Azure AI Foundry Agent Management

Azure AI Foundry Agent Service enables you to create AI agents that automate tasks and workflows. This platform provides:

  • A framework for building agents that reason, act, and learn

  • Access to diverse models, knowledge sources, and tools

  • Real-world interaction capabilities through search, action connectors, and code execution

Applications range from simple task automation to complex, multi-agent workflows. The platform offers a unified experience for developers and IT administrators through:

  • A web portal

  • Software Development Kit (SDK)

  • Application Programming Interfaces (APIs)

  • Use these tools to build, deploy, and manage your AI agents efficiently.

Important
You must have a SailPoint Agent Identity Security license to enable the Agent governance features. Contact your SailPoint Customer Success Manager for more details on obtaining the necessary license.

Supported Features

Aggregation of Azure AI Foundry agent

Required Permissions

API / Role

Permission / Role Name

Type

Description / Purpose

Microsoft Graph API

Directory.Read.All

Application

Read directory data

Azure Service Management API

user_impersonation

Delegated

Access Azure Resource Manager as organization users

Azure RBAC Role for Foundry-specific APIs

Cognitive Services Data Contributor (Preview)

Role-based

Required to call Foundry-specific API endpoints (For example, project assistants)

Assigning Cognitive Services Data Contributor (Preview) Role in Azure

Follow these steps to assign the Cognitive Services Data Contributor (Preview) Role in Azure:

  1. Go to Azure Portal.

  2. Select your active Azure Subscription under Use option.

  3. Go to Access Control (IAM) for the subscription.

  4. Select + Add > Add role assignment.

  5. Under Role, select Cognitive Services Data Contributor (Preview).

  6. In the Members section, search for and select your Registered Application.

  7. Select Review + assign to apply the role.

    This grants the necessary permissions to your Registered Application for Cognitive Services data access.

Enabling Agent Governance

To enable the Agent Governance, follow these steps:

  1. Go to Microsoft Entra SaaS source configuration page within ISC.

  2. Select Agent Governance Settings tab.

  3. Select Enable Azure AI Foundry Agents. This enables Agent Governance support for your environment.

Supported Schema Attributes

Following lists the supported schema attributes for the Azure AI Foundry Agent.

Parent Attribute Name

Child Attribute Name

Attribute Details

identity

-

Unique identifier for the agent.

name

-

Name assigned to the agent.

datasetId

-

Internal ISC data set for the agent.

description

-

Descriptive text explaining the agent’s purpose.

attributes

 

 

 

 

 

 

 

 

 

model

The identifier of the model (For example, GPT variant) the agent uses.

resources

Resources/ Tools assigned or accessible to the agent.

connectedAgents

Agent can have their connected agents as well.

top_p

top_p controls how much randomness and creativity the agent uses when generating responses.

temperature

The temperature controls the randomness of the agent’s responses — lower values produce more focused and consistent answers, while higher values lead to more diverse and creative outputs.

tool_resources

External resources needed by specific tools (e.g., list of file IDs for Code Interpreter).

metadata

Custom metadata attached to the agent (up to 16 pairs).

response_format

Preferred format of the agent’s tool call responses.

created_at

A list or collection of specific resources associated with the tools assigned to the agent.

Timestamp representing when the agent was created.

Note
The attribute list cannot be extended.