In the context of AI agents, a tool is a callable function – something the agent can invoke to interact with the world beyond its training data and conversation context.<\/p>\n\n\n\n
![\"\"](\"\/wp-content\/uploads\/2026\/04\/image-9-1024x569.png\")
<\/figure>\n\n\n\nThe critical point<\/strong>: the agent decides which tool to use, and when. You register the tools. The LLM figures out the orchestration. This is both the power and the risk of agentic systems.<\/p>\n\n\n\n Built-In Tools: Start Here<\/strong> Real example: a user uploads a CSV of sales figures and asks “what was the month-over-month growth rate?” The agent writes Python to parse the CSV, calculate the rates, and return a formatted answer -without you writing a line of backend code.<\/p>\n\n\n\n This is powered by Azure AI Search under the hood. You upload documents, they get indexed, and the agent can retrieve relevant chunks to ground its answers. This is the Retrieval-Augmented Generation (RAG) pattern – but abstracted.<\/p>\n\n\n\n Custom Function Tools: When Built-Ins Aren’t Enough<\/strong><\/p>\n\n\n\n The real power comes when you connect your agent to your own systems. Custom function tools let you expose any capability as something the agent can call.<\/p>\n\n\n\n Three things that matter here:<\/p>\n\n\n\n Once registered, the agent automatically discovers and invokes this function when it determines it’s the right tool for the job. No manual routing logic on your part.<\/p>\n\n\n\n How the Agent Picks the Right Tool<\/strong><\/p>\n\n\n\n This is where I see the most confusion in training sessions. “How does the agent know to use File Search vs. Web Search?”<\/p>\n\n\n\n The answer: it reads your tool descriptions and reasons about which fits the current request.<\/strong><\/p>\n\n\n\n This is why your docstrings and tool names matter enormously<\/strong>. The LLM uses them as a mental map of available capabilities. A poorly named tool or a missing description leads to wrong tool selection – and wrong tool selection leads to wrong answers.<\/p>\n\n\n\n Connecting Tools to Azure Functions<\/strong> The Function handles authentication, connection management, error handling, and retry logic. The agent just gets clean results.<\/p>\n\n\n\n Security: The Part That Gets Skipped in Demos<\/strong> Mitigation strategies I implement on every production agent:<\/strong><\/p>\n\n\n\n Pros and Cons of Giving Agents Tools<\/strong> Cons:<\/strong><\/p>\n\n\n\n One of the most common mistakes I see in production: giving the agent too many tools. Next: I’ll cover how Foundry IQ (knowledge-enhanced agents) works – the deeper integration between your documents and your agent that goes beyond basic file search.<\/p>\n","protected":false},"excerpt":{"rendered":" An LLM without tools is like a brilliant consultant locked in a room with no phone, no computer, and no access to any system. Smart? Yes. Useful in practice? Limited I would say…Tools are what transform an AI agent from a very sophisticated chatbot into something that can actually do things in the world. In […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/bogdanburuiana.com\/index.php\/wp-json\/wp\/v2\/posts\/1486"}],"collection":[{"href":"https:\/\/bogdanburuiana.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bogdanburuiana.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bogdanburuiana.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bogdanburuiana.com\/index.php\/wp-json\/wp\/v2\/comments?post=1486"}],"version-history":[{"count":3,"href":"https:\/\/bogdanburuiana.com\/index.php\/wp-json\/wp\/v2\/posts\/1486\/revisions"}],"predecessor-version":[{"id":1492,"href":"https:\/\/bogdanburuiana.com\/index.php\/wp-json\/wp\/v2\/posts\/1486\/revisions\/1492"}],"wp:attachment":[{"href":"https:\/\/bogdanburuiana.com\/index.php\/wp-json\/wp\/v2\/media?parent=1486"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bogdanburuiana.com\/index.php\/wp-json\/wp\/v2\/categories?post=1486"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bogdanburuiana.com\/index.php\/wp-json\/wp\/v2\/tags?post=1486"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Azure AI Foundry Agent Service ships with three built-in tools that cover a significant portion of common use cases:<\/p>\n\n\n\n\n
Executes Python code in a sandboxed environment. Useful for:<\/em><\/li>\n<\/ol>\n\n\n\n\n
\n
Searches through documents you’ve provided as knowledge sources. Useful for:<\/em><\/li>\n<\/ol>\n\n\n\n\n
\n
Retrieves live information from the internet. Useful for:<\/em><\/li>\n<\/ol>\n\n\n\n\n
Tool<\/strong><\/td> Best For<\/strong><\/td> Latency<\/strong><\/td> Cost Impact<\/strong><\/td><\/tr> Code Interpreter<\/td> Computation, analysis<\/td> Medium<\/td> Low-Medium<\/td><\/tr> File Search<\/td> Document Q&A, knowledge retrieval<\/td> Low-Medium<\/td> Medium (Search SKU)<\/td><\/tr> Web Search<\/td> Live\/current information<\/td> Medium-High<\/td> Low-Medium<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
In the Microsoft Agent Framework (Python SDK), the pattern looks like this:<\/p>\n\n\n\nfrom azure.ai.agents import tool\n\n@tool\ndef get_customer_account(customer_id: str) -> dict:\n \"\"\"\n Retrieve customer account details from the CRM system.\n \n Args:\n customer_id: The unique customer identifier\n \n Returns:\n Dictionary containing account details and status\n \"\"\"\n # Your actual CRM API call here\n response = crm_api.get_account(customer_id)\n return response.to_dict()<\/code><\/pre>\n\n\n\n\n
![\"\"](\"\/wp-content\/uploads\/2026\/04\/image-10-1024x540.png\")
<\/figure>\n\n\n\n
For enterprise scenarios, you’ll typically implement custom tools as Azure Functions. This pattern gives you:<\/p>\n\n\n\n\n
![\"\"](\"\/wp-content\/uploads\/2026\/04\/image-11-1024x398.png\")
<\/figure>\n\n\n\n
Every tool is a potential attack surface. I’m going to say that again because it’s important.
Every tool is a potential attack surface.<\/strong>
When you give an agent a tool that can write to a database, you’ve created a code path where an LLM – which can be manipulated through prompt injection in user inputs – has write access to your database.
<\/p>\n\n\n\n\n
Pros:<\/strong><\/p>\n\n\n\n\n
\n
Security surface grows with each new tool<\/li>\n\n\n\n
There’s a cognitive load equivalent for LLMs. When you register 25 tools, the model has to reason about all 25 before selecting one. This increases latency, increases token consumption, and paradoxically reduces accuracy because the model has more ways to go wrong.
My rule of thumb: start with the minimum viable toolset.<\/strong> Three to five tools for most use cases. Add more only when you have evidence the agent needs them.<\/p>\n\n\n\n