Azure Open AI: Production-tested system instructions for enterprise AI personal agents
(With specific examples)
Production-tested system instructions for enterprise AI agents that prioritize accuracy, version-control, and anti-hallucination safeguards.
License
-------
The MIT License applies only to:
β’ /template.md
β’ /examples/cloud-infra.md
All other files
(including **veeam-specific** /examples )
are provided for reference only and are NOT covered by the MIT license.
The Problem: Large Language Models hallucinate technical details, mix up software versions, and confidently provide outdated instructions. In technical support, healthcare, legal, and compliance-heavy domains, this is unacceptable and costly.
The Solution: This template implements five core safety mechanisms that force AI agents to admit uncertainty, cite authoritative sources, and refuse to guess when documentation is silent.
Designed for real-world deployment in Azure AI Studio, OpenAI Assistants API, Anthropic Claude Projects, and similar agent frameworks.
| Problem | Solution |
|---|---|
| π¨ Hallucinations | 3-Tier source hierarchy (official docs > blog posts > personal notes) |
| π Version drift | Mandatory version validation in every tutorial |
| π Security risks | Tool scoping + PII protection + audit logging |
| β Scope creep | Environment clarification rules force specificity |
| βοΈ Compliance | Built-in HIPAA/GDPR/SOC2 escalation protocols |
Battle-tested: v1.0 ran in production at a global enterprise software company before being generalized for public release. Specific use cases in addition to template.md
- veeamgpt.md (Veeam Software)
- multi-cloud-infra.md (Multi-Cloud - Azure, Aws, etc)
Download TEMPLATE.md or copy the raw markdowns from examples/ into your AI agent's system instructions field.
Search and replace these brackets with your specific values:
[YOUR_DOMAIN] β "Backup & Disaster Recovery" / "Clinical Protocols" / "Tax Compliance"
[DOMAIN_PRODUCTS] β "Product A, Product B, Product C"
[DOMAIN_ENVIRONMENTS] β "VMware vSphere, AWS, Azure, on-premise"
[DOMAIN_TOOLS] β "PowerShell, REST API, Web Console, Terraform"
[CRITICAL_CONSTRAINT_1] β "Feature X deprecated in v5.0 (Q3 2025)"
[CRITICAL_CONSTRAINT_2] β "License Y required for Feature Z"
[INTERNAL_EXPERT_ROLE] β "Support Team" / "Solutions Architect"
[INTERNAL_SUPPORT_EMAIL] β "support@yourcompany.com"
[OFFICIAL_TICKET_PROCESS_ID] β "KB-1234"
[CURRENT_YEAR] β "2025"
[DOMAIN_SPECIFIC_DOCS] β "Release Notes, API Reference"Before deploying customized instructions:
-
Test Hallucination Resistance
- Prompt: "How do I enable [FAKE_FEATURE] in [PRODUCT]?"
- Expected: "This feature is not documented in official sources."
-
Test Version Strictness
- Prompt: "Configure [FEATURE] in v3.0" (when feature was added in v4.0)
- Expected: Refusal + version clarification
-
Test Escalation Protocol
- Prompt: "Does [PRODUCT] support [EDGE_CASE_SCENARIO]?"
- Expected: Escalation to [INTERNAL_SUPPORT_EMAIL]
-
Test False Positive Rate
- Run 20 legitimate queries from user scenarios
- Measure: % that trigger unnecessary escalations (target: <5%)
- Navigate to your agent configuration
- Paste the customized template into the System Message field
- Enable "On Your Data" if using indexed content (recommended)
- Test with version-specific queries
client.beta.assistants.create(
name="Technical Support Agent",
instructions=open("TEMPLATE.md").read(), # Your customized version
model="gpt-4-turbo-preview",
tools=[{"type": "retrieval"}]
)- Create a new Project
- Paste the template into Custom Instructions
- Upload your Tier 1 documentation to the Project knowledge base
Try these queries to validate behavior:
- β "How do I configure [deprecated_feature]?" β Should refuse and escalate
- β "Step-by-step: Install [product] on [environment]" β Should use Mandatory Tutorial Template
- β "Does [product] support [obscure_feature]?" β Should admit uncertainty if not in Tier 1 docs
- SaaS troubleshooting (version-specific configurations)
- Infrastructure runbooks (Kubernetes, Terraform, cloud platforms)
- Backup & disaster recovery (step-by-step restore procedures)
- Clinical protocol assistants (evidence-based guidance with source citations)
- HIPAA-compliant patient care (PII protection, audit logging)
- Medical device documentation (version-controlled instructions)
- Regulatory guidance (cite-only from official statutes)
- Contract analysis (structured comparison templates)
- Policy documentation (version-dated references)
- Incident response playbooks (atomic steps with checkpoints)
- Release management (version-strict deployment procedures)
- Security remediation (compliance-aware escalation)
Most "prompt templates" are vague platitudes like "be helpful and accurate." This template:
- Forces structured output via the Mandatory Tutorial Template (atomic steps, checkpoints, verification)
- Blocks hallucination via strict source hierarchy (Tier 1 > Tier 2 > Tier 3)
- Handles uncertainty via escalation protocols (admit gaps, don't guess)
- Enforces security via tool scoping and PII protection rules
- Maintains version control by requiring explicit version numbers in every procedure
User: "How do I enable backup encryption in v4.0?"
Agent: "Sure! Just go to Settings > Security and toggle 'Enable Encryption.' Make sure you have admin rights."
(Hallucinated menu path, no version validation, missing prerequisites)
User: "How do I enable backup encryption in v4.0?"
Agent:
### Enable Backup Encryption in Product X v4.0 ###
**Purpose**: Secure backup data at rest with AES-256 encryption.
**Validated against**: Product X v4.0.2 (Build 4518) β Dec 18, 2025
**Requirements**
- Product X v4.0.2 or later
- Administrator role
- Valid encryption key or certificate
- β οΈ Warning: Encryption cannot be disabled after initial backup without data loss
**Procedure**
1. Navigate to Settings > Backup Jobs > [Job Name] β expected: Job configuration panel opens
> β
Checkpoint: "Advanced Settings" tab is visible
2. Click "Advanced Settings" β select "Encryption" β expected: Encryption configuration dialog
[Image: Encryption_Dialog_v4.0]
π§ Troubleshooting: If grayed out, verify Administrator role in Access Control
**Verification**
- PowerShell: `Get-BackupJob -Name "JobName" | Select EncryptionEnabled` β should return `True`
- Event ID 1234 in Application log: "Encryption enabled for job [JobName]"βββ README.md β You are here
βββ TEMPLATE.md β The full system instructions template
βββ examples/
| βββ veeamGPT.MD β Fully customized example for a backup, security and data protection company
β βββ cloud-infra.md β Fully customized example for a cloud infrastructure company
β βββ -codingps1md β Fully customized example for a ***
β βββ -yaragenerator.md β Fully customized example for a ***
βββ LICENSE β MIT License
Issues and PRs are welcome! Focus areas:
- Domain examples: Healthcare, legal, finance, manufacturing
- Integration guides: AWS Bedrock, Google Vertex AI, LangChain
- Testing strategies: Automated validation of instruction adherence
- Localization: Non-English versions with cultural/regulatory adjustments
MIT License - see LICENSE for details.
TL;DR: Use this commercially, modify it, share it. Just keep the copyright notice.
If you use this template in production or research, a link back to this repo is appreciated:
AI agent instructions based on the [Universal AI Agent Safety Template](https://github.com/CGFixIt/AzureAI-CopilotStudio-PersonalAgent-Instructions/blob/main/TEMPLATE.md?plain=1)- v1.2 (Dec 2025): Added Azure "on your data" grounding rule, audit logging, normalized formatting
- v1.1 (Dec 2025): Added Tool & Data Access, Security & Privacy, ethical guardrails
- v1.0 (Dec 2025): Initial public release, based on production deployment at global enterprise software company
Built with β€οΈ for teams who need AI agents that admit when they don't know.