Skip to content
APEX

Prompting Best Practices

Choose the Right Interface

Section titled “Choose the Right Interface”
InterfaceBest For
Inline suggestions (Tab)Completing code snippets, variable names, repetitive blocks
Copilot ChatQuestions, generating larger sections, debugging
APEX AgentsMulti-step workflows, end-to-end projects

Break Down Complex Tasks

Section titled “Break Down Complex Tasks”

Do not ask for an entire solution in one prompt. Start with the business outcome, then iterate on specifics.

❌ Design the full platform for our new customer support product


✅ We're launching a customer support SaaS for mid-market retailers.
   Start with the core application stack:
   - Public web frontend for support agents and administrators
   - Private API layer for tickets, users, and reporting
   - Managed database for customer conversations and account data
   - No direct access from the frontend to the database


   (Then follow up: "Now add identity, role separation, monitoring,
   and backup requirements for production")

Be Specific About Requirements

Section titled “Be Specific About Requirements”
❌ Create a storage account


✅ Our e-commerce platform stores customer order documents that must be
   retained for 7 years (regulatory). We need:
   - Zone-redundant storage for durability
   - No public access (internal services only)
   - Soft delete enabled so ops can recover accidental deletions
   - HTTPS only, TLS 1.2 minimum
   Use Bicep with Azure Verified Modules.


✅ Our data analytics pipeline ingests CSV uploads from partner APIs.
   We need blob storage that:
   - Handles ~500 GB/month of incoming data
   - Automatically moves files older than 30 days to cool tier
   - Is accessible only from our processing VNet
   Use Terraform with Azure Verified Modules.

Provide Context in Your Prompts

Section titled “Provide Context in Your Prompts”

Include the business context, compliance requirements, and operational constraints — not just the resource type:

We're building the claims processing database for a healthcare insurer.


Business context:
- HIPAA-regulated environment, audit logging is mandatory
- 200 concurrent internal users, peak during open enrollment
- RPO < 1 hour, RTO < 4 hours (business continuity requirement)


Technical constraints:
- Region: swedencentral (EU data residency)
- Authentication: Azure AD only — no SQL credentials
- Naming follows our convention: sql-{projectName}-{environment}-{uniqueSuffix}


Create a Bicep module for Azure SQL Database that meets these requirements.

Use Chat Variables

Section titled “Use Chat Variables”
VariablePurposeExample
@workspaceSearch entire workspace@workspace Find all Key Vault references
#fileReference specific file#file:main.bicep Explain this module
#selectionCurrent selectionSelect code, then ask about it
#terminalLastCommandLast terminal output#terminalLastCommand Why did this fail?

Prompt Patterns

Section titled “Prompt Patterns”

Explain Then Generate:

Our team is new to private endpoints. First, explain the networking
concepts and security benefits for an App Service that serves an
internal HR portal. Then, create a Bicep module that implements
private endpoint access for the app.

Review Then Fix:

Our compliance team flagged this Bicep template before go-live.
Review it against:
1. HIPAA security requirements
2. Well-Architected Framework reliability pillar
3. Missing outputs our CI pipeline needs


Then provide a corrected version.

Compare Approaches:

We're deploying a containerised order-processing API.
Show two approaches:
1. Using native Bicep resources
2. Using Azure Verified Modules (AVM)


Compare cost, maintainability, and compliance coverage
for our PCI-DSS production workload.

Incremental Refinement:

Prompt 1: We need a VNet for our customer-facing web tier — create the base module
Prompt 2: Add network security rules — only HTTPS inbound, deny everything else
Prompt 3: Add diagnostic settings so the SOC team gets NSG flow logs
Prompt 4: Make the address space configurable — we have 3 environments

Anti-Patterns to Avoid

Section titled “Anti-Patterns to Avoid”
Anti-PatternProblemBetter Approach
”Generate everything”Output too broadBreak into business capabilities: networking, then identity, then monitoring
Accepting without reviewBugs, security issuesAlways run bicep lint / terraform validate and review for hardcoded secrets
Ignoring contextGeneric suggestionsOpen relevant files first, use @workspace and #file: references
One-shot complex promptsIncomplete outputIterate: start with the core use case, add compliance, add monitoring, add DR
Not providing examplesInconsistent formattingShow the naming pattern or module structure you want the agent to follow
Infrastructure-only asksMisses constraintsLead with who uses it, compliance needs, and SLAs — let the agent derive the infra

Always Validate AI Output

Section titled “Always Validate AI Output”
CheckWhy
API versions are recent (2023+)Older versions lack features
supportsHttpsTrafficOnly: trueSecurity baseline
minimumTlsVersion: 'TLS1_2'Compliance requirement
Unique names use uniqueString() / random_stringAvoid naming collisions
Outputs include both ID and nameDownstream modules need both
Terminal window
# Validate Bicep syntax
bicep build main.bicep


# Lint for best practices
bicep lint main.bicep


# Preview Bicep deployment
az deployment group what-if \
  --resource-group myRG \
  --template-file main.bicep


# Validate Terraform syntax
terraform fmt -check
terraform validate


# Lint Terraform with TFLint
tflint --init && tflint


# Preview Terraform deployment
terraform plan -out=tfplan