Microsoft Foundry Adds Runtime, Tooling, Governance for Agents

According to the Microsoft Foundry blog (DevBlogs Microsoft), Microsoft used Build 2026 to ship a set of platform additions aimed at moving agents toward production readiness. DevBlogs Microsoft documents hosted, hypervisor-isolated agent sessions in Foundry Agent Service with persistent file systems, automatic Microsoft Entra ID provisioning, and built-in OpenTelemetry tracing. The blog highlights the Foundry Toolkit for VS Code as generally available and signals hosted sessions, Toolboxes, memory features, and model and compute options in public preview or near-term general availability.

Per the DevBlogs Microsoft hosted-agents post, hosted agents can run as sandboxed sessions that maintain durable state and files, support routines for scheduled tasks, and accept direct code deployment uploads without requiring container images. The platform exposes a stateful Responses API and a lighter-weight invocations protocol, while the same runtime supports long-running agents such as OpenClaw and Hermes in preview. Tool governance is centralized via Toolboxes, which register tools, skills, and Model Context Protocol (MCP) clients once for discovery at runtime behind a single MCP-compatible endpoint, and the platform includes tool search to limit tool exposure per task (DevBlogs Microsoft).

Independent reporting frames these changes as a convergence of runtime, tooling, and governance for enterprise agent deployments (The New Stack). The Azure Foundry product page states the platform exposes access to over 11,000 foundational, open, reasoning, multimodal, and industry-specific models and lists new MAI models and third-party frontier models such as Anthropic's Claude in Foundry's catalog (azure.microsoft.com). The platform also surfaces managed compute, fine-tuning, and Frontier Tuning options for training and customization per Microsoft documentation.

DevBlogs Microsoft lists new developer-facing trust and evaluation features: ASSERT, the Agent Control Specification (ACS), Guided Guardrail Setup, Rubric, tracing, Agent Optimizer, and Agent ROI tooling to help teams evaluate and govern agents during the development loop. Additional open-source components related to runtime security and policy, such as the Agent Governance Toolkit, are referenced in Microsoft open source communications (opensource.microsoft.com). Third-party coverage also emphasizes integrations with runtime security vendors and enterprise identity to reduce risks like data leakage or tool misuse (Zenity blog; The New Stack).

For practitioners, these updates compress several operational responsibilities, containerization, identity, state persistence, scaling, and observability, into a managed platform experience. Teams building agentic systems typically spend months on custom persistence and telemetry; embedding these primitives at the platform layer lowers integration friction but increases the importance of end-to-end governance and interoperability testing across tools, skills, and model routing.

Track the announced general availability timelines and SLA details for hosted sessions and MCP access, which DevBlogs Microsoft lists as expected in the coming weeks for some features, with hosted agents targeted for general availability by early July 2026. Also monitor how Foundry implements model routing and cost controls for multi-model deployments, how the ASSERT and ACS primitives are documented and enforced, and adoption signals from partners and third-party security integrations.