The Microsoft Azure AI Apps and Agents Developer Associate certification validates your ability to design, build, and deploy intelligent applications using Azure AI services. The AI-103 exam (Developing AI Apps and Agents on Azure) tests both conceptual knowledge and hands-on problem-solving skills across the full lifecycle of AI solution development. This page maps the exam syllabus, question formats, and practical preparation strategies to help you study efficiently and build confidence before test day.
Use this topic map to guide your study for Microsoft AI-103 (Developing AI Apps and Agents on Azure) within the Azure AI Apps and Agents Developer Associate path.
The AI-103 exam measures both foundational knowledge and applied reasoning through multiple item types. Questions progress in difficulty and require you to think through real-world scenarios, not just recall facts.
Later questions assume mastery of earlier topics, so understanding foundational concepts like resource management directly supports success in implementation scenarios.
An effective study routine maps each topic to dedicated study blocks, alternates between learning and practice, and builds confidence through realistic testing. Aim for 4-6 weeks of consistent preparation, with heavier focus on implementation topics where hands-on experience counts most.
Explore other Microsoft certifications: view all Microsoft exams.
Strengthen your preparation with up-to-date resources from validexamdumps.com. These materials align to AI-103 and cover practical scenarios with clear explanations.
Visit the exam page to download the PDF, Online Practice Test, or get a Bundle Discount offer for both formats: Developing AI Apps and Agents on Azure.
Generative AI and agentic solutions, along with information extraction, typically account for the largest portion of questions because they represent the most common real-world use cases. However, all five domains are tested, so balanced preparation across planning, vision, and text analysis is essential. Weak performance in any area will lower your overall score.
In practice, you start by planning and managing your Azure AI solution (defining architecture and costs), then implement the specific capabilities your business needs (generative AI, vision, text, or information extraction). For example, a document processing project requires planning (resource sizing), information extraction (parsing documents), and potentially text analysis (classifying content). Understanding these connections helps you answer scenario questions more accurately.
Hands-on experience is highly valuable because simulation questions and scenario items test practical reasoning. Prioritize labs on Azure OpenAI integration, Document Intelligence for information extraction, and Computer Vision API configuration. If time is limited, focus on labs that require you to configure endpoints, handle API responses, and troubleshoot common errors.
Candidates often confuse service capabilities (e.g., when to use Language service vs. Document Intelligence) or overlook cost and scalability trade-offs in planning questions. Another frequent error is misreading scenario details; take time to identify the actual requirement before selecting an answer. Finally, underestimating the importance of governance and security in the planning domain leads to missed points.
Review your weak topic areas using practice questions and explanations, not by re-reading notes. Run a full-length timed practice test to confirm your pacing and identify any remaining gaps. In the last 2-3 days, do a light review of key definitions and service comparisons, then rest well before test day. Avoid cramming new material; focus on reinforcing what you already know.
You have a Microsoft Foundry project that contains a customer support agent. The agent calls an internal knowledge API tool before generating responses.
Users report the following issues:
* Some requests take more than 15 seconds to complete. * Some responses are incorrect, even when the knowledge API returns the expected data.
You need to inspect individual agent runs to view the ordered sequence of large language model (LLM) calls, tool invocations, and timing information.
Which observability capability should you use?
The correct capability is tracing because the requirement is to inspect the execution path of an individual agent run. Microsoft Foundry tracing captures detailed telemetry for agent behavior, including LLM calls, tool invocations, agent decision flows, inputs, outputs, tool results, token consumption, duration, and latency. This is the appropriate observability mechanism when you need to determine which step introduced a delay, whether the agent called the internal knowledge API, what data the tool returned, and how the model used that data before producing the final response. Microsoft's Foundry observability guidance describes distributed tracing as the mechanism that provides visibility into LLM calls, tool invocations, agent decisions, and inter-service dependencies.
Token usage is useful for cost analysis and prompt optimization, but it does not show ordered run steps or tool-call sequencing. Safety metrics evaluate risk-related output behavior, not latency or tool execution. General monitoring provides aggregate health, latency, success-rate, and dashboard views, but the question asks for per-run sequence inspection and timing breakdowns. Foundry agent tracing specifically supports debugging unexpected behavior and monitoring latency across requests. Reference topics: Microsoft Foundry observability, agent tracing, OpenTelemetry-based traces, tool invocations, LLM call inspection, and latency diagnostics.
You need to configure Agent1 to meet the security and compliance requirements.
What should you use?
The correct answer is B. Personally Identifiable Information (PII) Detection. The case study states that Agent1 must never reveal customer information, even if a document containing customer data is added accidentally to the product sheet repository in storage1. This is a privacy and compliance control requirement, so the appropriate capability is PII Detection.
Azure Language PII Detection is a Foundry Tools capability that identifies, classifies, and redacts sensitive information across text, conversations, and native documents. Microsoft states that PII Detection can be used to implement privacy controls, reduce sensitive data exposure, and support compliance requirements. In this scenario, PII Detection should be applied to retrieved product-sheet content and generated responses so customer names, contact details, identifiers, and other sensitive values are not exposed to users.
Prompt Shields are important for a separate requirement: protecting Agent1 from malicious instructions hidden in documents or embedded text. Microsoft describes Prompt Shields for documents as protection against hidden instructions embedded in external content. However, the option that directly satisfies the requirement to prevent disclosure of customer information is PII Detection. Self-harm and violence filters address harmful-content categories, not privacy leakage.
You have a Microsoft Foundry project that contains an agent. The agent has a Model Context Protocol (MCP) tool that queries a knowledge base stored in Azure AI Search.
Some agent runs return answers from the base model without invoking the knowledge base, which results in responses without grounded citations.
You are provided with the following code snippet that runs the agent.
run = project_client.agents.runs.create_and_process( thread_id=thread.id, agent_id=agent.id, )
You need to add the correct tool_choice parameter to the code to deterministically force the agent to invoke the MCP tool on each run.
What should you add?
The correct selection is D. In Microsoft Foundry Agent Service, tool_choice is the runtime control used to influence whether the model may answer directly or must invoke a tool. Microsoft's tool best-practice guidance states that auto lets the model decide whether to call tools, none prevents tool calls, and required means the model must call one or more tools. This directly addresses the issue where some runs answer from the base model and skip the knowledge base.
For an agentic retrieval solution backed by Azure AI Search through an MCP tool, Microsoft's tutorial states that setting tool_choice='required' ensures the agent always uses the knowledge base tool when processing queries. This produces grounded answers because the run is forced into tool invocation before responding. auto is incorrect because it preserves the nondeterministic behavior already causing missing citations. {'type':'knowledge_base'} is not a valid Foundry tool-choice type. {'type':'mcp'} describes an MCP tool type in some Responses API schemas, but the deterministic guarantee for this agent run scenario is the required tool-call mode. Reference topics: Microsoft Foundry Agent Service, MCP tools, Azure AI Search agentic retrieval, tool_choice, and grounded citations.
You have a Microsoft Foundry project that contains an agent. The agent uses Azure Al Search as the retriever.
You plan to ingest PDFs into an Azure Al Search index to ensure that the agent can ground responses in texts in both documents and embedded images.
Users require citations that link to the source files.
You need to ensure that during indexing, the images are extracted into a structure that can be used as input for the built-in optical character recognition (OCR) skill.
Which indexing approach should you use?
The correct indexing approach is to use an indexer to extract image data into a normalized_images collection. In Azure AI Search enrichment pipelines, embedded images in PDFs are not passed directly from the text content field into OCR. Instead, the indexer must perform document cracking and image extraction by enabling the indexer image action. Microsoft's Azure AI Search documentation states that image-processing skills such as OCR and image analysis expect normalized images, and that enabling imageAction causes embedded images to be extracted and normalized for downstream skills.
The OCR skill is designed to receive image input from /document/normalized_images/*. Microsoft's skillset tutorial specifically states that the OCR skill assumes a normalized_images field exists and that this field is generated by setting the indexer imageAction configuration to generateNormalizedImages. The document extraction skill reference also confirms that generateNormalizedImages creates an array of normalized images during document cracking for OCR and image analysis.
Option A is incorrect because OCR does not run directly against the index content field. Option B maps outputs after enrichment; it does not extract images. Option D reshapes data but does not create the required normalized image collection. Reference topics: Azure AI Search indexers, AI enrichment, OCR skill, imageAction, and normalized_images.
You are deploying a support agent that enables users to upload photos.
You need to automatically classify uploaded images for harmful content. The solution must block content based on severity levels.
What should you do?
The correct answer is A. Implement image moderation. Azure AI Content Safety provides image analysis that classifies uploaded images for harmful content, including harm categories such as hate, sexual content, violence, and self-harm. Microsoft's Content Safety overview states that the Analyze Image API scans images for harmful content with multi-severity levels, which directly matches the requirement to automatically classify uploaded photos and block content based on configured severity thresholds.
Prompt Shields are intended to detect prompt injection and jailbreak-style attacks against generative models, not to classify image harm categories. Keyword scanning OCR output would only detect visible text extracted from the image and would miss visual harm in the image itself. Blocklists can help match known words or custom patterns, but they are not a complete image safety classifier and do not provide the built-in severity-based image harm classification required here. Image moderation is therefore the correct control for user-uploaded photos. Reference topics: Azure AI Content Safety, image moderation, harm categories, severity levels, Foundry guardrails, and responsible AI controls.
