Trusted Enterprise AI: Informatica Foundry MCP Integration with IDMC

Informatica and Microsoft this week revealed a tighter integration that aims to make enterprise AI agents more trustworthy by connecting Microsoft Foundry with Informatica’s Intelligent Data Management Cloud (IDMC) — a move that promises governed, high-quality data for agentic applications while raising fresh questions about security, latency, and operational complexity.

Background​

The integration announced at a major industry event brings together three converging trends in enterprise IT: the rise of agentic AI platforms, the standardisation of tool access via the Model Context Protocol (MCP), and the corporate imperative to build AI on trusted data. Informatica has exposed key IDMC services — data governance and catalog, data quality, and Master Data Management (MDM) — to agents built on Microsoft Foundry by implementing an MCP server layer that allows Foundry agents to call Informatica-managed assets in near real time. At the same time, Informatica extended its CLAIRE cognitive metadata engine to operate natively with Foundry and announced support for Microsoft OneLake tables using the Apache Iceberg table format to simplify analytics interoperability.
These are vendor-led product announcements aimed squarely at enterprises planning to deploy GenAI and agentic workflows at scale. The core promise: enable faster development and safer production of AI agents by ensuring those agents rely on governed, high-quality data from the IDMC platform rather than ad hoc or ungoverned sources.

---

What exactly was announced​

Three practical capabilities​

• Informatica MCP Server for Foundry Agent Service — Exposes IDMC assets via the Model Context Protocol so Foundry agents can query governed metadata, master records, and quality-verified datasets as tools in their toolchain.
• Pre-built GenAI recipes and agent blueprints for Foundry — A library of agent templates and vertical recipes (examples cited include loan processing and auto insurance claims) designed to accelerate agent construction, orchestration, and deployment.
• CLAIRE engine expanded to Foundry + Azure regions — CLAIRE’s metadata-driven reasoning now integrates with Foundry and is available natively in Microsoft Azure regions in the U.S. and Europe to help meet data-residency and compliance constraints.
• OneLake and Apache Iceberg support — Read/write compatibility with OneLake tables using the Apache Iceberg format to improve large-scale analytics workflows and cross-platform interoperability.

Tactical claims worth noting​

• The MCP-based approach is described as enabling near real-time access to governance, catalog, and MDM assets.
• Informatica positions the integration as a way to deploy agentic AI in production with confidence, highlighting governance, compliance and reduced development time through recipes and blueprints.
• CLAIRE is positioned as delivering automated reasoning across data integration, quality, governance and MDM when used alongside Foundry.

---

Why this matters: enterprise GenAI with trusted data​

Enterprises are wrestling with two simultaneous requirements: speed of AI adoption and strict governance. The Informatica–Microsoft integration targets both.

• Trusted data reduces hallucination risk. Agents that can consult vetted catalogs, validated master records, and quality rules are less likely to generate incorrect facts or inconsistent identities.
• MCP provides a standardized tool layer. By using an industry-style protocol for model-to-tool interaction, enterprises avoid bespoke integrations per agent and accelerate agent development lifecycles.
• Recipes speed time-to-value. Pre-built agent blueprints for common workflows (for example, loan processing or claims intake) shorten the distance between PoC and production.
• Data residency and regional deployment. Making CLAIRE available natively in Azure regions within the US and Europe helps organisations meet regulatory requirements and corporate data residency policies.

Taken together, these elements promise a more repeatable path for deploying agentic AI where governance, auditability, and compliance are non-negotiable.

---

Technical context: MCP, Foundry, CLAIRE, OneLake and Iceberg​

Model Context Protocol (MCP)​

MCP is an open protocol designed to standardise how models and agents connect to external tools and data sources. It exposes functions such as memory access, file reads, and tool execution through a JSON-RPC style contract. The protocol’s emergence aims to reduce ad hoc connector development and makes it easier to reuse tools across different agent frameworks. MCP’s adoption in the industry — by toolmakers and platform vendors — is a key enabler for the Informatica–Foundry bridge, because it gives both sides a common contract to implement.
MCP benefits:

• Standardised interface for tool access.
• Easier reuse of connectors across multiple agent platforms.
• Clear separation between model orchestration and data/tool endpoints.

MCP risks:

• A standardised interface becomes a high-value attack surface if not secured correctly (see risks section below).

Microsoft Foundry​

Microsoft Foundry is Microsoft’s enterprise-grade platform for building, orchestrating and deploying agentic AI systems. It provides SDKs, multi-agent orchestration, memory capabilities, a tool catalog and integration paths into Microsoft 365, Teams and other Microsoft surfaces. Foundry is intended for large-scale production agents and provides the glue that lets agents coordinate multiple tools and maintain session or long-term memory.
Why Foundry is relevant:

• Designed for enterprise-grade agent orchestration and deployment.
• Offers built-in tooling for multi-agent workflows and tool catalogs.
• Provides integration points that enterprises expect (Azure, M365, Teams).

CLAIRE and IDMC​

CLAIRE is Informatica’s metadata-driven AI engine that powers automation across the Intelligent Data Management Cloud (IDMC). CLAIRE analyzes metadata at scale, recommends data pipelines, and applies automated reasoning to data integration, quality, governance and MDM tasks. Bringing CLAIRE to Foundry brings metadata-driven context into agent workflows, enabling agents to make decisions informed by an organisation’s data lineage, quality rules, and canonical master records.

OneLake + Apache Iceberg​

Support for OneLake tables backed by Apache Iceberg format is a practical interoperability move: Iceberg is a modern table format designed for large analytic workloads, and OneLake is Microsoft’s unified lake for analytics in certain cloud environments. The ability to read and write Iceberg-backed OneLake tables makes it easier to include governed data in analytic and GenAI pipelines without mass data movement.

---

Strengths and opportunities​

1. Operationalising governance for agents​

This integration puts governance and quality controls in the agent’s toolset, which is crucial when agents are autonomous and need to consult external sources. That transforms governance from a passive policy to an active runtime capability.

2. Faster, safer development with recipes​

Pre-built recipes and blueprints reduce repetitive engineering effort, providing teams with a starting point and best-practice patterns for common enterprise processes like loan decisions or claims processing.

3. Compliance-friendly architecture​

Running CLAIRE and data assets inside specific Azure regions addresses data residency and regulatory constraints for many organisations — a practical requirement for sectors like financial services, healthcare and public sector.

4. Interoperability across analytics stacks​

Support for Apache Iceberg in OneLake enables unified analytics workflows across cloud-native data platforms. That reduces the friction of integrating BI and GenAI use cases across hybrid and multicloud environments.

5. Vendor alignment accelerates enterprise uptake​

When a major data-management vendor and a major platform vendor align — particularly on a standard like MCP — enterprise adoption is easier because fewer bespoke integration projects are required.

---

Risks, limitations, and open questions​

Security and attack surface expansion​

MCP standardises the way agents access tools and data, but that same standardisation can centralise risk. A compromised MCP server, misconfigured permissions, or weaknesses in the tool catalogue could permit agents — or malicious actors masquerading as agents — to exfiltrate data or execute undesired actions. Known classes of attacks to watch for include:

• Prompt injection via tool responses — tools returning malicious instructions that the agent might execute.
• Tool spoofing — lookalike tool endpoints that accept and return data while masquerading as trusted services.
• Privilege escalation across toolchains — combining lower-privilege tools to indirectly access higher-privilege assets.

Mitigations must include strict authentication and authorization, tool whitelisting, runtime permission boundaries, and aggressive auditing and anomaly detection.

The “near real-time” promise and operational reality​

Near real-time access sounds attractive, but it comes with trade-offs. Each agent call to an external governance or MDM endpoint adds round-trip latency. At scale, many concurrent agents will generate heavy API traffic with implications for cost, throughput and throttling.
Operational concerns include:

• API rate limits and throttling strategies.
• Network egress costs and API call pricing.
• The need for local caching or edge proxies to reduce latency for interactive workflows.

Architectures should plan for hybrid approaches where critical lookups are cached and non-critical checks occur asynchronously.

Data surface area and privacy concerns​

Opening up MDM and catalog assets to agents increases the data surface available to AI. Without strict data minimisation and context controls, there is a risk agents will access or expose sensitive attributes (PII, patient data, financial identifiers). Effective data masking, field-level access control, and context-aware redaction are necessary when agents consume these assets.

Governance vs. agility trade-offs​

Embedding governance checks into runtime interactions can slow agent responsiveness and complicate development. Organisations must balance the depth of governance enforced at runtime versus governance enforced at pipeline-time (for example, stronger validation during ingestion/certification rather than every agent call).

Vendor lock-in considerations​

Recipes and foundry optimisations speed development, but some implementations may tie customers into joint platform features like OneLake or Foundry-specific catalog metadata. Organisations must assess portability of agent blueprints and whether the same governance approach can be re-applied outside the Microsoft+Informatica stack.

Unverifiable or vendor-forward claims​

Vendor communications occasionally highlight customer counts, performance numbers, or “near real-time” latencies without standardised benchmarks. Such claims should be treated as vendor-provided and validated with proof-of-concept testing in a customer environment. Any claims about security posture, performance at scale, or specific RTO/RPO should be independently tested before relying on them for critical systems.

---

Practical checklist for IT and security teams​

• Validate MCP implementations — Ensure the MCP server is hardened, uses mutual authentication, and implements strict permission scopes for each agent and tool.
• Apply least privilege across tool catalogs — Only expose the minimum dataset or action set needed for a given agent.
• Instrument for audit and observability — Log agent interactions with governance tools, model inputs/outputs, and tool responses to enable incident forensics.
• Cache responsibly — Use short-lived caches for common lookups to reduce latency while retaining the ability to invalidate or refresh on demand.
• Redaction and masking — Apply field-level masking or redaction in transit for any PII or regulated attributes.
• Model testing and validation — Validate agent behavior using synthetic and red-team testing to identify hallucinations, prompt injection risks, and undesired escalations.
• Data residency confirmation — Where CLAIRE or IDMC assets are said to be available in specific Azure regions, verify tenancy, region, and deployment model align with compliance needs.
• Cost modelling — Model API call volumes, egress charges, and compute usage for agent workloads to avoid bill shock.

---

Recommended rollout plan: from pilot to production​

• Define the critical workflows — Pick 1–2 high-value, low-risk processes (such as claims triage or invoice classification) for an initial pilot.
• Map data trusts and governance needs — Identify the datasets, MDM domains, and catalog assets agents will need and classify them by sensitivity.
• Deploy MCP server in a sandbox — Stand up an MCP server connected to a de-identified subset of IDMC assets to test integration and permissions.
• Run red-team and privacy tests — Simulate prompt injection, tool spoofing, and data-exfiltration attacks to harden access controls.
• Measure performance and cost — Track latency, API call volumes, caching hit rates, and cost per transaction to inform production sizing.
• Scale with progressive controls — Expand agent capabilities and dataset access only after meeting pre-defined security and reliability gates.
• Operationalise governance — Add runbook procedures, monitoring dashboards, and SLA contracts for data access in agent workflows.

---

What this means for specific industries​

Financial services​

Banks and lenders benefit from master data validation and lineage in loan decisioning workflows. But financial services must apply strict controls for PII, credit scores, and personally identifiable financial attributes. Firms should integrate compliance checks into CLAIRE-driven workflows and ensure data residency guarantees are met.

Insurance​

Claims automation is a logical use case: agents that consult validated policy records and MDM-held customer identities can reduce fraudulent payouts and improve adjudication speed. Insurers must still ensure PII protections and maintain audit trails for claims decisions.

Healthcare​

Healthcare providers can use governed patient master data to ground clinical agents. Privacy regulations (HIPAA, GDPR) demand careful masking, purpose limitation, and explicit consent for data usage in any model-driven workflow.

Public sector​

Governed data and provenance are crucial when agents support citizen-facing services. Public sector deployments should require the highest levels of auditability and prefer on-premise or regionally isolated cloud deployments when handling sensitive citizen data.

---

Long-term implications and outlook​

The Informatica–Microsoft integration is an exemplar of where enterprise AI is heading: platform-layered agent orchestration combined with metadata-driven governance. If organisations adopt the right security practices and architectural patterns, we should see more productive, more auditable AI agents that can safely automate complex workflows.
However, the approach only succeeds at scale if three conditions hold:

• MCP and similar standards continue to mature and address known security weaknesses.
• Platform vendors provide robust, transparent mechanisms for access control and auditing at runtime.
• Organisations invest in operations, testing, and data hygiene rather than viewing governance purely as a compliance checkbox.

Expect to see customers adopt these integrations first in well-governed domains (finance, insurance, regulated manufacturing) where the value of reduced manual work and improved accuracy justifies the operational effort.

---

Final assessment: pragmatic optimism with guardrails​

This partnership amplifies a necessary idea: good data governance is not optional for enterprise AI. Exposing governed IDMC assets to Microsoft Foundry agents via MCP is a sensible architectural move that pragmatically acknowledges the agentic future of applications.
Strengths are clear: faster development via recipes, improved grounding of agent responses through MDM and data quality checks, and tighter compliance through regional deployments of metadata engines.
But the move also exposes enterprises to new operational and security complexities. The centralisation of tool access via MCP increases the importance of comprehensive authentication, least-privilege access, and runtime monitoring. The “near real-time” label is useful marketing language but must be validated against latency budgets and scale tests.
For IT leaders, the integration should be considered a powerful tool — one that demands disciplined rollout, aggressive threat modelling, and careful economic planning. Organisations that pair these capabilities with robust security and observability will likely gain a measurable advantage in delivering reliable, auditable AI-driven services. Those that do not will risk operational surprises and security incidents as agentic AI moves into production.

---

Source: SecurityBrief Australia Informatica & Microsoft boost AI agent trust with cloud data