Hands-on Microhack created by Microsoft Office of the CTO Americas, focused on Trustworthy AI.
The Micohack event is designed to engage technical roles through a condensed, half-day hands-on hack experience. Leveraging the latest Microsoft technologies, this event provides participants with the opportunity to work on real-world problems, collaborate with peers, and explore innovative solutions.
The Microhack event is divided into several key challenges, each carefully crafted to test and expand the participants' proficiency with Microsoft's suite of tools. These challenges are not only technical in nature but also reflect real-world scenarios that businesses face, providing a comprehensive understanding of how to apply theoretical knowledge practically.
By the end of this workshop, you will learn to how to accelerate your Generative AI applicaitons to production and ensure they meet Trustworthy AI standards. We will share these standards at critical milestones in the software development lifecycle and the tools and procedures to validate their compliance. This Microhack will cover these topics; Responsible AI, Azure AI Landing Zones, model evaluations, red teaming and observability.
To provide attendees with guidance and understanding on the Microhack goals, concepts, and technologies. You can leverage the Microhack Deck - Trustworthy AI.
To get started with this workshop, open the current Microhack Challenges. For a more self-service guidebook, open the individual challenges below for coaches notes.
There are four challenges for this workshop. They are;
- Challenge 0 Environment Setup
- Challenge 1 Responsible AI - Designing a Reliable & Ethical Application
- Challenge 2 Well-architected & Trusthworthy Foundation
- Challenge 3 Observability & Operations
Trustworthy AI ensures your AI investments deliver predictable, high‑quality results by protecting your data, safeguarding your customers, and reducing operational risk. With built‑in security, privacy controls, and measurable safety standards, it provides the stability executives need to make strategic decisions and the clarity teams need to deploy AI with confidence across mission‑critical workflows in production.
AI unlocks human potential only when built on trust. Trustworthy AI is Microsoft’s end‑to‑end approach to ensuring AI systems are secure, private, and safe—from design through deployment. Our commitments, including the Secure Future Initiative, Privacy Principles, and Responsible AI principles, set the standard, while our product capabilities operationalize them through evaluation pipelines, groundedness checking, confidential computing, and safety tooling. Together, this forms a complete lifecycle approach to building reliable, responsible, and enterprise‑grade AI.
Microsoft’s Responsible AI principles — Fairness, Reliability & Safety, Privacy & Security, Inclusiveness, Transparency, and Accountability—provide a unified foundation ensuring AI systems are ethical, dependable, and trustworthy from design to deployment. By shifting left and conducting an Impact Assessment early in the development process, teams proactively identify potential harms, data‑sensitivity issues, fairness risks, and misuse scenarios before code is written, aligning architecture, safeguards, and governance with these principles from the outset. This early discipline not only strengthens organizational trust, compliance, and risk management for executives, but also gives developers a clear technical blueprint for building Generative AI systems.
Microsoft’s Secure Future Initiative is our company-wide mandate to put security above all else, reshaping how we design, build, and operate technology through the principles of Secure by Design, Secure by Default, and Secure Operations. It gives leaders confidence that Microsoft’s cloud and AI platforms are resilient against modern threats while providing developers clear, consistent guidance through hardened engineering standards, strong identity protections, and continuous monitoring. By embedding these practices early in the development lifecycle—together with Azure AI Landing Zones to ensure secure, governed, and well‑architected AI deployments—organizations can reduce risk, strengthen resilience, and maintain the trust that customers and partners expect.
Evaluation pipelines are essential to Trustworthy AI because they validate system behavior across every stage of development—starting with manual reviews that catch early design risks, progressing to automated tests that measure groundedness, relevance, safety, and bias at scale, and extending into continuous evaluation that monitors real‑world performance over time. By embedding these manual, automated, and continuous checks directly into the development lifecycle, organizations gain evidence‑based assurance that their AI systems remain reliable, secure, and aligned with business and user expectations from initial design through ongoing operation.
Red Teaming is a critical component of Trustworthy AI because it pressure‑tests systems against real‑world threats, unsafe behaviors, and adversarial misuse before those risks ever reach customers. By combining manual adversarial testing, automated attack simulations, and continuous red‑teaming cycles that evolve with emerging threat patterns, organizations can uncover vulnerabilities that traditional testing misses—ranging from prompt‑based exploits and safety bypasses to data‑leakage risks and harmful output scenarios. These tests should mitigate risks and gain confidence to deploy them into production.
Observability is essential to Trustworthy AI because it provides continuous insight into how AI systems behave in production, allowing engineering teams and governance committees to detect anomalies, track model drift, and ensure outputs remain safe and reliable. With real‑time logs, traces, and performance signals, organizations can quickly identify unexpected behaviors and take appropriate action through structured operational controls that allow systems to be safely paused or adjusted when needed. This level of continuous monitoring ensures AI deployments remain aligned with organizational standards, regulatory expectations, and user trust throughout their lifecycle.
Generative AI development lifecycle follows a modular approach, consisting of three components, each with a specific function.
-
Planning - Planning your generative‑AI or agent scenario — choosing the model, deciding on tools, grounding sources, and evaluation needs.
-
Develop - Moving from prototyping into development — running pre‑production evaluations to decide which candidate is ready to advance.
-
Operate - Operating in production — continuously monitoring quality, safety, performance, and tracing issues as users interact with the agent.
A strong governance posture depends on treating AI as a system that must be planned, developed, and operated with the same rigor as any mission‑critical technology. Trustworthy AI provides that foundation—clear expectations up front, disciplined evaluation and risk mitigation during development, and continuous monitoring once deployed. By applying these safeguards across the full lifecycle, organizations ensure their AI remains reliable, aligned with policy, and accountable to the standards their leaders and customers expect. This creates a governance model that is proactive, measurable, and resilient as AI systems evolve.
If you want to learn more about Trustworthy AI, here are further resources.
We appreciate your interest in contributing to this project! Please refer to the CONTRIBUTING.md page for detailed guidelines on how to contribute, including information about the Contributor License Agreement (CLA), code of conduct, and the process for submitting pull requests.
Thank you for your support and contributions!
This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft's Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party's policies.
We are grateful to the hard-work and thought leadership done by Pamela Fox and Matt Gotteiner. We were inspired and informed by their work. We have sampled from their https://aka.ms/ragchat repo and studied their podcast series RAG Deep dive http://aka.ms/ragdeepdive. We highly recommend to watch this content when preparing your applications to move into production.
