Merge pull request #53383 from MicrosoftDocs/main

Auto Publish – main to live - 2026-02-06 18:00 UTC

Author: learn-build-service-prod[bot]

learn-pr/wwl-azure/explore-ai-governance-ai-ready-infrastructure/1-introduction.yml

@@ -0,0 +1,15 @@
+### YamlMime:ModuleUnit
+uid: learn.wwl.explore-ai-governance-ai-ready-infrastructure.introduction
+title: "Introduction"
+metadata:
+  title: "Introduction"
+  description: "Discover how to balance innovation with responsible AI practices using Microsoft Foundry for governance, compliance, and cost control."
+  ms.date: 02/02/2026
+  author: wwlpublish
+  ms.author: bradj
+  ms.topic: unit
+  ms.custom: references_regions
+durationInMinutes: 3
+content: |
+  [!include[](includes/1-introduction.md)]
+

learn-pr/wwl-azure/explore-ai-governance-ai-ready-infrastructure/2-microsoft-foundry-governance-capability.yml

@@ -0,0 +1,15 @@
+### YamlMime:ModuleUnit
+uid: learn.wwl.explore-ai-governance-ai-ready-infrastructure.microsoft-foundry-governance-capability
+title: "Understand Microsoft Foundry governance capabilities"
+metadata:
+  title: "Understand Microsoft Foundry Governance Capabilities"
+  description: "Learn how Microsoft Foundry centralizes governance for AI infrastructure, ensuring compliance, cost control, and audit readiness across Azure resources."
+  ms.date: 02/02/2026
+  author: wwlpublish
+  ms.author: bradj
+  ms.topic: unit
+  ms.custom: references_regions
+durationInMinutes: 13
+content: |
+  [!include[](includes/2-microsoft-foundry-governance-capability.md)]
+

learn-pr/wwl-azure/explore-ai-governance-ai-ready-infrastructure/3-configure-governance-policy-workloads.yml

@@ -0,0 +1,15 @@
+### YamlMime:ModuleUnit
+uid: learn.wwl.explore-ai-governance-ai-ready-infrastructure.configure-governance-policy-workloads
+title: "Configure governance policies for AI workloads"
+metadata:
+  title: "Configure Governance Policies for AI Workloads"
+  description: "Learn how to configure governance policies for AI workloads, ensuring compliance, cost control, and operational efficiency with Microsoft Foundry."
+  ms.date: 02/02/2026
+  author: wwlpublish
+  ms.author: bradj
+  ms.topic: unit
+  ms.custom: references_regions
+durationInMinutes: 13
+content: |
+  [!include[](includes/3-configure-governance-policy-workloads.md)]
+

learn-pr/wwl-azure/explore-ai-governance-ai-ready-infrastructure/4-exercise-configure-governance-controls.yml

@@ -0,0 +1,15 @@
+### YamlMime:ModuleUnit
+uid: learn.wwl.explore-ai-governance-ai-ready-infrastructure.exercise-configure-governance-controls
+title: "Exercise: Implement AI workload governance with Microsoft Foundry"
+metadata:
+  title: "Exercise: Implement AI Workload Governance with Microsoft Foundry"
+  description: "Learn how to configure governance controls for AI workloads using Microsoft Foundry and Azure services to ensure compliance and innovation."
+  ms.date: 02/02/2026
+  author: wwlpublish
+  ms.author: bradj
+  ms.topic: unit
+  ms.custom: references_regions
+durationInMinutes: 75
+content: |
+  [!include[](includes/4-exercise-configure-governance-controls.md)]
+

learn-pr/wwl-azure/explore-ai-governance-ai-ready-infrastructure/5-knowledge-check.yml

@@ -0,0 +1,50 @@
+### YamlMime:ModuleUnit
+uid: learn.wwl.explore-ai-governance-ai-ready-infrastructure.knowledge-check
+title: "Module assessment"
+metadata:
+  title: "Knowledge check"
+  description: "Knowledge check"
+  ms.date: 02/02/2026
+  author: wwlpublish
+  ms.author: bradj
+  ms.topic: unit
+  ms.custom: references_regions
+  module_assessment: true
+durationInMinutes: 3
+content: "Choose the best response for each of the following questions."
+quiz:
+  questions:
+  - content: "Your data science team complains that Microsoft Foundry policies block their Azure OpenAI deployments for experimentation, slowing innovation. They request that you disable all governance policies for development subscriptions. Your compliance officer insists that data residency policies must apply everywhere. What approach balances these competing requirements?"
+    choices:
+    - content: "Assign regional restriction policies in deny mode to all subscriptions to meet compliance requirements, but configure tagging and SKU policies in audit mode for development subscriptions so teams receive visibility without deployment blocking"
+      isCorrect: true
+      explanation: "The first option correctly applies different enforcement modes based on policy criticality. Regional restrictions in deny mode satisfy non-negotiable compliance requirements, while audit mode for other policies in development provides visibility and learning opportunities without blocking experimentation. The second option creates compliance risk by allowing violations that require costly remediation, and the third option unnecessarily restricts innovation when audit mode would achieve governance objectives for noncritical policies in development environments."
+    - content: "Disable all policies in development subscriptions to maximize innovation velocity, then rely on monthly compliance reviews to identify and remediate any data residency violations that occurred"
+      isCorrect: false
+      explanation: "The second option creates compliance risk by allowing violations that require costly remediation."
+    - content: "Apply all policies identically across development and production subscriptions using deny mode to ensure consistent governance, accepting that development velocity may decrease to maintain compliance"
+      isCorrect: false
+      explanation: "The third option unnecessarily restricts innovation when audit mode would achieve governance objectives for noncritical policies in development environments."
+  - content: "During a compliance audit, you discover that several Azure OpenAI deployments in your production subscription lack the required CostCenter tag, even though you assigned a tagging policy months ago. When you check Microsoft Foundry, the policy shows Active status with deny enforcement mode. What is the most likely cause of this compliance gap?"
+    choices:
+    - content: "The tagging policy was assigned after the noncompliant resources were deployed, so existing resources weren't affected by the policy and only new deployments are evaluated"
+      isCorrect: true
+      explanation: "The first option identifies the correct behavior: Azure Policy evaluates resources only at deployment time, so policies assigned after resource creation don't retroactively enforce compliance on existing resources. Organizations must run remediation tasks or manually update existing resources to achieve compliance."
+    - content: "The policy enforcement mode was incorrectly set to audit instead of deny when it was assigned, allowing noncompliant deployments to proceed with warning logs"
+      isCorrect: false
+      explanation: "The second option is unlikely if the current policy status shows deny mode."
+    - content: "Microsoft Foundry policy evaluation experienced a service outage during the deployment window, temporarily bypassing policy checks for those specific resources"
+      isCorrect: false
+      explanation: "The third option represents a rare event that wouldn't affect multiple deployments over time without generating service health alerts."
+  - content: "Your finance team reports that AI infrastructure costs exceeded the approved $20,000 monthly budget by 45% last quarter, despite budget alerts configured in Microsoft Foundry. Investigation reveals that teams received alert notifications but continued deploying resources because alerts don't prevent deployments. How should you strengthen cost governance while maintaining operational flexibility?"
+    choices:
+    - content: "Implement Azure Policy definitions that deny creation of premium AI service SKUs (GPT-4, high-throughput instances) in all subscriptions, forcing teams to use cost-effective alternatives unless they request exceptions through a documented approval process"
+      isCorrect: true
+      explanation: "The first option provides proactive cost control through policy enforcement while maintaining a documented exception process for legitimate premium SKU needs. This approach prevents unplanned spending at deployment time rather than reacting after costs accumulate."
+    - content: "Configure spending limits at the subscription level that automatically suspend all deployments when the budget threshold is reached, preventing any resource creation until the next billing period"
+      isCorrect: false
+      explanation: "The second option creates operational risk by suspending all deployments, potentially blocking critical production updates when budget limits are reached."
+    - content: "Transition budget alerts from notification-only mode to automated response mode that scales down or stops existing AI resources when spending reaches 90% of the monthly limit, preserving budget while maintaining deployed services"
+      isCorrect: false
+      explanation: "The third option addresses existing resources but doesn't prevent new high-cost deployments, and automatically stopping production AI services could cause service disruptions."
+

learn-pr/wwl-azure/explore-ai-governance-ai-ready-infrastructure/6-summary.yml

@@ -0,0 +1,15 @@
+### YamlMime:ModuleUnit
+uid: learn.wwl.explore-ai-governance-ai-ready-infrastructure.summary
+title: "Summary"
+metadata:
+  title: "Summary"
+  description: "Learn how centralized governance with Microsoft Foundry ensures compliance, cost control, and security for AI workloads in your organization."
+  ms.date: 02/02/2026
+  author: wwlpublish
+  ms.author: bradj
+  ms.topic: unit
+  ms.custom: references_regions
+durationInMinutes: 3
+content: |
+  [!include[](includes/6-summary.md)]
+

learn-pr/wwl-azure/explore-ai-governance-ai-ready-infrastructure/includes/1-introduction.md

@@ -0,0 +1,20 @@
+Your organization just launched three new AI projects: a customer service chatbot, a fraud detection system, and a product recommendation engine. Within two months, your finance team flags unexpected Azure OpenAI charges totaling $47,000—triple the approved budget. At the same time, your compliance officer discovers that two development teams deployed AI models in regions that violate your data residency requirements. Your security team adds another concern: several AI endpoints lack the required content filtering policies, creating potential liability exposure.
+
+This scenario reflects a common challenge as organizations scale AI initiatives. Innovation accelerates, but without governance controls, teams face cost overruns, compliance violations, and security gaps. Microsoft Foundry addresses these challenges by centralizing governance across your AI infrastructure, enabling you to define policies once and enforce them consistently across all AI workloads.
+
+In this module, you learn how Microsoft Foundry helps administrators and AI engineers implement governance controls that balance innovation with responsible AI practices. You configure policies that enforce tagging standards, restrict regional deployments, control costs through budget alerts, and establish responsible AI guardrails. By the end of this module, you understand how to create a governance framework that supports rapid AI experimentation while maintaining compliance, cost predictability, and security standards.
+
+## Learning objectives
+
+By the end of this module, you're able to:
+
+- Explain how Microsoft Foundry supports AI infrastructure governance and compliance requirements
+- Configure governance policies and controls for AI workloads using Microsoft Foundry
+- Implement monitoring and auditing strategies that track AI resource usage and cost
+- Evaluate responsible AI practices and establish guardrails for production deployments
+
+## Prerequisites
+
+- Familiarity with Azure fundamentals and resource management concepts
+- Basic understanding of AI and machine learning workload characteristics
+- Experience navigating Azure portal or using Azure CLI for resource configuration

learn-pr/wwl-azure/explore-ai-governance-ai-ready-infrastructure/includes/2-microsoft-foundry-governance-capability.md

@@ -0,0 +1,44 @@
+## Microsoft Foundry's role in AI infrastructure governance
+
+When you deploy AI workloads across Azure OpenAI, Azure Machine Learning, and Cognitive Services, you create a distributed infrastructure that spans multiple subscriptions, regions, and resource groups. Without centralized governance, each team manages policies independently, leading to inconsistent security controls, fragmented cost tracking, and compliance gaps that auditors discover only during reviews. Microsoft Foundry addresses this by offering a single governance layer that works with Azure Policy, Microsoft Purview, and Azure Monitor to apply controls automatically across all AI resources.
+
+Microsoft Foundry lets you define governance boundaries at the management group or subscription level and automatically enforce policies across your entire resource hierarchy. Centralized controls for tagging, regional restrictions, and responsible AI ensure every AI deployment is compliant before provisioning, while providing real-time visibility into cost, metadata, and compliance.
+
+With Microsoft Foundry, you can:
+- Define governance policies once and apply them consistently through inheritance across all subscriptions and resources  
+- Enforce tagging, regional limits, and responsible AI controls automatically for all AI deployments, regardless of how they’re created  
+- Gain continuous, real-time insight into resource usage, costs, and compliance without manual inventory tracking
+
+
+## Policy enforcement for AI workloads
+
+
+Microsoft Foundry extends Azure Policy by providing prebuilt templates designed specifically for governing AI infrastructure. These templates help ensure governance and compliance requirements are enforced automatically before any AI resource is deployed.  
+- Common scenarios include mandatory tags for cost center tracking, restricting AI service deployments to approved regions for data residency compliance, and limiting SKU selections to control costs.  
+- Foundry also enforces responsible AI configurations, such as content filtering and abuse monitoring, and evaluates all applicable policies whenever an AI engineer attempts a deployment.
+
+Microsoft Foundry also streamlines policy enforcement by preventing noncompliant resources from ever reaching production. This proactive approach reduces manual effort and eliminates the need for later remediation.  
+- For example, instead of manually defining a **CostCenter** tagging rule per subscription, you select a prebuilt tagging policy template, specify the required tags, and assign it at the management group level.  
+- Any Azure OpenAI deployment missing the **CostCenter** tag fails immediately with a clear error message, avoiding downstream fixes during monthly governance audits.
+
+
+## Resource organization and cost management
+
+Foundry uses Azure's resource hierarchy—management groups, subscriptions, resource groups—to organize AI workloads by business domain, project, or compliance boundary. This hierarchical structure becomes powerful when combined with budget controls and spending limits. You can assign a monthly budget to a resource group containing a specific AI project, configure alerts when spending reaches 80% and 100% of the threshold, and optionally block new deployments once the budget is exhausted. This prevents the scenario described in the introduction, where unmonitored AI experimentation leads to unexpected charges.
+
+At the same time, Foundry integrates cost data with resource tagging, enabling you to generate chargeback reports that show exactly which department, project, or cost center consumed AI resources during a billing period. Organizations using this capability report 25-30% reduction in unplanned AI infrastructure spending because teams gain visibility into their consumption patterns and adjust usage proactively. Your finance team receives automated reports showing AI costs by business unit, while project managers see real-time spending trends in the Foundry dashboard, creating accountability without manual cost tracking.
+
+:::image type="content" source="../media/resource-hierarchy-management-group.png" alt-text="Diagram showing how Microsoft Foundry integrates cost data with resource tagging.":::
+
+## Compliance tracking and audit readiness
+
+Microsoft Foundry maintains detailed audit logs for every governance decision: policy evaluations, resource deployments, configuration changes, and access requests. These logs integrate with Microsoft Purview to provide compliance dashboards aligned with regulatory frameworks like ISO 27001, and SOC 2. When auditors request evidence that your organization enforces data residency requirements, you export a Foundry compliance report showing all AI deployments, their regions, the policies that governed their placement, and any exceptions granted through documented approval workflows.
+
+This automated evidence collection transforms compliance from a quarterly burden into a continuous process. Instead of spending weeks reconstructing resource inventories and policy enforcement records, your compliance officer generates current reports on demand. Organizations using Foundry's compliance features complete regulatory reviews 60% faster because the audit trail exists automatically, validated through policy enforcement rather than self-reported by engineering teams. Building on this foundation, you're ready to explore how to configure specific governance policies that balance innovation velocity with the control requirements your organization demands.
+
+
+:::image type="content" source="../media/microsoft-foundry-governance-flow.png" alt-text="Diagram with Microsoft Foundry at the center connecting to four governance pillars.":::
+
+*Microsoft Foundry governance architecture showing integration with Azure Policy, resource hierarchy, cost controls, and Microsoft Purview*
+
+