da Agency

Agent Factory: Creating a blueprint for safe and secure AI agents

This blog post is the sixth out of a six-part blog series called Agent Factory which shares best practices, design patterns, and tools to help guide you through adopting and building agentic AI.

Trust as the next frontier

Trust is rapidly becoming the defining challenge for enterprise AI. If observability is about seeing, then security is about steering. As agents move from clever prototypes to core business systems, enterprises are asking a harder question: how do we keep agents safe, secure, and under control as they scale?

The answer is not a patchwork of point fixes. It is a blueprint. A layered approach that puts trust first by combining identity, guardrails, evaluations, adversarial testing, data protection, monitoring, and governance.

Learn more about building trust with Azure AI Foundry

Why enterprises need to create their blueprint now

Across industries, we hear the same concerns:

CISOs worry about agent sprawl and unclear ownership.

Security teams need guardrails that connect to their existing workflows.

Developers want safety built in from day one, not added at the end.

These pressures are driving the shift left phenomenon. Security, safety, and governance responsibilities are moving earlier into the developer workflow. Teams cannot wait until deployment to secure agents. They need built-in protections, evaluations, and policy integration from the start.

Data leakage, prompt injection, and regulatory uncertainty remain the top blockers to AI adoption. For enterprises, trust is now a key deciding factor in whether agents move from pilot to production.

What safe and secure agents look like

From enterprise adoption, five qualities stand out:

Unique identity: Every agent is known and tracked across its lifecycle.

Data protection by design: Sensitive information is classified and governed to reduce oversharing.

Built-in controls: Harm and risk filters, threat mitigations, and groundedness checks reduce unsafe outcomes.

Evaluated against threats: Agents are tested with automated safety evaluations and adversarial prompts before deployment and throughout production.

Continuous oversight: Telemetry connects to enterprise security and compliance tools for investigation and response.

These qualities do not guarantee absolute safety, but they are essential for building trustworthy agents that meet enterprise standards. Baking these into our products reflects Microsoft’s approach to trustworthy AI. Protections are layered across the model, system, policy, and user experience levels, continuously improved as agents evolve.

How Azure AI Foundry supports this blueprint

Azure AI Foundry brings together security, safety, and governance capabilities in a layered process enterprises can follow to build trust in their agents.

Entra Agent IDComing soon, every agent created in Foundry will be assigned a unique Entra Agent ID, giving organizations visibility into all active agents across a tenant and helping to reduce shadow agents.

Agent controlsFoundry offers industry first agent controls that are both comprehensive and built in. It is the only AI platform with a cross-prompt injection classifier that scans not just prompt documents but also tool responses, email triggers, and other untrusted sources to flag, block, and neutralize malicious instructions. Foundry also provides controls to prevent misaligned tool calls, high risk actions, and sensitive data loss, along with harm and risk filters, groundedness checks, and protected material detection.

Risk and safety evaluationsEvaluations provide a feedback loop across the lifecycle. Teams can run harm and risk checks, groundedness scoring, and protected material scans both before deployment and in production. The Azure AI Red Teaming Agent and PyRIT toolkit simulate adversarial prompts at scale to probe behavior, surface vulnerabilities, and strengthen resilience before incidents reach production.

Data control with your own resourcesStandard agent setup in Azure AI Foundry Agent Service allows enterprises to bring their own Azure resources. This includes file storage, search, and conversation history storage. With this setup, data processed by Foundry agents remains within the tenant’s boundary under the organization’s own security, compliance, and governance controls.

Network isolationFoundry Agent Service supports private network isolation with custom virtual networks and subnet delegation. This configuration ensures that agents operate within a tightly scoped network boundary and interact securely with sensitive customer data under enterprise terms.

Microsoft PurviewMicrosoft Purview helps extend data security and compliance to AI workloads. Agents in Foundry can honor Purview sensitivity labels and DLP policies, so protections applied to data carry through into agent outputs. Compliance teams can also use Purview Compliance Manager and related tools to assess alignment with frameworks like the EU AI Act and NIST AI RMF, and securely interact with your sensitive customer data under your terms.

Microsoft DefenderFoundry surfaces alerts and recommendations from Microsoft Defender directly in the agent environment, giving developers and administrators visibility into issues such as prompt injection attempts, risky tool calls, or unusual behavior. This same telemetry also streams into Microsoft Defender XDR, where security operations center teams can investigate incidents alongside other enterprise alerts using their established workflows.

Governance collaboratorsFoundry connects with governance collaborators such as Credo AI and Saidot. These integrations allow organizations to map evaluation results to frameworks including the EU AI Act and the NIST AI Risk Management Framework, making it easier to demonstrate responsible AI practices and regulatory alignment.

Blueprint in action

From enterprise adoption, these practices stand out:

Start with identity. Assign Entra Agent IDs to establish visibility and prevent sprawl.

Built-in controls. Use Prompt Shields, harm and risk filters, groundedness checks, and protected material detection.

Continuously evaluate. Run harm and risk checks, groundedness scoring, protected material scans, and adversarial testing with the Red Teaming Agent and PyRIT before deployment and throughout production.

Protect sensitive data. Apply Purview labels and DLP so protections are honored in agent outputs.

Monitor with enterprise tools. Stream telemetry into Defender XDR and use Foundry observability for oversight.

Connect governance to regulation. Use governance collaborators to map evaluation data to frameworks like the EU AI Act and NIST AI RMF.

Proof points from our customers

Enterprises are already creating security blueprints with Azure AI Foundry:

EY uses Azure AI Foundry’s leaderboards and evaluations to compare models by quality, cost, and safety, helping scale solutions with greater confidence.

Accenture is testing the Microsoft AI Red Teaming Agent to simulate adversarial prompts at scale. This allows their teams to validate not just individual responses, but full multi-agent workflows under attack conditions before going live.

Learn more

Create with Azure AI Foundry.

Join us at Microsoft Secure on September 30 to learn about our newest capabilities and how Azure AI Foundry integrates with Microsoft Security to help you build safe and secure agents, with speakers including Vasu Jakkal, Sarah Bird, and Herain Oberoi.

Implement a responsible generative AI solution in Azure AI Foundry.

Did you miss these posts in the Agent Factory series?

The new era of agentic AI—common use cases and design patterns

Building your first AI agent with the tools to deliver real-world outcomes

Top 5 agent observability best practices for reliable AI

From prototype to production—developer tools and rapid agent development

Connecting agents, apps, and data with new open standards like MCP and A2A

Azure AI Foundry
Build trustworthy AI agents that automate tasks, enhance user experiences, and deliver results.

Learn more

The post Agent Factory: Creating a blueprint for safe and secure AI agents appeared first on Microsoft Azure Blog.
Quelle: Azure

da Agency

Microsoft named a Leader in the 2025 Gartner® Magic Quadrant™ for Global Industrial IoT Platforms 

We’re proud to share that Microsoft has been recognized as a Leader in the 2025 Gartner Magic Quadrant for Global Industrial IoT (IIoT) Platforms. We believe this recognition underscores our commitment to empowering industries with intelligent, secure, and scalable solutions that drive real-world impact. 

As industrial organizations continue to modernize their operations, Azure’s adaptive cloud approach, which includes Azure IoT, Azure Arc, and more, can help manufacturing, energy, and logistics organizations to enhance efficiency, optimize performance, and drive secure innovation at scale.

Accelerate digital transformation with Azure IoT

Recognized in industrial IoT

In today’s data-driven industrial landscape, Internet of Things (IoT) technology already serves as a strategic driver of operational excellence and competitiveness. Connected sensors and edge devices capture machines and process data that can then be integrated with other key enterprise systems such as Manufacturing Execution System (MES), Enterprise Resource Planning (ERP), and analytics in digital twin models to predict failures, optimize asset utilization, and reduce downtime. These capabilities result in business value by helping organizations improve key performance indicators (KPIs) such as quality assurance, energy efficiency, and supply chain traceability.

As the backbone for AI, IoT provides high frequency telemetry and controls the pathways needed for advanced analytics and machine learning. This synergy powers additional industrial use cases like self-dispatching field services, vision-based quality inspection, process optimization, energy load balancing, and intelligent operator assistance. Industrial IoT, especially when deployed with an adaptive cloud approach, can transform AI from isolated pilots into scalable, production-grade capabilities that could boost yield, throughput, and sustainability. These capabilities can help unlock a new type of organization, what we call the Frontier Industrial firm—industrial companies operating at the leading edge of digitalization to pursue superior productivity. 

We continue to help industrial organizations transform by focusing on the key areas our customers prioritize: 

Comprehensive platform for industrial needs: Microsoft’s industrial IoT platform enables a wide variety of industrial use cases through its ability to bring data from distributed and collocated devices into a common data foundation for analysis and action. Key capabilities include Azure IoT Hub, Azure Digital Twins, Microsoft Defender for IoT, Azure IoT Operations, and Microsoft Fabric. Together, these tools help empower organizations to make data-driven decisions, boost operational efficiency, and scale AI across varied deployment environments.  

Industrial data acquisition and management: Microsoft’s focus on standards, ecosystem partnerships, and helping customers take advantage of existing investments are key pillars of its industrial data management strategy. Industrial data acquisition and management are challenging today due to the complexity of industrial environments. To help with this, Azure IoT Operations natively integrates with brownfield environments and enables high-velocity operational technology (OT)/IoT data collection and contextualization using Akri connectors. Once gathered, the data is stored in OneLake using Microsoft Fabric, allowing for unified modeling in a central location.   

Azure Arc-enabled Kubernetes extends these capabilities with open-standard APIs that integrate seamlessly with Azure’s cloud management graph (ARM graph), ensuring consistent security, auditing, and policy enforcement. Meanwhile, Azure Device Registry unifies asset management by representing edge assets as Azure resources which lays the groundwork for scalable application deployments. 

Real-time intelligence for smarter decisions: Microsoft’s strength in industrial data management is more than just technical, it is transformational. By cleaning, contextualizing, and curating OT/IoT data at the edge, Azure IoT Operations builds a solid foundation for real-time intelligence. Integrated with Microsoft Fabric and Azure Digital Twin Builder, this enables AI-enhanced decision making that helps customers optimize production quality, improve equipment reliability, and support sustainable operations.  

Integration with Microsoft Copilot in Azure: Microsoft is redefining intelligence with the integration of Copilot and generative AI capabilities across its IoT platform, especially Azure IoT Operations and Microsoft Fabric. With Copilot in Azure you can retrieve intelligent recommendations for operations management, advanced data analysis, and visualization. This empowers industrial teams to make faster and smarter decisions, whether optimizing workflows, interpreting complex datasets, or managing supervisory tasks.  

Cloud-to-edge integration with the adaptive cloud approach: Microsoft’s IoT platform enabled by Azure Arc’s adaptive cloud approach unifies hybrid, multicloud, edge, and IoT environments. This provides a consistent unified control plane for applications, data, and governance that meets industrial needs for scalability and operational efficiency.  

Secure by design, intelligent by default: Azure IoT Operations is designed with security at its core. This proactive approach is intended to reduce operational burden for users. Microsoft also has a fully integrated security suite, including Microsoft Defender for IoT, Microsoft Sentinel and Microsoft Entra. 

Shaping the future of digital operations 

Our roadmap will focus on expanding AI capabilities—including agentic and generative AI—across the Azure stack. We are committed to helping customers harness the full potential of their data, streamline operations, and innovate faster. We remain focused on evolving our platform to meet various industrial needs. As we continue to innovate, our priority is making it easier for customers and partners to build confidently on Azure. 

Microsoft has a robust partner ecosystem that can help ensure local expertise and tailored solutions for every industry, to unlock new opportunities and deliver even greater impact. Whether it is co-innovating on industry-specific solutions or scaling AI adoption globally, our partners are essential to helping customers build confidently on Azure.  

Learn more

Discover how Microsoft’s IoT offerings can enhance your operations. Explore the resources below for more information-

Explore Azure IoT portfolio.

Explore our unified data platform, Microsoft Fabric, and learn more about Digital Twin Builder in Microsoft Fabric.

Check out our IoT Partner Ecosystem.

Gartner, Magic Quadrant for Global Industrial IoT Platforms, By Scot Kim, Sudip Pattanayak, Emil Berthelsen, Sushovan Mukhopadhyay, Wam Voster, Akhil Singh, September 8, 2025.

Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s Research & Advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, Magic Quadrant is a registered trademark of Gartner, Inc. and/or its affiliates and is used herein with permission. All rights reserved.

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from here.
The post Microsoft named a Leader in the 2025 Gartner® Magic Quadrant™ for Global Industrial IoT Platforms  appeared first on Microsoft Azure Blog.
Quelle: Azure