chore: Update Deploy-ASC-SecurityContacts version to 2.0.0 (#1663)

Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Jack Tracey <41163455+jtracey93@users.noreply.github.com>
2024-06-10 15:41:49 +04:00 · 2024-06-10 15:41:49 +04:00 · f92e25f2f9
--- a/docs/wiki/Whats-new.md
+++ b/docs/wiki/Whats-new.md
@ -1,6 +1,7 @@
 ## In this Section

 - [Updates](#updates)
+  - [June 2024](#june-2024)
  - [🆕 AMA Updates](#-ama-updates)
  - [🔃 Policy Refresh H2 FY24](#-policy-refresh-h2-fy24)
  - [May 2024](#may-2024)
@ -50,6 +51,7 @@ Here's what's changed in Enterprise Scale/Azure Landing Zones:
 #### Policy

 - Added new custom policy [Do not allow deletion of specified resource and resource type](https://www.azadvertizer.net/azpolicyadvertizer/DenyAction-DeleteResources.html) that provides a safeguard against accidental removal of the User Assigned Managed Identity used by AMA. Assigned at the Platform Management Group, it blocks delete calls using the deny action effect.
+- Updated the custom policy [Deploy-ASC-SecurityContacts](https://www.azadvertizer.net/azpolicyadvertizer/Deploy-ASC-SecurityContacts.html) as part of the [Deploy-MDFC-Config](https://www.azadvertizer.net/azpolicyinitiativesadvertizer/deploy-mdfc-config.html) initiative to use the new API and revised construct for the Security Contact API in Defender for Cloud (`alertNotications` alias has been deprecated, and replaced by `notificationSources`).

 ### 🆕 AMA Updates

--- a/eslzArm/managementGroupTemplates/policyDefinitions/policies.json
+++ b/eslzArm/managementGroupTemplates/policyDefinitions/policies.json
--- a/src/resources/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts.json
+++ b/src/resources/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts.json
@ -9,7 +9,7 @@
    "displayName": "Deploy Microsoft Defender for Cloud Security Contacts",
    "description": "Deploy Microsoft Defender for Cloud Security Contacts",
    "metadata": {
-      "version": "1.1.0",
+      "version": "2.0.0",
      "category": "Security Center",
      "source": "https://github.com/Azure/Enterprise-Scale/",
      "alzCloudEnvironments": [
@ -20,14 +20,14 @@
    },
    "parameters": {
      "emailSecurityContact": {
-        "type": "string",
+        "type": "String",
        "metadata": {
          "displayName": "Security contacts email address",
-          "description": "Provide email address for Azure Security Center contact details"
+          "description": "Provide email addresses (semi-colon separated) for Defender for Cloud contact details"
        }
      },
      "effect": {
-        "type": "string",
+        "type": "String",
        "defaultValue": "DeployIfNotExists",
        "allowedValues": [
          "DeployIfNotExists",
@ -39,7 +39,7 @@
        }
      },
      "minimalSeverity": {
-        "type": "string",
+        "type": "String",
        "defaultValue": "High",
        "allowedValues": [
          "High",
@ -77,20 +77,12 @@
                "contains": "[[parameters('emailSecurityContact')]"
              },
              {
-                "field": "Microsoft.Security/securityContacts/alertNotifications.minimalSeverity",
+                "field": "Microsoft.Security/securityContacts/isEnabled",
+                "equals": true
+              },
+              {
+                "field": "Microsoft.Security/securityContacts/notificationsSources[*].Alert.minimalSeverity",
                "contains": "[[parameters('minimalSeverity')]"
-              },
-              {
-                "field": "type",
-                "equals": "Microsoft.Security/securityContacts"
-              },
-              {
-                "field": "Microsoft.Security/securityContacts/alertNotifications",
-                "equals": "On"
-              },
-              {
-                "field": "Microsoft.Security/securityContacts/alertsToAdmins",
-                "equals": "On"
              }
            ]
          },
@ -128,19 +120,22 @@
                  {
                    "type": "Microsoft.Security/securityContacts",
                    "name": "default",
-                    "apiVersion": "2020-01-01-preview",
+                    "apiVersion": "2023-12-01-preview",
                    "properties": {
                      "emails": "[[parameters('emailSecurityContact')]",
+                      "isEnabled": true,
                      "notificationsByRole": {
                        "state": "On",
                        "roles": [
                          "Owner"
                        ]
                      },
-                      "alertNotifications": {
-                        "state": "On",
-                        "minimalSeverity": "[[parameters('minimalSeverity')]"
-                      }
+                      "notificationsSources": [
+                        {
+                          "sourceType": "Alert",
+                          "minimalSeverity": "[[parameters('minimalSeverity')]"
+                        }
+                      ]
                    }
                  }
                ],