So Microsoft went and built another managed platform for AI agents. Foundry Agent Service, that's what they're calling it now. And honestly, after spending time reading through what they've put together, I have thoughts. Some good. Some not so good.
The basic idea is simple. You build AI agents, Microsoft handles the infrastructure. Hosting, scaling, identity, observability, security, all managed. You just write the agent logic and deploy. Sounds familiar right? Because every cloud provider is racing to be the "platform for AI agents" right now. But Microsoft actually has some interesting pieces here that I want to talk about.
How the thing actually works
There are three types of agents you can build:
Prompt agents: These are no-code, you just configure instructions, pick a model, add tools, done.
Workflow agents: Let you orchestrate multiple agents together with branching logic and human-in-the-loop steps, which is the part that actually excites me.
Hosted agents: Where you bring your own code, your own framework, Agent Framework, LangGraph, whatever, deploy it as a container, and Foundry runs it for you.
The model support is broad. GPT-4o obviously, but also Llama, DeepSeek, and others from their model catalog. You can swap models without changing agent code. I mean, in theory. We tried something similar at OZ last year when switching between models on a client project and the "just swap the model" thing is never that clean. Prompts that work great with GPT-4o behave differently with Llama. Temperature settings, token limits, tool calling formats — all different. So yes, model flexibility is there, but don't expect zero effort.
The built-in tools are where it gets interesting. Web search, file search, code interpreter, memory, MCP servers, custom functions. And they have managed authentication, both service-managed credentials and On-Behalf-Of (OBO) auth. That OBO piece is actually big for enterprise scenarios where your agent needs to act as the user to access downstream APIs. I've seen teams spend weeks building this kind of auth plumbing from scratch.
Where this gets real — and where it doesn't
The development lifecycle they've mapped out is solid on paper: Create, test, trace, evaluate, publish, monitor. The tracing part is something I want to highlight because most agent frameworks treat observability as an afterthought. Here you get end-to-end tracing of every model call, every tool invocation, every decision. Application Insights integration baked in. When your agent does something weird in production, and it will, trust me, you actually have a way to figure out what happened.
Publishing is another area they've thought through. You can version your agents, roll back, promote to stable endpoints, and distribute through Teams and Microsoft 365 Copilot. For organizations already deep in the Microsoft stack, this is honestly the killer feature. Your agent just shows up where people already work. No separate app, no new URL to bookmark that nobody will remember.
But here is my concern. Workflow agents and hosted agents are both in preview. So you have the flagship features of the platform that are not GA yet. I've been burned before building production systems on Azure preview services. The APIs change, the pricing changes, sometimes the whole thing gets deprecated. Not saying that will happen here, Microsoft is clearly betting big on this, but I am saying be careful what you put in production today.
The enterprise security story is strong though. Microsoft Entra identity per agent, RBAC, virtual network isolation, content safety filters for prompt injection including cross-prompt injection attacks. Bring your own storage, your own Azure AI Search, your own Cosmos DB for conversation state. This matters more than people think. I was talking to a banking client last month who rejected three different agent platforms because none of them could meet their data residency requirements. Foundry checks that box.
The cost nobody warns you about
They don't talk pricing on the overview page which is classic Microsoft. But from what I know about Azure AI services pricing, you're paying for compute, model inference, storage, and probably per-agent-execution. The managed infrastructure sounds great until your finance team sees the bill. I keep telling people, whatever you estimate for AI agent costs, multiply by 3x minimum. You have the model calls, the tool executions, the retries when tools fail, the tracing data storage. It adds up fast.
One more thing. The no-code prompt agent path is genuinely useful for prototyping. I built a test agent in maybe 15 minutes through the portal, connected file search and web search, and it worked. But the gap between "works in playground" and "works in production" is where most teams struggle. The platform gives you the tools to bridge that gap but you still need people who understand agent design patterns, prompt engineering, error handling for tool failures, and all the messy stuff that makes AI systems actually reliable.
Is this the future of autonomous AI? I think it is a future. Microsoft is making the right bet that most companies don't want to manage agent infrastructure themselves. They want to write the logic and let someone else handle the rest. Whether Foundry becomes the dominant platform depends on execution over the next year and whether those preview features actually ship as stable.
