Developers can build an AI agent in minutes. The difficult part is understanding what actions agents are taking, how they are performing, and whether they in compliance with organization policies. Signals scatter across tools and clouds, issues lack context, and root causes take too long to find, which makes it challenging to set the controls that guide and shape agent behavior. Teams need a connected view that shows how their agents behave, guides what they do, and keeps them safe.
Foundry Control Plane helps make that possible. Now in preview in Microsoft Foundry, it brings controls, observability, security, and governance together so teams can build, operate, and manage their entire agent estate in a single place.
As agents scale, developers, IT, and security teams touch the same systems and face the same risks. They need a shared way to understand how agents behave and to keep them aligned with the foundations the organization already relies on. Today, Microsoft is also announcing Agent 365, which adapts industry-leading infrastructure used to manage users and identities and applies it to agents. It brings together Defender, Entra, Intune, Purview, and Microsoft 365 tools to help IT understand what agents are doing, guide what they can access, and keep information safe. Together, Foundry Control Plane and Agent 365 give organizations a connected way to build, manage, and protect agents at scale.
See how this work comes together inside Foundry Control Plane.
Foundry Control Plane brings together four pillars so developers can manage trusted agents: Controls, Observability, Security, and Fleet-wide operations.
Controls: Apply consistent guardrails across inputs, outputs, and now tool interactions.
Foundry Control Plane introduces a unified system of guardrails and controls that guide how agents behave across inputs, outputs, tool calls, and tool responses. These controls help keep each agent safe, aligned, and trustworthy throughout its lifecycle.
Guardrails in Foundry Control Plane.
Teams building in Microsoft Foundry will recognize the familiar foundation of controls for inputs and outputs. What’s new in public preview are controls for tool calls and tool responses, which extend safety coverage to every stage of agent activity. Developers can now define how agents invoke and interact with external tools, preventing unsafe or irrelevant actions while preserving autonomy and flow.
Foundry Control Plane supports a full range of controls, including task adherence, sensitive data detection, groundedness, prompt injection mitigation, and protected materials. Together, they help ensure that agents stay focused, produce accurate results, and operate within defined boundaries.
Controls in Foundry Control Plane.
“Infosys Topaz™ and Microsoft Foundry share the goal of making enterprise AI more secure, observable, and well-governed from the start. Foundry Control Plane will provide customers centralized command over their AI agents, complete with fleet-wide visibility, policy enforcement, and runtime security."
- Balakrishna D. R. (Bali), Executive Vice President, Global Services Head, AI and Industry Verticals, Infosys
Observability: Evaluate, trace, monitor and refine every step of the agent journey
Understanding how an agent behaves across its lifecycle is the foundation of building better systems. Foundry Control Plane gives developers a connected environment to evaluate, monitor, and trace their agents, turning every signal into an opportunity for improvement.
Observability in Foundry Control Plane, in public preview, gives teams a clear way to understand how their agents behave. Developers can accelerate agent development with integrated evaluations built directly into the Foundry playground. A full suite of quality, risk, and safety evaluators is available out of the box, and teams can create custom ones when they need deeper insight.
Additional capabilities will become generally available after Ignite. These include the ability to run evaluations entirely in the cloud, and a broader collection of evaluators for model behavior. The experience will expand with built-in synthetic datasets, recommended evaluators, and new agent evaluators for groundedness, task adherence, and tool accuracy. A new cluster analysis view will help teams see visual patterns in agent behavior and guide improvements with more confidence.
Evaluations in Foundry Control Plane.
To optimize performance and keep costs low, teams can use the operate dashboard in the Control Plane to monitor and uncover inefficiencies. The dashboard brings together cost, performance, evaluation results, and red teaming data in one place. Developers can trace every run from prompt to model inference to tool call through OpenTelemetry based tracing, uncovering where systems excel and where they drift. Continuous evaluations provide always on, automated checks for quality, safety, and performance. And the integrated AI Gateway provides control over model, agent, and tool usage to help teams maintain performance while managing costs.
Observability also stretches across environments. Foundry Control Plane connects data from every agent, giving teams a single place to compare, monitor, and improve performance. OTel compliant traces from Foundry or from frameworks like Microsoft Agent Framework, LangChain, and LangGraph flow into a unified view. Evaluations, traces, and red teaming results are published to Azure Monitor, where agent signals can be correlated with the KPIs of dependent AI infrastructure and other application signals to deliver an end-to-end operational picture.
Monitoring in Foundry Control Plane.
With complete visibility in place, the next step is resilience. Foundry Control Plane makes it possible not only to see how agents behave but to test how they respond under stress. AI Red Teaming Agent, now generally available, gives organizations the ability to continuously test and strengthen their agents against real world risks. It simulates adversarial conditions to uncover unsafe actions, sensitive data exposure, and agentic jailbreaks before they occur. With a simple no code setup and integrated monitoring, teams can automate scans, surface vulnerabilities, and maintain ongoing safety across deployments.
“CarMax uses Microsoft Foundry not just for evaluations, but as a foundation for agentic observability. Every interaction from our agent Skye is captured, analyzed, and scored through a mix of out-of-the-box and custom evaluators, giving us deep visibility into how agents perform across safety, compliance, and quality metrics. This observability enables proactive monitoring, faster iteration, and confidence that our multi-agent architecture operates responsibly and effectively. We are excited to explore the ability to get fleet-wide observability in one view with Foundry Control Plane.”
- Abhi Bhatt, Data & AI Engineering, CarMax
Security: Protect every agent at every step
Foundry Control Plane deepens Microsoft Foundry’s native integrations with Microsoft Security, giving teams a clearer and more connected way to secure agents across their lifecycle. These integrations support secure access, protect against emerging threats, and safeguard data for everything built and run in Foundry.
Every agent created in Foundry is issued a Microsoft Entra Agent ID at build time. This durable identity traces ownership, access, and lineage throughout the agent’s lifecycle, creating a strong foundation for accountability. For organizations that need more granular control, Entra extends into enterprise identity systems, enabling policy-based access, conditional permissions, and alignment with existing governance models.
Entra Agent ID in Foundry Control Plane.
Defender now extends AI security posture management for agents built in Foundry, with complete visibility, posture recommendations, and attack path analysis to mitigate risks and vulnerabilities. Defender will also extend its industry-leading threat intelligence to agents built in Foundry, with new detections for rising attack techniques like jailbreak attempts. These protections and risk signals integrate directly into the Control Plane, giving developer teams immediate context for investigation and response.
Foundry Control Plane also integrates with Purview to provide greater data protections and visibility into risks. Foundry agent interactions seamlessly flow into Purview for audit and compliance visibility and mitigation. Now, Purview enables security admins to define and apply org-wide AI content safety policies that integrate natively within Foundry Control Plane. This ensures developers can understand when controls violate compliance policies and remediate directly.
Microsoft Purview and Defender in Foundry Control Plane.
Together, these industry-leading Microsoft Security integrations with Foundry will ensure that developers and security teams can prevent, detect, and mitigate risks across AI services and agents, just like you do for other critical assets across your organization.
Security alerts in Foundry Control Plane.
Fleet-wide Operations: Managing trust across the entire agent estate
Developers build agents in many different ways. They use different tools, work across many frameworks, and often deploy on multiple clouds. Foundry Control Plane brings all of these agents into one connected view. It gives developer teams a clear understanding of every agent, whether created in Foundry, Microsoft Agent Framework, LangChain, or LangGraph, no matter where it was built or which cloud it runs on.
Agents created in Foundry appear automatically in Foundry Control Plane with a Microsoft Entra Agent ID issued at build time. External agents can be connected through AI Gateway, which acts as the single entry point for requests and allows Foundry Control Plane to observe how those agents behave. This lets developers bring agents built on other clouds or frameworks into the same fleet view without changing how those agents are built or deployed.
Once agents are connected, Foundry Control Plane provides a single visual view of the entire fleet. In one place, developers can see how agents are performing, where they run, who owns them, and which policies apply. Health, cost, performance, risk, and policy coverage appear side by side, along with alerts that flag evaluation drops, compliance gaps, or security risks the moment they appear. These alerts come from evaluations, guardrail enforcement, and connected security systems, giving teams early signals when something falls out of alignment.
This view is designed for action. When something needs attention, developers can move directly from a fleet alert into the build experience to review behavior, refine prompts, update tools or guardrails, or adjust the policies governing that agent. There’s no need to switch between systems or rebuild understanding. Foundry Control Plane keeps operating and building in the same flow so teams can continuously improve their agents and the fleet as a whole.
Fleet-wide view in Foundry Control Plane.
Partnerships strengthen our trust ecosystem
Foundry Control Plane is designed to work across an open ecosystem of trusted partners that extend security, governance, and compliance throughout the AI lifecycle. Today, Microsoft is announcing upcoming integrations with Palo Alto Networks and Zenity, two partners that bring complementary strengths in agent security and governance.
Palo Alto Networks Prisma AIRS will integrate with Foundry Control Plane to provide enterprises with additional choices for content safety, agent security, and policy enforcement capabilities. These upcoming integrations will enable shared customers of Foundry Control Plane and Palo Alto Networks’ to apply policy-driven filtering with toxic content and custom topic detection, real-time runtime protection through prompt injection blocking, malicious code detection, and database protection, as well as automated policy checks to ensure security and safety at scale. Together, these capabilities will help organizations detect and prevent risks across every stage of agent & AI app activity.
“As organizations accelerate their use of AI, securing the runtime environment becomes critical,” said Ian Swanson, AI Security Leader at Palo Alto Networks. “Through our upcoming integration with Foundry Control Plane, we are helping enterprises apply the same rigorous protection to AI agents that they already rely on to defend their applications and infrastructure.”
Zenity will add capabilities for inline prevention, detection, and response, enabling real-time anomaly detection and proactive containment of unsafe or unauthorized agent actions. Zenity will also bring continuous policy enforcement and compliance controls, allowing enterprises to dynamically apply security and compliance policies across agent workflows.
“AI agents are powerful, but they must operate within clear and safe boundaries,” said Michael Bargury, CTO and Co-Founder of Zenity. “Our collaboration with Microsoft will help enable proactive defense and real-time prevention into Foundry Control Plane, helping to give enterprises the visibility and control they need to manage agents responsibly at scale. Together, we’re enabling organizations to implement hard boundaries when adopting AI agents at scale - with the confidence that unsafe actions can be detected, analyzed, and disrupted before they cause harm.”
Build and operate agents you can trust
Foundry Control Plane brings everything together in one connected experience, allowing developers to observe, control, secure, and operate across their entire fleet. Each capability works in harmony to help organizations build and manage AI systems that are both powerful and responsible.
Get started
Foundry Control Plane is now available in public preview in Microsoft Foundry. Start exploring how to build, operate, and govern your agents responsibly.
To learn more, visit Microsoft Learn and explore resources including the Foundry SDK, developer documentation, and course materials that help you build and operate agents responsibly.
If you are attending Microsoft Ignite 2025 or watching on demand, explore sessions that dive deeper into responsible and scalable AI operations:
- BRK205: AI Operations to own the fleet, master the mission in Azure AI Foundry
- BRK202: Foundry Control Plane: Managing AI Agents at Scale
- BRK190: Monitor, optimize and scale with AI Observability in Azure AI Foundry
- BRK212: Trustworthy AI at Microsoft: From commitments to capabilities
- BRK 268: Secure Azure AI Foundry agents with Microsoft Security
- BRK119: Don’t let your AI agents go rogue, govern with Azure API Management
Microsoft