├── .github
    └── workflows
    │   ├── deploy.yml
    │   └── destroy.yml
├── LICENSE
├── README.md
├── main.bicep
└── main.bicepparam


/.github/workflows/deploy.yml:
--------------------------------------------------------------------------------
 1 | name: Deploy Resources
 2 | 
 3 | on:
 4 |   workflow_dispatch: # Allows you to run the workflow manually
 5 |   schedule:
 6 |     - cron: '0 8 * * 1-5' # Runs at 8 AM UTC, Monday to Friday
 7 | 
 8 | jobs:
 9 |   deploy:
10 |     runs-on: ubuntu-latest
11 |     steps:
12 |     - name: Checkout code
13 |       uses: actions/checkout@v2
14 | 
15 |     - name: Login to Azure
16 |       uses: azure/login@v1
17 |       with:
18 |         creds: ${{ secrets.AZURE_CREDENTIALS }}
19 | 
20 |     - name: Deploy Bicep template
21 |       run: |
22 |         az deployment group create --name CopilotDeployment --resource-group CopilotTest --template-file ./main.bicep --parameters ./main.bicepparam
23 | 


--------------------------------------------------------------------------------
/.github/workflows/destroy.yml:
--------------------------------------------------------------------------------
 1 | name: Destroy Resources
 2 | 
 3 | on:
 4 |   workflow_dispatch: # Allows you to run the workflow manually
 5 |   schedule:
 6 |     - cron: '0 17 * * 1-5' # Runs at 5 PM UTC, Monday to Friday
 7 | 
 8 | jobs:
 9 |   destroy:
10 |     runs-on: ubuntu-latest
11 |     steps:
12 |     - name: Checkout code
13 |       uses: actions/checkout@v2
14 | 
15 |     - name: Login to Azure
16 |       uses: azure/login@v1
17 |       with:
18 |         creds: ${{ secrets.AZURE_CREDENTIALS }}
19 | 
20 |     - name: Destroy Resource Group
21 |       run: |
22 |         az group delete --name CopilotTest --yes --no-wait
23 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2024 Pierre Thoor
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # Microsoft Copilot for Security
 2 | 
 3 | This repository contains an Azure Bicep file for deploying a `Microsoft.SecurityCopilot/capacities` resource, along with GitHub Actions workflows for automated deployment and destruction of resources.
 4 | 
 5 | ## Azure Bicep
 6 | 
 7 | The `main.bicep` file in this repository deploys a `Microsoft.SecurityCopilot/capacities` resource with the following properties:
 8 | 
 9 | - `capacityName`: The name of the capacity.
10 | - `geo`: The geographical location code. This can be one of the following: 'EU', 'ANZ', 'US', 'UK'.
11 | - `location`: The Azure location is automatically filled in and determined when you choose `geo` (geographical location), see bicep code for logic.
12 | - `numberOfUnits`: The number of units.
13 | - `crossGeoCompute`: Whether cross-geo compute is allowed. This can be either 'Allowed' or 'NotAllowed'.
14 | 
15 | The `main.bicepparam` file contains the parameter values for the `main.bicep` file. You can update the parameter values in this file as necessary.
16 | 
17 | ## GitHub Actions
18 | 
19 | There are two GitHub Actions workflows in this repository:
20 | 
21 | 1. **Deployment Workflow (`deploy.yml`)**: This workflow deploys the Bicep file to Azure. It runs at 8 AM UTC from Monday to Friday.
22 | 
23 | 2. **Destruction Workflow (`destroy.yml`)**: This workflow destroys the deployed resources by deleting the resource group in Azure. It runs at 5 PM UTC from Monday to Friday.
24 | 
25 | ## Usage
26 | 
27 | To use this repository, you need to do the following:
28 | 
29 | 1. Fork this repository to your own GitHub account.
30 | 2. Set up your Azure credentials as a secret in your GitHub repository. You can do this in the repository settings under the "Secrets and variables" section.
31 |   - Run the following command in Cloud Shell or another PowerShell window with right permissions to create a Service Principal with **Contributor** rights.
32 |   `az ad sp create-for-rbac --name {app-name} --role contributor --scopes /subscriptions/{subscription-id}/resourceGroups/exampleRG --json-auth` 
33 |   - Copy the output and then paste it in the **Value** section when you are creating the new secret in GitHub Actions.
34 | 3. Update the parameters in the `main.bicepparam` file and the GitHub Actions workflows as necessary.
35 | 
36 | Please note that deleting a resource group will delete all resources within that group. Make sure this is what you want before running the destruction workflow.
37 | 
38 | ## Contributing
39 | 
40 | Contributions are welcome! Please feel free to submit a pull request.
41 | 
42 | ## License
43 | 
44 | This project is licensed under the terms of the MIT license.
45 | 


--------------------------------------------------------------------------------
/main.bicep:
--------------------------------------------------------------------------------
 1 | targetScope = 'resourceGroup'
 2 | 
 3 | @minLength(3)
 4 | @maxLength(63)
 5 | param capacityName string
 6 | 
 7 | var uniqueStringNoHyphens = replace(uniqueString(resourceGroup().id), '-', '')
 8 | var uniqueCapacityName = '${toLower(capacityName)}${uniqueStringNoHyphens}'
 9 | 
10 | @allowed([
11 |     'EU'
12 |     'ANZ'
13 |     'US'
14 |     'UK'
15 | ])
16 | param geo string
17 | 
18 | var locationMap = {
19 |   EU: 'westeurope'
20 |   ANZ: 'australiaeast'
21 |   US: 'eastus'
22 |   UK: 'uksouth'
23 | }
24 | 
25 | var location = contains(locationMap, geo) ? locationMap[geo] : 'defaultlocation'
26 | 
27 | param numberOfUnits int
28 | 
29 | @allowed([
30 |     'NotAllowed'
31 |     'Allowed'
32 | ])
33 | param crossGeoCompute string
34 | 
35 | resource Copilot 'Microsoft.SecurityCopilot/capacities@2023-12-01-preview' = {
36 |     name: uniqueCapacityName
37 |     location: location
38 |     properties: {
39 |         numberOfUnits: numberOfUnits
40 |         crossGeoCompute: crossGeoCompute
41 |         geo: geo
42 |     }
43 | }
44 | 


--------------------------------------------------------------------------------
/main.bicepparam:
--------------------------------------------------------------------------------
1 | using 'main.bicep'
2 | 
3 | param capacityName = 'thoorcopilot'
4 | param geo = 'EU'
5 | param numberOfUnits = 1
6 | param crossGeoCompute = 'NotAllowed'
7 | 


--------------------------------------------------------------------------------