Hands On Lab #162
Hands On Lab #162
Conversation
There was a problem hiding this comment.
Copilot reviewed 114 out of 127 changed files in this pull request and generated 11 comments.
Files not reviewed (13)
- Hands-On-Lab/Images/toDelete: Language not supported
- Hands-On-Lab/Modules/CfSLogicAppTemplate.json: Language not supported
- Hands-On-Lab/Modules/ResumeLab.md: Evaluated as low risk
- Hands-On-Lab/Modules/Module-5-Generating-KQL-queries.md: Evaluated as low risk
- Hands-On-Lab/Modules/Module-8-Automation-with-Logic-Apps.md: Evaluated as low risk
- Hands-On-Lab/Modules/Module-1-Setting-up-the-environment.md: Evaluated as low risk
- Hands-On-Lab/Modules/Deleting-SCU.md: Evaluated as low risk
- Hands-On-Lab/Modules/Module-6-Knowledge-base-in-Copilot-for-Security.md: Evaluated as low risk
- Hands-On-Lab/Modules/AdditionalSCUs.md: Evaluated as low risk
- Hands-On-Lab/README.md: Evaluated as low risk
- Hands-On-Lab/Modules/Module-9-Embedded-Features-in-Microsoft-Defender.md: Evaluated as low risk
- Hands-On-Lab/Modules/Module-10-eDiscovery-Search-in-Microsoft-Purview.md: Evaluated as low risk
- Hands-On-Lab/Modules/Module-3-Threat-intelligence-scenarios.md: Evaluated as low risk
Comments suppressed due to low confidence (6)
Hands-On-Lab/Modules/Module-2-Script-analysis.md:113
- The prompt '/summarizedata' should follow camelCase convention and be '/summarizeData'.
/summarizedata Prepare a report summarizing the investigation for a technical audience.
Hands-On-Lab/Modules/Module-11-Embedded-Features-in-Microsoft-Intune.md:79
- The capitalization of 'Policy' is inconsistent. It should be 'policy'.
Let’s choose to build a new Policy by clicking 'Create'. Then click 'New Policy'
Hands-On-Lab/Modules/Module-11-Embedded-Features-in-Microsoft-Intune.md:85
- The capitalization of 'next' is inconsistent. It should be 'Next'.
Let’s give it a name and click 'next'
Hands-On-Lab/Modules/Module-11-Embedded-Features-in-Microsoft-Intune.md:92
- The phrase 'Click select all these settings' should be 'Click 'Select all these settings'.
Click select all these settings
Hands-On-Lab/Modules/Module-11-Embedded-Features-in-Microsoft-Intune.md:124
- The phrase 'to add processes' should be 'to add more processes'.
You can also choose to add processes.
Hands-On-Lab/Modules/Module-11-Embedded-Features-in-Microsoft-Intune.md:128
- The phrase 'on the endpoint' should be 'on the endpoint device'.
You will see the results of what is running on the endpoint.
| 1. **Simulate Real-World Incidents:** | ||
| - The lab uses pre-recorded data ingested into custom log tables to simulate real-world incidents. | ||
| - The data includes logs from various sources like SecurityEvent_CL, SigninLogs_CL, and OfficeActivity_CL. | ||
| - In this case it will simulate Real world incidents with Dummy data that we will use in our Exercise, you can check this by going to the Incidents tab on your sentinel workspace , and you will see 3 incidents (**please note this will only be visibile if the lab has succesffully be installed**) |
There was a problem hiding this comment.
The word 'visibile' is misspelled. It should be 'visible'.
| - In this case it will simulate Real world incidents with Dummy data that we will use in our Exercise, you can check this by going to the Incidents tab on your sentinel workspace , and you will see 3 incidents (**please note this will only be visibile if the lab has succesffully be installed**) | |
| - In this case it will simulate Real world incidents with Dummy data that we will use in our Exercise, you can check this by going to the Incidents tab on your sentinel workspace , and you will see 3 incidents (**please note this will only be visible if the lab has succesffully be installed**) |
Copilot is powered by AI, so mistakes are possible. Review output carefully before use.
| [](../Images/Sentinel2.png) | ||
| - Next , you will be required to Set up a Microsoft Sentinel Workspace , proceed to click and add details for your workspace ( Name resource group etc) | ||
| [](../Images/Sentinelprompt2.png) | ||
| - Once you have added the details , Click on create and this will confirm the set up ( **please note that when you activate it, it will enable a free trial for 30 days that should suffice for the lab exercises** |
There was a problem hiding this comment.
Missing period at the end of the sentence.
| - Once you have added the details , Click on create and this will confirm the set up ( **please note that when you activate it, it will enable a free trial for 30 days that should suffice for the lab exercises** | |
| - Once you have added the details , Click on create and this will confirm the set up ( **please note that when you activate it, it will enable a free trial for 30 days that should suffice for the lab exercises**. |
Copilot is powered by AI, so mistakes are possible. Review output carefully before use.
|
|
||
| ### Prerequisites | ||
|
|
||
| You must have completed Module 1 or have an exisiting instance of Copilot For Security installed. If you do not have a working instance of Copilot for Security please click [click here to complete Module 1](..Modules/Module-1-Setting-up-the-the-environment.md#module-1---setting-up-the-environment). |
There was a problem hiding this comment.
The word 'exisiting' is misspelled. It should be 'existing'.
| You must have completed Module 1 or have an exisiting instance of Copilot For Security installed. If you do not have a working instance of Copilot for Security please click [click here to complete Module 1](..Modules/Module-1-Setting-up-the-the-environment.md#module-1---setting-up-the-environment). | |
| You must have completed Module 1 or have an existing instance of Copilot For Security installed. If you do not have a working instance of Copilot for Security please click [click here to complete Module 1](..Modules/Module-1-Setting-up-the-the-environment.md#module-1---setting-up-the-environment). |
Copilot is powered by AI, so mistakes are possible. Review output carefully before use.
|
|
||
| ### Items to note | ||
|
|
||
| Throughout the exercises during this hands on lab you will notice some prompts will start with **"/AskGPT"**. This is an important skill which instructs the Copilot for Security to bypass any plugins and to use the underlying GPT engine to respond with an answer. This skill can be used when trying to ask generic questions which do not require a specific plugin. For example, **"/AskGPT"** based on the previous response please could you extract all the IP addresses from the summary". |
There was a problem hiding this comment.
[nitpick] The sentence is unclear. It should be 'based on the previous response, please extract all the IP addresses from the summary.'
| Throughout the exercises during this hands on lab you will notice some prompts will start with **"/AskGPT"**. This is an important skill which instructs the Copilot for Security to bypass any plugins and to use the underlying GPT engine to respond with an answer. This skill can be used when trying to ask generic questions which do not require a specific plugin. For example, **"/AskGPT"** based on the previous response please could you extract all the IP addresses from the summary". | |
| For example, **"/AskGPT"** based on the previous response, please extract all the IP addresses from the summary". |
Copilot is powered by AI, so mistakes are possible. Review output carefully before use.
| </p></p> | ||
| <img width="407" alt="Intune5" src="https://github.com/user-attachments/assets/81baa3f5-7828-4bbe-b185-c750680e8595"> | ||
| </p></p> | ||
| 5: Let’s try out "Summarize this device". It should take a few seconds and generate a nice summary of the current state of this device. Noice there are other options on the bottom such as seeing what is installed on this device. |
There was a problem hiding this comment.
The word 'Noice' is misspelled. It should be 'Notice'.
| 5: Let’s try out "Summarize this device". It should take a few seconds and generate a nice summary of the current state of this device. Noice there are other options on the bottom such as seeing what is installed on this device. | |
| 5: Let’s try out "Summarize this device". It should take a few seconds and generate a nice summary of the current state of this device. Notice there are other options on the bottom such as seeing what is installed on this device. |
Copilot is powered by AI, so mistakes are possible. Review output carefully before use.
| </p></p> | ||
| <img width="431" alt="Intune9" src="https://github.com/user-attachments/assets/c6bbed87-d807-4ba3-add3-f85551b0b241"> | ||
| </p></p> | ||
| 9: When you submit an error code, you will get a quick explanation of what it is. This is a much better approach to understanding error messages vs searching the Internet for an explanation. |
There was a problem hiding this comment.
The phrase 'vs searching the Internet' should be 'compared to searching the Internet'.
Copilot is powered by AI, so mistakes are possible. Review output carefully before use.
| 17: Now you will see the Configuration settings options. Click +Add settings. This will bring up the Settings picker. Within that, choose Microsoft Edge, then from that drop down choose Application Guard settings. Click select all these settings. | ||
| </p></p> | ||
| <img width="953" alt="Intune18" src="https://github.com/user-attachments/assets/ae345740-fd75-462c-ac15-90aab6b82df9"> | ||
| 18: Click the X on the top corner to close the popup. You will see more Application Guard settings. A common challenge is understanding what all these configuration settings mean. You can click on the Security Copilot button to get a explaining of what the setting means. For example, I’m looking at what Application Guard Container Proxy means. On the right, a pop up comes up explaining all the details of what this configuration setting can do. |
There was a problem hiding this comment.
The phrase 'to get a explaining' is grammatically incorrect. It should be 'to get an explanation'.
Copilot is powered by AI, so mistakes are possible. Review output carefully before use.
| </p></p> | ||
| <h2>Exercise 5: Summarize More Details</h2> | ||
| </p></p> | ||
| 19: Now let’s close that popup and go back to Devices. Another point to explore how AI can summarize different configuration settings within Microsoft Intune. Click a device and select a policy configuration to explain. I'll pick an example of Purview Edge browser extension. You can pick any one you have within your environment. |
There was a problem hiding this comment.
The sentence 'Another point to explore how AI can summarize' is incomplete. It should be 'Another point is to explore how AI can summarize'.
Copilot is powered by AI, so mistakes are possible. Review output carefully before use.
| </p></p> | ||
| <img width="776" alt="Intune24" src="https://github.com/user-attachments/assets/ffeac6b3-7a40-44d7-94da-5845e73667a7"> | ||
| </p></p> | ||
| You will see options to query Copilot against. For example, I'll choose "show me all active processes". |
There was a problem hiding this comment.
The phrase 'to query Copilot against' should be 'to query Copilot with'.
Copilot is powered by AI, so mistakes are possible. Review output carefully before use.
|
|
||
|  | ||
|
|
||
| *Expectation: Explanation of the CVE with no techincal details.* |
There was a problem hiding this comment.
The word 'techincal' is misspelled. It should be 'technical'.
| *Expectation: Explanation of the CVE with no techincal details.* | |
| *Expectation: Explanation of the CVE with no technical details.* |
Copilot is powered by AI, so mistakes are possible. Review output carefully before use.
Upload all the hands on lab to the official GitHub repository