Share via

Azure SRE agent A2A connection.

Andrei Matrosau 45 Reputation points
2026-02-16T15:51:55.7366667+00:00

Hello,

Is it possible to connect the SRE agent as a sub-agent via the A2A protocol?

I'm trying to integrate it, but I couldn't find documentation about the agent card and JSON-RPC protocol support.

Azure AI services
Azure AI services

A group of Azure services, SDKs, and APIs designed to make apps more intelligent, engaging, and discoverable.

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anshika Varshney 7,970 Reputation points Microsoft External Staff Moderator
    2026-02-24T11:34:27.88+00:00

    Hi Andrei Matrosau,

    I ran into something very similar when trying to access the SRE agent via A2A.

    The key part of the error is “challenge was not handled”. That usually means the endpoint itself is reachable, but the request is being rejected during authentication. Hitting /.well-known/agent.json directly in a browser (or without auth headers) will consistently return that error because the SRE agent endpoint expects an authenticated call.

    A couple of things that helped clarify this:

    • The SRE agent does expose an agent card, but it isn’t publicly accessible.
    • Requests to /.well-known/agent.json must include a valid Authorization header (for example, a Bearer token from Entra ID), otherwise the auth middleware rejects the request.
    • If the agent is fronted by API Management, a subscription key may also be required in addition to the auth token.

    Once I sent the request with the proper token, the unauthorized error went away, and the agent card / JSON‑RPC metadata became accessible.

    So, the behavior seems expected rather than an A2A limitation the agent is there, but protected by auth, which makes it look “undocumented” unless the request is made correctly.

    0 comments
  2. Jose Benjamin Solis Nolasco 7,376 Reputation points
    2026-02-16T17:59:15.2166667+00:00

    Welcome to Microsoft Q&A

    Hello Andrei Matrosau,

    The error """challenge was not handled """is the key to solving this. It confirms that your endpoint is reachable (not a 404), but the Authentication Middleware (likely Azure App Service "Easy Auth" or Azure API Management) is rejecting the request because the client did not respond to the 401 Unauthorized challenge.

    You cannot just browse to that URL. You need to send an Authentication Token with your request.

    Get a Token: If you are testing locally, you likely need your Azure Active Directory (Entra ID) token.

    Add the Header: When you request /.well-known/agent.json, add this header: Authorization: Bearer <YOUR_TOKEN_HERE>

    1. Check API Keys: If you are using Azure API Management, you might need to send a Ocp-Apim-Subscription-Key header instead

    User's image

    https://learn.microsoft.com/en-us/microsoft-copilot-studio/add-agent-agent-to-agent

    Once you add the right key/token, the JSON error will disappear, and you will receive the full Agent Card with all the JSON-RPC documentation you are looking for.

    😊 If my answer helped you resolve your issue, please consider marking it as the correct answer. This helps others in the community find solutions more easily. Thanks!

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.