I am experiencing deployment failures when using network injection for Azure AI Foundry. The deployments reach an "Accepted" or "Running" state before eventually failing without a clear error message.
I would like to clarify if there are any limitations or specific requirements regarding the following configurations on the delegated subnet:
- The use of a Route Table (UDR). (we have a default udr pointing to the azure firewall)
- The association of a Network Security Group (NSG).
- Enabling Private Endpoint Network Policies.
- Enabling the "private subnet" setting (no default outbound access).
- We have a number of deny policies related to private subnet, the need of a NSG being associated and a Route Table.
I did not go over the exercise to change them one by one so reaching out if there is more info on the above. I see that the Microsoft performs a "Creates or updates a Service Association Link" with caller Microsoft Azure Legion but I don't see any other interactions with the existing subnet. So I don't think deny policies are the problem here.
I'm using "15b-private-network-standard-agent-setup-byovnet"
I am experiencing deployment failures when using network injection for Azure AI Foundry. The deployments reach an "Accepted" or "Running" state before eventually failing without a clear error message.
I would like to clarify if there are any limitations or specific requirements regarding the following configurations on the delegated subnet:
I did not go over the exercise to change them one by one so reaching out if there is more info on the above. I see that the Microsoft performs a "Creates or updates a Service Association Link" with caller Microsoft Azure Legion but I don't see any other interactions with the existing subnet. So I don't think deny policies are the problem here.
I'm using "15b-private-network-standard-agent-setup-byovnet"