Foundry Agents and Custom Engine Agents through the Corporate Firewall

2026-04-01 · Source: Microsoft Foundry Blog articles · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cloud Computing & IT Infrastructure, Cybersecurity & Data Privacy · Depth: Advanced, long

Summary

Implementing Microsoft Foundry Agents and Custom Engine Agents within a private corporate network, accessible via Teams and Copilot, presents significant firewall challenges. While Foundry automatically creates an Azure Bot resource with a messaging endpoint, this endpoint is often behind a private IP address, making it unreachable from Microsoft's external Channel Adapters. The solution involves configuring a custom DNS record pointing to a public IP address on the corporate firewall, followed by using Azure API Management (APIM) or a YARP reverse proxy to terminate TLS with a custom certificate and validate JSON Web Tokens (JWTs). This setup ensures secure inbound traffic by verifying the JWT signature and audience claim against the Bot's Microsoft App ID, preventing unauthorized access. Outbound traffic from Custom Engine Agents also requires specific firewall rules for communication with Microsoft's Bot channel adapters and Entra ID.

Key takeaway

For AI Architects and MLOps Engineers deploying Azure Foundry or Custom Engine Agents in a regulated, firewall-controlled environment, prioritize a robust perimeter security strategy. Implement Azure API Management or a YARP proxy to handle TLS termination and cryptographic JWT validation at the network edge. This approach ensures that only authenticated and authorized requests reach your internal agents, significantly reducing security risks and enabling scalable agent deployment within your private network.

Key insights

Securely connecting Azure Agents behind a corporate firewall requires careful management of DNS, TLS, and JWT validation.

Principles

• Use defense-in-depth for network security.
• Validate JWT signatures and audience claims.
• Separate inbound and outbound firewall rules.

Method

Configure custom DNS to point to a firewall's public IP, use APIM or YARP for TLS termination and JWT validation, and establish specific outbound firewall rules for Bot communication.

In practice

• Deploy APIM for managed JWT validation.
• Use YARP for code-based validation control.
• Restrict inbound IPs to AzureBotService ranges.

Topics

• Foundry Agents
• Custom Engine Agents
• Corporate Firewall
• Azure API Management
• JWT Validation

Best for: AI Architect, AI Security Engineer, MLOps Engineer

Related on AIssential

• Cisco Live 2026: New Security Tools Target AI Threats — Cisco's new platform and security tools aim to unify AI-era IT management and defend against machine-speed threats.
• AI Agents Have an Identity Complex With Jeff Malnick — AI agents' reasoning capabilities necessitate dynamic, just-in-time identity and authorization beyond traditional static permission models.
• Run Untrusted AI Agent Code Safely with Azure Container Apps Sandboxes — Azure Container Apps Sandboxes provide hardware-isolated microVMs for securely executing untrusted AI agent code, preventing host compromise.
• Control which domains your AI agents can access — AWS Network Firewall provides robust domain-based egress filtering for AI agents using Amazon Bedrock AgentCore.
• Building Production-Ready, Secure, Observable, AI Agents with Real-Time Voice with Microsoft Foundry — Microsoft Foundry offers an enterprise-grade platform for building, securing, and observing AI agents with real-time voice capabilities.
• Cross-Region Model Connectivity Options in Microsoft Foundry: Supported Patterns and Tradeoffs — Azure API Management enables governed, VNet-secured cross-region model access in Microsoft Foundry, extending agent and inference capabilities.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by Microsoft Foundry Blog articles.