Merge pull request #906 from Azure/safeenab786-patch-9

Create README.md

Powershell scripts/Enable AI Threat protection plan/Custom policy/custom_poicy_with_prompt_evidence.json

@@ -0,0 +1,125 @@
+{
+    "properties": {
+      "displayName": "Configure Microsoft Defender threat protection for AI workloads",
+      "policyType": "BuiltIn",
+      "mode": "All",
+      "description": "New capabilities are continuously being added to threat protection for AI workloads, which may require the user's explicit enablement. Use this policy to make sure all new capabilities will be enabled.",
+      "metadata": {
+        "version": "1.0.0",
+        "category": "Security Center"
+      },
+      "version": "1.0.0",
+      "parameters": {
+        "effect": {
+          "type": "string",
+          "defaultValue": "DeployIfNotExists",
+          "metadata": {
+            "displayName": "Effect",
+            "description": "Enable or disable the execution of the policy"
+          },
+          "allowedValues": [
+            "DeployIfNotExists",
+            "Disabled"
+          ]
+        },
+        "isAIPromptEvidenceEnabled": {
+          "type": "String",
+          "metadata": {
+            "displayName": "AI Prompt Evidence Enabled",
+            "description": "Controls the AI prompt evidence feature, which exposes the prompts passed between the user and the model for deeper analysis of AI-related alerts. The prompt snippets will include only segments of the user prompt or model response that were deemed suspicious and relevant for security classifications. While sensitive data or secrets are redacted, customer conversations may be deemed sensitive in nature. The evidence will be available through the Defender portal as part of each alert."
+          },
+          "allowedValues": [
+            "true",
+            "false"
+          ],
+          "defaultValue": "true"
+        }
+      },
+      "policyRule": {
+        "if": {
+          "field": "type",
+          "equals": "Microsoft.Resources/subscriptions"
+        },
+        "then": {
+          "effect": "[parameters('effect')]",
+          "details": {
+            "type": "Microsoft.Security/pricings",
+            "name": "AI",
+            "deploymentScope": "subscription",
+            "existenceScope": "subscription",
+            "roleDefinitionIds": [
+              "/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635"
+            ],
+            "existenceCondition": {
+              "allOf": [
+                {
+                  "field": "Microsoft.Security/pricings/pricingTier",
+                  "equals": "Standard"
+                },
+                {
+                  "count": {
+                    "field": "Microsoft.Security/pricings/extensions[*]",
+                    "where": {
+                      "allOf": [
+                        {
+                          "field": "Microsoft.Security/pricings/extensions[*].name",
+                          "equals": "AIPromptEvidence"
+                        },
+                        {
+                          "field": "Microsoft.Security/pricings/extensions[*].isEnabled",
+                          "equals": "[parameters('isAIPromptEvidenceEnabled')]"
+                        }
+                      ]
+                    }
+                  },
+                  "equals": 1
+                }
+              ]
+            },
+            "deployment": {
+              "location": "westeurope",
+              "properties": {
+                "mode": "incremental",
+                "parameters": {
+                  "isAIPromptEvidenceEnabled": {
+                    "value": "[parameters('isAIPromptEvidenceEnabled')]"
+                  }
+                },
+                "template": {
+                  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+                  "contentVersion": "1.0.0.0",
+                  "parameters": {
+                    "isAIPromptEvidenceEnabled": {
+                      "type": "String"
+                    }
+                  },
+                  "resources": [
+                    {
+                      "type": "Microsoft.Security/pricings",
+                      "apiVersion": "2023-01-01",
+                      "name": "AI",
+                      "properties": {
+                        "pricingTier": "Standard",
+                        "extensions": [
+                          {
+                            "name": "AIPromptEvidence",
+                            "isEnabled": "[parameters('isAIPromptEvidenceEnabled')]"
+                          }
+                        ]
+                      }
+                    }
+                  ]
+                }
+              }
+            }
+          }
+        }
+      },
+      "versions": [
+        "1.0.0"
+      ]
+    },
+    "id": "/providers/Microsoft.Authorization/policyDefinitions/359a48a3-351a-4618-bb32-f1628645694b",
+    "name": "359a48a3-351a-4618-bb32-f1628645694b"
+  }
+

Powershell scripts/Enable AI Threat protection plan/Custom policy/custom_policy_defender_for_ai.json

@@ -0,0 +1,61 @@
+{
+	"mode": "All",
+	"policyRule": {
+		"if": {
+			"field": "type",
+			"equals": "Microsoft.Resources/subscriptions"
+		},
+		"then": {
+			"effect": "[parameters('effect')]",
+			"details": {
+				"type": "Microsoft.Security/pricings",
+				"name": "AI",
+				"deploymentScope": "subscription",
+				"existenceScope": "subscription",
+				"roleDefinitionIds": [],
+				"existenceCondition": {
+					"field": "Microsoft.Security/pricings/pricingTier",
+					"equals": "Standard"
+				},
+				"deployment": {
+					"location": "westeurope",
+					"properties": {
+						"mode": "incremental",
+						"parameters": {},
+						"template": {
+							"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+							"contentVersion": "1.0.0.0",
+							"parameters": {},
+							"variables": {},
+							"resources": [
+								{
+									"type": "Microsoft.Security/pricings",
+									"apiVersion": "2023-01-01",
+									"name": "AI",
+									"properties": {
+										"pricingTier": "Standard"
+									}
+								}
+							],
+							"outputs": {}
+						}
+					}
+				}
+			}
+		}
+	},
+	"parameters": {
+		"effect": {
+			"type": "String",
+			"metadata": {
+				"displayName": "Effect",
+				"description": "Enable or disable the execution of the policy"
+			},
+			"allowedValues": [
+				"DeployIfNotExists",
+				"Disabled"
+			],
+			"defaultValue": "DeployIfNotExists"
+		}
+	}
+}

Powershell scripts/Enable AI Threat protection plan/Powershell scripts with AI extension/PromptEvidenceCSV.ps1

@@ -0,0 +1,74 @@
+param (
+    [string]$FilePath
+)
+
+# Function to print error and exit script
+function Throw-Error {
+    param (
+        [string]$ErrorMessage
+    )
+    Write-Error $ErrorMessage
+    exit 1
+}
+
+Write-Output "Starting script execution."
+
+# Check if the file path is provided
+Write-Output "Checking if file path is provided."
+if (-not $FilePath) {
+    Throw-Error "Error: No file path specified. Please provide the path to the subscription file."
+}
+Write-Output "File path provided: $FilePath"
+
+# Check if the file exists
+Write-Output "Checking if the specified file exists."
+if (-not (Test-Path -Path $FilePath)) {
+    Throw-Error "Error: The specified file '$FilePath' does not exist. Please provide a valid file path."
+}
+Write-Output "File exists: $FilePath"
+
+# Ensure the Azure CLI is installed
+Write-Output "Checking if Azure CLI is installed."
+if (-not (Get-Command az -ErrorAction SilentlyContinue)) {
+    Throw-Error "Error: Azure CLI (az) is not installed. Please install it from https://docs.microsoft.com/en-us/cli/azure/install-azure-cli."
+}
+Write-Output "Azure CLI is installed."
+
+# Authenticate with Azure
+Write-Output "Authenticating with Azure."
+az login
+
+# Read the subscriptions and their corresponding enable/disable flags from the file
+Write-Output "Reading subscriptions and isEnabled flags from the CSV file."
+$subscriptions = Import-Csv -Path $FilePath -Delimiter ',' -Header "subscriptionId", "isEnabled"
+
+if ($subscriptions.Count -eq 0) {
+    Throw-Error "Error: No subscriptions found in the specified file."
+}
+
+foreach ($entry in $subscriptions) {
+    $subscriptionId = $entry.'subscriptionId'
+    $isEnabled = $entry.'isEnabled'
+
+    if (-not $subscriptionId) {
+        Write-Error "Error: SubscriptionId is missing in one of the entries."
+        continue
+    }
+
+    try {
+        Write-Output "Setting context to subscription: $subscriptionId"
+        # Set the context to the current subscription
+        az account set --subscription $subscriptionId
+
+        Write-Output "Setting security pricing for subscription: $subscriptionId"
+        # Set the security pricing tier to standard for AI with the provided isEnabled value
+        az security pricing create -n AI --tier standard --extensions name=AIPromptEvidence isEnabled=$isEnabled
+
+        Write-Output "Successfully set security pricing for subscription: $subscriptionId with isEnabled=$isEnabled"
+    } catch {
+        Write-Error "Failed to set security pricing for subscription: $subscriptionId"
+        Write-Error $_.Exception.Message
+    }
+}
+
+Write-Output "Script execution completed."

Powershell scripts/Enable AI Threat protection plan/Powershell scripts with AI extension/PromptEvidenceTxt.ps1

@@ -0,0 +1,59 @@
+param (
+    [string]$FilePath
+)
+
+# Function to print error and exit script
+function Throw-Error {
+    param (
+        [string]$ErrorMessage
+    )
+    Write-Error $ErrorMessage
+    exit 1
+}
+
+Write-Output "Starting script execution."
+
+# Check if the file path is provided
+Write-Output "Checking if file path is provided."
+if (-not $FilePath) {
+    Throw-Error "Error: No file path specified. Please provide the path to the subscription file."
+}
+Write-Output "File path provided: $FilePath"
+
+# Check if the file exists
+Write-Output "Checking if the specified file exists."
+if (-not (Test-Path -Path $FilePath)) {
+    Throw-Error "Error: The specified file '$FilePath' does not exist. Please provide a valid file path."
+}
+Write-Output "File exists: $FilePath"
+
+# Ask the customer if they want to enable the feature
+$isEnabled = Read-Host "Do you want to enable the AI Prompt Evidence feature? Enter 'True' or 'False'"
+
+# Authenticate with Azure using Azure CLI
+Write-Output "Authenticating with Azure CLI."
+az login
+
+# Read the subscriptions from the file
+Write-Output "Reading subscriptions from the file."
+$subscriptions = Get-Content -Path $FilePath
+Write-Output "Subscriptions read: $($subscriptions -join ', ')"
+
+foreach ($subscription in $subscriptions) {
+    try {
+        Write-Output "Setting context to subscription: $subscription"
+        # Set the context to the current subscription
+        az account set --subscription $subscription
+
+        Write-Output "Setting security pricing for subscription: $subscription"
+        # Set the security pricing tier to standard for AI
+        az security pricing create -n AI --tier standard --extensions name=AIPromptEvidence isEnabled=$isEnabled
+
+        Write-Output "Successfully set security pricing for subscription: $subscription"
+    } catch {
+        Write-Error "Failed to set security pricing for subscription: $subscription"
+        Write-Error $_.Exception.Message
+    }
+}
+
+Write-Output "Script execution completed."

Powershell scripts/Enable AI Threat protection plan/Powershell scripts with AI extension/sample.csv

@@ -0,0 +1,2 @@
+e88893e3-9ff3-4998-a001-d93cd41e6711,FALSE
+808ea71a-9f48-4055-9ccb-9708069aba72,TRUE

Powershell scripts/Enable AI Threat protection plan/Powershell scripts with AI extension/sample2.txt

@@ -0,0 +1,2 @@
+e88893e3-9ff3-4998-a001-d93cd41e6711
+808ea71a-9f48-4055-9ccb-9708069aba72

Powershell scripts/Enable AI Threat protection plan/README.md

@@ -0,0 +1,33 @@
+# Enable AI workloads
+This script will help you activate the AI workloads plan in Microsoft Defender for Cloud. 
+
+## Description 
+
+
+There are three ways to activate AI workloads plan:
+
+1. Powershell 
+#### Example for Powershell command:
+
+```PowerShell
+Set-AzSecurityPricing -Name "AI" -PricingTier "Standard" -Extension '[{"name":"AIPromptEvidence","isEnabled":"True","additionalExtensionProperties":null}]'
+Set-AzSecurityPricing -Name "AI" -PricingTier "Standard" -Extension '[{"name":"AIPromptEvidence","isEnabled":"False","additionalExtensionProperties":null}]'
+```
+[Reference Documentation](https://learn.microsoft.com/en-us/powershell/module/az.security/set-azsecuritypricing?view=azps-12.2.0)
+
+2. Azure CLI 
+#### Example for Azure CLI:
+
+```CLI
+az security pricing create -n AI --tier standard --extensions name=AIPromptEvidence isEnabled=true
+az security pricing create -n AI --tier standard --extensions name=AIPromptEvidence isEnabled=false
+```
+[Reference Documentation](https://learn.microsoft.com/en-us/cli/azure/security/pricing?view=azure-cli-latest)
+
+3. Azure Policy
+
+Activate AI workloads plan using a built-in policy "Enable threat protection for AI worklaods" 
+
+#### Link
+The powershell script ready to use is posted in the following location:
+[https://github.com/Azure/Azure-Security-Center/tree/master/Powershell scripts](https://github.com/Azure/Azure-Security-Center/tree/master/Powershell%20scripts)