Enterprise AI isn’t just about better retrieval—it’s about secure access to business‑critical content. Discover how Foundry IQ (Azure AI Search) enables governance, compliance, and private connectivity across agentic retrieval workflows.
Enterprise AI adoption depends on more than retrieval quality. It requires a foundation that enables agents to access business-critical content without weakening the controls already in place to protect it, including source permissions, sensitivity labels, audit trails, private network paths, and identity-based access.
This post highlights security, governance, and private communication updates across Foundry IQ (Azure AI Search) scenarios. These capabilities enable enterprise content to participate in retrieval workflows while maintaining alignment with existing access controls, classification policies, and network boundaries.
We are introducing the following features:
- Incremental SharePoint permissions sync for indexed document content, SharePoint Lists and ASPX pages.
- Purview sensitivity labels in Foundry IQ knowledge bases
- Purview auditing for elevated admin queries
- Private connectivity support between for Foundry IQ and Foundry resources via NSP
For related data pipeline and multimodal retrieval updates, including SharePoint indexing, Content Understanding skill (content extraction mode), and image serving, see: FoundryIQ-data.
Keep SharePoint permissions aligned with indexed content
SharePoint is a critical enterprise content source, and permissions frequently evolve as teams, projects, and processes change. Maintaining alignment between source permissions and indexed content is essential to allow retrieval systems to frequently reflect the intended access boundaries.
The 2026-05-01-preview release improves SharePoint permission synchronization for search and agentic retrieval in Foundry IQ scenarios. Incremental document ACL updates can be captured during scheduled indexer runs, including when scheduling is configured through Foundry IQ knowledge source settings for agentic retrieval. This reduces drift between SharePoint and downstream retrieval experiences.
These improvements allow retrieval authorization to remain closely aligned with the source system without introducing a parallel security model or requiring custom permission refresh pipelines.
The release also adds SharePoint group support. While additional configuration is required, this enables alignment with existing SharePoint group-based access patterns commonly used to govern intranet content.
Access control now extends beyond traditional document libraries. SharePoint Lists and modern ASPX pages can carry ACLs when configured. This is important because operational knowledge often resides in intranet pages, dashboards, and lists. This capability is currently available through Foundry IQ SharePoint indexer configuration. When implemented, the resulting index can still be used as a knowledge source in a knowledge base while preserving query-time ACL enforcement for Lists and ASPX content.
Carry Purview sensitivity labels into Foundry IQ knowledge bases / Foundry Agent experiences
Enterprise AI systems increasingly depend on content that is classified, labeled, encrypted and/or regulated. As that content flows through indexing, retrieval, and generation pipelines, classification context must remain visible and actionable.
Foundry IQ knowledge base scenarios now support configurable propagation of Microsoft Purview sensitivity labels across knowledge sources and retrieval flows. Labels can flow from source systems into the index, through knowledge bases, and into the Foundry Agent experiences that depend on those knowledge bases.
In Foundry IQ scenarios, sensitivity-labeled content can be retrieved from knowledge bases and presented with label context, subject to user authorization. This applies across retrieval flows, including MCP-based interactions, and is surfaced through Foundry IQ (Knowledge) in the Foundry portal for knowledge bases in Azure AI Search services with Purview-enabled configurations.
This enables classification signals to remain part of the retrieval pipeline, leveraging consistent enforcement of governance policies across AI-driven workflows. It also allows retrieval systems to incorporate label context in grounding and response generation, rather than treating all content as unclassified text.
Enable elevated developer access with Purview auditing
Operational scenarios require occasional elevated access for investigation, validation, or debugging of indexing and retrieval issues. For Purview-enabled indexes, this access must be auditable. Auditing is enabled by default for indexes created with REST API version 2026-05-01-preview, for elevated access operations.
This release introduces elevated read access for authorized developers and administrators, paired with auditing through Microsoft Purview. Access events are captured as part of the unified audit experience, enabling visibility into how sensitive content is accessed during troubleshooting.
This enables controlled investigation without bypassing governance. Instead of creating a separate audit surface, access activity is integrated into existing compliance and monitoring workflows alongside Microsoft 365 and Purview-managed signals.
Use private connectivity for Search to Foundry communication
In many enterprise environments, model calls and enrichment traffic must remain within approved private network boundaries. Public endpoints are not acceptable for workloads handling sensitive or regulated data.
Foundry IQ supports private connectivity between search services, knowledge bases, and Microsoft Foundry resources using Shared Private Link and Network Security Perimeter.
Shared Private Link provides a private outbound path to supported resources. Network Security Perimeter defines a logical boundary across services and enforces traffic controls. Together, these capabilities enable ingestion, enrichment, and retrieval workflows to operate within enterprise network isolation requirements.
Note: Private connectivity setup is not directly available in the Foundry portal, it must be enabled via REST API or Azure portal.
Reduce secrets with managed identity and keyless billing
Secure AI pipelines should minimize reliance on long-lived credentials. User-assigned managed identities for indexer pipelines are now generally available.
This enables identity-based authentication for data sources, knowledge stores, and encryption scenarios, improving control over access and credential lifecycle management.
Keyless billing for Foundry Tools processing is also generally available. Microsoft Foundry resources can be attached using managed identities and role-based access, eliminating the need to store API keys in skillset definitions. Content Understanding skill and skills configured with Azure OpenAI models in Foundry (such as Azure OpenAI embedding skill or GenAI prompt skill) remain an exception, as they use the configured resource for both billing and processing.
These updates support adoption of Microsoft Entra-based authentication, reduce secret management overhead, and align AI pipelines with enterprise identity and access management practices.
What’s next?
Microsoft