This is a foundational deployment solution for deploying an AI hub and project into an isolated environment (vNet) within Azure. The deployed features follow Microsoft's Well-Architected Framework WAF to establish an isolated infrastructure for AI Foundry, intended to assist in moving from a Proof of Concept state to a production-ready application.
This template leverages Azure Verified Modules (AVM) and the Azure Developer CLI (AZD) to provision a WAF-aligned infrastructure for AI application development. This infrastructure includes AI Foundry elements, a virtual network (VNET), private endpoints, Key Vault, a storage account, and additional, optional WAF-aligned resources (such as Cosmos DB and SQL Server) that can be leveraged with Foundry developed projects.
The following deployment automates our recommended configuration to protect your data and resources; using Microsoft Entra ID role-based access control, a managed network, and private endpoints. We recommend disabling public network access for Azure OpenAI resources, Azure AI Search resources, and storage accounts (which will occur when deploying those optional services within this workflow). Using selected networks with IP rules isn't supported because the services' IP addresses are dynamic.
AI Foundry has two network isolation aspects, this repository will automate:
- Configuring the network isolation of the Azure AI Foundry hub and project managed compute (compute instance, serverless compute, managed online endpoint) Configure Managed Network
- Configuring the virtual network, private end points and private link services to isolate resources to connect to the hub and project in a secure way. Secure Data Playground
The diagram below illustrates the capabilities included in the template.
| Diagram Step | Description |
|---|---|
| 1 | Tenant users utilize Microsoft Entra ID and multi-factor authentication to log in to the jumpbox virtual machine |
| 2 | Users and workloads within the client's virtual network can utilize private endpoints to access managed resources and the hub workspace |
| 3 | The workspace-managed virtual network is automatically generated for you when you configure managed network isolation to one of the following modes: Allow Internet Outbound Allow Only Approved Outbound |
| 4 | The online endpoint is secured with Microsoft Entra ID authentication. Client applications must obtain a security token from the Microsoft Entra ID tenant before invoking the prompt flow hosted by the managed deployment and available through the online endpoint |
| 5 | API Management creates consistent, modern API gateways for existing backend services. In this architecture, API Management is used in a fully private mode to offload cross-cutting concerns from the API code and hosts. |
-
Deploys AI hub and AI project into a virtual network with all dependent services connected via private end points.
-
Configures AI Foundry, adhering to the best practices outlined in the Well Architected Framework.
-
Provides the ability to add additional Azure services during deployment, configured to connect via isolation to enrich your AI project. (API Management, CosmosDB, Azure SQL DB)
-
Provides the ability to define the models deployed into the hub when the deployment runs.
- Have access to an Azure subscription and Entra ID account with Contributor permissions.
- Confirm the subscription you are deploying into has the Required Roles and Scopes.
- The solution ensures secure access to the private VNET through a jump-box VM with Azure Bastion. By default, Bastion does not require an inbound NSG rule for network traffic. However, if your environment enforces specific policy rules, you can resolve access issues by entering your machine's IP address in the
allowedIpAddressparameter when prompted during deployment. If not specified, all IP addresses are allowed to connect to Azure Bastion. - If deploying from your local environment, install the Azure Developer CLI (AZD).
- If deploying via GitHub Codespaces - requires the user to be on a GitHub Team or Enterprise Cloud plan.
- If leveraging One-click deployment.
- If leveraging GitHub Actions.
For additional documentation of the default enabled services of this solution accelerator, please see:
- Azure Open AI Service
- Azure AI Search
- Azure AI hub
- Azure AI project
- Azure Container Registry
- Azure Virtual Machines
- Azure Storage
- Azure Virtual Network
- Azure Key vault
- Azure Bastion
- Azure Log Analytics
- Azure Application Insights
 |
 |
|---|---|
| Steps to deploy with GitHub Codespaces |
Follow the post deployment steps Post Deployment Steps to connect to the isolated environment.
- Leverage the Microsoft Learn documentation to provision an app service instance within your secure network Configure Web App
- Follow these instructions to Add your data and chat with it in the AI Foundry playground
By default, this template uses AI models which may not be available in all Azure regions. Check for up-to-date region availability and select a region during deployment accordingly.
You can estimate the cost of this project's architecture with Azure's pricing calculator
This template has Managed Identity built in to eliminate the need for developers to manage these credentials. Applications can use managed identities to obtain Microsoft Entra tokens without having to manage any credentials.
- Azure AI Foundry documentation
- Azure Well Architecture Framework documentation
- Azure OpenAI Service - Documentation, quickstarts, API reference - Azure AI services | Microsoft Learn
- Azure AI Content Understanding documentation
To the extent that the Software includes components or code used in or derived from Microsoft products or services, including without limitation Microsoft Azure Services (collectively, “Microsoft Products and Services”), you must also comply with the Product Terms applicable to such Microsoft Products and Services. You acknowledge and agree that the license governing the Software does not grant you a license or other right to use Microsoft Products and Services. Nothing in the license or this ReadMe file will serve to supersede, amend, terminate or modify any terms in the Product Terms for any Microsoft Products and Services.
You must also comply with all domestic and international export laws and regulations that apply to the Software, which include restrictions on destinations, end users, and end use. For further information on export restrictions, visit https://aka.ms/exporting.
You acknowledge that the Software and Microsoft Products and Services (1) are not designed, intended or made available as a medical device(s), and (2) are not designed or intended to be a substitute for professional medical advice, diagnosis, treatment, or judgment and should not be used to replace or as a substitute for professional medical advice, diagnosis, treatment, or judgment. Customer is solely responsible for displaying and/or obtaining appropriate consents, warnings, disclaimers, and acknowledgements to end users of Customer’s implementation of the Online Services.
You acknowledge the Software is not subject to SOC 1 and SOC 2 compliance audits. No Microsoft technology, nor any of its component technologies, including the Software, is intended or made available as a substitute for the professional advice, opinion, or judgement of a certified financial services professional. Do not use the Software to replace, substitute, or provide professional financial advice or judgment.
BY ACCESSING OR USING THE SOFTWARE, YOU ACKNOWLEDGE THAT THE SOFTWARE IS NOT DESIGNED OR INTENDED TO SUPPORT ANY USE IN WHICH A SERVICE INTERRUPTION, DEFECT, ERROR, OR OTHER FAILURE OF THE SOFTWARE COULD RESULT IN THE DEATH OR SERIOUS BODILY INJURY OF ANY PERSON OR IN PHYSICAL OR ENVIRONMENTAL DAMAGE (COLLECTIVELY, “HIGH-RISK USE”), AND THAT YOU WILL ENSURE THAT, IN THE EVENT OF ANY INTERRUPTION, DEFECT, ERROR, OR OTHER FAILURE OF THE SOFTWARE, THE SAFETY OF PEOPLE, PROPERTY, AND THE ENVIRONMENT ARE NOT REDUCED BELOW A LEVEL THAT IS REASONABLY, APPROPRIATE, AND LEGAL, WHETHER IN GENERAL OR IN A SPECIFIC INDUSTRY. BY ACCESSING THE SOFTWARE, YOU FURTHER ACKNOWLEDGE THAT YOUR HIGH-RISK USE OF THE SOFTWARE IS AT YOUR OWN RISK.
- Data Collection. The software may collect information about you and your use of the software and send it to Microsoft. Microsoft may use this information to provide services and improve our products and services. You may turn off the telemetry as described in the repository. There are also some features in the software that may enable you and Microsoft to collect data from users of your applications. If you use these features, you must comply with applicable law, including providing appropriate notices to users of your applications together with a copy of Microsoft’s privacy statement. Our privacy statement is located at https://go.microsoft.com/fwlink/?LinkID=824704. You can learn more about data collection and use in the help documentation and our privacy statement. Your use of the software operates as your consent to these practices.