Plan & Manage an Azure AI Solution
Exam weight: 25โ30%
This domain appears in every other domain โ getting service selection and Foundry setup right is foundational to everything else.
Overviewโ
This domain covers choosing the right Foundry services for each AI task, setting up infrastructure, and managing the AI system throughout its lifecycle โ including security, cost, monitoring, and responsible AI governance.
Key Conceptsโ
Service Selectionโ
| Task | Choose |
|---|---|
| Generative text / chat | LLM (GPT-4o, GPT-4, etc.) |
| Analyze images + text together | Multimodal model (GPT-4o) |
| Speech to/from text | Azure AI Speech in Foundry Tools |
| Text translation | Azure Translator in Foundry Tools |
| Text analysis (sentiment, NER, etc.) | Azure AI Language in Foundry Tools or LLM |
| Document / image / audio / video extraction | Azure Content Understanding in Foundry Tools |
| Search and grounding / RAG | Azure AI Search (vector + hybrid search) |
| Agent memory and tool integration | Foundry Agent Service + AI Search + functions |
Foundry Infrastructureโ
| Concept | Description |
|---|---|
| Hub | Top-level Foundry resource โ shared compute, connections, and security settings |
| Project | A scoped workspace within a hub โ deployments, agents, and data sources |
| Deployment | A model instance with a name, version, and capacity allocation |
| Connection | A link from a Foundry project to an external resource (Azure AI Search, storage, etc.) |
| Endpoint | The URL used to call a deployed model or service |
Securityโ
| Mechanism | Use when |
|---|---|
| Managed Identity | Preferred for production โ no secrets in code |
Keyless credentials (DefaultAzureCredential) | Uses managed identity or local login automatically |
| API keys | Simple, but avoid in production; rotate regularly |
| Private networking | Isolate Foundry resources in a VNet |
| Role-based access control (RBAC) | Assign least-privilege roles to identities |
Responsible AI Governanceโ
| Feature | Purpose |
|---|---|
| Content filters | Block harmful input/output categories (violence, hate, sexual, self-harm) |
| Prompt shields | Detect and block prompt injection attacks |
| Groundedness detection | Identify hallucinations in RAG responses |
| Safety evaluations | Batch evaluation of model outputs for safety |
| Trace logging | Record inputs, outputs, and tool calls for audit |
| Approval workflows | Human-in-the-loop controls for autonomous agents |