Build Security Copilot agents with an interactive chat experience

Creating an interactive agent in Microsoft Security Copilot involves configuring the agent to support dynamic, task-focused conversations. End users interact with your agent through the Chat with agent feature. To enable this feature, add the required attributes to the agent manifest.

The article provides a walkthrough on how to build an interactive agent that's able to teach users how to use Security Copilot using the public documentation on Microsoft Docs learn page.

Steps to build an interactive Security Copilot agent

To build your agent manifest, you can reference the attributes required for interactive agent experience in the manifest. For more information, see Agent manifest.

Interactive Agent YAML

The following is a sample of a SecurityCopilotDocsAgent interactive agent manifest YAML.


Descriptor:
  Name: SecurityCopilotDocsAgent
  DisplayName: Security Copilot Docs Agent
  Description: >-
    Answers user questions about Microsoft Security Copilot by searching
    Microsoft Docs and returning relevant guidance.
  Icon: ''
AgentDefinitions:
  - Name: SecurityCopilotDocsAgent
    DisplayName: Security Copilot Docs Agent
    Description: >-
      Answers user questions about Microsoft Security Copilot by searching
      Microsoft Docs and returning relevant guidance.
    Publisher: Custom
    Product: SecurityCopilot
    RequiredSkillsets:
      - MCP.MSDocs
      - SecurityCopilotDocsAgent
    AgentSingleInstanceConstraint: None
    Triggers:
      - Name: Default
        DefaultPollPeriodSeconds: 0
        ProcessSkill: SecurityCopilotDocsAgent.SecurityCopilotDocsAgent
    PromptSkill: SecurityCopilotDocsAgent.SecurityCopilotDocsAgent  # Added for interactive agent experience
SkillGroups: 
  - Format: Agent
    Skills:
      - Name: SecurityCopilotDocsAgent
        DisplayName: Security Copilot Docs Agent
        Description: Uses Microsoft Docs to answer questions about Security Copilot usage.
        Interfaces:
        - InteractiveAgent   # Added for interactive agent experience
        Inputs:
          - Name: UserRequest     # Input to the prompt skill (must always be named UserRequest) 
            Description: The user's question about how to use Microsoft Security Copilot.
            DefaultValue: ''
            Required: true
        SuggestedPrompts:    # Starter prompts
        - Prompt: Show me areas in which Security Copilot can help me?
          Title: Security Copilot Overview
          Personas:
          - 3
          IsStarterAgent: true
        - Prompt: How do I build agents in Security Copilot?
          Title: Building Agents
          Personas:
          - 3
          IsStarterAgent: true
        - Prompt: How do I get details on a specific Defender incident?
          Title: Incident Knowledge
          Personas:
          - 3
          IsStarterAgent: true
        - Prompt: How do I execute a KQL query via Security Copilot?
          Title: KQL Query
          Personas:
          - 3
          IsStarterAgent: true
        - Prompt: Give me more details on the above   # Prompt suggestions
        - Prompt: Where do I get troubleshooting information
        - Prompt: My prompt is not giving the response I am seeking, how can I improve on it.
        - Prompt: What is a ProcessSkill in an Agent and show is it different from PromptSkill
        - Prompt: How do I import a custom plugin?
        - Prompt: Does Security Copilot support MCP?
        - Prompt: How do I build an API plugin?
        - Prompt: How do I build a promptbook?
        - Prompt: Can I run a Security Copilot prompt from LogicApp?
        - Prompt: Can I execute a Security Copilot agent from LogicApp?
        - Prompt: What is the purpose of a trigger in Agents?
        
        Settings:
          OrchestratorSkill: DefaultAgentOrchestrator
          Instructions: >
            # Mission You are an expert assistant for Microsoft Security
            Copilot. When a user asks a question about how to use Security
            Copilot, search Microsoft Docs for the most relevant and up-to-date
            guidance. Make sure to return data relevant to Microsoft Security Copilot specifically. 

            # Data Handling Use the AskMsDocs skill to search Microsoft
            documentation for Security Copilot and related topics. Summarize the
            most relevant information and provide clear, actionable answers.

            # Workflow 1. Receive the user's question as input. 2. Call the
            AskMsDocs skill with the user's question. 3. Review the returned
            documentation results. 4. Summarize the key guidance and steps for
            the user. 5. If the answer is not found, state that no relevant
            documentation was found.

            # Output Provide a concise, accurate answer with references to
            Microsoft Docs where possible.
        ChildSkills:
          - microsoft_docs_search

The steps to configure the agent manifest and build an interactive agent are as follows:

Step 1: Plan for your interactive agent

Interactive agents are useful when agents and users may need to collaborate for a guided experience to solve something. Articulate the goals and instructions of the interactive agents, specify the tools (skills) that are available, and define how to handle user requests.

Step 2: Add prompt skill

The PromptSkill attribute defines the user experience by specifying goals, instructions, and capabilities to use to address user requests. You can reference different types of tools (skills): AGENT (recommended), GPT, KQL, and API. For information on creating the different tool types, see Tools.

Add the PromptSkill attribute to the agent manifest. This creates the Chat with agent option.
The PromptSkill should be formatted as SkillsetName.SkillName. The following shows a sample section of the agent manifest for the PromptSkill attribute, where SkillsetName = SecurityCopilotDocsAgent, which is the Descriptor.name and SkillName = SecurityCopilotDocsAgent, which is defined in the Format: Agent skill.
```
 PromptSkill: SecurityCopilotDocsAgent.SecurityCopilotDocsAgent
```
In the agent definition, you must specify the name of the skillset where the AgentDefinition is located, and the skillsets for any ChildSkills. List them all in the RequiredSkillsets field.
Include the Interfaces field in the Agent skill descriptor. For interactive agents, set the interface to InteractiveAgent.
UserRequest is added as an input to the PromptSkill.

Step 3: Add prompts

Starter prompts

Starter prompts help set the context and appear at the beginning of the interactive agent experience. They help users understand what the agent can do and set expectations.

To configure starter prompts:

The SuggestedPrompts attribute is used for the declaration with the IsStarterAgent flag.
Define a Title and the Personas the prompt is aligned to.

The following shows a sample section of the agent manifest for the starter prompt that is displayed only inside the interactive agent experience.

     SuggestedPrompts:
        - Prompt: Show me areas in which Security Copilot can help me?
          Title: Security Copilot Overview
          Personas:
          - 3
          IsStarterAgent: true

This prompt is displayed only when the Persona type of ITAdmin is selected.

The Persona Type IDs are as follows:

ID	Persona Type
0	CISO
1	SCO Analyst
2	Threat Intel Analyst
3	ITAdmin
4	Identity Admin
5	Data Security Admin
6	Cloud Admin

From the SecurityCopilotDocsAgent interactive agent section of the agent manifest, the Agent skill shows four starter prompts assigned to different personas.

The following image illustrates starter prompts that you can choose to begin interacting with the agent.

Prompt suggestions

Prompt suggestions are a curated list of follow-on prompts after the output of a prompt is displayed. The suggestions ensure that users stay within a guided experience.

To configure prompt suggestions:

Prompts are added under a skill with the SuggestedPrompts attribute.
- IsStarterAgent and Personas must be omitted for prompt suggestions to avoid them being treated as starter prompts.
All the prompts under the SuggestedPrompts attribute, generate and ranks the prompts based on the context of the session. These prompts are generated using the SuggestedPrompts as a starting template.
The prompt suggestions are displayed in the result as potential prompts to continue chat conversations.
If you select any of the prompt suggestions, you can edit the prompt before submitting.
The request is executed and the response is returned.

Note

The Orchestrator doesn't check if a tool required by the dynamically generated prompt suggestions is enabled. If a prompt runs that doesn't have the tool enabled, an error is displayed. Ensure all the relevant tools are enabled and configured.

The following YAML shows a sample section of the agent manifest, where the SecurityCopilotDocsAgent has 11 suggested prompts that will be used as a template to generate the dynamic suggested prompts.


        - Prompt: Give me more details on the above
        - Prompt: Where do I get troubleshooting information
        - Prompt: My prompt is not giving the response I am seeking, how can I improve on it.
        - Prompt: What is a ProcessSkill in an Agent and show is it different from PromptSkill
        - Prompt: How do I import a custom plugin?
        - Prompt: Does Security Copilot support MCP?
        - Prompt: How do I build an API plugin?
        - Prompt: How do I build a promptbook?
        - Prompt: Can I run a Security Copilot prompt from LogicApp?
        - Prompt: Can I execute a Security Copilot agent from LogicApp?
        - Prompt: What is the purpose of a trigger in Agents?

The following image illustrates the generated prompt suggestions after a prompt has been processed and its results returned.

Step 4: Provide instructions

Instructions are directions given to an agent to define its goals, how to handle requests and workflows, limitations, and detail its outcome.

From the sample, see the detailed Instructions provided for the agent.

Step 5: Set child skills

Child skills are tools and capabilities an agent can apply to enable outcomes to be predictable and comprehensive. The tools (skills) perform specific tasks and are called by the agent to fulfill its objectives.

From the sample, the microsoft_docs_search is an MCP plugin MCP.MSDocs defined under the RequiredSkillsets.


  ChildSkills:
        - microsoft_docs_search

Step 6: Upload the YAML

After configuring the Agent YAML manifest with the required attributes, you must upload the YAML so that you can use the Chat with agent feature.

Upload the YAML as a custom plugin. For instructions on upload, see Upload custom plugins.

Known limitations

Here are the known limitations for implementing interactive agents:

An interactive agent supports only one input, which must be a UserRequest.
Users can setup interactive chat by selecting Chat with agent and authenticating with their identity and consent. This doesn't set up the agent for others to use, an appropriate user would need to Set up the agent in Active Agents to ensure others can use this agent.
Agent memory isn't included in the chat context.

Testing prompts

Before defining a prompt as a starter prompt, run the prompt as the first prompt in a new session and make sure there are no errors, and the prompt output is valid.
Not all prompts are suitable for being used as starter prompts. For example, prompts that require prior context aren't suitable for starter prompts as there is no context available for these prompts to work correctly.

Next steps

Chat with agent

Last updated on 2025-11-18

Share via