Azure AI Foundry Agent Management
Azure AI Foundry Agent Service enables you to create AI agents that automate tasks and workflows. This platform provides:
-
A framework for building agents that reason, act, and learn
-
Access to diverse models, knowledge sources, and tools
-
Real-world interaction capabilities through search, action connectors, and code execution
Applications range from simple task automation to complex, multi-agent workflows. The platform offers a unified experience for developers and IT administrators through:
-
A web portal
-
Software Development Kit (SDK)
-
Application Programming Interfaces (APIs)
-
Use these tools to build, deploy, and manage your AI agents efficiently.
Important
You must have a SailPoint Agent Identity Security license to enable the Agent governance features. Contact your SailPoint Customer Success Manager for more details on obtaining the necessary license.
Supported Features
Aggregation of Azure AI Foundry agent
Required Permissions
|
API / Role |
Permission / Role Name |
Type |
Description / Purpose |
|---|---|---|---|
|
Microsoft Graph API |
Application.Read.All OR Directory.Read.All |
Application |
Read application data
Read directory data |
|
Azure Service Management API |
user_impersonation |
Delegated |
Access Azure Resource Manager as organization users |
|
Azure RBAC Role on your subscription |
Cognitive Services Data Contributor (Preview) |
Role-based |
Allows to call data plane APIs, but not any control plane APIs for Microsoft Cognitive Services. This role is in preview and subject to change. |
Assigning Reader and Cognitive Services Data Contributor (Preview) Role in Azure
Follow these steps to assign the Cognitive Services Data Contributor (Preview) Role in Azure
-
Go to Azure Portal.
-
Select your active Azure Subscription under Use option.
-
Go to Access Control (IAM) for the subscription.
-
Select + Add > Add role assignment.
-
Assign the Cognitive Services Data Contributor (Preview) role:
-
Under Role, select Cognitive Services Data Contributor (Preview).
-
In the Members section, find and select your Registered Application.
-
Click on Review + assign to apply the role.
-
This grants the necessary permissions to your Registered Application for Cognitive Services data access.
Enabling Agent Governance
To enable the Agent Governance, follow these steps:
Screenshot
-
Go to Microsoft Entra SaaS source configuration page within ISC.
-
Select Agent Governance Settings tab.
-
Select Enable Azure AI Foundry Agents. This enables Agent Governance support for your environment.
Supported Schema Attributes
Following lists the supported schema attributes for the Azure AI Foundry Agent.
|
Parent Attribute Name |
Child Attribute Name |
Attribute Details |
|---|---|---|
|
identity |
- |
Unique identifier for the agent. |
|
name |
- |
Name assigned to the agent. |
|
datasetId |
- |
Internal ISC data set for the agent. |
|
description |
- |
Descriptive text explaining the agent’s purpose. |
|
attributes
|
model |
The identifier of the model (For example, GPT variant) the agent uses. |
|
resources |
Resources/ Tools assigned or accessible to the agent. |
|
|
connectedAgents |
Agent can have their connected agents as well. |
|
|
top_p |
top_p controls how much randomness and creativity the agent uses when generating responses. |
|
|
temperature |
The temperature controls the randomness of the agent’s responses — lower values produce more focused and consistent answers, while higher values lead to more diverse and creative outputs. |
|
|
tool_resources |
External resources needed by specific tools (e.g., list of file IDs for Code Interpreter). |
|
|
metadata |
Custom metadata attached to the agent (up to 16 pairs). |
|
|
response_format |
Preferred format of the agent’s tool call responses. |
|
|
created_at |
A list or collection of specific resources associated with the tools assigned to the agent. Timestamp representing when the agent was created. |
Note
The attribute list cannot be extended.