Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
When Microsoft Agent 365 (A365) is enabled for your organization, Foundry resources can send agent activity data to the Agent 365 control plane. This data powers agent registry, analytics, and security features in Agent 365. For an overview of how Foundry integrates with Agent 365 and how data flows between the two platforms, see Microsoft Agent 365 integration with Foundry.
This article explains how the enablement model works, how to opt out an individual Foundry resource, and how to use Azure Policy to enforce a consistent configuration across an Azure subscription.
Prerequisites
- An Azure subscription with at least one Foundry resource (
Microsoft.CognitiveServices/accounts). - Owner or Contributor role on the Foundry resource (to modify resource properties).
- For the Azure Policy section: permissions to create and assign policy definitions at the subscription or management-group scope.
Understand the enablement model
Agent 365 data collection on a Foundry resource is tracked by two properties in the resource provider configuration:
| Property | Type | Description |
|---|---|---|
a365LoggingEnabled |
Boolean | User-controlled property to set whether agent activity data is sent to Agent 365 for this Foundry resource. Accepted values: true, false. |
a365Status |
String | Read-only system property showing enablement status after licensing and consent checks. Possible values: Enabled, Disabled, NotLicensed. |
These properties are part of the Microsoft.CognitiveServices/accounts resource type and can be read or modified through the Azure Resource Manager API, Azure CLI, Azure PowerShell, or the Azure portal.
Important
Data collection requires both an active Agent 365 license and
tenant-level A365 consent and a365LoggingEnabled set to true.
No data is ingested unless the customer has completed the Agent 365
consent flow and holds a valid license. Setting a365LoggingEnabled
to true alone doesn't trigger data collection.
Default state
When Agent 365 is enabled for an Entra tenant, Foundry resources in the
same Azure tenant have a365LoggingEnabled set to true by default.
Organizations must explicitly opt out to disable data collection on each
resource. You can use Azure Policy to deny data collection for select Azure
subscriptions or Azure management groups.
Scope of the setting
The a365LoggingEnabled setting applies at the Foundry resource level.
Every Foundry project and every prompt agent contained within that resource
inherits the same data-collection setting. There's no per-project or
per-agent override.
Hosted Agents require manual configuration of Agent 365 by packing and configuring the Agent 365 SDK along with your agent code. Without manual configuration steps, data will not flow. Explicit Agent 365 SDK configurations in Hosted agents override logging disablement settings on the Foundry resource level.
Disable data collection on a Foundry resource
To stop sending agent activity data from a specific Foundry resource to
Agent 365, set a365LoggingEnabled to false.
az resource update \
--resource-group <resource-group> \
--name <foundry-resource-name> \
--resource-type Microsoft.CognitiveServices/accounts \
--api-version 2026-03-15-preview \
--set properties.a365LoggingEnabled=false
After you disable logging, the setting takes effect for all projects and agents within that Foundry resource. No agent activity data is sent to Agent 365 from that resource going forward.
Enable data collection on a Foundry resource
To opt a resource back in, set a365LoggingEnabled to true.
az resource update \
--resource-group <resource-group> \
--name <foundry-resource-name> \
--resource-type Microsoft.CognitiveServices/accounts \
--api-version 2026-03-15-preview \
--set properties.a365LoggingEnabled=true