Share via

Facing issue while disabling local auth on a foundry instance

Bairi Rohith Reddy 0 Reputation points Microsoft External Staff
2026-01-14T22:56:34.12+00:00

We’re facing a compliance issue with one of the foundry instances because localauth was enabled. When I tried to disable local auth, I encountered this error:

 

{   "code": "InvalidTemplateDeployment",   "details": [    {      "code": "Invalid resource.",      "message": "Invalid rai policy Microsoft.Default. This is system policy which can't be updated. Remove this resource before creating or updating."    }   ],   "message": "The template deployment 'NoMarketplace-20260113173652' is not valid according to the validation procedure. The tracking id is '0a992465-5d9c-434d-8280-207e32a4d8ed'. See inner errors for details." }

 

I’m trying to figure out why this is happening in ame, since I was able to disable local auth on other foundry instances in dev without any issues. Only this instance is returning this error.

Foundry Tools
Foundry Tools

Formerly known as Azure AI Services or Azure Cognitive Services is a unified collection of prebuilt AI capabilities within the Microsoft Foundry platform

0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anshika Varshney 13,320 Reputation points Microsoft External Staff Moderator
    2026-01-29T16:11:57.8133333+00:00

    Hi Bairi Rohith Reddy,
    Thanks for sharing the details and the exact error message.

    What you’re running into is a platform-level limitation, not a misconfiguration on your side. The key part of the error is:

    “Invalid rai policy Microsoft. Default. This is system policy which can't be updated.”

    In some Azure AI Foundry instances, the Microsoft.Default Responsible AI (RAI) policy is system-managed. When local authentication is disabled, the platform attempts a template update that includes this default RAI policy. For those specific instances, that policy is locked and cannot be modified or redeployed, which causes the InvalidTemplateDeployment failure you’re seeing.

    This also explains the difference in behavior between environments:

    • Your dev Foundry instances likely don’t have the same system-managed RAI policy state, so disabling local auth succeeds.
    • The AME instance appears to have a system-bound Microsoft.Default RAI policy, which blocks the update path used when toggling local authentication.

    A few important clarifications:

    • This is not related to RBAC permissions or missing roles.
    • This is not caused by Azure Policy assignments you can remove.
    • There is currently no supported way to manually override or delete the Microsoft.Default RAI policy on an affected Foundry instance.

    If disabling local authentication is a compliance requirement for that environment, the supported options today is:

    • Recreate the Foundry instance with local authentication disabled from the start,

    You can also track updates in the Azure AI Foundry documentation, as behavior around local auth and RAI policies continues to evolve and may change over time.

    Hope this helps clarify why you’re seeing this only on one instance and not others.

    Do let me know if you have any further queries.

    If this answers your query, please do click Accept Answer and Yes for was this answer helpful.

    Thankyou!

    Was this answer helpful?

  2. AI answer

    2026-01-14T22:56:39.83+00:00

    The error message you are encountering indicates that there is a system policy (Microsoft.Default) that cannot be updated or removed. This is likely the reason why you are unable to disable local authentication on this specific Foundry instance. It appears that while you were able to disable local authentication on other instances, this particular instance may have restrictions or policies that prevent changes to its configuration.

    To resolve this issue, you may want to check the following:

    1. Policy Assignments: Review any Azure Policy assignments that might be applied to this instance or its resource group that could be enforcing the current settings.
    2. Resource Dependencies: Ensure that there are no dependencies or configurations that conflict with the changes you are trying to make.
    3. Permissions: Verify that you have the necessary permissions to make changes to the resource and that there are no role-based access control (RBAC) restrictions in place.

    If the issue persists, consider reaching out to Azure support for further assistance, as they can provide more detailed insights into the specific policies affecting your Foundry instance.

    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.