fix(12_Azure_Copilot): align lab content with real Azure Copilot behavior

03-Azure/01-03-Infrastructure/12_Azure_Copilot/Readme.md

@@ -35,6 +35,8 @@ This MicroHack scenario walks through the use of Azure Copilot and its five spec
 
 Participants start by mastering Azure Copilot fundamentals (navigation, prompt writing, context management) and then progress through each agent's specialty before tackling a capstone challenge that combines all five agents in an end-to-end e-commerce platform scenario.
 
+The prompts in this lab are intentionally explicit so all participants get comparable Azure Copilot results. In real use, you can start with more conversational prompts and refine through follow-up questions; if Copilot asks for missing context such as region, time range, or resource selection, answer it and continue the workflow.
+
 ## Objectives
 
 After completing this MicroHack you will:
@@ -135,12 +137,12 @@ This creates five resource groups with pre-configured resources:
 
 The main cost drivers for this MicroHack are virtual machines and App Service:
 
-- **Challenge 4 (Optimization):** One Standard_D4s_v3 VM — approximately **$8/day**
-- **Challenge 5 (Resiliency):** One Standard_B2s VM — approximately **$1.50/day**
-- **Challenge 6 (Troubleshooting):** One Standard_B1s VM + Cosmos DB (Serverless) — approximately **$1.50/day**
-- **Challenge 3 (Observability):** App Service B1 plan — approximately **$0.50/day**
+- **Challenge 4 (Optimization):** One Standard_D4s_v3 Linux VM — approximately **$5–6/day**
+- **Challenge 5 (Resiliency):** One Standard_D2s_v3 Linux VM — approximately **$2.50–3/day**
+- **Challenge 6 (Troubleshooting):** One Standard_D2s_v3 Linux VM + Cosmos DB (Serverless) — approximately **$2.50–3.50/day**
+- **Challenge 3 (Observability):** App Service B1 plan — approximately **$0.50–2/day**
 
-Running all resources for one day costs approximately **$11.50–14**. For a 2-day workshop this would be approximately **$23–28 total**.
+The Challenge 5 and 6 VMs use D-series sizes rather than B-series sizes so the agent scenarios are not affected by burst-credit behavior. Costs vary by region, OS image, and actual usage. Running all resources for one day costs approximately **$11–15**. For a 2-day workshop this would be approximately **$22–30 total**.
 
 > [!TIP]
 > Delete all resources immediately after the workshop using `.\scripts\Remove-CopilotWorkshop.ps1 -Suffix "<suffix>"` to minimize costs.

03-Azure/01-03-Infrastructure/12_Azure_Copilot/challenges/challenge-01.md

@@ -64,9 +64,9 @@ Use Azure Copilot to answer the following questions. Write your prompts and note
 Use Azure Copilot to navigate to different services and pages in the portal:
 
 1. Ask: _"Take me to the Virtual Machines page"_
-2. Ask: _"Open Azure Monitor"_
+2. Ask: _"Take me to the Azure Monitor overview page in the Azure portal."_
 3. Ask: _"Navigate to Cost Management"_
-4. Ask: _"Show me the Advisor recommendations page"_
+4. Ask: _"Take me to the Azure Advisor recommendations page in the Azure portal."_
 
 **Question to answer:** What happens when you ask Azure Copilot to navigate? Does it open the page directly or provide a link?
 
@@ -75,19 +75,19 @@ Use Azure Copilot to navigate to different services and pages in the portal:
 Ask Azure Copilot to generate scripts for common tasks:
 
 1. Ask: _"Generate an Azure CLI script to create a storage account named 'stcopilotworkshop' in the resource group 'rg-copilot-<suffix>-ch00' in East US 2"_
-2. Ask: _"Can you convert that to PowerShell?"_
-3. Ask: _"Generate a Bicep template to create a virtual network with two subnets"_
+2. Ask: _"Convert the following Azure CLI command to PowerShell, keeping the same storage account name, resource group, and region: az storage account create --name stcopilotworkshop<suffix> --resource-group rg-copilot-<suffix>-ch00 --location eastus2 --sku Standard_LRS"_
+3. Ask: _"Generate a Bicep template that creates a Virtual Network named `vnet-copilot-workshop` with address space `10.0.0.0/16` and two subnets: `subnet-app` (`10.0.1.0/24`) and `subnet-data` (`10.0.2.0/24`). Include parameters for the VNet name and location."_
 
 **Question to answer:** How does Azure Copilot handle multi-turn conversations? Does it remember context from your previous prompts?
 
 ### Task 5: Get Recommendations (5 min)
 
 Explore Azure Advisor integration:
 
-1. Ask: _"Show me my top cost recommendations"_
-2. Ask: _"What are my security recommendations?"_
-3. Ask: _"Show me my reliability recommendations"_
-4. Ask: _"What services do you recommend for building a web application with a database backend?"_
+1. Ask: _"List my top Azure Advisor cost recommendations for this subscription."_
+2. Ask: _"List my top Azure Advisor security recommendations for this subscription."_
+3. Ask: _"List my top Azure Advisor reliability recommendations for this subscription."_
+4. Ask: _"What Azure services do you recommend for building a web application with a relational database backend? Compare App Service + Azure SQL Database vs App Service + Azure Database for PostgreSQL Flexible Server, and summarize when each is appropriate."_
 
 **Question to answer:** Does Azure Copilot provide generic recommendations or ones tailored to your actual Azure environment?
 

03-Azure/01-03-Infrastructure/12_Azure_Copilot/challenges/challenge-02.md

@@ -48,10 +48,10 @@ By the end of this challenge, you will be able to:
 
 The initial plan is good, but as the architect, you want to refine it. Use follow-up prompts to adjust:
 
-1. Ask: _"Can you add a Virtual Network with subnets for the App Service and the database?"_
-2. Ask: _"I want the PostgreSQL server to use private endpoints instead of public access."_
-3. Ask: _"Add a Network Security Group to restrict traffic to the App Service subnet."_
-4. Ask: _"What would be the estimated monthly cost for this setup at a basic tier?"_
+1. Ask: _"In the Deployment Agent plan canvas for the Flask+PostgreSQL workload, add a Virtual Network `10.0.0.0/16` with an App Service subnet `10.0.1.0/24` and a database subnet `10.0.2.0/24` delegated to PostgreSQL Flexible Server."_
+2. Ask: _"Revise the same NEW-workload design so PostgreSQL uses private access or private endpoints, and include the supporting DNS and networking considerations. Do not ask me to select existing resources."_
+3. Ask: _"Update the same NEW-workload design to include an NSG strategy for the application subnet. Describe the intended inbound and outbound restrictions rather than querying existing resources."_
+4. Ask: _"Provide a rough monthly cost estimate for the planned infrastructure (App Service Basic, PostgreSQL Flexible Server Standard_B1ms in the Burstable tier, Key Vault Standard, Application Insights, VNet) assuming East US 2 list prices."_
 
 **Question to answer:** How does the Deployment Agent handle these incremental refinements? Does it update the plan or start over?
 
@@ -84,7 +84,7 @@ When the plan is ready, Azure Copilot presents it as a summary with components,
 
 1. After reviewing the infrastructure plan, click **"I approve the plan"** to proceed (or, if you described the workload via a prompt, ask Azure Copilot to generate the Terraform code):
 
-   > _"Generate the Terraform configurations for this plan."_
+   > _"Generate starter Terraform for a NEW Azure deployment of a Flask web app on App Service with PostgreSQL Flexible Server, Key Vault, and Application Insights. Include the main resources even if I still need to customize variables and networking details."_
 
 2. **Review the generated files** in the artifact pane:
    - Click the **maximize icon** to open the artifact pane
@@ -124,7 +124,7 @@ After reviewing the configurations, explore the available deployment methods:
 
 Start a **new conversation** and try a completely different deployment scenario:
 
-> _"Set up a multitenant SaaS application on AKS using Kubernetes namespaces for isolation, integrate Microsoft Entra for authentication, and centralize logs in Azure Log Analytics."_
+> _"Design a NEW workload plan for a multitenant SaaS application on AKS using Kubernetes namespaces for tenant isolation, Microsoft Entra ID for authentication, and Azure Log Analytics for centralized logging. Do not select an existing cluster — this is a greenfield design."_
 
 Compare the approach, plan, and generated configurations with your first scenario.
 

03-Azure/01-03-Infrastructure/12_Azure_Copilot/challenges/challenge-03.md

@@ -99,7 +99,7 @@ You must have one of these roles on the Azure Monitor Workspace:
 3. Copy the alert's **resource ID** (found in the alert's properties/essentials section)
 4. Use this prompt (replace the ID with your actual alert ID):
 
-   > _"Start an investigation for my alert: `/subscriptions/{SUB_ID}/resourcegroups/{RG}/providers/microsoft.insights/components/{COMPONENT}/providers/Microsoft.AlertsManagement/alerts/{ALERT_ID}`"_
+   > _"If there are active Application Insights alerts in this subscription, investigate the most recent one and summarize the likely root cause. If there are no active alerts, explain how you would investigate one in this lab and what data you would analyze."_
 
 5. Click **"Show activity"** to watch the investigation progress in real time
 6. Review the investigation summary when complete
@@ -135,7 +135,7 @@ After the investigation completes, carefully review the results:
 4. **Follow the link** to the Azure Monitor issue for the full investigation details
 5. Ask follow-up questions:
 
-   > _"Can you explain more about finding #1?"_
+   > _"For the alert we just discussed (or for a typical App Insights alert if none exist), tell me what data you analyze, what findings you look for, and what remediation steps you would recommend."_
    > _"What would happen if I don't address this issue?"_
    > _"Are there any related alerts I should be aware of?"_
 
@@ -159,10 +159,11 @@ After the investigation completes, carefully review the results:
 
 Run through the complete workflow one more time with a different alert or a hypothetical scenario:
 
-1. Ask: _"What are the key alerts raised since the past 24 hours?"_
-2. Pick an alert from the list and ask for an investigation
-3. Review the results concisely
-4. Identify the remediation steps
+1. Ask: _"Summarize any Application Insights alerts raised in the past 24 hours. If none are present, say so clearly and tell me what traffic or failure signal I should generate for this lab."_
+2. Ask: _"Investigate the most important recent Application Insights alert. If there are no recent alerts, walk me through how I would investigate the next one and what remediation evidence I should capture."_  (if the first prompt returned no alerts, use this follow-up)
+3. Pick an alert from the list and ask for an investigation
+4. Review the results concisely
+5. Identify the remediation steps
 
 **Question to answer:** How would you integrate this investigation workflow into your daily on-call routine?
 

03-Azure/01-03-Infrastructure/12_Azure_Copilot/challenges/challenge-04.md

@@ -63,15 +63,15 @@ If you already have VMs or VMSS in your subscription:
 1. Open Azure Copilot and **enable agent mode**
 2. Ask for a subscription-wide overview:
 
-   > _"Show me the top five cost-saving opportunities for subscription `{YOUR_SUBSCRIPTION_ID}`"_
+   > _"Show me my top Azure Advisor cost recommendations for this subscription."_
 
 3. Review the list of recommendations. For each one, note:
    - The resource affected
    - The recommended action
    - The estimated monthly savings
 4. Try a broader query:
 
-   > _"Summarize total potential cost and carbon reduction from all active recommendations."_
+   > _"Summarize total potential monthly savings from all active Azure Advisor cost recommendations, grouped by category (VM rightsizing, reserved instances, idle resources)."_
 
 **Question to answer:** What categories of cost savings does the Optimization Agent identify? How significant are the potential savings?
 
@@ -81,7 +81,7 @@ Pick one recommendation from Task 1 and explore it in detail:
 
 1. Ask for more details:
 
-   > _"Explain the recommendation for `vm-copilot-oversized`."_
+   > _"Give me detailed rightsizing analysis for VM `vm-copilot-oversized` in resource group `rg-copilot-<suffix>-ch03`: current SKU, recommended SKU, average CPU and memory utilization, estimated monthly savings, and performance impact."_
 
 2. Understand the reasoning:
    - What metrics indicate the resource is underutilized?
@@ -90,7 +90,7 @@ Pick one recommendation from Task 1 and explore it in detail:
 
 3. Request an alternative:
 
-   > _"Is there an alternate recommendation for `vm-copilot-oversized`?"_
+   > _"Explain why Azure Advisor recommends resizing `vm-copilot-oversized` from its current SKU to the smaller SKU. Include the utilization data and the threshold rules Advisor uses."_
 
 4. Compare the options:
    - Original recommendation vs. alternative
@@ -102,14 +102,14 @@ Pick one recommendation from Task 1 and explore it in detail:
 
 1. Ask Azure Copilot to show you the expected impact visually:
 
-   > _"Show me a chart of the expected results of applying the recommendation for `vm-copilot-oversized`."_
+   > _"Generate a bar chart comparing the current monthly cost and the recommended monthly cost for `vm-copilot-oversized` after applying the Advisor rightsizing recommendation, and show the % savings."_
 
 2. Review the generated chart:
    - What metrics are shown (CPU, memory, cost)?
    - How does current usage compare to the recommended tier?
 3. Ask for a subscription-level summary:
 
-   > _"Can you show me a breakdown of potential savings by resource type for my subscription?"_
+   > _"Give me a subscription-level optimization summary: total potential monthly savings, breakdown by resource type (VMs, storage, databases), and the top 3 recommendations by impact."_
 
 **Question to answer:** How do the visual charts help you communicate optimization plans to management or stakeholders?
 
@@ -119,7 +119,7 @@ Generate scripts to implement the recommended changes:
 
 1. Ask for a PowerShell script:
 
-   > _"Generate a PowerShell script to apply the recommended optimizations for `vm-copilot-oversized`."_
+   > _"Generate a PowerShell script to resize VM `vm-copilot-oversized` in resource group `rg-copilot-<suffix>-ch03` from Standard_D4s_v3 to Standard_D2s_v3. Include stop, resize, and start steps."_
 
 2. Review the generated script:
    - Does it resize the VM?
@@ -128,7 +128,7 @@ Generate scripts to implement the recommended changes:
 
 3. Ask for a CLI version:
 
-   > _"Can you provide a CLI script to apply those optimizations?"_
+   > _"Now generate the equivalent Azure CLI (bash) script to resize `vm-copilot-oversized` in `rg-copilot-<suffix>-ch03` from Standard_D4s_v3 to Standard_D2s_v3 (deallocate, resize, start)."_
 
 4. Compare the two scripts — note the differences in syntax and approach
 

03-Azure/01-03-Infrastructure/12_Azure_Copilot/challenges/challenge-05.md

@@ -39,7 +39,7 @@ Resources in **`rg-copilot-<suffix>-ch04`** (in your chosen deployment region):
 
 | Resource        | Name                      | SKU          | Resiliency Gaps                                |
 | --------------- | ------------------------- | ------------ | ---------------------------------------------- |
-| Virtual Machine | `vm-copilot-noresilience` | Standard_B2s | No zone redundancy, no Azure Backup configured |
+| Virtual Machine | `vm-copilot-noresilience` | Standard_D2s_v3 | No zone redundancy, no Azure Backup configured |
 
 > **Why these gaps?** The VM is intentionally deployed **without** availability zone configuration and **without** backup protection, so the Resiliency Agent will flag both issues and guide you through remediation.
 
@@ -67,7 +67,7 @@ Ensure you have resources deployed that can be evaluated for resiliency. Ideal r
 
 3. Then check at the service group level:
 
-   > _"Which service groups are currently not zone-resilient?"_
+   > _"Group any non-zone-resilient resources by service type and summarize the biggest resiliency gaps."_
 
 4. For a specific resource, ask for details:
 
@@ -86,7 +86,7 @@ Pick a non-zone-resilient resource and configure it:
 
 1. Ask Azure Copilot to help configure zone resiliency:
 
-   > _"Configure zone resiliency for my VM `vm-copilot-noresilience`."_
+   > _"For VM `vm-copilot-noresilience`, explain what would be required to improve resiliency and generate a starter script or command sequence if the service supports it. If not, give the manual steps."_
 
 2. Review the generated script:
    - What changes will it make?
@@ -95,7 +95,7 @@ Pick a non-zone-resilient resource and configure it:
 
 3. For resources where scripts aren't auto-generated, ask for guidance:
 
-   > _"How do I configure zone resiliency for my Azure Cache for Redis?"_
+   > _"What are the cost implications of enabling zone redundancy for a Standard_D2s_v3 VM, an App Service Standard S1 plan, and a Standard C1 Redis cache? Include any tier upgrades required."_
    > _"What are the steps to make my App Service zone-redundant?"_
 
 4. Understand the cost implications:
@@ -120,7 +120,7 @@ Pick a non-zone-resilient resource and configure it:
 
 4. Identify unprotected resources:
 
-   > _"Which VMs don't have Azure Backup configured?"_
+   > _"List virtual machines in this subscription that don't have an Azure Backup policy configured."_
 
 5. For any identified gaps, ask for remediation:
 
@@ -134,11 +134,13 @@ Use the Resiliency Agent to manage backup infrastructure:
 
 1. **Create a vault:**
 
-   > _"Help me create a Recovery Services vault named `rsv-copilot-workshop` in my resource group `rg-copilot-<suffix>-ch04`."_
+   > _"Create a Recovery Services vault named `rsv-copilot-workshop` in resource group `rg-copilot-<suffix>-ch04` with soft delete enabled. Show me the CLI or PowerShell commands."_
+   >
+   > Then, as a follow-up prompt: _"Now show me how to enable immutability on that vault (separate configuration step after creation)."_
 
 2. **Enhance vault security:**
 
-   > _"Increase the security level of this vault."_
+   > _"Outline a disaster recovery plan for the resources in rg-copilot-<suffix>-ch04: primary region, secondary region, RTO/RPO targets, and services needed (ASR, geo-backup, multi-region writes)."_
 
 3. **Explore vault operations:**
 
@@ -162,7 +164,7 @@ Bring it all together with a comprehensive assessment:
 
 2. Request a prioritized improvement plan:
 
-   > _"What are the top resiliency improvements I should make, prioritized by risk?"_
+   > _"Generate a prioritized resiliency improvement plan for rg-copilot-<suffix>-ch04. Order the items by risk (Critical, High, Medium, Low), cover zone resiliency, backup coverage, vault security, and DR, and include one concrete action per item."_
 
 3. Document the findings in a format suitable for the compliance audit: