added documentation link and formatted README file

2020-12-09 22:54:24 +01:00 · 2020-12-09 22:54:24 +01:00 · 19a0979e4d
--- a/Tools/ARM-Templates/DataConnectors/AzureAD/AzureAD.json
+++ b/Tools/ARM-Templates/DataConnectors/AzureAD/AzureAD.json
@ -4,6 +4,7 @@
    "parameters": {
        "workspaceResourceId": {
            "type": "string",
+            "defaultValue": "/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/microsoft.operationalinsights/workspaces/{workspaceName}",
            "metadata": {
                "description": "Resource ID for Log Analytics workspace. Format expected is /subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/microsoft.operationalinsights/workspaces/{workspaceName}"
            }
--- a/Tools/ARM-Templates/DataConnectors/AzureAD/README.md
+++ b/Tools/ARM-Templates/DataConnectors/AzureAD/README.md
@ -4,12 +4,14 @@ Author: Javier Soriano

 This template enables the Azure AD connector on your Sentinel workspace. 

-Azure Active Directory Audit/SignIn logs - requires permissions at tenant scope. Be aware that the User or SPN needs Owner rights on tenant scope for this operation, can be added with following CLI
+Azure Active Directory Audit/SignIn logs requires permissions to deploy at tenant scope. Assign Owner or Contributor to the principal that needs to deploy the templates (details [here](https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/deploy-to-tenant?tabs=azure-cli#required-access)):

-`az role assignment create --role Owner --scope "/" --assignee {13ece749-d0a0-46cf-8000-b2552b520631}#>`
+`az role assignment create --role Owner --scope "/" --assignee {user object ID}`

-Required parameter is workspaceResourceId in format: 
+Required template parameter is workspaceResourceId in format: 

 `/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/microsoft.operationalinsights/workspaces/{workspaceName}`

-[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2Fjaviersoriano%2FAzure-Sentinel%2Fjavier-arm%2FTools%2FARM-Templates%2FDataConnectors%2FAzureAD%2FAzureAD.json)
+Try it with the link below:
+
+[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FTools%2FARM-Templates%2FDataConnectors%2FAzureAD%2FAzureAD.json)
--- a/Tools/ARM-Templates/DataConnectors/AzureActivity/README.md
+++ b/Tools/ARM-Templates/DataConnectors/AzureActivity/README.md
@ -4,4 +4,4 @@ Author: Javier Soriano

 This template enables the Azure Activity connector on your Sentinel workspace.

-[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2Fjaviersoriano%2FAzure-Sentinel%2Fjavier-arm%2FTools%2FARM-Templates%2FDataConnectors%2FAzureActivity%2FAzureActivity.json)
+[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FTools%2FARM-Templates%2FDataConnectors%2FAzureActivity%2FAzureActivity.json)
--- a/Tools/ARM-Templates/README.md
+++ b/Tools/ARM-Templates/README.md
@ -0,0 +1 @@
+# Azure Sentinel Quickstart ARM Templates