Foundry Tools
Formerly known as Azure AI Services or Azure Cognitive Services is a unified collection of prebuilt AI capabilities within the Microsoft Foundry platform
Unable to create agents in Azure AI Foundry portal - 403 Forbidden on Microsoft.MachineLearningServices/workspaces/agents/actionSubject: Unable to create agents in Azure AI Foundry portal - 403 Forbidden on Microsoft.MachineLearningServices/workspaces/age
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 89%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMD%3C/text%3E%3C/svg%3E)
Max den Hoed
0
Reputation points
Hi
I am unable to create agents via the Azure AI Foundry portal (ai.azure.com)
or via the Foundry Agents API. I receive a 403 Forbidden error.
ERROR MESSAGE:
"Identity(object id: e64caa96-8e47-444f-9e54-67c68352ab84) does not have
permissions for Microsoft.MachineLearningServices/workspaces/agents/action
actions."
ENVIRONMENT:
- Foundry Resource: entra-foundry-eur (Microsoft.CognitiveServices/accounts)
- Foundry Project: entra-foundry-eur-project
- Resource Group: entra-llm-resource
- Location: germanywestcentral
- User: ******@maxdenhoedgmail.onmicrosoft.com
- Object ID: e64caa96-8e47-444f-9e54-67c68352ab84
INVESTIGATION FINDINGS:
- There is NO Microsoft.MachineLearningServices/workspaces resource in the subscription. The Foundry resource is type Microsoft.CognitiveServices/accounts.
- The Agents API internally routes to a virtual ML workspace path: Microsoft.MachineLearningServices/workspaces/entra-foundry-eur@entra-foundry-eur-project@AML This virtual workspace does not exist as a real ARM resource.
- Creating assistants via the OpenAI-compatible API (entra-foundry-eur.openai.azure.com/openai/assistants) SUCCEEDS, confirming RBAC on Cognitive Services is correct.
- Creating agents via the Foundry API (entra-foundry-eur.services.ai.azure.com/api/projects/.../agents) with api-version=2025-05-15-preview FAILS with 403.
ROLES ASSIGNED TO USER (all confirmed):
- Owner (subscription level)
- Contributor (subscription + resource group)
- Azure AI Developer (hub + project + resource group)
- Azure AI User (resource group)
- AzureML Data Scientist (resource group)
- Cognitive Services OpenAI Contributor (hub + project)
- Cognitive Services Contributor (hub + project)
- Cognitive Services OpenAI User (hub + project)
- Cognitive Services User (hub)
- Storage Blob Data Contributor (storage account)
- Search Index Data Contributor (search service)
- Search Service Contributor (search service)
CORRELATION IDs:
- Trace ID: 9aa0020a-04b7-4d11-a50d-762d16cb2460
- APIM request ID: c36807e6-07f3-4334-a5df-104dfc87b319
- Operation: df2039bf46fe1463d410b6ea3752883b
REQUEST:
Please advise which specific role or configuration is needed to grant
Microsoft.MachineLearningServices/workspaces/agents/action permission
on a CognitiveServices-based Foundry resource with no ML workspace.
Microsoft.MachineLearningServices provider is registered.
Foundry Tools
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 15%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAV%3C/text%3E%3C/svg%3E)
Anshika Varshney 8,925 Reputation points Microsoft External Staff Moderator2026-03-25T16:18:16.9966667+00:00 Hi Max den Hoed,
Thank you for bringing this to our attention. We are currently checking the details and working on resolving the issue. We’ll update you as soon as we have more information.
Thankyou!
Sign in to comment
Sign in to answer