feat (infra): [ai-foundry-sec] bcdr replace system by user assigned identity (#75)

* bcdr mitigation: switch from system to user assigned for re-creation scenarios

* add cors configuration for the sto account

* Address PR Feedback: no longer rquired (old AI Foundry portal model)

Revert "add cors configuration for the sto account"

This reverts commit cd19d08.

* Address PR Feedback: KISS for UMI - no dep desired

* Address PR Feedback: projectId not desired with UMI

* Address PR Feedback: rbac within each resouce module when possible like debug

Revert "Address PR Feedback: KISS for UMI - no dep desired"

This reverts commit dfcfa05.

* Address PR Feedback: account must no be UMI

This reverts commit d4c2f84.

* Address PR Feedback: remove redundant depedency on rbac

* Address PR Feedback: KISS take#2 for UMI module - no dep desired

* Address PR Feedback: rbac naming simplied further

Co-authored-by: Chad Kittel <chad.kittel@gmail.com>

---------

Co-authored-by: Chad Kittel <chad.kittel@gmail.com>

Author: ferantivero

infra-as-code/bicep/ai-agent-blob-storage.bicep

@@ -22,13 +22,28 @@ param logAnalyticsWorkspaceName string
 @minLength(1)
 param privateEndpointSubnetResourceId string
 
+@description('The existing User Managed Identity for the AI Foundry project.')
+@minLength(1)
+param existingAgentUserManagedIdentityName string
+
 // ---- Existing resources ----
 
+@description('Existing Agent User Managed Identity for the AI Foundry Project.')
+resource agentUserManagedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2025-01-31-preview' existing = {
+  name: existingAgentUserManagedIdentityName
+}
+
 resource storageBlobDataOwnerRole 'Microsoft.Authorization/roleDefinitions@2022-04-01' existing = {
   name: 'b7e6dc6d-f1e8-4753-8033-0f276bb0955b'
   scope: subscription()
 }
 
+// Storage Blob Data Contributor
+resource storageBlobDataContributorRole 'Microsoft.Authorization/roleDefinitions@2022-04-01' existing = {
+  name: 'ba92f5b4-2d11-453d-a403-e96b0029c9fe'
+  scope: subscription()
+}
+
 resource blobStorageLinkedPrivateDnsZone 'Microsoft.Network/privateDnsZones@2024-06-01' existing = {
   name: 'privatelink.blob.${environment().suffixes.storage}'
 }
@@ -96,6 +111,15 @@ resource debugUserBlobDataOwnerAssignment 'Microsoft.Authorization/roleAssignmen
   }
 }
 
+@description('Grant the AI Foundry Project managed identity Storage Account Blob Data Contributor user role permissions.')
+module projectBlobDataContributorAssignment './modules/storageAccountRoleAssignment.bicep' = {
+  name: 'projectBlobDataContributorAssignmentDeploy'
+  params: {
+    roleDefinitionId: storageBlobDataContributorRole.id
+    principalId: agentUserManagedIdentity.properties.principalId
+    existingStorageAccountName: agentStorageAccount.name
+  }
+}
 
 // Private endpoints
 

infra-as-code/bicep/ai-agent-service-dependencies.bicep

@@ -24,6 +24,12 @@ param privateEndpointSubnetResourceId string
 
 // ---- New resources ----
 
+@description('The agent User Managed Identity for the AI Foundry Project. This is used when a user uploads a file to the agent, and the agent needs to search for information in that file.')
+resource agentUserManagedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2025-01-31-preview' = {
+  name: 'mi-agent-${baseName}'
+  location: location
+}
+
 @description('Deploy Azure Storage account for the Azure AI Foundry Agent Service (dependency). This is used for binaries uploaded within threads or as "knowledge" uploaded as part of an agent.')
 module deployAgentStorageAccount 'ai-agent-blob-storage.bicep' = {
   name: 'agentStorageAccountDeploy'
@@ -34,6 +40,7 @@ module deployAgentStorageAccount 'ai-agent-blob-storage.bicep' = {
     logAnalyticsWorkspaceName: logAnalyticsWorkspaceName
     debugUserPrincipalId: debugUserPrincipalId
     privateEndpointSubnetResourceId: privateEndpointSubnetResourceId
+    existingAgentUserManagedIdentityName: agentUserManagedIdentity.name
   }
 }
 
@@ -47,6 +54,7 @@ module deployCosmosDbThreadStorageAccount 'cosmos-db.bicep' = {
     logAnalyticsWorkspaceName: logAnalyticsWorkspaceName
     debugUserPrincipalId: debugUserPrincipalId
     privateEndpointSubnetResourceId: privateEndpointSubnetResourceId
+    existingAgentUserManagedIdentityName: agentUserManagedIdentity.name
   }
 }
 
@@ -60,6 +68,7 @@ module deployAzureAISearchService 'ai-search.bicep' = {
     logAnalyticsWorkspaceName: logAnalyticsWorkspaceName
     debugUserPrincipalId: debugUserPrincipalId
     privateEndpointSubnetResourceId: privateEndpointSubnetResourceId
+    existingAgentUserManagedIdentityName: agentUserManagedIdentity.name
   }
 }
 
@@ -68,3 +77,4 @@ module deployAzureAISearchService 'ai-search.bicep' = {
 output cosmosDbAccountName string = deployCosmosDbThreadStorageAccount.outputs.cosmosDbAccountName
 output storageAccountName string = deployAgentStorageAccount.outputs.storageAccountName
 output aiSearchName string = deployAzureAISearchService.outputs.aiSearchName
+output agentUserManagedIdentityName string = agentUserManagedIdentity.name

infra-as-code/bicep/ai-foundry-project.bicep

@@ -28,8 +28,17 @@ param existingBingAccountName string
 @minLength(1)
 param existingWebApplicationInsightsResourceName string
 
+@description('The existing User Managed Identity for the AI Foundry project.')
+@minLength(1)
+param existingAgentUserManagedIdentityName string
+
 // ---- Existing resources ----
 
+@description('Existing Agent User Managed Identity for the AI Foundry Project.')
+resource agentUserManagedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2025-01-31-preview' existing = {
+  name: existingAgentUserManagedIdentityName
+}
+
 @description('The internal ID of the project is used in the Azure Storage blob containers and in the Cosmos DB collections.')
 #disable-next-line BCP053
 var workspaceId = aiFoundry::project.properties.internalId
@@ -57,33 +66,12 @@ resource azureAISearchService 'Microsoft.Search/searchServices@2025-02-01-previe
   name: existingAISearchAccountName
 }
 
-resource azureAISearchServiceContributorRole 'Microsoft.Authorization/roleDefinitions@2022-04-01' existing = {
-  name: '7ca78c08-252a-4471-8644-bb5ff32d4ba0'
-  scope: subscription()
-}
-
-resource azureAISearchIndexDataContributorRole 'Microsoft.Authorization/roleDefinitions@2022-04-01' existing = {
-  name: '8ebe5a00-799e-43f5-93ac-243d3dce84a7'
-  scope: subscription()
-}
-
-// Storage Blob Data Contributor
-resource storageBlobDataContributorRole 'Microsoft.Authorization/roleDefinitions@2022-04-01' existing = {
-  name: 'ba92f5b4-2d11-453d-a403-e96b0029c9fe'
-  scope: subscription()
-}
-
 // Storage Blob Data Owner Role
 resource storageBlobDataOwnerRole 'Microsoft.Authorization/roleDefinitions@2022-04-01' existing = {
   name: 'b7e6dc6d-f1e8-4753-8033-0f276bb0955b'
   scope: subscription()
 }
 
-resource cosmosDbOperatorRole 'Microsoft.Authorization/roleDefinitions@2022-04-01' existing = {
-  name: '230815da-be43-4aae-9cb4-875f7bd000aa'
-  scope: subscription()
-}
-
 #disable-next-line BCP081
 resource bingAccount 'Microsoft.Bing/accounts@2025-05-01-preview' existing = {
   name: existingBingAccountName
@@ -103,7 +91,10 @@ resource aiFoundry 'Microsoft.CognitiveServices/accounts@2025-06-01' existing  =
     name: 'projchat'
     location: location
     identity: {
-      type: 'SystemAssigned'
+      type: 'UserAssigned'
+      userAssignedIdentities: {
+        '${agentUserManagedIdentity.id}': {}
+      }
     }
     properties: {
       description: 'Chat using internet data in your Azure AI Foundry Agent.'
@@ -123,9 +114,7 @@ resource aiFoundry 'Microsoft.CognitiveServices/accounts@2025-06-01' existing  =
           location: cosmosDbAccount.location
         }
       }
-      dependsOn: [
-        projectDbCosmosDbOperatorAssignment
-      ]
+      dependsOn: []
     }
 
     @description('Create project connection to the Azure Storage account; dependency for Azure AI Foundry Agent Service.')
@@ -142,7 +131,6 @@ resource aiFoundry 'Microsoft.CognitiveServices/accounts@2025-06-01' existing  =
         }
       }
       dependsOn: [
-        projectBlobDataContributorAssignment
         projectBlobDataOwnerConditionalAssignment
         threadStorageConnection // Single thread these connections, else conflict errors tend to happen
       ]
@@ -162,8 +150,6 @@ resource aiFoundry 'Microsoft.CognitiveServices/accounts@2025-06-01' existing  =
         }
       }
       dependsOn: [
-        projectAISearchIndexDataContributorAssignment
-        projectAISearchContributorAssignment
         storageConnection // Single thread these connections, else conflict errors tend to happen
       ]
     }
@@ -190,7 +176,6 @@ resource aiFoundry 'Microsoft.CognitiveServices/accounts@2025-06-01' existing  =
       ]
     }
 
-
     @description('Create the Azure AI Foundry Agent Service capability.')
     resource aiAgentService 'capabilityHosts' = {
       name: 'projectagents'
@@ -232,72 +217,26 @@ resource aiFoundry 'Microsoft.CognitiveServices/accounts@2025-06-01' existing  =
 
 // Role assignments
 
-@description('Grant the AI Foundry Project managed identity Cosmos Db Db Operator user role permissions.')
-module projectDbCosmosDbOperatorAssignment './modules/cosmosdbRoleAssignment.bicep' = {
-  name: 'projectDbCosmosDbOperatorAssignmentDeploy'
-  params: {
-    roleDefinitionId: cosmosDbOperatorRole.id
-    principalId: aiFoundry::project.identity.principalId
-    existingAiFoundryProjectId: aiFoundry::project.id
-    existingCosmosDbAccountName: existingCosmosDbAccountName
-  }
-}
-
-@description('Grant the AI Foundry Project managed identity Storage Account Blob Data Contributor user role permissions.')
-module projectBlobDataContributorAssignment './modules/storageAccountRoleAssignment.bicep' = {
-  name: 'projectBlobDataContributorAssignmentDeploy'
-  params: {
-    roleDefinitionId: storageBlobDataContributorRole.id
-    principalId: aiFoundry::project.identity.principalId
-    existingAiFoundryProjectId: aiFoundry::project.id
-    existingStorageAccountName: existingStorageAccountName
-  }
-}
-
 @description('Grant the AI Foundry Project managed identity Storage Account Blob Data Owner user role permissions.')
 module projectBlobDataOwnerConditionalAssignment './modules/storageAccountRoleAssignment.bicep' = {
   name: 'projectBlobDataOwnerConditionalAssignmentDeploy'
   params: {
     roleDefinitionId: storageBlobDataOwnerRole.id
-    principalId: aiFoundry::project.identity.principalId
-    existingAiFoundryProjectId: aiFoundry::project.id
+    principalId: agentUserManagedIdentity.properties.principalId
     existingStorageAccountName: existingStorageAccountName
     conditionVersion: '2.0'
     condition: '((!(ActionMatches{\'Microsoft.Storage/storageAccounts/blobServices/containers/blobs/tags/read\'})  AND  !(ActionMatches{\'Microsoft.Storage/storageAccounts/blobServices/containers/blobs/filter/action\'}) AND  !(ActionMatches{\'Microsoft.Storage/storageAccounts/blobServices/containers/blobs/tags/write\'}) ) OR (@Resource[Microsoft.Storage/storageAccounts/blobServices/containers:name] StringStartsWithIgnoreCase \'${workspaceIdAsGuid}\'))'
   }
 }
 
-@description('Grant the AI Foundry Project managed identity AI Search Contributor user role permissions.')
-module projectAISearchContributorAssignment './modules/aiSearchRoleAssignment.bicep' = {
-  name: 'projectAISearchContributorAssignmentDeploy'
-  params: {
-    roleDefinitionId: azureAISearchServiceContributorRole.id
-    principalId: aiFoundry::project.identity.principalId
-    existingAiFoundryProjectId: aiFoundry::project.id
-    existingAISearchAccountName: existingAISearchAccountName
-  }
-}
-
-@description('Grant the AI Foundry Project managed identity AI Search Data Contributor user role permissions.')
-module projectAISearchIndexDataContributorAssignment './modules/aiSearchRoleAssignment.bicep' = {
-  name: 'projectAISearchIndexDataContributorAssignmentDeploy'
-  params: {
-    roleDefinitionId: azureAISearchIndexDataContributorRole.id
-    principalId: aiFoundry::project.identity.principalId
-    existingAiFoundryProjectId: aiFoundry::project.id
-    existingAISearchAccountName: existingAISearchAccountName
-  }
-}
-
 // Sql Role Assignments
 
 @description('Assign the project\'s managed identity the ability to read and write data in this collection within enterprise_memory database.')
 module projectUserThreadContainerWriterSqlAssignment './modules/cosmosdbSqlRoleAssignment.bicep' = {
   name: 'projectUserThreadContainerWriterSqlAssignmentDeploy'
   params: {
     roleDefinitionId: cosmosDbAccount::dataContributorRole.id
-    principalId: aiFoundry::project.identity.principalId
-    existingAiFoundryProjectId: aiFoundry::project.id
+    principalId: agentUserManagedIdentity.properties.principalId
     existingCosmosDbAccountName: existingCosmosDbAccountName
     existingCosmosDbName: 'enterprise_memory'
     existingCosmosCollectionTypeName: 'user'
@@ -313,8 +252,7 @@ module projectSystemThreadContainerWriterSqlAssignment './modules/cosmosdbSqlRol
   name: 'projectSystemThreadContainerWriterSqlAssignmentDeploy'
   params: {
     roleDefinitionId: cosmosDbAccount::dataContributorRole.id
-    principalId: aiFoundry::project.identity.principalId
-    existingAiFoundryProjectId: aiFoundry::project.id
+    principalId: agentUserManagedIdentity.properties.principalId
     existingCosmosDbAccountName: existingCosmosDbAccountName
     existingCosmosDbName: 'enterprise_memory'
     existingCosmosCollectionTypeName: 'system'
@@ -331,8 +269,7 @@ module projectEntityContainerWriterSqlAssignment './modules/cosmosdbSqlRoleAssig
   name: 'projectEntityContainerWriterSqlAssignmentDeploy'
   params: {
     roleDefinitionId: cosmosDbAccount::dataContributorRole.id
-    principalId: aiFoundry::project.identity.principalId
-    existingAiFoundryProjectId: aiFoundry::project.id
+    principalId: agentUserManagedIdentity.properties.principalId
     existingCosmosDbAccountName: existingCosmosDbAccountName
     existingCosmosDbName: 'enterprise_memory'
     existingCosmosCollectionTypeName: 'entities'

infra-as-code/bicep/ai-search.bicep

@@ -22,8 +22,17 @@ param privateEndpointSubnetResourceId string
 @minLength(36)
 param debugUserPrincipalId string
 
+@description('The existing User Managed Identity for the AI Foundry project.')
+@minLength(1)
+param existingAgentUserManagedIdentityName string
+
 // ---- Existing resources ----
 
+@description('Existing Agent User Managed Identity for the AI Foundry Project.')
+resource agentUserManagedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2025-01-31-preview' existing = {
+  name: existingAgentUserManagedIdentityName
+}
+
 resource aiSearchLinkedPrivateDnsZone 'Microsoft.Network/privateDnsZones@2024-06-01' existing = {
   name: 'privatelink.search.windows.net'
 }
@@ -32,6 +41,11 @@ resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2025-02
   name: logAnalyticsWorkspaceName
 }
 
+resource azureAISearchServiceContributorRole 'Microsoft.Authorization/roleDefinitions@2022-04-01' existing = {
+  name: '7ca78c08-252a-4471-8644-bb5ff32d4ba0'
+  scope: subscription()
+}
+
 resource azureAISearchIndexDataContributorRole 'Microsoft.Authorization/roleDefinitions@2022-04-01' existing = {
   name: '8ebe5a00-799e-43f5-93ac-243d3dce84a7'
   scope: subscription()
@@ -76,6 +90,26 @@ resource debugUserAISearchIndexDataContributorAssignment 'Microsoft.Authorizatio
   }
 }
 
+@description('Grant the AI Foundry Project managed identity AI Search Contributor user role permissions.')
+module projectAISearchContributorAssignment './modules/aiSearchRoleAssignment.bicep' = {
+  name: 'projectAISearchContributorAssignmentDeploy'
+  params: {
+    roleDefinitionId: azureAISearchServiceContributorRole.id
+    principalId: agentUserManagedIdentity.properties.principalId
+    existingAISearchAccountName: azureAiSearchService.name
+  }
+}
+
+@description('Grant the AI Foundry Project managed identity AI Search Data Contributor user role permissions.')
+module projectAISearchIndexDataContributorAssignment './modules/aiSearchRoleAssignment.bicep' = {
+  name: 'projectAISearchIndexDataContributorAssignmentDeploy'
+  params: {
+    roleDefinitionId: azureAISearchIndexDataContributorRole.id
+    principalId: agentUserManagedIdentity.properties.principalId
+    existingAISearchAccountName: azureAiSearchService.name
+  }
+}
+
 // Azure diagnostics
 
 @description('Capture Azure Diagnostics for the Azure AI Search Service.')

infra-as-code/bicep/cosmos-db.bicep

@@ -22,8 +22,17 @@ param debugUserPrincipalId string
 @minLength(1)
 param privateEndpointSubnetResourceId string
 
+@description('The existing User Managed Identity for the AI Foundry project.')
+@minLength(1)
+param existingAgentUserManagedIdentityName string
+
 // ---- Existing resources ----
 
+@description('Existing Agent User Managed Identity for the AI Foundry Project.')
+resource agentUserManagedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2025-01-31-preview' existing = {
+  name: existingAgentUserManagedIdentityName
+}
+
 resource cosmosDbLinkedPrivateDnsZone 'Microsoft.Network/privateDnsZones@2024-06-01' existing = {
   name: 'privatelink.documents.azure.com'
 }
@@ -34,6 +43,12 @@ resource cosmosDbAccountReaderRole 'Microsoft.Authorization/roleDefinitions@2022
   scope: subscription()
 }
 
+// Cosmos DB Account Operator Role
+resource cosmosDbOperatorRole 'Microsoft.Authorization/roleDefinitions@2022-04-01' existing = {
+  name: '230815da-be43-4aae-9cb4-875f7bd000aa'
+  scope: subscription()
+}
+
 resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2025-02-01' existing = {
   name: logAnalyticsWorkspaceName
 }
@@ -200,6 +215,16 @@ resource assignDebugUserToCosmosAccountReader 'Microsoft.Authorization/roleAssig
   }
 }
 
+@description('Grant the AI Foundry Project managed identity Cosmos Db Db Operator user role permissions.')
+module projectDbCosmosDbOperatorAssignment './modules/cosmosdbRoleAssignment.bicep' = {
+  name: 'projectDbCosmosDbOperatorAssignmentDeploy'
+  params: {
+    roleDefinitionId: cosmosDbOperatorRole.id
+    principalId: agentUserManagedIdentity.properties.principalId
+    existingCosmosDbAccountName: cosmosDbAccount.name
+  }
+}
+
 // Prevent Accidental Changes
 
 resource cosmosDbAccountLocks 'Microsoft.Authorization/locks@2020-05-01' = {

infra-as-code/bicep/main.bicep

@@ -161,6 +161,7 @@ module deployAzureAiFoundryProject 'ai-foundry-project.bicep' = {
     existingStorageAccountName: deployAIAgentServiceDependencies.outputs.storageAccountName
     existingBingAccountName: deployBingAccount.outputs.bingAccountName
     existingWebApplicationInsightsResourceName: deployApplicationInsights.outputs.applicationInsightsName
+    existingAgentUserManagedIdentityName: deployAIAgentServiceDependencies.outputs.agentUserManagedIdentityName
   }
   dependsOn: [
     deployJumpBox