Microsoft Foundry in Practice

Enabling Diagnostic Logs for Foundry

By default, an Azure resource keeps its detailed logs to itself. Diagnostic settings are how you route a Foundry resource's logs somewhere you can query, retain, and audit them.

Claude 3P 101 · Updated July 2026 · Unofficial guide

Azure separates two kinds of telemetry: platform metrics, which flow into Azure Monitor automatically, and resource logs, which are not collected anywhere until you create a diagnostic setting on the resource. A diagnostic setting is a small routing rule — "send these log categories to that destination" — and until one exists, detailed request-level history for your Foundry resource is simply not retained for you to query. For any production Claude deployment, creating one should be part of resource provisioning, not an afterthought.

Turning it on

In the Azure portal, open your Foundry resource, find the diagnostic settings section under its monitoring options, and add a new setting. You choose three things: a name, which log categories (and optionally metrics) to collect, and one or more destinations. The same configuration can be applied through ARM/Bicep or Terraform, which is the right approach if you provision Foundry resources as code — bake the diagnostic setting into the template so no resource ships without it (see ARM templates for Foundry and Terraform for Foundry).

One honest caveat: Microsoft's Claude-specific documentation does not enumerate the exact log category names Foundry resources expose for Claude deployments. The category list you see in the portal's diagnostic settings blade for your resource is authoritative — review it there or in the current Azure Monitor reference for Foundry, rather than relying on category names from other Azure AI services, which have changed over time.

Choosing a destination

DestinationBest forTrade-off
Log Analytics workspaceInteractive KQL queries, dashboards, alertsIngestion and retention costs scale with volume
Storage accountCheap long-term retention for audit and complianceNot queryable in place; retrieval is manual
Event hubStreaming into an external SIEM or observability platformYou own the downstream pipeline

These destinations are not mutually exclusive — a common enterprise pattern is Log Analytics for the operations team's day-to-day queries plus a storage account for long-horizon retention. If your security team runs a SIEM, the event hub route lets Claude API activity join the rest of your security telemetry. Whatever you choose, decide retention deliberately: log volume from a busy Claude workload is significant, and Log Analytics pricing is driven by ingested gigabytes.

What the logs will and won't tell you

Expect resource logs to be strongest on operational questions — who called the endpoint, when, with what result code and latency. Two Foundry-specific points to fold into your plan:

Rule of thumb: enable diagnostics on day one with a modest retention period, confirm in a week what each category actually contains at your traffic levels, then tune categories and retention with real data instead of guesses.

Where to go next

Once logs are flowing into a workspace, querying Foundry logs in Log Analytics covers the analysis side, and monitoring Foundry with Azure Monitor covers metrics and alerting.

Sources