智能体用户指南

上次更新日期 2025年11月4日

Out-of-the-box guardrails

Out-of-the-box guardrails are predefined, ready-to-use safeguards that you can enable for your agents without any custom configuration or coding. They provide immediate protection against common risks such as sensitive data exposure and prompt injection attacks, helping you build secure and trustworthy agents faster.

Note: Out-of-the-box guardrails are available on the following licensing plans:

Flex 定价计划：Enterprise – 标准层和高级层。
Unified Pricing计划：标准版、企业版、App 测试平台标准版、App Test Platform 企业版。
If the required entitlements are not enabled for your organization, the corresponding guardrail options will not appear in the UI. If you have already configured guardrails and the necessary entitlements are later disabled, your agents will simply skip those guardrails during execution, they will not cause agent runs to fail.

You can set up and configure out-of-the-box guardrails directly from your agent’s settings. The configuration applies automatically at runtime, based on the selected scope and action type.

Open the Agent settings.
1. In Studio Web, open your agent.
2. Open the Agent settings panel.
3. Go to the Guardrails tab and select Add guardrails.
Choose a guardrail type from the available predefined guardrails:
- PII detection – Identifies and blocks sensitive information such as email addresses or physical addresses. This guardrail uses Azure Cognitive Services.
- Prompt injection – Detects and blocks malicious or manipulative prompts during LLM interactions. This guardrail uses Noma Security. Note: Noma services are hosted in the United States, so data processed by the Prompt injection guardrail may be handled outside your tenant’s region.

Configuring a PII detection guardrail

Add the PII detection guardrail to your agent.
Define the guardrail details. Fill in the following fields:
- Guardrail name – Enter a descriptive name for this guardrail.
- Guardrail description – Explain what it detects or where it applies.
Select entities to detect. From the Entities to detect dropdown, choose the types of information you want to monitor (for example, email, phone, or address).
Set a detection threshold. For each selected entity, define a Detection threshold between 0 and 1. A higher threshold makes detection stricter (fewer false positives), while a lower threshold makes it more sensitive.
Choose the scopes. Select where you want the guardrail to apply:
- Agent – Checks the agent’s input and output prompts.
- LLM calls – Checks the requests and responses exchanged with the model.
- Tools – Checks tool input and output data. You can select one or more scopes to apply the same detection logic across multiple stages of execution.
  - If you select the Tools scope, choose one or more tools from the Select tools list. This allows you to reuse the same guardrail across multiple tools in the same agent.
Define the Action type. Configure how the system should respond when PII is detected:
- Log – Records the event without interrupting agent execution. The Severity level sets the importance level for the log entry:
  - Info – For general information or low-impact findings.
  - Warning – For potential risks that don’t block execution.
  - Error – For critical detections that require review.
- Block – Stops the agent or tool execution when the guardrail is triggered.
  - Block reason – Provide a brief explanation for blocking the action (for example, “Detected PII data in tool output”).
- Escalate – Sends an escalation when a violation occurs.
  - Assign app to – Choose the escalation target type: a specific user, a defined user group, or an external address.
  - Recipient – Search and select the recipient (name or email).
  - Action app – Select the application that will handle the escalation.
Enable for evaluations. Toggle Enable guardrail for evaluations to run this guardrail during agent testing or evaluation.
Save the guardrail. Once configured, the guardrail automatically monitors all LLM requests and responses and blocks execution when prompt injection attempts are detected.

Configuring a Prompt injection guardrail

Add the Prompt injection guardrail to your agent.
Define the guardrail details. Fill in the following fields:
- Guardrail name – Enter a descriptive name for this guardrail.
- Guardrail description – Optionally explain what it detects or where it applies.
Set the detection threshold. Specify the sensitivity level (for example, 0.8). Higher values make detection stricter and reduce false positives.
Define the action type. Configure how the system should handle detection events:
- Log – Records the event without interrupting agent execution. The Severity level sets the importance level for the log entry:
  - Info – For general information or low-impact findings.
  - Warning – For potential risks that don’t block execution.
  - Error – For critical detections that require review.
- Block – Stops the agent or tool execution when the guardrail is triggered.
  - Block reason – Provide a brief explanation for blocking the action
- Escalate – Sends an escalation when a violation occurs.
  - Assign app to – Choose the escalation target type: a specific user, a defined user group, or an external address.
  - Recipient – Search and select the recipient (name or email).
  - Action app – Select the application that will handle the escalation.
Enable for evaluations. Toggle Enable guardrail for evaluations to run this guardrail during agent testing or evaluation.
Save the guardrail. Once configured, the guardrail automatically monitors all LLM requests and responses and blocks execution when prompt injection attempts are detected.