Content filtering is the layer that screens prompts and model outputs for harmful material before they reach the model or your users. Teams arriving at Microsoft Foundry from other Azure AI services often assume every deployed model comes with a configurable Azure-side filter policy. For Claude models, the first thing to understand is what Microsoft's own documentation says: there is no built-in, deployment-time content filter to enable, disable, or adjust.
What Microsoft actually provides for Claude
Microsoft states that Foundry does not provide built-in content filtering for Claude models at deployment time, and that customers should configure AI content safety during model inference themselves. In other words, when you deploy claude-opus-4-8 or claude-sonnet-5 in the Foundry portal, you will not find severity sliders or category toggles attached to that deployment — the documentation describes no Azure-side configurable filter settings for Claude at all.
That does not mean requests reach the model unscreened. Claude models in Foundry use Anthropic's own safety systems and safeguards, supported by Microsoft. For details on how harmful content is screened, Microsoft points to Anthropic's documentation and to the Anthropic terms presented during deployment. Your applications must also comply with Anthropic's Acceptable Use Policy, and Microsoft links each model's Anthropic system card for safety evaluations.
How Anthropic's safeguards show up in your API traffic
Because the safeguards live inside the model service rather than in an Azure policy layer, you see them in API responses, not in the Azure portal. The clearest example is Claude Fable 5, which applies additional input and output classifiers for dual-use safeguard policies. When one of those classifiers refuses a request, the API does not return an HTTP error: you get a normal 200 response with stop_reason: "refusal". Refused input tokens are not billed.
Practically, that means your application code — not your infrastructure team — is the place to handle filtering outcomes. Check the stop_reason on every response and decide what your user sees when it is "refusal": a polite fallback message, a logged incident, or a re-prompt with clarified intent. Treating a refusal as a generic failure and blindly retrying wastes requests and confuses users.
What "enabling" and "adjusting" filters means in practice
Since there is nothing to configure on the deployment, the enable/disable/adjust vocabulary translates into three real activities:
| You might want to… | On Foundry with Claude, you actually… |
|---|---|
| Enable a baseline filter | Nothing to do — Anthropic's safety systems apply to every request by default. |
| Disable or relax filtering | Not available. Anthropic's safeguards are part of the service, not a customer setting. |
| Tighten filtering for your industry | Add your own screening at inference time — input checks before the call, output checks after, per Microsoft's guidance that customers configure AI content safety themselves. |
For the third row, the building blocks are application-level: validate and classify user input before it reaches the Messages endpoint, apply your own review to responses before display, and encode organization-specific rules in your system prompt. If you need annotated, category-level policies of your own, Building Custom Content Filter Policies for Foundry walks through a layered design.
Governance implications for security teams
Two consequences are worth writing into your security review. First, because filtering behavior is Anthropic-operated, changes to it follow Anthropic's model and safety documentation rather than your Azure change-management process — track the system cards for the models you deploy. Second, on Hosted-on-Azure deployments, automatic safeguards may flag content for Anthropic Trust & Safety, and Anthropic personnel review customer content only on an exceptions basis for potential safety violations. If your data-handling policies care about who can ever see flagged content, capture that in your assessment. As always, running Claude inside Azure inherits your cloud provider's compliance posture — confirm specifics with your provider.
Where to go next
Continue with custom filter policies for Foundry, review Foundry's beta caveats, or return to the platform overview.