'New Teams' - DOES NOT Remember Window Positions
Can anyone tell me if there is a FIX for this??? Ever since I upgraded to the NEW and IMPROVED [and I choke on those words] Teams, DOES NOT remember my previous window positions for either the main window or individual chats. The Classic Teams did this. When can we expect this be FIXED? This is HIGHLY annoying. It is bad enough that Microsoft feels the need to have this fill nearly your entire screen [as if it was the only application you used]. The very least you could do is check these sorts of issues before the app went to production and in my opinion this app is nowhere near production worthy. Please FIX this immediately or provide a workaround that can be utilized as soon as possible. I wish I could use the old 'classic' Teams, but it will no longer let me. At least it would remember my previous Window Positions.Extend Microsoft Purview data protection to AWS Bedrock agents for cross-cloud AI governance
Organizations are moving fast with AI, and many of those AI workloads are not staying in one cloud. A team might use Microsoft 365 and Microsoft Purview for governance and in addition to Microsoft Foundry they may still choose to run an AI agent on AWS Bedrock or on the Google Cloud Platform. The technical challenge is straightforward: how do you keep one consistent set of data security, governance, and compliance controls when the agent itself runs outside Microsoft Azure? This is where Microsoft Purview becomes the central policy engine for your data estate. In this post, we show why that matters and then walk through a practical example: an expense approval agent running on Amazon Bedrock, protected by Microsoft Purview Data Loss Prevention (DLP) policies. Why Purview should be the central policy engine Most organizations do not want separate policy stacks for every cloud, every model endpoint, and every app team. That leads to duplicated controls, inconsistent enforcement, and audit gaps. The better model is to separate where workloads run from where policy decisions are made. That is the value proposition for Microsoft Purview in cross-cloud AI scenarios. Purview gives you: A consistent policy layer for sensitive information types such as credit card numbers, Social Security numbers, financial data, and other regulated content. A governance plane that can extend beyond Microsoft-hosted workloads into multi-cloud environments. A compliance framework with auditability, policy traceability, and a familiar operational model for security and compliance teams. A way to apply data-aware controls to AI interactions, not just to storage locations. In practical terms, that means the same organization that already trusts Purview to govern Exchange, SharePoint, Teams, and Copilot can use Purview to govern prompts and responses in a Bedrock-based agent as well. The key architectural shift is this: your app does not need to invent its own data policy engine. It can call Purview at the points where risk exists. What this Bedrock agent demonstrates The sample solution in this blog is a cross-cloud AI pattern: The frontend is a single-page browser-based chat app. Users authenticate with Microsoft Entra ID via MSAL. The backend runs in AWS Lambda. The model is Amazon Bedrock using Nova 2 Lite. Microsoft Purview evaluates prompts and model responses for DLP policy violations. This matters because it proves a broader point: Microsoft Purview can govern AI interactions even when the model and compute are not running in Azure. The core architecture As shown above the end-to-end flow follows this pattern: A user signs in through Microsoft Entra ID from the frontend. The frontend sends the user's access token and prompt to an API endpoint in AWS. The Lambda function exchanges that token using the On-Behalf-Of flow so Purview can evaluate under the signed-in user's identity. Purview scans the full prompt for sensitive information before the model is called. If the prompt is allowed, the Lambda function sends the request to Amazon Bedrock. Purview scans the model response before it is returned to the user. The frontend shows the result along with a Purview evaluation badge. That gives you two strong governance controls: In-line data loss prevention enforcement, which can block risky requests before they ever reach the model. Response-time enforcement, which can stop sensitive data from being returned even if a model generates it. The implementation also uses the user's identity for policy evaluation. That is important because governance decisions should reflect who is asking, not just what application is running. Why this pattern is useful for security, governance, and compliance teams There are three reasons this pattern is worth paying attention to. First, it aligns policy with risk rather than with hosting location. The compute might run in Lambda and the model might be in Bedrock, but Purview still remains the policy decision point. Second, it improves operational clarity. Security teams do not have to learn a different governance toolchain for each AI stack. They can keep using Purview concepts, policy models, and audit workflows. Third, it supports real-world adoption. Most large enterprises are hybrid and multi-cloud already. A governance pattern that only works for one vendor's runtime is not enough. Policy definition in Purview Two polices are needed to enforce DLP-a collection policy for Enterprise AI Apps and a DLP policy Collection policy 2. DLP policy Follow the steps outlined here to create the DLP policy for Enterprise AI Apps. Sample provided: purview-api-samples/DLPforCustomAIApps at main · microsoft/purview-api-samples To replicate this scenario, follow this link to the official GitHub repo: purview-api-samples/AWSBedrock at main · microsoft/purview-api-samples Once deployed, you will have: An AWS Lambda function that calls Amazon Bedrock. A browser frontend that authenticates with Microsoft Entra ID. Microsoft Purview evaluating both prompts and responses. A demo flow where safe prompts succeed and sensitive prompts are blocked. With the App and agent deployed, now comes the moment when the architectural value becomes clear. The model runtime is AWS Bedrock, but the policy decision is still coming from Microsoft Purview. Below screenshot shows the prompt containing sensitive information being blocked based on the policy evaluation by Purview. Minimal code integration requirements using the SDK Below is the code needed to perform the integration between Purview and Bedrock to perform the in and outbound inspection of content destined to and from the Bedrock model. Results of Purview’s verdict presented to user in the App UI Review governance evidence in Purview Data Security Posture Management Summary The bigger story here is not just that Microsoft Purview can protect an Amazon Bedrock agent. It is that organizations can centralize data security, governance, and compliance policy even while their AI architecture becomes more distributed across multiple clouds. That is the operational win. Developers keep the freedom to choose the best runtime and model platform. Security and compliance teams keep a central policy engine they already understand and trust. AI applications can be multi-cloud, but your data protection model does not have to be fragmented. Additional resources Configure Microsoft Purview - purview-sdk | Microsoft Learn Microsoft Purview Developer Platform Documentation - purview-sdk | Microsoft LearnZoom in or out of forms, tables, and queries when in Form View or Datasheet View
Access now lets you zoom in and out when you’re working with forms, tables, and queries in Form View or Datasheet View. Zoom in for a closer look at your data or zoom out to see more on screen at once. You can adjust the zoom level using the Zoom button on the ribbon, the zoom slider on the status bar, or keyboard shortcuts. Zoom is also available in Print Preview for reports. Zoom isn’t supported in Report View or Design View. This feature is available in Access for Microsoft 365, version 2605 and later. Choose a magnification setting from the ribbon On the Home tab, select Zoom and choose one of the following options: 50%, 75%, 125%, 150%, 175%, 200%, or 500%. To return the view to 100% zoom, click Zoom 100%. If you prefer to use the keyboard, you can press Ctrl + Alt + 0 (zero). Use the zoom slider to quickly zoom in or out On the status bar in the lower right-hand corner of Access, select the zoom slider. Slide to the percentage zoom setting that you want. Press – or + to zoom in gradual increments. Use zoom keyboard shortcuts or mousewheel To zoom in, press Ctrl + Alt + Plus (+). To zoom out, press Ctrl + Alt + Minus (-). To return to 100% magnification, press Ctrl + Alt + 0 (zero). To use the mousewheel and scroll to zoom in or out, press Ctrl + mousewheel. Change your default zoom percentage Access doesn't save zoom settings on closing and reopening a form. Instead, it opens your form using the default zoom setting. To set your zoom default percentage, choose File > Options > Current Database > Application Options and choose the Default Zoom setting. Note Content inside of ActiveX controls, such as the text in a TreeView control, doesn't resize when zoomed. Zooming in Access only affects Access-native controls. If a form uses ActiveX controls, consider replacing them with native Access controls so they scale with the rest of the form.Bug fixes in Microsoft Access - Current Channel Version 2605 (Build 16.0.20026.20118)
Bug Name Issue Fixed Edge Browser Control didn't render PDFs on some machines When the Edge Browser Control was used to display a PDF, on some machines the PDF would not render at all if the registry value "HKEY_CLASSES_ROOT\.pdf\Content Type" was missing. Access now provides the missing content type, so the Edge Browser Control can render the PDF. Export to SharePoint failed for tables with both lookup fields and attachment columns When exporting an Access table to a SharePoint list, if the table contained both a lookup field and an attachment column, the export could fail with an error. The export now handles this combination correctly, so the export completes successfully. Conditional Formatting color picker showed a reduced palette in Version 2604 A regression introduced in Version 2604 caused the Conditional Formatting color picker to display a smaller set of color choices than previous versions. The full legacy color palette has been restored. Some Unicode characters displayed incorrectly in objects exported to Excel When exporting an Access object whose name contained certain extended Unicode characters, the resulting file's sheet name displayed the characters incorrectly. These characters are now preserved correctly during export. Power BI Gateway couldn't refresh semantic models from .accdb files Refreshing a Power BI semantic model that connected to a .accdb file via the on-premises gateway could fail with "Unspecified error". Connection setup has been adjusted so the gateway can successfully refresh the model. Monaco SQL view: Ctrl+Z didn't undo Ctrl+Shift+K line deletion In the new Monaco-based SQL editor, pressing Ctrl+Shift+K to delete the current line removed the line, but a subsequent Ctrl+Z would not restore it. Undo now works correctly for this and similar editing operations. Document tab text didn't scale with Windows text-size setting When the Windows display setting for text size was increased, document tab labels and the record navigation bar continued to render at the standard size, while other Access UI scaled correctly. The document tabs and record navigation bar now honor the system text-size setting. Error when editing a Long Text field after a write conflict When a write conflict occurred on a record containing a Long Text field, subsequent attempts to edit the field could fail with an error. The data path now refreshes the cached field values correctly after a conflict so that further edits succeed. Access terminated unexpectedly when reading Edge Browser Control properties in form design view In form design view, retrieving the ReadyState or LocationUrl property on an Edge Browser Control could cause Access to terminate unexpectedly. Both properties now return safely in design view. "Copy" prefix was prepended instead of appended to copied object names When duplicating a database object, Access named the copy "Copy of Form1" instead of "Form1 - Copy". This made copies of related objects sort apart from their originals in the Navigation Pane. Copy-of names now append the suffix, so related objects stay together when sorted alphabetically.Discover new Microsoft Marketplace innovations announced at Microsoft Build
At Microsoft Build, Microsoft shared new opportunities for software development companies and partners to build, scale, and monetize AI apps and agents through Microsoft Marketplace. Explore how Microsoft Marketplace is helping software companies accelerate go-to-market strategies, expand customer reach, simplify procurement, and unlock new revenue opportunities across the Microsoft ecosystem. Learn how organizations can take advantage of Azure and Marketplace capabilities to support AI innovation and deliver enterprise-ready solutions faster. Whether you’re building intelligent applications, growing your commercial marketplace presence, or exploring new ways to monetize AI-powered solutions, this is a valuable resource for understanding the latest Microsoft Marketplace announcements and opportunities coming out of Build. 👉 Read more: Build, scale, and monetize apps and agents with Microsoft MarketplaceMake any agent enterprise-ready with the Agent 365 SDK
One of the biggest barriers to enterprise adoption is the lack of centralized controls. Before deploying an agent broadly, organizations need clear answers: What is this agent allowed to do? What data can it access? How is it monitored? And how do we step in when something goes wrong? Today, developers often piece together identity, runtime protection, and observability using a mix of point solutions and open-source tools. The result is fragmented policy management, disconnected monitoring, and operational overhead that’s difficult to scale within existing IT and security systems. What enterprises need instead is a unified control plane that brings these capabilities together. Introducing the Agent 365 SDK On May 1, Microsoft announced the general availability of Agent 365, the control plane for enterprises to observe, govern, and secure agents at scale. Agents built on the Microsoft AI platform (Agent Builder, Copilot Studio, and Microsoft Foundry) get Agent 365 capabilities automatically, with zero additional developer effort. For agents built on external platforms or open-source frameworks, the Agent 365 SDK provides the path in. The SDK enables enterprise-grade observability, governance, and security, while the Agent 365 CLI provisions the agent identity and registers the agent in Agent 365 from day one. For example, a back-office agent built on Microsoft Foundry and a customer-facing agent built with the OpenAI Agents SDK can both be managed through Agent 365, using the same identity model, observability signals, and policy engine, no matter which platform or framework on which the agent runs. What you get with the Agent 365 SDK Observability A unified agent registry. Every agent registered through the SDK appears in a unified Agent 365 registry, giving admins visibility into ownership, usage, connected tools and knowledge sources, and assigned permissions. Additional signals also help surface unmanaged local agents in the same control plane. Security Operations Center (SOC) visibility in Microsoft Defender. Security Operations Center teams can use Microsoft Defender telemetry to hunt across agent activity, identify vulnerabilities, and investigate potential risks across the entire agent fleet Governance Agent lifecycle management. Apply rules-based policies to automatically expire inactive agents, flag ownerless agents, and block risky ones. Onboarding and agent governance. Deploy agents to specific users or groups only after permissions, policies, and reviews are complete. Block, unblock, or remove agents on demand to control availability. Policy templates. Group existing policies from Entra, Purview, Defender, and SharePoint into reusable templates that apply automatically during agent approval or onboarding. Tool controls for agents. View, allow, or block tools across the tenant so agents only use approved tools, enforcing consistent governance without per-agent configuration. Security Agent identity in Entra. The SDK generates an agent identity in Entra so the agent can be managed, and policies and role assignments can be applied to it the same way they are applied to users. Learn more in our Entra Agent ID developer blog post. Access control. Agents can be secured by Entra Conditional Access and Identity Protection for runtime protections as agent behavior evolves. Threat detection in Defender. Agent activity surfaces in Microsoft Defender alongside the rest of the estate, with alerts wired into the same incident pipeline the SOC already runs on. Threat blocking tool invocation. When you register tools with Agent 365, calls to and responses from those tools are protected by Defender’s runtime protection, blocking high-risk tool calls and actions before they execute. How companies are putting it to work Many software companies have already integrated the Agent 365 SDK into the agents they build, spanning three primary categories. The first is AI-native software vendors building customer-facing agents, such as Genspark, Zensai, Egnyte, and Zendesk. The second includes agent platforms and “agent factories” where customers build and run their own agents, including Kore.ai, Kasisto, and n8n. And the third is enterprises developing custom internal agents for their own employees and business processes. All three groups integrate with the Agent 365 SDK for the same reason: when these agents are deployed into an enterprise, organizations can immediately observe, govern, and secure them in Agent 365 with no additional work required for the core capabilities. More advanced scenarios such as data security and compliance can then be added through Microsoft Purview APIs when required. Two examples of what this looks like in practice Kore.ai is an enterprise platform for building and managing AI agents and assistants. Raj Koneru the CEO of Kore.ai had this to say about Agent 365: "Enterprises can easily build AI agents today but scaling them with trust and governance is where most initiatives stall. With Kore.ai deeply integrated into Microsoft Agent 365, identity, security, and governance are built in from the start, empowering enterprises to move from pilots to AI at scale with confidence." — Raj Koneru, Chief Executive Officer, Kore.ai Zensai is an AI-native software development company that ships its Human Success Agent to enterprise customers. Emma Taylor, Culture & Organizational Development Manager at Phoenix Software Solutions, one of Zensai’s customers, on what Agent 365 makes possible: "Zensai has given us a clear view of how our people and programs are performing, helping us track the metrics that matter. The depth of reporting across the Human Success Platform has been a game changer for our team. We're particularly excited about the Human Success Agent, with Agent 365 delivering the governance and observability our administrators need to confidently manage AI in the enterprise responsibly while surfacing the data and insights that drive better decisions across our business." — Emma Taylor, Culture & Organizational Development Manager, Phoenix Software Solutions The takeaway is direct: integrate once with Agent 365 SDK, and every customer who deploys your agent can easily enable enterprise-grade controls. Get started today The Agent 365 SDK is available now. If your agent is already running, you can onboard it in three steps. Install the SDK in your agent project using Python, TypeScript, or .NET. Register the agent with the Agent 365 CLI to provision its identity and automatically onboard it into Agent 365. Wrap your agent entry point with the SDK to stream activity and telemetry into the Agent 365 control plane. For data security visibility and controls, you can integrate Microsoft Purview APIs to enable capabilities such as prompt-based Data Loss Prevention (DLP), Data Security Posture Management, Insider Risk Management, and core compliance features including eDiscovery, Communication Compliance, Audit, and Data Lifecycle Management. Learn more in our Purview developer blog post. Get started with Agent 365 development Keep learning Microsoft is actively shaping the Agent 365 SDK based on what builders are asking for. A few places to go deeper and see the SDK in action: Watch OD840: The Microsoft Build on demand developer session that goes deeper on Agent 365 SDK and the design decisions behind it. Watch BRK251: Build secure and enterprise-ready agents with Agent 365. A hands-on breakout that walks through how Agent 365 SDK and Microsoft Purview APIs work together across the agent lifecycle, with practical examples for runtime visibility, identity-aware access, data protection, and policy-based governance. Available on Wed, Jun 3 11:30 AM - 12:15 PM PDT and on demand. Browse the docs: For quick-starts, reference, and the layered toolkit guide. Go deeper on Purview for agents: Start with the Purview developer blog for the story, then the Microsoft Purview developer documentation for the full reference. Read more on Entra Agent ID: Start with the Entra Agent ID developer blog, then the Microsoft Entra Agent ID documentation for the full reference. Shipping an agent that IT and security teams can actually approve doesn't have to mean piecing together multiple solutions. With the Agent 365 SDK, you can build enterprise-ready agents that organizations can deploy with confidence. Co-Authored by Jeremiah Follis
Word/PowerPoint are not suitable replacements for Publisher
I’m writing following the guidance that Word and PowerPoint can be used as replacements for Publisher. This feedback is based on completing a real production document, not theoretical use Having just completed a fairly complex, layout-heavy technical document, I thought it only fair to share how that works in practice. In theory, I can see the logic: Word handles documents PowerPoint handles layouts Therefore, between the two, everything should be covered Unfortunately, in reality, this appears to be more of a theoretical exercise than a practical solution. Publisher was clearly designed for: Fixed, page-based layouts Precise positioning of objects Efficient alignment of mixed content (text, images, tables) Producing consistent, professional multi-page documents By comparison: Word is admirably committed to reminding you that it would prefer everything to flow freely, regardless of whether you want it to or not PowerPoint, while better behaved, does seem to assume every page is a standalone slide rather than part of a structured document Both tools can, with enough persistence, be persuaded into doing the job. However, this involves a level of manual intervention, workaround, and general negotiation with the software that feels somewhat at odds with modern productivity software. To put it simply: They are not replacements in any meaningful, real-world sense. The end result can be achieved, but the process is unnecessarily time-consuming, fragile, and prone to unexpected layout changes—particularly when precision actually matters. Replacing a purpose-built publishing tool with two applications that were never designed for that role gives the impression that this use case has been… optimistically simplified. I would strongly encourage Microsoft to either: Provide a genuine page-layout solution within the Office suite, or Enhance existing applications so they can support fixed-layout publishing without constant workarounds At present, the gap left by Publisher is very noticeable for anyone producing structured documents beyond basic text. I appreciate the direction of Microsoft 365 overall, but in this particular area, the experience feels less like an evolution and more like working around a missing tool. Regards AndyAccelerate your AI or agent build to sell on Marketplace with Quick-Start Development Toolkit
Want to skip right to coding in minutes? Start with the interactive wizard in App Advisor Building AI products quickly is becoming table stakes. Building them in a way that supports scalability, repeatability, and a path to commercialization is where software companies create advantage. The challenge now is reducing the time between identifying an opportunity and getting developers working inside a proven structure that supports real deployment outcomes. That’s where the AI, agentic, and Copilot branch of the Quick-Start Development Toolkit helps. Embedded directly within App Advisor, Quick-Start Development Toolkit helps software companies move from concept to implementation faster using guided development patterns, trusted architectures, deployable reference code, and practical resources designed to reduce friction across the development process. Build AI & agentic products faster without starting from scratch Development teams often know the customer scenario they want to solve. What slows momentum is deciding where to begin, selecting architecture patterns, and aligning implementation decisions across teams. The Quick-Start Development Toolkit helps remove that uncertainty. By answering a few focused questions about what you want to build, who it serves, and the products you’re building with, you’re matched with a development pattern designed to accelerate execution. Each development pattern includes: Self-serve, click-to-deploy reference code aligned to your scenario, Sample solution architecture to help visualize products and reduce guesswork, and Practical how-to resources and implementation guidance to overcome friction points, Everything is structured to support faster decision making and help teams move confidently into development. Accelerate development with purpose-built AI accelerators The AI and agent branch of Quick-Start Development Toolkit includes development accelerators designed around high-value scenarios, so your team can spend less time assembling foundations and more time building differentiated experiences. Each of these accelerators is built and fully maintained by Microsoft experts, so you can be confident your code template isn’t stale. Our most popular accelerators include: Multi-Agent Custom Automation Engine Accelerator: Delegate complex, repetitive tasks to AI agents that act on your behalf—executing work efficiently, reducing manual effort, and ensuring results align with your organization's standards. Conversation Knowledge Mining Accelerator: Improve contact center performance with AI-powered conversation intelligence—analyzing audio and text data on a large scale to show insights, improve service, and drive smarter decisions. Accelerate agentic applications for Unified Data Foundations (with Microsoft Fabric): Accelerate decision making at scale with secure, agentic AI built on a unified data foundation with two use cases for sales performance and customer insights. Each pattern includes common use cases, related resources, and pathways to adjacent scenarios so teams can continue progressing without losing momentum. The goal is to help your team move from experimentation to a product that can be packaged, deployed, and prepared for customers. You can see more of our accelerators here Coming this week: The Microsoft IQ solution accelerator leverages a shared intelligence layer to unify data, knowledge, and workflows, enabling AI-powered insights and coordinated actions for measurable business outcomes. Build with Microsoft Marketplace outcomes in mind Development choices shape commercial outcomes. Starting with trusted architecture and structured implementation guidance can help reduce redesign cycles later when preparing to package, publish, and scale. Quick-Start Development Toolkit helps software companies: Shorten time from idea to deployable AI product, Improve alignment across implementation decisions, Reduce development overhead through reusable foundations, and Create repeatable pathways toward publishing and selling. When development starts with clarity, commercialization becomes easier. Keep moving forward with App Advisor Quick-Start Development Toolkit is embedded within App Advisor because building is only one stage of the journey. App Advisor helps connect decisions across design, development, publishing, and growth so teams can continue moving forward with less context switching and more confidence. As your solution evolves, App Advisor provides curated, step-by-step guidance to help you prepare for Marketplace readiness and make the next decision faster. Ready to start? Explore Quick-Start Development Toolkit Start where you need help with App AdvisorClaude Code on Microsoft Foundry in VS Code — A Practical Setup Guide (with the gotchas)
Enables enterprise-grade governance without changing your developer workflow. The official Microsoft Learn article (Configure Claude Code for Microsoft Foundry) gets you ~80% of the way there. The remaining 20%—VS Code settings shape, tenant mismatches, and configuration conflicts like "baseURL and resource are mutually exclusive"—is where most setups fail in practice. This guide walks the full path end-to-end, with the exact JSON that validates, working CLI configuration, and a troubleshooting matrix based on real-world failures. This guidance is based on repeated customer deployments and internal testing across both CLI and VS Code scenarios. TL;DR Setup - Deploy claude-sonnet-4-6 (optionally Haiku + Opus) in a supported region - Grant Cognitive Services User + Foundry User - az login --tenant <tenant> , then launch VS Code via code . Config - CLI: - CLAUDE_CODE_USE_FOUNDRY=1 - ANTHROPIC_FOUNDRY_RESOURCE=<name> - Do NOT set ANTHROPIC_FOUNDRY_BASE_URL at the same time - VS Code: - Use [{ "name": "...", "value": "..." }] format Validate - claude → /status - Expect: API provider: Microsoft Foundry Why run Claude Code on Foundry? Anthropic's Claude Code is a top-tier agentic coding assistant. Running it through Microsoft Foundry instead of Anthropic's public API gives you: Data residency & compliance: prompts and completions stay inside your Azure tenant. Entra ID auth: no API keys to rotate; centralized RBAC. Private networking: works behind VNets/Private Endpoints. Unified billing & quotas: usage shows up on your Azure invoice and in Foundry monitoring. Same model, same CLI, enterprise-grade plumbing underneath. Prerequisites checklist Requirement How to verify Azure subscription with pay-as-you-go billing az account show Foundry resource in supported regions Check your region's model availability in Foundry portal Contributor/Owner on the resource group (for deployments) Azure Portal → IAM Cognitive Services User + Foundry User on the resource (for invoking) Azure Portal → IAM Azure CLI installed and logged in az --version , az login Claude Code CLI installed claude --version VS Code (current) with the Anthropic Claude Code extension Help → About Windows only: Git Bash (from Git for Windows) or WSL2 — Claude Code's runtime requires a POSIX shell bash --version in Git Bash / WSL ⚠️ Claude models in Foundry are currently available in select regions. Check the Foundry portal model catalog for your region's availability (commonly East US 2 and Sweden Central). Step 1 — Deploy the Claude models Claude Code uses three model roles, and it expects a deployment for each: Role Default deployment name Used for Primary claude-sonnet-4-6 general coding (balanced) Fast claude-haiku-4-5 quick edits, file reads Extended thinking claude-opus-4-6 complex reasoning Deploy at least Sonnet to get started. Add Haiku and Opus when you need them — Claude Code will route automatically. If a role-specific model isn't deployed, Claude Code may fall back or fail depending on the task. Deployment names in this guide follow the current Claude 4.x naming exposed in Foundry. Exact versions change over time — check the Foundry model catalog in your region for what's currently available. Foundry Portal: AI Foundry → your project → Build → Models + endpoints → + Deploy model → pick the Anthropic Claude model → Global Standard deployment → name it exactly as above (or remember the name to override later). To discover the current model version before deploying (replace eastus2 with your Foundry region): az cognitiveservices model list -l eastus2 ` --query "[?contains(model.name,'claude')].{name:model.name, version:model.version, format:model.format}" -o table Azure CLI: az cognitiveservices account deployment create ` --name <foundry-resource> ` --resource-group <rg> ` --deployment-name claude-sonnet-4-6 ` --model-name claude-sonnet-4-6 ` --model-version <version> ` --model-format Anthropic ` --sku-name GlobalStandard ` --sku-capacity 1 ✍️ Figure 1: Foundry portal “Models + endpoints” showing the three Claude deployments. Step 2 — Grant yourself the right roles This is the #1 source of silent failures. You need both: Role Role ID Purpose Cognitive Services User a97b65f3-24c7-4388-baec-2e87135dc908 data-plane invocation Foundry User (formerly Azure AI User) 53ca6127-db72-4b80-b1b0-d745d6d5456d Foundry-native permissions $me = az ad signed-in-user show --query id -o tsv $scope = az cognitiveservices account show -n <foundry-resource> -g <rg> --query id -o tsv # Use role IDs — rename-proof (works whether the display name is "Azure AI User" or "Foundry User") az role assignment create --assignee $me --role a97b65f3-24c7-4388-baec-2e87135dc908 --scope $scope # Cognitive Services User az role assignment create --assignee $me --role 53ca6127-db72-4b80-b1b0-d745d6d5456d --scope $scope # Foundry User (formerly Azure AI User) The Foundry RBAC rename (Azure AI User → Foundry User) is rolling out; both role names map to the same role definition (same role ID), depending on tenant rollout state. Use whichever role name your tenant exposes — or use the role IDs above to avoid ambiguity. Step 3 — Install the Claude Code CLI Use the official installer from Anthropic (auto-updates in the background): irm https://claude.ai/install.ps1 | iex claude --version If claude isn't on PATH, restart your shell. The installer drops it under %USERPROFILE%\.local\bin . Step 4 — Sign in to the right tenant If your Foundry resource lives in a tenant different from your default, an az login to the wrong tenant produces the cryptic error: ValueError: Unable to get authority configuration for https://login.microsoftonline.com/<bad-guid>. Authority would typically be in a format of https://login.microsoftonline.com/your_tenant Fix: az login --tenant <foundry-tenant-guid> az account set --subscription <foundry-subscription-guid> az account show # confirm tenant & subscription 💡 You can list every tenant you have access to with: az account list --query "[].{name:name, tenantId:tenantId}" -o table Step 5 — Configure the CLI Set these in the same PowerShell session you'll launch claude from: $env:CLAUDE_CODE_USE_FOUNDRY = "1" $env:ANTHROPIC_FOUNDRY_RESOURCE = "<your-foundry-resource-name>" # Optional: only if your deployment names differ from the defaults $env:ANTHROPIC_DEFAULT_SONNET_MODEL = "claude-sonnet-4-6" $env:ANTHROPIC_DEFAULT_HAIKU_MODEL = "claude-haiku-4-5" $env:ANTHROPIC_DEFAULT_OPUS_MODEL = "claude-opus-4-6" To make them persistent: setx CLAUDE_CODE_USE_FOUNDRY 1 (and so on), then sign out and back in (or restart Explorer). GUI apps like VS Code launched from the Start menu only pick up new user-env vars after the user session refreshes — opening a fresh terminal isn't enough. 🚫 The "mutually exclusive" trap API Error: baseURL and resource are mutually exclusive You'll hit this if you set both ANTHROPIC_FOUNDRY_RESOURCE and ANTHROPIC_FOUNDRY_BASE_URL . Pick one: Most users → ANTHROPIC_FOUNDRY_RESOURCE=<name> (Claude Code builds the URL). Custom subdomain / private endpoint → use ANTHROPIC_FOUNDRY_BASE_URL instead. Step 6 — Verify the CLI claude > /status Expected output: API provider: Microsoft Foundry Microsoft Foundry base URL: https://<resource>.services.ai.azure.com/anthropic Microsoft Foundry resource: <resource> Model: Default (claude-sonnet-4-6) ✍️ Figure 2: /status output confirming API provider: Microsoft Foundry . If you instead see "Anthropic" or it prompts for an Anthropic login, CLAUDE_CODE_USE_FOUNDRY isn't being inherited — see troubleshooting below. Step 7 — Configure the VS Code extension Install Claude Code from the VS Code Marketplace (publisher: Anthropic). Open user settings.json ( Ctrl+Shift+P → Preferences: Open User Settings (JSON)) and add: "claudeCode.environmentVariables": [ { "name": "CLAUDE_CODE_USE_FOUNDRY", "value": "1" }, { "name": "ANTHROPIC_FOUNDRY_RESOURCE", "value": "<your-foundry-resource-name>" } ] 🪤 Schema gotcha. The MS Learn doc currently shows this as a plain {KEY: VALUE} object under the UI label "Claude Code: Environment Variables" . In recent extension versions the actual JSON key is claudeCode.environmentVariables and the value must be an array of {name, value} objects. If you paste the doc's snippet verbatim, VS Code will flag "Missing property name", "Colon expected", "Unknown configuration setting". Use the array form above. Make the extension see your az login The extension inherits environment & credentials from the process that launches VS Code. After az login : # In the same PowerShell where az login succeeded: code . If VS Code was already running, fully quit it (not just close the window) and relaunch from the terminal. Developer: Reload Window is not enough to refresh inherited Azure CLI credentials. ✍️ Figure 3: settings.json with the claudeCode.environmentVariables array form. Step 8 — Try it In VS Code, click the Claude Code (Spark) icon in the sidebar to open the panel. Type: Summarize the structure of this project. You should get a response within a few seconds, and the panel should indicate it's routing through Microsoft Foundry. Run /status inside the panel to confirm API provider: Microsoft Foundry if you want certainty. ✍️ Figure 4: Claude Code panel in VS Code responding through Microsoft Foundry. Troubleshooting matrix Symptom Where it shows up Likely cause Fix API Error: baseURL and resource are mutually exclusive claude CLI on first request Both ANTHROPIC_FOUNDRY_BASE_URL and ANTHROPIC_FOUNDRY_RESOURCE set Unset one. Prefer ANTHROPIC_FOUNDRY_RESOURCE . Unable to get authority configuration for https://login.microsoftonline.com/<guid> claude CLI startup or VS Code panel Wrong tenant ID in az login az login --tenant <correct-guid> ; verify with az account show Failed to get token from azureADTokenProvider: ChainedTokenCredential authentication failed VS Code Claude Code panel Extension didn't inherit az login session Quit VS Code entirely; relaunch with code . from the authed shell Token tenant does not match resource tenant claude CLI or VS Code panel CLI logged into a different tenant than the Foundry resource az login --tenant <foundry-tenant> The model <name> is not available on your foundry deployment claude CLI first use or VS Code model selector Deployment name mismatch Either rename the Foundry deployment, or set ANTHROPIC_DEFAULT_*_MODEL to the actual name 401 / 403 on first request claude CLI or VS Code panel Missing RBAC on the resource Assign Cognitive Services User and Foundry User on the resource scope Claude Code prompts for Anthropic login VS Code Claude Code panel CLAUDE_CODE_USE_FOUNDRY not set in the process Set the env var before launching claude / code . VS Code shows "Unknown Configuration Setting" for claudeCode.environmentVariables VS Code Settings tab Wrong JSON shape Use the array of {name,value} objects form 429 Too Many Requests claude CLI or VS Code panel TPM/RPM exhausted Foundry portal → Operate → Quotas; request increase or reduce parallelism Works in CLI, fails in VS Code extension VS Code Claude Code panel only Env vars set per-shell, not visible to GUI VS Code Use setx (persistent user env) or move them into claudeCode.environmentVariables "Model is not available in region" Foundry portal model deployment step Foundry resource not in a supported region Deploy a new Foundry resource in a supported region, or check model availability Best practices Auth & secrets - Prefer Entra ID over API keys. If you must use a key for CI, store it as a secret (GitHub Actions secret, Key Vault) — never in settings.json (it may sync via Settings Sync). - Scope RBAC at the resource level, not the subscription, for least privilege. Project context - Create a CLAUDE.md at your repo root with stack, conventions, and entry-point commands. Claude Code reads it automatically and the quality jump is significant. - Use .claude/rules/*.md for per-area rules (e.g., test conventions, security rules). Cost & latency - Let Claude Code's auto-routing pick the right role (Sonnet/Haiku/Opus). Don't pin everything to Opus. - Cap context with ANTHROPIC_MAX_TOKENS if you have a strict budget. (Note: not honored by every Claude Code version — check the Claude Code docs for your version.) - Watch token spend in Foundry → Operate → Metrics weekly. Reliability - For team use, deploy all three model roles even if you don't think you need them — silent role-routing failures are confusing. - Tag your Foundry resource ( env=dev|prod , team=... ) for chargeback. Reproducibility - Document the exact env vars and az login --tenant GUID in your team README. - Pin Claude Code CLI version in onboarding docs ( claude --version ) so new joiners hit the same behavior. A note on the MS Learn doc The doc is accurate but skips three things that caused the most friction in real-world deployments: VS Code extension settings shape — the example uses the UI label as a JSON key and an object instead of the array form the schema actually expects. Process inheritance — it says "set the env vars" but doesn't emphasize that the VS Code window must be launched from a shell where both az login and the env vars are live. Reloading the window doesn't help. Mutually exclusive RESOURCE vs BASE_URL — listed in passing, but the error message only appears at first request, after you think everything is configured. If the Microsoft Learn page is updated, treat this post as a companion — same destination, fewer dead ends. What you've got now Claude Code running locally on your machine, talking to your Foundry resource. Entra ID auth — no API keys to manage. Full Foundry telemetry, quotas, and billing. VS Code panel + CLI, both backed by the same setup. Drop a CLAUDE.md in your repo and start shipping. When to Use RESOURCE vs BASE_URL Use RESOURCE (default) - Standard public deployments - No custom networking Use BASE_URL - Private endpoints - Custom DNS / VNet routing Never set both.
