For an introduction to what Guardrails do and common use cases, see Guardrails Overview.
Prerequisites
Guardrails are evaluated by the Microsoft Presidio Analyzer — patterns and word lists are sent to Presidio as ad-hoc recognizers, and matching happens inside Presidio. Before configuring guardrails, deploy Presidio and point the gateway at it:Deploy Presidio
Helm chart, sizing, and autoscaling for the Analyzer, Anonymizer, and Envoy Proxy.
Microsoft Presidio Integration
Required gateway environment variables and integration overview.
Creating a Guardrail
1
Navigate to Guardrails
In the Web App, open the Discover section in the sidebar and select Guardrails
2
Create New Guardrail
Click Create New Guardrail in the top-right corner
3
Set Basic Information
- Name: A short identifier (e.g.,
block-ddl,read-only-mode) - Description: Explain what this guardrail protects against
4
Add Rules
Configure Input Rules and/or Output Rules (see below)
5
Assign Resource Roles
Select which resource roles this guardrail applies to
6
Save
Click Save to activate the guardrail
Rule Configuration
Input Rules
Input rules evaluate queries before they execute. Use these to block dangerous commands.Output Rules
Output rules evaluate query results after execution. Use these to filter or redact output.For data masking that automatically detects PII, see Live Data Masking instead.
Pattern Syntax
Guardrail patterns are compiled by Microsoft Presidio, which uses Python’sre module. Write patterns using Python regex syntax — not JavaScript/ECMAScript and not Go’s RE2.
Basic Syntax
Common Patterns
Block UPDATE without WHERE:
Prevent credential access — block queries that might expose passwords or secrets:
salaries or api_keys:
Testing Patterns
Before deploying a pattern, test it at regex101.com:- Select Flavor: Python
- Paste your pattern in the Regular Expression field
- Enter test queries in the Test String field
- Verify matches highlight correctly
Inline flags (
(?i), (?m), (?s)), lookaheads ((?!...)), lookbehinds ((?<=...)), and word boundaries (\b) are all supported by Python’s re. Avoid JavaScript-only constructs — for example, Python’s named groups use (?P<name>...), not (?<name>...).Actions
Block
Prevents the query from executing and returns an error. Use when: The operation should never be allowed (e.g.,DROP TABLE in production)
User sees:
Warn
Allows the query but shows a warning message. Use when: You want to educate users without blocking work (e.g., missing LIMIT) User sees:Require Approval
Blocks the query until an approver approves it. Use when: Some queries need human review before execution (e.g., bulk updates) User sees:Require Approval uses the same workflow as Action Access Requests.
Resource Role Assignment
Each guardrail can be assigned to multiple resource roles. You can also have multiple guardrails on a single resource role.Assignment Options
Evaluation Order
When multiple guardrails apply to a resource role, they are evaluated in order of priority:- Priority 1 (highest) evaluated first
- First matching rule determines the action
- If no rules match, query is allowed
- Open Discover > Guardrails in the sidebar
- Drag guardrails to reorder them
- Higher position = higher priority
Environment Variables
Guardrails run inside Microsoft Presidio, so they share the same gateway environment variables as Live Data Masking. Configure these on the gateway — guardrails will not evaluate without them:
For deployment details (workers, autoscaling, models), see Microsoft Presidio Deployment.
Testing Guardrails Safely
Testing Process
1
Create a Test Resource Role
Create a separate resource role to the same database (e.g.,
prod-db-test)2
Apply the Guardrail
Assign the guardrail only to the test resource role
3
Run Test Queries
Test both queries that should be blocked and queries that should pass
4
Verify Results
Confirm the guardrail blocks what it should and allows what it should
5
Apply to Production
Once verified, add production resource roles to the guardrail
Worked Example
Try running a query that should be blocked:- Should block: A query that matches the pattern exactly
- Should allow: A similar query that doesn’t match
- Edge cases: Queries with different casing, extra whitespace, or variations
Monitoring Guardrails
Viewing Blocked Queries
- Go to Sessions in the sidebar
- Filter by Status: Blocked
- Click a session to see details
- The query that was blocked
- Which guardrail and rule triggered
- The error message
- User and timestamp
Audit Log
All guardrail evaluations are logged:- Blocked queries - Logged with full query text
- Warnings - Logged with warning message
- Approval requests - Logged with request status
Emergency Bypass
If a legitimate query is blocked and needs to run immediately:Option 1: Temporarily Disable the Guardrail
- Open Discover > Guardrails in the sidebar
- Find the blocking guardrail
- Toggle it to Disabled
- Run your query
- Re-enable the guardrail immediately after
Option 2: Refine the Pattern
If the guardrail is catching legitimate queries, update the pattern:- Open Discover > Guardrails and select the guardrail
- Edit the rule that’s causing issues
- Refine the regex to be more specific
- Save and test
Option 3: Add an Exception
For specific users or groups that need to bypass certain rules:- Create a new resource role without the guardrail
- Restrict access to that resource role to specific groups
- Use this “elevated” resource role for exceptional cases
Best Practices
Start with Warn
Use Warn mode first to understand impact before blocking
Test in Dev First
Apply guardrails to test resource roles before production
Be Specific
Use precise patterns to avoid false positives
Document Rules
Write clear descriptions explaining why each rule exists
Pattern Guidelines
- Always use
(?i)for case-insensitive matching - Use
\bfor word boundaries to avoid partial matches - Use
^\s*to allow leading whitespace - Test edge cases like multi-line queries and comments
- Keep patterns simple - complex regex is hard to maintain
Troubleshooting
Pattern Not Matching
Check:- Test the pattern at regex101.com with the exact query
- Verify case sensitivity (add
(?i)if needed) - Check for leading/trailing whitespace in the query
Too Many False Positives
Fix:- Make the pattern more specific
- Add word boundaries (
\b) - Use negative lookahead for exceptions
DROP blocks DROP_SHIPPED_ITEMS table name
Fix: (?i)^\s*DROP\s+(TABLE|DATABASE) only matches DDL commands
Performance Issues
If queries are slow:- Reduce the number of rules per resource role
- Simplify complex regex patterns
- Avoid patterns with excessive backtracking (e.g.,
.*.*.*)
Related
Guardrails Overview
Learn what guardrails do and see common recipes
Live Data Masking
Configure automatic PII detection and masking
Action Access Requests
Configure the “Require Approval” action
Access Control
Control who can access which resource roles