# Agent Kits – Compliance Scanner > Source: > Published: 2026-06-27 23:19:26+00:00 Scored against Microsoft's published guidance · AgentAz™ companion # Compliance Scanner Paste an agent's system prompt or its `agentaz.json` and scan it against Microsoft's published agent-governance guidance, with the AgentAz™ companion mapping that shows how each control is met at the prompt layer. Pass/fail gates, failure scenarios, a risk radar, and a copy-paste fix block. Deterministic, and your prompt is processed to produce the result, then discarded — never stored or sent to a model. Scored against Microsoft's published agent-governance guidance, with the AgentAz™ companion mapping. Deterministic — same input, same result. Your prompt is processed on our edge to produce the result and is never stored, logged, or sent to any model. ## What it scores against The scanner maps your agent to the design-layer controls in Microsoft's published guidance for AI agents — the Cloud Adoption Framework's governance and security recommendations, the Responsible AI principles, and the agentic maturity model. Each Microsoft control is shown with its **AgentAz™ companion**: the spec field that satisfies it at the prompt layer. ## What it can't see (on purpose) A system-prompt scan only assesses the design layer. Microsoft's platform-enforced controls — Entra ID identity, Purview data-loss prevention, runtime threat detection — are marked *platform, out of scope* rather than guessed at. This complements those controls; it doesn't replace them. ## Why deterministic, not an LLM A governance check you can't reproduce isn't a check. The default scan uses fixed rules and the same risky-tool vocabulary the runnable `run.py` demos enforce, so the same input always produces the same verdict. It never auto-executes or contacts a model.