PowerAI Labs logo

PowerAI Labs

Author: Raghav

  • Learn Fine-Tuning β€” the hands-on course I’m building during my master’s

    Learn Fine-Tuning β€” the hands-on course I’m building during my master’s

    Why I built this

    I was halfway through my master’s when I realised I didn’t actually understand fine-tuning. I could call trainer.train(). I could read a loss curve. I could tell you the difference between LoRA and full fine-tuning at a cocktail-party depth. But if you’d asked me to explain why low-rank adaptation works β€” what the rank actually constrains, why some target modules matter more than others β€” I’d have hand-waved you through it and hoped you didn’t follow up.

    So I went looking for something that would close the gap. I read papers. I watched courses. I ran a dozen tutorials. Half of them assumed I already knew the maths and just walked me through API calls. The other half wrapped everything in a hosted notebook with a button that said “Run cell” and skipped the maths entirely. Nothing I found taught the intuition and the code together in a way that respected the fact that I wanted to understand what I was running, not just watch it run.

    So I built what I wanted to read. Nineteen lessons across nine modules, each one in three formats β€” a long-form markdown explanation, a clean Python script, and a runnable notebook. Every script generates its own synthetic data and runs on a laptop. I’m publishing it because the next person learning this shouldn’t have to start where I started.

    The four design principles

    Self-contained. No API keys, no cloud accounts, no external datasets. The single biggest reason fine-tuning tutorials fall over is that the dataset link rots, the API quota expires, or the notebook assumes a paid runtime. Every lesson here generates its own synthetic data and runs end-to-end on whatever machine you already own. The friction between “I want to learn this” and “I’m seeing a result” is as close to zero as I could make it.

    Concept first, code second. Every lesson opens with the theory β€” the maths, the trade-offs, the analogies, the ASCII diagrams β€” and only then introduces code. This was the principle I worked hardest on. The temptation when writing a fine-tuning lesson is to lead with from peft import LoraConfig and explain as you go. I forced myself to do the opposite: explain what a low-rank decomposition is, why it works as an approximation, what you’re giving up in exchange for the parameter savings β€” and only then write the line that imports the library.

    Three formats per lesson. Markdown for reading, Python script for skimming the clean code, Jupyter notebook for running cell-by-cell. The three formats aren’t redundancy. They map to three different learning modes β€” reading to understand, running to see, and editing to internalise β€” and I wanted each lesson to support all three without asking the learner to context-switch between sources.

    Small models, real patterns. Every lesson uses a model between 60M and 124M parameters β€” distilbert-base-uncased, bert-base-uncased, gpt2, t5-small. You can train all 19 lessons on a CPU. The point isn’t that you’d fine-tune a 66M-parameter encoder in production; the point is that the patterns β€” LoRA, QLoRA, DPO, the SFTTrainer pipeline β€” are identical at 66M and at 70B. Learn them on something that fits in your laptop’s RAM, then apply them where they need to go.

    What’s in the course (at a glance)

    The shape of it: foundations β†’ transfer learning β†’ supervised fine-tuning β†’ PEFT (LoRA, QLoRA) β†’ prompt tuning and few-shot β†’ alignment (RLHF, DPO) β†’ data engineering β†’ evaluation β†’ production. Nine modules, nineteen lessons, each one building on the last.

    I’m deliberately not walking through them one by one here β€” that’s what the Project page on PowerAI Labs is for, and the repo README has the full lesson-by-lesson breakdown with topics, models, and the papers behind each one.

    The three things I learned that surprised me

    LoRA’s rank is less sensitive than the papers suggest β€” but the target modules are everything

    I expected rank to be the lever I’d spend the most time tuning. It isn’t. On the tasks I worked through in the course, rank 4, rank 8, and rank 16 produced results that were within noise of each other. Above rank 16 the gains were small enough that I struggled to justify the extra parameters; below rank 4 the model would start to underfit, but the transition wasn’t dramatic.

    What did matter, by a long way, was which modules the LoRA adapters were attached to. Adapting only q_proj left obvious capacity on the table. Adapting q_proj and v_proj β€” the original LoRA paper’s recommendation β€” was a meaningful step up. Adapting all linear layers was a further step up again, at a parameter cost that was still tiny relative to full fine-tuning. The rank-vs-target-modules trade-off is the one I now reach for first when a LoRA run isn’t doing what I want, and it’s the opposite of what I’d have guessed before I built the course.

    DPO is genuinely simpler than RLHF, and the implicit reward is the real insight

    I’d read the DPO paper before I built Module 6, and I thought I understood it. I didn’t, not properly. The insight that survives once you’ve worked through both a full RLHF pipeline and a DPO pipeline back-to-back is that DPO doesn’t replace the reward model β€” it absorbs it. The Bradley-Terry preference equation can be rearranged so that the reward score is expressed as a log-ratio of policy probabilities to a reference policy, and once you make that substitution the entire reward-model-then-PPO machinery collapses into a single supervised loss over preference pairs.

    The practical consequence is that DPO is dramatically less code than RLHF, has no reward-model overfitting failure mode, and trains stably with a single hyperparameter β€” beta β€” that you can actually reason about. The conceptual consequence is harder to express but more important: once you see that the reward signal is implicit in the policy itself, you start to see alignment as a property of the model rather than a separate system bolted on top. You cannot unsee it.

    Quantisation and PEFT compose better than I expected

    QLoRA’s claim β€” fine-tune a billion-parameter model on a single consumer GPU at near-LoRA accuracy β€” sounded like marketing. It isn’t. In the lessons where I ran the comparison properly, QLoRA was within a percentage point of standard LoRA on the same task at a fraction of the VRAM. The two ideas β€” 4-bit NF4 quantisation of the base model, low-rank adaptation on top β€” compose almost orthogonally, and you genuinely lose very little to the quantisation when the adapters are doing the work.

    The practical implication isn’t subtle. Production-ready LoRA fine-tuning on a single consumer GPU is real, today, with the libraries on the install list at the top of the course. That was true in research a year ago and it’s true on a laptop now, and it changes the economics of what an individual engineer can do without asking finance for a cluster.

    Who this is for

    For engineers who want to learn by running code. For architects who need to understand what the abstractions hide before they sign off on a design that depends on them. For master’s students working on adjacent topics who want a concrete codebase next to the papers. For anyone who has felt the gap between “the code works” and “I understand what it did” and wants to close it.

    Not for people who want to call an API and move on β€” there are great products for that, and you don’t need this course to use them. Not for people who want a polished, certificate-bearing online course with video lectures and a discussion forum. This is self-paced, open-source, and rough-edged. The rough edges are part of the learning.

    What’s next

    The course lives at its Project page on PowerAI Labs, with the code on GitHub. Clone it, star it, fork it, file issues with corrections β€” I read every one, and corrections from people working through the material are the single best signal I get on what to tighten next.

    Over the next few months I’ll publish a deep-dive blog post per module on PowerAI Labs, starting with LoRA β€” the rank-versus-target-modules result above is going to need its own post to do it justice. Subscribe if that’s useful and I’ll link them here as they go live.

  • Authentication patterns for Microsoft Foundry β€” beyond DefaultAzureCredential

    Authentication patterns for Microsoft Foundry β€” beyond DefaultAzureCredential

    DefaultAzureCredential is the right default, and I said as much in the getting-started guide that this post follows. It walks an ordered chain β€” environment variables, managed identity, Azure CLI, VS Code, interactive browser β€” and the same line of code works on a laptop, in CI, and on production compute. That is exactly why it earns its place on day one.

    The trouble starts by the time you hit production, when the questions get more specific. Your production workload needs to authenticate as something stronger than “whichever managed identity the host happens to provide.” Your CI/CD pipeline has to deploy agents, model deployments, and role assignments without a client secret sitting on the build agent. Your app calls Foundry on behalf of a signed-in user, and the user’s own identity has to reach Foundry β€” both for RBAC and for audit. And a security review asks for a complete inventory of who can call what, and “DefaultAzureCredential” is not an answer to that question.

    What follows is the auth pattern catalogue I wish I had when I went from prototype to production on Foundry. Five patterns, a per-environment role assignment model, the multi-environment story, and the four things that will bite you.

    The big picture β€” one diagram

    Before the catalogue, the one diagram that summarises the relationships. Every identity β€” a developer’s laptop, a signed-in end user, a workload on Azure compute, a CI/CD pipeline β€” reaches Foundry by way of an Entra-issued access token. The pattern you pick determines how that token is minted, not whether Entra is in the loop.

    Authentication architecture for Microsoft Foundry β€” calling identities flow through Entra ID via one of five auth patterns to reach the Foundry project and its endpoints.
    Authentication architecture for Microsoft Foundry. Every calling identity reaches Foundry via an Entra-issued access token.

    1. The auth pattern catalogue

    1.1 System-assigned managed identity for single-resource workloads

    When to use it. A single App Service, Function, or Container App that calls one Foundry resource, has no shared identity needs with anything else, and never has to outlive its host.

    When not. Anything where two compute resources need the same identity, or where the identity must persist across redeploys.

    Trade-off. System-assigned managed identities are created and deleted with their host. Zero lifecycle work, zero secrets, and zero portability. If you delete the App Service, the identity is gone β€” along with every role assignment that ever referenced it.

    resource app 'Microsoft.Web/sites@2023-12-01' = {
      name: 'app-foundry-prod'
      location: location
      identity: { type: 'SystemAssigned' }
      properties: { serverFarmId: plan.id }
    }
    // Assign Foundry User on the project (not the resource)
    resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
      name: guid(project.id, app.id, foundryUserRoleId)
      scope: project
      properties: {
        principalId: app.identity.principalId
        principalType: 'ServicePrincipal'
        // Foundry User role ID β€” stable across the rename
        roleDefinitionId: subscriptionResourceId(
          'Microsoft.Authorization/roleDefinitions',
          '53ca6127-db72-4b80-b1b0-d745d6d5456d'
        )
      }
    }
    System-assigned managed identity lifecycle. The identity is created with the host, lives only as long as the App Service, and dies with it β€” taking every role assignment with it.
    System-assigned managed identity lifecycle. The identity is created with the host and deleted with it β€” taking every role assignment with it.

    1.2 User-assigned managed identity for shared and durable workloads

    When to use it. Multiple compute resources sharing one identity (App Service plus a Function, two AKS workloads, a Container App plus a Logic App). Or anywhere the identity must survive a redeploy of the compute.

    When not. A single transient workload β€” system-assigned is simpler, and you do not have an identity hanging around with no host.

    Trade-off. Durable and shareable, but you own the lifecycle. Think of it as identity-as-a-resource: it gets its own Bicep module, its own naming convention, and its own teardown plan.

    resource uami 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
      name: 'id-foundry-app-prod'
      location: location
    }
    resource app 'Microsoft.Web/sites@2023-12-01' = {
      name: 'app-foundry-prod'
      location: location
      identity: {
        type: 'UserAssigned'
        userAssignedIdentities: { '${uami.id}': {} }
      }
      properties: { serverFarmId: plan.id }
    }
    resource projectRole 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
      name: guid(project.id, uami.id, foundryUserRoleId)
      scope: project
      properties: {
        principalId: uami.properties.principalId
        principalType: 'ServicePrincipal'
        roleDefinitionId: subscriptionResourceId(
          'Microsoft.Authorization/roleDefinitions',
          '53ca6127-db72-4b80-b1b0-d745d6d5456d'
        )
      }
    }
    User-assigned managed identity shared across App Service, Function, AKS, and Container Apps β€” one identity, one Foundry role assignment, multiple workloads.
    User-assigned managed identity shared across App Service, Function, AKS, and Container Apps β€” one identity, one role assignment, multiple workloads.

    For anything in production, my default is user-assigned. The first time you redeploy a Container App and discover every role assignment has gone with it, you will thank yourself.

    1.3 Workload identity federation for GitHub Actions and other federated CI/CD

    When to use it. Any pipeline that deploys Foundry agents, model deployments, role assignments, or any other RBAC-protected operation. GitHub Actions, Azure DevOps with OIDC, Terraform Cloud, AKS workload identity β€” all federated subjects.

    When not. There is not a good “when not.” If your GitHub Actions workflow still has AZURE_CLIENT_SECRET in its repository secrets, you should be migrating off it.

    Trade-off. A bit of configuration up front β€” a federated credential on the app registration with the right subject claim and audience. Zero credential rotation forever after. The external identity provider (GitHub, Kubernetes, etc.) is trusted to assert the workload’s identity, and Entra exchanges that assertion for a token. No client secret ever crosses the wire.

    # Create the federated credential on an app registration
    az ad app federated-credential create \
      --id $APP_ID \
      --parameters '{
        "name": "github-main-prod",
        "issuer": "https://token.actions.githubusercontent.com",
        "subject": "repo:my-org/my-repo:ref:refs/heads/main",
        "audiences": ["api://AzureADTokenExchange"]
      }'
    # .github/workflows/deploy.yml
    permissions:
      id-token: write   # required to mint the OIDC token
      contents: read
    jobs:
      deploy:
        runs-on: ubuntu-latest
        steps:
          - uses: actions/checkout@v4
          - uses: azure/login@v2
            with:
              client-id: ${{ secrets.AZURE_CLIENT_ID }}
              tenant-id: ${{ secrets.AZURE_TENANT_ID }}
              subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
              enable-AzPSSession: false
          - run: az deployment group create ...
    Workload identity federation trust between GitHub Actions and Microsoft Entra ID. The runner sends an OIDC token, Entra validates it against the federated credential on the app registration, and returns a Foundry-scoped access token.
    Workload identity federation trust between GitHub Actions and Microsoft Entra ID. The runner sends an OIDC token, Entra validates it against the federated credential, and returns a Foundry-scoped access token.

    The pattern generalises. AKS workload identity uses the same federation primitive with the cluster’s OIDC issuer as the subject. Terraform Cloud has its own. The configuration changes; the model does not.

    1.4 On-Behalf-Of flow for apps that call Foundry as the signed-in user

    When to use it. A web app or API where the end user’s identity must reach Foundry β€” because the user’s own RBAC determines what they can see, because audit logs need the user not the app, or because a compliance regime requires per-user attribution all the way to the model call.

    When not. Pure machine-to-machine workloads. If there is no signed-in human in the loop, you want a managed identity, not OBO.

    Trade-off. More moving parts. The user signs into the front end, the front end calls your API with their access token, the API exchanges that token for a downstream token scoped to Foundry, and only then does the call go through. It is the only correct answer for user-scoped operations.

    # Middle-tier API: exchange the incoming user token for a Foundry-scoped token
    import msal
    app = msal.ConfidentialClientApplication(
        client_id=API_CLIENT_ID,
        client_credential=API_CLIENT_SECRET,  # or a certificate / federated credential
        authority=f"https://login.microsoftonline.com/{TENANT_ID}",
    )
    # incoming_user_token comes from the Authorization header on the request
    result = app.acquire_token_on_behalf_of(
        user_assertion=incoming_user_token,
        scopes=["https://ai.azure.com/.default"],
    )
    foundry_access_token = result["access_token"]
    On-Behalf-Of flow sequence β€” end user signs into the front end, the middle-tier API exchanges the user token for a Foundry-scoped token, and the call to Foundry runs under the user identity with their RBAC and Conditional Access applied.
    On-Behalf-Of flow. The middle-tier API exchanges the user token for a Foundry-scoped token, and the call runs under the user identity with their RBAC and Conditional Access applied.

    One implication worth calling out: any Conditional Access policy on the user’s original sign-in propagates through the OBO exchange. If your CA policy says “no Foundry access from non-compliant devices,” the downstream Foundry call inherits that. That is almost always what you want.

    1.5 Application registrations with client secrets β€” when (rarely) still appropriate

    When to use it. Local developer machines that are not on a corporate-managed laptop with Entra-joined credentials. Genuinely headless scripts that cannot use a managed identity or federated workload identity. Third-party integrations that do not yet support OIDC federation. That is it.

    When not. Anything in production on Azure compute β€” use a managed identity. Anything in CI/CD on a platform that supports federation β€” use workload identity federation. Anything an auditor will ever look at.

    Trade-off. Simplest to set up, hardest to govern. Secrets rotate, they leak, they accumulate. If you have more than a handful, you have a secret-sprawl problem and you do not yet know it.

    If you must use one: short expiry (90 days), stored in Key Vault, never in a .env checked into a repo, and the role assigned to the app’s service principal is the minimum it needs β€” Foundry User scoped to the project, never Contributor scoped to the subscription.

    The hard line: if you are putting a client secret on a production workload, you have taken a wrong turn. Go back and use one of the four patterns above.

    Client secrets as an anti-pattern in production β€” secrets leak via .env files, copied CI variables, and expire without an owner. Replace with managed identity, workload identity federation, or On-Behalf-Of.
    Client secrets in production are an anti-pattern. Replace with managed identity for Azure compute, workload identity federation for CI/CD, or On-Behalf-Of for signed-in user apps.

    2. The role assignment model β€” least privilege without the spreadsheet

    Two principles. Roles are assigned to principals β€” managed identities, user accounts, Entra groups β€” at a scope. The scope can be project, Foundry resource, resource group, or subscription. Get the scope right and least privilege follows naturally. Get it wrong and you will be re-assigning Contributor every six months because somebody got blocked at a demo.

    In prose, here is the model I deploy:

    Application principals β€” the managed identity that the production app authenticates as, the federated workload identity the AKS pod assumes β€” get the Foundry User role, scoped to the project, not the resource. Project-scoped assignments mean a misconfigured app cannot accidentally see another project’s agents, threads, or connections.

    Build and deploy principals β€” the federated CI/CD identity that runs your GitHub Actions workflow β€” get Foundry Project Manager scoped to the project. If the same pipeline also creates projects, then it needs a resource-level role for that one operation; keep it as narrow as you can get away with.

    Human developers get Foundry Project Manager on the dev project, Foundry User on staging, and read-only on prod. Production changes go through the pipeline; they do not go through individual developer accounts.

    Resource-level roles β€” Foundry Account Owner and Foundry Owner β€” are platform-team territory, and even there they should be PIM-eligible rather than standing assignments. These are the roles that can create new projects, configure guardrails, and conditionally hand out other roles. Treat them accordingly.

    A few practical notes the docs are explicit about. Do not assign built-in roles that start with Cognitive Services for Foundry work β€” Microsoft’s RBAC documentation calls this out directly. Those roles are for accessing AI Services resources directly and do not apply to Foundry scenarios, even though Foundry sits on the Microsoft.CognitiveServices resource provider. Also avoid the Azure AI Developer role for Foundry β€” despite the name, it is scoped to Azure Machine Learning workspaces and Foundry hubs, not to Foundry projects or resources.

    One more practical note: reference role definition GUIDs in Bicep and Azure CLI, not display names. The Foundry roles were recently renamed from their Azure AI predecessors (Azure AI User β†’ Foundry User, Azure AI Project Manager β†’ Foundry Project Manager, Azure AI Account Owner β†’ Foundry Account Owner). The GUIDs are stable; the display names are still mid-rollout across the portal and tooling.

    Role assignment model. Application principals get Foundry User at project scope, CI/CD and developer principals get Foundry Project Manager at project scope, and resource-level Foundry Account Owner and Foundry Owner roles stay with the platform team. Avoid Cognitive Services * roles and Azure AI Developer for Foundry work.
    Role assignment model. Application principals get Foundry User on the project, CI/CD and developer principals get Foundry Project Manager, and resource-level Foundry Account Owner / Foundry Owner stay with the platform team. Avoid Cognitive Services * roles and Azure AI Developer for Foundry work.

    3. The multi-environment story

    Dev, staging, and prod each get their own Foundry resource β€” not just their own project. Quotas are resource-scoped. Network configuration is resource-scoped. The blast radius of a misconfigured role assignment is resource-scoped. All of those argue for full resource separation between non-prod and prod, even if it means three sets of Bicep modules and three Application Insights workspaces. The cost of running an under-utilised dev resource is far less than the cost of an intern accidentally pointing a load test at a prod deployment.

    Each environment gets its own user-assigned managed identity for the application principal, its own federated credential on the CI/CD app registration (one per environment, with a distinct subject claim β€” environment:dev, environment:prod β€” so prod deploys only run from protected branches and reviewed environments), and its own Entra group for human access. Group membership rather than direct user assignment, always β€” that is how you get clean joiner/mover/leaver flows without a quarterly spreadsheet review.

    Secrets that genuinely have to exist β€” third-party API keys, database connection strings β€” live in a per-environment Key Vault, accessed by the per-environment managed identity. Foundry credentials themselves are never in Key Vault. They are token exchanges via the patterns in Section 1.

    Elevated roles on the prod resource go through Privileged Identity Management. The platform team holds Foundry Owner on prod as PIM-eligible, not as a standing assignment. Activation requires justification, a time window, and an audit trail. If your auditor asks “who could have changed the prod guardrails on this date,” you want PIM logs to answer that, not Azure Activity Log archaeology.

    Multi-environment isolation. Dev, staging, and production each get their own Foundry resource, user-assigned managed identity, federated credential, and Key Vault. Elevated roles on prod are PIM-eligible only.
    Per-environment isolation. Dev, staging, and production each get their own Foundry resource, user-assigned managed identity, federated credential, and Key Vault. Elevated roles on prod are PIM-eligible only.

    4. The four things that will bite you

    Token caching. The Azure SDK clients cache tokens for the lifetime of the credential object. Long-lived processes β€” anything stateful, anything that processes a queue, anything with a connection pool β€” need to handle credential refresh correctly. The right pattern is usually to reuse a single credential instance across all clients in the process, not to recreate DefaultAzureCredential() (or its successor) per call. Recreating it per call defeats the cache and, on a busy worker, will get you rate-limited at the IMDS endpoint before you have shipped a single completion.

    Cross-tenant scenarios. Foundry resources live in a single tenant. If you have a partner tenant whose users need to call your Foundry workload, you are in B2B territory and the patterns above need adapting. Managed identities do not cross tenants without explicit federation, and OBO has its own constraints when the user is a guest. Do not discover this two weeks before a launch β€” design for the tenant model on day one.

    Private endpoints and DNS. Authentication works, the call still fails. If you have put Foundry behind a private endpoint, the DNS for the resource FQDN must resolve to the private IP from the calling network. Public DNS will look correct, your nslookup from a different network will look correct, and the call from inside the VNet will time out with no useful error. Always check resolution from the calling subnet, not from your laptop.

    Role propagation latency. New role assignments take up to ten minutes to propagate. Pipelines that create a user-assigned managed identity and immediately use it against Foundry will hit 403s on the first run. Options: insert a wait step after role assignment, retry with exponential backoff in the calling code, or assign roles ahead of provisioning the compute they are attached to. I prefer the third β€” the assignment is declarative and the compute picks it up when it comes online.

    Four gotchas to watch for: stale tokens in long-lived processes, cross-tenant scenarios needing multi-tenant app registrations, private-endpoint DNS resolution failures, and the up-to-ten-minute delay before new role assignments take effect.
    Four things that will bite you in production: stale tokens in long-lived processes, cross-tenant scenarios needing multi-tenant app registrations, private-endpoint DNS failures, and the up-to-ten-minute delay before new role assignments take effect.

    5. When NOT to add another auth pattern

    Counterweight, briefly. If your workload is one App Service calling one Foundry resource for one tenant’s users, deployed by one GitHub Actions workflow, you do not need four patterns. You need a user-assigned managed identity on the App Service and a federated workload identity for the pipeline. Stop there. Adding OBO, custom token exchange, or a second managed identity because “we might need it later” is the kind of architecture work that looks responsible in a design doc and creates three years of operational debt.

    And if you find yourself building a custom token-exchange layer β€” your own service that sits in front of Foundry and stamps tokens on requests β€” you are almost certainly reinventing something Entra already does. Read the workload identity federation and OBO docs again before you write more code. The thing you are about to build is probably a federated credential with the wrong subject claim.

    6. Closing

    DefaultAzureCredential is how you start. The patterns in this post are how you scale. Pick the right managed identity flavour for the workload’s lifecycle. Federate your CI/CD so no client secret ever lives on a build agent. Use OBO where the user’s identity has to reach Foundry, and do not use it where it does not. Get the role scope right at the project level. Separate environments by resource, not just by project.

    References

  • Starting an Azure Foundry project β€” the getting-started guide nobody wrote

    Microsoft Foundry banner
    Banner image: Microsoft Foundry. Source: Microsoft Tech Community β€” Introducing Microsoft Foundry.

    Most “getting started with Foundry” content is a screenshot tour of the portal. You watch someone click “Create resource,” pick a region from a dropdown, and end the post with a chat playground saying “Hello, world.” None of that helps you on Monday morning when you have to commit to a region, an auth pattern, and a project topology that you’ll be living with for the next year.

    This is the post I wish I’d had open in another tab when I started TrafficIQ, our multi-agent supply-chain transport intelligence build on Foundry Agent Service. Five decisions you make before you click Create, the auth pattern you should adopt from day one, a first-sprint checklist, and the three things that will bite you.

    1. The naming maze β€” what Foundry actually is in 2026

    Eighteen months ago you had four products: Azure OpenAI, Azure AI Studio, Azure AI Services, and a sprawling Cognitive Services back catalogue. Today you have one Azure resource type β€” kind: AIServices with allowProjectManagement: true β€” and Microsoft calls it Microsoft Foundry (formerly Azure AI Foundry). Single resource, single ARM object, and three FQDNs hanging off it: the Azure OpenAI-compatible inference endpoint, the cognitive-services endpoint, and the Foundry project endpoint your agents and Responses API code talks to.

    There are also two portals. Foundry (classic) is the hub-based experience that grew out of Azure AI Studio. Foundry (new) is the project-first experience built around the consolidated resource. Both still work. Classic is in maintenance mode. If you are starting a new project in 2026, start in the new portal and create a Foundry project β€” not a hub project. Hub projects still exist for backwards compatibility, but everything Microsoft is investing in β€” agent service, evaluations, the new model catalogue, observability β€” is wired up around Foundry projects first.

    One more piece of context before you create anything: the Assistants API retirement deadline of 26 August 2026 is real. If you are building anything new today, do not start on Assistants β€” go directly to Foundry Agent Service and the Responses API. I’ll cover the migration path in a dedicated post; for now, treat Assistants as legacy.

    Microsoft Foundry resource and project architecture: a top-level Foundry resource governance boundary containing model deployments, security settings, connections, and two projects.
    Microsoft Foundry resource and project architecture. Source: Microsoft Learn β€” Microsoft Foundry architecture.

    2. The five decisions you make before you click Create

    2.1. Foundry resource vs upgrading an existing Azure OpenAI resource

    Decision: create a brand-new Foundry resource, or upgrade an existing Azure OpenAI resource in place. Trade-off: the in-place upgrade keeps your existing endpoint, deployments, network config, and RBAC bindings β€” but it requires a system-assigned managed identity on the source resource and is one-way once you commit (rollback exists but is a support operation, not a button).

    For TrafficIQ: new resource. The repo was greenfield, I wanted a clean project boundary, and I didn’t want to inherit eighteen months of ad-hoc role assignments from the old Azure OpenAI resource.

    2.2. Region

    Decision: which Azure region hosts the resource. Trade-off: model availability is not uniform. Sweden Central, East US 2, and France Central each have meaningfully different model catalogues, and frontier models often land in one region weeks before the others. Pick the wrong region and you’ll either rewrite code against a different deployment or pay cross-region latency. For TrafficIQ: Sweden Central. TrafficIQ shipped on gpt-4.1 and gpt-4.1-mini, and Sweden Central was the region that aligned with both the model availability I needed and my EU data-residency obligations. Starting fresh today, I’d still default to Sweden Central but I’d evaluate gpt-5-mini for the router/orchestrator.

    2.3. New portal vs classic portal

    Decision: which portal you do your work in. Trade-off: classic gives you hub projects (good if you have an existing hub and shared compute), new gives you Foundry projects (better isolation, simpler RBAC, where all the new features land first).

    For TrafficIQ: new portal, Foundry project. No hub.

    2.4. Single project vs multiple projects per resource

    Decision: how many projects to carve out of one Foundry resource. Trade-off: projects are the isolation and RBAC boundary in Foundry β€” a project owns its agents, threads, evaluations, connections, and the people who can see them. One project is simpler; multiple projects are how you separate prod from dev, or two workloads that should never see each other’s data.

    For TrafficIQ: I started with a single project and split as soon as evaluations grew enough to need their own connections and quotas. The pattern I’d recommend day one: two projects per environment β€” one for the agent runtime, one for evaluations and offline experiments β€” and prod in a separate Foundry resource entirely from non-prod, so a misconfigured RBAC binding can never reach production data.

    2.5. Direct Foundry-billed models vs Azure Marketplace third-party models

    Decision: how you procure non-OpenAI models β€” Anthropic, Cohere, Mistral, Meta, and the rest. Trade-off: direct (first-party in the Foundry catalogue, billed on your Azure invoice, full enterprise SLA, no separate contract) versus Azure Marketplace (third-party publisher, often the only way to get the very latest version of a partner model, but it’s a separate offer you have to accept and the billing line lands differently).

    For TrafficIQ: direct for everything I could, marketplace only where a specific model version wasn’t available first-party. One Azure invoice is worth real money in procurement time.

    3. Authentication and authorisation β€” the day-one setup

    If you take one thing from this post, take this: don’t use API keys. Foundry resources support Entra ID (Azure AD) authentication everywhere, and DefaultAzureCredential from azure-identity is the right pattern from day one. Keys feel quick on day one and become a rotation, secrets-sprawl, and audit nightmare by month three.

    The pattern I use in TrafficIQ, lifted down to its essentials:

    from azure.identity import DefaultAzureCredential
    from azure.ai.projects import AIProjectClient
    # DefaultAzureCredential walks an ordered chain:
    # env vars -> managed identity -> Azure CLI -> VS Code -> interactive
    # Same line of code works locally, in CI, and in production.
    credential = DefaultAzureCredential()
    project = AIProjectClient(
        endpoint="https://<your-foundry-resource>.services.ai.azure.com/api/projects/<project-name>",
        credential=credential,
    )
    # Now you can use Agents, Responses, evaluations, connections β€”
    # all authenticated as the principal the host environment provides.
    agents = project.agents

    There are three roles you’ll actually find yourself assigning in the first week. Microsoft renamed these in the last release wave; both old and new names still appear across the portal and docs during the rollout, but the new names are what you should write into runbooks.

    • Foundry User (formerly Azure AI User) β€” read/use existing agents, run inference, call the Responses API. This is the role for your application’s managed identity in production, and for engineers who consume but don’t author. Role ID: 53ca6127-db72-4b80-b1b0-d745d6d5456d.
    • Foundry Project Manager (formerly Azure AI Project Manager) β€” create and modify agents, manage connections, deploy models into the project. The role for developers actually building. Role ID: eadc314b-1a2d-4efa-be10-5d325db5065e.
    • Foundry Account Owner (formerly Azure AI Account Owner) β€” resource-level operations like creating new Foundry resources and configuring guardrails. The elevated tier. Don’t grant casually.

    Two practical notes. In Azure CLI and Bicep, use the role definition GUIDs, not the names β€” names are still mid-rename and the GUIDs are stable. And don’t grant any role that starts with “Cognitive Services” for Foundry work. The Microsoft Learn RBAC doc explicitly calls these out as not applicable to Foundry, even though Foundry sits on the Microsoft.CognitiveServices provider under the hood.

    Diagram showing access for the Foundry User role, scoped at the Foundry resource.
    Foundry User role (formerly Azure AI User), scoped at the Foundry resource. Source: Microsoft Learn β€” RBAC for Microsoft Foundry.

    In production, the application principal is a managed identity β€” a user-assigned managed identity attached to your App Service, Container App, AKS workload identity, or Function. App registrations with client secrets are for local development and headless CI/CD only. If you find yourself putting an app registration secret on a production workload, you’ve taken a wrong turn β€” go back and attach a managed identity instead.

    Secrets that genuinely have to exist β€” third-party API keys, database connection strings, anything that isn’t a Foundry credential β€” live in Azure Key Vault and are injected at build time, not runtime where possible. TrafficIQ uses a Vite Key Vault plugin pattern for the frontend so that the bundle never contains a literal secret and the build agent’s managed identity is the only thing that ever touches the vault.

    One last thing the docs bury and I wish someone had said louder: private endpoints are the most-forgotten production step, and you have to recreate them after an in-place upgrade from Azure OpenAI to Foundry. The upgrade preserves most of your network configuration, but private endpoints targeting the new Foundry sub-resources need to be re-provisioned, and DNS will be wrong until you do. Put it on the upgrade runbook.

    Network isolation plan for Microsoft Foundry: inbound via Private Access, outbound to Storage/Key Vault/Cosmos via private endpoints, outbound from compute.
    Network isolation plan for Microsoft Foundry. Source: Microsoft Learn β€” Configure network isolation for Microsoft Foundry.

    4. The first sprint β€” a working checklist

    In order. One line on what to do, one line on the trap.

    1. Create the Foundry resource. Use kind: AIServices, allowProjectManagement: true, system-assigned managed identity on. Trap: if you let someone create it as a vanilla Azure OpenAI resource “for now,” you’ll be doing an upgrade migration in week three.
    2. Create the first Foundry project. Give it a name that survives renames β€” <workload-<env works. Trap: project name is in the endpoint URL, so renaming later means client config changes everywhere.
    3. Assign roles, not keys. Azure AI Project Manager for builders, Azure AI User for the app’s managed identity. Trap: don’t grant subscription-level Contributor “just to unblock the demo” β€” it never gets revoked.
    4. Set up Key Vault and managed identity. One vault per environment, user-assigned managed identity attached to your compute. Trap: system-assigned MIs disappear when you delete the compute resource; use user-assigned for anything you care about.
    5. Deploy a model. A reasonable default in 2026: gpt-5-mini for router/orchestrator agents and gpt-4.1 for specialists with heavier tool-calling. Trap: model availability is regional β€” check the catalogue in your target region before you write code against a specific deployment name.
    6. Wire a connection for any external data source. Foundry “connections” are the project-scoped credential store for storage accounts, search indexes, and tools. Trap: connections live inside the project β€” copy them when you split prod from dev, don’t share.
    7. Call the Responses API from a smoke-test script. AIProjectClient β†’ get inference client β†’ responses.create. Trap: if you copy a sample using the legacy chat-completions endpoint, you’ll miss the new tool-calling and reasoning surface entirely.
    8. Stand up your first agent in Foundry Agent Service. Tools, instructions, model β€” keep it boring. Trap: don’t start with a mega-agent; start with one narrow agent and add a second before you make the first one cleverer.
    9. Turn on Guardrails and review the defaults. They are on by default at “medium” across categories. Trap: defaults block legitimate enterprise content β€” see Section 5.
    10. Wire up observability before you ship. Application Insights connection on the project, distributed tracing through opentelemetry, Foundry’s built-in run/thread tracing on. Trap: adding observability after the fact is two orders of magnitude harder than turning it on now.

    5. The three things that will bite you in the first sprint

    Quota. Tokens-per-minute (TPM) and requests-per-minute (RPM) limits are per-deployment and per-region, and the default quota you get on a fresh subscription is sized for demos, not production. The day you flip a real workload on, you will hit 429s. Mitigations: request quota increases early (the form is slow), spread deployments across multiple regions if your latency budget allows, and put Provisioned Throughput Units (PTU) under anything customer-facing where you cannot tolerate rate-limit jitter.

    Guardrails (formerly content filters). Foundry’s Guardrails system is on by default with sensible consumer settings β€” and it will block legitimate enterprise content. Customer-complaint emails trip the harm filter. Security logs trip the violence filter. Code review of an exploit-handling library trips multiple. You can tune controls per-model and per-agent under Guardrails in the portal, define custom guardrails with their own controls, and apply them at four intervention points: user input, tool call, tool response, and output (the final completion returned to the user). Audit the defaults the day you deploy your first model, not the day a business user shows you a screenshot of a blocked legitimate prompt.

    Observability. Foundry exposes distributed traces, per-run token accounting, evaluation hooks, and a thread/run viewer in the portal β€” but only if you wire it up. Wire it up on day one. The cost of adding tracing to a quiet new system is an afternoon. The cost of adding tracing to a live multi-agent system with real users is a sprint and a half, plus the customer trust you spend debugging the bug you can’t see.

    6. When NOT to use Foundry

    I’m bullish on Foundry, but it isn’t the answer to every question.

    If you have exactly one OpenAI model in production and a stable PTU reservation on it, defer the upgrade. The in-place upgrade is non-trivial, and you get nothing from it if you aren’t using agents, evaluations, or the broader catalogue. Revisit when one of those becomes a “yes.”

    If you need offline or on-device inference β€” air-gapped environments, edge devices, sub-10ms latency budgets β€” you want Foundry Local, not cloud Foundry. Same model story, very different deployment shape, and trying to make cloud Foundry pretend to be local will end badly.

    If you have a price-sensitive, non-enterprise workload with no Entra or Azure compliance requirement β€” a side project, a hobby tool, a community OSS app β€” going direct to OpenAI’s or Anthropic’s API is still cheaper and operationally simpler. Foundry’s value is enterprise: SSO, RBAC, private networking, compliance attestations, one invoice. If you don’t need those, you’re paying for them anyway.

    7. Closing β€” and what’s next

    Foundry rewards a small amount of up-front thinking. Pick the region for the models you actually need. Use Entra and managed identities from line one of code. Multi-project from the start if you’re going to run more than one environment. Turn on observability before the first user hits the first endpoint. Re-do your private endpoints after any upgrade. Most of the pain I see on Foundry projects is pain that comes from skipping one of those.

    Two follow-ups coming next on this blog: Foundry Agent Service migration from the Assistants API (with code from TrafficIQ) and an authentication-patterns deep-dive that goes well past DefaultAzureCredential into workload identity federation, on-behalf-of flows, and the per-environment role assignments I actually deploy. Subscribe if that’s useful β€” I’ll link them here as they go live.

    Image credits

    Diagrams in this post are reused from Microsoft Learn with attribution to Microsoft:

    All other commentary, code, and opinions in this post are my own and reflect lessons from building TrafficIQ.

  • Why I built 6 agents instead of 1 mega-agent β€” lessons from TrafficIQ

    I had two design choices for TrafficIQ: one super-agent holding 56 tools, or six specialist agents sharing them. I picked six. Here is what the one-agent path gets right, where it breaks, and the six lessons I took into production.

    TrafficIQ went on to win Best Use of Microsoft Foundry at the AI Dev Days Hackathon β€” chosen from 401 projects and 2,041 registrants. The architecture choices below are what made that possible, and what I would actually defend in front of an enterprise architecture review board.

    Why one-agent is genuinely tempting

    The one-agent design is the simpler mental model. One assistant. One system prompt. One thread. One place to debug.

    When you are sketching the first prototype, this is almost always the right move. Orchestration is not free β€” you have to write a router, define handoff contracts, manage cross-agent state. Skipping all of that gets you to a working demo in an afternoon. Most enterprise teams default here, and for a 10-tool assistant, they are right to.

    The trouble starts later. It starts when the surface area grows past what a single model can hold in its head.

    Where one-agent breaks

    In my experience tool-selection accuracy degrades non-linearly past around 15 to 20 tools. The model does not fail loudly. It fails subtly. It picks get_shipment_status when the user clearly needed check_shipment_status, because the names overlap and the descriptions rhyme. It calls track_shipment when the right answer was get_proof_of_delivery.

    The system prompt becomes the second symptom. To compensate for the confusion, you add disambiguation rules. “Use tool X only when the user mentions Y.” The prompt grows. By the time you have 40 tools, you are nursing a 4,000-token monolith that nobody on the team wants to touch.

    And then there is context-window pressure. Every tool’s JSON schema, every parameter description, every example β€” it all lives in the agent’s context on every turn. With 56 tools, that alone is enough to crowd out the actual conversation.

    A super-agent does not just get slower. It gets less correct. The failure mode is “looks plausible, called the wrong tool.”

    The architecture I chose

    Six specialist agents, each with a tight tool set scoped to its domain. One orchestrator on top. One router inside the orchestrator. GPT-4.1 under each agent. The whole orchestration layer is built on the Microsoft Foundry SDK β€” the MultiAgentOrchestrator, the specialists, and the RouterAgent are all SDK-native, using the Foundry Assistants pattern (agent, thread, message, run) end to end.

    TrafficIQ multi-agent architecture β€” 6 specialist agents and the orchestrator
    TrafficIQ multi-agent architecture β€” 6 specialist agents and the orchestrator.

    The split is the part most people skip past, so it is worth being concrete:

    • Traffic Agent β€” 17 tools. Routing, journeys, incidents, reroutes, weather, POI, isochrone, snap-to-road.
    • Supply Chain Agent β€” 11 tools. Shipments, deliveries, inventory, ETAs, KPIs, proof of delivery. Backed by D365 F&O via the MCP Server.
    • Fleet Agent β€” 7 tools. Vehicle positions, driver performance, health, maintenance.
    • Operations Agent β€” 7 tools. Work orders, technician availability, schedule optimisation, returns.
    • Field Service Agent β€” 7 tools. Service requests, customer assets, SLAs, dispatch, parts.
    • IoT & Logistics Agent β€” 7 tools. Device health, geofences, driving behaviour, connectivity, batch route alternatives.

    Plus 2 shared tools (navigate_to_page, show_input_form) that every agent can call. That is 56 tools total, none of which any single agent actually has to reason over.

    Coordination sits in a MultiAgentOrchestrator. It runs a three-tier router: sticky β†’ keyword β†’ LLM classifier (the RouterAgent). Each specialist holds its own Foundry thread so its context stays clean. The orchestrator handles handoff when the user pivots from one domain to another.

    Broader TrafficIQ architecture β€” agents, MCP, Azure services, Dataverse
    Broader TrafficIQ architecture β€” agents, MCP, Azure services, Dataverse.

    The rest of this post is the six lessons that fell out of building it.

    Lesson 1 β€” route in tiers, not in one LLM call

    The naive multi-agent router is “ask GPT which agent should handle this.” It works. It is also slow and expensive on every single turn, including the easy ones.

    I run three tiers in order. First, sticky: if the user is mid-thread with the Supply Chain Agent and the next message is “and the one after that?”, stay put. Conversations are usually continuous. The default should be continuity, not re-evaluation.

    Second, keyword. Each agent registers a small set of high-signal terms β€” “shipment”, “warehouse”, “geofence”, “technician”. A keyword match is effectively free. For roughly the queries you would expect β€” the obvious ones β€” this resolves the routing decision in microseconds with no token spend.

    Only when both tiers miss do I fall back to the LLM classifier. That is the RouterAgent, and it is the only model call dedicated to routing. The result is a router that is fast on the common path, accurate on the ambiguous one, and cheap in aggregate. Putting the cheap checks first is the entire trick.

    Lesson 2 β€” each agent owns its own thread

    This one took me a while to land on, and I think it is the most underrated decision in the whole architecture.

    The obvious approach is to share a single conversation thread across all agents, and have the orchestrator switch which agent reads from it. Do not do this. It is the worst of both worlds. Each agent now sees every tool’s history, including tools it does not own. The tool-set bleed contaminates selection. You also get token bloat: every agent re-reads the entire shared history on every run.

    In TrafficIQ each specialist owns its own thread via the Microsoft Foundry SDK. The Supply Chain Agent’s thread only ever contains Supply Chain turns. Its tool schemas, its system prompt, its prior tool calls β€” none of it touches the Fleet Agent’s context. Each agent is, effectively, a tightly scoped assistant that does not know the others exist. The SDK’s thread primitive is what makes that isolation cheap to enforce.

    The orchestrator is the only component that knows there are multiple agents. The agents themselves are blissfully ignorant. That isolation is what makes them stay accurate as the system grows.

    Lesson 3 β€” context handoff is the hard problem, not routing

    Once you have isolated threads, the next question is the obvious one: what happens when the user pivots? “What’s the ETA on that shipment?” β€” Supply Chain handles it. Then: “And dispatch a tech to the warehouse.” β€” that is Field Service, and Field Service has no idea what “that shipment” refers to.

    You cannot dump the entire Supply Chain thread on Field Service. That would re-introduce every problem isolated threads were meant to solve. You also cannot hand over nothing β€” the user is mid-thought and expects continuity.

    What I settled on is a small, deliberate handoff payload: a summary of the last N messages from the source agent, written into the destination agent’s thread as a context message before the user’s new turn lands. Enough grounding to resolve “that shipment”. Not enough to confuse tool selection. The summary is generated by the same Azure OpenAI deployment the agents use, with a tight system prompt β€” give me entities, IDs, and the last user intent. No prose.

    Routing gets the headlines. Handoff is what actually breaks in production if you get it wrong.

    Lesson 4 β€” tools must be MECE within an agent, not across all agents

    MECE β€” mutually exclusive, collectively exhaustive. It is the rule I borrowed from consulting, and it is the cleanest way to think about tool design in a multi-agent system.

    Across the whole platform, similar-sounding tools exist. Traffic’s plan_journey and Supply Chain’s optimize_delivery_route both compute routes. That is fine. They live in different agents and serve different intents β€” a personal commute is not a multi-stop delivery plan. The router decides which world the user is in. The agent never has to choose between them.

    The rule that actually matters: within one agent, no two tools should be confusable. The Traffic Agent has 17 tools, and I spent more time on their names and descriptions than on any other part of the system. get_traffic_incidents queries an area. monitor_saved_journey watches a specific route. suggest_reroute triggers a recompute. Different verbs, different objects, no overlap.

    If you cannot explain to a junior engineer in one sentence what makes two tools different, the model will not get it right either.

    Lesson 5 β€” make agents observable from day one

    You cannot debug a multi-agent system from the response text alone. You need to see which agent answered and which tool fired. So the chat panel in TrafficIQ shows both.

    TRAFI chat panel with agent badges and tool-call indicators
    TRAFI chat panel with agent badges and tool-call indicators.

    Every message carries an agent badge β€” colour-coded per domain. Every tool call streams in real time as a small inline indicator: tool name, parameters, status. When something looks off, I can see immediately whether the routing was wrong, the tool selection was wrong, or the tool itself returned bad data. Three different failure modes, three different fixes, and you cannot tell them apart without the visibility.

    This is not UI polish. I would argue it is the single most important user-trust feature in the product. Users are sceptical of agents β€” rightly. When they can see “Supply Chain Agent β†’ check_shipment_status β†’ D365 F&O”, the agent stops being a black box. It becomes a transparent process they can audit.

    Build the observability before you build the second agent. You will need it the moment routing decisions start mattering.

    Lesson 6 β€” ground on enterprise data, not the LLM’s memory

    Every tool in TrafficIQ resolves against a real system of record. D365 F&O via the MCP Server for shipments, inventory, work orders. Azure Maps for routing, traffic, weather, POI. Azure IoT Hub for device health and telemetry. Dataverse for application state.

    The agents never “remember” entities. They look them up. If the user asks about shipment SH-10042, the agent does not summarise what it thinks it knows β€” it calls check_shipment_status and reads the live record. If GPT-4.1 hallucinates an ETA, the tool result overwrites it.

    That single discipline is what separates a hackathon demo from something an enterprise IT team can own. The model is the reasoning surface. The tools are the truth surface. Keep them strictly separated and the agent’s answers become defensible, auditable, and β€” most importantly β€” refreshable when the underlying data changes.

    What I would do differently next time

    Two honest ones.

    First, I would build the router evaluation harness before writing the router. I built it last. I now have a CSV of representative queries with the expected target agent, and it runs as a test suite β€” but I had to retrofit it after the architecture was already set. If I had started with the eval, I would have caught two keyword collisions weeks earlier.

    Second, I would put a hard token budget on per-agent system prompts from day one. The Traffic Agent’s prompt drifted from 600 tokens to nearly 1,400 over the course of the build, because every new tool came with “and remember to use this when…” instructions. A budget forces the discipline of writing better tool descriptions instead of patching the prompt. Treat the system prompt like a constitution, not a notepad.

    Closing

    The headline is small but the implication is large: when a single agent’s tool surface grows past where its selection accuracy holds, the answer is not a smarter prompt. It is a smaller agent.

    Six specialists with clear scopes, isolated threads, tiered routing, MECE tools, visible execution, and grounded data β€” that is the recipe that survived production hardening in TrafficIQ. None of it is exotic. All of it is boring engineering applied carefully.

    If you want to see the code, the TrafficIQ repo is on GitHub. The Microsoft winner announcement is here. And the full demo video walks the router, the handoffs, and the tool execution in real time.

    TrafficIQ operational dashboard
    TrafficIQ operational dashboard.
  • πŸ₯ˆ 1st Runner Up β€” Microsoft Dynamics 365 Customer Insights ITeS Hackathon

    πŸ₯ˆ 1st Runner Up β€” Microsoft Dynamics 365 Customer Insights ITeS Hackathon

    πŸ₯ˆ 1st Runner Up β€” Microsoft Hackathon: Dynamics 365 Customer Insights (ITeS) Β· Feb–Mar 2021

    In early 2021, our ITC Infotech team was selected as the 1st Runner Up at the Microsoft Dynamics 365 Customer Insights ITeS Hackathon β€” a four-week build challenge judged by an eight-member Microsoft jury. The objective: solve a stated business problem within four weeks, leveraging Microsoft Azure and Dynamics 365 β€” Customer Insights, Power BI / Power Apps. Solutions were validated against industry coverage, number of data sources, ideation of measures, integration breadth and presentation quality.

    ITC Infotech team emerged 1st Runner Up at Microsoft Hackathon β€” Dynamics 365 Customer Insights ITeS Hackathon, Feb-March 2021
    The Microsoft / ITC Infotech announcement β€” 1st Runner Up, Dynamics 365 Customer Insights ITeS Hackathon, Feb–March 2021.

    The team

    • Pradeep Bhaganna β€” Sr. Principal Consultant
    • Shanthi Chenna Reddy β€” Technical Architect
    • Astha Jaggi β€” Data Scientist
    • Raghav Mishra β€” Technical Consultant

    The business challenge β€” Financial Crime

    The business area we focused on was Financial Crime in banking β€” a domain under constant regulatory stress. The core problem: banks were drowning in compliance alerts. More than 80% of those alerts turned out to be false positives, and banks did not have an effective single risk view of a customer, forcing large compliance teams to manually triage and investigate cases that mostly went nowhere.

    The solution β€” Intelligent automation on the Microsoft stack

    We built an intelligent-automation financial-crime solution on top of ITC Infotech’s CIP Digital Banking Capability, combining a machine-learning model developed in Azure ML Studio with Dynamics 365 Customer Insights to create a single risk view of each customer. The solution then used Dynamics 365 case management to identify true and false positive alerts, automating the alert-triage process.

    The stack

    • Azure ML Studio β€” the financial-crime classification model
    • Dynamics 365 Customer Insights β€” unified customer profile and risk view
    • Dynamics 365 case management β€” automated alert triage and investigation workflow
    • Power BI / Power Apps β€” the operations dashboards and compliance UI
    • ITC Infotech CIP Digital Banking + EΒ² Framework β€” the underlying delivery accelerator

    The impact (modelled)

    • βœ… 30% improvement in case resolution time through automated triage
    • βœ… 35% improvement in SAR (Suspicious Activity Report) disclosure rate
    • βœ… Significant reduction in manual human effort for compliance investigators
    • βœ… Improved customer and colleague experience on the compliance journey

    What Microsoft said

    Congratulations ITC Infotech team! Great performance and brilliant solutioning. We should immediately think about taking this solution to market via AppSource.

    Nitin Santosh β€” Global Partner Technology Strategist, Microsoft

    Congratulations Team ITC Infotech! Learning, ideating and building β€” and finally winning! Let us build on this success and bring in some early customer wins together!

    Srividya Lakshminaraghavan β€” Director, Partner Technology, Microsoft India

    Looking back

    This was my first major Microsoft hackathon recognition β€” and a defining moment in shaping how I think about enterprise AI. The lesson that stuck with me: AI is only as valuable as the business workflow it lives inside. A model that classifies financial-crime alerts is interesting; a model wired into Dynamics 365 case management with a clear human-in-the-loop is shipped value.

    Five years and two hackathon wins later, that thesis still drives what I build today β€” most recently TrafficIQ on the modern Microsoft AI Foundry / Agent Framework stack.

    Links

  • πŸ† Winning Best DEI Use Case at Microsoft HackTogether β€” Make Life Easy

    πŸ† Winning Best DEI Use Case at Microsoft HackTogether β€” Make Life Easy

    Make Life Easy β€” Power Apps + DALLΒ·E visualizer screen showing step-by-step shoe-removal task with AI-generated visual cues
    Make Life Easy β€” Power Apps canvas app generating DALLΒ·E visual cues for each step of a daily living task (shoe removal), wired to a per-child scheduler in Dataverse.

    πŸ† Best DEI Use Case β€” Microsoft HackTogether: Power Platform Global AI Hack Β· 2023

    In 2023, I was selected as one of just four global winners of Microsoft’s HackTogether: Power Platform Global AI Hack β€” winning the Best DEI (Diversity, Equity and Inclusion) Use Case category for my project Make Life Easy. The hackathon received 115 submissions from across the global Power Platform community, and was organised by April Dunnam and the Power Platform Developer team.

    The project β€” Make Life Easy

    Make Life Easy is a specialised Power Apps canvas app designed to support parents of autistic children in their daily routines. The app’s primary goal is to simplify and enhance the lives of both parents and children by providing visual and text-based guidance for various daily activities.

    Key features

    • Visual and text-based task lists β€” so a child can see and read each step of a routine
    • Customisable activities β€” parents can tailor the app to their child’s specific needs
    • Scheduling β€” predictable, repeatable routines that help reduce daily anxiety
    • Accessibility features β€” designed with sensory and cognitive needs in mind
    • User-friendly design β€” for both children and busy parents
    • Feedback and improvement loop β€” so the app keeps evolving with real-world use

    The AI underneath

    From the Microsoft judges’ announcement post: “The judges loved that the Power App connects to DALL-E to generate the images used and Azure OpenAI to create the list of steps. And most importantly, the judges loved the use case of helping kids with autism and their parents.”

    • Azure OpenAI generates the step-by-step instructions for each activity
    • DALL-E generates the visual icons that accompany each step
    • Power Apps + Power Automate + Dataverse deliver the app, persist data and wire the workflows together

    Why this matters

    Daily routines are not background noise for many neurodivergent children β€” they are the scaffolding of the day. Visual, predictable, customisable instructions can dramatically reduce friction, anxiety and conflict at home. The technology stack here is almost incidental: what mattered was using generative AI to personalise that scaffolding at scale, so parents do not have to manually draw or write out every step of every routine.

    This was also a personal lesson about what Power Platform is really good at: shipping a working, customer-grade app in days, not months β€” which is exactly what a hackathon format rewards. Combined with Azure OpenAI and DALL-E, citizen-developer tooling becomes a serious vehicle for accessibility-first software.

    Thank you

    Huge thanks to April Dunnam and the Power Platform Developer team for running HackTogether, the judges for picking Make Life Easy in the DEI category, and AlfaPeople for their support along the way.

    Links

  • πŸ† Winning Best Use of Microsoft Foundry at AI Dev Days Hackathon β€” TrafficIQ

    πŸ† Winning Best Use of Microsoft Foundry at AI Dev Days Hackathon β€” TrafficIQ

    πŸ† Best Use of Microsoft Foundry β€” Microsoft AI Dev Days Hackathon Β· 2026

    I am honored to share that TrafficIQ β€” Supply Chain Transport Intelligence won the Best Use of Microsoft Foundry Project award at Microsoft’s AI Dev Days Hackathon. The hackathon brought together a global community of 2,041 registrants and 401 submitted projects, with winners selected across two Grand Prize categories and four special category awards.

    TrafficIQ Dashboard
    TrafficIQ Dashboard β€” the operational command centre.

    What TrafficIQ does

    TrafficIQ is an enterprise-grade multi-agent AI platform built entirely on the Microsoft AI Platform. It brings real-time traffic intelligence into fleet, logistics and supply-chain workflows β€” so dispatchers, drivers and operations leaders can make smarter routing and delivery decisions before disruptions hit the bottom line.

    The Microsoft stack underneath

    • Azure AI Foundry β€” model hosting, agent orchestration and evaluation
    • Microsoft Agent Framework β€” multi-agent coordination and tool calling
    • Azure Maps β€” routing, traffic incidents and geospatial intelligence
    • Azure IoT Hub β€” fleet GPS telemetry and vehicle sensor streams
    • Dynamics 365 Finance & Operations β€” orders, shipments and field service
    • MCP (Model Context Protocol) β€” standardised tool integration across agents
    • Dataverse, Power Apps & Power Automate β€” the human-in-the-loop UI and workflow layer
    TrafficIQ Multi-Agent Architecture
    The TRAFI multi-agent architecture β€” 6 specialist agents, 49 composable tools.

    TRAFI β€” the multi-agent core

    At the heart of TrafficIQ is TRAFI, a multi-agent AI orchestration system with 6 specialist agents and 49 composable tools. The agents proactively monitor traffic incidents, optimise delivery routes, and reduce operational disruptions before they impact supply chains. Each agent owns a clear responsibility β€” incident monitoring, route planning, ETA recalculation, fleet health, customer notifications, escalation β€” and they coordinate through the Microsoft Agent Framework.

    What the platform delivers

    • βœ… Real-time traffic awareness across the fleet
    • βœ… Intelligent route optimisation with live re-planning
    • βœ… Fleet GPS visibility and IoT telemetry
    • βœ… Predictive maintenance insights
    • βœ… Automated ETA updates to customers
    • βœ… Field service & inventory management
    • βœ… Enterprise notifications and operational dashboards
    TrafficIQ Delivery Planner
    Delivery Planner β€” AI-assisted scheduling and route optimisation.
    TrafficIQ Fleet Management
    Fleet Management β€” live vehicle health and GPS telemetry.
    TrafficIQ Analytics
    Operational analytics β€” KPIs that decision-makers actually read.
    TrafficIQ AI Chat Agent
    The TRAFI chat agent β€” natural-language ops co-pilot for dispatchers.

    Why this project

    This project was focused on solving practical enterprise challenges using agentic-AI patterns and Microsoft technologies in a production-oriented architecture. Hackathon code often optimises for the demo. With TrafficIQ I tried to optimise for what would survive a 3-month production hardening cycle: typed contracts between agents, explicit human-in-the-loop checkpoints, and a Dataverse-backed operational model that an enterprise IT team could actually own.

    Links

  • Building LocalRAG β€” a fully local AI document search

    LocalRAG is a fully local Retrieval-Augmented Generation application I built to answer one question: how much of a useful enterprise RAG can you run without sending a single byte to a cloud LLM?

    The problem

    Most “build a chatbot over your documents” tutorials assume an OpenAI key, a managed vector database and a cloud orchestrator. That’s fine for prototypes β€” and a dead end the moment you talk to a customer in regulated banking, healthcare or government. They want answers on their data, on their hardware, with no egress.

    The shape of the solution

    LocalRAG uses local Ollama models for both embeddings and generation, FAISS for the vector index, and a content-type-aware ingestion pipeline that handles PDF, DOCX, CSV, Excel, XML and images. Everything runs on a laptop. The full demo is on YouTube.

    • Ingestion: multi-format extractors that preserve enough structure to chunk intelligently β€” tables stay together, lists stay together, headings become metadata.
    • Indexing: FAISS index with content-type tags so retrieval can prefer the right shape of content for the question.
    • Retrieval: semantic top-k with rate-limited retries and a simple fallback when a model is overloaded.
    • Generation: a local Ollama model with grounded prompts and source citations.

    What I’d do differently next time

    Two things. First, evaluation should be a first-class subsystem from day one, not bolted on later β€” even a small golden-question set saves you from regression panic during refactors. Second, content-type awareness is more important than fancy reranking; a boring extractor that respects document structure beats a clever reranker that received bad chunks.

    Repo: github.com/PowerAI-Labs/LocalRAG. Feedback and PRs welcome.

  • Welcome to PowerAI Labs

    Welcome to PowerAI Labs β€” my engineering notebook in public. This is where I’ll write down what I’m building, what I’m breaking, and what survives contact with production on the Microsoft AI stack.

    Why this site exists

    After more than fifteen years shipping enterprise solutions across Dynamics 365, Power Platform, Copilot Studio and Azure AI, I’ve collected a lot of architecture decisions, hard-won lessons and reusable patterns. Most of them live in private Confluence pages, customer engagements and my own notes. PowerAI Labs is where I’m pulling the ones I can share into the open.

    What you’ll find here

    • Architecture deep-dives β€” reference architectures, decision logs and trade-off analyses for AI agents, RAG, and Power Platform solutions at enterprise scale.
    • Lessons from production β€” the things that don’t make it into vendor docs: cost surprises, throttling, governance, prompt drift, eval pipelines.
    • Tutorials and walkthroughs β€” hands-on guides for Copilot Studio, Microsoft 365 Copilot agents, Azure AI Foundry and the rest of the stack.
    • Projects β€” open-source experiments like LocalRAG, TrafficIQ and MakeLifeEasy.

    The point of view

    AI in the enterprise is exciting and chaotic at the same time. The vendor demos are perfect; the customer environments are not. My bias is towards architectures that are boring on purpose β€” strongly typed contracts, explicit data lineage, evaluable agents, and a default of “make it observable before you make it autonomous”. Everything I publish here is filtered through that lens.

    Stay in touch

    If a post is useful, share it. If something is wrong, tell me β€” I’d rather be corrected than confident. You can reach me at contact@powerailabs.dev, on LinkedIn, or via GitHub.

    β€” Raghav