Skip to content

tkubica12/azdefender-demo

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

35 Commits
.github
.github
 
 
artifacts
artifacts
 
 
infra
infra
 
 
kubernetes
kubernetes
 
 
scripts
scripts
 
 
src
src
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
appDemo.md
appDemo.md
 
 
armInfra.json
armInfra.json
 
 
infraDemo.md
infraDemo.md
 
 

Repository files navigation

Azure Defender demo

This repo contains demo of Azure Defender features together with GitHub and Web Application Firewall.

Demos

After you setup environment follow guides to demonstrate capabilities.

Demonstrate Azure Defender infrastructure and container capabilities in guide.

Demonstrate Azure Defender, WAF and github application protection capabilities in guide.

Setup

Follow guide to setup your environment.

Identities and environment

Prepare identities and deploy environment. In future version of demo this will be replaced with managed identity.

# Prepare AAD identities
$spSqlEncrypt = New-AzADServicePrincipal -DisplayName tomasazdefender-sql-encrypt -SkipAssignment

    # $BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($spSqlEncrypt.Secret)
    # $spSqlEncryptSecret = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)
$spSqlEncryptAppId = $spSqlEncrypt.ApplicationId
$spSqlEncryptObjectId = $spSqlEncrypt.Id

$currentUserUPN = $(Get-AzContext).Account
$currentUserId = $(Get-AzADUser -UserPrincipalName $(Get-AzContext).Account).Id

# Deploy infrastructure
New-AzResourceGroup -Name azdefender -Location westeurope -Tag @{Owner="[email protected]"}

New-AzResourceGroupDeployment -Name azdefender-infra `
    -ResourceGroupName azdefender `
    -TemplateFile .\armInfra.json `
    -adminObjectId $currentUserId `
    -adminUpn $currentUserUPN `
    -spSqlEncryptObjectId $spSqlEncryptObjectId `
    -spSqlEncryptClientId $spSqlEncryptAppId `
    -spSqlEncryptClientSecret $spSqlEncrypt.Secret `
    -email tokubica@microsoft.com

Bicep preview Infastructure template is now also in infra folder using Bicep language. At this point it is equivalent to armInfra.json template, but moving forward I will do changes in Bicep version only.

To compile Bicep template to ARM template install Bicep CLI and run:

bicep compile main.bicep

Cleanup environment.

After demo destroy infrastructure and identities.

# Cleanup
Remove-AzADServicePrincipal -DisplayName tomasazdefender-sql-encrypt -Force
Remove-AzADApplication -DisplayName tomasazdefender-sql-encrypt -Force
Get-AzResourceLock -ResourceGroupName azdefender | Remove-AzResourceLock -Force
Remove-AzResourceGroup -Name azdefender -Force -AsJob

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

3 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages