Formerly known as Azure AI Services or Azure Cognitive Services is a unified collection of prebuilt AI capabilities within the Microsoft Foundry platform
Hi ,
Excellent diagnosis — your root cause is essentially right, and it lines up with documented Azure behavior. Two things are interacting:
- The AOAI custom subdomain is derived from the resource name (
<name>.openai.azure.com), and Entra-ID auth + DNS resolution depend on it. - When you recreated the resource, the original name was still held by a soft-deleted resource's name/DNS reservation (up to 48h if deleted programmatically), so Azure gave you a suffixed subdomain (
...-eus2-09f85). The clean default stayed NXDOMAIN.
ARM reads the deployment straight from the resource record (200 OK), but the Playground's ML RP data-plane call reaches the AOAI account via its canonical, name-derived subdomain — which points at the unresolvable default — so it 403s and the dropdown shows "No deployment exists." That's why the runtime API works but the Playground list doesn't.
Durable fix — reclaim the clean subdomain:
- Purge the soft-deleted AOAI resource holding the name: portal → Azure AI services → Manage deleted resources, or
az cognitiveservices account purge --name macrocloud-ai-agent-eus2 --resource-group MacroCloud-AI-RG --location eastus2(If it was deleted via API, the name can be reserved up to 48h; purging releases it immediately.) - Recreate the AOAI resource with the custom subdomain set to the resource name so you get
macrocloud-ai-agent-eus2.openai.azure.com(no suffix). If you use ARM/Bicep/Terraform/CLI, set the custom-subdomain property explicitly. Redeploy gpt-4.1-mini. - Recreate the
my_aoaiconnection against the clean endpoint and confirm itstargetmatches the canonical*.openai.azure.com. Refresh the Playground.
Non-destructive test first: delete and recreate just the my_aoai connection so its target is re-read, then re-open the model dropdown. Sometimes that re-syncs resolution; if not, do the purge + rename above.
To your three questions: (1) effectively yes — the data plane resolves by the name-derived subdomain, so a suffixed subdomain that differs from the resource name causes the 403; (2) yes, purge the soft-deleted resource then recreate with subdomain = name; (3) it's a known-behavior interaction rather than a confirmed Preview bug. If it still 403s on a clean, name-matching subdomain, that's worth a support ticket — include your ARM correlation ID (6ff761f9-…) and the apim-request-id from the failing data-plane call.
Refs:
- Custom subdomain requirement: https://learn.microsoft.com/azure/ai-services/cognitive-services-custom-subdomains
- Recover/purge a soft-deleted AI Services resource: https://learn.microsoft.com/azure/ai-services/manage-resources