// claude on azure foundry

Claude in your Azure tenant

Claude runs natively on Azure through Microsoft Foundry. The capabilities largely match the commercial Anthropic API — what changes is where the trust boundary sits, who governs it, and how it's billed. The basics for CIOs, CTOs & directors of IT, in one page.

// get the one-pager

Get the PDF in your inbox

We'll email you the one-pager and a link to book a 30-minute working session on where Claude fits your Microsoft estate.

No spam. One email with the PDF, plus a booking link. Unsubscribe anytime.

100% US-based engineering · legacy modernization · ai readiness · fractional CTO

// tenant vs. commercial API — and when each path wins

// what's inside

What a Microsoft-stack shop actually gets

// 01 Deployment & access
  • Foundry, not the public API. Inference runs inside your tenant boundary with Azure data residency — prompt and response data does not egress to Anthropic infrastructure.
  • Azure-native identity. Entra ID, conditional access, RBAC, and existing SSO all apply. No separate Anthropic API keys to manage as an identity island.
  • On your Azure bill. Consumption counts against your MACC/EA commit — no net-new procurement or vendor contract required.
// 02 Governance & security
  • Inside the Microsoft control stack. Agent 365 extends Entra, Defender, and Purview into one control plane for identity, permissions, memory, runtime, and audit trails — across your whole agent estate, not just Claude.
  • Native posture integration. Purview DLP, Defender threat detection, and a unified audit trail come built in — versus the public API, where you get console logging but no tie-in to your existing controls.
  • The production unlock for regulated work. For CMMC / ITAR / CUI workloads, the integrated audit story is frequently what moves a deployment from “stuck in pilot” to “approved for production.”
// 03 Data context & grounding
  • Grounds on the Microsoft data layer. Via Microsoft IQ, Claude can reason over data across Power BI, OneLake/Fabric, and your apps — with row-level security and catalog permissions enforced on the answer.
  • Your BI investment becomes the substrate. Existing Power BI / Fabric semantic models are the grounding layer agents build on, not a sunk cost.
  • Context is the hard part, not the model. Most failure modes are bad grounding, not model capability. Govern the data first.

// tenant (foundry) vs. commercial api

Two channels, one decision

Dimension Tenant / Foundry Commercial API
Data residency Stays in tenant; Azure residency Egresses to Anthropic infra
Identity Entra ID, RBAC, SSO Anthropic-issued API keys
Governance Purview, Defender, Agent 365 Anthropic console logging only
Billing Azure EA / MACC commit Separate Anthropic contract
Newest features Follows Anthropic, sometimes by weeks Day-one access
Infra & simplicity Foundry setup required One key, minimal infra

Note — Frontier-tier availability can be gated by outside forces (e.g. export-control directives have pulled top models globally). This affects both channels.

// decision rule

Which path wins

choose tenant claude Governance + residency + Microsoft-estate fit → tenant Claude, decisively.
choose commercial api Speed + simplicity + newest features + minimal infra → commercial API.

Preliminary guidance — not a validated deployment inventory. Confirm residency & feature terms against your specific Foundry deployment.

// faq

Claude on Azure — straight answers

Can we run Claude inside our own Azure tenant?

Yes. Through Microsoft Foundry, inference runs inside your tenant boundary with Azure data residency, so prompt and response data does not egress to Anthropic infrastructure.

How is tenant Claude governed differently from the commercial Anthropic API?

Tenant Claude uses Entra ID, RBAC, and existing SSO, and integrates with Purview DLP, Defender, and a unified audit trail via Agent 365. The commercial API uses Anthropic-issued keys and console logging only.

Does tenant Claude count against our Azure commitment?

Yes. Consumption counts against your MACC/EA commit — no net-new procurement and no separate Anthropic contract to manage.

When should we use the commercial API instead?

When you need speed, simplicity, minimal infrastructure, and day-one access to the newest features. Governance, data residency, and Microsoft-estate fit point to tenant Claude, decisively.

What moves a regulated deployment from pilot to production?

Usually the integrated audit story. For CMMC / ITAR / CUI workloads, tying Claude into Purview, Defender, and a unified audit trail is frequently what gets it approved for production.

Get the one-pager

// where to start

Want to map this to your actual estate?

Grab the one-pager, then take 30 minutes with Michael. No pitch — a working session on where Claude fits in your Microsoft stack, and what it takes to move from pilot to production.

// contact

Tell us what you're trying to build.