Task 02 - Enable diagnostic logs for Microsoft Foundry

Introduction

Microsoft Foundry emits several categories of platform logs that provide insight into how your model deployments are being used. These logs support Responsible AI governance by enabling visibility into access patterns, identity usage, errors, and model consumption.

Description

In this task you will use Copilot to update your Bicep templates so the workspace sends those diagnostics to Log Analytics, redeploy the infrastructure, and then query Log Analytics to confirm that new entries are flowing.

Success Criteria

  • A diagnostic setting is enabled on the Microsoft Foundry workspace.
  • Logs are flowing to your Log Analytics workspace.

  • Running the verification query in Log Analytics returns recent entries for the Microsoft Foundry resource.

  • The following diagnostic categories are enabled:
    • Audit Logs
    • Request and Response Logs
    • Azure OpenAI Request Usage
    • Trace Logs
    • AllMetrics

Key Tasks

01: Enable Diagnostic Settings for Microsoft Foundry

Use GitHub Copilot Chat to update your Bicep templates to enable diagnostic settings for the Microsoft Foundry workspace, sending all logs to your Log Analytics workspace.

Expand this section for detailed steps

  1. Open Copilot Chat in VS Code.

  2. Paste the following prompt into the chat window:

     Enable diagnostic settings for the Microsoft Foundry workspace in my Bicep
 templates. Send all logs to my existing Log Analytics workspace. Make sure all
 available diagnostic categories are enabled. After updating the templates,
 explain what you changed and whether any module dependencies need adjustments.

  3. Review the changes Copilot proposes to your Bicep modules.

  4. If the updates look correct, approve them.

  5. Run azd provision to apply the diagnostic settings.

  6. Use the chat feature in the web app for a few minutes, then open Log Analytics.

  7. Verify the logs are flowing using the query below:

     AzureDiagnostics
 | where ResourceProvider =~ "MICROSOFT.COGNITIVESERVICES"
 | sort by TimeGenerated desc

NOTE Diagnostic logs for Microsoft Foundry may take 2–10 minutes to appear in Log Analytics. This is normal. If nothing appears immediately, wait a few minutes and run the query again.

Summary

You’ve completed this task. You used Copilot to update your Bicep templates, ran azd provision to apply the diagnostic settings, and verified log ingestion in Log Analytics with the provided query. These logs are essential for monitoring identity-based access, request patterns, model usage, and operational behavior. With diagnostic logging in place, you are now ready to continue hardening your environment by configuring safety settings and eventually visualizing model behavior through an Azure Monitor workbook. You will use these diagnostic logs in later tasks to validate identity-based access and to populate your observability workbook.