Stand up a complete, production-ready AI application environment in Azure with a single command. This solution accelerator provisions Azure AI Foundry, Microsoft Fabric, Azure AI Search, and connects to your tenant level Microsoft Purview (when resourceId is provided) —all pre-wired with private networking, managed identities, and governance controls—so you can move from proof-of-concept to production in hours instead of weeks.
This accelerator extends the AI Landing Zone reference architecture to deliver an enterprise-scale, production-ready foundation for deploying secure AI applications and agents in Azure. It packages Microsoft's Well-Architected Framework principles around networking, identity, and operations from day zero.
 |
|---|
| Component | Purpose |
|---|---|
| Azure AI Foundry | Unified platform for AI development, testing, and deployment with playground, prompt flow, and publishing |
| Microsoft Fabric | Data foundation with lakehouses (bronze/silver/gold) for document storage and OneLake indexing |
| Azure AI Search | Retrieval backbone enabling RAG (Retrieval-Augmented Generation) chat experiences |
| Microsoft Purview | Governance layer for cataloging, scans, and Data Security Posture Management |
| Private Networking | All traffic secured via private endpoints—no public internet exposure |
Click to learn more about the key features this solution enables
-
Single-command deployment
Runazd upto provision 30+ Azure resources in ~45 minutes with pre-wired security controls. -
Production-grade security from day zero
Private endpoints, managed identities, and RBAC enabled by default—no public internet exposure. -
Integrated data-to-AI pipeline
Connect Fabric lakehouses → OneLake indexer → AI Search → Foundry playground for grounded chat experiences. -
Governance built-in
Microsoft Purview integration for cataloging, scoped scans, and Data Security Posture Management (DSPM). -
Extensible AVM-driven platform
Toggle additional Azure services through AI Landing Zone parameters for broader intelligent app scenarios.
Follow the deployment guide to deploy this solution to your own Azure subscription.
Note: This solution accelerator requires Azure Developer CLI (azd) version 1.15.0 or higher. Download azd here.
📘 Click here to launch the Deployment Guide
 |
 |
|---|
Important: This repository uses git submodules
Clone with submodules included:git clone --recurse-submodules https://github.com/microsoft/Deploy-Your-AI-Application-In-Production.gitIf you already cloned without submodules, run:
git submodule update --init --recursiveGitHub Codespaces and Dev Containers handle this automatically.
Windows shell note
Preprovision usesshell: sh. Runazdfrom Git Bash/WSL sobashis available, or switch thepreprovisionhook inazure.yamlto the provided PowerShell script if you want to stay in PowerShell.
Important: Check Azure OpenAI Quota Availability
To ensure sufficient quota is available in your subscription, please follow the quota check instructions guide before deploying.
Click to see prerequisites
| Requirement | Details |
|---|---|
| Azure Subscription | Owner or Contributor + User Access Administrator permissions |
| Microsoft Fabric | Access to create capacity, workspace (or existing Fabric capacity ID) |
| Microsoft Purview | Existing tenant-level Purview account (or ability to create one) |
| Azure CLI | Version 2.61.0 or later |
| Azure Developer CLI | Version 1.15.0 or later |
| Quota | Sufficient Azure OpenAI quota (check here) |
Note: If you enable Fabric capacity deployment, you must supply at least one valid Fabric capacity admin principal (Entra user UPN email or object ID) via
fabricCapacityAdmins.
Note: If you enable Fabric provisioning, the user running
azdmust have the Fabric Administrator role (or equivalent Fabric/Power BI tenant admin permissions) to call the required admin APIs.
Click to see estimated costs
| Service | SKU | Estimated Monthly Cost |
|---|---|---|
| Azure AI Foundry | Standard | Pricing |
| Azure OpenAI | Pay-per-token | Pricing |
| Azure AI Search | Standard | Pricing |
| Microsoft Fabric | F8 Capacity | Pricing |
| Virtual Network + Bastion | Standard | Pricing |
Cost Optimization: Fabric capacity can be paused when not in use. Use
az fabric capacity suspendto stop billing.
Use the Azure Pricing Calculator for detailed estimates.
After deployment, you'll have a complete, enterprise-ready platform that unifies AI development, data management, and governance:
| Layer | What's Deployed | Why It Matters |
|---|---|---|
| AI Platform | Azure AI Foundry with OpenAI models, playground, and prompt flow | Build, test, and publish AI chat applications without managing infrastructure |
| Data Foundation | Microsoft Fabric with bronze/silver/gold lakehouses and OneLake indexing | Store documents at scale and automatically feed them into your AI workflows |
| Search & Retrieval | Azure AI Search with vector and semantic search | Enable RAG (Retrieval-Augmented Generation) for grounded, accurate AI responses |
| Governance | Microsoft Purview with cataloging, scans, and DSPM | Track data lineage, enforce policies, and maintain compliance visibility |
| Security | Private endpoints, managed identities, RBAC, network isolation | Zero public internet exposure—all traffic stays on the Microsoft backbone |
💡 Note: When Microsoft Fabric automation supports private link provisioning, the entire solution will operate with full network isolation end-to-end.
Click to learn more about key features
-
Production-grade AI Foundry deployments
Stand up Azure AI Foundry projects in a locked-down virtual network with private endpoints, managed identities, and telemetry aligned to the Well-Architected Framework. -
Fabric-powered retrieval workflows
Land documents in a Fabric lakehouse, index them with OneLake + Azure AI Search, and wire the index into the Foundry playground for grounded chat experiences. -
Governed data and agent operations
Integrate Microsoft Purview for cataloging, scoped scans, and Data Security Posture Management (DSPM) so compliance teams can monitor the same assets the app consumes. -
Extensible AVM-driven platform
Toggle additional Azure services (API Management, Cosmos DB, SQL, and more) through AI Landing Zone parameters to tailor the environment for broader intelligent app scenarios. -
Launch-ready demos and pilots
Publish experiences from Azure AI Foundry directly to a browser-based application, giving stakeholders an end-to-end view from infrastructure to user-facing app.
- Deploy infrastructure → Run
azd upto provision all resources (~45 minutes) - Upload documents → Add PDFs to the Fabric bronze lakehouse
- Index content → OneLake indexer automatically populates AI Search
- Test in playground → Connect Foundry to the search index and chat with your data
- Publish application → Deploy the chat experience to end users
- Monitor governance → Review data lineage and security posture in Purview
| Document | Description |
|---|---|
| Deployment Guide | Complete deployment instructions |
| Post Deployment Steps | Verify your deployment |
| Parameter Guide | Configure deployment parameters |
| Quota Check Guide | Check Azure OpenAI quota availability |
| Document | Description |
|---|---|
| Required Roles & Scopes | IAM requirements for deployment |
| Parameter Guide | All deployment parameters, toggles & model configs |
| Deploy App from Foundry | Publish playground to App Service |
| Accessing Private Resources | Connect via Jump VM |
Click to see security best practices
This template leverages Managed Identity between services to eliminate credential management.
Recommendations:
- Enable GitHub secret scanning on your repository
- Consider enabling Microsoft Defender for Cloud
- Review the AI Foundry security documentation
⚠️ Important: This template is built to showcase Azure services. Implement additional security measures before production use.
Have questions, found a bug, or want to request a feature? Submit a new issue and we'll connect.
Please refer to Transparency FAQ for responsible AI transparency details of this solution accelerator.
Click to see full disclaimers
To the extent that the Software includes components or code used in or derived from Microsoft products or services, including without limitation Microsoft Azure Services (collectively, "Microsoft Products and Services"), you must also comply with the Product Terms applicable to such Microsoft Products and Services. You acknowledge and agree that the license governing the Software does not grant you a license or other right to use Microsoft Products and Services. Nothing in the license or this ReadMe file will serve to supersede, amend, terminate or modify any terms in the Product Terms for any Microsoft Products and Services.
You must also comply with all domestic and international export laws and regulations that apply to the Software, which include restrictions on destinations, end users, and end use. For further information on export restrictions, visit https://aka.ms/exporting.
You acknowledge that the Software and Microsoft Products and Services (1) are not designed, intended or made available as a medical device(s), and (2) are not designed or intended to be a substitute for professional medical advice, diagnosis, treatment, or judgment and should not be used to replace or as a substitute for professional medical advice, diagnosis, treatment, or judgment. Customer is solely responsible for displaying and/or obtaining appropriate consents, warnings, disclaimers, and acknowledgements to end users of Customer's implementation of the Online Services.
You acknowledge the Software is not subject to SOC 1 and SOC 2 compliance audits. No Microsoft technology, nor any of its component technologies, including the Software, is intended or made available as a substitute for the professional advice, opinion, or judgement of a certified financial services professional. Do not use the Software to replace, substitute, or provide professional financial advice or judgment.
BY ACCESSING OR USING THE SOFTWARE, YOU ACKNOWLEDGE THAT THE SOFTWARE IS NOT DESIGNED OR INTENDED TO SUPPORT ANY USE IN WHICH A SERVICE INTERRUPTION, DEFECT, ERROR, OR OTHER FAILURE OF THE SOFTWARE COULD RESULT IN THE DEATH OR SERIOUS BODILY INJURY OF ANY PERSON OR IN PHYSICAL OR ENVIRONMENTAL DAMAGE (COLLECTIVELY, "HIGH-RISK USE"), AND THAT YOU WILL ENSURE THAT, IN THE EVENT OF ANY INTERRUPTION, DEFECT, ERROR, OR OTHER FAILURE OF THE SOFTWARE, THE SAFETY OF PEOPLE, PROPERTY, AND THE ENVIRONMENT ARE NOT REDUCED BELOW A LEVEL THAT IS REASONABLY, APPROPRIATE, AND LEGAL, WHETHER IN GENERAL OR IN A SPECIFIC INDUSTRY. BY ACCESSING THE SOFTWARE, YOU FURTHER ACKNOWLEDGE THAT YOUR HIGH-RISK USE OF THE SOFTWARE IS AT YOUR OWN RISK.