You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/ai-foundry/agents/faq.yml
+13-13Lines changed: 13 additions & 13 deletions
Original file line number
Diff line number
Diff line change
@@ -40,7 +40,7 @@ sections:
40
40
- question: |
41
41
Is my data used by Microsoft for training models?
42
42
answer: |
43
-
No. Data is not used by Microsoft for training models. See the [Responsible AI documentation](/azure/ai-foundry/responsible-ai/openai/data-privacy) for more information.
43
+
No. Data isn't used by Microsoft for training models. See the [Responsible AI documentation](/azure/ai-foundry/responsible-ai/openai/data-privacy) for more information.
44
44
- question: |
45
45
Where is data stored geographically?
46
46
answer: |
@@ -66,10 +66,10 @@ sections:
66
66
- question: |
67
67
Why is subnet delegation needed?
68
68
answer: |
69
-
Both the Agent client and its' compute run on Azure Container Apps (ACA). When you run the Agent client and its compute on Azure Container Apps (ACA) inside an existing virtual network, you must supply a dedicated subnet delegated to `Microsoft.App/environments`.
70
-
1. Delegation pins them to the right subnet. It tells Azure exactly where to “inject” the Agent client so ACA can create its network interfaces there.
69
+
Both the Agent client and compute run on Azure Container Apps (ACA). When you run the Agent client and the associated compute on Azure Container Apps (ACA) inside an existing virtual network, you must supply a dedicated subnet delegated to `Microsoft.App/environments`.
70
+
1. Delegation pins them to the right subnet. It tells Azure exactly where to “inject” the Agent client so ACA can create network interfaces there.
71
71
2. ACA then applies the needed plumbing - IP addresses, routing, NSGs, and service-managed identity wiring, is configured automatically.
72
-
3. Without the delegation, ACA refuses to deploy, so neither the Agent client nor the compute layer could join your VNet, breaking isolation and compliance requirements.
72
+
3. Without the delegation, ACA refuses to deploy, so neither the Agent client nor the compute layer could join your Virtual Network, breaking isolation, and compliance requirements.
73
73
In short, delegating the subnet is the prerequisite that lets ACA, and therefore your Agent runtime, live inside your private network with the correct security and routing policies in place and in your control.
74
74
- question: |
75
75
What regions are supported for class A?
@@ -84,27 +84,27 @@ sections:
84
84
answer: |
85
85
The recommended subnet size is /24 (256 address) and is what we default to in our templates. The minimum subnet size is /27 (32 addresses). The reason why /24 is recommended is because of the runtime impact in the event of a container update, listed in the ACA documentation. For more information, see [Configuring virtual networks Azure Container Apps environments](/azure/container-apps/custom-virtual-networks?tabs=workload-profiles-env#subnet).
86
86
87
-
We set an IP range per Azure AI Foundry account. Each project gets an IP from the range. There is not IP address set per Agent, but per project. This means there is no limit to the number of agents to create within your project. The user is not limited by the minimum address space of the subnet to create any number of agents.
87
+
We set an IP range per Azure AI Foundry account. Each project gets an IP from the range. There isn't IP address set per Agent, but per project. This means there's no limit to the number of agents to create within your project. The user isn't limited by the minimum address space of the subnet to create any number of agents.
88
88
- question: |
89
89
What is the minimum and recommended virtual network address range for the Agent service?
90
90
answer: |
91
-
As long as there is address space for Agent subnet and private endpoints, then virtual network address range can be anything.
91
+
As long as there's address space for Agent subnet and private endpoints, then virtual network address range can be anything.
92
92
- question: |
93
-
Can I use peered VNETs? Can I have resources in different virtual networks?
93
+
Can I use peered Virtual Networks? Can I have resources in different virtual networks?
94
94
answer: |
95
-
Yes this is feasibly possible since the virtual network is in the your subscription, and you should be able to peer with any virtual network. But data transfer is quite costly so it is not recommended to do this. The requirement is all resources must be in the same region as the Foundry resource.
95
+
Yes this is feasibly possible since the virtual network is in your subscription, and you should be able to peer with any virtual network. But data transfer is quite costly so it isn't recommended to do this. The requirement is all resources must be in the same region as the Foundry resource.
96
96
- question: |
97
-
Do I need to whitelist any FQDNs if I am using an Azure firewall?
97
+
Do I need to allowlist any FQDNs if I'm using an Azure firewall?
98
98
answer: |
99
-
Yes, allowlist the Fully Qualified Domain Names (FQDNs) listed **Managed Identity in the [Use Azure Firewall with Azure Container Apps](/azure/container-apps/use-azure-firewall) article or add the service tag `AzureActiveDirectory`. Verify no TLS inspection happens in the firewall that could be adding a self-signed certificate. During failures, inspect if there is any traffic landing on the firewall and what traffic is being blocked by the firewall.
99
+
Yes, allowlist the Fully Qualified Domain Names (FQDNs) listed **Managed Identity in the [Use Azure Firewall with Azure Container Apps](/azure/container-apps/use-azure-firewall) article or add the service tag `AzureActiveDirectory`. Verify no TLS inspection happens in the firewall that could be adding a self-signed certificate. During failures, inspect if there's any traffic landing on the firewall and what traffic is being blocked by the firewall.
100
100
- question:
101
-
Can the virtual network be re-used by multiple Azure AI Foundry resources?
101
+
Can the virtual network be reused by multiple Azure AI Foundry resources?
102
102
answer: |
103
-
Yes, a virtual network can be re-used by multiple Foundry resources, but the Agent runtime subnet is per Foundry account.
103
+
Yes, a virtual network can be reused by multiple Foundry resources, but the Agent runtime subnet is per Foundry account.
104
104
- question: |
105
105
Does the virtual network need to be in the same resource group as Foundry?
106
106
answer: |
107
-
No, the same resource group is not needed, but the same region is required.
107
+
No, the same resource group isn't needed, but the same region is required.
108
108
- question: |
109
109
What additional configuration is needed if I want to add tools to my agents?
0 commit comments