Agent Kits – Compliance Scanner

Agent Kits released a Compliance Scanner tool that analyzes AI agent system prompts against Microsoft's published agent-governance guidance, providing pass/fail gates and risk assessments. The deterministic scanner processes prompts on the edge without storing or sending them to any model, complementing platform-enforced controls like Entra ID and Purview.

Scored against Microsoft's published guidance · AgentAz™ companion Compliance Scanner Paste an agent's system prompt or its agentaz.json and scan it against Microsoft's published agent-governance guidance, with the AgentAz™ companion mapping that shows how each control is met at the prompt layer. Pass/fail gates, failure scenarios, a risk radar, and a copy-paste fix block. Deterministic, and your prompt is processed to produce the result, then discarded — never stored or sent to a model. Scored against Microsoft's published agent-governance guidance, with the AgentAz™ companion mapping. Deterministic — same input, same result. Your prompt is processed on our edge to produce the result and is never stored, logged, or sent to any model. What it scores against The scanner maps your agent to the design-layer controls in Microsoft's published guidance for AI agents — the Cloud Adoption Framework's governance and security recommendations, the Responsible AI principles, and the agentic maturity model. Each Microsoft control is shown with its AgentAz™ companion : the spec field that satisfies it at the prompt layer. What it can't see on purpose A system-prompt scan only assesses the design layer. Microsoft's platform-enforced controls — Entra ID identity, Purview data-loss prevention, runtime threat detection — are marked platform, out of scope rather than guessed at. This complements those controls; it doesn't replace them. Why deterministic, not an LLM A governance check you can't reproduce isn't a check. The default scan uses fixed rules and the same risky-tool vocabulary the runnable run.py demos enforce, so the same input always produces the same verdict. It never auto-executes or contacts a model.