MDFC security contacts policy update (#1120)

Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Jack Tracey <41163455+jtracey93@users.noreply.github.com>
2022-11-23 18:37:08 +01:00 · 2022-11-23 18:37:08 +01:00 · e04594ec0a
--- a/eslzArm/managementGroupTemplates/policyDefinitions/policies.json
+++ b/eslzArm/managementGroupTemplates/policyDefinitions/policies.json
--- a/src/resources/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts.json
+++ b/src/resources/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts.json
@ -6,8 +6,8 @@
  "properties": {
    "policyType": "Custom",
    "mode": "All",
-    "displayName": "Deploy Azure Security Center Security Contacts",
-    "description": "Deploy Azure Security Center Security Contacts",
+    "displayName": "Deploy Microsoft Defender for Cloud Security Contacts",
+    "description": "Deploy Microsoft Defender for Cloud Security Contacts",
    "metadata": {
      "version": "1.0.0",
      "category": "Security Center",
@ -37,6 +37,19 @@
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        }
+      },
+      "minimalSeverity": {
+        "type": "string",
+        "defaultValue": "High",
+        "allowedValues": [
+          "High",
+          "Medium",
+          "Low"
+        ],
+        "metadata": {
+          "displayName": "Minimal severity",
+          "description": "Defines the minimal alert severity which will be sent as email notifications"
+        }
      }
    },
    "policyRule": {
@ -63,6 +76,10 @@
                "field": "Microsoft.Security/securityContacts/email",
                "contains": "[[parameters('emailSecurityContact')]"
              },
+              {
+                "field": "Microsoft.Security/securityContacts/alertNotifications.minimalSeverity",
+                "contains": "[[parameters('minimalSeverity')]"
+              },
              {
                "field": "type",
                "equals": "Microsoft.Security/securityContacts"
@ -113,7 +130,7 @@
                      },
                      "alertNotifications": {
                        "state": "On",
-                        "minimalSeverity": "High"
+                        "minimalSeverity": "[[parameters('minimalSeverity')]"
                      }
                    }
                  }
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-MDFC-Config.AzureChinaCloud.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-MDFC-Config.AzureChinaCloud.json
@ -23,6 +23,19 @@
          "description": "Provide email address for Microsoft Defender for Cloud contact details"
        }
      },
+      "minimalSeverity": {
+        "type": "string",
+        "allowedValues": [
+          "High",
+          "Medium",
+          "Low"
+        ],
+        "defaultValue": "High",
+        "metadata": {
+          "displayName": "Minimal severity",
+          "description": "Defines the minimal alert severity which will be sent as email notifications"
+        }
+      },
      "logAnalytics": {
        "type": "String",
        "metadata": {
@ -119,6 +132,9 @@
        "parameters": {
          "emailSecurityContact": {
            "value": "[[parameters('emailSecurityContact')]"
+          },
+          "minimalSeverity":{
+            "value":"[[parameters('minimalSeverity')]"
          }
        },
        "groupNames": []
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-MDFC-Config.AzureUSGovernment.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-MDFC-Config.AzureUSGovernment.json
@ -23,6 +23,19 @@
          "description": "Provide email address for Microsoft Defender for Cloud contact details"
        }
      },
+      "minimalSeverity": {
+        "type": "string",
+        "allowedValues": [
+          "High",
+          "Medium",
+          "Low"
+        ],
+        "defaultValue": "High",
+        "metadata": {
+          "displayName": "Minimal severity",
+          "description": "Defines the minimal alert severity which will be sent as email notifications"
+        }
+      },
      "logAnalytics": {
        "type": "String",
        "metadata": {
@ -185,6 +198,9 @@
        "parameters": {
          "emailSecurityContact": {
            "value": "[[parameters('emailSecurityContact')]"
+          },
+          "minimalSeverity":{
+            "value":"[[parameters('minimalSeverity')]"
          }
        },
        "groupNames": []
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-MDFC-Config.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-MDFC-Config.json
@ -23,6 +23,19 @@
          "description": "Provide email address for Microsoft Defender for Cloud contact details"
        }
      },
+      "minimalSeverity": {
+        "type": "string",
+        "allowedValues": [
+          "High",
+          "Medium",
+          "Low"
+        ],
+        "defaultValue": "High",
+        "metadata": {
+          "displayName": "Minimal severity",
+          "description": "Defines the minimal alert severity which will be sent as email notifications"
+        }
+      },
      "logAnalytics": {
        "type": "String",
        "metadata": {
@ -288,13 +301,16 @@
          }
        },
        "groupNames": []
-      },      
+      },
      {
        "policyDefinitionReferenceId": "securityEmailContact",
        "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts",
        "parameters": {
          "emailSecurityContact": {
            "value": "[[parameters('emailSecurityContact')]"
+          },
+          "minimalSeverity": {
+            "value": "[[parameters('minimalSeverity')]"
          }
        },
        "groupNames": []
@ -318,4 +334,4 @@
    ],
    "policyDefinitionGroups": null
  }
-}
+}