Merge pull request #779 from MicrosoftDocs/main

Author: eavanvalkenburg

agent-framework/TOC.yml

@@ -16,6 +16,8 @@ items:
     href: user-guide/model-context-protocol/TOC.yml
   - name: Workflows
     href: user-guide/workflows/TOC.yml
+  - name: Hosting
+    href: user-guide/hosting/TOC.yml
 - name: Integrations
   items:
   - name: AG-UI

agent-framework/tutorials/TOC.yml

@@ -2,5 +2,7 @@
   href: overview.md
 - name: Agents
   href: agents/TOC.yml
+- name: Plugins
+  href: plugins/TOC.yml
 - name: Workflows
   href: workflows/TOC.yml

agent-framework/tutorials/plugins/TOC.yml

@@ -0,0 +1,2 @@
+- name: Use Microsoft Purview SDK with Agent Framework
+  href: use-purview-with-agent-framework-sdk.md

agent-framework/tutorials/plugins/use-purview-with-agent-framework-sdk.md

@@ -0,0 +1,136 @@
+---
+title: Use Microsoft Purview SDK with Agent Framework
+description: Learn how to integrate Microsoft Purview SDK for data security and governance in your Agent Framework project
+zone_pivot_groups: programming-languages
+author: reezaali149
+ms.topic: conceptual
+ms.author: v-reezaali
+ms.date: 10/28/2025
+ms.service: purview
+---
+
+# Use Microsoft Purview SDK with Agent Framework
+
+Microsoft Purview provides enterprise-grade data security, compliance, and governance capabilities for AI applications. By integrating Purview APIs within the Agent Framework SDK, developers can build intelligent agents that are secure by design, while ensuring sensitive data in prompts and responses are protected and compliant with organizational policies.
+
+## Why integrate Purview with Agent Framework?
+
+- **Prevent sensitive data leaks**: Inline blocking of sensitive content based on Data Loss Prevention (DLP) policies.
+- **Enable governance**: Log AI interactions in Purview for Audit, Communication Compliance, Insider Risk Management, eDiscovery, and Data Lifecycle Management.
+- **Accelerate adoption**: Enterprise customers require compliance for AI apps. Purview integration unblocks deployment.
+
+## Prerequisites
+
+Before you begin, ensure you have:
+
+- Microsoft Azure subscription with Microsoft Purview configured.
+- Microsoft 365 subscription with an E5 license and pay-as-you-go billing setup.
+  - For testing, you can use a Microsoft 365 Developer Program tenant. For more information, see [Join the Microsoft 365 Developer Program](https://developer.microsoft.com/en-us/microsoft-365/dev-program).
+- Agent Framework SDK: To install the Agent Framework SDK:
+  - Python: Run `pip install agent-framework`.
+  - .NET: Install from NuGet.
+
+## How to integrate Microsoft Purview into your agent
+
+In your agent's workflow middleware pipeline, you can add Microsoft Purview policy middleware to intercept prompts and responses to determine if they meet the policies set up in Microsoft Purview. The Agent Framework SDK is capable of intercepting agent-to-agent or end-user chat client prompts and responses.
+
+The following code sample demonstrates how to add the Microsoft Purview policy middleware to your agent code. If you're new to Agent Framework, see [Create and run an agent with Agent Framework](/agent-framework/tutorials/agents/run-agent?pivots=programming-language-python).
+
+::: zone pivot="programming-language-csharp"
+
+```csharp
+
+using Azure.AI.OpenAI; 
+using Azure.Core; 
+using Azure.Identity; 
+using Microsoft.Agents.AI; 
+using Microsoft.Agents.AI.Purview; 
+using Microsoft.Extensions.AI; 
+using OpenAI; 
+
+string endpoint = Environment.GetEnvironmentVariable("AZURE_OPENAI_ENDPOINT") ?? throw new InvalidOperationException("AZURE_OPENAI_ENDPOINT is not set."); 
+string deploymentName = Environment.GetEnvironmentVariable("AZURE_OPENAI_DEPLOYMENT_NAME") ?? "gpt-4o-mini"; 
+string purviewClientAppId = Environment.GetEnvironmentVariable("PURVIEW_CLIENT_APP_ID") ?? throw new InvalidOperationException("PURVIEW_CLIENT_APP_ID is not set."); 
+
+TokenCredential browserCredential = new InteractiveBrowserCredential( 
+    new InteractiveBrowserCredentialOptions 
+    { 
+        ClientId = purviewClientAppId 
+    }); 
+
+AIAgent agent = new AzureOpenAIClient(
+    new Uri(endpoint), 
+    new AzureCliCredential()) 
+    .GetChatClient(deploymentName) 
+    .CreateAIAgent("You are a secure assistant.") 
+    .AsBuilder() 
+    .WithPurview(browserCredential, new PurviewSettings("My Secure Agent")) 
+    .Build(); 
+
+AgentRunResponse response = await agent.RunAsync("Summarize zero trust in one sentence.").ConfigureAwait(false); 
+Console.WriteLine(response);
+
+```
+
+::: zone-end
+::: zone pivot="programming-language-python"
+
+```python
+import asyncio 
+import os 
+from agent_framework import ChatAgent, ChatMessage, Role 
+from agent_framework.azure import AzureOpenAIChatClient
+from agent_framework.microsoft import PurviewPolicyMiddleware, PurviewSettings 
+from azure.identity import AzureCliCredential, InteractiveBrowserCredential 
+
+# Set default environment variables if not already set 
+os.environ.setdefault("AZURE_OPENAI_ENDPOINT", "<azureOpenAIEndpoint>") 
+os.environ.setdefault("AZURE_OPENAI_CHAT_DEPLOYMENT_NAME", "<azureOpenAIChatDeploymentName>") 
+
+async def main(): 
+    chat_client = AzureOpenAIChatClient(credential=AzureCliCredential()) 
+    purview_middleware = PurviewPolicyMiddleware( 
+        credential=InteractiveBrowserCredential( 
+            client_id="<clientId>", 
+        ), 
+        settings=PurviewSettings(app_name="My Secure Agent")
+    ) 
+    agent = ChatAgent( 
+        chat_client=chat_client, 
+        instructions="You are a secure assistant.", 
+        middleware=[purview_middleware] 
+    ) 
+    response = await agent.run(ChatMessage(role=Role.USER, text="Summarize zero trust in one sentence.")) 
+    print(response) 
+
+  if __name__ == "__main__": 
+    asyncio.run(main())
+```
+
+::: zone-end
+
+---
+
+## Next steps
+
+Now that you added the above code to your agent, perform the following steps to test the integration of Microsoft Purview into your code:
+
+1. **Entra registration**: Register your agent and add the required Microsoft Graph permissions ([ProtectionScopes.Compute.All](/graph/api/userprotectionscopecontainer-compute), [ContentActivity.Write](/graph/api/activitiescontainer-post-contentactivities), [Content.Process.All](/graph/api/userdatasecurityandgovernance-processcontent)) to the Service Principal. For more information, see [Register an application in Microsoft Entra ID](/entra/identity-platform/quickstart-register-app) and [dataSecurityAndGovernance resource type](/graph/api/resources/datasecurityandgovernance). You'll need the Microsoft Entra app ID in the next step.
+1. **Purview policies**: Configure Purview policies using the Microsoft Entra app ID to enable agent communications data to flow into Purview. For more information, see [Configure Microsoft Purview](/purview/developer/configurepurview).
+
+## Resources
+
+::: zone pivot="programming-language-csharp"
+
+- Nuget: [Microsoft.Agents.AI.Purview](https://www.nuget.org/packages/Microsoft.Agents.AI.Purview/)
+- Github: [Microsoft.Agents.AI.Purview](https://github.com/microsoft/agent-framework/tree/main/dotnet/src/Microsoft.Agents.AI.Purview)
+- Sample: [AgentWithPurview](https://github.com/microsoft/agent-framework/tree/main/dotnet/samples/Purview/AgentWithPurview)
+
+::: zone-end
+::: zone pivot="programming-language-python"
+
+- [PyPI Package: Microsoft Agent Framework - Purview Integration (Python)](https://pypi.org/project/agent-framework-purview/).
+- [GitHub: Microsoft Agent Framework – Purview Integration (Python) source code](https://github.com/microsoft/agent-framework/tree/main/python/packages/purview).
+- [Code Sample: Purview Policy Enforcement Sample (Python)](https://github.com/microsoft/agent-framework/tree/main/python/samples/getting_started/purview_agent).
+
+::: zone-end

agent-framework/user-guide/agents/agent-observability.md

@@ -167,13 +167,11 @@ See a full example of an agent with OpenTelemetry enabled in the [Agent Framewor
 
 ## Enable Observability
 
-To enable observability in your python application, you do not need to install anything extra, by default the following package are installed:
+To enable observability in your python application, in most cases you do not need to install anything extra, by default the following package are installed:
 
 ```text
 "opentelemetry-api",
 "opentelemetry-sdk",
-"azure-monitor-opentelemetry",
-"azure-monitor-opentelemetry-exporter",
 "opentelemetry-exporter-otlp-proto-grpc",
 "opentelemetry-semantic-conventions-ai",
 ```
@@ -220,7 +218,7 @@ The easiest way to enable observability for your application is to set the follo
     This can be used for any compliant OTLP endpoint, such as [OpenTelemetry Collector](https://opentelemetry.io/docs/collector/), [Aspire Dashboard](/dotnet/aspire/fundamentals/dashboard/overview?tabs=bash) or any other OTLP compliant endpoint.
 - APPLICATIONINSIGHTS_CONNECTION_STRING
     Default is `None`, set to your Application Insights connection string to export to Azure Monitor.
-    You can find the connection string in the Azure portal, in the "Overview" section of your Application Insights resource.
+    You can find the connection string in the Azure portal, in the "Overview" section of your Application Insights resource. This will require the `azure-monitor-opentelemetry-exporter` package to be installed.
 - VS_CODE_EXTENSION_PORT
     Default is `4317`, set to the port the AI Toolkit or AzureAI Foundry VS Code extension is running on.
 
@@ -260,6 +258,14 @@ Azure AI Foundry has built-in support for tracing, with a really great visualiza
 
 When you have a Azure AI Foundry project setup with a Application Insights resource, you can do the following:
 
+1) Install the `azure-monitor-opentelemetry-exporter` package:
+
+```bash
+pip install azure-monitor-opentelemetry-exporter>=1.0.0b41
+```
+
+2) Then you can setup observability for your Azure AI Foundry project as follows:
+
 ```python
 from agent_framework.azure import AzureAIAgentClient
 from azure.identity import AzureCliCredential
@@ -269,7 +275,22 @@ agent_client = AzureAIAgentClient(credential=AzureCliCredential(), project_endpo
 await agent_client.setup_azure_ai_observability()
 ```
 
-This is a convenience method, that will use the project client, to get the Application Insights connection string, and then call `setup_observability` with that connection string.
+This is a convenience method, that will use the project client, to get the Application Insights connection string, and then call `setup_observability` with that connection string, overriding any existing connection string set via environment variable.
+
+### Zero-code instrumentation
+
+Because we use the standard OpenTelemetry SDK, you can also use zero-code instrumentation to instrument your application, run you code like this:
+
+```bash
+opentelemetry-instrument \
+    --traces_exporter console,otlp \
+    --metrics_exporter console \
+    --service_name your-service-name \
+    --exporter_otlp_endpoint 0.0.0.0:4317 \
+    python agent_framework_app.py
+```
+
+See the [OpenTelemetry Zero-code Python documentation](https://opentelemetry.io/docs/zero-code/python/) for more information and details of the environment variables used.
 
 ## Spans and metrics
 
@@ -288,7 +309,7 @@ The metrics that are created are:
 - For function invocation during the `execute_tool` operations:
     - `agent_framework.function.invocation.duration` (histogram): This metric measures the duration of each function execution, in seconds.
 
-## Example trace output
+### Example trace output
 
 When you run an agent with observability enabled, you'll see trace data similar to the following console output:
 
@@ -328,7 +349,7 @@ This trace shows:
 - **Model information**: The AI system used (OpenAI) and response ID
 - **Token usage**: Input and output token counts for cost tracking
 
-## Getting started
+## Samples
 
 We have a number of samples in our repository that demonstrate these capabilities, see the [observability samples folder](https://github.com/microsoft/agent-framework/tree/main/python/samples/getting_started/observability) on Github. That includes samples for using zero-code telemetry as well.
 

agent-framework/user-guide/agents/agent-types/anthropic-agent.md

@@ -94,6 +94,35 @@ async def explicit_config_example():
     print(result.text)
 ```
 
+### Using Anthropic on Foundry
+
+After you've setup Anthropic on Foundry, ensure you have the following environment variables set:
+
+```bash
+ANTHROPIC_FOUNDRY_API_KEY="your-foundry-api-key"
+ANTHROPIC_FOUNDRY_RESOURCE="your-foundry-resource-name"
+```
+Then create the agent as follows:
+
+```python
+from agent_framework.anthropic import AnthropicClient
+from anthropic import AsyncAnthropicFoundry
+
+async def foundry_example():
+    agent = AnthropicClient(
+        anthropic_client=AsyncAnthropicFoundry()
+    ).create_agent(
+        name="FoundryAgent",
+        instructions="You are a helpful assistant using Anthropic on Foundry.",
+    )
+
+    result = await agent.run("How do I use Anthropic on Foundry?")
+    print(result.text)
+```
+
+> Note:
+> This requires `anthropic>=0.74.0` to be installed.
+
 ## Agent Features
 
 ### Function Tools

agent-framework/user-guide/agents/agent-types/azure-ai-foundry-agent.md

@@ -21,7 +21,7 @@ Add the required NuGet packages to your project.
 
 ```powershell
 dotnet add package Azure.Identity
-dotnet add package Microsoft.Agents.AI.AzureAI --prerelease
+dotnet add package Microsoft.Agents.AI.AzureAI.Persistent --prerelease
 ```
 
 ## Creating Azure AI Foundry Agents

agent-framework/user-guide/hosting/TOC.yml

@@ -0,0 +1,6 @@
+- name: Overview
+  href: index.md
+- name: A2A Integration
+  href: agent-to-agent-integration.md
+- name: OpenAI Integration
+  href: openai-integration.md