A fully managed platform in Microsoft Foundry for hosting, scaling, and securing AI agents built with any supported framework or model
Hi, the right authentication pattern depends on where the agent runs and whose permissions should govern the data request. For an interactive user experience, delegated OAuth preserves the user's Fabric permissions. For unattended service-to-service use, use a supported service principal or managed identity only if the Fabric item and API explicitly support it, then grant the minimum workspace/item permissions and test token audience/tenant carefully. Do not pass a user's refresh token into a hosted agent. If the current Data Agent preview exposes only user OAuth, that is a product limitation rather than something a custom Entra role can bypass; use an approved middle-tier API or wait for workload-identity support, and confirm the design with Fabric support before production.