Define Isolation Requirements for Agent Infrastructure

Implementation Effort: Medium – Requires architectural decisions and documentation across network and data domains.
User Impact: Low – Standards apply to new agent infrastructure, not existing systems.

Overview

Agents require clear isolation boundaries for both network access and data storage to prevent lateral movement and data leakage. This supports the Zero Trust principle of Assume Breach by limiting blast radius if an agent is compromised, and Use Least Privilege Access by restricting agent access to only required network paths and data stores.

Without explicit isolation requirements, agents may be deployed with overly permissive network access or shared storage that creates cross-contamination risk. Defining isolation standards ensures new agents are deployed with private endpoints, network segmentation, and dedicated storage accounts where appropriate. These requirements form the security architecture foundation that development teams must follow.

Key activities include:

• Network isolation strategy: Define requirements for private endpoints, VNet integration, and network security groups for agent-to-resource communication
• Egress controls: Specify allowed outbound destinations and require routing through Global Secure Access or Azure Firewall for internet-bound traffic
• Data isolation boundaries: Establish requirements for dedicated storage accounts, encryption keys, and access controls for agent data stores
• RAG data segregation: Define isolation requirements for retrieval-augmented generation (RAG) data sources to prevent cross-tenant or cross-agent data access

Reference

• Baseline OpenAI End-to-End Chat Architecture
• Azure OpenAI Landing Zone Reference Architecture
• Private Endpoints for Azure AI Services
• Network Security for Azure OpenAI
• Azure pricing overview