Skip to content

Manage, Monitor, and Secure an Azure AI Foundry Service

This section of the Microsoft AI-102: Designing and Implementing a Microsoft Azure AI Solution exam covers monitoring, securing, and managing Azure AI Foundry services. Below are study notes for each sub-topic, with links to Microsoft documentation, exam tips, and key facts

Monitor an Azure AI Resource

๐Ÿ“– Docs: Enable diagnostic logging for Azure AI services

Overview

  • Monitoring ensures service reliability, performance, and compliance
  • Tools include:
    • Azure Monitor for metrics and logging
    • Application Insights for telemetry
    • Diagnostic settings for logs and auditing

Key Points

  • Common metrics: requests count, latency, errors, token usage
  • Alerts can be configured for quota or anomaly detection
  • Logs can be exported to Log Analytics, Event Hub, or Storage

Exam Tip

Know which metrics are monitored: requests, latency, token consumption

Manage Costs for Azure AI Foundry Services

๐Ÿ“– Docs: Plan and manage costs for Azure AI Foundry hubs

Overview

  • Costs depend on:
    • Model type and size (e.g., GPT-4 vs GPT-3.5)
    • Number of tokens processed
    • Region and resource configuration
  • Use Azure Cost Management + Billing to track usage

Key Points

  • Set budgets and alerts to avoid overspending
  • Use reserved capacity where available
  • Optimize by:
    • Choosing smaller models for simpler tasks
    • Reducing context window size
    • Using batch endpoints for large jobs

Best Practices

Regularly review usage reports and align with expected workloads

Manage and Protect Account Keys

๐Ÿ“– Docs: Authenticate requests to Azure AI services

Overview

  • Each AI service resource has two keys and an endpoint
  • Keys are used for API authentication
  • Can be regenerated at any time

Key Points

  • Store keys securely in Azure Key Vault
  • Use managed identities instead of distributing keys where possible
  • Rotate keys regularly for security compliance

Exam Tip

Questions often test on key rotation and storage in Key Vault

Manage Authentication for an Azure AI Foundry Service Resource

๐Ÿ“– Docs: Authenticate requests to Azure AI services

Overview

  • Authentication methods:
    • API keys
    • Azure Active Directory (Azure AD) tokens
  • Azure AD is preferred for enterprise and multi-user scenarios

Key Points

  • RBAC can control access at resource or subscription level
  • Use least privilege principle
  • Keys should be fallback, not the primary method

Use Case

  • Enterprise integration with RBAC โ†’ Azure AD
  • Quick prototyping or testing โ†’ API keys

Quickโ€‘fire revision sheet

  • ๐Ÿ“Œ Monitor with Azure Monitor, App Insights, Diagnostic logs
  • ๐Ÿ“Œ Costs depend on model type, tokens, and resource configuration
  • ๐Ÿ“Œ Store keys in Key Vault, rotate regularly
  • ๐Ÿ“Œ Use Azure AD authentication + RBAC for enterprise scenarios