Why Microsoft Foundry and Azure AI consoles feel “slow” in one tab and normal elsewhere

Microsoft Foundry, the MAI Playground, Azure AI Studio experiences, and the programmatic surfaces that sit behind Azure OpenAI Service or Azure AI resource endpoints are not a single hostname with one failure mode. Marketing pages may load from a content-distribution path while authenticated consoles pull subscriptions, quotas, and deployment metadata from another. A Python SDK calling *.openai.azure.com does not share TCP connection pools with the browser tab where you try a new MAI-Image-2-Efficient preview. When your Clash stack only partially aligns those flows, you see the familiar split: the shell paints, but streaming completions stutter; or REST retries climb while static documentation still renders from cache-friendly edges.

Three engineering issues explain most intermittent reports without resorting to vague “Azure is having a bad day” hand-waving. First, mixed exits: companion requests to management.azure.com or login.microsoftonline.com may ride DIRECT because a regional shortcut matched early, while model traffic traverses a proxy with different congestion and peering. Second, flapping group selection: an url-test group that hops between countries when latency jitters can interrupt HTTP/2 sessions in ways that look like mysterious SDK timeouts. Third, DNS disagreement: the resolver’s idea of where an *.cognitiveservices.azure.com hostname should land does not match the egress region of the node your rule selected, so edge behavior shifts between requests. Foundry split routing—explicit domain rules that send Microsoft AI infrastructure to a named policy group—makes those failures legible in logs instead of mystical in the UI.

This article complements our vendor-specific guides for other stacks: ChatGPT and OpenAI API routing, Gemini and Google AI Studio routing, and Claude and Anthropic API routing. Those articles focus on different DNS footprints. Here the emphasis is Microsoft-owned and Azure-hosted surfaces: Foundry portals, model playgrounds tied to Azure subscriptions, and REST or SDK calls to documented Azure AI endpoints. The goal is identical: stable access through conservative policy groups, ordered matchers, and evidence from connection logs—including TLS Server Name Indication when the visible URL does not match the wire hostname.

If first-match semantics are still unfamiliar, read the rule-routing fundamentals walkthrough before editing production YAML; everything below assumes you know why a greedy GEOIP,CN,DIRECT line placed too high can silently undo carefully written vendor exceptions.

Domain inventory: narrow the capture surface before you “proxy all of Microsoft”

Microsoft’s production footprint spans microsoft.com marketing hosts, azure.com documentation, azure-api.net management planes, regional *.cognitiveservices.azure.com inference endpoints, and identity flows on login.microsoftonline.com plus Graph-adjacent helpers. That scale is exactly why copy-pasted “ultimate Microsoft domain lists” from forums age poorly: edges move, preview names change, and over-broad suffix rules can shove unrelated Microsoft 365 traffic through an overseas relay you did not intend to heat up.

Start from observed facts, not optimism. Reproduce the failure, open Mihomo or Clash Meta connection logs, and note the Host: header or TLS SNI for failing streams. Around Foundry and Azure AI you will commonly see recurring families: portal and documentation paths on hosts such as portal.azure.com and learn.microsoft.com; product entry points that include ai.azure.com and Foundry-branded experiences under microsoft.com subdomains; inference traffic toward regional OpenAI-compatible bases like your-resource.openai.azure.com; and broader Azure AI service names under cognitiveservices.azure.com. Identity and consent flows may touch login.microsoftonline.com or login.live.com; telemetry and static assets may appear on additional Microsoft hostnames. Treat every inline list in this article as a hypothesis you verify against your own traces, then encode using DOMAIN or DOMAIN-SUFFIX matchers placed above broad GEOIP shortcuts but below RFC1918 and localhost guards.

Prefer curated RULE-SET references only when you trust the maintainer’s scope. Some community bundles lump “all of Azure” into a single bucket; that may be acceptable on a dedicated workstation, but on a shared laptop it can accidentally steer unrelated Azure DevOps or package restore traffic through a node you chose only for image-model experiments. A pragmatic compromise is: maintain a short, explicit inline block for Microsoft AI paths you personally depend on—call the group PROXY_AZURE_AI_STABLE—and keep the rest of your Azure browsing on existing strategy until logs prove you need wider coverage.

Azure AI proxy discussions often collapse into “just use a VPN,” which hides mistakes and makes diffs scary when teammates merge templates from different sources. Split tunneling here means deliberately mapping specific Foundry and inference hostnames to a stable outbound, not declaring “Microsoft equals proxy everything.” That distinction matters because vague buckets hide regressions and make TLS/SNI debugging impossible.

Rule placement and illustrative suffix blocks

Clash evaluates rules: from top to bottom and stops at the first match. Practical Clash Microsoft Foundry routing therefore lives in two coordinated choices: the order of matchers relative to regional shortcuts, and the narrowness of suffix coverage relative to everything else your machine does on Microsoft properties.

Exact YAML keywords vary between cores; align your profile with the Mihomo feature set your client bundles. Conceptually, place a compact exception block after LAN allowances and before any GEOIP lines that would send overseas API edges to DIRECT by accident. The fragment below is illustrative; replace suffixes with what your logs show, and attach the outbound group you actually maintain:

# Illustrative only — verify hostnames and regions in your own connection logs
DOMAIN-SUFFIX,openai.azure.com,PROXY_AZURE_AI_STABLE
DOMAIN-SUFFIX,cognitiveservices.azure.com,PROXY_AZURE_AI_STABLE
DOMAIN-SUFFIX,ai.azure.com,PROXY_AZURE_AI_STABLE
DOMAIN-SUFFIX,management.azure.com,PROXY_AZURE_AI_STABLE
DOMAIN-SUFFIX,portal.azure.com,PROXY_AZURE_AI_STABLE
# Foundry and docs often appear on microsoft.com subdomains—add only what logs prove:
# DOMAIN-SUFFIX,foundry.microsoft.com,PROXY_AZURE_AI_STABLE
# Identity widens blast radius—enable only if sign-in loops trace here:
# DOMAIN-SUFFIX,login.microsoftonline.com,PROXY_AZURE_AI_STABLE

Commented lines are intentional cautions. Sending all of login.microsoftonline.com through an AI-only group can fix broken profiles where Microsoft identity was accidentally domestic-routed—and create surprising regressions where only the model hostname needed the tunnel. Let evidence, not habit, drive that widening step. When you adopt remote RULE-SET files, keep a tiny inline override list for hostnames your job depends on today; community sets update asynchronously, while Microsoft ships new edges more often than streaming sites rename CDNs.

Validate matcher syntax for your build via the documentation hub. If you are still importing subscription YAML as an opaque blob, normalize outbounds first—the subscription import tutorial walks through the practical steps—then attach Foundry split routing rules to groups whose behavior you can explain to a colleague.

TLS, SNI, and why the browser URL bar lies

Modern HTTPS multiplexes many logical services behind shared edges. The hostname in your address bar may not equal the SNI value Mihomo logs for the TCP connection that actually failed. SDKs and corporate interceptors sometimes rewrite paths while preserving a misleading Host header in application logs. When you troubleshoot Microsoft Foundry or Azure AI issues, treat TLS SNI as the ground truth for which certificate chain and which regional front door negotiated—then align your DOMAIN-SUFFIX rules with that string, not with marketing copy from a keynote slide.

Clock skew, enterprise TLS inspection, and stale trust stores still masquerade as “routing” defects. Before you chase continents, confirm system time, verify whether a corporate MITM is present, and compare a bare curl -v through the same mixed port your browser uses. If TLS handshakes fail identically on DIRECT and through the tunnel, no amount of Azure AI proxy cleverness fixes the local trust path.

For adapter-level capture when environment variables are untrustworthy, the TUN mode guide explains setup cautions. Remember that TUN widens blast radius: local Kubernetes dashboards, corporate VPNs, and multicast discovery may all traverse your tunnel unless you carve exceptions. TUN decides whether traffic enters the Mihomo datapath; rules: decide which outbound owns a flow once inside.

Policy groups: pick a lane that tolerates long-lived HTTPS

Not every outbound group deserves streaming API traffic. A round-robin group that rotates per connection can scramble assumptions about warm connections. An aggressive url-test profile that switches members whenever latency wobbles by a few milliseconds can surface as “random” SDK timeouts even when Azure is healthy.

For Foundry and Azure AI workloads, favor groups optimized for predictable selection: manually pin a single node while you isolate a regression; use a fallback chain that advances only on genuine failure; or configure url-test with conservative intervals and tolerance bands that do not thrash stable sessions. Name child proxies with region and transit clarity so screenshots of Mihomo logs remain interpretable when you escalate to your upstream provider.

Keep inference-heavy traffic out of the same group you use for bulk downloads or 4K streaming if you want predictable latency under load. If you must share hardware, timebox large transfers or temporarily pin generative calls to a low-latency member that is not your default binge-watch node. Quotas and content-filter policies on the Azure side can also look like noise; routing cannot negotiate a higher free tier when MAI-Image-2-Efficient previews spike demand across a region.

ℹ️
Compliance note: This article discusses network engineering patterns for reaching public HTTPS APIs and web consoles. You remain responsible for your provider terms of service, organizational security policy, and applicable regulations. Clash is a traffic steering tool; it does not grant entitlement to any third-party service.

DNS: when the rule is “right” but the resolver disagrees

Routing rules and DNS describe one system through two different panes of glass. In fake-ip mode, Clash may synthesize answers quickly so domain rules can fire early—excellent for interactive work, occasionally confusing when you expected a hostname match but saw an IP-based rule instead. Maintain a deliberate fake-ip-filter for names that must resolve to genuine records, including split-horizon corporate hostnames. For broader leak context, see the Fake-IP and DNS guide.

DNS-over-TLS and DNS-over-HTTPS upstreams are popular, yet a fashionable resolver is not automatically aligned with your chosen egress. Classic split-brain symptoms remain: the resolver’s geography does not match the outbound node’s region, and multi-step OAuth or upload flows behave inconsistently across tabs. When troubleshooting Foundry failures, simplify temporarily—pin one resolver you trust, stabilize the path, then layer parallel upstreams back in once the baseline is boring.

If you rely on domestic-direct shortcuts such as GEOIP,CN,DIRECT, remember that a call to a US-hosted inference edge is not domestic simply because your office network is. The explicit Azure AI suffix block must sit above that GEOIP line. Misplaced order is visually indistinguishable from a “bad node” in a speed-test screenshot.

System proxy, TUN, terminals, and what SDKs inherit

Browsers, IDE plug-ins, and language SDKs do not share a uniform idea of “the system proxy.” Some runtimes honor HTTPS_PROXY; others ignore environment variables unless linked against a cooperative TLS stack; some spawn helper processes that reset the environment you carefully exported in your shell. TUN mode can simplify capture by steering packets at the OS layer, but the blast radius widens—local services you forgot about may traverse your tunnel unless you carve exceptions.

For a disciplined debugging day on macOS or Linux shells, the Terminal and Homebrew proxy environment guide shows how to align curl with the same ports your mixed listener exposes. On Windows with WSL2, loopback semantics differ from the host; see the WSL2 host proxy and DNS guide if your Foundry SDK runs inside Linux while Clash listens on Windows. Many practitioners prefer a non-global daily posture: selective system proxy for well-behaved GUI apps, explicit exports for terminals, and tight YAML for the API endpoints that pay your rent.

Checklist before you blame Azure’s edge or your subscription

When someone says “Foundry spins forever” or “the Azure OpenAI SDK times out randomly,” walk this sequence before you swap airports or rewrite your life around a different client:

  1. Read the matched rule in logs, not the tray icon. You want the matcher name—domain suffix, GEOIP, PROCESS if applicable—not a guess from latency color.
  2. Separate TLS problems from routing problems. Clock skew and enterprise MITM boxes masquerade as flakiness; fix time sync and trust stores before you chase continents.
  3. Correlate SNI with your YAML. If logs show an unexpected hostname family, your suffix list is stale—not “the internet is broken.”
  4. Pin manually for ten minutes. Move PROXY_AZURE_AI_STABLE to a single known-good member. If stability returns, your automation—not Redmond—is the primary suspect.
  5. Compare browser and SDK on the same machine. If only the SDK fails, inspect environment inheritance, container networks, and corporate split tunnels before you assume geopolitical blocking.
  6. Diff recent YAML merges. Harmonizing community templates often moves GEOIP lines and silently demotes vendor exceptions you added months ago.
  7. Expect product-side throttles after model launches. Aggressive parallel jobs trip quotas that look like noise; routing cannot lift service limits when a new efficient image model drives trial traffic.
  8. Revalidate hostnames after major Foundry or Azure AI announcements. Microsoft’s edges evolve; your 2025 list is a historical document, not a contract.

Keep a dated changelog entry whenever you touch Clash Microsoft Foundry rules. These snippets are high leverage and easy to lose during device migrations, especially when teammates edit different git branches of the same profile.

Closing: make Foundry routing boring on purpose

Microsoft Foundry, MAI Playground, and the associated Azure AI HTTPS APIs reward boring infrastructure. Flashy topologies—perpetually rotating nodes, undocumented shell wrappers, “just turn TUN on for everything”—tend to produce exciting logs and unhappy teams. Clash split rules perform best when they narrate a clear story: local and RFC1918 allowances first, narrowly scoped Microsoft and Azure AI suffixes next, regional shortcuts after that, and a conservative default last.

Pair that narrative with outbound groups chosen for stable access, refresh remote rule providers on a predictable schedule, and revisit suffix lists when release notes mention new endpoints or regional rollout changes. Compared with indiscriminate full-tunnel VPNs, disciplined Foundry split routing keeps ordinary Microsoft productivity traffic on the paths you already trust, confines generative workloads to a lane you can measure, and turns intermittent mystery into questions you can answer from Mihomo output—with TLS SNI and resolver behavior on the same page as your matchers.

When you are ready to standardize on a maintained client and apply these patterns locally, download Clash for free from our official page and experience the difference.