diff --git a/.azdo/codeql.yml b/.azdo/codeql.yml
new file mode 100644
index 000000000..3981e2da9
--- /dev/null
+++ b/.azdo/codeql.yml
@@ -0,0 +1,43 @@
+name: $(BuildDefinitionName)-$(date:yyMM).$(date:dd)$(rev:rrr)
+
+trigger: none
+
+schedules:
+- cron: "0 10 * * 1-5"
+  displayName: Daily CodeQL Build
+  branches:
+    include:
+    - latestw_all
+
+stages:
+- stage: Build
+  displayName: Build Win32-OpenSSH
+  jobs:
+  - job: BuildPkg
+    displayName: Build Package
+    pool:
+      name: PS-PowerShell-x64
+      demands:
+      - ImageOverride -equals PSMMS2019-OpenSSH-Secure
+    variables:
+      Codeql.Enabled: true
+      Codeql.Cadence: 23 # hours
+    steps:
+    - task: CodeQL3000Init@0
+      displayName: Initialize CodeQL
+    
+    - pwsh: |
+        Import-Module -Name "$(Build.SourcesDirectory)/contrib/win32/openssh/AzDOBuildTools" -Force
+        Invoke-AzDOBuild
+      displayName: Build Win32-OpenSSH
+
+    - task: CodeQL3000Finalize@0
+      displayName: Finalize CodeQL
+
+    - pwsh: |
+        $BuildOutPath = "$(Build.SourcesDirectory)/bin"
+        $BuildOutx86Path = Join-Path -Path $BuildOutPath -ChildPath 'Win32/Release'
+        Get-ChildItem -Path $BuildOutx86Path
+        $BuildOutx64Path = Join-Path -Path $BuildOutPath -ChildPath 'x64/Release'
+        Get-ChildItem -Path $BuildOutx64Path
+      displayName: Capture build results