Skip to content

Support document-level access control for Azure AI Search tool (x-ms-query-source-authorization) #44454

New issue
New issue
Open
Open
Support document-level access control for Azure AI Search tool (x-ms-query-source-authorization)#44454
Labels
AI AgentsSearchService AttentionWorkflow: This issue is responsible by Azure service team.customer-reportedIssues that are reported by GitHub users external to the Azure organization.needs-team-attentionWorkflow: This issue needs attention from Azure service team or SDK teamquestionThe issue doesn't require a change to the product in order to be resolved. Most issues start as that
@aadnesd

Description

@aadnesd
aadnesd
opened on Dec 17, 2025

Feature request: Support document-level access control for Azure AI Search tool in Agents SDK

Is your feature request related to a problem? Please describe.

The Azure AI Foundry Agents SDK Azure AI Search tool does not currently support document-level access control (permission trimming) at query time.

Azure AI Search requires the request header x-ms-query-source-authorization (Microsoft Entra token) to enforce document-level security during search queries. While this is supported by the native Azure AI Search SDK, the Agents SDK AI Search tool configuration described here does not expose any way to pass this header or equivalent security context:

https://learn.microsoft.com/en-us/azure/ai-foundry/agents/how-to/tools/ai-search

As a result, the built-in AI Search tool cannot be safely used in multi-tenant or per-user access–controlled scenarios.

Describe the solution you'd like

Add support for document-level access control in the Agents SDK Azure AI Search tool, for example by:

  • Allowing callers to provide the x-ms-query-source-authorization header
  • Supporting forwarding of per-request Entra ID / OBO tokens into Azure AI Search
  • Providing a documented mechanism for injecting query-time security context

The goal is parity with the underlying Azure AI Search SDK’s document-level security capabilities.

Describe alternatives you've considered

  • Calling Azure AI Search directly (outside the Agents SDK) to attach x-ms-query-source-authorization
  • Building a custom proxy API in front of Azure AI Search to enforce access control
  • Maintaining separate indexes per tenant or user

These approaches add complexity and reduce the value of the built-in AI Search tool.

Additional context

Document-level access control is a core enterprise requirement for RAG and agent-based systems.
Without support for x-ms-query-source-authorization (or an equivalent mechanism), the Azure AI Search tool in the Agents SDK cannot be used safely in production, access-controlled environments.

Metadata

Metadata

Assignees

No one assigned

    Labels

    AI AgentsSearchService AttentionWorkflow: This issue is responsible by Azure service team.customer-reportedIssues that are reported by GitHub users external to the Azure organization.needs-team-attentionWorkflow: This issue needs attention from Azure service team or SDK teamquestionThe issue doesn't require a change to the product in order to be resolved. Most issues start as that

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions