A unified Azure platform for creating and managing AI models, agents, and applications with built‑in enterprise security, monitoring, and governance
For a PoC I'd skip crawling at index time, instead use a custom API tool that fetches the internal page at query time, authenticated as the calling user.
Here's how I'd wire it up:
- User asks a question → agent calls your custom API tool with the user's Entra token
- API fetches the internal hub page via OBO (On-Behalf-Of) flow, Entra ID handles the region filtering naturally
- Content comes back as context to the agent
This way you're not storing region-restricted content in a shared index, which gets complicated fast. For PROD I'd go with the same pattern but tighten up the OBO flow and add caching for content that isn't user-specific.
If you really want to pre-index, look into Azure AI Search security trimming, tag each doc with allowed regions/groups and filter at query time using the user's claims. But honestly for a PoC the custom tool approach is simpler and gets the auth right out of the box.
Please Upvote and accept the answer if it helps!!