Build 2026 for Azure Architects: Databases, Agents, Fabric, and the New AI Application Stack

The Architecture Meeting Nobody Expected

This article is part of the EPC Group Microsoft Build 2026 series. For the full strategic read on Project Solara, the Copilot Super App tease, MAI, Scout, MDASH, and RTX Spark — see the pillar: Project Solara, the Death of Apps, and the One Copilot That Wasn't.

I've been attending Microsoft events since before the Azure brand existed. I've watched the platform evolve from hosted virtual machines to a global compute and AI platform so large that most architects only ever operate in one region of it. At Build events, the temptation is to focus on the demos — the model that reasons, the agent that acts, the interface that impresses. The real signal is always quieter. It's in the infrastructure decisions.

At Microsoft Build 2026, the quiet signal was unmistakable: databases got a major chapter in the keynote narrative. Not as supporting cast. As architectural load-bearing walls. That tells you something about where the agentic application stack is actually going — and it's not in the direction most of the AI content marketing would have you believe.

The thesis I want to walk through in this article is this: in the agentic application era, databases matter more than they did before, not less. The model is replaceable. The data layer is not. If you build your AI applications on a foundation that can't support scale, can't query vectors, can't persist agent memory, and can't connect to your governance tools — the model's capabilities are irrelevant. You've handed someone a sports car and left out the road.

---

The New Agentic Application Stack

Before diving into the specific components, let me lay out the architectural pattern that Microsoft Build 2026 makes coherent. This isn't a diagram from a whitepaper — it's the mental model I'd use walking into an architecture review for any enterprise agentic application today.

Layer 1: UI / Interface. Where humans interact with the system. This can be Teams, a custom web app, Copilot Chat, a Replit-built enterprise application, or an API endpoint consumed by another agent.

Layer 2: Identity and Access — Entra. Every user request, every agent action, flows through Entra identity. Not optional. Not something to add later. The governed agentic pattern begins with knowing who (or what) is making the request and what they're permitted to do.

Layer 3: Agent Runtime — Foundry. Microsoft Foundry is the platform to build, deploy, and govern agents across their full lifecycle. It supports multiple model providers — OpenAI, Anthropic, Mistral, DeepSeek, and Microsoft's own MAI family — which means you're not architecting around a single model's idiosyncrasies. You're building a governed runtime that can route to the right model for the right task.

Layer 4: Knowledge Layer — Grounding. This is where agents get smart rather than just fluent. At Build 2026, this layer got a significant upgrade with the GA of Foundry IQ — a managed knowledge layer that unifies Work IQ, Fabric IQ, Azure SQL, File Search, and MCP sources behind a single SLA-backed retrieval endpoint. It also ships a Foundry IQ MCP server, meaning agents can access this unified knowledge layer through the same protocol they use for tools. Web IQ — real-time global web grounding with sub-165ms latency and zero data retention — lives inside Foundry IQ. Additional grounding sources include Fabric semantic models (your governed business definitions), OneLake (your unified AI-ready data lake), Ontologies (the business entity relationships that give data meaning), and the OneLake catalog in Foundry, which recently reached GA.

Layer 5: Tool Layer. What the agent can actually do. Fabric Real-Time Intelligence for live signals, Work IQ for M365 context, external APIs, and custom tools built on Azure services.

Layer 6: Data Layer. This is the one I want to spend the most time on, because Build 2026 made it the most interesting layer. The database announcements at this conference were not incremental.

Layer 7: Evaluation and Governance. Observability in the Foundry Control Plane (GA), guardrails, human approval gates, cost monitoring. You cannot operate an agentic application at enterprise scale without this layer. It is the difference between a proof of concept and a production system. Build 2026 also introduced what Microsoft is calling the open trust stack: ACS (Agent Control Specification), an open-source standard that gives runtimes a deterministic allow/deny decision at five agent lifecycle checkpoints — input, LLM, state, tool execution, and output; and ASSERT (Adaptive Spec-driven Scoring for Evaluation and Regression Testing), an open-source MIT-licensed eval and regression framework from Microsoft Research that converts plain-text behavioral specs into executable test suites, compatible with LangChain, CrewAI, LiteLLM, OpenAI, and others. Together, ACS and ASSERT give architects a governed, reproducible way to define and enforce agent behavior before it reaches production.

Layer 8: Audit and Compliance. Defender, Purview, Intune, and Agent 365 (GA since May 1, 2026, with the Agent 365 SDK announced at Build) — the security and compliance layer that makes agentic applications acceptable to your legal, compliance, and security teams. MXC (Microsoft Execution Containers) provides OS-level policy-driven containment for agents on Windows and WSL; its native integration with Agent 365 to deliver Defender, Entra, Intune, and Purview protections is targeted for July preview, not available at Build GA.

Every enterprise AI application worth building runs through all eight layers. Strip out any one of them and you have either a demo or a liability.

---

The Database Chapter: What Build 2026 Actually Announced

Azure HorizonDB: The New Flagship

The most architecturally significant database announcement at Build 2026 was Azure HorizonDB, now in public preview. It is a fully managed, PostgreSQL-compatible database — and the specs are not modest.

Storage scales to 128 TB. Compute scales to 3,072 vCores. It delivers sub-millisecond multi-zone commit latency. It has native vector search. It has integrated AI model management. And it has direct connectivity to both Microsoft Foundry and Microsoft Fabric.

Let me translate that for architects: HorizonDB is designed to be the data backbone of enterprise agentic applications. The PostgreSQL compatibility means your existing applications, ORMs, and tooling work without rewriting. The scale parameters mean you can run this at the level of a serious enterprise workload, not a prototype. Sub-millisecond multi-zone latency means your agents aren't waiting on the database. Vector search means retrieval-augmented generation doesn't require a separate specialized service. And direct Foundry and Fabric connectivity means HorizonDB lives inside your governed architecture, not outside it.

This is what the enterprise AI data layer looks like when it's purpose-built for the agentic pattern.

Azure Cosmos DB: Agent Memory Gets a Framework

Cosmos DB's Build 2026 announcements are worth reading carefully, because they represent a mature response to one of the most underserved problems in enterprise AI: persistent agent memory.

The agent memory toolkit standardizes how you build persistent memory for agents using Cosmos DB, Azure Durable Functions, and Foundry models. This matters because the alternative — agents that have no memory of prior interactions, context, or decisions — produces agents that are expensive and frustrating to use at scale. The toolkit gives architects a standardized, governed pattern for solving this problem rather than a bespoke implementation that will need to be rebuilt for every agent.

The Linux Emulator reaching GA means that local development, testing, and CI/CD pipelines for Cosmos DB-backed applications now work natively on Linux, macOS, and Windows. For engineering teams that have been working around the Windows-only emulator, this removes a real friction point. Semantic reranking (in preview) improves retrieval quality for AI applications by reordering results based on semantic relevance rather than just keyword or vector proximity.

Azure Database for PostgreSQL: Defense in Depth

Azure Database for PostgreSQL added Defender for Cloud integration (now in preview), which extends the security perimeter of your AI applications to include the database layer explicitly. If you're building agentic applications that access sensitive data — and most enterprise AI applications do — having Defender visibility at the database level is a governance capability, not a nice-to-have.

The Oracle and PostgreSQL discovery and assessment tooling expands the migration pathway. For enterprises still running workloads on Oracle or on-premises PostgreSQL, this lowers the barrier to moving to Azure-native managed services with AI-ready capabilities.

Database Hub in Fabric

Database Hub in Fabric, currently in private preview, provides a unified interface for mirroring database data into OneLake. This closes a significant integration gap: it means your relational, operational data can flow into the same AI-ready data lake that Fabric semantic models, Ontologies, and Foundry agents use. The data doesn't live in a separate silo that agents can't easily access — it becomes part of the shared governed context.

---

Rayfin and Replit: How Enterprise Apps Get Built Now

Two announcements changed my thinking on how enterprise applications get built against this stack.

Rayfin is a new open-source SDK and CLI. Describe what you want to build, and Rayfin produces an enterprise-grade application backend — database, authentication, and more — in app code, deploying directly to Fabric with data landing in OneLake. The significance here is not that it replaces architects. It's that it collapses the scaffolding time from weeks to hours, deploying into your governed Fabric environment from the start. No custom infrastructure to manage, no separate deployment target that lives outside your security perimeter.

The Replit partnership takes a related approach for enterprise application development: build in Replit's environment, but have data and services stay in the customer's own Fabric tenant. For organizations that want developer velocity without sacrificing data residency or governance, this is a meaningful option. The data stays in your house. The development happens in a fast, modern environment.

---

The Governance Layer: Observability, Guardrails, Human Approval

I want to spend a moment on the governance layer specifically, because it's where enterprise architects spend the least time in demos and the most time in production.

Foundry's Control Plane observability is GA. This means you can monitor agent behavior — what models were invoked, what data was accessed, what actions were taken, at what cost — as a production operational concern. Not as a post-hoc investigation. As an ongoing monitoring practice.

Cost monitoring is part of the Control Plane. This matters because agentic applications have a cost profile that's very different from traditional applications. A well-designed agent that calls multiple models, retrieves from multiple data sources, and takes multiple tool actions in a single workflow can have a per-request cost that would cause a rounding error at low volume but a budget crisis at scale. Building cost monitoring into the architecture from day one is not optional if you're running production agents.

Build 2026 also gave architects something genuinely useful on the behavioral governance front: the open trust stack. ACS (Agent Control Specification) is an open-source standard that enforces deterministic allow/deny logic at five checkpoints in an agent's lifecycle — input validation, LLM invocation, state transitions, tool execution, and output. This is not probabilistic guardrail language — it is a deterministic gate. Either the action is permitted or it isn't, and the spec defines which. ASSERT (Adaptive Spec-driven Scoring for Evaluation and Regression Testing) complements ACS by converting your plain-text behavioral specifications into executable test suites that run against your agent in CI/CD, across whatever model or framework you're using. ACS plus ASSERT is the difference between hoping your agent behaves correctly at scale and knowing it does.

Human approval gates — defining where an agent must pause and wait for a human decision before proceeding — are a governance pattern, not a Foundry configuration. Architects need to design these explicitly, with operations and compliance stakeholders, and implement them as policy constraints in the agent runtime.

---

What This Means for Enterprise AI Architecture Work

I run architecture workshops with enterprises building their first serious agentic applications, and the most common gap I see is not a technology gap. It's a pattern gap. Teams know the individual components — they've read the docs, attended the sessions, watched the demos — but they haven't assembled them into a coherent, governed architecture pattern.

Build 2026 gave us the components to close that gap:

• Foundry as the governed agent runtime with multi-model flexibility and full observability
• Foundry IQ as the unified SLA-backed retrieval endpoint (Work IQ + Fabric IQ + Azure SQL + File Search + MCP sources + Web IQ) with its own MCP server
• HorizonDB as the high-scale, vector-capable, AI-native data backbone
• Cosmos DB with the agent memory toolkit as the persistent memory layer
• Fabric and OneLake as the unified, AI-ready data estate
• Fabric semantic models and Ontologies as the knowledge layer that makes grounding trustworthy
• Entra as the identity boundary that every request passes through
• ACS and ASSERT as the open trust stack for deterministic behavior governance and regression testing
• Agent 365 (GA May 1 2026; SDK announced at Build) with Defender/Entra/Intune/Purview as the agent management and security layer
• MXC for OS-level containment, with Agent 365 integration targeting July preview
• Database Hub in Fabric as the integration bridge from operational databases to the AI-ready data lake
• Rayfin as the accelerator that deploys governed backends without weeks of scaffolding

The architecture is coherent. The components exist. The question is whether your organization has the people, the governance processes, and the foundational data work to deploy it responsibly.

EPC Group's Azure AI Architecture Workshops are built around exactly this pattern — not feature demos but architecture reviews: what does your current data estate look like, where are the governance gaps, what's the realistic sequence for moving from isolated experiments to production agentic applications. If you're building toward this stack, that's the conversation worth having.

---

Frequently Asked Questions

Q: Is Azure HorizonDB replacing Cosmos DB or Azure Database for PostgreSQL?
A: No. Each has a distinct purpose. HorizonDB is purpose-built for AI-native, high-scale workloads requiring vector search and direct Foundry/Fabric connectivity. Cosmos DB remains the NoSQL/vector choice with its agent memory toolkit. PostgreSQL remains the open-source relational workload choice with expanded security. They serve different architectural roles.

Q: Do I need Microsoft Foundry to build agentic applications on Azure?
A: Foundry is the recommended governed runtime for production agentic applications, particularly given its multi-model support, Entra integration, observability features, and the Foundry IQ unified retrieval endpoint. You can build agentic workflows without it, but you lose the governance, Foundry IQ grounding, and operational monitoring layers that enterprise deployments require.

Q: What's the right starting point for an enterprise migrating toward this stack?
A: Start with the identity and data foundation — Entra governance, Fabric environment setup, Power BI semantic model certification. The agentic application layer is only as trustworthy as the foundation beneath it. Most enterprises need 60–90 days of foundation work before they can deploy agents responsibly.

Q: How does Rayfin relate to Fabric and OneLake?
A: Rayfin generates application backends that deploy directly to Fabric, with data landing in OneLake. This means applications built with Rayfin are automatically integrated into your governed data estate rather than creating separate data silos that agents can't access through governed channels.

Q: What should architects prioritize from Build 2026 in the next 90 days?
A: Four things: (1) Evaluate HorizonDB for any AI-native application requiring vector search at scale. (2) Assess whether your agent designs have a persistent memory pattern — and if not, look at the Cosmos DB agent memory toolkit. (3) Review your Foundry Control Plane configuration to ensure observability and cost monitoring are active before you scale any agentic workloads. (4) Evaluate ACS and ASSERT for any agent in active development — deterministic behavior governance and regression testing are the gap between a PoC and a production-certifiable system.

---

Sources

• Microsoft Azure Blog — Microsoft Build 2026: Building Agentic Apps with Microsoft Fabric and Microsoft Databases: https://azure.microsoft.com/en-us/blog/microsoft-build-2026-building-agentic-apps-with-microsoft-fabric-and-microsoft-databases/
• PCMag — Microsoft Build 2026 Recap: https://www.pcmag.com/news/microsoft-build-2026-recap-didnt-catch-the-live-stream-heres-everything
• The Verge — Microsoft Build 2026 Biggest Announcements: https://www.theverge.com/tech/941738/microsoft-build-2026-biggest-announcements
• Mashable — Microsoft Build 2026 Agent-First Future: https://mashable.com/tech/microsoft-build-2026-agent-first-future
• AI Magazine — Microsoft AI Foundry: https://aimagazine.com/news/is-microsoft-ai-the-ultimate-enterprise-trojan-horse
• CNET — Microsoft Build 2026 Live News: https://www.cnet.com/news-live/microsoft-build-2026-news-ai-copilot/

---

Planning your Azure AI architecture after Build 2026? EPC Group's architecture workshops can accelerate your path to production-grade agentic applications.
contact@epcgroup.net · 888-381-9725 · www.epcgroup.net

---

---

EPC Group Can Help

Microsoft Build 2026 raised the ceiling on what agentic AI can do across the Microsoft estate — and the floor on what your tenant has to be to deploy it safely. EPC Group has been doing this work for 29 years across Fortune 500 and federal organizations, with six Microsoft Solutions Partner designations and a perfect 100 NPS on G2.

If any of the following sound like your next 90 days, that is exactly the work we do:

• Microsoft 365 Copilot Readiness Assessment — the 30-day tenant audit, Purview labeling, and adoption motion that turns an under-5% Copilot conversion into a measured rollout.
• Governed AI on Microsoft Framework — one named architecture covering Entra, Purview, M365, SharePoint, Fabric, Power BI, Copilot, Defender, and Agent 365. Seven layers, five maturity stages, one accountable owner.
• Virtual Chief AI Officer (vCAIO) — fractional senior leadership for organizations that need the operating model in 2026 but cannot hire a full-time AI executive yet.
• AI Consulting Services, AI Governance, Microsoft Copilot Consulting, Power BI Consulting, Microsoft Fabric Consulting, and Azure Consulting.

Email contact@epcgroup.net, call 888-381-9725, or request a consultation. Senior architects only — no offshore handoff, no junior account managers.

LinkedIn Post

AZURE ARCHITECTS: BUILD 2026 WAS A DATABASE CONFERENCE IN A TRENCHCOAT.

The sessions covered agents, Copilot, models, local AI. But the real architectural signal at Microsoft Build 2026 was buried in the database announcements — and if you only watched the keynote highlights, you probably missed it.

Here's my take as someone who's been building on Azure for nearly three decades.

THE THESIS THAT MATTERS

In the agentic application era, databases matter MORE not less. The model is replaceable. You can swap from OpenAI to Anthropic to Microsoft's own MAI models inside Foundry without rebuilding your application. The data layer is not replaceable. If your database can't support the scale, can't query vectors, can't persist agent memory, and can't connect to your governance tooling — the model's capabilities are irrelevant. You gave someone a sports car and left out the road.

THE STACK MICROSOFT ANNOUNCED

Here's how the new agentic application architecture actually assembles. Work through it layer by layer:

UI / Interface → Entra identity (every request, no exceptions) → Foundry agent runtime (multi-model, full lifecycle) → Knowledge layer (Foundry IQ unified retrieval endpoint: Work IQ + Fabric IQ + Azure SQL + File Search + MCP + Web IQ; Fabric semantic models; OneLake; Ontologies) → Tool layer (Real-Time Intelligence, Work IQ, external APIs) → Data layer (HorizonDB, Cosmos DB, PostgreSQL, Database Hub in Fabric) → Evaluation and observability (Foundry Control Plane, cost monitoring, ACS deterministic checkpoints, ASSERT regression testing) → Security and compliance (Agent 365 + SDK, Defender, Purview, Intune; MXC containment with Agent 365 integration in July preview)

Strip out any layer and you have a demo. Keep all eight and you have an enterprise production system.

WHAT THE DATABASE ANNOUNCEMENTS ACTUALLY MEAN

Azure HorizonDB is in public preview. PostgreSQL-compatible. 128 TB storage. 3,072 vCores. Sub-millisecond multi-zone latency. Native vector search. Direct connectivity to Foundry and Fabric. This is not a specialty service for niche use cases. This is Microsoft's answer to what the AI-native data backbone of enterprise agentic applications should look like.

Cosmos DB got an agent memory toolkit — standardized persistent memory using Cosmos DB + Azure Durable Functions + Foundry models. The Linux Emulator is GA. Semantic reranking is in preview. The pattern for building agents that actually remember things across sessions now has a governed, supportable architecture.

Azure Database for PostgreSQL added Defender for Cloud integration. Database Hub in Fabric is in private preview — your relational operational data can now mirror into OneLake and become part of your shared AI-ready context.

Rayfin is worth watching: open-source SDK and CLI, describe what you want to build, get an enterprise-grade backend that deploys directly to Fabric with data landing in OneLake. No custom infrastructure scaffolding that lives outside your security perimeter.

THE GOVERNANCE QUESTION NOBODY ASKS IN THE DEMO

Foundry's Control Plane observability is GA. Cost monitoring is in the platform. Human approval gates can be configured as policy constraints. These aren't optional architectural add-ons — they're what separates a production enterprise agent from a PoC that nobody will let near real data.

The most common gap I see in enterprise AI architecture engagements isn't a technology gap. It's a pattern gap. Teams know the components. They haven't assembled them into a governed architecture that compliance will approve and operations can run.

Build 2026 gave us all the components. The question is whether your organization has the foundation work done to use them.

Which layer of the agentic app stack is your team most behind on — identity governance, data foundation, or observability?

#AzureArchitecture #MicrosoftFabric #AzureAI #MicrosoftBuild #FoundryAI #EnterpriseArchitecture #EPCGroup #CloudArchitecture #HorizonDB #AgenticAI

---

X Post

Build 2026 was a database conference in a trenchcoat. HorizonDB (128TB, 3072 vCores, sub-ms latency, vector search), Cosmos DB agent memory toolkit, PostgreSQL + Defender — the data layer matters MORE in the agentic era, not less. Architecture breakdown: [link] #AzureAI #Build2026