d<\/li>\n<li><strong>Practical benefit:<\/strong> Reusable flows and more maintainable logic than ad hoc scripts.<\/li>\n<li><strong>Limitations\/caveats:<\/strong> Deployment\/runtime specifics vary. Verify supported runtimes, scaling, and networking constraints.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">6.7 Evaluation tooling (quality, safety, regression)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Runs test datasets against prompts\/models and reports metrics.<\/li>\n<li><strong>Why it matters:<\/strong> Prevents regressions and makes quality measurable.<\/li>\n<li><strong>Practical benefit:<\/strong> Establishes \u201crelease gates\u201d (pass\/fail) for prompt\/model changes.<\/li>\n<li><strong>Limitations\/caveats:<\/strong> Metrics need human review; automated scoring can be misleading if datasets are weak.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">6.8 Connections to Azure resources (data, search, secrets)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Stores and manages references to resources such as Azure OpenAI endpoints, search indexes, storage accounts, and key vaults.<\/li>\n<li><strong>Why it matters:<\/strong> Reduces duplication and supports governance.<\/li>\n<li><strong>Practical benefit:<\/strong> Standard configuration across team members and pipelines.<\/li>\n<li><strong>Limitations\/caveats:<\/strong> Some connections use keys; prefer managed identity where supported.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">6.9 Operational hooks (monitoring, logging, governance)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Encourages integration with Azure Monitor\/App Insights and Azure governance controls.<\/li>\n<li><strong>Why it matters:<\/strong> Production GenAI must be observable and auditable.<\/li>\n<li><strong>Practical benefit:<\/strong> Faster incident response and cost control.<\/li>\n<li><strong>Limitations\/caveats:<\/strong> Telemetry is often fragmented across services (OpenAI, app runtime, search). Plan a unified approach.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">7. Architecture and How It Works<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">High-level architecture<\/h3>\n\n\n\n<p>Foundry Tools typically coordinates:\n1. <strong>Control plane:<\/strong> users create projects, configure connections, define prompts\/flows, and run evaluations in the Azure AI Foundry portal.\n2. <strong>Data plane:<\/strong> applications call deployed model endpoints (often Azure OpenAI) and optionally retrieval systems (Azure AI Search) to ground responses.\n3. <strong>Operations plane:<\/strong> monitoring and logs flow to Azure Monitor\/App Insights\/Log Analytics.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Request\/data\/control flow<\/h3>\n\n\n\n<p>A common GenAI flow looks like this:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>User interacts with an application (web, Teams bot, API).<\/li>\n<li>App calls a model endpoint (Azure OpenAI) with:\n   &#8211; a system prompt and user message\n   &#8211; optional retrieved context (RAG)<\/li>\n<li>If using RAG:\n   &#8211; app queries Azure AI Search for top documents\n   &#8211; app constructs a prompt including citations\/snippets<\/li>\n<li>Response returns to the app.<\/li>\n<li>Telemetry\/metrics are emitted (app logs, endpoint metrics, search metrics).<\/li>\n<\/ol>\n\n\n\n<p>Foundry Tools helps you design and validate steps 2\u20134 through prompt\/flow authoring and evaluation, and helps govern step 1\u20135 through projects, connections, and recommended practices.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Integrations with related services (typical)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Azure OpenAI Service<\/strong> for LLM inference: https:\/\/learn.microsoft.com\/azure\/ai-services\/openai\/<\/li>\n<li><strong>Azure AI Search<\/strong> for retrieval\/grounding: https:\/\/learn.microsoft.com\/azure\/search\/<\/li>\n<li><strong>Azure AI Content Safety<\/strong> for moderation: https:\/\/learn.microsoft.com\/azure\/ai-services\/content-safety\/<\/li>\n<li><strong>Azure Storage<\/strong> for documents and artifacts: https:\/\/learn.microsoft.com\/azure\/storage\/<\/li>\n<li><strong>Azure Key Vault<\/strong> for secrets and keys: https:\/\/learn.microsoft.com\/azure\/key-vault\/<\/li>\n<li><strong>Azure Monitor \/ Application Insights<\/strong> for observability: https:\/\/learn.microsoft.com\/azure\/azure-monitor\/<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Dependency services<\/h3>\n\n\n\n<p>Foundry Tools itself depends on (or orchestrates) underlying Azure resources that you must provision and pay for:\n&#8211; Model endpoint service (often Azure OpenAI)\n&#8211; Storage, Key Vault, sometimes monitoring resources\n&#8211; Optional: Search, compute for flow runs\/evaluations, networking components<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Security\/authentication model<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Human access:<\/strong> Microsoft Entra ID authentication to the Azure AI Foundry portal; authorization via Azure RBAC.<\/li>\n<li><strong>Service-to-service:<\/strong> ideally managed identity; otherwise API keys stored in Key Vault.<\/li>\n<li><strong>Model endpoint access:<\/strong> Azure OpenAI supports key-based and (in some scenarios) Entra ID\u2013based access. Verify current recommended auth in official docs.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Networking model<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Many teams start with public endpoints (fastest).<\/li>\n<li>Production often moves toward:<\/li>\n<li>Private endpoints for Storage\/Search\/Key Vault<\/li>\n<li>Network restrictions on model endpoints where supported<\/li>\n<li>Egress control and strict DNS<\/li>\n<\/ul>\n\n\n\n<p>Networking capabilities vary by service and region\u2014<strong>verify per-service Private Link support<\/strong>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Monitoring\/logging\/governance considerations<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use Azure Monitor and App Insights in your application layer.<\/li>\n<li>Track:<\/li>\n<li>request count, latency, error rates<\/li>\n<li>token usage and throttling from model endpoints<\/li>\n<li>search query latency and index health (if RAG)<\/li>\n<li>cost trends per environment<\/li>\n<li>Use Azure Policy and tagging standards to enforce governance.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Simple architecture diagram (Mermaid)<\/h3>\n\n\n\n<pre><code class=\"language-mermaid\">flowchart LR\n  U[User] --&gt; A[GenAI App \/ API]\n  A --&gt; O[Azure OpenAI Deployment]\n  A --&gt;|optional RAG| S[Azure AI Search]\n  S --&gt; D[(Enterprise Docs)]\n  A --&gt; M[Azure Monitor \/ App Insights]\n<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Production-style architecture diagram (Mermaid)<\/h3>\n\n\n\n<pre><code class=\"language-mermaid\">flowchart TB\n  subgraph Client\n    U[Users]\n  end\n\n  subgraph AppZone[\"Application Zone (VNet)\"]\n    W[Web App \/ API&lt;br\/&gt;Managed Identity]\n    C[Cache (optional)]\n  end\n\n  subgraph DataZone[\"Data Zone (Private Endpoints where supported)\"]\n    KV[Azure Key Vault]\n    ST[(Azure Storage - Documents)]\n    AS[Azure AI Search]\n  end\n\n  subgraph AI[\"AI Services\"]\n    AOAI[Azure OpenAI&lt;br\/&gt;Model Deployments]\n    CS[Azure AI Content Safety&lt;br\/&gt;(optional)]\n  end\n\n  subgraph Ops[\"Operations\"]\n    AIx[Application Insights]\n    LAW[Log Analytics Workspace]\n  end\n\n  U --&gt; W\n  W --&gt; C\n  W --&gt;|retrieve| AS\n  AS --&gt; ST\n  W --&gt;|prompt + context| AOAI\n  W --&gt;|moderate (optional)| CS\n  W --&gt; KV\n\n  W --&gt; AIx\n  AIx --&gt; LAW\n<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">8. Prerequisites<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Account\/subscription\/tenant requirements<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>An Azure subscription where you can create resource groups and required AI services.<\/li>\n<li>Access to <strong>Azure AI Foundry<\/strong> portal: https:\/\/ai.azure.com<\/li>\n<li>Microsoft Entra ID tenant associated with the subscription.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Permissions \/ IAM roles<\/h3>\n\n\n\n<p>You typically need:\n&#8211; <strong>Subscription Contributor<\/strong> (or equivalent) to create resources for a lab.\n&#8211; Appropriate roles for Azure OpenAI:\n  &#8211; To manage the Azure OpenAI resource and deployments: usually Contributor\/Owner or a service-specific contributor role (verify exact role names in official docs for your tenant).\n  &#8211; To call the model endpoint: role or API key access depending on configuration.<\/p>\n\n\n\n<p><strong>Verify current RBAC guidance<\/strong>:\n&#8211; Azure OpenAI RBAC: https:\/\/learn.microsoft.com\/azure\/ai-services\/openai\/how-to\/role-based-access-control (verify exact URL; may redirect)<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Billing requirements<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A valid payment method for the subscription.<\/li>\n<li>Expect charges from:<\/li>\n<li>Azure OpenAI token usage<\/li>\n<li>Any created resources (Storage, Search, monitoring)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">CLI\/SDK\/tools needed (for optional local validation)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Azure CLI: https:\/\/learn.microsoft.com\/cli\/azure\/install-azure-cli<\/li>\n<li>Python 3.10+ (recommended) for a quick API call validation<\/li>\n<li><code>openai<\/code> Python package (Azure OpenAI compatible)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Region availability<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Azure OpenAI is <strong>region-limited<\/strong> and model availability varies by region.<\/li>\n<li>Select a region where:<\/li>\n<li>Azure OpenAI is available to your subscription<\/li>\n<li>The model you want is available (e.g., a small chat model for low-cost testing)<\/li>\n<\/ul>\n\n\n\n<p>Check:\n&#8211; Azure OpenAI regions\/models: https:\/\/learn.microsoft.com\/azure\/ai-services\/openai\/concepts\/models (and region availability pages linked from there)<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Quotas\/limits<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Azure OpenAI has quotas and rate limits that can throttle you.<\/li>\n<li>Some features in Foundry Tools may be preview gated or tenant restricted.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Prerequisite services (for the lab in this tutorial)<\/h3>\n\n\n\n<p>Minimum:\n&#8211; <strong>Azure OpenAI<\/strong> resource with a deployed chat model\nOptional (not required for the core lab):\n&#8211; Azure AI Search (for RAG)\n&#8211; Azure Key Vault (for secret hygiene)\n&#8211; App Insights (for app telemetry)<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">9. Pricing \/ Cost<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">The accurate pricing model (what you pay for)<\/h3>\n\n\n\n<p><strong>Foundry Tools itself is not typically priced as a standalone meter<\/strong>. Instead, you pay for the <strong>Azure resources you use underneath<\/strong>.<\/p>\n\n\n\n<p>Common meters:\n&#8211; <strong>Azure OpenAI<\/strong>: priced by <strong>tokens<\/strong> (input\/output) and sometimes by model class; may have separate pricing for embeddings, fine-tuning, etc.\n  &#8211; Official pricing: https:\/\/azure.microsoft.com\/pricing\/details\/cognitive-services\/openai-service\/\n&#8211; <strong>Azure AI Search<\/strong> (optional for RAG): priced by search units\/replicas\/partitions and features.\n  &#8211; Official pricing: https:\/\/azure.microsoft.com\/pricing\/details\/search\/\n&#8211; <strong>Azure AI Content Safety<\/strong> (optional): priced by API calls\/content units.\n  &#8211; Official pricing: https:\/\/azure.microsoft.com\/pricing\/details\/ai-content-safety\/ (verify; naming may vary)\n&#8211; <strong>Azure Storage<\/strong>: capacity + transactions + data transfer.\n  &#8211; Official pricing: https:\/\/azure.microsoft.com\/pricing\/details\/storage\/\n&#8211; <strong>Azure Monitor \/ Log Analytics \/ App Insights<\/strong>: ingestion, retention, and queries (depending on configuration).\n  &#8211; Official pricing: https:\/\/azure.microsoft.com\/pricing\/details\/monitor\/<\/p>\n\n\n\n<p>Use the <strong>Azure Pricing Calculator<\/strong> to estimate multi-service architectures:\n&#8211; https:\/\/azure.microsoft.com\/pricing\/calculator\/<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Pricing dimensions to understand<\/h3>\n\n\n\n<p>For most Foundry Tools\u2013driven solutions, your main cost dimensions are:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>LLM token consumption<\/strong>\n   &#8211; Prompt length + retrieved context size (RAG) + output length drive tokens.<\/li>\n<li><strong>Concurrency \/ throughput<\/strong>\n   &#8211; More users \u2192 more calls \u2192 higher token cost and potentially higher capacity needs.<\/li>\n<li><strong>Retrieval costs (if using RAG)<\/strong>\n   &#8211; Search service sizing (replicas\/partitions), indexing operations, query volume.<\/li>\n<li><strong>Observability<\/strong>\n   &#8211; Log ingestion can be significant if you log prompts\/responses indiscriminately (often you should not, for privacy).<\/li>\n<li><strong>Networking<\/strong>\n   &#8211; Data egress charges can apply, especially cross-region and internet egress.<\/li>\n<li><strong>Compute for evaluation\/flows<\/strong>\n   &#8211; If evaluations or flows run on managed compute, compute hours can add cost (verify your execution model).<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">Free tier (if applicable)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Many Azure services offer limited free quotas or trial credits, but <strong>Azure OpenAI typically does not have a broad \u201cfree tier\u201d<\/strong> in the way some services do. Free credits depend on your Azure offer.<\/li>\n<li>Always check the official pricing pages and your subscription offer.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Hidden or indirect costs<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Storing embeddings and chunked documents<\/strong> (Storage) can grow steadily.<\/li>\n<li><strong>Re-indexing<\/strong> content in Search adds compute and operational overhead.<\/li>\n<li><strong>Log retention<\/strong> defaults can cause surprise bills.<\/li>\n<li><strong>Overly large contexts<\/strong> dramatically increase token usage (especially with RAG).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Network\/data transfer implications<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Keep model endpoint, app, and retrieval resources in the <strong>same region<\/strong> where possible.<\/li>\n<li>Avoid cross-region calls for every request (adds latency and egress cost).<\/li>\n<li>Consider private networking if compliance requires it; it may add networking resources and operational complexity.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">How to optimize cost (practical)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use a smaller\/cheaper model for:<\/li>\n<li>routine queries<\/li>\n<li>summarization drafts<\/li>\n<li>classification\/routing<\/li>\n<li>Implement <strong>prompt discipline<\/strong>:<\/li>\n<li>trim conversation history<\/li>\n<li>cap max tokens<\/li>\n<li>compress retrieved context<\/li>\n<li>Cache results for repeated queries.<\/li>\n<li>Use RAG to reduce hallucinations\u2014but keep retrieved context short and relevant.<\/li>\n<li>Control logs: avoid storing raw prompts\/responses unless required and approved; mask sensitive data.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Example low-cost starter estimate (no fabricated numbers)<\/h3>\n\n\n\n<p>A low-cost starter setup typically includes:\n&#8211; One Azure OpenAI deployment of a small chat model\n&#8211; Minimal testing traffic (a few hundred requests)\n&#8211; Basic Azure Monitor logs with short retention<\/p>\n\n\n\n<p>Because token pricing varies by model and region, and because usage varies dramatically, <strong>estimate by measuring<\/strong>:\n&#8211; average prompt tokens\n&#8211; average completion tokens\n&#8211; expected requests\/day<\/p>\n\n\n\n<p>Then plug those into the Azure OpenAI pricing page and calculator.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Example production cost considerations (what changes)<\/h3>\n\n\n\n<p>Production usually adds:\n&#8211; Higher request volume (dominant cost driver)\n&#8211; Azure AI Search service sizing (if RAG)\n&#8211; More logging\/monitoring\n&#8211; Potential redundancy (multi-region DR), which can double some baseline costs\n&#8211; CI evaluation runs (more model calls)<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">10. Step-by-Step Hands-On Tutorial<\/h2>\n\n\n\n<p>This lab uses <strong>Foundry Tools<\/strong> through the <strong>Azure AI Foundry portal<\/strong> to create a project, connect a model deployment, test prompts, and validate with a small API call.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Objective<\/h3>\n\n\n\n<p>Create an Azure AI Foundry project, connect it to an Azure OpenAI chat model deployment, test a prompt in the playground, and validate access with a minimal Python script\u2014then clean up safely.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Lab Overview<\/h3>\n\n\n\n<p>You will:\n1. Create a resource group\n2. Provision Azure OpenAI and deploy a chat model (prerequisite for most Foundry Tools workflows)\n3. Create an Azure AI Foundry project and add a connection to your Azure OpenAI deployment\n4. Use Foundry Tools playground to test prompts\n5. Validate with Python (optional but recommended)\n6. Clean up resources<\/p>\n\n\n\n<p><strong>Expected cost:<\/strong> low if you keep usage minimal (a handful of prompt calls).<br\/>\n<strong>Big warning:<\/strong> Deleting the resource group will delete the Azure OpenAI resource and any related resources you created.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 1: Create a resource group<\/h3>\n\n\n\n<p>You can do this in the Azure portal or Azure CLI.<\/p>\n\n\n\n<p><strong>Option A (Azure portal)<\/strong>\n1. Go to https:\/\/portal.azure.com\n2. Search <strong>Resource groups<\/strong> \u2192 <strong>Create<\/strong>\n3. Choose:\n   &#8211; Subscription: your lab subscription\n   &#8211; Resource group: <code>rg-foundrytools-lab<\/code>\n   &#8211; Region: choose a region that supports Azure OpenAI for your subscription\n4. Select <strong>Review + create<\/strong> \u2192 <strong>Create<\/strong><\/p>\n\n\n\n<p><strong>Option B (Azure CLI)<\/strong><\/p>\n\n\n\n<pre><code class=\"language-bash\">az login\naz account set --subscription \"&lt;YOUR_SUBSCRIPTION_ID&gt;\"\naz group create --name rg-foundrytools-lab --location \"&lt;YOUR_REGION&gt;\"\n<\/code><\/pre>\n\n\n\n<p><strong>Expected outcome<\/strong>\n&#8211; Resource group <code>rg-foundrytools-lab<\/code> exists.<\/p>\n\n\n\n<p><strong>Verification<\/strong>\n&#8211; In portal: Resource groups \u2192 <code>rg-foundrytools-lab<\/code> shows \u201cSucceeded\u201d.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 2: Create an Azure OpenAI resource and deploy a chat model<\/h3>\n\n\n\n<p>Azure OpenAI access and model availability vary by region and subscription. If you cannot create Azure OpenAI due to access restrictions, you must request access or use an approved subscription\/region.<\/p>\n\n\n\n<p>Official docs:\n&#8211; Azure OpenAI overview: https:\/\/learn.microsoft.com\/azure\/ai-services\/openai\/overview\n&#8211; Models: https:\/\/learn.microsoft.com\/azure\/ai-services\/openai\/concepts\/models<\/p>\n\n\n\n<p><strong>2A. Create the Azure OpenAI resource (Portal)<\/strong>\n1. Azure portal \u2192 <strong>Create a resource<\/strong>\n2. Search <strong>Azure OpenAI<\/strong> (sometimes listed under Azure AI services)\n3. Create:\n   &#8211; Resource group: <code>rg-foundrytools-lab<\/code>\n   &#8211; Region: choose supported region\n   &#8211; Name: <code>aoai-foundrytools-lab-&lt;unique&gt;<\/code>\n   &#8211; Pricing tier: as available\n4. Review + create \u2192 Create<\/p>\n\n\n\n<p><strong>Expected outcome<\/strong>\n&#8211; Azure OpenAI resource is provisioned.<\/p>\n\n\n\n<p><strong>2B. Deploy a chat model<\/strong>\n1. Open the Azure OpenAI resource\n2. Find <strong>Model deployments<\/strong> \/ <strong>Deployments<\/strong> (label can vary)\n3. <strong>Create deployment<\/strong>\n4. Choose a chat-capable model available in your region (for a low-cost test, choose a smaller model if offered).\n5. Set a deployment name, for example:\n   &#8211; <code>chat-lab<\/code><\/p>\n\n\n\n<p><strong>Expected outcome<\/strong>\n&#8211; A model deployment named <code>chat-lab<\/code> exists.<\/p>\n\n\n\n<p><strong>Verification<\/strong>\n&#8211; Deployment list shows <code>chat-lab<\/code> as \u201cSucceeded\u201d.<\/p>\n\n\n\n<p><strong>Common issue<\/strong>\n&#8211; <em>Model not available in region<\/em>: pick another region or another model available in your region\/subscription.\n&#8211; <em>Quota exceeded<\/em>: request quota increase or choose a smaller deployment\/model if options exist.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 3: Create an Azure AI Foundry project (Foundry Tools)<\/h3>\n\n\n\n<p><strong>3A. Open the portal<\/strong>\n1. Go to <strong>Azure AI Foundry<\/strong>: https:\/\/ai.azure.com\n2. Sign in with the same Entra ID used for the subscription.<\/p>\n\n\n\n<p><strong>3B. Create a project<\/strong>\nUI labels change, but the flow typically looks like:\n1. Select <strong>Create project<\/strong> (or <strong>New project<\/strong>)\n2. Choose:\n   &#8211; Subscription: your lab subscription\n   &#8211; Resource group: <code>rg-foundrytools-lab<\/code>\n   &#8211; Project name: <code>foundrytools-lab<\/code>\n   &#8211; Hub\/workspace: create a new one if prompted, or select an existing hub if your org has one<\/p>\n\n\n\n<p><strong>Expected outcome<\/strong>\n&#8211; You can open the project <code>foundrytools-lab<\/code> and see its navigation (models, playgrounds, flows, evaluations, connections).<\/p>\n\n\n\n<p><strong>Verification<\/strong>\n&#8211; Project dashboard loads without permission errors.<\/p>\n\n\n\n<p><strong>Important caveat<\/strong>\n&#8211; Creating a hub\/workspace may automatically create or require linked resources (Storage, Key Vault, monitoring). Review what it will create before confirming. The exact behavior is tenant-dependent\u2014<strong>verify in official docs<\/strong>.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 4: Add a connection to your Azure OpenAI deployment<\/h3>\n\n\n\n<p>Foundry Tools typically uses \u201cconnections\u201d so you can reference endpoints without pasting keys into every experiment.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>In your Foundry project, locate <strong>Connections<\/strong> (or a similar section)<\/li>\n<li>Add a new connection:\n   &#8211; Type: <strong>Azure OpenAI<\/strong>\n   &#8211; Select your Azure OpenAI resource: <code>aoai-foundrytools-lab-&lt;unique&gt;<\/code>\n   &#8211; Select deployment: <code>chat-lab<\/code><\/li>\n<li>Authentication:\n   &#8211; If key-based: store the key in the connection (prefer Key Vault for production)\n   &#8211; If Entra-based is available in your environment: follow the recommended method (verify)<\/li>\n<\/ol>\n\n\n\n<p><strong>Expected outcome<\/strong>\n&#8211; A connection appears and shows as valid\/connected.<\/p>\n\n\n\n<p><strong>Verification<\/strong>\n&#8211; Connection test succeeds (if the UI provides a test button).<\/p>\n\n\n\n<p><strong>Common issue<\/strong>\n&#8211; <em>Permission denied<\/em>: ensure you have rights to the Azure OpenAI resource and (if using Entra auth) the correct role assignments.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 5: Test a prompt in the Foundry Tools playground<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>In your Foundry project, open <strong>Playgrounds<\/strong> (often \u201cChat playground\u201d)<\/li>\n<li>Choose your Azure OpenAI connection\/deployment (<code>chat-lab<\/code>)<\/li>\n<li>Set a simple system prompt, for example:<\/li>\n<\/ol>\n\n\n\n<ul class=\"wp-block-list\">\n<li>System message:<ul>\n<li>\u201cYou are a helpful assistant. Keep answers under 5 bullet points.\u201d<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<ol class=\"wp-block-list\" start=\"4\">\n<li>\n<p>Ask a question, for example:\n   &#8211; \u201cExplain what Azure AI Foundry is in simple terms.\u201d<\/p>\n<\/li>\n<li>\n<p>Run the prompt.<\/p>\n<\/li>\n<\/ol>\n\n\n\n<p><strong>Expected outcome<\/strong>\n&#8211; You receive a coherent response from the model.<\/p>\n\n\n\n<p><strong>Verification checklist<\/strong>\n&#8211; The response is returned without errors.\n&#8211; You can see token usage or request details (if the UI exposes them).<\/p>\n\n\n\n<p><strong>Cost control tip<\/strong>\n&#8211; Keep answers short and avoid pasting long documents; that increases tokens.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 6 (Optional but recommended): Validate the deployment with Python<\/h3>\n\n\n\n<p>This confirms your model endpoint works outside the portal and helps you transition to real apps.<\/p>\n\n\n\n<p><strong>6A. Get endpoint + key<\/strong>\nFrom your Azure OpenAI resource in Azure portal:\n&#8211; Endpoint URL (e.g., <code>https:\/\/&lt;resource&gt;.openai.azure.com\/<\/code>)\n&#8211; API key (Key 1 or Key 2)\n&#8211; Deployment name: <code>chat-lab<\/code><\/p>\n\n\n\n<p><strong>6B. Create a virtual environment and install dependencies<\/strong><\/p>\n\n\n\n<pre><code class=\"language-bash\">python -m venv .venv\n# Windows: .venv\\Scripts\\activate\n# macOS\/Linux:\nsource .venv\/bin\/activate\n\npip install --upgrade pip\npip install openai\n<\/code><\/pre>\n\n\n\n<p><strong>6C. Run a minimal chat call<\/strong><\/p>\n\n\n\n<p>Create <code>validate_aoai.py<\/code>:<\/p>\n\n\n\n<pre><code class=\"language-python\">import os\nfrom openai import AzureOpenAI\n\nendpoint = os.environ[\"AZURE_OPENAI_ENDPOINT\"]\napi_key = os.environ[\"AZURE_OPENAI_API_KEY\"]\ndeployment = os.environ[\"AZURE_OPENAI_DEPLOYMENT\"]\n\nclient = AzureOpenAI(\n    azure_endpoint=endpoint,\n    api_key=api_key,\n    api_version=\"2024-02-15-preview\"  # verify latest supported api-version in official docs\n)\n\nresp = client.chat.completions.create(\n    model=deployment,\n    messages=[\n        {\"role\": \"system\", \"content\": \"You are a concise assistant.\"},\n        {\"role\": \"user\", \"content\": \"Say hello in one sentence and mention Azure.\"}\n    ],\n    max_tokens=50\n)\n\nprint(resp.choices[0].message.content)\n<\/code><\/pre>\n\n\n\n<p>Set environment variables and run:<\/p>\n\n\n\n<pre><code class=\"language-bash\">export AZURE_OPENAI_ENDPOINT=\"https:\/\/&lt;your-resource-name&gt;.openai.azure.com\/\"\nexport AZURE_OPENAI_API_KEY=\"&lt;your-key&gt;\"\nexport AZURE_OPENAI_DEPLOYMENT=\"chat-lab\"\npython validate_aoai.py\n<\/code><\/pre>\n\n\n\n<p>(Windows PowerShell)<\/p>\n\n\n\n<pre><code class=\"language-powershell\">$env:AZURE_OPENAI_ENDPOINT=\"https:\/\/&lt;your-resource-name&gt;.openai.azure.com\/\"\n$env:AZURE_OPENAI_API_KEY=\"&lt;your-key&gt;\"\n$env:AZURE_OPENAI_DEPLOYMENT=\"chat-lab\"\npython .\\validate_aoai.py\n<\/code><\/pre>\n\n\n\n<p><strong>Expected outcome<\/strong>\n&#8211; The script prints a one-sentence greeting mentioning Azure.<\/p>\n\n\n\n<p><strong>Verification<\/strong>\n&#8211; No authentication error\n&#8211; No \u201cdeployment not found\u201d error\n&#8211; Latency is reasonable for a single call<\/p>\n\n\n\n<p><strong>Common issue<\/strong>\n&#8211; <em>api_version invalid<\/em>: use the latest supported <code>api-version<\/code> from Azure OpenAI docs. Verify here: https:\/\/learn.microsoft.com\/azure\/ai-services\/openai\/reference (or the current reference page linked from docs).<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Validation<\/h3>\n\n\n\n<p>You have successfully validated Foundry Tools usage if:\n&#8211; The Foundry project loads and can access your model deployment\n&#8211; Chat playground returns responses\n&#8211; (Optional) Python script can call the same deployment successfully<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Troubleshooting<\/h3>\n\n\n\n<p><strong>Problem: \u201cYou do not have access to Azure OpenAI\u201d<\/strong>\n&#8211; Azure OpenAI can require eligibility and approval. Use an approved subscription or follow the official access guidance:\n  &#8211; https:\/\/learn.microsoft.com\/azure\/ai-services\/openai\/overview (look for access\/eligibility notes)<\/p>\n\n\n\n<p><strong>Problem: Model deployment not visible in Foundry<\/strong>\n&#8211; Ensure:\n  &#8211; you selected the correct subscription and resource group\n  &#8211; the deployment exists and is in a supported region\n  &#8211; RBAC allows you to read the resource and its deployments<\/p>\n\n\n\n<p><strong>Problem: 401\/403 in Python<\/strong>\n&#8211; Check endpoint format (must include <code>https:\/\/...openai.azure.com\/<\/code>)\n&#8211; Check key is correct and not expired\/rotated\n&#8211; Ensure deployment name matches exactly<\/p>\n\n\n\n<p><strong>Problem: 429 Too Many Requests<\/strong>\n&#8211; You hit rate limits\/quota. Reduce concurrency, shorten prompts, or request quota increase.<\/p>\n\n\n\n<p><strong>Problem: Outputs are blocked\/refused<\/strong>\n&#8211; Safety filters can block content. Test with benign prompts first and align with policy.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Cleanup<\/h3>\n\n\n\n<p>To avoid ongoing charges, delete the lab resource group:<\/p>\n\n\n\n<p><strong>Azure portal<\/strong>\n1. Resource groups \u2192 <code>rg-foundrytools-lab<\/code>\n2. Select <strong>Delete resource group<\/strong>\n3. Type the name to confirm \u2192 <strong>Delete<\/strong><\/p>\n\n\n\n<p><strong>Azure CLI<\/strong><\/p>\n\n\n\n<pre><code class=\"language-bash\">az group delete --name rg-foundrytools-lab --yes --no-wait\n<\/code><\/pre>\n\n\n\n<p><strong>Expected outcome<\/strong>\n&#8211; The resource group and all contained resources are removed.<\/p>\n\n\n\n<p><strong>Verify<\/strong>\n&#8211; After a few minutes, the resource group no longer appears.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">11. Best Practices<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Architecture best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Separate environments<\/strong> (dev\/test\/prod) by subscription or resource group, not just by naming.<\/li>\n<li>Keep model endpoint, search, storage, and app in the <strong>same region<\/strong> to reduce latency and egress.<\/li>\n<li>Use RAG for factual grounding, but don\u2019t overload context\u2014optimize retrieval and chunking.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">IAM\/security best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Prefer <strong>managed identity<\/strong> for app-to-Azure access where supported.<\/li>\n<li>Use <strong>least privilege<\/strong>:<\/li>\n<li>developers don\u2019t need Owner<\/li>\n<li>apps don\u2019t need Contributor<\/li>\n<li>Centralize secrets in <strong>Azure Key Vault<\/strong> and rotate keys regularly.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Cost best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Track and cap:<\/li>\n<li>max output tokens<\/li>\n<li>conversation history length<\/li>\n<li>top-K retrieval size<\/li>\n<li>Use a cheaper model for classification\/routing and only escalate to expensive models when needed.<\/li>\n<li>Budget for evaluation runs; they are \u201chidden token usage.\u201d<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Performance best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Cache embeddings and repeated results.<\/li>\n<li>Use streaming responses in user-facing chat apps (app-side) to improve perceived latency (implementation dependent).<\/li>\n<li>Monitor p95 latency and timeouts; set conservative client timeouts and retries.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Reliability best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Build retry logic for transient failures (429\/5xx) with exponential backoff.<\/li>\n<li>Implement fallback behavior:<\/li>\n<li>fallback model<\/li>\n<li>fallback to \u201cI don\u2019t know\u201d with escalation<\/li>\n<li>Consider DR strategies for critical workloads (multi-region is complex; verify service support).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Operations best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Define SLOs: availability, latency, correctness (via evaluation), safety.<\/li>\n<li>Use structured logging with correlation IDs; avoid logging full prompt\/response unless required and approved.<\/li>\n<li>Establish an incident runbook for:<\/li>\n<li>quota\/rate limiting<\/li>\n<li>model behavior drift<\/li>\n<li>retrieval index issues<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Governance\/tagging\/naming best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Enforce tags:<\/li>\n<li><code>env<\/code>, <code>owner<\/code>, <code>costCenter<\/code>, <code>dataClassification<\/code><\/li>\n<li>Standardize names:<\/li>\n<li><code>aoai-&lt;app&gt;-&lt;env&gt;-&lt;region&gt;<\/code><\/li>\n<li><code>search-&lt;app&gt;-&lt;env&gt;-&lt;region&gt;<\/code><\/li>\n<li>Use Azure Policy to restrict public endpoints in prod where required.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">12. Security Considerations<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Identity and access model<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Humans:<\/strong> Entra ID sign-in to Azure AI Foundry; authorize with Azure RBAC.<\/li>\n<li><strong>Apps\/services:<\/strong> managed identity is preferred; if keys are required, store them in Key Vault.<\/li>\n<li>Carefully separate:<\/li>\n<li>people who can <strong>deploy\/manage models<\/strong><\/li>\n<li>people who can <strong>invoke models<\/strong><\/li>\n<li>people who can <strong>read logs<\/strong> (logs can contain sensitive data)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Encryption<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Data in transit: HTTPS\/TLS for API calls.<\/li>\n<li>Data at rest: Azure services typically encrypt by default; verify each service\u2019s encryption options (CMK support varies by service\/SKU).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Network exposure<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>For production:<\/li>\n<li>restrict public access where possible<\/li>\n<li>prefer Private Link for Storage, Key Vault, and Search where supported<\/li>\n<li>evaluate network controls for model endpoints (capability varies; verify)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Secrets handling<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Never hardcode keys in source code or CI logs.<\/li>\n<li>Use Key Vault + managed identity to retrieve secrets at runtime if keys are unavoidable.<\/li>\n<li>Rotate keys and update connections.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Audit\/logging<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use:<\/li>\n<li>Azure Activity Log for control-plane operations<\/li>\n<li>service logs (OpenAI\/Search) and application logs for data-plane events<\/li>\n<li>Set retention to meet compliance, not \u201cforever by default.\u201d<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Compliance considerations<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Data classification: define what can be sent to the model.<\/li>\n<li>PII\/PHI: mask or redact where needed.<\/li>\n<li>Ensure your organization\u2019s policy allows the selected model\/service and region.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Common security mistakes<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Logging raw prompts\/responses with sensitive data.<\/li>\n<li>Sharing a single API key across multiple apps\/environments.<\/li>\n<li>Running dev\/test with production keys.<\/li>\n<li>No quota\/rate-limit protections (leads to cost spikes and abuse).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Secure deployment recommendations<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use separate subscriptions for prod.<\/li>\n<li>Implement approval gates for prompt\/model changes.<\/li>\n<li>Maintain an allowlist of approved models and endpoints.<\/li>\n<li>Use private networking and egress control when required.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">13. Limitations and Gotchas<\/h2>\n\n\n\n<p>Because Foundry Tools relies on multiple underlying services, limitations are often inherited:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Azure OpenAI access restrictions:<\/strong> you may not be able to provision it in all subscriptions.<\/li>\n<li><strong>Model availability varies by region:<\/strong> your preferred model might not exist in your region.<\/li>\n<li><strong>Quota and rate limiting:<\/strong> 429 errors can appear unexpectedly under load.<\/li>\n<li><strong>Preview features:<\/strong> Foundry Tools capabilities can be preview-only and may change.<\/li>\n<li><strong>Networking constraints:<\/strong> Private Link support differs by service and SKU.<\/li>\n<li><strong>Evaluation quality pitfalls:<\/strong> automated metrics can be gamed; human review remains necessary.<\/li>\n<li><strong>Logging privacy risk:<\/strong> careless logging can create compliance issues.<\/li>\n<li><strong>Cost surprises:<\/strong> long prompts + long outputs + frequent eval runs = rapid token spend.<\/li>\n<li><strong>Dependency drift:<\/strong> prompt\/flow behavior can change when you switch model versions.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">14. Comparison with Alternatives<\/h2>\n\n\n\n<p>Foundry Tools is best compared as a <strong>GenAI app-building toolchain<\/strong> rather than a single model API.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Alternatives in Azure<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Direct Azure OpenAI + custom code<\/strong><\/li>\n<li><strong>Azure Machine Learning (end-to-end ML platform)<\/strong><\/li>\n<li><strong>Azure AI Search + custom RAG pipeline<\/strong><\/li>\n<li><strong>Microsoft Fabric \/ data tooling<\/strong> (for analytics-centric flows; not a direct substitute)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Alternatives in other clouds<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>AWS Bedrock<\/strong> (model access + tooling) and <strong>SageMaker Studio<\/strong> (ML platform)<\/li>\n<li><strong>Google Vertex AI<\/strong> (models + studio + pipelines)<\/li>\n<li><strong>OpenAI API directly<\/strong> (non-Azure; different governance model)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Open-source\/self-managed alternatives<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>LangChain \/ LlamaIndex<\/strong> plus your own evaluation stack<\/li>\n<li><strong>Self-hosted models<\/strong> on Kubernetes\/VMs with vLLM\/TGI (higher ops burden)<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">Comparison table<\/h4>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Option<\/th>\n<th>Best For<\/th>\n<th>Strengths<\/th>\n<th>Weaknesses<\/th>\n<th>When to Choose<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>Azure Foundry Tools (Azure AI Foundry)<\/strong><\/td>\n<td>Teams building GenAI apps on Azure needing lifecycle tooling<\/td>\n<td>Integrated portal workflow, project structure, evaluation mindset, Azure governance alignment<\/td>\n<td>Depends on underlying services; some features may be preview; UI evolves<\/td>\n<td>When you want an Azure-native GenAI toolchain with enterprise controls<\/td>\n<\/tr>\n<tr>\n<td><strong>Azure OpenAI + custom code<\/strong><\/td>\n<td>Teams that already have strong internal platform<\/td>\n<td>Maximum flexibility; minimal portal dependency<\/td>\n<td>More engineering effort for evaluation\/governance; easier to get \u201cdemo drift\u201d<\/td>\n<td>When you only need model APIs and will build your own tooling<\/td>\n<\/tr>\n<tr>\n<td><strong>Azure Machine Learning<\/strong><\/td>\n<td>Traditional ML training + deployment, MLOps<\/td>\n<td>Mature training pipelines, registries, MLOps<\/td>\n<td>GenAI prompt lifecycle may require extra layering<\/td>\n<td>When your workload is primarily training\/ML ops rather than prompt-driven apps<\/td>\n<\/tr>\n<tr>\n<td><strong>AWS Bedrock<\/strong><\/td>\n<td>AWS-first GenAI apps<\/td>\n<td>Broad model access; AWS-native governance<\/td>\n<td>Different ecosystem; migration effort from Azure<\/td>\n<td>When your platform is AWS and you want managed model access<\/td>\n<\/tr>\n<tr>\n<td><strong>Google Vertex AI<\/strong><\/td>\n<td>GCP-first GenAI and ML<\/td>\n<td>Integrated tooling; strong ML platform<\/td>\n<td>Different ecosystem; migration effort<\/td>\n<td>When your platform is GCP<\/td>\n<\/tr>\n<tr>\n<td><strong>Self-managed OSS (LangChain + self-hosted models)<\/strong><\/td>\n<td>Maximum control and portability<\/td>\n<td>Cloud-agnostic; can run offline<\/td>\n<td>Highest ops\/security burden; capacity planning; patching<\/td>\n<td>When compliance\/portability requires self-hosting and you have platform maturity<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">15. Real-World Example<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Enterprise example: Internal policy copilot for a regulated company<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Employees need consistent, policy-compliant answers grounded in internal documents; compliance requires strong access controls and auditing.<\/li>\n<li><strong>Proposed architecture:<\/strong><\/li>\n<li>Foundry Tools project for prompt\/flow and evaluation management<\/li>\n<li>Azure OpenAI for inference<\/li>\n<li>Azure AI Search for RAG over policy documents<\/li>\n<li>Key Vault for secrets, managed identity for app access<\/li>\n<li>Private endpoints for Search\/Storage\/Key Vault (where supported)<\/li>\n<li>App Insights + Log Analytics with careful redaction<\/li>\n<li><strong>Why Foundry Tools was chosen:<\/strong><\/li>\n<li>Centralized prompt and evaluation workflow<\/li>\n<li>Easier collaboration among engineering, compliance, and support teams<\/li>\n<li>Faster path from prototype to governed deployment<\/li>\n<li><strong>Expected outcomes:<\/strong><\/li>\n<li>Reduced time spent searching policies<\/li>\n<li>Higher answer consistency and fewer hallucinations via RAG + evaluation gates<\/li>\n<li>Improved audit readiness with Azure-native governance<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Startup\/small-team example: Customer support assistant MVP<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Small team wants a support chatbot MVP that reduces ticket volume without months of platform work.<\/li>\n<li><strong>Proposed architecture:<\/strong><\/li>\n<li>Foundry Tools for rapid prompt iteration and basic evaluation<\/li>\n<li>Azure OpenAI small chat model deployment<\/li>\n<li>Minimal app layer (Azure App Service or container) calling the endpoint<\/li>\n<li>Basic telemetry in App Insights<\/li>\n<li><strong>Why Foundry Tools was chosen:<\/strong><\/li>\n<li>Accelerates iteration without building custom evaluation tooling<\/li>\n<li>Provides a \u201csingle place\u201d to test prompts and keep versions organized<\/li>\n<li><strong>Expected outcomes:<\/strong><\/li>\n<li>MVP in days instead of weeks<\/li>\n<li>Early safety checks before opening to customers<\/li>\n<li>A path to add RAG later without re-platforming<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">16. FAQ<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">1) Is \u201cFoundry Tools\u201d a standalone Azure resource with its own price?<\/h3>\n\n\n\n<p>Generally, <strong>no<\/strong>. Foundry Tools is best understood as tooling within <strong>Azure AI Foundry<\/strong>; you pay for underlying services like Azure OpenAI, Search, Storage, and monitoring. Verify the current product definition in official docs because naming evolves.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">2) Is Azure AI Foundry the same as Azure AI Studio?<\/h3>\n\n\n\n<p>Microsoft has shifted branding toward <strong>Azure AI Foundry<\/strong>. You may still see <strong>Azure AI Studio<\/strong> in docs or UI depending on timing\/tenant. Use https:\/\/ai.azure.com and check the latest docs.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">3) Do I need Azure OpenAI to use Foundry Tools?<\/h3>\n\n\n\n<p>Many Foundry Tools workflows center on model endpoints, and Azure OpenAI is a common choice. Some tenants may have additional model options in the catalog, but Azure OpenAI is the most common baseline for enterprise GenAI in Azure.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">4) Can I use Foundry Tools for classic ML training?<\/h3>\n\n\n\n<p>Foundry Tools is oriented toward GenAI app building and evaluation. For heavy training pipelines, <strong>Azure Machine Learning<\/strong> is typically the primary service, though both can be used together.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">5) Can I run Foundry Tools entirely inside a private network?<\/h3>\n\n\n\n<p>The portal is cloud-hosted. Private networking is usually implemented around underlying resources (Search\/Storage\/Key Vault) and app runtimes. Capabilities vary\u2014verify Private Link support per service.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">6) How do I control who can deploy models vs who can call models?<\/h3>\n\n\n\n<p>Use <strong>Azure RBAC<\/strong> with separate roles and scopes:\n&#8211; manage deployments at the Azure OpenAI resource scope\n&#8211; invoke endpoints with a narrower role or key distribution strategy<br\/>\nVerify exact roles recommended for Azure OpenAI in current docs.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">7) What\u2019s the biggest cost driver?<\/h3>\n\n\n\n<p>Usually <strong>token usage<\/strong> (prompt + output), followed by retrieval infrastructure (Search) and logging if misconfigured.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">8) How do I prevent prompt injection?<\/h3>\n\n\n\n<p>Use layered defenses:\n&#8211; strict system prompt rules\n&#8211; retrieval filtering and citation-based answering\n&#8211; tool\/function calling with allowlists\n&#8211; output validation (schemas)<br\/>\nTest prompt injection attempts in evaluations.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">9) Can I version prompts and flows?<\/h3>\n\n\n\n<p>Foundry-oriented workflows typically support organizing prompt\/flow assets in projects. For robust versioning, integrate with Git and CI\/CD; treat prompts as code.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">10) How do I evaluate quality reliably?<\/h3>\n\n\n\n<p>Use:\n&#8211; curated test datasets based on real user questions\n&#8211; automated metrics as indicators, not absolute truth\n&#8211; periodic human review<br\/>\nMeasure hallucination rate, groundedness, and policy compliance.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">11) Is it safe to log prompts and responses?<\/h3>\n\n\n\n<p>Often <strong>no<\/strong>, unless you have explicit approval and data handling controls. Redact sensitive info and set strict retention. Align with your compliance policies.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">12) What regions should I choose?<\/h3>\n\n\n\n<p>Choose a region where:\n&#8211; Azure OpenAI is available to your subscription\n&#8211; your required model is available\n&#8211; your data residency requirements are satisfied<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">13) How do I handle rate limiting (429)?<\/h3>\n\n\n\n<p>Implement:\n&#8211; retries with exponential backoff\n&#8211; request queueing\n&#8211; user-level throttling\n&#8211; caching<br\/>\nAlso consider quota increases where appropriate.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">14) Can I do RAG without Azure AI Search?<\/h3>\n\n\n\n<p>Yes (e.g., database vector search, other retrieval systems), but Azure AI Search is a common Azure-native approach. The best choice depends on data type, scale, and security constraints.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">15) What\u2019s a good \u201cfirst production\u201d pattern?<\/h3>\n\n\n\n<p>A minimal production pattern often includes:\n&#8211; a single model deployment\n&#8211; a retrieval layer (if needed)\n&#8211; managed identity + Key Vault\n&#8211; App Insights telemetry\n&#8211; evaluation gates before release<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">17. Top Online Resources to Learn Foundry Tools<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Resource Type<\/th>\n<th>Name<\/th>\n<th>Why It Is Useful<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>Official portal<\/td>\n<td>Azure AI Foundry portal \u2014 https:\/\/ai.azure.com<\/td>\n<td>Primary UI for Foundry Tools workflows (projects, playgrounds, evaluation).<\/td>\n<\/tr>\n<tr>\n<td>Official documentation<\/td>\n<td>Azure AI Foundry docs \u2014 https:\/\/learn.microsoft.com\/azure\/ai-foundry\/<\/td>\n<td>Canonical docs for current branding and capabilities (verify redirects).<\/td>\n<\/tr>\n<tr>\n<td>Official documentation (legacy branding)<\/td>\n<td>Azure AI Studio docs \u2014 https:\/\/learn.microsoft.com\/azure\/ai-studio\/<\/td>\n<td>Older pages still referenced by teams; useful during transition.<\/td>\n<\/tr>\n<tr>\n<td>Official model service docs<\/td>\n<td>Azure OpenAI Service \u2014 https:\/\/learn.microsoft.com\/azure\/ai-services\/openai\/<\/td>\n<td>Required to deploy and operate many GenAI solutions in Azure.<\/td>\n<\/tr>\n<tr>\n<td>Official pricing<\/td>\n<td>Azure OpenAI pricing \u2014 https:\/\/azure.microsoft.com\/pricing\/details\/cognitive-services\/openai-service\/<\/td>\n<td>Explains token-based pricing dimensions.<\/td>\n<\/tr>\n<tr>\n<td>Official retrieval docs<\/td>\n<td>Azure AI Search docs \u2014 https:\/\/learn.microsoft.com\/azure\/search\/<\/td>\n<td>Core for RAG patterns and enterprise search.<\/td>\n<\/tr>\n<tr>\n<td>Official pricing<\/td>\n<td>Azure AI Search pricing \u2014 https:\/\/azure.microsoft.com\/pricing\/details\/search\/<\/td>\n<td>Helps size search units and understand cost drivers.<\/td>\n<\/tr>\n<tr>\n<td>Official safety docs<\/td>\n<td>Azure AI Content Safety \u2014 https:\/\/learn.microsoft.com\/azure\/ai-services\/content-safety\/<\/td>\n<td>Guidance for moderation and safety controls.<\/td>\n<\/tr>\n<tr>\n<td>Architecture guidance<\/td>\n<td>Azure Architecture Center \u2014 https:\/\/learn.microsoft.com\/azure\/architecture\/<\/td>\n<td>Reference architectures and best practices for production Azure solutions.<\/td>\n<\/tr>\n<tr>\n<td>Pricing tool<\/td>\n<td>Azure Pricing Calculator \u2014 https:\/\/azure.microsoft.com\/pricing\/calculator\/<\/td>\n<td>Build multi-service cost estimates and compare regions\/SKUs.<\/td>\n<\/tr>\n<tr>\n<td>Samples (official or highly trusted)<\/td>\n<td>Azure samples on GitHub \u2014 https:\/\/github.com\/Azure<\/td>\n<td>Starting points for app patterns; verify repo relevance to Foundry\/AI Foundry.<\/td>\n<\/tr>\n<tr>\n<td>Videos<\/td>\n<td>Microsoft Azure YouTube \u2014 https:\/\/www.youtube.com\/@MicrosoftAzure<\/td>\n<td>Product walkthroughs and announcements; validate against docs for current steps.<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">18. Training and Certification Providers<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Institute<\/th>\n<th>Suitable Audience<\/th>\n<th>Likely Learning Focus<\/th>\n<th>Mode<\/th>\n<th>Website URL<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>DevOpsSchool.com<\/td>\n<td>DevOps engineers, cloud engineers, platform teams<\/td>\n<td>Azure DevOps\/MLOps foundations, operationalizing cloud services<\/td>\n<td>Check website<\/td>\n<td>https:\/\/www.devopsschool.com<\/td>\n<\/tr>\n<tr>\n<td>ScmGalaxy.com<\/td>\n<td>Beginners to intermediate engineers<\/td>\n<td>SCM\/DevOps fundamentals that support AI delivery pipelines<\/td>\n<td>Check website<\/td>\n<td>https:\/\/www.scmgalaxy.com<\/td>\n<\/tr>\n<tr>\n<td>CLoudOpsNow.in<\/td>\n<td>Cloud ops and SRE-oriented teams<\/td>\n<td>Cloud operations practices, monitoring, reliability<\/td>\n<td>Check website<\/td>\n<td>https:\/\/www.cloudopsnow.in<\/td>\n<\/tr>\n<tr>\n<td>SreSchool.com<\/td>\n<td>SREs, operations, incident responders<\/td>\n<td>SRE practices applied to cloud and AI workloads<\/td>\n<td>Check website<\/td>\n<td>https:\/\/www.sreschool.com<\/td>\n<\/tr>\n<tr>\n<td>AiOpsSchool.com<\/td>\n<td>Ops teams adopting AI tooling<\/td>\n<td>AIOps concepts, monitoring automation, operational analytics<\/td>\n<td>Check website<\/td>\n<td>https:\/\/www.aiopsschool.com<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">19. Top Trainers<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Platform\/Site<\/th>\n<th>Likely Specialization<\/th>\n<th>Suitable Audience<\/th>\n<th>Website URL<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>RajeshKumar.xyz<\/td>\n<td>DevOps\/cloud training content (verify offerings)<\/td>\n<td>Individuals seeking practical guidance<\/td>\n<td>https:\/\/www.rajeshkumar.xyz<\/td>\n<\/tr>\n<tr>\n<td>devopstrainer.in<\/td>\n<td>DevOps training and coaching (verify scope)<\/td>\n<td>Teams and individuals<\/td>\n<td>https:\/\/www.devopstrainer.in<\/td>\n<\/tr>\n<tr>\n<td>devopsfreelancer.com<\/td>\n<td>Freelance DevOps services\/training platform (verify)<\/td>\n<td>Startups and small teams<\/td>\n<td>https:\/\/www.devopsfreelancer.com<\/td>\n<\/tr>\n<tr>\n<td>devopssupport.in<\/td>\n<td>DevOps support and learning resources (verify)<\/td>\n<td>Ops teams needing hands-on support<\/td>\n<td>https:\/\/www.devopssupport.in<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">20. Top Consulting Companies<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Company Name<\/th>\n<th>Likely Service Area<\/th>\n<th>Where They May Help<\/th>\n<th>Consulting Use Case Examples<\/th>\n<th>Website URL<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>cotocus.com<\/td>\n<td>Cloud\/DevOps\/IT consulting (verify exact services)<\/td>\n<td>Delivery, architecture, implementation support<\/td>\n<td>Landing zones, CI\/CD, operational readiness for AI apps<\/td>\n<td>https:\/\/www.cotocus.com<\/td>\n<\/tr>\n<tr>\n<td>DevOpsSchool.com<\/td>\n<td>Training + consulting (verify exact services)<\/td>\n<td>Enablement, DevOps practices for AI delivery<\/td>\n<td>Prompt\/app CI, environment standardization, monitoring patterns<\/td>\n<td>https:\/\/www.devopsschool.com<\/td>\n<\/tr>\n<tr>\n<td>DEVOPSCONSULTING.IN<\/td>\n<td>DevOps consulting (verify exact services)<\/td>\n<td>DevOps transformation and support<\/td>\n<td>Pipeline hardening, infra automation, reliability practices<\/td>\n<td>https:\/\/www.devopsconsulting.in<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">21. Career and Learning Roadmap<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">What to learn before Foundry Tools<\/h3>\n\n\n\n<p>To be effective with Foundry Tools in Azure AI + Machine Learning, learn:\n&#8211; Azure fundamentals: resource groups, regions, networking basics\n&#8211; Microsoft Entra ID basics: users, groups, RBAC\n&#8211; Azure Key Vault and managed identities\n&#8211; API fundamentals and REST authentication\n&#8211; Basic LLM concepts: tokens, context window, temperature, embeddings\n&#8211; Prompt engineering fundamentals and common failure modes (hallucination, prompt injection)<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">What to learn after Foundry Tools<\/h3>\n\n\n\n<p>To run production-grade systems:\n&#8211; RAG architecture deeply (chunking, indexing, evaluation, citation)\n&#8211; Azure AI Search advanced features and scaling\n&#8211; Observability engineering (App Insights, distributed tracing)\n&#8211; CI\/CD for prompts and evaluation datasets\n&#8211; Threat modeling for GenAI apps\n&#8211; Load testing and quota management for model endpoints<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Job roles that use it<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Azure Cloud Engineer (AI workloads)<\/li>\n<li>Solutions Architect (GenAI \/ AI platform)<\/li>\n<li>DevOps \/ Platform Engineer supporting AI teams<\/li>\n<li>MLOps Engineer (GenAI focus)<\/li>\n<li>Security Engineer for AI systems<\/li>\n<li>Application Developer building copilots\/assistants<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Certification path (if available)<\/h3>\n\n\n\n<p>Microsoft certification offerings change. For current role-based certifications:\n&#8211; Start at Microsoft Learn certifications overview: https:\/\/learn.microsoft.com\/credentials\/certifications\/\n&#8211; Commonly relevant areas include Azure fundamentals, developer, architect, and AI engineer tracks (verify which map best to Azure AI Foundry and Azure OpenAI at the time you certify).<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Project ideas for practice<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Build a prompt library with evaluation gates (local JSON test set + pass\/fail thresholds).<\/li>\n<li>Create a RAG assistant for product documentation with citations and refusal behavior.<\/li>\n<li>Implement a router that uses a cheap model to classify intent and chooses the best downstream flow.<\/li>\n<li>Create an ops dashboard showing token usage, latency, and error rates by environment.<\/li>\n<li>Implement key rotation with Key Vault and managed identity, and prove no secrets are in code.<\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">22. Glossary<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Azure AI Foundry:<\/strong> Azure portal experience (https:\/\/ai.azure.com) for building and managing GenAI applications, projects, and related tooling.<\/li>\n<li><strong>Foundry Tools:<\/strong> The toolset within Azure AI Foundry used for prototyping, orchestration (flows), evaluation, and project organization.<\/li>\n<li><strong>Azure OpenAI:<\/strong> Azure service providing access to OpenAI models with Azure enterprise controls.<\/li>\n<li><strong>Deployment (Azure OpenAI):<\/strong> A named configuration that exposes a model via an endpoint; your apps call the deployment name.<\/li>\n<li><strong>Tokens:<\/strong> Units of text used for pricing and context length; both input and output tokens typically count.<\/li>\n<li><strong>RAG (Retrieval-Augmented Generation):<\/strong> Pattern where you retrieve relevant documents and provide them as context to the LLM.<\/li>\n<li><strong>Azure AI Search:<\/strong> Azure service used for indexing and querying content; commonly used for RAG.<\/li>\n<li><strong>Prompt injection:<\/strong> Attack where user input tries to override system instructions or exfiltrate hidden prompts\/secrets.<\/li>\n<li><strong>Managed identity:<\/strong> Azure feature that provides an automatically managed identity for apps to access resources without storing credentials.<\/li>\n<li><strong>RBAC:<\/strong> Role-Based Access Control in Azure; governs who can do what at what scope.<\/li>\n<li><strong>App Insights:<\/strong> Azure application performance monitoring service (part of Azure Monitor).<\/li>\n<li><strong>Evaluation dataset:<\/strong> A curated set of test prompts and expected behaviors used to measure quality and regressions.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">23. Summary<\/h2>\n\n\n\n<p><strong>Foundry Tools (Azure)<\/strong> is the practical toolchain within <strong>Azure AI Foundry<\/strong> that helps teams build, test, evaluate, and operationalize <strong>AI + Machine Learning<\/strong> solutions\u2014especially generative AI apps\u2014using Azure-native governance patterns.<\/p>\n\n\n\n<p>It matters because GenAI success depends on more than calling a model API: you need <strong>repeatable prompt workflows, evaluation discipline, security controls, and operational readiness<\/strong>. Foundry Tools provides a structured way to manage that lifecycle, while the real costs and scaling come from underlying services like <strong>Azure OpenAI<\/strong>, <strong>Azure AI Search<\/strong>, Storage, and monitoring.<\/p>\n\n\n\n<p>Key takeaways:\n&#8211; <strong>Cost:<\/strong> primarily driven by token usage, retrieval infrastructure, and logging.\n&#8211; <strong>Security:<\/strong> enforce least privilege, prefer managed identities, and be careful with prompt\/response logging.\n&#8211; <strong>Fit:<\/strong> best for Azure teams moving from GenAI prototype to production with governance and evaluation.<\/p>\n\n\n\n<p><strong>Next learning step:<\/strong> build a small RAG prototype and add an evaluation gate to your CI pipeline, using the official Azure AI Foundry and Azure OpenAI documentation as your source of truth.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>AI + Machine Learning<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3,40],"tags":[],"class_list":["post-351","post","type-post","status-publish","format-standard","hentry","category-ai-machine-learning","category-azure"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts\/351","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/comments?post=351"}],"version-history":[{"count":0,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts\/351\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/media?parent=351"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/categories?post=351"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/tags?post=351"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}