From 730279dcdfd17ce09244b87721c42172ddf87e83 Mon Sep 17 00:00:00 2001 From: Safeena <55896353+safeenab786@users.noreply.github.com> Date: Thu, 12 Sep 2024 12:10:58 -0700 Subject: [PATCH 1/9] Create README.md --- .../README.md | 33 +++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 Powershell scripts/Enable AI Threat protection plan/README.md diff --git a/Powershell scripts/Enable AI Threat protection plan/README.md b/Powershell scripts/Enable AI Threat protection plan/README.md new file mode 100644 index 000000000..be0a04f32 --- /dev/null +++ b/Powershell scripts/Enable AI Threat protection plan/README.md @@ -0,0 +1,33 @@ +# Enable AI workloads +This script will help you activate the AI workloads plan in Microsoft Defender for Cloud. + +## Description + + +There are three ways to activate AI workloads plan: + +1. Powershell +#### Example for Powershell command: + +```PowerShell +Set-AzSecurityPricing -Name "AI" -PricingTier "Standard" -Extension '[{"name":"AIPromptEvidence","isEnabled":"True","additionalExtensionProperties":null}]' +Set-AzSecurityPricing -Name "AI" -PricingTier "Standard" -Extension '[{"name":"AIPromptEvidence","isEnabled":"False","additionalExtensionProperties":null}]' +``` +[Reference Documentation](https://learn.microsoft.com/en-us/powershell/module/az.security/set-azsecuritypricing?view=azps-12.2.0) + +2. Azure CLI +#### Example for Azure CLI: + +```CLI +az security pricing create -n AI --tier standard --extensions name=AIPromptEvidence isEnabled=true +az security pricing create -n AI --tier standard --extensions name=AIPromptEvidence isEnabled=false +``` +[Reference Documentation](https://learn.microsoft.com/en-us/cli/azure/security/pricing?view=azure-cli-latest) + +3. Azure Policy + +Activate AI workloads plan using a built-in policy "Enable threat protection for AI worklaods" + +#### Link +The powershell script ready to use is posted in the following location: +[https://github.com/Azure/Azure-Security-Center/tree/master/Powershell scripts](https://github.com/Azure/Azure-Security-Center/tree/master/Powershell%20scripts) From c8a7895e1dd68dce947e4047644a1008d7eebd99 Mon Sep 17 00:00:00 2001 From: Safeena <55896353+safeenab786@users.noreply.github.com> Date: Thu, 12 Sep 2024 12:23:12 -0700 Subject: [PATCH 2/9] Create Powershell --- .../Powershell scripts with AI extension/Powershell | 1 + 1 file changed, 1 insertion(+) create mode 100644 Powershell scripts/Enable AI Threat protection plan/Powershell scripts with AI extension/Powershell diff --git a/Powershell scripts/Enable AI Threat protection plan/Powershell scripts with AI extension/Powershell b/Powershell scripts/Enable AI Threat protection plan/Powershell scripts with AI extension/Powershell new file mode 100644 index 000000000..8b1378917 --- /dev/null +++ b/Powershell scripts/Enable AI Threat protection plan/Powershell scripts with AI extension/Powershell @@ -0,0 +1 @@ + From 85734fd149973cd0542a4f6e83dbf2ecc0f08124 Mon Sep 17 00:00:00 2001 From: Safeena <55896353+safeenab786@users.noreply.github.com> Date: Thu, 12 Sep 2024 12:24:05 -0700 Subject: [PATCH 3/9] Add files via upload --- .../PromptEvidenceCSV.ps1 | 74 +++++++++++++++++++ .../PromptEvidenceTxt.ps1 | 59 +++++++++++++++ .../sample.csv | 2 + .../sample2.txt | 2 + 4 files changed, 137 insertions(+) create mode 100644 Powershell scripts/Enable AI Threat protection plan/Powershell scripts with AI extension/PromptEvidenceCSV.ps1 create mode 100644 Powershell scripts/Enable AI Threat protection plan/Powershell scripts with AI extension/PromptEvidenceTxt.ps1 create mode 100644 Powershell scripts/Enable AI Threat protection plan/Powershell scripts with AI extension/sample.csv create mode 100644 Powershell scripts/Enable AI Threat protection plan/Powershell scripts with AI extension/sample2.txt diff --git a/Powershell scripts/Enable AI Threat protection plan/Powershell scripts with AI extension/PromptEvidenceCSV.ps1 b/Powershell scripts/Enable AI Threat protection plan/Powershell scripts with AI extension/PromptEvidenceCSV.ps1 new file mode 100644 index 000000000..bb825c022 --- /dev/null +++ b/Powershell scripts/Enable AI Threat protection plan/Powershell scripts with AI extension/PromptEvidenceCSV.ps1 @@ -0,0 +1,74 @@ +param ( + [string]$FilePath +) + +# Function to print error and exit script +function Throw-Error { + param ( + [string]$ErrorMessage + ) + Write-Error $ErrorMessage + exit 1 +} + +Write-Output "Starting script execution." + +# Check if the file path is provided +Write-Output "Checking if file path is provided." +if (-not $FilePath) { + Throw-Error "Error: No file path specified. Please provide the path to the subscription file." +} +Write-Output "File path provided: $FilePath" + +# Check if the file exists +Write-Output "Checking if the specified file exists." +if (-not (Test-Path -Path $FilePath)) { + Throw-Error "Error: The specified file '$FilePath' does not exist. Please provide a valid file path." +} +Write-Output "File exists: $FilePath" + +# Ensure the Azure CLI is installed +Write-Output "Checking if Azure CLI is installed." +if (-not (Get-Command az -ErrorAction SilentlyContinue)) { + Throw-Error "Error: Azure CLI (az) is not installed. Please install it from https://docs.microsoft.com/en-us/cli/azure/install-azure-cli." +} +Write-Output "Azure CLI is installed." + +# Authenticate with Azure +Write-Output "Authenticating with Azure." +az login + +# Read the subscriptions and their corresponding enable/disable flags from the file +Write-Output "Reading subscriptions and isEnabled flags from the CSV file." +$subscriptions = Import-Csv -Path $FilePath -Delimiter ',' -Header "subscriptionId", "isEnabled" + +if ($subscriptions.Count -eq 0) { + Throw-Error "Error: No subscriptions found in the specified file." +} + +foreach ($entry in $subscriptions) { + $subscriptionId = $entry.'subscriptionId' + $isEnabled = $entry.'isEnabled' + + if (-not $subscriptionId) { + Write-Error "Error: SubscriptionId is missing in one of the entries." + continue + } + + try { + Write-Output "Setting context to subscription: $subscriptionId" + # Set the context to the current subscription + az account set --subscription $subscriptionId + + Write-Output "Setting security pricing for subscription: $subscriptionId" + # Set the security pricing tier to standard for AI with the provided isEnabled value + az security pricing create -n AI --tier standard --extensions name=AIPromptEvidence isEnabled=$isEnabled + + Write-Output "Successfully set security pricing for subscription: $subscriptionId with isEnabled=$isEnabled" + } catch { + Write-Error "Failed to set security pricing for subscription: $subscriptionId" + Write-Error $_.Exception.Message + } +} + +Write-Output "Script execution completed." diff --git a/Powershell scripts/Enable AI Threat protection plan/Powershell scripts with AI extension/PromptEvidenceTxt.ps1 b/Powershell scripts/Enable AI Threat protection plan/Powershell scripts with AI extension/PromptEvidenceTxt.ps1 new file mode 100644 index 000000000..b5f52ed37 --- /dev/null +++ b/Powershell scripts/Enable AI Threat protection plan/Powershell scripts with AI extension/PromptEvidenceTxt.ps1 @@ -0,0 +1,59 @@ +param ( + [string]$FilePath +) + +# Function to print error and exit script +function Throw-Error { + param ( + [string]$ErrorMessage + ) + Write-Error $ErrorMessage + exit 1 +} + +Write-Output "Starting script execution." + +# Check if the file path is provided +Write-Output "Checking if file path is provided." +if (-not $FilePath) { + Throw-Error "Error: No file path specified. Please provide the path to the subscription file." +} +Write-Output "File path provided: $FilePath" + +# Check if the file exists +Write-Output "Checking if the specified file exists." +if (-not (Test-Path -Path $FilePath)) { + Throw-Error "Error: The specified file '$FilePath' does not exist. Please provide a valid file path." +} +Write-Output "File exists: $FilePath" + +# Ask the customer if they want to enable the feature +$isEnabled = Read-Host "Do you want to enable the AI Prompt Evidence feature? Enter 'True' or 'False'" + +# Authenticate with Azure using Azure CLI +Write-Output "Authenticating with Azure CLI." +az login + +# Read the subscriptions from the file +Write-Output "Reading subscriptions from the file." +$subscriptions = Get-Content -Path $FilePath +Write-Output "Subscriptions read: $($subscriptions -join ', ')" + +foreach ($subscription in $subscriptions) { + try { + Write-Output "Setting context to subscription: $subscription" + # Set the context to the current subscription + az account set --subscription $subscription + + Write-Output "Setting security pricing for subscription: $subscription" + # Set the security pricing tier to standard for AI + az security pricing create -n AI --tier standard --extensions name=AIPromptEvidence isEnabled=$isEnabled + + Write-Output "Successfully set security pricing for subscription: $subscription" + } catch { + Write-Error "Failed to set security pricing for subscription: $subscription" + Write-Error $_.Exception.Message + } +} + +Write-Output "Script execution completed." diff --git a/Powershell scripts/Enable AI Threat protection plan/Powershell scripts with AI extension/sample.csv b/Powershell scripts/Enable AI Threat protection plan/Powershell scripts with AI extension/sample.csv new file mode 100644 index 000000000..0e58627f9 --- /dev/null +++ b/Powershell scripts/Enable AI Threat protection plan/Powershell scripts with AI extension/sample.csv @@ -0,0 +1,2 @@ +e88893e3-9ff3-4998-a001-d93cd41e6711,FALSE +808ea71a-9f48-4055-9ccb-9708069aba72,TRUE diff --git a/Powershell scripts/Enable AI Threat protection plan/Powershell scripts with AI extension/sample2.txt b/Powershell scripts/Enable AI Threat protection plan/Powershell scripts with AI extension/sample2.txt new file mode 100644 index 000000000..546211c33 --- /dev/null +++ b/Powershell scripts/Enable AI Threat protection plan/Powershell scripts with AI extension/sample2.txt @@ -0,0 +1,2 @@ +e88893e3-9ff3-4998-a001-d93cd41e6711 +808ea71a-9f48-4055-9ccb-9708069aba72 From 547a7659ea52f02bc9be016e57e626084f4d294b Mon Sep 17 00:00:00 2001 From: Safeena <55896353+safeenab786@users.noreply.github.com> Date: Thu, 12 Sep 2024 12:25:12 -0700 Subject: [PATCH 4/9] Delete Powershell scripts/Enable AI Threat protection plan/Powershell scripts with AI extension/Powershell --- .../Powershell scripts with AI extension/Powershell | 1 - 1 file changed, 1 deletion(-) delete mode 100644 Powershell scripts/Enable AI Threat protection plan/Powershell scripts with AI extension/Powershell diff --git a/Powershell scripts/Enable AI Threat protection plan/Powershell scripts with AI extension/Powershell b/Powershell scripts/Enable AI Threat protection plan/Powershell scripts with AI extension/Powershell deleted file mode 100644 index 8b1378917..000000000 --- a/Powershell scripts/Enable AI Threat protection plan/Powershell scripts with AI extension/Powershell +++ /dev/null @@ -1 +0,0 @@ - From 7e07d311de4b21499ac02e6ac271c2e6dd13c0c3 Mon Sep 17 00:00:00 2001 From: Safeena <55896353+safeenab786@users.noreply.github.com> Date: Thu, 12 Sep 2024 12:27:20 -0700 Subject: [PATCH 5/9] Create Custom Policy --- .../Enable AI Threat protection plan/Custom Policy | 1 + 1 file changed, 1 insertion(+) create mode 100644 Powershell scripts/Enable AI Threat protection plan/Custom Policy diff --git a/Powershell scripts/Enable AI Threat protection plan/Custom Policy b/Powershell scripts/Enable AI Threat protection plan/Custom Policy new file mode 100644 index 000000000..8b1378917 --- /dev/null +++ b/Powershell scripts/Enable AI Threat protection plan/Custom Policy @@ -0,0 +1 @@ + From 1a55c1d1e83cdedb92b3b0b8bedf81cabd961f77 Mon Sep 17 00:00:00 2001 From: Safeena <55896353+safeenab786@users.noreply.github.com> Date: Thu, 12 Sep 2024 12:27:39 -0700 Subject: [PATCH 6/9] Delete Powershell scripts/Enable AI Threat protection plan/Custom Policy --- .../Enable AI Threat protection plan/Custom Policy | 1 - 1 file changed, 1 deletion(-) delete mode 100644 Powershell scripts/Enable AI Threat protection plan/Custom Policy diff --git a/Powershell scripts/Enable AI Threat protection plan/Custom Policy b/Powershell scripts/Enable AI Threat protection plan/Custom Policy deleted file mode 100644 index 8b1378917..000000000 --- a/Powershell scripts/Enable AI Threat protection plan/Custom Policy +++ /dev/null @@ -1 +0,0 @@ - From 5c5ebf1d6038642af4941c0c53c65e4bd615a032 Mon Sep 17 00:00:00 2001 From: Safeena <55896353+safeenab786@users.noreply.github.com> Date: Thu, 12 Sep 2024 12:28:55 -0700 Subject: [PATCH 7/9] Create custom_policy_with_prompt --- .../Custom policy/custom_policy_with_prompt | 1 + 1 file changed, 1 insertion(+) create mode 100644 Powershell scripts/Enable AI Threat protection plan/Custom policy/custom_policy_with_prompt diff --git a/Powershell scripts/Enable AI Threat protection plan/Custom policy/custom_policy_with_prompt b/Powershell scripts/Enable AI Threat protection plan/Custom policy/custom_policy_with_prompt new file mode 100644 index 000000000..8b1378917 --- /dev/null +++ b/Powershell scripts/Enable AI Threat protection plan/Custom policy/custom_policy_with_prompt @@ -0,0 +1 @@ + From b068d93acf75b9cf09b55adeaedbe883b4712367 Mon Sep 17 00:00:00 2001 From: Safeena <55896353+safeenab786@users.noreply.github.com> Date: Thu, 12 Sep 2024 12:29:33 -0700 Subject: [PATCH 8/9] Add files via upload --- .../custom_poicy_with_prompt_evidence.json | 125 ++++++++++++++++++ .../custom_policy_defender_for_ai.json | 61 +++++++++ 2 files changed, 186 insertions(+) create mode 100644 Powershell scripts/Enable AI Threat protection plan/Custom policy/custom_poicy_with_prompt_evidence.json create mode 100644 Powershell scripts/Enable AI Threat protection plan/Custom policy/custom_policy_defender_for_ai.json diff --git a/Powershell scripts/Enable AI Threat protection plan/Custom policy/custom_poicy_with_prompt_evidence.json b/Powershell scripts/Enable AI Threat protection plan/Custom policy/custom_poicy_with_prompt_evidence.json new file mode 100644 index 000000000..f4a42a9f4 --- /dev/null +++ b/Powershell scripts/Enable AI Threat protection plan/Custom policy/custom_poicy_with_prompt_evidence.json @@ -0,0 +1,125 @@ +{ + "properties": { + "displayName": "Configure Microsoft Defender threat protection for AI workloads", + "policyType": "BuiltIn", + "mode": "All", + "description": "New capabilities are continuously being added to threat protection for AI workloads, which may require the user's explicit enablement. Use this policy to make sure all new capabilities will be enabled.", + "metadata": { + "version": "1.0.0", + "category": "Security Center" + }, + "version": "1.0.0", + "parameters": { + "effect": { + "type": "string", + "defaultValue": "DeployIfNotExists", + "metadata": { + "displayName": "Effect", + "description": "Enable or disable the execution of the policy" + }, + "allowedValues": [ + "DeployIfNotExists", + "Disabled" + ] + }, + "isAIPromptEvidenceEnabled": { + "type": "String", + "metadata": { + "displayName": "AI Prompt Evidence Enabled", + "description": "Controls the AI prompt evidence feature, which exposes the prompts passed between the user and the model for deeper analysis of AI-related alerts. The prompt snippets will include only segments of the user prompt or model response that were deemed suspicious and relevant for security classifications. While sensitive data or secrets are redacted, customer conversations may be deemed sensitive in nature. The evidence will be available through the Defender portal as part of each alert." + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true" + } + }, + "policyRule": { + "if": { + "field": "type", + "equals": "Microsoft.Resources/subscriptions" + }, + "then": { + "effect": "[parameters('effect')]", + "details": { + "type": "Microsoft.Security/pricings", + "name": "AI", + "deploymentScope": "subscription", + "existenceScope": "subscription", + "roleDefinitionIds": [ + "/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635" + ], + "existenceCondition": { + "allOf": [ + { + "field": "Microsoft.Security/pricings/pricingTier", + "equals": "Standard" + }, + { + "count": { + "field": "Microsoft.Security/pricings/extensions[*]", + "where": { + "allOf": [ + { + "field": "Microsoft.Security/pricings/extensions[*].name", + "equals": "AIPromptEvidence" + }, + { + "field": "Microsoft.Security/pricings/extensions[*].isEnabled", + "equals": "[parameters('isAIPromptEvidenceEnabled')]" + } + ] + } + }, + "equals": 1 + } + ] + }, + "deployment": { + "location": "westeurope", + "properties": { + "mode": "incremental", + "parameters": { + "isAIPromptEvidenceEnabled": { + "value": "[parameters('isAIPromptEvidenceEnabled')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "isAIPromptEvidenceEnabled": { + "type": "String" + } + }, + "resources": [ + { + "type": "Microsoft.Security/pricings", + "apiVersion": "2023-01-01", + "name": "AI", + "properties": { + "pricingTier": "Standard", + "extensions": [ + { + "name": "AIPromptEvidence", + "isEnabled": "[parameters('isAIPromptEvidenceEnabled')]" + } + ] + } + } + ] + } + } + } + } + } + }, + "versions": [ + "1.0.0" + ] + }, + "id": "/providers/Microsoft.Authorization/policyDefinitions/359a48a3-351a-4618-bb32-f1628645694b", + "name": "359a48a3-351a-4618-bb32-f1628645694b" + } + \ No newline at end of file diff --git a/Powershell scripts/Enable AI Threat protection plan/Custom policy/custom_policy_defender_for_ai.json b/Powershell scripts/Enable AI Threat protection plan/Custom policy/custom_policy_defender_for_ai.json new file mode 100644 index 000000000..3053e631e --- /dev/null +++ b/Powershell scripts/Enable AI Threat protection plan/Custom policy/custom_policy_defender_for_ai.json @@ -0,0 +1,61 @@ +{ + "mode": "All", + "policyRule": { + "if": { + "field": "type", + "equals": "Microsoft.Resources/subscriptions" + }, + "then": { + "effect": "[parameters('effect')]", + "details": { + "type": "Microsoft.Security/pricings", + "name": "AI", + "deploymentScope": "subscription", + "existenceScope": "subscription", + "roleDefinitionIds": [], + "existenceCondition": { + "field": "Microsoft.Security/pricings/pricingTier", + "equals": "Standard" + }, + "deployment": { + "location": "westeurope", + "properties": { + "mode": "incremental", + "parameters": {}, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": {}, + "variables": {}, + "resources": [ + { + "type": "Microsoft.Security/pricings", + "apiVersion": "2023-01-01", + "name": "AI", + "properties": { + "pricingTier": "Standard" + } + } + ], + "outputs": {} + } + } + } + } + } + }, + "parameters": { + "effect": { + "type": "String", + "metadata": { + "displayName": "Effect", + "description": "Enable or disable the execution of the policy" + }, + "allowedValues": [ + "DeployIfNotExists", + "Disabled" + ], + "defaultValue": "DeployIfNotExists" + } + } +} \ No newline at end of file From f6361f884e23ea86676b2385a3dcec95cae5e025 Mon Sep 17 00:00:00 2001 From: Safeena <55896353+safeenab786@users.noreply.github.com> Date: Thu, 12 Sep 2024 12:30:07 -0700 Subject: [PATCH 9/9] Delete Powershell scripts/Enable AI Threat protection plan/Custom policy/custom_policy_with_prompt --- .../Custom policy/custom_policy_with_prompt | 1 - 1 file changed, 1 deletion(-) delete mode 100644 Powershell scripts/Enable AI Threat protection plan/Custom policy/custom_policy_with_prompt diff --git a/Powershell scripts/Enable AI Threat protection plan/Custom policy/custom_policy_with_prompt b/Powershell scripts/Enable AI Threat protection plan/Custom policy/custom_policy_with_prompt deleted file mode 100644 index 8b1378917..000000000 --- a/Powershell scripts/Enable AI Threat protection plan/Custom policy/custom_policy_with_prompt +++ /dev/null @@ -1 +0,0 @@ -