I have been playing around with integrating AI into my favorite scripting tool: Powershell.
This blog serves as a quick-guide of how you can get started.
Below is an video-example of an app I have created using Powershell and Azure OpenAI. I have provided samples script to get you started in this tutorial.
✨ Need I say, it is awesome to use AI in scripts taking troubleshooting, cost optimization, security hunting, compliance reporting to the next level – much faster and more detailed! Try it out for yourself✨
🚀 Happy Scripting with the power of AI 😃
Samples with Video + Script
| App | Script Purpose |
| PIM Role Advisor (video – YouTube) PIM-Role-Advisor (script – Github) | Goal is to show-case how AI can show the necessary role and specific PIM group to activate. App was created with 450 lines of Powershell – integrating with Azure Open AI, Microsoft Graph and enriched data with PIM assignments (Entra ID Role Assignments, Azure PIM Assignments, PIM groups, etc.). |
| Sentinel Log Events Anomaly Detector (video – YouTube) Sentinel Log Events Anomaly Detector (script – Github) | Goal is to detect rogue apps, new policy config like AD audit or devices sending tons of data into logs increasing log costs significantly. ℹ️ This app analyzes Sentinel LogAnalytics SecurityEvent table for sudden increase of log events per eventid/server during last 1 hour and compares with average last 7 days. If thresholds of +20% is hit, events are being analyzed by Open AI and recommendations are shown with what to do. Summary is sent by email as an alert to IT. I’m grounding/providing context to the LLMs with focus on an cost-efficient prompt based on event samples. ⚡ NOTE: This is a quick sample; not a full blown anomaly detection method for Sentinel logs. Fine-tune it to your needs 🙂 |
Blog content (links)
Backend – Azure Open AI instance
First you need to deploy an Azure OpenAI instance for your AI prompts.
Search for Open – and choose Azure OpenAI
Step 1: Create your Azure OpenAI instance
Step 2: Define network + tagging + deploy environment
Step 3: Go into resource
Step 4: Go into Azure AI Foundry Portal – as we need to setup Deployment model
Step 5: Create Deployment model
Step 6: Choose model of choice – I use gpt-4o-mini
Step 7: Choose Deployment Type – I use Global Standard
Step 10: Now we need to find out our endpoint URL and access key
Click at Deployments
Choose the Model Deployment, you just deployed like gpt-4o-mini
Note down your API key (Access Key)
Note down your endpoint target uri
Good job – now your are finished with the backend !
Script configuration
Use the variables you noted down above in the header of the script
I have provided 2 scripts for you to try and get started.
| Script Name | Script Purpose |
| PIM-Role-Advisor | Show PIM role to solve a task – and group to activate the needed permission |
| Sentinel Log Events Anomaly Detector | Detect top-5 anomalies in events – and use AI to understand what to do, based on sample events |
Example of header
# -------------------- Tenant Configuration --------------------
$tenantId = "<your-tenant-id>" # e.g. "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
# -------------------- Sentinel Configuration --------------------
$subscriptionId = "<your-subscription-id>" # e.g. "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
$resourceGroup = "<your-resource-group-name>" # e.g. "rg-sentinel-logs"
$workspaceName = "<your-log-analytics-workspace-name>" # e.g. "la-sentinel"
# -------------------- OpenAI Configuration --------------------
$openaiApiKey = "<your-azure-openai-api-key>" # Create from Azure OpenAI resource
$openaiDeployment = "<your-deployment-name>" # e.g. "gpt-4o-mini"
$openaiEndpoint = "<your-endpoint-url>" # e.g. "https://your-resource-name.openai.azure.com"
$openaiApiVersion = "2024-03-01-preview" # Use appropriate version
$openaiUri = "$openaiEndpoint/openai/deployments/$openaiDeployment/chat/completions?api-version=$openaiApiVersion"Cost of AI
As you can see the cost of AI for my purpose is pretty low.
I pay USD 0.23 for 77 requests with total of approx 2m tokens
