Azure
/
Enterprise-Scale
зеркало из https://github.com/Azure/Enterprise-Scale.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Sentinel Deployment Fix (#1709) 

Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>
This commit is contained in:
Sacha Narinx 2024-08-14 16:16:11 +04:00 коммит произвёл GitHub
Родитель 7b7ff1d1c2
Коммит 24ae46adea
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: B5690EEEBB952194
5 изменённых файлов: 58 добавлений и 413 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

9
docs/wiki/Whats-new.md
Просмотреть файл

@ -1,6 +1,7 @@
## In this Section
- [Updates](#updates)
- [August 2024](#august-2024)
- [July 2024](#july-2024)
- [June 2024](#june-2024)
- [🆕 AMA Updates](#-ama-updates)
@ -47,6 +48,14 @@ This article will be updated as and when changes are made to the above and anyth
Here's what's changed in Enterprise Scale/Azure Landing Zones:
### August 2024
#### Other
- Cleaned up the Log Analytics "solutions" in portal ARM template, as these are no longer required and deployed by ALZ.
- Re-introduced the option to enable "Sentinel" in the portal accelerator.
- Updated Microsoft Sentinel onboarding (enablement) using the new mechanism that fixes issues after 1 July 2024. Microsoft Sentinel is enabled by default through the portal accelerator as a best practice - we do not however configure any data connectors, we only enable the service. Should you wish to remove this, you can delete the association from the Azure Portal after deployment from the "Sentinel" feature blade.
### July 2024
#### Policy

21
eslzArm/eslz-portal.json
Просмотреть файл

@ -439,6 +439,26 @@
"style": "Info"
}
},
{
"name": "enableSentinel",
"type": "Microsoft.Common.OptionsGroup",
"label": "Deploy Microsoft Sentinel (configuration required to activate)",
"defaultValue": "Yes (recommended)",
"toolTip": "If 'Yes' is selected Sentinel will be enabled on the Log Analytics workspace. Note additional configuration is required to complete Sentinel onboarding.",
"constraints": {
"allowedValues": [
{
"label": "Yes (recommended)",
"value": "Yes"
},
{
"label": "No",
"value": "No"
}
]
},
"visible": true
},
{
"name": "esMgmtSubSection",
"type": "Microsoft.Common.Section",
@ -8972,6 +8992,7 @@
"enableUpdateMgmt": "[steps('management').enableUpdateMgmt]",
"enableVmInsights": "[steps('management').enableVmInsights]",
"retentionInDays": "[string(steps('management').retentionInDays)]",
"enableSentinel": "[steps('management').enableSentinel]",
"managementSubscriptionId": "[steps('management').esMgmtSubSection.esMgmtSub]",
"enableAsc": "[steps('management').enableAsc]",
"emailContactAsc": "[steps('management').emailContactAsc]",

92
eslzArm/eslzArm.json
Просмотреть файл

@ -40,6 +40,10 @@
"type": "string",
"defaultValue": ""
},
"enableSentinel": {
"type": "string",
"defaultValue": "Yes"
},
"managementSubscriptionId": {
"type": "string",
"defaultValue": "",
@ -203,14 +207,6 @@
],
"defaultValue": "Disabled"
},
"enableSecuritySolution": {
"type": "string",
"defaultValue": "Yes",
"allowedValues": [
"Yes",
"No"
]
},
"enableMonitorBaselines": {
"type": "string",
"defaultValue": "",
@ -1596,7 +1592,6 @@
"resourceGroup": "[uri(deployment().properties.templateLink.uri, 'subscriptionTemplates/resourceGroup.json')]",
"ddosProtection": "[uri(deployment().properties.templateLink.uri, 'resourceGroupTemplates/ddosProtection.json')]",
"logAnalyticsPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DINE-LogAnalyticsPolicyAssignment.json')]",
"monitoringSolutions": "[uri(deployment().properties.templateLink.uri, 'subscriptionTemplates/logAnalyticsSolutions.json')]",
"asbPolicyInitiative": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DINE-ASBPolicyAssignment.json')]",
"regulatoryComplianceInitaitves": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/ENFORCE-RegulatoryCompliancePolicyAssignment.json')]",
"resourceDiagnosticsInitiative": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DINE-ResourceDiagnosticsPolicyAssignment.json')]",
@ -1714,7 +1709,6 @@
"monitorManagementDeploymentName": "[take(concat('alz-ManagementMonitor', variables('deploymentSuffix')), 64)]",
"monitorLandingZoneDeploymentName": "[take(concat('alz-LandingZoneMonitor', variables('deploymentSuffix')), 64)]",
"monitorServiceHealthDeploymentName": "[take(concat('alz-SvcHealthMonitor', variables('deploymentSuffix')), 64)]",
"monitoringSolutionsDeploymentName": "[take(concat('alz-Solutions', variables('deploymentSuffix')), 64)]",
"asbPolicyDeploymentName": "[take(concat('alz-ASB', variables('deploymentSuffix')), 64)]",
"regulatoryComplianceInitativesToAssignDeploymentName": "[take(concat('alz-RegComp-', deployment().location, '-', uniqueString(parameters('currentDateTimeUtcNow')), '-'), 64)]",
"resourceDiagnosticsPolicyDeploymentName": "[take(concat('alz-ResourceDiagnostics', variables('deploymentSuffix')), 64)]",
@ -1842,7 +1836,6 @@
"subnetNsgIdentityLitePolicyDeploymentName": "[take(concat('alz-SubnetNsgIdentity', variables('deploymentSuffix')), 64)]",
"monitoringLiteDeploymentName": "[take(concat('alz-MonitoringLite', variables('deploymentSuffix')), 64)]",
"logAnalyticsLitePolicyDeploymentName": "[take(concat('alz-LAPolicyLite', variables('deploymentSuffix')), 64)]",
"monitoringSolutionsLiteDeploymentName": "[take(concat('alz-SolutionsLite', variables('deploymentSuffix')), 64)]",
"platformLiteSubscriptionPlacement": "[take(concat('alz-PlatformSubLite', variables('deploymentSuffix')), 64)]",
"vnetConnectivityHubLiteDeploymentName": "[take(concat('alz-VnetHubLite', variables('deploymentSuffix')), 64)]",
"vwanConnectivityHubLiteDeploymentName": "[take(concat('alz-VWanHubLite', variables('deploymentSuffix')), 64)]",
@ -2414,6 +2407,9 @@
},
"retentionInDays": {
"value": "[parameters('retentionInDays')]"
},
"enableSentinel": {
"value": "[parameters('enableSentinel')]"
}
}
}
@ -2538,40 +2534,6 @@
}
}
},
{
// Deploying Sentinel to Log Analytics workspace if condition is true
"condition": "[and(equals(parameters('enableLogAnalytics'), 'Yes'), not(empty(parameters('managementSubscriptionId'))), equals(parameters('enableSecuritySolution'), 'Yes'))]",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2020-10-01",
"name": "[variables('deploymentNames').monitoringSolutionsDeploymentName]",
"location": "[deployment().location]",
"subscriptionId": "[parameters('managementSubscriptionId')]",
"dependsOn": [
"[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').monitoringDeploymentName)]",
"policyCompletion"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"contentVersion": "1.0.0.0",
"uri": "[variables('deploymentUris').monitoringSolutions]"
},
"parameters": {
"rgName": {
"value": "[variables('platformRgNames').mgmtRg]"
},
"workspaceName": {
"value": "[variables('platformResourceNames').logAnalyticsWorkspace]"
},
"workspaceRegion": {
"value": "[deployment().location]"
},
"enableSecuritySolution": {
"value": "[parameters('enableSecuritySolution')]"
}
}
}
},
{
// Assigning Log Analytics workspace policy to management management group if condition is true
"condition": "[and(equals(parameters('enableLogAnalytics'), 'Yes'), not(empty(parameters('managementSubscriptionId'))))]",
@ -7544,6 +7506,9 @@
},
"retentionInDays": {
"value": "[parameters('retentionInDays')]"
},
"enableSentinel": {
"value": "[parameters('enableSentinel')]"
}
}
}
@ -7581,43 +7546,6 @@
}
}
},
/*
Note: ES Lite only: the following deployments will deploy Sentinel to the platform subscription
*/
{
// Deploying Sentinel to the Log Analytics workspace if condition is true
"condition": "[and(equals(parameters('enableLogAnalytics'), 'Yes'), not(empty(parameters('singlePlatformSubscriptionId'))), equals(parameters('enableSecuritySolution'), 'Yes'))]",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2020-10-01",
"name": "[variables('esLiteDeploymentNames').monitoringSolutionsLiteDeploymentName]",
"location": "[deployment().location]",
"subscriptionId": "[parameters('singlePlatformSubscriptionId')]",
"dependsOn": [
"[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').monitoringLiteDeploymentName)]",
"policyCompletion"
],
"properties": {
"mode": "Incremental",
"templateLink": {
"contentVersion": "1.0.0.0",
"uri": "[variables('deploymentUris').monitoringSolutions]"
},
"parameters": {
"rgName": {
"value": "[variables('platformRgNames').mgmtRg]"
},
"workspaceName": {
"value": "[variables('platformResourceNames').logAnalyticsWorkspace]"
},
"workspaceRegion": {
"value": "[deployment().location]"
},
"enableSecuritySolution": {
"value": "[parameters('enableSecuritySolution')]"
}
}
}
},
/*
Note: ES Lite only: deploy Log Analytics workspace policy to the platform management group
*/

330
eslzArm/subscriptionTemplates/logAnalyticsSolutions.json
Просмотреть файл

@ -1,330 +0,0 @@
{
"$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"rgName": {
"type": "string",
"metadata": {
"description": "Provide the resource group name where the Log Analytics workspace is deployed."
}
},
"workspaceName": {
"type": "string",
"metadata": {
"description": "Provide resource name for the Log Analytics workspace."
}
},
"workspaceRegion": {
"type": "string",
"defaultValue": "[deployment().location]",
"metadata": {
"description": "Select Azure region for the Log Analytics workspace. Default, we will use same region as deployment."
}
},
"enableSecuritySolution": {
"type": "string",
"allowedValues": [
"Yes",
"No"
],
"defaultValue": "Yes",
"metadata": {
"description": "Select whether security solutions should be enabled or not."
}
}/*,
"enableAgentHealth": {
"type": "string",
"allowedValues": [
"Yes",
"No"
],
"defaultValue": "Yes",
"metadata": {
"description": "Select whether agent health solution should be enabled or not."
}
},
"enableChangeTracking": {
"type": "string",
"allowedValues": [
"Yes",
"No"
],
"defaultValue": "Yes",
"metadata": {
"description": "Select whether change tracking solution should be enabled or not."
}
},
"enableUpdateMgmt": {
"type": "string",
"allowedValues": [
"Yes",
"No"
],
"defaultValue": "Yes",
"metadata": {
"description": "Select whether update mgmt solution should be enabled or not."
}
},
"enableVmInsights": {
"type": "string",
"allowedValues": [
"Yes",
"No"
],
"defaultValue": "Yes",
"metadata": {
"description": "Select whether VM insights solution should be enabled or not."
}
},
"enableSqlAssessment": {
"type": "string",
"allowedValues": [
"Yes",
"No"
],
"defaultValue": "Yes",
"metadata": {
"description": "Select whether SQL assessment solution should be enabled or not."
}
},
"enableSqlVulnerabilityAssessment": {
"type": "string",
"allowedValues": [
"Yes",
"No"
],
"defaultValue": "Yes",
"metadata": {
"description": "Select whether SQL vulnerability assessment solution should be enabled or not."
}
},
"enableSqlAdvancedThreatProtection": {
"type": "string",
"allowedValues": [
"Yes",
"No"
],
"defaultValue": "Yes",
"metadata": {
"description": "Select whether SQL advanced threat protection solution should be enabled or not."
}
}*/
},
"variables": {
"laResourceId": "[toLower(concat(subscription().id, '/resourceGroups/', parameters('rgName'), '/providers/Microsoft.OperationalInsights/workspaces/', parameters('workspaceName')))]",
"solutions": {
/*"security": {
"name": "[concat('Security', '(', parameters('workspaceName'), ')')]",
"marketplaceName": "Security"
},
"agentHealth": {
"name": "[concat('AgentHealthAssessment', '(', parameters('workspaceName'), ')')]",
"marketplaceName": "AgentHealthAssessment"
},
"changeTracking": {
"name": "[concat('ChangeTracking', '(', parameters('workspaceName'), ')')]",
"marketplaceName": "ChangeTracking"
},
"updateMgmt": {
"name": "[concat('Updates', '(', parameters('workspaceName'), ')')]",
"marketplaceName": "Updates"
},
"sqlAssessment": {
"name": "[concat('SQLAssessment', '(', parameters('workspaceName'), ')')]",
"marketplaceName": "SQLAssessment"
},
"sqlAdvancedThreatProtection": {
"name": "[concat('SQLAdvancedThreatProtection', '(', parameters('workspaceName'), ')')]",
"marketplaceName": "SQLAdvancedThreatProtection"
},
"sqlVulnerabilityAssesment": {
"name": "[concat('SQLVulnerabilityAssessment', '(', parameters('workspaceName'), ')')]",
"marketplaceName": "SQLVulnerabilityAssessment"
},
"vmInsights": {
"name": "[concat('VMInsights', '(', parameters('workspaceName'), ')')]",
"marketplaceName": "VMInsights"
},*/
"securityInsights": {
"name": "[concat('SecurityInsights', '(', parameters('workspaceName'), ')')]",
"marketplaceName": "SecurityInsights"
}
}
},
"resources": [
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2018-05-01",
"name": "[take(concat('alz-', 'solutions-', guid(deployment().name)), 63)]",
"resourceGroup": "[parameters('rgName')]",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {},
"resources": [
/*{
// Conditionally deploy solution for agent health
"condition": "[equals(parameters('enableAgentHealth'), 'Yes')]",
"apiVersion": "2015-11-01-preview",
"type": "Microsoft.OperationsManagement/solutions",
"name": "[variables('solutions').agentHealth.name]",
"location": "[parameters('workspaceRegion')]",
"properties": {
"workspaceResourceId": "[variables('laResourceId')]"
},
"plan": {
"name": "[variables('solutions').agentHealth.name]",
"product": "[concat('OMSGallery/', variables('solutions').agentHealth.marketplaceName)]",
"promotionCode": "",
"publisher": "Microsoft"
}
},*/
/*{
// Conditionally deploy solution for change tracking
"condition": "[equals(parameters('enableChangeTracking'), 'Yes')]",
"apiVersion": "2015-11-01-preview",
"type": "Microsoft.OperationsManagement/solutions",
"name": "[variables('solutions').changeTracking.name]",
"location": "[parameters('workspaceRegion')]",
"properties": {
"workspaceResourceId": "[variables('laResourceId')]"
},
"plan": {
"name": "[variables('solutions').changeTracking.name]",
"product": "[concat('OMSGallery/', variables('solutions').changeTracking.marketplaceName)]",
"promotionCode": "",
"publisher": "Microsoft"
}
},*/
/*{
// Conditionally deploy solution for vm insights
"condition": "[equals(parameters('enableVmInsights'), 'Yes')]",
"apiVersion": "2015-11-01-preview",
"type": "Microsoft.OperationsManagement/solutions",
"name": "[variables('solutions').vmInsights.name]",
"location": "[parameters('workspaceRegion')]",
"properties": {
"workspaceResourceId": "[variables('laResourceId')]"
},
"plan": {
"name": "[variables('solutions').vmInsights.name]",
"product": "[concat('OMSGallery/', variables('solutions').vmInsights.marketplaceName)]",
"promotionCode": "",
"publisher": "Microsoft"
}
},*/
/*{
// Conditionally deploy solution for security
"condition": "[equals(parameters('enableSecuritySolution'), 'Yes')]",
"apiVersion": "2015-11-01-preview",
"type": "Microsoft.OperationsManagement/solutions",
"name": "[variables('solutions').security.name]",
"location": "[parameters('workspaceRegion')]",
"properties": {
"workspaceResourceId": "[variables('laResourceId')]"
},
"plan": {
"name": "[variables('solutions').security.name]",
"product": "[concat('OMSGallery/', variables('solutions').security.marketplaceName)]",
"promotionCode": "",
"publisher": "Microsoft"
}
},*/
{
// Conditionally deploy solution for sentinel
"condition": "[equals(parameters('enableSecuritySolution'), 'Yes')]",
"apiVersion": "2015-11-01-preview",
"type": "Microsoft.OperationsManagement/solutions",
"name": "[variables('solutions').securityInsights.name]",
"location": "[parameters('workspaceRegion')]",
"properties": {
"workspaceResourceId": "[variables('laResourceId')]",
"sku": {
"name": "Unified"
}
},
"plan": {
"name": "[variables('solutions').securityInsights.name]",
"product": "[concat('OMSGallery/', variables('solutions').securityInsights.marketplaceName)]",
"promotionCode": "",
"publisher": "Microsoft"
}
}/*,
{
// Conditionally deploy solution for SQL assessment
"condition": "[equals(parameters('enableSqlAssessment'), 'Yes')]",
"apiVersion": "2015-11-01-preview",
"type": "Microsoft.OperationsManagement/solutions",
"name": "[variables('solutions').sqlAssessment.name]",
"location": "[parameters('workspaceRegion')]",
"properties": {
"workspaceResourceId": "[variables('laResourceId')]"
},
"plan": {
"name": "[variables('solutions').sqlAssessment.name]",
"product": "[concat('OMSGallery/', variables('solutions').sqlAssessment.marketplaceName)]",
"promotionCode": "",
"publisher": "Microsoft"
}
},*/
/*{
// Conditionally deploy solution for SQL advanced threat protection
"condition": "[equals(parameters('enableSqlAdvancedThreatProtection'), 'Yes')]",
"apiVersion": "2015-11-01-preview",
"type": "Microsoft.OperationsManagement/solutions",
"name": "[variables('solutions').sqlAdvancedThreatProtection.name]",
"location": "[parameters('workspaceRegion')]",
"properties": {
"workspaceResourceId": "[variables('laResourceId')]"
},
"plan": {
"name": "[variables('solutions').sqlAdvancedThreatProtection.name]",
"product": "[concat('OMSGallery/', variables('solutions').sqlAdvancedThreatProtection.marketplaceName)]",
"promotionCode": "",
"publisher": "Microsoft"
}
},*/
/*{
// Conditionally deploy solution for SQL vulnerability protection
"condition": "[equals(parameters('enableSqlVulnerabilityAssessment'), 'Yes')]",
"apiVersion": "2015-11-01-preview",
"type": "Microsoft.OperationsManagement/solutions",
"name": "[variables('solutions').sqlVulnerabilityAssesment.name]",
"location": "[parameters('workspaceRegion')]",
"properties": {
"workspaceResourceId": "[variables('laResourceId')]"
},
"plan": {
"name": "[variables('solutions').sqlVulnerabilityAssesment.name]",
"product": "[concat('OMSGallery/', variables('solutions').sqlVulnerabilityAssesment.marketplaceName)]",
"promotionCode": "",
"publisher": "Microsoft"
}
},*/
/*{
// Conditionally deploy solution for update management
"condition": "[equals(parameters('enableUpdateMgmt'), 'Yes')]",
"apiVersion": "2015-11-01-preview",
"type": "Microsoft.OperationsManagement/solutions",
"name": "[variables('solutions').updateMgmt.name]",
"location": "[parameters('workspaceRegion')]",
"properties": {
"workspaceResourceId": "[variables('laResourceId')]"
},
"plan": {
"name": "[variables('solutions').updateMgmt.name]",
"product": "[concat('OMSGallery/', variables('solutions').updateMgmt.marketplaceName)]",
"promotionCode": "",
"publisher": "Microsoft"
}
}*/
]
}
}
}
],
"outputs": {}
}

19
eslzArm/subscriptionTemplates/logAnalyticsWorkspace.json
Просмотреть файл

@ -19,6 +19,9 @@
},
"retentionInDays": {
"type": "String"
},
"enableSentinel": {
"type": "String"
}
},
"variables": {
@ -34,7 +37,7 @@
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2018-05-01",
"apiVersion": "2024-03-01",
"name": "[variables('deploymentName')]",
"resourceGroup": "[parameters('rgName')]",
"dependsOn": [
@ -85,6 +88,20 @@
}
}
]
},
{
// Onboard Sentinel
"condition": "[equals(parameters('enableSentinel'), 'Yes')]",
"apiVersion": "2023-02-01-preview",
"type": "Microsoft.SecurityInsights/onboardingStates",
"name": "default",
"scope": "[concat(subscription().id, '/resourceGroups/', parameters('rgName'), '/providers/Microsoft.OperationalInsights/workspaces/', parameters('workspaceName'))]",
"dependsOn": [
"[concat(subscription().id, '/resourceGroups/', parameters('rgName'), '/providers/Microsoft.OperationalInsights/workspaces/', parameters('workspaceName'))]"
],
"properties": {
"customerManagedKey": false
}
}
],
"outputs": {}