Azure AI Foundry HTTP 403 "unusual behavior" block on Elevate-grant resource

SUMMARY

Azure AI Foundry resource is returning HTTP 403 with the message

"Your resource has been temporarily blocked because we detected

unusual behavior" and has remained blocked for 24+ hours with no

auto-clear, even at less than 2 RPM with a 10-token probe.

The bigger issue: every standard support path is closed because

the subscription sits on a Developer support plan — both the

Azure Portal ticket form AND the az support REST/CLI API gate on

plan tier. Posting here as one of the few remaining surfaces a

Microsoft engineer can pick up.

RESOURCE DETAILS

Resource: bda-ai-foundry

Subscription: f60e8dd3-ec1a-42bc-ba90-f79e7e835505

Organization: Bharat Dharma Academy Limited — Australian

registered charitable NFP, Sanatan Dharma

educational content

Grant: Microsoft Elevate

AFFECTED DEPLOYMENTS

- gpt-5-mini (chat/completions, primary workhorse)

- gpt-5-pro (responses endpoint, premium tier)

- o4-mini (fast fallback)

- text-embedding-3-large

- Cohere-embed-v3-multilingual

- FLUX-1.1-pro

SUSPECTED TRIGGER

Per Microsoft Q&A guidance from a volunteer moderator (May 22 2026),

the most likely trigger is anomaly detection from:

(a) the same API key being used from two geographically distant

origins — Render in US East (Virginia) and a Mac workstation

in Australia (Sydney);

(b) bursty smoke-test calls after long idle periods.

That diagnosis is consistent with the symptom: a 403 that does NOT

auto-clear, and is NOT a traditional 429 quota error.

SUPPORT PATHS ATTEMPTED (ALL BLOCKED)

1. Azure Portal -> Help + Support -> New Support Request

-> redirects to Q&A / support-plan gate.

2. Direct support-request URL (typed manually in browser)

-> same redirect / gate.

3. Microsoft Support virtual agent (contact page)

-> loops back to Q&A.

4. Azure CLI in Cloud Shell — full az support in-subscription

tickets create command with all required parameters populated

(service classification, severity, contact details).

Returned:

(InvalidSupportPlan) Your support plan type is Developer.

To create and update support tickets, and add communication

operations, you need access to our high tier-support plans.

5. Microsoft for Nonprofits contact form — submitted in parallel.

6. Microsoft Q&A — root cause confirmed by volunteer moderator,

awaiting MS engineer pickup.

MITIGATIONS ALREADY IMPLEMENTED ON OUR SIDE

To demonstrate this is not a runaway script:

- All Azure traffic PAUSED — we are NOT retrying (we understand

retries worsen the anomaly signal).

- Async rate limiter + circuit breaker shipped on every Azure

caller; any 403 immediately opens a 6-hour circuit so the

resource cannot be hammered.

- Going forward:

* separate API keys per origin (Render in Virginia and

Mac in Sydney)

* separate deployments per workload (web vs batch)

* Diagnostic Settings routed to Log Analytics

WHAT I AM ASKING FOR

1. Manual review and clearance of the block on bda-ai-foundry.

2. The specific trigger reason if visible internally, so we can

confirm our preventive mitigations are correct.

3. Guidance for the community: should grant-funded Microsoft

Elevate / Nonprofit subscriptions have an alternative support

escalation path that does not require a paid plan upgrade?

The current state — every standard channel closed for

Developer-plan subscriptions — is a significant gap for

charitable projects that, by design, run on Microsoft's

grant credits and do not maintain paid support contracts.

This is a live charitable educational workload (Sanatan Dharma

content serving the global Hindu community). Happy to provide

any further diagnostic information.

Thank you.

Parag Srivastava

Founder, Bharat Dharma Academy Limited

Contact email available via my Tech Community profile.