Microsoft Foundry
Documentation Gap for Multi-Tenant Scenarios: AI Strategy #308
Unanswered
jcooke-lifewave
asked this question in
Get Help
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
We’re evaluating our architecture for Azure AI Foundry and Microsoft Fabric as part of a planned tenant migration. Before we move our AI Foundry resources and Fabric environments into a new tenant, we’re trying to understand whether On‑Behalf‑Of (OBO) authentication flows will support cross‑tenant scenarios.
Our concern is that Foundry agents and native connectors (SharePoint, OneDrive, Teams, Fabric Data Agent, and Graph connectors) may require same‑tenant identity boundaries for delegation and permission‑trimmed access. If OBO cannot cross tenants, this could present a substantial barrier for enterprise AI adoption and data‑aware agent design across multi‑tenant environments.
Key question:
Can anyone from Microsoft confirm whether OBO‑based delegated authentication will work when AI Foundry agents operate in a different tenant from M365 or Fabric data sources—or if cross‑tenant support is planned on the roadmap?
We have not yet made the tenant move, so we’re aiming to assess potential limitations early before committing to architecture changes.
Any clarification or official guidance would be greatly appreciated. Are there Agent 365 implications?
Beta Was this translation helpful? Give feedback.
All reactions