Prompts for common GraphWarden integration tasks

Copy-paste prompts for AI coding assistants covering the most common GraphWarden integration tasks: migrating a .NET or PowerShell app, adding GraphWarden support to a SaaS product, routing CI/CD pipelines, and building rulesets. Each prompt references https://graphwarden.com/llms.txt so the agent pulls current documentation.

Prompt catalogue

Prerequisites

- An AI coding assistant - Your GraphWarden proxy URL and credentials on hand (many prompts ask for them)

Migrate a .NET application

Paste this prompt into your assistant when you have an existing .NET application that calls Microsoft Graph directly and you want to route it through GraphWarden without rewriting the Graph SDK calls.

Migrate a .NET application

Migrate my existing .NET application from direct Microsoft Graph API calls to use GraphWarden as a proxy.

My app currently uses ClientSecretCredential with https://graph.microsoft.com.

I need to:
1. Change the base URL to my GraphWarden proxy URL
2. Replace real Graph credentials with GraphWarden proxy credentials
3. Preserve all existing Graph SDK calls unchanged
4. Add error handling for GraphWarden-specific responses (401 invalid proxy credentials, 403 ruleset denial)

Reference documentation: https://graphwarden.com/llms.txt

Ask me for:
- My GraphWarden proxy URL
- My proxy client_id and proxy client_secret
- Which Graph endpoints and scopes my app uses today

Reference: llms.txt

Route a PowerShell script

Use this prompt when you have a PowerShell script that calls Connect-MgGraph with client-credential auth and you want every cmdlet in the script to flow through the GraphWarden proxy.

Route a PowerShell script

Route my PowerShell script using Connect-MgGraph through GraphWarden.

My script currently calls Connect-MgGraph with client-credential auth against https://graph.microsoft.com.

I need:
1. The tested pattern to acquire a token from the GraphWarden proxy's token endpoint
2. A Connect-MgGraph invocation that uses that token against the proxy as the Graph endpoint
3. A sanity check that Get-MgContext confirms the endpoint is the proxy

Reference documentation: https://graphwarden.com/llms.txt

Ask me for my proxy URL and proxy credentials.

Reference: llms.txt

Add GraphWarden support to a SaaS product

Run this prompt when you ship a SaaS product that calls Microsoft Graph on behalf of your customers and you want to let enterprise customers route that traffic through their GraphWarden deployment.

Add GraphWarden support to a SaaS product

Add GraphWarden compatibility to my SaaS product that uses Microsoft Graph.

Compatibility means my product reads the Graph base URL and credentials from customer configuration instead of hardcoding https://graph.microsoft.com.

I need:
1. Identification of every Graph reference in my codebase that needs to be externalized
2. A configuration surface change (env vars, admin UI settings, or similar)
3. A compatibility statement template for my customer-facing documentation

Reference documentation: https://graphwarden.com/llms.txt

Ask me for my product's primary language/framework and paste the Graph initialization code.

Reference: llms.txt

Integrate GraphWarden into an Azure DevOps pipeline

Use this prompt when you want a CI/CD smoke test that verifies your GraphWarden proxy is reachable from an Azure DevOps pipeline before promoting a build.

Integrate GraphWarden into an Azure DevOps pipeline

Add a GraphWarden smoke test to my existing Azure DevOps YAML pipeline.

I want a pipeline stage that:
1. Acquires a token from my GraphWarden proxy's /oauth2/v2.0/token endpoint
2. Fails the build if token acquisition fails
3. Uses variable-group-backed secrets (not inline values)

Reference documentation: https://graphwarden.com/llms.txt

Ask me for my existing azure-pipelines.yml and whether my variable group is already configured.

Reference: llms.txt

Generate a ruleset from a natural-language description

Use this prompt when you know what the rule should do in plain English and you need the equivalent GraphWarden YAML — for example, a ruleset that whitelists specific properties for a specific security group and denies write operations.

Generate a ruleset from a natural-language description

Generate a GraphWarden YAML ruleset that allows reading users (displayName, mail only) from a specific security group and denies all write operations.

Reference documentation: https://graphwarden.com/llms.txt

Ask me for:
- The Azure AD security group UUID that should be allowed to read users
- Which Graph endpoints the ruleset should deny write operations on
- Whether the ruleset should log denied attempts or silently block them

Reference: llms.txt

Troubleshooting

The agent ignores my prompt and answers from training data

Prepend the prompt with a line that forces a fetch: "Before answering, fetch https://graphwarden.com/llms.txt and the specific pages it links to." Agents that do not fetch URLs cannot reach current docs; in that case, paste the relevant page text directly into the prompt instead.

The agent keeps asking the same clarifying question

The prompt lists the values the agent needs to ask for. If the agent loops on a value you already provided, re-state the answer verbatim and confirm the agent has it: "My proxy URL is https://proxy.example.com. Acknowledge this value and proceed with the next step."

The generated code is missing error handling for ruleset denials

The base prompts request handling for 401 (credential issues) and 403 (ruleset denial). If the agent skipped it, append: "Surface 403 responses to the end user with the matched ruleId from the response body. Reference: /docs/isv/compatibility-guide."

Last reviewed:

Last reviewed: .