Costa Rica
Last updated: 2026-04-07
Arc API → Function App → AI Foundry → Logic Apps → Monitoring
- Function App is the central orchestrator for ingestion and enrichment.
- AI Foundry provides decision intelligence.
- Logic Apps executes or escalates actions.
- Monitoring ensures observability and compliance.
Important
Disclaimer: This repository contains example of how to automate the recommendations from Azure Arc by introducing an AI-driven agent that not only ingests and processes recommendations but also:
- Classify & priority-rank each recommendation
- Summarize actionable next steps in natural language
- Decide
auto-executevshuman-reviewpaths This isjust a guide. It is not an official solution. For official guidance, support, or more detailed information. Please refer RAG with Zero-Trust – Architecture Reference to Microsoft's official documentation or contact Microsoft directly: Microsoft Sales and Support
| Category | Components | Purpose |
|---|---|---|
| Core Components | - Azure Arc API - Resource Group - Subscription |
- Source of recommendations (DR, security, performance, compliance) for on-prem and hybrid assets. - Groups all resources under a single RG and subscription scope. |
| Data Engineering Pipeline | - Function App Every Function App requires a General-Purpose v2 Storage Account for triggers, state, and logging. - App Service Plan (Consumption/Premium SKU) The App Service Plan can be serverless (Consumption) or a dedicated tier (Premium/Dedicated). - Storage Account (General Purpose v2 for Functions runtime) |
Hosts and scales your ingestion/enrichment logic; fetches recommendations and sends them to AI for processing. |
| AI Layer | AI Foundry | Classifies severity, summarizes actions, prioritizes recommendations, and suggests auto-execute vs manual review. |
| Automation & Orchestration | Logic Apps | Executes safe actions (DR failover, patching, SQL fixes) or sends Teams/Email approvals for high-risk items. |
| Monitoring & Governance | - Azure Monitor + Log Analytics Workspace - Power BI |
Tracks pipeline health, AI decisions, execution outcomes; visualizes trends, compliance, and automation SLAs. |
The infrastructure sample for this architecture is available in terraform-infrastructure. It provisions the Azure-side resources for the documented workflow, including the Resource Group, Function App dependencies, monitoring, Logic App, Key Vault, SQL, and the AI service account.
Workflow details (Click to expand)
- Azure Arc API (Source)
- Acts as the entry point for all recommendations (DR, security, performance, compliance).
- Provides raw JSON data about advisories from on-prem and hybrid resources.
- Function App (with App Service Plan + Storage Account): Ingest and process recommendations.
- Periodically calls Azure Arc API to fetch recommendations.
- Stores raw data temporarily in the Storage Account.
- Sends the data to the AI layer for enrichment.
- AI Foundry: Adds intelligence to the pipeline.
- Receives raw recommendations from the Function App.
- Uses LLM models to:
- Classify severity (High/Medium/Low).
- Summarize recommendations in plain language.
- Suggest whether to auto-execute or require manual review.
- Returns enriched recommendations back to the Function App for storage and orchestration.
- Logic Apps: Orchestrates actions based on AI decisions.
- Reads enriched recommendations.
- If
autoExecute = true, triggers automation tasks (e.g., DR failover, patching, SQL index creation). - If
manualReview = true, sends Teams or email notifications for approval.
- Monitoring & Governance:
- Azure Monitor + Log Analytics Workspace:
- Collects telemetry from Function App, Logic Apps, and AI calls.
- Tracks pipeline health, execution outcomes, and AI decision logs.
- Power BI: Connects to Log Analytics or SQL data to visualize.
- Number of recommendations processed.
- Auto-executed vs manual approvals.
- SLA compliance and risk reduction trends.
- Azure Monitor + Log Analytics Workspace:
Refresh Date: 2026-04-07