feat: Hardened AI Foundry Hub & Project (US-945) + Incident Remediation (US-2684)

[jayce21-ms]

… remediate US-2684

-Network Security: Enabled AllowOnlyApprovedOutbound isolation for AI Foundry.

Incident Response: Neutralized local persistence (crontab) and closed the rogue Python socket.

Programmatic Validation: Included KQL detection logic for Feature 951 lifecycle management.

[jayce21-ms]

✅ Definition of Done (DoD)

• Workstation Integrity: /etc/crontab cleared; no active rogue processes.
• Code Quality: Bicep modules refactored and verified via az bicep build.
• Network Hardening: AllowOnlyApprovedOutbound confirmed for AI Foundry Hub.
• Telemetry: KQL detection query (US-958) validated against local forensic data.
• Governance: All child stories under Feature 951 linked and updated.

[Copilot]

Pull request overview

This pull request implements hardened infrastructure for AI Foundry Hub & Project deployment and includes incident remediation measures. The changes add network security controls with AllowOnlyApprovedOutbound isolation mode and integrate AKS with secure VNet configurations.

Changes:

• Added hardened AKS cluster deployment with Entra ID authentication and Cilium network dataplane
• Created AI Foundry Hub and Project resources with restricted network access and managed network isolation
• Integrated secure VNet and subnet references for isolated infrastructure deployment

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.

File	Description
infra/v2-sandbox-hardened.bicep	Main orchestration template that references secure VNet and deploys AKS via module
infra/modules/foundry.bicep	Defines AI Foundry Hub and Project resources with security hardening configurations
infra/modules/aks.bicep	AKS cluster module with disabled local accounts, Cilium dataplane, and VNet integration

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[jayce21-ms]

Security Remediation & Hardening Sign-off
Status: ✅ Remediation Verified | ✅ CI/CD Pipeline Green | ✅ IaC Hardened

1. Incident Response (US-2684 / US-951):

Persistence Purged: Unauthorized socat reverse-shell entry removed from /etc/crontab.

Process Neutralization: Rogue Python processes terminated; verified clean via ps aux.

Root Cause: Compromised local crontab used for persistence; remediated via manual cleanup and hardened identity controls.

2. Infrastructure as Code (US-945):

Network Isolation: Refactored AI Foundry Bicep modules to enforce AllowOnlyApprovedOutbound egress.

Schema Compliance: Resolved orphaned properties and linter errors; validated via az bicep build.

Managed Identity: Updated Hub/Project resources to utilize SystemAssigned identities for secure service communication.

3. Governance & Pipeline:

OIDC Remediation: Resolved AADSTS700213 by implementing Branch-Specific Federated Identity Credentials.

Security Posture: Removed reliance on static secrets, moving to a full secret-less OIDC flow for GitHub Actions.

Verification:

Local shell check: CLEAN

GitHub Actions HVE-Deploy job: SUCCESS

[jayce21-ms]

Summary: "Implemented the Self-Healing RBAC Agent"
Evidence: "Verified that the agent can detect a 403 error and generate a Bicep fix for the OpenAI Contributor role."

[jayce21-ms]

Known Issue: Local Execution Environment

While the orchestration logic and SKILL.md are complete, local execution on macOS (Apple Silicon) currently encounters a binary entitlement block with the copilot-agent-macos-arm64 engine.

Resolution Path:

I have successfully side-loaded the binary into the venv for logic verification.

Full end-to-end "Handshake" requires a security exception for the binary or execution within a Linux-based Dev Container (where the SDK installation is seamless).

The logic layer is verified and ready for integration into the CI/CD pipeline.