Skip to content

RBAC for individual Foundry models#389

Draft
marc-lerwick wants to merge 4 commits intomicrosoft:mainfrom
marc-lerwick:feature/rbac-for-foundry-models
Draft

RBAC for individual Foundry models#389
marc-lerwick wants to merge 4 commits intomicrosoft:mainfrom
marc-lerwick:feature/rbac-for-foundry-models

Conversation

@marc-lerwick
Copy link
Copy Markdown

@marc-lerwick marc-lerwick commented Apr 10, 2026

📥 Pull Request

🔗 Related Issue(s)

TBD

❓ What are you trying to address

  • Added a new guide that demonstrates the Terraform necessary to protect individual Foundry models using Application Registrations, Application Roles, and APIM with JWT shredding.

✨ Description of new changes

New Guide: guides/implement_rbac_for_foundry_models/

Architecture & Security Model

  • Client apps authenticate via Entra ID and receive JWT tokens with app role claims.
  • APIM acts as the gateway — validates JWTs (issuer, audience, roles claim) and routes to specific Foundry model deployments.
  • APIM's managed identity authenticates to Foundry on the backend, so clients never get direct Foundry credentials.
  • Optional private networking isolates Foundry model endpoints behind VNet/private DNS (APIM ingress stays public).

Specific File Notes

  • Added docker-in-docker, docker-outside-docker was not able to open Docker containers inside the dev container.
  • Removed the spaces and added dashes to the names of the MCP serverrs in the mcp.json file. Agency would not start the MCP servers with spaces in their names.

☑️ Checklist

  • 🔍 I have performed a self-review of my own code.
  • 📝 I have commented my code, particularly in hard-to-understand areas.
  • 🧹 I have run the linter and fixed any issues (if applicable).
  • 📄 I have updated the documentation to reflect my changes (if necessary).

marclerwick and others added 4 commits April 10, 2026 10:54
@marclerwick
Working example of RBAC access to foundry models via APIM policies.
f467012
@marclerwick
Added support for private networking to the guide.
aa4ae41 
Updated the `README.md` to reflect the networking changes.
@marclerwick
Added unit tests and updated the README.md file with testing instru…
d017aed 
…ctions.
@marclerwick
fix(terraform): Add validation for client_applications assigned_roles
3d14c49 
Validate that all assigned_roles in client_applications exist as a
required_role in model_authorization_rules. Uses setsubtract for
efficient set-based checking, catching invalid role references at
plan time instead of failing during apply.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@marc-lerwick
Copy link
Copy Markdown
Author

marc-lerwick commented Apr 10, 2026

@microsoft-github-policy-service agree company="Microsoft"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@marc-lerwick @marclerwick