Foundry Agent App ID keeps changing

Question

Foundry Agent App ID keeps changing

Luís Teixeira 25

Hello

We have a dotnet solution exposing an MCP.
The Foundry Agent we have has the MCP Tool with Agent Identity as it's authentication:
User's image

We are validating the authentication when the Agent calls our MCP with it's Audience + its App ID so we know its a valid and authenticated Agent created by us.

However we have noticed that sometimes the Agent is calling the MCP with its own agentIdentity, in the case:
network-new-project-resource-network-new-project-network-resolver-AgentIdentity

But sometimes with the actual project Identity of where the Agent is, in this case:
network-new-project-resource-network-new-project-AgentIdentity

Its this supposed to be happening, or are there changes going on?
Because we keep having to change our configuration to control which agents call our MCP.

SRILAKSHMI C 19,100 Reputation points Microsoft External Staff Moderator

2026-05-13T07:59:20.5933333+00:00

Hi @Luís Teixeira

Did you get any chance to review the above response. Do let me know if you have any further queries.

Thank you!
Sina Salam 30,006 Reputation points Volunteer Moderator

2026-05-13T13:52:53.6133333+00:00
Hello Luís Teixeira,

Welcome to the Microsoft Q&A and thank you for posting your questions here.

I understand that your Foundry Agent App ID keeps changing.

To resolve the core issue without treating the behavior as a platform bug and without weakening production authorization by permanently allowing the broader shared project identity.

Yes, the scenario you gave can happen and it is expected depending on whether the call is coming from an unpublished/development agent or a published agent. In Foundry, unpublished agents in a project share the project agent identity, while published agents get a distinct agent identity. Therefore, your MCP server is seeing two valid Foundry identities: the shared project identity and the agent-specific published identity. - https://learn.microsoft.com/en-us/azure/foundry/agents/how-to/mcp-authentication, and https://learn.microsoft.com/en-us/azure/foundry/agents/concepts/agent-identity give more insight.

To stop changing your configuration, do not authorize by whichever App ID appears during testing. Instead, decide the intended trust boundary:

If this MCP server is for production, publish the agent and allow only the published agent’s distinct identity.

If you are testing an unpublished agent, allow the shared project agent identity only in a dev/test MCP configuration.

Reassign RBAC permissions to the published agent identity after publishing, because permissions assigned to the shared project identity do not carry over.

Validate the token audience against the MCP server/resource Application ID URI and validate the caller identity against the specific Foundry identity you intend to trust. - https://learn.microsoft.com/en-us/azure/foundry/agents/concepts/agent-identity, https://learn.microsoft.com/en-us/azure/foundry/agents/how-to/mcp-authentication

I hope this is helpful! Do not hesitate to let me know if you have any other questions or clarifications.

Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful.
SRILAKSHMI C 19,100 Reputation points Microsoft External Staff Moderator

2026-05-18T15:28:55.0433333+00:00

Hi @Luís Teixeira

We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.

Thank you!

1 answer

Your answer

SRILAKSHMI C 19,100 Reputation points Microsoft External Staff Moderator

2026-05-13T07:59:20.5933333+00:00

Hi @Luís Teixeira

Did you get any chance to review the above response. Do let me know if you have any further queries.

Thank you!
SRILAKSHMI C 19,100 Reputation points Microsoft External Staff Moderator

2026-05-18T15:28:55.0433333+00:00

Hi @Luís Teixeira

We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.

Thank you!

Answer 1

Hello @Luís Teixeira

Thank you for reaching out Microsoft Q&A,

What you are observing is actually expected behavior in Azure AI Foundry when MCP tools are configured with “Agent Identity” authentication.

Azure AI Foundry currently uses two types of identities internally depending on the execution/runtime path:

• Shared project identity (project-wide managed identity) Example: network-new-project-resource-network-new-project-AgentIdentity

• Dedicated per-agent identity Example: network-new-project-resource-network-new-project-network-resolver-AgentIdentity

From your description, the MCP requests are sometimes arriving with: • the dedicated agent identity, and • other times with the broader project-level managed identity.

This behavior is related to how the Foundry runtime resolves authentication context depending on: • the execution path used by the agent runtime, • MCP tool orchestration flow, • project-scoped vs agent-scoped identity behavior, • whether the agent is using the newer object model, • and ongoing backend/runtime updates within the Foundry platform.

In practice: • Legacy/in-development agents may use the shared project identity • Published or newer-model agents may use their own dedicated per-agent identity

Because of this, relying exclusively on a single App ID for validation can lead to inconsistent authorization behavior, which matches what you are currently experiencing.

Recommended approach:

Instead of validating against only one expected App ID, we recommend validating using a trusted allowlist containing: the Agent Identity App ID(s), and the Foundry Project Managed Identity App ID for the corresponding project boundary.

In practice, commonly validate: • audience (aud) • tenant (tid) • issuer (iss) • and a set of approved managed identity object IDs/app IDs rather than assuming a single stable identity path for all MCP invocations.

To avoid continuously changing your configuration, you have two main options:

Support both identities Update your MCP authorization logic to accept: • the shared project identity, and • the dedicated per-agent identities you trust
Migrate fully to the newer per-agent identity model If all agents are recreated/published using the newer model, each agent should consistently use its own dedicated identity. This provides: • cleaner isolation, • simpler authorization boundaries, • and more predictable identity behavior.

Also If strict isolation between agents is required, consider:

• implementing additional application-level authorization metadata,

• validating agent-specific claims where available, or introducing per-agent secrets/tokens on top of managed identity validation.

At this time, there have been ongoing platform/runtime improvements in Foundry Agent orchestration, and this likely explains why you are seeing intermittent differences in identity behavior.

We would recommend: temporarily supporting both identities in your MCP authorization logic, and gradually migrating toward the dedicated per-agent identity model if stricter isolation is needed.

Please refer this

Agent identity concepts in Microsoft Foundry https://learn.microsoft.com/azure/foundry/agents/concepts/agent-identity

Agent types during the transition (within the migration article) https://learn.microsoft.com/azure/foundry/agents/how-to/migrate-agent-applications#agent-types-during-the-transition

I hope this helps, do let me know if you have further queries.

Thank you!

SRILAKSHMI C 19,100 Reputation points Microsoft External Staff Moderator

2026-05-19T11:17:54.17+00:00

Hi @Luís Teixeira,

Following up to see if the above answer was helpful. If this answers your query, please do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

Thank you!

Share via

Foundry Agent App ID keeps changing

1 answer

Your answer