Add purview-developer skill#270
Open
yulcodeoy wants to merge 5 commits into
Open
Conversation
Add a new skill that teaches AI coding agents how to correctly build on the Microsoft Purview Developer Platform, covering: - Microsoft Graph Purview data security and governance APIs - Sensitivity labels, contentActivity, protectionScopes, processContent - Agent Framework Purview middleware (C# and Python) - Decision guidance: when to use Graph APIs vs Agent Framework middleware - Anti-patterns and correct replacements - Working C# and Python examples for all four canonical scenarios Co-authored-by: Copilot <[email protected]>
Add Scenario 5 covering Agent 365 Observability SDK integration: - Decision table comparing Agent Framework Purview middleware vs A365 SDK - Package references for .NET and Python (all framework extensions) - Blueprint and governance explanation - Updated triggers to include A365/Agent365 keywords - Added 5 new A365 reference URLs Co-authored-by: Copilot <[email protected]>
Include full 7-step Agent 365 development lifecycle (build, config, blueprint, deploy, publish, instances, marketplace), local testing guidance (mock tooling servers, Dev Tunnels), and AI-guided setup tip. Add references for dev lifecycle docs and Agent365-Samples repo. Source: https://learn.microsoft.com/en-us/microsoft-agent-365/developer/a365-dev-lifecycle Co-authored-by: Copilot <[email protected]>
- Rename Scenario 3 to 'Apply Data Governance and Protection to Your 3P Agent' - Replace full Scenario 5 (A365 SDK) with brief 'Agent 365 and Purview' section covering only the Purview telemetry relationship - Remove A365-specific triggers, packages, lifecycle, and detailed references - Keep pointer to dedicated Agent 365 developer skill for full A365 guidance - Trim A365 references to only Purview-relevant URLs Co-authored-by: Copilot <[email protected]>
Fixes identified by review: 1. Auth anti-pattern: .default scope is valid at runtime; real issue is missing Purview permissions in Entra app registration. Rewritten. 2. C# GraphServiceClient: add explicit scopes parameter to all instances. 3. Python SDK: replace invalid lambda config pattern with typed RequestConfiguration; replace raw dicts with typed request body objects (ComputePostRequestBody, ProcessContentPostRequestBody). 4. C# request body types: use fully-qualified generated SDK types (ComputePostRequestBody, ProcessContentPostRequestBody). 5. Permissions table: .User is least privileged for both delegated and app; .All is higher privilege. Added clarifying note. 6. Scenario 1 title: 'Reading and Applying' -> 'Reading Sensitivity Labels' (content only shows listing, not applying). 7. Broken link: replace ../agent-365-developer/SKILL.md with docs URL. 8. Intro: 'three surfaces' -> 'two primary surfaces + A365 telemetry'. 9. ETag caching: clarify flow (cache ETag from compute, pass as If-None-Match to processContent, check protectionScopeState). 10. REST vs SDK naming note added. Co-authored-by: Copilot <[email protected]>
thegovind
reviewed
May 7, 2026
Collaborator
thegovind
left a comment
thegovind
left a comment
There was a problem hiding this comment.
Review summary
In-scope, well-structured Microsoft Purview developer skill. Authoritative coverage of Graph APIs, Agent Framework Purview middleware, and Agent 365 telemetry. A few small things to address before merge.
Issues
🟡 Recommended
- README catalog not updated. This PR adds a new core skill but the diff only contains the two skill files.
README.mdlists skill counts ("Core: 6", total of 130) — please bump those numbers and add the entry to the Core section so the skill is discoverable in the catalog. - Symlink not created. Other Microsoft-platform core skills appear under
skills/<lang>/<category>/via symlink (perAGENTS.mdand the established pattern). Since this skill ships C# and Python samples, consider symlinking fromskills/dotnet/security/purviewandskills/python/security/purview(or similar category) so it surfaces in language-scoped browsing. - Tests/scenarios not included. The repo convention (see
tests/scenarios/<skill>/scenarios.yamlforcredential-free-dev,entra-agent-id, etc.) is to ship scenario tests alongside new skills. For a security/compliance skill, scenario coverage matters more than usual — please add at minimum a happy-path scenario per surface (read labels, log contentActivity, processContent, middleware wiring). - Description length. The
descriptionfield is ~990 characters with a long inline trigger list. That works, but it's loaded into context every time the agent decides whether to invoke the skill. Consider trimming to one paragraph + 8-12 highest-signal triggers, and moving the long trigger inventory into areferences/triggers.mdif needed.
🟢 Nits
- L74 / Scenario 1
GETexample: theAuthorization: Bearer {token}placeholder is fine for HTTP exposition, but please add a one-liner reminder that production callers should useDefaultAzureCredential+GraphServiceClient(which the C#/Python sub-sections then do correctly) so a copy-paste reader doesn't end up token-juggling by hand. - Line 561 / Scenario 4 (
InteractiveBrowserCredential): worth adding a one-line note thatInteractiveBrowserCredentialis a developer/desktop scenario; production agent hosts should use managed identity viaDefaultAzureCredential(orManagedIdentityCredential). - Mention of "Microsoft 365 E5 license (or equivalent) with Microsoft Purview configured and pay-as-you-go billing" under Prerequisites is helpful — please double-check the licensing wording against current Microsoft Learn so the skill stays accurate when it's loaded into agent context.
Solid contribution overall — once the catalog entry, symlinks, and scenarios are added, this is ready.
Author
|
@microsoft-github-policy-service agree company="Microsoft" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds a new purview-developer skill that teaches AI coding agents how to correctly build on the Microsoft Purview Developer Platform.
Scenarios covered
GET /security/dataSecurityAndGovernance/sensitivityLabelsPOST /users/{id}/dataSecurityAndGovernance/activities/contentActivitiesprotectionScopes/computeandprocessContentAPIsMicrosoft.Agents.AI.Purview(C#) andagent-framework-purview(Python)Key features
References
All content grounded in these authoritative sources: