Selecting the Right Agentic Solution on Azure – Part 2 (Security)
Let’s pick up from where we left off in the previous post — Selecting the Right Agentic Solution on Azure - Part 1. Earlier, we explored a decision tree to help identify the most suitable Azure service for building your agentic solution. Following that discussion, we received several requests to dive deeper into the security considerations for each of these services. In this post, we’ll examine the security aspects of each option, one by one. But before going ahead and looking at the security perspective I highly recommend looking at list of Azure AI Services Technologies made available by Microsoft. This list is inclusive of all those services which were part of erstwhile cognitive services and latest additions. Workflows with AI agents and models in Azure Logic Apps (Preview) – This approach focuses on running your agents as an action or as part of an “agent loop” with multiple actions within Azure Logic Apps. It’s important not to confuse this with the alternative setup, where Azure Logic Apps integrates with AI Agents in the Foundry Agent Service—either as a tool or as a trigger. (Announcement: Power your Agents in Azure AI Foundry Agent Service with Azure Logic Apps | Microsoft Community Hub). In that scenario, your agents are hosted under the Azure AI Foundry Agent Service, which we’ll discuss separately below. Although, to create an agent workflow, you’ll need to establish a connection—either to Azure OpenAI or to an Azure AI Foundry project for connecting to a model. When connected to a Foundry project, you can view agents and threads directly within that project’s lists. Since agents here run as Logic Apps actions, their security is governed by the Logic Apps security framework. Let’s look at the key aspects: Easy Auth or App Service Auth (Preview) - Agent workflows often integrate with a broader range of systems—models, MCPs, APIs, agents, and even human interactions. You can secure these workflows using Easy Auth, which integrates with Microsoft Entra ID for authentication and authorization. Read more here: Protect Agent Workflows with Easy Auth - Azure Logic Apps | Microsoft Learn. Securing and Encrypting Data at Rest - Azure Logic Apps stores data in Azure Storage, which uses Microsoft-managed keys for encryption by default. You can further enhance security by: Restricting access to Logic App operations via Azure RBAC Limiting access to run history data Securing inputs and outputs Controlling parameter access for webhook-triggered workflows Managing outbound call access to external services More info here: Secure access and data in workflows - Azure Logic Apps | Microsoft Learn. Secure Data at transit – When exposing your Logic App as an HTTP(S) endpoint, consider using: Azure API Management for access policies and documentation Azure Application Gateway or Azure Front Door for WAF (Web Application Firewall) protection. I highly recommend the labs provided by Logic Apps Product Group to learn more about Agentic Workflows: https://azure.github.io/logicapps-labs/docs/intro. Azure AI Foundry Agent Service – As of this writing, the Azure AI Foundry Agent Service abstracts the underlying infrastructure where your agents run. Microsoft manages this secure environment, so you don’t need to handle compute, network, or storage resources—though bring-your-own-storage is an option. Securing and Encrypting Data at Rest - Microsoft guarantees that your prompts and outputs remain private—never shared with other customers or AI providers (such as OpenAI or Meta). Data (from messages, threads, runs, and uploads) is encrypted using AES-256. It remains stored in the same region where the Agent Service is deployed. You can optionally use Customer-Managed Keys (CMK) for encryption. Read more here: Data, privacy, and security for Azure AI Agent Service - Azure AI Services | Microsoft Learn. Network Security – The service allows integration with your private virtual network using a private endpoint. Note: There are known limitations, such as subnet IP restrictions, the need for a dedicated agent subnet, same-region requirements, and limited regional availability. Read more here: How to use a virtual network with the Azure AI Foundry Agent Service - Azure AI Foundry | Microsoft Learn. Secure Data at transit – Upcoming enhancements include API Management support (soon in Public Preview) for AI APIs, including Model APIs, Tool APIs/MCP servers, and Agent APIs. Here is another great article about using APIM to safeguard HTTP APIs exposed by Azure OpenAI that let your applications perform embeddings or completions by using OpenAI's language models. Agent Orchestrators – We’ve introduced the Agent Framework, which succeeds both AutoGen and Semantic Kernel. According to the product group, it combines the best capabilities of both predecessors. Support for Semantic Kernel and related documentation for AutoGen will continue to be available for some time to allow users to transition smoothly to the new framework. When discussing the security aspects of agent orchestrators, it’s important to note that these considerations also extend to the underlying services hosting them—whether on AKS or Container Apps. However, this discussion will not focus on the security features of those hosting environments, as comprehensive resources already exist for them. Instead, we’ll focus on common security concerns applicable across different orchestrators, including AutoGen, Semantic Kernel, and other frameworks such as LlamaIndex, LangGraph, or LangChain. Key areas to consider include (but are not limited to): Secure Secrets / Key Management Avoid hard-coding secrets (e.g., API keys for Foundry, OpenAI, Anthropic, Pinecone, etc.). Use secret management solutions such as Azure Key Vault or environment variables. Encrypt secrets at rest and enforce strict limits on scope and lifetime. Access Control & Least Privilege Grant each agent or tool only the minimum required permissions. Implement Role-Based Access Control (RBAC) and enforce least privilege principles. Use strong authentication (e.g., OAuth2, Azure AD) for administrative or tool-level access. Restrict the scope of external service credentials (e.g., read-only vs. write) and rotate them regularly. Isolation / Sandboxing Isolate plugin execution and use inter-process separation as needed. Prevent user inputs from executing arbitrary code on the host. Apply resource limits for model or function execution to mitigate abuse. Sensitive Data Protection Encrypt data both at rest and in transit. Mask or remove PII before sending data to models. Avoid persisting sensitive context unnecessarily. Ensure logs and memory do not inadvertently expose secrets or user data. Prompt & Query Security Sanitize or escape user input in custom query engines or chat interfaces. Protect against prompt injection by implementing guardrails to monitor and filter prompts. Set context length limits and use safe output filters (e.g., profanity filters, regex validators). Observability, Logging & Auditing Maintain comprehensive logs, including tool invocations, agent decisions, and execution paths. Continuously monitor for anomalies or unexpected behaviour. I hope this overview assists you in evaluating and implementing the appropriate security measures for your chosen agentic solution.Selecting the Right Agentic Solution on Azure - Part 1
Recently, we have seen a surge in requests from customers and Microsoft partners seeking guidance on building and deploying agentic solutions at various scales. With the rise of Generative AI, replacing traditional APIs with agents has become increasingly popular. There are several approaches to building, deploying, running, and orchestrating agents on Azure. In this discussion, I will focus exclusively on Azure-specific tools, services, and methodologies, setting aside Copilot and Copilot Studio for now. This article describes the options available as of today. 1. Azure OpenAI Assistants API: This feature within Azure OpenAI Service enables developers to create conversational agents (“assistants”) based on OpenAI models (such as GPT-3.5 and GPT-4). It supports capabilities like memory, tool/function calls, and retrieval (e.g., document search). However, Microsoft has already deprecated version 1 of the Azure OpenAI Assistants API, and version 2 remains in preview. Microsoft strongly recommends migrating all existing Assistants API-based agents to the Agent Service. Additionally, OpenAI is retiring the Assistants API and advises developers to use the modern “Response” API instead (see migration detail). Given these developments, it is not advisable to use the Assistants API for building agents. Instead, you should use the Azure AI Agent Service, which is part of Azure AI Foundry. 2. Workflows with AI agents and models in Azure Logic Apps (Preview) – As the name suggests, this feature is currently in public preview and is only available with Logic Apps Standard, not with the consumption plan. You can enhance your workflow by integrating agentic capabilities. For example, in a visa processing workflow, decisions can be made based on priority, application type, nationality, and background checks using a knowledge base. The workflow can then route cases to the appropriate queue and prepare messages accordingly. Workflows can be implemented either as chat assistant or APIs. If your project is workflow-dependent and you are ready to implement agents in a declarative way, this is a great option. However, there are currently limited choices for models and regional availability. For CI/CD, there is an Azure Logic Apps Standard template available for VS Code you can use. 3. Azure AI Agent Service – Part of Azure AI Foundry, the Azure AI Agent Service allows you to provision agents declaratively from the UI. You can consume various OpenAI models (with support for non-OpenAI models coming soon) and leverage important tools or knowledge bases such as files, Azure AI Search, SharePoint, and Fabric. You can connect agents together and create hierarchical agent dependencies. SDKs are available for building agents within agent services using Python, C#, or Java. Microsoft manages the infrastructure to host and run these agents in isolated containers. The service offers role-based access control, MS Entra ID integration, and options to bring your own storage for agent states and Azure Key Vault keys. You can also incorporate different actions including invoking a Logic App instance from your agent. There is also option to trigger an agent using Logic Apps (preview). Microsoft recommends using Agent Service/Azure Foundry as the destination for agents, as further enhancements and investments are focused here. 4. Agent Orchestrators – There are several excellent orchestrators available, such as LlamaIndex, LangGraph, LangChain, and two from Microsoft—Semantic Kernel and AutoGen. These options are ideal if you need full control over agent creation, hosting, and orchestration. They are developer-only solutions and do not offer a UI (barring AutoGen Studio having some UI assistance). You can create complex, multi-layered agent connections. You can then host and run these agents in you choice of Azure services like AKS or Apps Service. Additionally, you have the option to create agents using Agent Service and then orchestrate them with one of these orchestrators. Choosing the Right Solution The choice of agentic solution depends on several factors, including whether you prefer code or no-code approaches, control over the hosting platform, customer needs, scalability, maintenance, orchestration complexity, security, and cost. Customer Need: If agents need to be part of a workflow, use AI Agents in Logic Apps; otherwise, consider other options. No-Code: For workflow-based agents, Logic Apps is suitable; for other scenarios, Azure AI Agent Service is recommended. Hosting and Maintenance: If Logic Apps is not an option and you prefer not to maintain your own environment, use Azure AI Agent Service. Otherwise, consider custom agent orchestrators like Semantic Kernel or AutoGen to build the agent and services like AKS or Apps Service to host those. Orchestration Complexity: For simple hierarchical agent connections, Azure AI Agent Service is good choice. For complex orchestration, use an agent orchestrator. Versioning - If you are concerned about versioning to ensure solid CI/CD regime then you may have to chose Agent Orchestrators. Agent Service still miss this feature clarity. We have some work-around but it is not robust implementation. Hopefully we will catch up soon with a better versioning solution. Summary: When selecting the right agentic solution on Azure, consider the latest recommendations and platform developments. For most scenarios, Microsoft advises using the Azure AI Agent Service within Azure Foundry, as it is the focus of ongoing enhancements and support. For workflow-driven projects, Azure Logic Apps with agentic capabilities may be suitable, while advanced users can leverage orchestrators for custom agent architectures. In Selecting the Right Agentic Solution on Azure – Part 2 (Security) blog we will examine the security aspects of each option, one by one.How Azure NetApp Files Object REST API powers Azure and ISV Data and AI services – on YOUR data
This article introduces the Azure NetApp Files Object REST API, a transformative solution for enterprises seeking seamless, real-time integration between their data and Azure's advanced analytics and AI services. By enabling direct, secure access to enterprise data—without costly transfers or duplication—the Object REST API accelerates innovation, streamlines workflows, and enhances operational efficiency. With S3-compatible object storage support, it empowers organizations to make faster, data-driven decisions while maintaining compliance and data security. Discover how this new capability unlocks business potential and drives a new era of productivity in the cloud.Validating Scalable EDA Storage Performance: Azure NetApp Files and SPECstorage Solution 2020
Electronic Design Automation (EDA) workloads drive innovation across the semiconductor industry, demanding robust, scalable, and high-performance cloud solutions to accelerate time-to-market and maximize business outcomes. Azure NetApp Files empowers engineering teams to run complex simulations, manage vast datasets, and optimize workflows by delivering industry-leading performance, flexibility, and simplified deployment—eliminating the need for costly infrastructure overprovisioning or disruptive workflow changes. This leads to faster product development cycles, reduced risk of project delays, and the ability to capitalize on new opportunities in a highly competitive market. In a historic milestone, Microsoft has been independently validated Azure NetApp Files for EDA workloads through the publication of the SPECstorage® Solution 2020 EDA_BLENDED benchmark, providing objective proof of its readiness to meet the most demanding enterprise requirements, now and in the future.Azure Course Blueprints
Overview The Course Blueprint is a comprehensive visual guide to the Azure ecosystem, integrating all the resources, tools, structures, and connections covered in the course into one inclusive diagram. It enables students to map out and understand the elements they've studied, providing a clear picture of their place within the larger Azure ecosystem. It serves as a 1:1 representation of all the topics officially covered in the instructor-led training. Formats available include PDF, Visio, Excel, and Video. Links: Each icon in the blueprint has a hyperlink to the pertinent document in the learning path on Learn. Layers: You have the capability to filter layers to concentrate on segments of the course Integration: The Visio Template+ for expert courses like SC-100 and AZ-305 includes an additional layer that enables you to compare SC-100, AZ-500, and SC-300 within the same diagram. Similarly, you can compare any combination of AZ-305, AZ-700, AZ-204, and AZ-104 to identify differences and study gaps. Since SC-300 and AZ-500 are potential prerequisites for the expert certification associated with SC-100, and AZ-204 or AZ-104 for the expert certification associated with AZ-305, this comparison is particularly useful for understanding the extra knowledge or skills required to advance to the next level. Advantages for Students Defined Goals: The blueprint presents learners with a clear vision of what they are expected to master and achieve by the course’s end. Focused Learning: By spotlighting the course content and learning targets, it steers learners’ efforts towards essential areas, leading to more productive learning. Progress Tracking: The blueprint allows learners to track their advancement and assess their command of the course material. Topic List: A comprehensive list of topics for each slide deck is now available in a downloadable .xlsx file. Each entry includes a link to Learn and its dependencies. Download links Associate Level PDF Visio Contents Video Overview AZ-104 Azure Administrator Associate R: 12/14/2023 U: 04/16/2025 Blueprint Visio Excel Mod 01 AZ-204 Azure Developer Associate R: 11/05/2024 U: 11/11/2024 Blueprint Visio Excel AZ-500 Azure Security Engineer Associate R: 01/09/2024 U: 10/10/2024 Blueprint Visio+ Excel AZ-700 Azure Network Engineer Associate R: 01/25/2024 U: 11/04/2024 Blueprint Visio Excel SC-200 Security Operations Analyst Associate R: 04/03/2025 U:04/09/2025 Blueprint Visio Excel SC-300 Identity and Access Administrator Associate R: 10/10/2024 Blueprint Excel Specialty PDF Visio AZ-140 Azure Virtual Desktop Specialty R: 01/03/2024 U: 02/27/2025 Blueprint Visio Excel Expert level PDF Visio AZ-305 Designing Microsoft Azure Infrastructure Solutions R: 05/07/2024 U: 02/05/2025 Blueprint Visio+ AZ-104 AZ-204 AZ-700 AZ-140 Excel SC-100 Microsoft Cybersecurity Architect R: 10/10/2024 U: 04/09/2025 Blueprint Visio+ AZ-500 SC-300 SC-200 Excel Skill based Credentialing PDF AZ-1002 Configure secure access to your workloads using Azure virtual networking R: 05/27/2024 Blueprint Visio Excel AZ-1003 Secure storage for Azure Files and Azure Blob Storage R: 02/07/2024 U: 02/05/2024 Blueprint Excel Subscribe if you want to get notified of any update like new releases or updates. Author: Ilan Nyska, Microsoft Technical Trainer My email ilan.nyska@microsoft.com LinkedIn https://www.linkedin.com/in/ilan-nyska/ I’ve received so many kind messages, thank-you notes, and reshares — and I’m truly grateful. But here’s the reality: 💬 The only thing I can use internally to justify continuing this project is your engagement — through this survey https://lnkd.in/gnZ8v4i8 ⏳ Unless I receive enough support via this short survey, the project will be sunset. Thank you for your support! ___ Benefits for Trainers: Trainers can follow this plan to design a tailored diagram for their course, filled with notes. They can construct this comprehensive diagram during class on a whiteboard and continuously add to it in each session. This evolving visual aid can be shared with students to enhance their grasp of the subject matter. Explore Azure Course Blueprints! | Microsoft Community Hub Visio stencils Azure icons - Azure Architecture Center | Microsoft Learn ___ Are you curious how grounding Copilot in Azure Course Blueprints transforms your study journey into smarter, more visual experience: 🧭 Clickable guides that transform modules into intuitive roadmaps 🌐 Dynamic visual maps revealing how Azure services connect ⚖️ Side-by-side comparisons that clarify roles, services, and security models Whether you're a trainer, a student, or just certification-curious, Copilot becomes your shortcut to clarity, confidence, and mastery. Navigating Azure Certifications with Copilot and Azure Course Blueprints | Microsoft Community HubAI for Operations - Copilot Agent Integration
Solution ideas The original framework introduced several Logic App and Function App patterns for SQL BPA, Update Manager, Cost Management, Anomaly Detection, and Smart Doc creation. In this article we add two Copilot Studio Agents, packaged in the GitHub repository Microsoft Azure AI for Operation Framework, designed to be deployed in a dedicated subscription (e.g., OpenAI-CoreIntegration): Copilot FinOps Agent – interactive cost & usage analysis Copilot Update Manager Agent – interactive patch status & one-time updates Architecture Copilot FinOps Agent A Copilot Studio agent that lets stakeholders chat in natural language to retrieve, compare, and summarise cost data—without leaving Teams. Dataflow # Stage Description Initial Trigger User message (Teams / Copilot Studio web) invoke topic The conversation kicks off the topic “Analyze Azure Costs”. 1 Pre-Processing Power Automate flow captures tenant ID, subscription filters, date range. 2 Cost Query Azure Cost Management APIs pull actual and previous spend, returning JSON rows (service name, cost €). 3 OpenAI Analysis Data is analyzed by OpenAI\Copilot Agent following the flow structure. 4 Response Formatting Copilot Studio flow format the output as a table. 5 Chat Reply Copilot agent posts the insight list. Users can ask any kind of question related the FinOps topic. Components Microsoft Copilot Studio (Developer licence) – low-code agent designer Power Automate Premium – orchestrates REST calls, prompt assembly, file handling Azure Cost Management + Billing – source of spend data (Rest API) Azure OpenAI Service – GPT-4o and o3-mini reasoning & text generation Microsoft Teams – chat surface for Q&A, cards, and adaptive actions Potential use cases Finance teams asking “Why did VM spend jump last week?” Engineers requesting a monthly cost overview before sprint planning Leadership dashboards that can be drilled into via natural-language chat Copilot Update Manager Agent A Copilot Studio agent that surfaces patch compliance and can trigger ad-hoc One-Time Updates for selected VMs directly from the chat. Dataflow # Stage Description Initial Trigger User message (Teams / Copilot Studio web) invoke topic. The conversation kicks off the topic “Analyze Azure Costs”. 1 Pre-Processing Flow validates RBAC and captures target scope (subscription / RG / VM). 2 Patch Status Query Azure Update Manager & Resource Graph query patchassessmentresources for KBs, severities, pending counts. 3 OpenAI Report GPT-4o - o3-mini generates: • VM-level summary (English) • General Overview 4 Adaptive Card Power Automate builds an Adaptive Card listing non-compliant VMs with “One-time Update”- "No action" buttons. 5a User Action – Review User inspects details or asks follow-up questions. 5b User Action – Patch Now Clicking One-time Update calls Update Manager REST API to start a One-Time Update job. 6 Confirmation Agent posts job ID, live status, and final success / error summary. Components Microsoft Copilot Studio – conversational front-end Power Automate Premium – API orchestration & status polling Azure Update Manager – compliance data & patch execution Azure OpenAI Service – explanation & remediation text Microsoft Teams – Adaptive Cards with action buttons Potential use cases Service owners getting a daily compliance digest with the ability to remediate on demand Security officers validating zero-day patch rollout status via chat Help-desk agents triaging “Is VM X missing critical updates?” without opening the Azure portal Prerequisites Resource Quantity Notes Copilot Studio Developer licence 1 Assign in Microsoft 365 Admin Center Power Automate Premium licence 1 user Needed for HTTP, Azure AD, OpenAI connectors Microsoft Teams 1 user Chat interface Azure subscription 1 Dedicated OpenAI-CoreIntegration recommended GitHub repo latest Microsoft Azure AI for Operation Framework Copilot Agent Copilot Studio User Experience Deployment steps (high level) Assign licences – Copilot Studio Developer + Power Automate Premium Create Copilot Studio Agent New Agent → Skip to configure → fill basics → Create → Settings → disable GenAI orchestration Import topics Copilot topic Update Manager (link to configuration file) Copilot topic FinOps (link to configuration file) Publish & share the agent to Teams. Verify permission scopes for Cost Management and Update Manager APIs. Start chatting! Feel free to clone the GitHub repo, adapt the topics to your tag taxonomy or FinOps dashboard structure, and let us know in the comments how Copilot Agents are transforming your operational workflows and... Stay Tuned for the next updates! Contributors Principal authors Tommaso Sacco | Cloud Solutions Architect Simone Verza | Cloud Solution Architect Special thanks Carmelo Ferrara | Director CSA Antonio Sgrò | Sr CSA Manager Marco Crippa | Sr CSA ManagerBoosting Productivity with Ansys RedHawk-SC and Azure NetApp Files Intelligent Data Infrastructure
Discover how integrating Ansys Access with Azure NetApp Files (ANF) is revolutionizing cloud-based engineering simulations. This article reveals how organizations can harness enterprise-grade storage performance, seamless scalability, and simplified deployment to supercharge Ansys RedHawk-SC workloads on Microsoft Azure. Unlock faster simulations, robust data management, and cost-effective cloud strategies—empowering engineering teams to innovate without hardware limitations. Dive in to learn how intelligent data infrastructure is transforming simulation productivity in the cloud!
Modernizing Loan Processing with Gen AI and Azure AI Foundry Agentic Service
Scenario Once a loan application is submitted, financial institutions must process a variety of supporting documents—including pay stubs, tax returns, credit reports, and bank statements—before a loan can be approved. This post-application phase is often fragmented and manual, involving data retrieval from multiple systems, document verification, eligibility calculations, packet compilation, and signing. Each step typically requires coordination between underwriters, compliance teams, and loan processors, which can stretch the processing time to several weeks. This solution automates the post-application loan processing workflow using Azure services and Generative AI agents. Intelligent agents retrieve and validate applicant data, extract and summarize document contents, calculate loan eligibility, and assemble structured, compliant loan packets ready for signing. Orchestrated using Azure AI Foundry, the system ensures traceable agent actions and responsible AI evaluations. Final loan documents and metrics are stored securely for compliance and analytics, with Power BI dashboards enabling real-time visibility for underwriters and operations teams. Architecture: Workflow Description: The loan processing architecture leverages a collection of specialized AI agents, each designed to perform a focused task within a coordinated, intelligent workflow. From initial document intake to final analytics, these agents interact seamlessly through an orchestrated system powered by Azure AI Foundry, GPT-4o, Azure Functions and the Semantic Kernel. The agents not only automate and accelerate individual stages of the process but also communicate through an A2A layer to share critical context—enabling efficient, accurate, and transparent decision-making across the pipeline. Below is a breakdown of each agent and its role in the system. It all begins at the User Interaction Layer, where a Loan Processor or Underwriter interacts with the web application. This interface is designed to be simple, intuitive, and highly responsive to human input. As soon as a request enters the system, it’s picked up by the Triage Agent, powered by GPT-4o or GPT-4o-mini. This agent acts like a smart assistant that can reason through the problem and break it down into smaller, manageable tasks. For example, if the user wants to assess a new applicant, the Triage Agent identifies steps like verifying documents, calculating eligibility, assembling the loan packet, and so on. Next, the tasks are routed to the Coordinator Agent, which acts as the brains of the operation. Powered by Azure Functions & Sematic Kernel, this agent determines the execution order, tracks dependencies, and assigns each task to the appropriate specialized agent. The very first action that the Coordinator Agent triggers is the Applicant Profile Retrieval Agent. This agent taps into Azure AI Search, querying the backend to retrieve all relevant data about the applicant — previous interactions, submitted documents, financial history, etc. This rich context sets the foundation for the steps that follow. Once the applicant profile is in place, the Coordinator Agent activates a set of specialized agents, as outlined to perform specialized tasks as per the prompt received in the interaction layer. Below is the list of specialized agents: a. Documents Verification Agent: This agent checks and verifies the authenticity and completeness of applicant-submitted documents as part of the loan process. Powered by: GPT-4o b. Applicant Eligibility Assessment Agent: It evaluates whether the applicant meets the criteria for loan eligibility based on predefined rules and document content. Powered by: GPT-4o c. Loan Calculation Agent: This agent computes loan values and terms based on the applicant’s financial data and eligibility results. Powered by: GPT-4o d. Loan Packet Assembly Agent: This agent compiles all verified data into a complete and compliant loan packet ready for submission or signing. Powered by: GPT-4o e. Loan Packet Signing Agent: It handles the digital signing process by integrating with DocuSign and ensures all necessary parties have executed the loan packet. Powered by: GPT-4o f. Analytics Agent: This agent connects with Power BI to update applicant status and visualize insights for underwriters and processors. Powered by: GPT-4o Components Here are the key components of your Loan Processing AI Agent Architecture: Azure OpenAI GPT-4o/GPT 4o mini: Advanced multimodal language model. Used to summarize, interpret, and generate insights from documents, supporting intelligent automation. Empowers agents in this architecture with contextual understanding and reasoning. Azure AI Foundry Agent Service: Agent orchestration framework. Manages the creation, deployment, and lifecycle of task-specific agents—such as classifiers, retrievers, and validators—enabling modular execution across the loan processing workflow. Semantic Kernel: Lightweight orchestration library. Facilitates in-agent coordination of functions and plugins. Supports memory, chaining of LLM prompts, and integration with external systems to enable complex, context-aware behavior in each agent. Azure Functions: Serverless compute for handling triggers such as document uploads, user actions, or decision checkpoints. Initiates agent workflows, processes events, and maintains state transitions throughout the loan processing pipeline. Azure Cosmos DB: Globally distributed NoSQL database used for agent memory and context persistence. Stores conversation history, document embeddings, applicant profile snapshots, and task progress for long running or multi-turn workflows. Agentic Content Filters: Responsible AI mechanism for real-time filtering. Evaluates and blocks sensitive or non-compliant outputs generated by agents using customizable guardrails. Agentic Evaluations: Evaluation framework for agent workflows. Continuously tests, scores, and improves agent outputs using both automatic and human-in-the-loop metrics. Power BI: Business analytics tool that visualizes loan processing stages, agent outcomes, and applicant funnel data. Enables real-time monitoring of agent performance, SLA adherence, and operational bottlenecks for decision makers. Azure ML Studio: Code-first development environment for building and training machine learning models in Python. Supports rapid iteration, experimentation, and deployment of custom models that can be invoked by agents. Security Considerations: Web App: For web applications, access control and identity management can be done using App Roles, which determine whether a user or application can sign in or request an access token for a web API. For threat detection and mitigation, Defender for App Service leverages the scale of the cloud to identify attacks targeting apps hosted on Azure App Service. Azure AI Foundry: Azure AI Foundry supports robust identity management using Azure Role-Based Access Control (RBAC) to assign roles within Microsoft Entra ID, and it supports Managed Identities for secure resource access. Conditional Access policies allow organizations to enforce access based on location, device, and risk level. For network security, Azure AI Foundry supports Private Link, Managed Network Isolation, and Network Security Groups (NSGs) to restrict resource access. Data is encrypted in transit and at rest using Microsoft-managed keys or optional Customer-Managed Keys (CMKs). Azure Policy enables auditing and enforcing configurations for all resources deployed in the environment. Additionally, Microsoft Entra Agent ID, which extends identity management and access capabilities to AI agents. Now, AI agents created within Microsoft Copilot Studio and Azure AI Foundry are automatically assigned identities in a Microsoft Entra directory centralizing agent and user management in one solution. AI Security Posture Management can be used to assess the security posture of AI workloads. Purview APIs enable Azure AI Foundry and developers to integrate data security and compliance controls into custom AI apps and agents. This includes enforcing policies based on how users interact with sensitive information in AI applications. Purview Sensitive Information Types can be used to detect sensitive data in user prompts and responses when interacting with AI applications. Cosmos DB: Azure Cosmos DB enhances network security by supporting access restrictions via Virtual Network (VNet) integration and secure access through Private Link. Data protection is reinforced by integration with Microsoft Purview, which helps classify and label sensitive data, and Defender for Cosmos DB to detect threats and exfiltration attempts. Cosmos DB ensures all data is encrypted in transit using TLS 1.2+ (mandatory) and at rest using Microsoft-managed or customer-managed keys (CMKs). Power BI: Power BI leverages Microsoft Entra ID for secure identity and access management. In Power BI embedded applications, using Credential Scanner is recommended to detect hardcoded secrets and migrate them to secure storage like Azure Key Vault. All data is encrypted both at rest and during processing, with an option for organizations to use their own Customer-Managed Keys (CMKs). Power BI also integrates with Microsoft Purview sensitivity labels to manage and protect sensitive business data throughout the analytics lifecycle. For additional context, Power BI security white paper - Power BI | Microsoft Learn Related Scenarios Financial Institutions: Banks and credit unions can streamline customer onboarding by using agentic services to autofill account paperwork, verify identity, and route data to compliance systems. Similarly, signing up for credit cards and applying for personal or business loans can be orchestrated through intelligent agents that collect user input, verify eligibility, calculate offers, and securely generate submission packets—just like in the proposed loan processing model. Healthcare: Healthcare providers can deploy a similar agentic architecture to simplify patient intake by pre-filling forms, validating insurance coverage in real-time, and pulling medical history from existing systems securely. Agents can reason over patient inputs and coordinate backend workflows, improving administrative efficiency and enhancing the patient experience. University Financial Aid/Scholarships: Universities can benefit from agentic orchestration for managing financial aid processes—automating the intake of FAFSA or institutional forms, matching students with eligible scholarships, and guiding them through complex application workflows. This reduces manual errors and accelerates support delivery to students. Car Dealerships’ Financial Departments: Agentic systems can assist car dealerships in handling non-lot inventory requests, automating the intake and validation of custom vehicle orders. Additionally, customer loan applications can be processed through AI agents that handle verification, calculation, and packet assembly—mirroring the structure in the loan workflow above. Commercial Real Estate: Commercial real estate firms can adopt agentic services to streamline property research, valuations, and loan application workflows. Intelligent agents can pull property data, fill out required financial documents, and coordinate submissions, making real estate financing faster and more accurate. Law: Law firms can automate client onboarding with agents that collect intake data, pre-fill compliance documentation, and manage case file preparation. By using AI Foundry to coordinate agents for documentation, verification, and assembly, legal teams can reduce overhead and increase productivity. Contributors: This article is maintained by Microsoft. It was originally written by the following contributors. Principal authors: Manasa Ramalinga| Principal Cloud Solution Architect – US Customer Success Oscar Shimabukuro Kiyan| Senior Cloud Solution Architect – US Customer Success Abed Sau | Principal Cloud Solution Architect – US Customer Success Matt Kazanowsky | Senior Cloud Solution Architect – US Customer Success
