Azure AI Foundry architecture

AI Foundry provides a unified experience for AI developers and data scientists to build, evaluate, and deploy AI models through a web portal, SDK, or CLI. AI Foundry is built on capabilities and services provided by other Azure services.

Important

Azure AI Studio is now Azure AI Foundry portal. We're updating the documentation to reflect this change. In the meantime, you might see references to Azure AI Studio.

Diagram of the high-level architecture of Azure AI Foundry.

At the top level, AI Foundry provides access to the following resources:

  • Azure OpenAI: Provides access to the latest Open AI models. You can create secure deployments, try playgrounds, fine tune models, content filters, and batch jobs. The Azure OpenAI resource provider is Microsoft.CognitiveServices/account and the kind of resource is OpenAI. You can also connect to Azure OpenAI by using a kind of AIServices, which also includes other Azure AI services.

    When using Azure AI Foundry portal, you can directly work with Azure OpenAI without an Azure Studio project or you can use Azure OpenAI through a project.

    For more information, visit Azure OpenAI in Azure AI Foundry portal.

  • Management center: The management center streamlines governance and management of AI Foundry resources such as hubs, projects, connected resources, and deployments.

    For more information, visit Management center.

  • AI Foundry hub: The hub is the top-level resource in AI Foundry portal, and is based on the Azure Machine Learning service. The Azure resource provider for a hub is Microsoft.MachineLearningServices/workspaces, and the kind of resource is Hub. It provides the following features:

    • Security configuration including a managed network that spans projects and model endpoints.
    • Compute resources for interactive development, fine-tuning, open source, and serverless model deployments.
    • Connections to other Azure services such as Azure OpenAI, Azure AI services, and Azure AI Search. Hub-scoped connections are shared with projects created from the hub.
    • Project management. A hub can have multiple child projects.
    • An associated Azure storage account for data upload and artifact storage.

    For more information, visit Hubs and projects overview.

  • AI Foundry project: A project is a child resource of the hub. The Azure resource provider for a project is Microsoft.MachineLearningServices/workspaces, and the kind of resource is Project. The project provides the following features:

    • Access to development tools for building and customizing AI applications.
    • Reusable components including datasets, models, and indexes.
    • An isolated container to upload data to (within the storage inherited from the hub).
    • Project-scoped connections. For example, project members might need private access to data stored in an Azure Storage account without giving that same access to other projects.
    • Open source model deployments from catalog and fine-tuned model endpoints.

    Diagram of the relationship between AI Foundry resources.

    For more information, visit Hubs and projects overview.

  • Connections: Azure AI Foundry hubs and projects use connections to access resources provided by other services. For example, data in an Azure Storage Account, Azure OpenAI or other Azure AI services.

    For more information, visit Connections.

Azure resource types and providers

Azure AI Foundry is built on the Azure Machine Learning resource provider, and takes a dependency on several other Azure services. The resource providers for these services must be registered in your Azure subscription. The following table lists the resource types, provider, and kind:

Resource type Resource provider Kind
Azure AI Foundry hub Microsoft.MachineLearningServices/workspace hub
Azure AI Foundry project Microsoft.MachineLearningServices/workspace project
Azure AI services or
Azure AI OpenAI Service
Microsoft.CognitiveServices/account AIServices
OpenAI

When you create a new hub, a set of dependent Azure resources are required to store data, get access to models, and provide compute resources for AI customization. The following table lists the dependent Azure resources and their resource providers:

Tip

If you don't provide a dependent resource when creating a hub, and it's a required dependency, AI Foundry creates the resource for you.

Dependent Azure resource Resource provider Optional Note
Azure AI Search Microsoft.Search/searchServices Provides search capabilities for your projects.
Azure Storage account Microsoft.Storage/storageAccounts Stores artifacts for your projects like flows and evaluations. For data isolation, storage containers are prefixed using the project GUID, and conditionally secured using Azure ABAC for the project identity.
Azure Key Vault Microsoft.KeyVault/vaults Stores secrets like connection strings for your resource connections. For data isolation, secrets can't be retrieved across projects via APIs.
Azure Container Registry Microsoft.ContainerRegistry/registries Stores docker images created when using custom runtime for prompt flow. For data isolation, docker images are prefixed using the project GUID.
Azure Application Insights &
Log Analytics Workspace
Microsoft.Insights/components
Microsoft.OperationalInsights/workspaces
Used as log storage when you opt in for application-level logging for your deployed prompt flows.

For information on registering resource providers, see Register an Azure resource provider.

Microsoft-hosted resources

While most of the resources used by Azure AI Foundry live in your Azure subscription, some resources are in an Azure subscription managed by Microsoft. The cost for these managed resources shows on your Azure bill as a line item under the Azure Machine Learning resource provider. The following resources are in the Microsoft-managed Azure subscription, and don't appear in your Azure subscription:

  • Managed compute resources: Provided by Azure Batch resources in the Microsoft subscription.

  • Managed virtual network: Provided by Azure Virtual Network resources in the Microsoft subscription. If FQDN rules are enabled, an Azure Firewall (standard) is added and charged to your subscription. For more information, see Configure a managed virtual network for Azure AI Foundry.

  • Metadata storage: Provided by Azure Storage resources in the Microsoft subscription.

    Note

    If you use customer-managed keys, the metadata storage resources are created in your subscription. For more information, see Customer-managed keys.

Managed compute resources and managed virtual networks exist in the Microsoft subscription, but you manage them. For example, you control which VM sizes are used for compute resources, and which outbound rules are configured for the managed virtual network.

Managed compute resources also require vulnerability management. Vulnerability management is a shared responsibility between you and Microsoft. For more information, see vulnerability management.

Centrally set up and govern using hubs

Hubs provide a central way for a team to govern security, connectivity, and computing resources across playgrounds and projects. Projects that are created using a hub inherit the same security settings and shared resource access. Teams can create as many projects as needed to organize work, isolate data, and/or restrict access.

Often, projects in a business domain require access to the same company resources such as vector indices, model endpoints, or repos. As a team lead, you can preconfigure connectivity with these resources within a hub, so developers can access them from any new project workspace without delay on IT.

Connections let you access objects in AI Foundry that are managed outside of your hub. For example, uploaded data on an Azure storage account, or model deployments on an existing Azure OpenAI resource. A connection can be shared with every project or made accessible to one specific project. Connections can be configured to use key-based access or Microsoft Entra ID passthrough to authorize access to users on the connected resource. As an administrator, you can track, audit, and manage connections across the organization from a single view in AI Foundry.

Screenshot of AI Foundry showing an audit view of all connected resources across a hub and its projects.

Organize for your team's needs

The number of hubs and projects you need depends on your way of working. You might create a single hub for a large team with similar data access needs. This configuration maximizes cost efficiency, resource sharing, and minimizes setup overhead. For example, a hub for all projects related to customer support.

If you require isolation between dev, test, and production as part of your LLMOps or MLOps strategy, consider creating a hub for each environment. Depending on the readiness of your solution for production, you might decide to replicate your project workspaces in each environment or just in one.

Role-based access control and control plane proxy

Azure AI services including Azure OpenAI provide control plane endpoints for operations such as listing model deployments. These endpoints are secured using a separate Azure role-based access control (RBAC) configuration than the one used for a hub.

To reduce the complexity of Azure RBAC management, AI Foundry provides a control plane proxy that allows you to perform operations on connected Azure AI services and Azure OpenAI resources. Performing operations on these resources through the control plane proxy only requires Azure RBAC permissions on the hub. The Azure AI Foundry service then performs the call to the Azure AI services or Azure OpenAI control plane endpoint on your behalf.

For more information, see Role-based access control in Azure AI Foundry portal.

Attribute-based access control

Each hub you create has a default storage account. Each child project of the hub inherits the storage account of the hub. The storage account is used to store data and artifacts.

To secure the shared storage account, Azure AI Foundry uses both Azure RBAC and Azure attribute-based access control (Azure ABAC). Azure ABAC is a security model that defines access control based on attributes associated with the user, resource, and environment. Each project has:

  • A service principal that is assigned the Storage Blob Data Contributor role on the storage account.
  • A unique ID (workspace ID).
  • A set of containers in the storage account. Each container has a prefix that corresponds to the workspace ID value for the project.

The role assignment for each project's service principal has a condition that only allows the service principal access to containers with the matching prefix value. This condition ensures that each project can only access its own containers.

Note

For data encryption in the storage account, the scope is the entire storage and not per-container. So all containers are encrypted using the same key (provided either by Microsoft or by the customer).

For more information on Azure access-based control, see What is Azure attribute-based access control.

Containers in the storage account

The default storage account for a hub has the following containers. These containers are created for each project, and the {workspace-id} prefix matches the unique ID for the project. Projects access a container by using a connection.

Tip

To find the ID for your project, go to the project in the Azure portal. Expand Settings and then select Properties. The Workspace ID is displayed.

Container name Connection name Description
{workspace-ID}-azureml workspaceartifactstore Storage for assets such as metrics, models, and components.
{workspace-ID}-blobstore workspaceblobstore Storage for data upload, job code snapshots, and pipeline data cache.
{workspace-ID}-code NA Storage for notebooks, compute instances, and prompt flow.
{workspace-ID}-file NA Alternative container for data upload.

Encryption

Azure AI Foundry uses encryption to protect data at rest and in transit. By default, Microsoft-managed keys are used for encryption. However you can use your own encryption keys. For more information, see Customer-managed keys.

Virtual network

A hub can be configured to use a managed virtual network. The managed virtual network secures communications between the hub, projects, and managed resources such as computes. If your dependency services (Azure Storage, Key Vault, and Container Registry) have public access disabled, a private endpoint for each dependency service is created to secure communication between the hub and project and the dependency service.

Note

If you want to use a virtual network to secure communications between your clients and the hub or project, you must use an Azure Virtual Network that you create and manage. For example, an Azure Virtual Network that uses a VPN or ExpressRoute connection to your on-premises network.

For more information on how to configure a managed virtual network, see Configure a managed virtual network for Azure AI Foundry.

Azure Monitor

Azure monitor and Azure Log Analytics provide monitoring and logging for the underlying resources used by Azure AI Foundry. Since Azure AI Foundry is built on Azure Machine Learning, Azure OpenAI, Azure AI services, and Azure AI Search, use the following articles to learn how to monitor the services:

Resource Monitoring and logging
Azure AI Foundry hub and project Monitor Azure Machine Learning
Azure OpenAI Monitor Azure OpenAI
Azure AI services Monitor Azure AI (training)
Azure AI Search Monitor Azure AI Search

Price and quota

For more information on price and quota, use the following articles:

Next steps

Create a hub using one of the following methods: