Microsoft Foundry Agent Service frequently asked questions

If you can't find answers to your questions in this article and you still need help, see Foundry Tools support and help options. Microsoft Foundry Agent Service is part of Foundry Tools.

General

Do you store any data used in the Foundry Agent Service API?

Yes. Foundry Agent Service is a stateful API, which means that it retains data. Two types of data are stored in the Foundry Agent Service API:

• Stateful entities: Conversations and responses created during usage.
• Files and vector stores: Data uploaded during Foundry Agent Service setup or as part of a response generation.

Where is this data stored?

• Basic setup: Data is stored in a secure, Microsoft-managed storage account that's logically separated.
• Standard setup: Data is stored in your own Azure resources, so you have full ownership and control.

How long is this data stored?

All used data persists in this system unless you explicitly delete it. Use the delete function with the conversation ID of the conversation that you want to delete. Or use the delete function with the response ID of the generated response that you want to delete.

Does Foundry Agent Service support CMK encryption?

• Basic setup supports Microsoft-managed keys only.
• Standard setup supports customer-managed keys (CMKs).

Does Microsoft use my data for training models?

No, Microsoft doesn't use your data for training models. For more information, see the Responsible AI documentation.

Where is data stored geographically?

Microsoft Foundry Agent Service endpoints are regional, and data is stored in the same region as the endpoint. For more information, see the Azure data residency documentation.

How am I charged for Foundry Agent Service?

• You're charged for inference cost (input and output) of the base model that you're using for each agent (for example, gpt-4-0125). If you created multiple agents, you're charged for the base model attached to each agent.

• If you enabled the Code Interpreter tool, you're charged for its use per session. For example, if your agent calls Code Interpreter simultaneously in two threads, this activity creates two Code Interpreter sessions. Each of those sessions is charged.

  By default, each session is active for one hour. If your user keeps giving instructions to Code Interpreter in the same thread for up to one hour, you pay this fee only once.

• File search is billed based on the vector storage that you use.

For more information, see the pricing page.

Is there any additional pricing or quota for using Foundry Agent Service?

No. All quotas apply to using models with Foundry Agent Service.

Virtual networking

What is virtual network isolation?

Virtual networks help secure the inbound and outbound access of your Azure resources to prevent bad actors from accessing your resources. You achieve network isolation through virtual network integrations in Azure. This is a fundamental requirement for security in enterprises. To learn more about virtual network isolation, see Integrate Azure services with virtual networks for network isolation and What is Azure Virtual Network?.

Why do I need subnet delegation?

The agent client and compute both run on Azure Container Apps. When you run the agent client and the associated compute on Container Apps inside an existing virtual network, you must supply a dedicated subnet delegated to Microsoft.App/environments.

Delegation pins the client and compute to the right subnet. It tells Azure exactly where to "inject" the agent client so that Container Apps can create network interfaces there. Container Apps then applies the IP addresses, routing, NSGs, and service-managed identity, which are configured automatically.

Without the delegation, Container Apps refuses to deploy. In that case, neither the agent client nor the compute layer can join your virtual network. This situation breaks isolation and compliance requirements.

In short, delegating the subnet is the prerequisite that lets Container Apps and your agent runtime reside in your private network with the correct security and routing policies in place and in your control.

What regions are supported for Class A?

Supported regions are: West US, East US, East US 2, Japan East, France Central, UAE North, South Central US, Italy North, Germany West Central, Brazil South, South Africa North, Australia East, Sweden Central, Canada East, West Europe, Spain Central, and UK South.

What class range is supported for public or private Class A, B, and C subnets?

Only private Class A, B, and C ranges are supported. No public class ranges are supported.

What is the minimum size for the agent subnet, and how many IPs should I use?

The recommended subnet size is /24 (256 address) and is what we default to in our templates. The minimum subnet size is /27 (32 address). We recommend /24 because of the runtime impact in the event of a container update, as listed in the Container Apps documentation. For more information, see Virtual network configuration.

We set an IP range per Microsoft Foundry account. Each project gets an IP address from the range. An IP address is set per project, not per agent. This means there's no limit to the number of agents that you can create within your project. You aren't limited by the minimum address space of the subnet to create any number of agents.

What is the minimum and recommended address range for virtual networks in Foundry Agent Service?

As long as the agent subnet and private endpoints have address space, the address range for virtual networks can be anything.

Can I use peered virtual networks? Can I have resources in different virtual networks?

Yes. The virtual network is in your subscription, and you should be able to peer with any virtual network. But data transfer is costly, so we don't recommend it. The requirement is that all resources must be in the same region as the Foundry resource.

Do I need to add any FQDNs to an allow list if I'm using an Azure firewall?

Yes. Add to an allow list the fully qualified domain names (FQDNs) listed for a managed identity in the Use Azure Firewall with Azure Container Apps article, or add the service tag AzureActiveDirectory. Verify that no Transport Layer Security (TLS) inspection happens in the firewall that might add a self-signed certificate. During failures, inspect if there's any traffic landing on the firewall and what traffic the firewall is blocking.

Can multiple Microsoft Foundry resources reuse the virtual network?

Yes, multiple Foundry resources can reuse a virtual network. But the agent runtime subnet is per Foundry account.

Does the virtual network need to be in the same resource group as Foundry?

They don't need to be in the same resource group, but they do need to be in the same region.

What additional configuration do I need if I want to add tools to my agents?

The template provides support for the built-in tools: Code Interpreter, File Search, Azure AI Search, Azure Cosmos DB. All these tools use bring-your-own resource connections. To configure tools that require the creation of a new connection, you must create a private endpoint from peSubnet and create a private link from the Azure resource.

If you can't find answers to your questions in this article and you still need help, see Foundry Tools support and help options. Microsoft Foundry Agent Service is part of Foundry Tools.

Yes. Foundry Agent Service is a stateful API, which means that it retains data. Two types of data are stored in the Foundry Agent Service API:

• Stateful entities: Conversations and responses created during usage.
• Files and vector stores: Data uploaded during Foundry Agent Service setup or as part of a response generation.

• Basic setup: Data is stored in a secure, Microsoft-managed storage account that's logically separated.
• Standard setup: Data is stored in your own Azure resources, so you have full ownership and control.

All used data persists in this system unless you explicitly delete it. Use the delete function with the conversation ID of the conversation that you want to delete. Or use the delete function with the response ID of the generated response that you want to delete.

• Basic setup supports Microsoft-managed keys only.
• Standard setup supports customer-managed keys (CMKs).

No, Microsoft doesn't use your data for training models. For more information, see the Responsible AI documentation.

Microsoft Foundry Agent Service endpoints are regional, and data is stored in the same region as the endpoint. For more information, see the Azure data residency documentation.

• You're charged for inference cost (input and output) of the base model that you're using for each agent (for example, gpt-4-0125). If you created multiple agents, you're charged for the base model attached to each agent.

• If you enabled the Code Interpreter tool, you're charged for its use per session. For example, if your agent calls Code Interpreter simultaneously in two threads, this activity creates two Code Interpreter sessions. Each of those sessions is charged.

  By default, each session is active for one hour. If your user keeps giving instructions to Code Interpreter in the same thread for up to one hour, you pay this fee only once.

• File search is billed based on the vector storage that you use.

For more information, see the pricing page.

No. All quotas apply to using models with Foundry Agent Service.

Virtual networks help secure the inbound and outbound access of your Azure resources to prevent bad actors from accessing your resources. You achieve network isolation through virtual network integrations in Azure. This is a fundamental requirement for security in enterprises. To learn more about virtual network isolation, see Integrate Azure services with virtual networks for network isolation and What is Azure Virtual Network?.

The agent client and compute both run on Azure Container Apps. When you run the agent client and the associated compute on Container Apps inside an existing virtual network, you must supply a dedicated subnet delegated to Microsoft.App/environments.

Delegation pins the client and compute to the right subnet. It tells Azure exactly where to "inject" the agent client so that Container Apps can create network interfaces there. Container Apps then applies the IP addresses, routing, NSGs, and service-managed identity, which are configured automatically.

Without the delegation, Container Apps refuses to deploy. In that case, neither the agent client nor the compute layer can join your virtual network. This situation breaks isolation and compliance requirements.

In short, delegating the subnet is the prerequisite that lets Container Apps and your agent runtime reside in your private network with the correct security and routing policies in place and in your control.

Supported regions are: West US, East US, East US 2, Japan East, France Central, UAE North, South Central US, Italy North, Germany West Central, Brazil South, South Africa North, Australia East, Sweden Central, Canada East, West Europe, Spain Central, and UK South.

Only private Class A, B, and C ranges are supported. No public class ranges are supported.

The recommended subnet size is /24 (256 address) and is what we default to in our templates. The minimum subnet size is /27 (32 address). We recommend /24 because of the runtime impact in the event of a container update, as listed in the Container Apps documentation. For more information, see Virtual network configuration.

We set an IP range per Microsoft Foundry account. Each project gets an IP address from the range. An IP address is set per project, not per agent. This means there's no limit to the number of agents that you can create within your project. You aren't limited by the minimum address space of the subnet to create any number of agents.

As long as the agent subnet and private endpoints have address space, the address range for virtual networks can be anything.

Yes. The virtual network is in your subscription, and you should be able to peer with any virtual network. But data transfer is costly, so we don't recommend it. The requirement is that all resources must be in the same region as the Foundry resource.

Yes. Add to an allow list the fully qualified domain names (FQDNs) listed for a managed identity in the Use Azure Firewall with Azure Container Apps article, or add the service tag AzureActiveDirectory. Verify that no Transport Layer Security (TLS) inspection happens in the firewall that might add a self-signed certificate. During failures, inspect if there's any traffic landing on the firewall and what traffic the firewall is blocking.

Yes, multiple Foundry resources can reuse a virtual network. But the agent runtime subnet is per Foundry account.

They don't need to be in the same resource group, but they do need to be in the same region.

The template provides support for the built-in tools: Code Interpreter, File Search, Azure AI Search, Azure Cosmos DB. All these tools use bring-your-own resource connections. To configure tools that require the creation of a new connection, you must create a private endpoint from peSubnet and create a private link from the Azure resource.