Giving Developers Claude Code with Azure API Management and Claude Models in Microsoft Foundry

2026-06-04 · Source: Microsoft Foundry Blog articles · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cloud Computing & IT Infrastructure, Software Development & Engineering · Depth: Advanced, long

Summary

This article details a production-ready architecture for providing developers secure access to Anthropic's "Claude Code" models hosted in Microsoft Foundry, billed through an Azure subscription. The pattern leverages Azure API Management (APIM) as an LLM gateway, authenticating individual developers via Entra ID. APIM enforces per-user rate limits and token quotas using GenAI policies, and emits usage metrics for cost tracking. Foundry can reside in a separate Azure subscription, with APIM authenticating to it using either a Foundry "api-key" (suitable for cross-tenant scenarios) or a managed identity (preferred for production, eliminating shared secrets). Developers only handle short-lived Entra tokens, ensuring Foundry keys never leave APIM. The guide includes PowerShell steps for Windows developers and covers deployment of Claude Sonnet 4.6, Haiku 4.5, and Opus 4.6 in regions like East US 2 or Sweden Central.

Key takeaway

For AI Architects or MLOps Engineers tasked with securely scaling LLM access, this pattern provides a robust solution. You should implement Azure API Management as a "Claude Code" gateway to centralize authentication via Entra ID, enforce per-developer token quotas, and gain granular cost visibility. This approach eliminates key sprawl and enables seamless upgrades to managed identity and private networking without disrupting developer workflows.

Key insights

Centralize "Claude Code" access via Azure APIM to manage authentication, usage, and cost for developers.

Principles

• Decouple developer-facing and backend authentication.
• Meter LLM usage by tokens, not just requests.
• Pin model versions to prevent breaking changes.

Method

Deploy Claude models in Microsoft Foundry, configure Entra ID app registration, provision APIM API with GenAI policies, and set up "Claude Code" clients with an "api-key" helper.

In practice

• Use "llm-token-limit" and "rate-limit-by-key" for granular control.
• Implement Key Vault-backed named values for "api-key" rotation.
• Switch to managed identity for APIM-to-Foundry authentication in production.

Topics

• Azure API Management
• Microsoft Foundry
• Claude Code
• Entra ID
• LLM Gateway
• Token Management
• Cost Tracking

Best for: AI Engineer, MLOps Engineer, AI Architect

Related on AIssential

• How I Use Bifrost MCP Gateway and Code Mode to Give Claude Code Safer MCP Access with Lower Token Cost — Bifrost's MCP Gateway and Code Mode enhance Claude Code's tool use with governance, cost reduction, and scalable orchestration.
• v2.1.97 — Claude Code prioritizes security, performance, and extensibility through continuous iterative improvements and new feature introductions.
• v2.1.70 — This update significantly enhances Claude Code's stability, performance, and VS Code integration through targeted bug fixes and feature additions.
• Alishahryar1 / free-claude-code — A proxy enables free use of Claude Code by routing Anthropic API calls to alternative LLM providers.
• 23 Tips for Smart Claude Code Token Saving and Workflow Optimization — Proactive context management and strategic tool usage are crucial for controlling Claude Code token costs.
• From developer desks to the whole organization: Running Claude Cowork in Amazon Bedrock — Amazon Bedrock now integrates Claude Cowork and Code Desktop for enhanced knowledge worker productivity.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by Microsoft Foundry Blog articles.