{"id":5442,"date":"2026-05-14T11:36:20","date_gmt":"2026-05-14T18:36:20","guid":{"rendered":"https:\/\/devblogs.microsoft.com\/agent-framework\/?p=5442"},"modified":"2026-05-14T11:36:20","modified_gmt":"2026-05-14T18:36:20","slug":"governance-at-the-speed-of-agents-microsoft-agent-framework-and-agent-governance-toolkit-better-together","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/agent-framework\/governance-at-the-speed-of-agents-microsoft-agent-framework-and-agent-governance-toolkit-better-together\/","title":{"rendered":"Governance at the Speed of Agents: Microsoft Agent Framework and Agent Governance Toolkit, Better Together"},"content":{"rendered":"

Building powerful AI agents is only half the story, running them safely in production is the real challenge. As customers adopt Microsoft Agent Framework for agent orchestration, a clear need has emerged for robust, built-in governance. In this post, Imran Siddique from the AGT team walks through how Agent Governance Toolkit pairs with Agent Framework to enforce policy at runtime, govern agent actions, and provide end-to-end auditability. Turning agentic systems into production-ready platforms.<\/span><\/p>\n

The Complete Stack for Production AI Agents<\/h2>\n

Microsoft Agent Framework<\/a> 1.0 provides everything teams need to build, orchestrate, and deploy AI agents: multi-agent workflows, A2A protocol interoperability, middleware hooks, memory, and managed hosting via Foundry Agent Service. It is the foundation for enterprise-grade agentic applications.<\/p>\n

Agent Governance Toolkit (AGT)<\/a> extends that foundation with runtime governance: deterministic policy enforcement, zero-trust identity, execution sandboxing, and SRE for autonomous agents. Together, the two open-source projects form a complete production stack: Agent Framework handles ‘build and orchestrate,’ AGT handles ‘govern and audit.’<\/p>\n

This post shows how the two projects complement each other; with real code you can run today.<\/p>\n

Why Governance Belongs at the Action Layer<\/h2>\n

Agent Framework provides a powerful middleware pipeline where teams can intercept, transform, and extend agent behavior at every stage of execution. Content safety filters, logging, compliance policies, and custom logic all plug in without modifying agent prompts.<\/p>\n

AGT takes advantage of this architecture by plugging deterministic governance directly into that pipeline. The result: every tool call, resource access, and inter-agent message is evaluated against policy before execution. Sub-millisecond overhead, no sidecars, no proxies.<\/p>\n

Agent Action --> Policy Check --> Allow \/ Deny --> Audit Log\u00a0\u00a0\u00a0 (< 0.1 ms)<\/code><\/pre>\n
Agent Framework handles model input\/output safety (content filters, prompt shields). AGT governs agent actions and tool execution. Different layers, complete coverage, one middleware pipeline.<\/p>\n
Native Integration: Middleware That Speaks Both Languages<\/h2>\n
Python<\/h5>\n
AGT middleware plugs into Agent Framework’s middleware parameter, the same extensibility point used for logging, content safety, and custom interceptors:<\/p>\n
from agent_framework import Agent, tool\r\nfrom agent_framework.openai import OpenAIChatClient\r\nfrom agent_os.integrations.maf_adapter import (\r\n\u00a0\u00a0\u00a0 GovernancePolicyMiddleware,\r\n\u00a0\u00a0\u00a0 CapabilityGuardMiddleware,\r\n\u00a0\u00a0\u00a0 RogueDetectionMiddleware,\r\n\u00a0\u00a0\u00a0 AuditTrailMiddleware,\r\n)\r\n\r\nagent = Agent(\r\n\u00a0\u00a0\u00a0 client=OpenAIChatClient(model=\"gpt-5.3\"),\r\n\u00a0\u00a0\u00a0 name=\"Contoso Loan Officer\",\r\n\u00a0\u00a0\u00a0 instructions=\"You are a governed loan assistant.\",\r\n\u00a0\u00a0\u00a0 tools=[check_credit_score, get_loan_rates, approve_small_loan],\r\n\u00a0\u00a0\u00a0 middleware=[\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 AuditTrailMiddleware(audit_log=audit_log, agent_did=\"loan-agent\"),\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 GovernancePolicyMiddleware(evaluator=evaluator, audit_log=audit_log),\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 CapabilityGuardMiddleware(allowed_tools=[\"check_credit_score\", \"get_loan_rates\"]),\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 RogueDetectionMiddleware(detector=detector, agent_id=\"loan-agent\"),\r\n\u00a0\u00a0\u00a0 ],\r\n)<\/code><\/pre>\n
.NET<\/h5>\n
The .NET extension uses Agent Framework’s native .Use() middleware surface:<\/p>\n
var agent = builder.BuildAIAgent(model: \"gpt-5.3\")\r\n\u00a0\u00a0\u00a0 .Use(new GovernancePolicyMiddleware(evaluator))\r\n\u00a0\u00a0\u00a0 .Use(new CapabilityGuardMiddleware(allowedTools))\r\n\u00a0\u00a0\u00a0 .Use(new AuditTrailMiddleware(auditLog));<\/code><\/pre>\n
Same agent, same orchestration patterns, same tools. AGT adds governance, capability sandboxing, rogue detection, and Merkle-chained audit in the same process.<\/p>\n
Five Scenarios Across Five Industries<\/h2>\n
The AGT repository ships five complete end-to-end scenarios that pair real Agent Framework agents with real AGT governance middleware. Each scenario demonstrates a different industry use case:<\/p>\n\n\n\n\n\n\n\n\n
#<\/strong><\/td>\nScenario<\/strong><\/td>\nIndustry<\/strong><\/td>\nWhat Governance Demonstrates<\/strong><\/td>\n<\/tr>\n
01<\/td>\nLoan Processing<\/td>\nBanking<\/td>\nPII blocking, approval gating, tool sandboxing, rogue transfer detection<\/td>\n<\/tr>\n
02<\/td>\nCustomer Service<\/td>\nRetail<\/td>\nRefund fraud prevention, payment-data protection, escalation rules<\/td>\n<\/tr>\n
03<\/td>\nHealthcare<\/td>\nHealthcare<\/td>\nHIPAA PHI blocking, prescription safety, cross-department isolation<\/td>\n<\/tr>\n
04<\/td>\nIT Helpdesk<\/td>\nEnterprise IT<\/td>\nPrivilege escalation prevention, credential isolation, infrastructure protection<\/td>\n<\/tr>\n
05<\/td>\nDevOps Deploy<\/td>\nDevOps<\/td>\nProduction deployment gates, destructive-operation blocking, deployment-storm detection<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n
 <\/p>\n
Each demo runs deterministically without a live model credential (exercising the full governance pipeline in a terminal walkthrough) and also supports live Agent Framework agents with any configured backend (Azure OpenAI, OpenAI, GitHub Models).<\/p>\n
Intent-Based Authorization for Multi-Agent Workflows<\/h2>\n
Agent Framework’s multi-agent orchestration (sequential, concurrent, handoff, group chat) enables powerful compositions. AGT’s intent-based authorization adds a governance layer purpose-built for these patterns. The lifecycle:<\/p>\n