Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Important
Items marked (preview) in this article are currently in public preview. This preview is provided without a service-level agreement, and we don't recommend it for production workloads. Certain features might not be supported or might have constrained capabilities. For more information, see Supplemental Terms of Use for Microsoft Azure Previews.
In this article, you learn how to add a new connection in Azure AI Foundry portal.
Connections are a way to authenticate and consume both Microsoft and other resources within your Azure AI Foundry projects. They're required for scenarios such as building Standard Agents or building with Agent knowledge tools.
Connection types
Here's a table of some of the available connection types in Azure AI Foundry portal. The Preview column indicates connection types that are currently in preview.
| Service connection type | Preview | Description |
|---|---|---|
| Azure AI Search | Azure AI Search is an Azure resource that supports information retrieval over your vector and textual data stored in search indexes. | |
| Azure Storage | Azure Storage is a cloud storage solution for storing unstructured data like documents, images, videos, and application installers. | |
| Azure Data Lake Storage Gen 2 | Azure Data Lake Storage Gen2 is a set of capabilities dedicated to big data analytics, built on Azure storage. | |
| Azure Content Safety | Azure AI Content Safety is a service that detects potentially unsafe content in text, images, and videos. | |
| Azure OpenAI | Azure OpenAI is a service that provides access to OpenAI's models including the GPT-4o, GPT-4o mini, GPT-4, GPT-4 Turbo with Vision, GPT-3.5-Turbo, DALLE-3 and Embeddings model series with the security and enterprise capabilities of Azure. | |
| Serverless Model | ✓ | Serverless Model connections allow you to standard deployment. |
| Microsoft OneLake | Microsoft OneLake provides open access to all of your Fabric items through Azure Data Lake Storage (ADLS) Gen2 APIs and SDKs. In Azure AI Foundry portal, you can set up a connection to your OneLake data using a OneLake URI. You can find the information that Azure AI Foundry requires to construct a OneLake Artifact URL (workspace and item GUIDs) in the URL on the Fabric portal. For information about the URI syntax, see Connecting to Microsoft OneLake. |
|
| API key | API Key connections handle authentication to your specified target on an individual basis. | |
| Custom | Custom connections allow you to securely store and access keys while storing related properties, such as targets and versions. Custom connections are useful when you have many targets that, or cases where, you wouldn't need a credential to access. LangChain scenarios are an example where you would use custom service connections. Custom connections don't manage authentication, so you have to manage authentication on your own. |
| Service connection type | Preview | Required for Standard Agent deployment | Description |
|---|---|---|---|
| Azure AI Search | ✓ | Azure AI Search is an Azure resource that supports information retrieval over your vector and textual data stored in search indexes. | |
| Azure Storage | ✓ | Azure Storage is a cloud storage solution for storing unstructured data like documents, images, videos, and application installers. | |
| Azure Cosmos DB | ✓ | ✓ | Azure Cosmos DB is a globally distributed, multi-model database service that offers low latency, high availability, and scalability across multiple geographical regions. |
| Azure OpenAI | Azure OpenAI is a service that provides access to OpenAI's models including the GPT-4o, GPT-4o mini, GPT-4, GPT-4 Turbo with Vision, GPT-3.5-Turbo, DALLE-3, and Embeddings model series with the security and enterprise capabilities of Azure. | ||
| Application Insights | Azure Application Insights is a service within Azure Monitor that enables developers and DevOps teams to automatically detect performance anomalies, diagnose issues, and gain deep insights into application usage and behavior through powerful telemetry and analytics tools. | ||
| API key | API Key connections handle authentication to your specified target on an individual basis. | ||
| Custom | Custom connections allow you to securely store and access keys while storing related properties, such as targets and versions. Custom connections are useful when you have many targets or cases where you wouldn't need a credential to access. LangChain scenarios are a good example where you would use custom service connections. Custom connections don't manage authentication, so you have to manage authentication on your own. | ||
| Serverless Model | ✓ | Serverless Model connections allow you to serverless API deployment. | |
| Azure Databricks | ✓ | Azure Databricks connector allows you to connect your Azure AI Foundry Agents to Azure Databricks to access workflows and Genie Spaces during runtime. It supports three connection types - Jobs, Genie, and Other. You can pick the Job or Genie space you want associated with this connection while setting up the connection in the Foundry UI. You can also use the Other connection type and allow your agent to access workspace operations in Azure Databricks. Authentication is handled through Microsoft Entra ID for users or service principals. For examples of using this connector, see Jobs and Genie. |
Agent knowledge tool connections
To help AI Agents make well-informed decisions with confidence, knowledge serves as the foundation for generating accurate and grounded responses. Connections are supported to the following knowledge tools to build your Agents. Connections to the following knowledge tools can be created through Azure AI Foundry:
- Microsoft Fabric
- Grounding with Bing Search
- Grounding with Bing Custom Search
- Azure AI Search.
To learn more about Agent Knowledge tools, see Knowledge tool overview.
Create a new connection
Tip
Because you can customize the left pane in the Azure AI Foundry portal, you might see different items than shown in these steps. If you don't see what you're looking for, select ... More at the bottom of the left pane.
Follow these steps to create a new connection that's only available for the current project.
Go to your project in Azure AI Foundry portal. If you don't have a project, create a new project.
Select Management center from the bottom left navigation.
Select Connected resources from the Project section.
Select + New connection from the Connected resources section.
Select the service you want to connect to from the list of available external resources. For example, select Azure AI Search.
Browse for and select your Azure AI Search service from the list of available services and then select the type of Authentication to use for the resource. Select Add connection.
Tip
Different connection types support different authentication methods. Using Microsoft Entra ID might require specific Azure role-based access permissions for your developers. For more information, visit Role-based access control.
After the service is connected, select Close.
Network isolation
If your hub is configured for network isolation, you might need to create an outbound private endpoint rule to connect to Azure Blob Storage, Azure Data Lake Storage Gen2, or Microsoft OneLake. A private endpoint rule is needed if one or both of the following are true:
- The managed network for the hub is configured to allow only approved outbound traffic. In this configuration, you must explicitly create outbound rules to allow traffic to other Azure resources.
- The data source is configured to disallow public access. In this configuration, the data source can only be reached through secure methods, such as a private endpoint.
To create an outbound private endpoint rule to the data source, use the following steps:
Sign in to the Azure portal, and select the Azure AI Foundry hub.
Select Networking, then Workspace managed outbound access.
To add an outbound rule, select Add user-defined outbound rules. From the Workspace outbound rules sidebar, provide the following information:
- Rule name: A name for the rule. The name must be unique for the Azure AI Foundry hub.
- Destination type: Private Endpoint.
- Subscription: The subscription that contains the Azure resource you want to connect to.
- Resource type:
Microsoft.Storage/storageAccounts. This resource provider is used for Azure Storage, Azure Data Lake Storage Gen2, and Microsoft OneLake. - Resource name: The name of the Azure resource (storage account).
- Sub Resource: The sub-resource of the Azure resource. Select
blobif using Azure Blob storage. Selectdfsfor Azure Data Lake Storage Gen2 and Microsoft OneLake.
Select Save to create the rule.
Select Save at the top of the page to save the changes to the managed network configuration.
For end-to-end network isolation with AI Foundry, you need private endpoints to connect to your connected resource. For example, if your Azure Storage account is set to public network access as Disabled, then a private endpoint should be deployed in your virtual network to access in Azure AI Foundry.
For more on how to set private endpoints to your connected resources, see the following documentation:
| Private resource | Documentation |
|---|---|
| Azure Storage | Use private endpoints |
| Azure Cosmos DB | Configure Azure Private Link for Azure Cosmos DB |
| Azure AI Search | Create a private endpoint for a secure connection |
| Azure OpenAI | Securing Azure OpenAI inside a virtual network with private endpoints |
| Application Insights | Use Azure Private Link to connect networks to Azure Monitor |