![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(307.2, 17%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBN%3C/text%3E%3C/svg%3E)
Foundry Tools
Formerly known as Azure AI Services or Azure Cognitive Services is a unified collection of prebuilt AI capabilities within the Microsoft Foundry platform
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 15%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAV%3C/text%3E%3C/svg%3E)
Hi Bhatt, Nitin,
Thank you for posting your question on Microsoft Q&A.
The behavior you’re seeing (agent creation / thread creation failing unless public access is enabled) is expected based on how Azure AI Foundry Agent Service networking works, depending on the setup type you’re using.
By default, Azure AI Foundry projects are created using the Basic Agent Setup. In this setup:
- The platform uses Microsoft‑managed resources
- Agent creation and thread creation require public network accessibility
- If your Azure AI Search, storage, or other dependent resources have public access disabled, the portal will block agent/thread creation
That’s why you are seeing the error that public access is required even though everything is in the same resource group.
You have two supported options, depending on your security requirements.
1.Keep Basic setup (Quickest fix)
If you are currently testing or prototyping, you can:
- Enable Public network access on the dependent resources (for example:
- Azure AI Search
- Storage account used by the project)
- Retry agent creation and thread creation in the AI Foundry portal
This aligns with how the Basic Agent Setup is designed.
2.Use Standard Agent Setup with Private Networking (Recommended)
If your requirement is to keep all resources private, you should use the Standard Agent Setup, which fully supports:
- Private endpoints
- BYO Azure AI Search
- BYO Storage
- BYO Thread storage (Cosmos DB)
- VNet isolation for agent execution
With this setup:
- Agents run inside your VNet
- No public access is required
- Thread creation works securely with private resources
Note: Full private networking is currently supported via the Classic Foundry experience or SDK/CLI-based deployment, not completely through the New Portal UI.
Official documentation:
- Use a virtual network with Foundry Agent Service (Classic): https://learn.microsoft.com/en-us/azure/ai-foundry/agents/how-to/virtual-networks
- Configure private endpoints for Foundry projects: https://learn.microsoft.com/en-us/azure/ai-foundry/how-to/configure-private-link
Once networking is configured correctly, thread creation is supported via:
- Portal
- SDK
- REST API
Thread API documentation:
- Create Thread (REST API): https://learn.microsoft.com/en-us/rest/api/aifoundry/aiagents/threads/create-thread
- Threads, Runs, and Messages concept: https://learn.microsoft.com/en-us/azure/ai-foundry/agents/concepts/threads-runs-messages
In Short: The error is not a permission issue. It’s caused by using Basic Agent Setup with private-only resources.
Please let me know if there are any remaining questions or additional details, I can help with, I’ll be glad to provide further clarification or guidance.
Thankyou!