From 8a21162d9f9914290b4cdcca0404751b5780db1f Mon Sep 17 00:00:00 2001 From: Jan Faurskov <22591930+jfaurskov@users.noreply.github.com> Date: Fri, 30 Jun 2023 10:58:00 +0200 Subject: [PATCH 1/7] Push policies --- .../policyDefinitions/deploy-aa_totaljob_alert.bicep | 11 +++++++---- .../deploy-activitylog-AzureFirewall-Del.bicep | 11 +++++++---- .../deploy-activitylog-KeyVault-Del.bicep | 11 +++++++---- .../deploy-activitylog-LAWorkspace-Del.bicep | 11 +++++++---- .../deploy-activitylog-LAWorkspace-ReGen.bicep | 11 +++++++---- .../deploy-activitylog-NSG-Del.bicep | 11 +++++++---- ...-activitylog-ResourceHealth-UnHealthly-alert.bicep | 11 +++++++---- .../deploy-activitylog-RouteTable-Update.bicep | 11 +++++++---- .../deploy-activitylog-ServiceHealth-Health.bicep | 11 +++++++---- .../deploy-activitylog-ServiceHealth-Incident.bicep | 11 +++++++---- ...deploy-activitylog-ServiceHealth-Maintenance.bicep | 11 +++++++---- .../deploy-activitylog-ServiceHealth-Security.bicep | 11 +++++++---- .../deploy-activitylog-VPNGate-Del.bicep | 11 +++++++---- .../deploy-afw_firewallhealth_alert.bicep | 11 +++++++---- .../deploy-afw_snatportutilization_alert.bicep | 11 +++++++---- .../deploy-alertprocessingrule-deploy.bicep | 11 +++++++---- .../deploy-ercir_arpavailability_alert.bicep | 11 +++++++---- .../deploy-ercir_bgpavailability_alert.bicep | 11 +++++++---- .../deploy-ercir_qosdropsbitsin_alert.bicep | 11 +++++++---- .../deploy-ercir_qosdropsbitsout_alert.bicep | 11 +++++++---- .../deploy-erg_bitsinpersecond_alert.bicep | 11 +++++++---- .../deploy-erg_bitsoutpersecond_alert.bicep | 11 +++++++---- .../deploy-erg_expressroutecpuutilization_alert.bicep | 11 +++++++---- .../deploy-kv_availability_alert.bicep | 11 +++++++---- .../policyDefinitions/deploy-kv_capacity_alert.bicep | 11 +++++++---- .../policyDefinitions/deploy-kv_latency_alert.bicep | 11 +++++++---- .../policyDefinitions/deploy-kv_requests_alert.bicep | 11 +++++++---- .../deploy-pdnsz_capacityutilization_alert.bicep | 11 +++++++---- .../deploy-pdnsz_queryvolume_alert.bicep | 11 +++++++---- .../deploy-pdnsz_recordsetcapacity_alert.bicep | 11 +++++++---- ...-pdnsz_registrationcapacityutilization_alert.bicep | 11 +++++++---- .../deploy-pip_bytesinddosattack_alert.bicep | 11 +++++++---- .../deploy-pip_ddosattack_alert.bicep | 11 +++++++---- .../deploy-pip_packetsinddos_alert.bicep | 11 +++++++---- .../deploy-pip_vipavailability_alert.bicep | 11 +++++++---- .../deploy-rv_backuphealth_monitor.bicep | 9 ++++++--- .../deploy-sa_availability_alert.bicep | 11 +++++++---- .../deploy-vm-HeartBeatAlertRG.bicep | 11 +++++++---- .../policyDefinitions/deploy-vm-HeartBeat_alert.bicep | 11 +++++++---- .../policyDefinitions/deploy-vm-NetworkIn_alert.bicep | 11 +++++++---- .../deploy-vm-NetworkOut_alert.bicep | 11 +++++++---- .../deploy-vm-OSDiskSpace_alert.bicep | 11 +++++++---- .../deploy-vm-OSDiskreadLatency_alert.bicep | 11 +++++++---- .../deploy-vm-OSDiskwriteLatency_alert.bicep | 11 +++++++---- .../deploy-vm-PercentCPU_alert.bicep | 11 +++++++---- .../deploy-vm-PercentMemory_alert.bicep | 11 +++++++---- .../deploy-vm-dataDiskSpace_alert.bicep | 11 +++++++---- .../deploy-vm-dataDiskreadLatency_alert.bicep | 11 +++++++---- .../deploy-vm-dataDiskwriteLatency_alert.bicep | 11 +++++++---- .../deploy-vm_availablememory_alert.bicep | 11 +++++++---- .../deploy-vnet_ddosattack_alert.bicep | 11 +++++++---- .../deploy-vnetg_bandwidthutilization_alert.bicep | 11 +++++++---- .../policyDefinitions/deploy-vnetg_egress_alert.bicep | 11 +++++++---- .../deploy-vnetg_egresspacketdropcount_alert.bicep | 11 +++++++---- .../deploy-vnetg_egresspacketdropmismatch_alert.bicep | 11 +++++++---- ...deploy-vnetg_expressroutebitspersecond_alert.bicep | 11 +++++++---- ...eploy-vnetg_expressroutecpuutilization_alert.bicep | 11 +++++++---- .../deploy-vnetg_ingress_alert.bicep | 11 +++++++---- .../deploy-vnetg_ingresspacketdropcount_alert.bicep | 11 +++++++---- ...deploy-vnetg_ingresspacketdropmismatch_alert.bicep | 11 +++++++---- .../deploy-vpng_bandwidthutilization_alert.bicep | 11 +++++++---- .../deploy-vpng_bgppeerstatus_alert.bicep | 11 +++++++---- .../policyDefinitions/deploy-vpng_egress_alert.bicep | 11 +++++++---- .../deploy-vpng_egresspacketdropcount_alert.bicep | 11 +++++++---- .../deploy-vpng_egresspacketdropmismatch_alert.bicep | 11 +++++++---- .../policyDefinitions/deploy-vpng_ingress_alert.bicep | 11 +++++++---- .../deploy-vpng_ingresspacketdropcount_alert.bicep | 11 +++++++---- .../deploy-vpng_ingresspacketdropmismatch_alert.bicep | 11 +++++++---- 68 files changed, 475 insertions(+), 271 deletions(-) diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-aa_totaljob_alert.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-aa_totaljob_alert.bicep index 542c84ba..92874994 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-aa_totaljob_alert.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-aa_totaljob_alert.bicep @@ -56,13 +56,16 @@ module TotalJobAlert '../../arm/Microsoft.Authorization/policyDefinitions/manage name: '${uniqueString(deployment().name)}-aatotaljob-policyDefinitions' params: { name: 'Deploy_AA_TotalJob_Alert' - displayName: '[DINE] Deploy Automation Account TotalJob Alert' - description: 'DINE policy to audit/deploy Automation Account TotalJob Alert' + displayName: 'Deploy Automation Account TotalJob Alert' + description: 'Policy to audit/deploy Automation Account TotalJob Alert' location: policyLocation metadata: { version: '1.0.1' - Category: 'Networking' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Automation' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] _deployed_by_alz_monitor: 'True' } parameters: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-AzureFirewall-Del.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-AzureFirewall-Del.bicep index 4789ba08..2483918e 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-AzureFirewall-Del.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-AzureFirewall-Del.bicep @@ -19,13 +19,16 @@ module ActivityLogFirewallDeleteAlert '../../arm/Microsoft.Authorization/policyD name: '${uniqueString(deployment().name)}-shi-policyDefinitions' params: { name: 'Deploy_activitylog_Firewall_Delete' - displayName: '[DINE] Deploy Activity Log Azure FireWall Delete Alert' - description: 'DINE policy to Deploy Activity Log Azure Firewall Delete Alert' + displayName: 'Deploy Activity Log Azure FireWall Delete Alert' + description: 'Policy to Deploy Activity Log Azure Firewall Delete Alert' location: policyLocation metadata: { version: '1.0.1' - Category: 'ActivityLog' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Network' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] _deployed_by_alz_monitor: 'True' } parameters: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-KeyVault-Del.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-KeyVault-Del.bicep index 80cda71b..6f1b6624 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-KeyVault-Del.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-KeyVault-Del.bicep @@ -20,13 +20,16 @@ module ActivityLogKeyVaultDeleteAlert '../../arm/Microsoft.Authorization/policyD name: '${uniqueString(deployment().name)}-shi-policyDefinitions' params: { name: 'Deploy_activitylog_KeyVault_Delete' - displayName: '[DINE] Deploy Activity Log Key Vault Delete Alert' - description: 'DINE policy to Deploy Activity Log Key Vault Delete Alert' + displayName: 'Deploy Activity Log Key Vault Delete Alert' + description: 'Policy to Deploy Activity Log Key Vault Delete Alert' location: policyLocation metadata: { version: '1.0.1' - Category: 'ActivityLog' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Key Vault' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] _deployed_by_alz_monitor: 'True' } parameters: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-LAWorkspace-Del.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-LAWorkspace-Del.bicep index b79f2357..e6a67bf6 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-LAWorkspace-Del.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-LAWorkspace-Del.bicep @@ -18,13 +18,16 @@ module ActivityLogLAWorkspaceDeleteAlert '../../arm/Microsoft.Authorization/poli name: '${uniqueString(deployment().name)}-shi-policyDefinitions' params: { name: 'Deploy_activitylog_LAWorkspace_Delete' - displayName: '[DINE] Deploy Activity Log LA Workspace Delete Alert' - description: 'DINE policy to Deploy Activity Log LA Workspace Delete Alert' + displayName: 'Deploy Activity Log LA Workspace Delete Alert' + description: 'Policy to Deploy Activity Log LA Workspace Delete Alert' location: policyLocation metadata: { version: '1.0.1' - Category: 'ActivityLog' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Monitoring' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] _deployed_by_alz_monitor: 'True' } parameters: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-LAWorkspace-ReGen.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-LAWorkspace-ReGen.bicep index 1f078736..d24797cd 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-LAWorkspace-ReGen.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-LAWorkspace-ReGen.bicep @@ -20,13 +20,16 @@ module ActivityLogLAWorkspaceGenKeyAlert '../../arm/Microsoft.Authorization/poli name: '${uniqueString(deployment().name)}-shi-policyDefinitions' params: { name: 'Deploy_activitylog_LAWorkspace_KeyRegen' - displayName: '[DINE] Deploy Activity Log LA Workspace Regenerate Key Alert' - description: 'DINE policy to Deploy Activity Log LA Workspace Regenerate Key Alert' + displayName: 'Deploy Activity Log LA Workspace Regenerate Key Alert' + description: 'Policy to Deploy Activity Log LA Workspace Regenerate Key Alert' location: policyLocation metadata: { version: '1.0.1' - Category: 'ActivityLog' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Monitoring' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] _deployed_by_alz_monitor: 'True' } parameters: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-NSG-Del.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-NSG-Del.bicep index ec589561..2714454c 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-NSG-Del.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-NSG-Del.bicep @@ -20,13 +20,16 @@ module ActivityLogNSGDeleteAlert '../../arm/Microsoft.Authorization/policyDefini name: '${uniqueString(deployment().name)}-shi-policyDefinitions' params: { name: 'Deploy_activitylog_NSG_Delete' - displayName: '[DINE] Deploy Activity Log NSG Delete Alert' - description: 'DINE policy to Deploy Activity Log NSG Delete Alert' + displayName: 'Deploy Activity Log NSG Delete Alert' + description: 'Policy to Deploy Activity Log NSG Delete Alert' location: policyLocation metadata: { version: '1.0.1' - Category: 'ActivityLog' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Network' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] _deployed_by_alz_monitor: 'True' } parameters: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-ResourceHealth-UnHealthly-alert.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-ResourceHealth-UnHealthly-alert.bicep index 2f599ea9..b47b3e74 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-ResourceHealth-UnHealthly-alert.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-ResourceHealth-UnHealthly-alert.bicep @@ -19,13 +19,16 @@ module ResourceHealthUnhealthyAlert '../../arm/Microsoft.Authorization/policyDef name: '${uniqueString(deployment().name)}-shi-policyDefinitions' params: { name: 'Deploy_activitylog_ResourceHealth_Unhealthy_Alert' - displayName: '[DINE] Deploy Resource Health Unhealthy Alert' - description: 'DINE policy to Deploy Resource Health Unhealthy Alert' + displayName: 'Deploy Resource Health Unhealthy Alert' + description: 'Policy to Deploy Resource Health Unhealthy Alert' location: policyLocation metadata: { version: '1.0.1' - Category: 'ServiceHealth' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Monitoring' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] _deployed_by_alz_monitor: 'True' } parameters: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-RouteTable-Update.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-RouteTable-Update.bicep index e4b73ff6..06541ef6 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-RouteTable-Update.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-RouteTable-Update.bicep @@ -20,13 +20,16 @@ module ActivityLogUDRUpdateAlert '../../arm/Microsoft.Authorization/policyDefini name: '${uniqueString(deployment().name)}-shi-policyDefinitions' params: { name: 'Deploy_activitylog_RouteTable_Update' - displayName: '[DINE] Deploy Activity Log Route Table Update Alert' - description: 'DINE policy to Deploy Activity Log Route Table Update Alert' + displayName: 'Deploy Activity Log Route Table Update Alert' + description: 'Policy to Deploy Activity Log Route Table Update Alert' location: policyLocation metadata: { version: '1.0.1' - Category: 'ActivityLog' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Network' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] _deployed_by_alz_monitor: 'True' } parameters: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-ServiceHealth-Health.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-ServiceHealth-Health.bicep index 60e8229d..aa634b15 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-ServiceHealth-Health.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-ServiceHealth-Health.bicep @@ -20,13 +20,16 @@ module ServiceHealthIncidentAlert '../../arm/Microsoft.Authorization/policyDefin name: '${uniqueString(deployment().name)}-shi-policyDefinitions' params: { name: 'Deploy_activitylog_ServiceHealth_HealthAdvisory' - displayName: '[DINE] Deploy Service Health Advisory Alert' - description: 'DINE policy to Deploy Service Health Advisory Alert' + displayName: 'Deploy Service Health Advisory Alert' + description: 'Policy to Deploy Service Health Advisory Alert' location: policyLocation metadata: { version: '1.1.0' - Category: 'ServiceHealth' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Monitoring' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] _deployed_by_alz_monitor: 'True' } parameters: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-ServiceHealth-Incident.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-ServiceHealth-Incident.bicep index d4c284a0..f3b07424 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-ServiceHealth-Incident.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-ServiceHealth-Incident.bicep @@ -20,13 +20,16 @@ module ServiceHealthIncidentAlert '../../arm/Microsoft.Authorization/policyDefin name: '${uniqueString(deployment().name)}-shi-policyDefinitions' params: { name: 'Deploy_activitylog_ServiceHealth_Incident' - displayName: '[DINE] Deploy Service Health Incident Alert' - description: 'DINE policy to Deploy Service Health Incident Alert' + displayName: 'Deploy Service Health Incident Alert' + description: 'Policy to Deploy Service Health Incident Alert' location: policyLocation metadata: { version: '1.1.0' - Category: 'ServiceHealth' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Monitoring' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] _deployed_by_alz_monitor: 'True' } parameters: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-ServiceHealth-Maintenance.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-ServiceHealth-Maintenance.bicep index 06d7367b..2f8f99c2 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-ServiceHealth-Maintenance.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-ServiceHealth-Maintenance.bicep @@ -20,13 +20,16 @@ module ServiceHealthMaintenanceAlert '../../arm/Microsoft.Authorization/policyDe name: '${uniqueString(deployment().name)}-shi-policyDefinitions' params: { name: 'Deploy_activitylog_ServiceHealth_Maintenance' - displayName: '[DINE] Deploy Service Health Maintenance Alert' - description: 'DINE policy to Deploy Service Health Maintenance Alert' + displayName: 'Deploy Service Health Maintenance Alert' + description: 'Policy to Deploy Service Health Maintenance Alert' location: policyLocation metadata: { version: '1.1.0' - Category: 'ServiceHealth' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Monitoring' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] _deployed_by_alz_monitor: 'True' } parameters: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-ServiceHealth-Security.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-ServiceHealth-Security.bicep index 5268c7f7..af94a8ce 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-ServiceHealth-Security.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-ServiceHealth-Security.bicep @@ -20,13 +20,16 @@ module ServiceHealthSecurityAlert '../../arm/Microsoft.Authorization/policyDefin name: '${uniqueString(deployment().name)}-shi-policyDefinitions' params: { name: 'Deploy_activitylog_ServiceHealth_SecurityAdvisory' - displayName: '[DINE] Deploy Service Health Security Advisory Alert' - description: 'DINE policy to Deploy Service Health Security Advisory Alert' + displayName: 'Deploy Service Health Security Advisory Alert' + description: 'Policy to Deploy Service Health Security Advisory Alert' location: policyLocation metadata: { version: '1.1.0' - Category: 'ServiceHealth' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Monitroring' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] _deployed_by_alz_monitor: 'True' } parameters: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-VPNGate-Del.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-VPNGate-Del.bicep index 0fe118fb..e2354515 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-VPNGate-Del.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-VPNGate-Del.bicep @@ -18,13 +18,16 @@ module ActivityLogVPNGatewayDeleteAlert '../../arm/Microsoft.Authorization/polic name: '${uniqueString(deployment().name)}-shi-policyDefinitions' params: { name: 'Deploy_activitylog_VPNGateway_Delete' - displayName: '[DINE] Deploy Activity Log VPN Gateway Delete Alert' - description: 'DINE policy to Deploy Activity Log VPN Gateway Delete Alert' + displayName: 'Deploy Activity Log VPN Gateway Delete Alert' + description: 'Policy to Deploy Activity Log VPN Gateway Delete Alert' location: policyLocation metadata: { version: '1.0.1' - Category: 'ActivityLog' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Network' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] _deployed_by_alz_monitor: 'True' } parameters: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-afw_firewallhealth_alert.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-afw_firewallhealth_alert.bicep index 899b197b..3f695bf6 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-afw_firewallhealth_alert.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-afw_firewallhealth_alert.bicep @@ -56,13 +56,16 @@ module FirewallHealthAlert '../../arm/Microsoft.Authorization/policyDefinitions/ name: '${uniqueString(deployment().name)}-afwfirewallhealth-policyDefinitions' params: { name: 'Deploy_AFW_FirewallHealth_Alert' - displayName: '[DINE] Deploy AFW FirewallHealth Alert' - description: 'DINE policy to audit/deploy Azure Firewall FirewallHealth Alert' + displayName: 'Deploy AFW FirewallHealth Alert' + description: 'Policy to audit/deploy Azure Firewall FirewallHealth Alert' location: policyLocation metadata: { version: '1.0.1' - Category: 'Networking' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Network' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] _deployed_by_alz_monitor: 'True' } parameters: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-afw_snatportutilization_alert.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-afw_snatportutilization_alert.bicep index bba28649..8883ced8 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-afw_snatportutilization_alert.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-afw_snatportutilization_alert.bicep @@ -56,13 +56,16 @@ module SNATPortUtilizationAlert '../../arm/Microsoft.Authorization/policyDefinit name: '${uniqueString(deployment().name)}-afwsnatportutilization-policyDefinitions' params: { name: 'Deploy_AFW_SNATPortUtilization_Alert' - displayName: '[DINE] Deploy AFW SNATPortUtilization Alert' - description: 'DINE policy to audit/deploy Azure Firewall SNATPortUtilization Alert' + displayName: 'Deploy AFW SNATPortUtilization Alert' + description: 'Policy to audit/deploy Azure Firewall SNATPortUtilization Alert' location: policyLocation metadata: { version: '1.0.1' - Category: 'Networking' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Network' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] _deployed_by_alz_monitor: 'True' } parameters: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-alertprocessingrule-deploy.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-alertprocessingrule-deploy.bicep index 028b1f5e..02b7c8af 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-alertprocessingrule-deploy.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-alertprocessingrule-deploy.bicep @@ -17,13 +17,16 @@ module AlertProcessingRule '../../arm/Microsoft.Authorization/policyDefinitions/ name: '${uniqueString(deployment().name)}-shi-policyDefinitions' params: { name: 'Deploy_AlertProcessing_Rule' - displayName: '[DINE] Deploy Alert Processing Rule' - description: 'DINE policy to Deploy Deploy Alert Processing Rule with Action Group' + displayName: 'Deploy Alert Processing Rule' + description: 'Policy to Deploy Deploy Alert Processing Rule with Action Group' location: policyLocation metadata: { version: '1.0.1' - Category: 'Action Groups' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Monitoring' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] _deployed_by_alz_monitor: 'True' } parameters: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-ercir_arpavailability_alert.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-ercir_arpavailability_alert.bicep index 907f608c..93bb146d 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-ercir_arpavailability_alert.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-ercir_arpavailability_alert.bicep @@ -56,13 +56,16 @@ module ArpAvailabilityAlert '../../arm/Microsoft.Authorization/policyDefinitions name: '${uniqueString(deployment().name)}-ercirarpav-policyDefinitions' params: { name: 'Deploy_ERCIR_ArpAvailability_Alert' - displayName: '[DINE] Deploy ExpressRoute Circuits Arp Availability Alert' - description: 'DINE policy to audit/deploy ExpressRoute Circuits Arp Availability Alert' + displayName: 'Deploy ExpressRoute Circuits Arp Availability Alert' + description: 'Policy to audit/deploy ExpressRoute Circuits Arp Availability Alert' location: policyLocation metadata: { version: '1.0.1' - Category: 'Networking' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Network' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] _deployed_by_alz_monitor: 'True' } parameters: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-ercir_bgpavailability_alert.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-ercir_bgpavailability_alert.bicep index 7052613a..35f56166 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-ercir_bgpavailability_alert.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-ercir_bgpavailability_alert.bicep @@ -56,13 +56,16 @@ module BgpAvailabilityAlert '../../arm/Microsoft.Authorization/policyDefinitions name: '${uniqueString(deployment().name)}-ercirbgpav-policyDefinitions' params: { name: 'Deploy_ERCIR_BgpAvailability_Alert' - displayName: '[DINE] Deploy ExpressRoute Circuits Bgp Availability Alert' - description: 'DINE policy to audit/deploy ExpressRoute Circuits Bgp Availability Alert' + displayName: 'Deploy ExpressRoute Circuits Bgp Availability Alert' + description: 'Policy to audit/deploy ExpressRoute Circuits Bgp Availability Alert' location: policyLocation metadata: { version: '1.0.1' - Category: 'Networking' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Network' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] _deployed_by_alz_monitor: 'True' } parameters: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-ercir_qosdropsbitsin_alert.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-ercir_qosdropsbitsin_alert.bicep index 17caa400..a31cb791 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-ercir_qosdropsbitsin_alert.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-ercir_qosdropsbitsin_alert.bicep @@ -54,13 +54,16 @@ module QosDropBitsInPerSecondAlert '../../arm/Microsoft.Authorization/policyDefi name: '${uniqueString(deployment().name)}-erqosdropsin-policyDefinitions' params: { name: 'Deploy_ERCIR_QosDropBitsInPerSecond_Alert' - displayName: '[DINE] Deploy ExpressRoute Circuits QosDropBitsInPerSecond Alert' - description: 'DINE policy to audit/deploy ExpressRoute Circuits QosDropBitsInPerSecond Alert' + displayName: 'Deploy ExpressRoute Circuits QosDropBitsInPerSecond Alert' + description: 'Policy to audit/deploy ExpressRoute Circuits QosDropBitsInPerSecond Alert' location: policyLocation metadata: { version: '1.0.1' - Category: 'Networking' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Network' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] _deployed_by_alz_monitor: 'True' } parameters: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-ercir_qosdropsbitsout_alert.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-ercir_qosdropsbitsout_alert.bicep index c099919e..44390557 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-ercir_qosdropsbitsout_alert.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-ercir_qosdropsbitsout_alert.bicep @@ -54,13 +54,16 @@ module QosDropBitsOutPerSecondAlert '../../arm/Microsoft.Authorization/policyDef name: '${uniqueString(deployment().name)}-erqosdropsout-policyDefinitions' params: { name: 'Deploy_ERCIR_QosDropBitsOutPerSecond_Alert' - displayName: '[DINE] Deploy ExpressRoute Circuits QosDropBitsOutPerSecond Alert' - description: 'DINE policy to audit/deploy ExpressRoute Circuits QosDropBitsOutPerSecond Alert' + displayName: 'Deploy ExpressRoute Circuits QosDropBitsOutPerSecond Alert' + description: 'Policy to audit/deploy ExpressRoute Circuits QosDropBitsOutPerSecond Alert' location: policyLocation metadata: { version: '1.0.1' - Category: 'Networking' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Network' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] _deployed_by_alz_monitor: 'True' } parameters: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-erg_bitsinpersecond_alert.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-erg_bitsinpersecond_alert.bicep index 3c7b09ab..90db2e48 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-erg_bitsinpersecond_alert.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-erg_bitsinpersecond_alert.bicep @@ -56,13 +56,16 @@ module ErgExpressRouteBitsInAlert '../../arm/Microsoft.Authorization/policyDefin name: '${uniqueString(deployment().name)}-ergergbin-policyDefinitions' params: { name: 'Deploy_ERGw_ExpressRouteBitsIn_Alert' - displayName: '[DINE] Deploy ERG ExpressRoute Bits In Alert' - description: 'DINE policy to audit/deploy ER Gateway Connection BitsInPerSecond Alert' + displayName: 'Deploy ERG ExpressRoute Bits In Alert' + description: 'Policy to audit/deploy ER Gateway Connection BitsInPerSecond Alert' location: policyLocation metadata: { version: '1.0.1' - Category: 'Networking' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Network' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] _deployed_by_alz_monitor: 'True' } parameters: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-erg_bitsoutpersecond_alert.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-erg_bitsoutpersecond_alert.bicep index ffbcf90e..8cafedb0 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-erg_bitsoutpersecond_alert.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-erg_bitsoutpersecond_alert.bicep @@ -56,13 +56,16 @@ module ErgExpressRouteBitsOutAlert '../../arm/Microsoft.Authorization/policyDefi name: '${uniqueString(deployment().name)}-ergergbout-policyDefinitions' params: { name: 'Deploy_ERGw_ExpressRouteBitsOut_Alert' - displayName: '[DINE] Deploy ERG ExpressRoute Bits Out Alert' - description: 'DINE policy to audit/deploy ER Gateway Connection BitsOutPerSecond Alert' + displayName: 'Deploy ERG ExpressRoute Bits Out Alert' + description: 'Policy to audit/deploy ER Gateway Connection BitsOutPerSecond Alert' location: policyLocation metadata: { version: '1.0.1' - Category: 'Networking' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Network' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] _deployed_by_alz_monitor: 'True' } parameters: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-erg_expressroutecpuutilization_alert.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-erg_expressroutecpuutilization_alert.bicep index deac3f4f..fd82f78b 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-erg_expressroutecpuutilization_alert.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-erg_expressroutecpuutilization_alert.bicep @@ -56,13 +56,16 @@ module ErgExpressRouteCPUUtilizationAlert '../../arm/Microsoft.Authorization/pol name: '${uniqueString(deployment().name)}-ergergcpuua-policyDefinitions' params: { name: 'Deploy_ERGw_ExpressRouteCpuUtil_Alert' - displayName: '[DINE] Deploy ERG ExpressRoute CPU Utilization Alert' - description: 'DINE policy to audit/deploy ER Gateway Express Route CPU Utilization Alert' + displayName: 'Deploy ERG ExpressRoute CPU Utilization Alert' + description: 'Policy to audit/deploy ER Gateway Express Route CPU Utilization Alert' location: policyLocation metadata: { version: '1.0.1' - Category: 'Networking' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Network' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] _deployed_by_alz_monitor: 'True' } parameters: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-kv_availability_alert.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-kv_availability_alert.bicep index 8967827d..76dd2d73 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-kv_availability_alert.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-kv_availability_alert.bicep @@ -56,13 +56,16 @@ module AvailabilityAlert '../../arm/Microsoft.Authorization/policyDefinitions/ma name: '${uniqueString(deployment().name)}-kva-policyDefinitions' params: { name: 'Deploy_KeyVault_Availability_Alert' - displayName: '[DINE] Deploy KeyVault Availability Alert' - description: 'DINE policy to audit/deploy KeyVault Availability Alert' + displayName: 'Deploy KeyVault Availability Alert' + description: 'Policy to audit/deploy KeyVault Availability Alert' location: policyLocation metadata: { version: '1.0.1' - Category: 'Key Vault' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Key Vault' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] _deployed_by_alz_monitor: 'True' } parameters: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-kv_capacity_alert.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-kv_capacity_alert.bicep index f3087d2d..b32049fc 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-kv_capacity_alert.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-kv_capacity_alert.bicep @@ -56,13 +56,16 @@ module CapacityAlert '../../arm/Microsoft.Authorization/policyDefinitions/manage name: '${uniqueString(deployment().name)}-kvca-policyDefinitions' params: { name: 'Deploy_KeyVault_Capacity_Alert' - displayName: '[DINE] Deploy KeyVault Capacity Alert' - description: 'DINE policy to audit/deploy KeyVault Capacity Alert' + displayName: 'Deploy KeyVault Capacity Alert' + description: 'Policy to audit/deploy KeyVault Capacity Alert' location: policyLocation metadata: { version: '1.0.1' - Category: 'Key Vault' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Key Vault' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] _deployed_by_alz_monitor: 'True' } parameters: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-kv_latency_alert.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-kv_latency_alert.bicep index f4b9ff49..f00cc20f 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-kv_latency_alert.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-kv_latency_alert.bicep @@ -56,13 +56,16 @@ module LatencyAlert '../../arm/Microsoft.Authorization/policyDefinitions/managem name: '${uniqueString(deployment().name)}-kvla-policyDefinitions' params: { name: 'Deploy_KeyVault_Latency_Alert' - displayName: '[DINE] Deploy KeyVault Latency Alert' - description: 'DINE policy to audit/deploy KeyVault Latency Alert' + displayName: 'Deploy KeyVault Latency Alert' + description: 'Policy to audit/deploy KeyVault Latency Alert' location: policyLocation metadata: { version: '1.0.1' - Category: 'Key Vault' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Key Vault' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] _deployed_by_alz_monitor: 'True' } parameters: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-kv_requests_alert.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-kv_requests_alert.bicep index 561932cc..a75e0c2f 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-kv_requests_alert.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-kv_requests_alert.bicep @@ -54,13 +54,16 @@ module RequestsAlert '../../arm/Microsoft.Authorization/policyDefinitions/manage name: '${uniqueString(deployment().name)}-kvra-policyDefinitions' params: { name: 'Deploy_KeyVault_Requests_Alert' - displayName: '[DINE] Deploy KeyVault Requests Alert' - description: 'DINE policy to audit/deploy KeyVault Requests Alert' + displayName: 'Deploy KeyVault Requests Alert' + description: 'Policy to audit/deploy KeyVault Requests Alert' location: policyLocation metadata: { version: '1.0.1' - Category: 'Key Vault' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Key Vault' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] _deployed_by_alz_monitor: 'True' } parameters: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-pdnsz_capacityutilization_alert.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-pdnsz_capacityutilization_alert.bicep index ce273a63..eafb113f 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-pdnsz_capacityutilization_alert.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-pdnsz_capacityutilization_alert.bicep @@ -56,13 +56,16 @@ module CapacityUtilizationAlert '../../arm/Microsoft.Authorization/policyDefinit name: '${uniqueString(deployment().name)}-pdnsvnlcu-policyDefinitions' params: { name: 'Deploy_PDNSZ_CapacityUtil_Alert' - displayName: '[DINE] Deploy PDNSZ Capacity Utilization Alert' - description: 'DINE policy to audit/deploy Private DNS Zone Capacity Utilization Alert' + displayName: 'Deploy PDNSZ Capacity Utilization Alert' + description: 'Policy to audit/deploy Private DNS Zone Capacity Utilization Alert' location: policyLocation metadata: { version: '1.0.1' - Category: 'Networking' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Network' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] _deployed_by_alz_monitor: 'True' } parameters: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-pdnsz_queryvolume_alert.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-pdnsz_queryvolume_alert.bicep index 24d7562d..fe9ff674 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-pdnsz_queryvolume_alert.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-pdnsz_queryvolume_alert.bicep @@ -56,13 +56,16 @@ module QueryVolumeAlert '../../arm/Microsoft.Authorization/policyDefinitions/man name: '${uniqueString(deployment().name)}-pdnszqv-policyDefinitions' params: { name: 'Deploy_PDNSZ_QueryVolume_Alert' - displayName: '[DINE] Deploy PDNSZ Query Volume Alert' - description: 'DINE policy to audit/deploy Private DNS Zone Query Volume Alert' + displayName: 'Deploy PDNSZ Query Volume Alert' + description: 'Policy to audit/deploy Private DNS Zone Query Volume Alert' location: policyLocation metadata: { version: '1.0.1' - Category: 'Networking' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Network' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] _deployed_by_alz_monitor: 'True' } parameters: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-pdnsz_recordsetcapacity_alert.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-pdnsz_recordsetcapacity_alert.bicep index caae35d6..716c25c6 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-pdnsz_recordsetcapacity_alert.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-pdnsz_recordsetcapacity_alert.bicep @@ -56,13 +56,16 @@ module RecordSetCapacityAlert '../../arm/Microsoft.Authorization/policyDefinitio name: '${uniqueString(deployment().name)}-pdnsrsc-policyDefinitions' params: { name: 'Deploy_PDNSZ_RecordSetCapacity_Alert' - displayName: '[DINE] Deploy PDNSZ Record Set Capacity Alert' - description: 'DINE policy to audit/deploy Private DNS Zone Record Set Capacity Alert' + displayName: 'Deploy PDNSZ Record Set Capacity Alert' + description: 'Policy to audit/deploy Private DNS Zone Record Set Capacity Alert' location: policyLocation metadata: { version: '1.0.1' - Category: 'Networking' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Network' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] _deployed_by_alz_monitor: 'True' } parameters: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-pdnsz_registrationcapacityutilization_alert.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-pdnsz_registrationcapacityutilization_alert.bicep index b09218e4..baf31584 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-pdnsz_registrationcapacityutilization_alert.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-pdnsz_registrationcapacityutilization_alert.bicep @@ -56,13 +56,16 @@ module RegistrationCapacityUtilizationAlert '../../arm/Microsoft.Authorization/p name: '${uniqueString(deployment().name)}-pdnszvnrcu-policyDefinitions' params: { name: 'Deploy_DNSZ_RegistrationCapacityUtil_Alert' - displayName: '[DINE] Deploy PDNSZ Registration Capacity Utilization Alert' - description: 'DINE policy to audit/deploy Private DNS Zone Registration Capacity Utilization Alert' + displayName: 'Deploy PDNSZ Registration Capacity Utilization Alert' + description: 'Policy to audit/deploy Private DNS Zone Registration Capacity Utilization Alert' location: policyLocation metadata: { version: '1.0.1' - Category: 'Networking' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Network' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] _deployed_by_alz_monitor: 'True' } parameters: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-pip_bytesinddosattack_alert.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-pip_bytesinddosattack_alert.bicep index dc57b851..c0fe52d1 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-pip_bytesinddosattack_alert.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-pip_bytesinddosattack_alert.bicep @@ -56,13 +56,16 @@ module BytesInDDOSAlert '../../arm/Microsoft.Authorization/policyDefinitions/man name: '${uniqueString(deployment().name)}-pipbiddos-policyDefinitions' params: { name: 'Deploy_PublicIp_BytesInDDoSAttack_Alert' - displayName: '[DINE] Deploy PIP Bytes in DDoS Attack Alert' - description: 'DINE policy to audit/deploy PIP Bytes in DDoS Attack Alert' + displayName: 'Deploy PIP Bytes in DDoS Attack Alert' + description: 'Policy to audit/deploy PIP Bytes in DDoS Attack Alert' location: policyLocation metadata: { version: '1.0.1' - Category: 'Networking' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Network' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] _deployed_by_alz_monitor: 'True' } parameters: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-pip_ddosattack_alert.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-pip_ddosattack_alert.bicep index 7b3cafec..2dadad5e 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-pip_ddosattack_alert.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-pip_ddosattack_alert.bicep @@ -56,13 +56,16 @@ module DDOSAttackAlert '../../arm/Microsoft.Authorization/policyDefinitions/mana name: '${uniqueString(deployment().name)}-pipddosa-policyDefinitions' params: { name: 'Deploy_PublicIp_DDoSAttack_Alert' - displayName: '[DINE] Deploy PIP DDoS Attack Alert' - description: 'DINE policy to audit/deploy PIP DDoS Attack Alert' + displayName: 'Deploy PIP DDoS Attack Alert' + description: 'Policy to audit/deploy PIP DDoS Attack Alert' location: policyLocation metadata: { version: '1.0.1' - Category: 'Networking' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Network' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] _deployed_by_alz_monitor: 'True' } parameters: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-pip_packetsinddos_alert.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-pip_packetsinddos_alert.bicep index 100821b7..385b0b8d 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-pip_packetsinddos_alert.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-pip_packetsinddos_alert.bicep @@ -56,13 +56,16 @@ module PacketsInDDOSAlert '../../arm/Microsoft.Authorization/policyDefinitions/m name: '${uniqueString(deployment().name)}-pippiddos-policyDefinitions' params: { name: 'Deploy_PublicIp_PacketsInDDoSAttack_Alert' - displayName: '[DINE] Deploy PIP Packets in DDoS Attack Alert' - description: 'DINE policy to audit/deploy PIP Packets in DDoS Attack Alert' + displayName: 'Deploy PIP Packets in DDoS Attack Alert' + description: 'Policy to audit/deploy PIP Packets in DDoS Attack Alert' location: policyLocation metadata: { version: '1.0.1' - Category: 'Networking' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Network' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] _deployed_by_alz_monitor: 'True' } parameters: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-pip_vipavailability_alert.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-pip_vipavailability_alert.bicep index 90fa9293..7f1f467a 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-pip_vipavailability_alert.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-pip_vipavailability_alert.bicep @@ -56,13 +56,16 @@ module VIPAvailabilityAlert '../../arm/Microsoft.Authorization/policyDefinitions name: '${uniqueString(deployment().name)}-pipvipaa-policyDefinitions' params: { name: 'Deploy_PublicIp_VIPAvailability_Alert' - displayName: '[DINE] Deploy PIP VIP Availability Alert' - description: 'DINE policy to audit/deploy PIP VIP Availability Alert' + displayName: 'Deploy PIP VIP Availability Alert' + description: 'Policy to audit/deploy PIP VIP Availability Alert' location: policyLocation metadata: { version: '1.0.1' - Category: 'Networking' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Network' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] _deployed_by_alz_monitor: 'True' } parameters: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-rv_backuphealth_monitor.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-rv_backuphealth_monitor.bicep index 2181b666..2726b2da 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-rv_backuphealth_monitor.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-rv_backuphealth_monitor.bicep @@ -21,13 +21,16 @@ module BackupHealthMonitor '../../arm/Microsoft.Authorization/policyDefinitions/ name: '${uniqueString(deployment().name)}-rvbuhm-policyDefinitions' params: { name: 'Deploy_RecoveryVault_BackupHealthMonitor_Alert' - displayName: '[Modify] Deploy RV Backup Health Monitoring Alerts' - description: 'Modify policy to audit/update Recovery Vault Backup Health Alerting to Azure monitor alerts' + displayName: 'Deploy RV Backup Health Monitoring Alerts' + description: 'Policy to audit/update Recovery Vault Backup Health Alerting to Azure monitor alerts' location: policyLocation metadata: { version: '1.0.0' category: 'Site Recovery' - source: 'https://github.com/Azure/ALZ-Monitor/' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] _deployed_by_alz_monitor: 'True' } parameters: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-sa_availability_alert.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-sa_availability_alert.bicep index 13b6a157..2277466b 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-sa_availability_alert.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-sa_availability_alert.bicep @@ -56,13 +56,16 @@ module AvailabilityAlert '../../arm/Microsoft.Authorization/policyDefinitions/ma name: '${uniqueString(deployment().name)}-saaa-policyDefinitions' params: { name: 'Deploy_StorageAccount_Availability_Alert' - displayName: '[DINE] Deploy SA Availability Alert' - description: 'DINE policy to audit/deploy SA Availability Alert' + displayName: 'Deploy SA Availability Alert' + description: 'Policy to audit/deploy SA Availability Alert' location: policyLocation metadata: { version: '1.0.1' - Category: 'Storage' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Storage' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] _deployed_by_alz_monitor: 'True' } parameters: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vm-HeartBeatAlertRG.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vm-HeartBeatAlertRG.bicep index ab575828..8c5e41b5 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vm-HeartBeatAlertRG.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vm-HeartBeatAlertRG.bicep @@ -79,13 +79,16 @@ module AvailableMemoryAlert '../../arm/Microsoft.Authorization/policyDefinitions name: '${uniqueString(deployment().name)}-vmama-policyDefinitions' params: { name: 'Deploy_VM_HeartBeat_Alert' - displayName: '[DINE] Deploy VM HeartBeat Alert' - description: 'DINE policy to audit/deploy VM HeartBeat Alert' + displayName: 'Deploy VM HeartBeat Alert' + description: 'Policy to audit/deploy VM HeartBeat Alert' location: policyLocation metadata: { version: '1.0.0' - Category: 'Compute' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Compute' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] } parameters: { severity: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vm-HeartBeat_alert.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vm-HeartBeat_alert.bicep index 5b72258b..cccee75f 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vm-HeartBeat_alert.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vm-HeartBeat_alert.bicep @@ -88,13 +88,16 @@ module HeartBeatAlert '../../arm/Microsoft.Authorization/policyDefinitions/manag name: '${uniqueString(deployment().name)}-vmama-policyDefinitions' params: { name: 'Deploy_VM_HeartBeat_Alert' - displayName: '[DINE] Deploy VM HeartBeat Alert' - description: 'DINE policy to audit/deploy VM HeartBeat Alert' + displayName: 'Deploy VM HeartBeat Alert' + description: 'Policy to audit/deploy VM HeartBeat Alert' location: policyLocation metadata: { version: '1.0.0' - Category: 'Compute' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Compute' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] } parameters: { alertResourceGroupName: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vm-NetworkIn_alert.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vm-NetworkIn_alert.bicep index e322152b..efef5fbd 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vm-NetworkIn_alert.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vm-NetworkIn_alert.bicep @@ -98,13 +98,16 @@ module VMNetwrokInAlert '../../arm/Microsoft.Authorization/policyDefinitions/man name: '${uniqueString(deployment().name)}-vmama-policyDefinitions' params: { name: 'Deploy_VM_NetworkIn_Alert' - displayName: '[DINE] Deploy VM Network Read Alert' - description: 'DINE policy to audit/deploy VM Nework Read Alert' + displayName: 'Deploy VM Network Read Alert' + description: 'Policy to audit/deploy VM Nework Read Alert' location: policyLocation metadata: { version: '1.0.0' - Category: 'Compute' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Compute' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] } parameters: { alertResourceGroupName: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vm-NetworkOut_alert.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vm-NetworkOut_alert.bicep index 70086e2d..70e4194f 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vm-NetworkOut_alert.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vm-NetworkOut_alert.bicep @@ -97,13 +97,16 @@ module VMNetworkOutAlert '../../arm/Microsoft.Authorization/policyDefinitions/ma name: '${uniqueString(deployment().name)}-vmama-policyDefinitions' params: { name: 'Deploy_VM_NetworkOut_Alert' - displayName: '[DINE] Deploy VM Network Write Alert' - description: 'DINE policy to audit/deploy VM Network Out Alert' + displayName: 'Deploy VM Network Write Alert' + description: 'Policy to audit/deploy VM Network Out Alert' location: policyLocation metadata: { version: '1.0.0' - Category: 'Compute' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Compute' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] } parameters: { alertResourceGroupName: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vm-OSDiskSpace_alert.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vm-OSDiskSpace_alert.bicep index 835b6be9..6e748d55 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vm-OSDiskSpace_alert.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vm-OSDiskSpace_alert.bicep @@ -102,13 +102,16 @@ module VMOSDiskSpaceAlert '../../arm/Microsoft.Authorization/policyDefinitions/m name: '${uniqueString(deployment().name)}-vmama-policyDefinitions' params: { name: 'Deploy_VM_OSDiskSpace_Alert' - displayName: '[DINE] Deploy VM OS Disk Space Alert' - description: 'DINE policy to audit/deploy VM OSDiskSpace Alert' + displayName: 'Deploy VM OS Disk Space Alert' + description: 'Policy to audit/deploy VM OSDiskSpace Alert' location: policyLocation metadata: { version: '1.0.0' - Category: 'Compute' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Compute' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] } parameters: { alertResourceGroupName: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vm-OSDiskreadLatency_alert.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vm-OSDiskreadLatency_alert.bicep index 7eaf63c3..5630807a 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vm-OSDiskreadLatency_alert.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vm-OSDiskreadLatency_alert.bicep @@ -102,13 +102,16 @@ module VMOSDiskreadLatencyAlert '../../arm/Microsoft.Authorization/policyDefinit name: '${uniqueString(deployment().name)}-vmama-policyDefinitions' params: { name: 'Deploy_VM_OSDiskreadLatency_Alert' - displayName: '[DINE] Deploy VM OS Disk Read Latency Alert' - description: 'DINE policy to audit/deploy VM OSDiskreadLatency Alert' + displayName: 'Deploy VM OS Disk Read Latency Alert' + description: 'Policy to audit/deploy VM OSDiskreadLatency Alert' location: policyLocation metadata: { version: '1.0.0' - Category: 'Compute' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Compute' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] } parameters: { alertResourceGroupName: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vm-OSDiskwriteLatency_alert.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vm-OSDiskwriteLatency_alert.bicep index 0fff5d8e..12f8d927 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vm-OSDiskwriteLatency_alert.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vm-OSDiskwriteLatency_alert.bicep @@ -102,13 +102,16 @@ module VMOSDiskwriteLatencyAlert '../../arm/Microsoft.Authorization/policyDefini name: '${uniqueString(deployment().name)}-vmama-policyDefinitions' params: { name: 'Deploy_VM_OSDiskwriteLatency_Alert' - displayName: '[DINE] Deploy VM OS Disk Write Latency Alert' - description: 'DINE policy to audit/deploy VM OSDiskwriteLatency Alert' + displayName: 'Deploy VM OS Disk Write Latency Alert' + description: 'Policy to audit/deploy VM OSDiskwriteLatency Alert' location: policyLocation metadata: { version: '1.0.0' - Category: 'Compute' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Compute' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] } parameters: { alertResourceGroupName: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vm-PercentCPU_alert.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vm-PercentCPU_alert.bicep index a8619e58..5240dbb0 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vm-PercentCPU_alert.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vm-PercentCPU_alert.bicep @@ -87,13 +87,16 @@ module VMCPUAlert '../../arm/Microsoft.Authorization/policyDefinitions/managemen name: '${uniqueString(deployment().name)}-vmama-policyDefinitions' params: { name: 'Deploy_VM_CPU_Alert' - displayName: '[DINE] Deploy VM CPU Alert' - description: 'DINE policy to audit/deploy VM CPU Alert' + displayName: 'Deploy VM CPU Alert' + description: 'Policy to audit/deploy VM CPU Alert' location: policyLocation metadata: { version: '1.0.0' - Category: 'Compute' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Compute' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] } parameters: { alertResourceGroupName: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vm-PercentMemory_alert.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vm-PercentMemory_alert.bicep index 7262b05d..2838622a 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vm-PercentMemory_alert.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vm-PercentMemory_alert.bicep @@ -88,13 +88,16 @@ module VMLAMemoryAlert '../../arm/Microsoft.Authorization/policyDefinitions/mana name: '${uniqueString(deployment().name)}-vmama-policyDefinitions' params: { name: 'Deploy_VM_Memory_Alert' - displayName: '[DINE] Deploy VM Memory Alert' - description: 'DINE policy to audit/deploy VM Memory Alert' + displayName: 'Deploy VM Memory Alert' + description: 'Policy to audit/deploy VM Memory Alert' location: policyLocation metadata: { version: '1.0.0' - Category: 'Compute' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Compute' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] } parameters: { alertResourceGroupName: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vm-dataDiskSpace_alert.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vm-dataDiskSpace_alert.bicep index dea69543..750b119f 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vm-dataDiskSpace_alert.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vm-dataDiskSpace_alert.bicep @@ -101,13 +101,16 @@ module VMdataDiskSpaceAlert '../../arm/Microsoft.Authorization/policyDefinitions name: '${uniqueString(deployment().name)}-vmama-policyDefinitions' params: { name: 'Deploy_VM_dataDiskSpace_Alert' - displayName: '[DINE] Deploy VM Data Disk Space Alert' - description: 'DINE policy to audit/deploy VM data Disk Space Alert' + displayName: 'Deploy VM Data Disk Space Alert' + description: 'Policy to audit/deploy VM data Disk Space Alert' location: policyLocation metadata: { version: '1.0.0' - Category: 'Compute' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Compute' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] } parameters: { alertResourceGroupName: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vm-dataDiskreadLatency_alert.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vm-dataDiskreadLatency_alert.bicep index 4e33158c..2555e67d 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vm-dataDiskreadLatency_alert.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vm-dataDiskreadLatency_alert.bicep @@ -101,13 +101,16 @@ module VMdataDiskReadLatencyAlert '../../arm/Microsoft.Authorization/policyDefin name: '${uniqueString(deployment().name)}-vmama-policyDefinitions' params: { name: 'Deploy_VM_dataDiskReadLatency_Alert' - displayName: '[DINE] Deploy VM Data Disk Read Latency Alert' - description: 'DINE policy to audit/deploy VM dataDiskReadLatency Alert' + displayName: 'Deploy VM Data Disk Read Latency Alert' + description: 'Policy to audit/deploy VM dataDiskReadLatency Alert' location: policyLocation metadata: { version: '1.0.0' - Category: 'Compute' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Compute' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] } parameters: { alertResourceGroupName: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vm-dataDiskwriteLatency_alert.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vm-dataDiskwriteLatency_alert.bicep index 8023850b..357dbf8d 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vm-dataDiskwriteLatency_alert.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vm-dataDiskwriteLatency_alert.bicep @@ -101,13 +101,16 @@ module VMdataDiskWriteLatencyAlert '../../arm/Microsoft.Authorization/policyDefi name: '${uniqueString(deployment().name)}-vmama-policyDefinitions' params: { name: 'Deploy_VM_dataDiskWriteLatency_Alert' - displayName: '[DINE] Deploy VM Data Disk Write Latency Alert' - description: 'DINE policy to audit/deploy VM dataDiskWriteLatency Alert' + displayName: 'Deploy VM Data Disk Write Latency Alert' + description: 'Policy to audit/deploy VM dataDiskWriteLatency Alert' location: policyLocation metadata: { version: '1.0.0' - Category: 'Compute' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Compute' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] } parameters: { alertResourceGroupName: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vm_availablememory_alert.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vm_availablememory_alert.bicep index 27062517..ccac1e43 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vm_availablememory_alert.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vm_availablememory_alert.bicep @@ -56,13 +56,16 @@ module AvailableMemoryAlert '../../arm/Microsoft.Authorization/policyDefinitions name: '${uniqueString(deployment().name)}-vmama-policyDefinitions' params: { name: 'Deploy_VM_AvailableMemory_Alert' - displayName: '[DINE] Deploy VM Available Memory Alert' - description: 'DINE policy to audit/deploy VM Available Memory Alert' + displayName: 'Deploy VM Available Memory Alert' + description: 'Policy to audit/deploy VM Available Memory Alert' location: policyLocation metadata: { version: '1.0.1' - Category: 'Compute' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Compute' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] _deployed_by_alz_monitor: 'True' } parameters: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vnet_ddosattack_alert.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vnet_ddosattack_alert.bicep index 34e180f4..a8229f6a 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vnet_ddosattack_alert.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vnet_ddosattack_alert.bicep @@ -56,13 +56,16 @@ module DDosAttackAlert '../../arm/Microsoft.Authorization/policyDefinitions/mana name: '${uniqueString(deployment().name)}-vnetddosaa-policyDefinitions' params: { name: 'Deploy_VNET_DDoSAttack_Alert' - displayName: '[DINE] Deploy VNet DDoS Attack Alert' - description: 'DINE policy to audit/deploy Virtual Network DDoS Attack Alert' + displayName: 'Deploy VNet DDoS Attack Alert' + description: 'Policy to audit/deploy Virtual Network DDoS Attack Alert' location: policyLocation metadata: { version: '1.0.1' - Category: 'Networking' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Network' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] _deployed_by_alz_monitor: 'True' } parameters: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vnetg_bandwidthutilization_alert.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vnetg_bandwidthutilization_alert.bicep index 7dd5577b..3835016b 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vnetg_bandwidthutilization_alert.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vnetg_bandwidthutilization_alert.bicep @@ -56,13 +56,16 @@ module VnetgBandwidthAlert '../../arm/Microsoft.Authorization/policyDefinitions/ name: '${uniqueString(deployment().name)}-vnetgtaba-policyDefinitions' params: { name: 'Deploy_VnetGw_TunnelBandwidth_Alert' - displayName: '[DINE] Deploy VNetG Tunnel Bandwidth Alert' - description: 'DINE policy to audit/deploy Virtual Network Gateway Tunnel Bandwidth Alert' + displayName: 'Deploy VNetG Tunnel Bandwidth Alert' + description: 'Policy to audit/deploy Virtual Network Gateway Tunnel Bandwidth Alert' location: policyLocation metadata: { version: '1.0.1' - Category: 'Networking' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Network' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] _deployed_by_alz_monitor: 'True' } parameters: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vnetg_egress_alert.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vnetg_egress_alert.bicep index 5c1f04a5..f059dbde 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vnetg_egress_alert.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vnetg_egress_alert.bicep @@ -57,13 +57,16 @@ module VnetgEgressAlert '../../arm/Microsoft.Authorization/policyDefinitions/man name: '${uniqueString(deployment().name)}-vnetgteba-policyDefinitions' params: { name: 'Deploy_VnetGw_TunnelEgress_Alert' - displayName: '[DINE] Deploy VNetG Tunnel Egress Alert' - description: 'DINE policy to audit/deploy Virtual Network Gateway Tunnel Egress Alert' + displayName: 'Deploy VNetG Tunnel Egress Alert' + description: 'Policy to audit/deploy Virtual Network Gateway Tunnel Egress Alert' location: policyLocation metadata: { version: '1.0.1' - Category: 'Networking' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Network' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] _deployed_by_alz_monitor: 'True' } parameters: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vnetg_egresspacketdropcount_alert.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vnetg_egresspacketdropcount_alert.bicep index 68b8894f..6c0d187c 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vnetg_egresspacketdropcount_alert.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vnetg_egresspacketdropcount_alert.bicep @@ -55,13 +55,16 @@ module VnetgEgressPacketDropCountAlert '../../arm/Microsoft.Authorization/policy name: '${uniqueString(deployment().name)}-vnetgegresspacketdropcount-policyDefinitions' params: { name: 'Deploy_VnetGw_TunnelEgressPacketDropCount_Alert' - displayName: '[DINE] Deploy VNetG Egress Packet Drop Count Alert' - description: 'DINE policy to audit/deploy Vnet Gateway Egress Packet Drop Count Alert' + displayName: 'Deploy VNetG Egress Packet Drop Count Alert' + description: 'Policy to audit/deploy Vnet Gateway Egress Packet Drop Count Alert' location: policyLocation metadata: { version: '1.0.1' - Category: 'Networking' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Network' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] _deployed_by_alz_monitor: 'True' } parameters: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vnetg_egresspacketdropmismatch_alert.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vnetg_egresspacketdropmismatch_alert.bicep index bf3e15af..f0c60e32 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vnetg_egresspacketdropmismatch_alert.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vnetg_egresspacketdropmismatch_alert.bicep @@ -54,13 +54,16 @@ module VnetgEgressPacketDropMismatchAlert '../../arm/Microsoft.Authorization/pol name: '${uniqueString(deployment().name)}-vnetgegresspacketdropmismatch-policyDefinitions' params: { name: 'Deploy_VnetGw_TunnelEgressPacketDropMismatch_Alert' - displayName: '[DINE] Deploy VNetG Egress Packet Drop Mismatch Alert' - description: 'DINE policy to audit/deploy Vnet Gateway Egress Packet Drop Mismatch Alert' + displayName: 'Deploy VNetG Egress Packet Drop Mismatch Alert' + description: 'Policy to audit/deploy Vnet Gateway Egress Packet Drop Mismatch Alert' location: policyLocation metadata: { version: '1.0.1' - Category: 'Networking' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Network' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] _deployed_by_alz_monitor: 'True' } parameters: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vnetg_expressroutebitspersecond_alert.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vnetg_expressroutebitspersecond_alert.bicep index 3cd8a962..a41950ef 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vnetg_expressroutebitspersecond_alert.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vnetg_expressroutebitspersecond_alert.bicep @@ -56,13 +56,16 @@ module VnetgExpressRouteBitsPerSecondAlert '../../arm/Microsoft.Authorization/po name: '${uniqueString(deployment().name)}-vngergbitsa-policyDefinitions' params: { name: 'Deploy_VnetGw_ExpressRouteBitsPerSecond_Alert' - displayName: '[DINE] Deploy VNetG ExpressRoute Bits Per Second Alert' - description: 'DINE policy to audit/deploy Virtual Network Gateway Express Route Bits Per Second Alert' + displayName: 'Deploy VNetG ExpressRoute Bits Per Second Alert' + description: 'Policy to audit/deploy Virtual Network Gateway Express Route Bits Per Second Alert' location: policyLocation metadata: { version: '1.0.1' - Category: 'Networking' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Network' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] _deployed_by_alz_monitor: 'True' } parameters: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vnetg_expressroutecpuutilization_alert.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vnetg_expressroutecpuutilization_alert.bicep index 60a5cbb4..34ee8bea 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vnetg_expressroutecpuutilization_alert.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vnetg_expressroutecpuutilization_alert.bicep @@ -56,13 +56,16 @@ module VnetgExpressRouteCPUUtilizationAlert '../../arm/Microsoft.Authorization/p name: '${uniqueString(deployment().name)}-vngergcpuua-policyDefinitions' params: { name: 'Deploy_VnetGw_ExpressRouteCpuUtil_Alert' - displayName: '[DINE] Deploy VNetG ExpressRoute CPU Utilization Alert' - description: 'DINE policy to audit/deploy Virtual Network Gateway Express Route CPU Utilization Alert' + displayName: 'Deploy VNetG ExpressRoute CPU Utilization Alert' + description: 'Policy to audit/deploy Virtual Network Gateway Express Route CPU Utilization Alert' location: policyLocation metadata: { version: '1.0.1' - Category: 'Networking' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Network' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] _deployed_by_alz_monitor: 'True' } parameters: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vnetg_ingress_alert.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vnetg_ingress_alert.bicep index 4a4ea6f4..c5a7a0f6 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vnetg_ingress_alert.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vnetg_ingress_alert.bicep @@ -56,13 +56,16 @@ module VnetgIngressAlert '../../arm/Microsoft.Authorization/policyDefinitions/ma name: '${uniqueString(deployment().name)}-vnetgtiba-policyDefinitions' params: { name: 'Deploy_VnetGw_TunnelIngress_Alert' - displayName: '[DINE] Deploy VNetG Tunnel Ingress Alert' - description: 'DINE policy to audit/deploy Virtual Network Gateway Tunnel Ingress Alert' + displayName: 'Deploy VNetG Tunnel Ingress Alert' + description: 'Policy to audit/deploy Virtual Network Gateway Tunnel Ingress Alert' location: policyLocation metadata: { version: '1.0.1' - Category: 'Networking' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Network' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] _deployed_by_alz_monitor: 'True' } parameters: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vnetg_ingresspacketdropcount_alert.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vnetg_ingresspacketdropcount_alert.bicep index 4eb97aaa..b6f4aa3c 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vnetg_ingresspacketdropcount_alert.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vnetg_ingresspacketdropcount_alert.bicep @@ -54,13 +54,16 @@ module VnetgIngressPacketDropCountAlert '../../arm/Microsoft.Authorization/polic name: '${uniqueString(deployment().name)}-vnetgingresspacketdropcount-policyDefinitions' params: { name: 'Deploy_VnetGw_TunnelIngressPacketDropCount_Alert' - displayName: '[DINE] Deploy VNetG Ingress Packet Drop Count Alert' - description: 'DINE policy to audit/deploy Vnet Gateway Ingress Packet Drop Count Alert' + displayName: 'Deploy VNetG Ingress Packet Drop Count Alert' + description: 'Policy to audit/deploy Vnet Gateway Ingress Packet Drop Count Alert' location: policyLocation metadata: { version: '1.0.1' - Category: 'Networking' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Network' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] _deployed_by_alz_monitor: 'True' } parameters: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vnetg_ingresspacketdropmismatch_alert.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vnetg_ingresspacketdropmismatch_alert.bicep index 822a643f..d1854183 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vnetg_ingresspacketdropmismatch_alert.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vnetg_ingresspacketdropmismatch_alert.bicep @@ -54,13 +54,16 @@ module VnetgIngressPacketDropMismatchAlert '../../arm/Microsoft.Authorization/po name: '${uniqueString(deployment().name)}-vnetgingresspacketdropmismatch-policyDefinitions' params: { name: 'Deploy_VnetGw_TunnelIngressPacketDropMismatch_Alert' - displayName: '[DINE] Deploy VNetG Ingress Packet Drop Mismatch Alert' - description: 'DINE policy to audit/deploy Vnet Gateway Ingress Packet Drop Mismatch Alert' + displayName: 'Deploy VNetG Ingress Packet Drop Mismatch Alert' + description: 'Policy to audit/deploy Vnet Gateway Ingress Packet Drop Mismatch Alert' location: policyLocation metadata: { version: '1.0.1' - Category: 'Networking' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Network' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] _deployed_by_alz_monitor: 'True' } parameters: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vpng_bandwidthutilization_alert.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vpng_bandwidthutilization_alert.bicep index 4df31134..c23d94c7 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vpng_bandwidthutilization_alert.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vpng_bandwidthutilization_alert.bicep @@ -56,13 +56,16 @@ module VpngBandwidthAlert '../../arm/Microsoft.Authorization/policyDefinitions/m name: '${uniqueString(deployment().name)}-vpngbua-policyDefinitions' params: { name: 'Deploy_VPNGw_BandwidthUtil_Alert' - displayName: '[DINE] Deploy VPNG Bandwidth Utilization Alert' - description: 'DINE policy to audit/deploy VPN Gateway Bandwidth Utilization Alert' + displayName: 'Deploy VPNG Bandwidth Utilization Alert' + description: 'Policy to audit/deploy VPN Gateway Bandwidth Utilization Alert' location: policyLocation metadata: { version: '1.0.1' - Category: 'Networking' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Network' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] _deployed_by_alz_monitor: 'True' } parameters: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vpng_bgppeerstatus_alert.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vpng_bgppeerstatus_alert.bicep index 700f5264..ca187c9c 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vpng_bgppeerstatus_alert.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vpng_bgppeerstatus_alert.bicep @@ -56,13 +56,16 @@ module VpngBGPPeerStatusAlert '../../arm/Microsoft.Authorization/policyDefinitio name: '${uniqueString(deployment().name)}-vpngbgppsa-policyDefinitions' params: { name: 'Deploy_VPNGw_BGPPeerStatus_Alert' - displayName: '[DINE] Deploy VPNG BGP Peer Status Alert' - description: 'DINE policy to audit/deploy VPN Gateway BGP Peer Status Alert' + displayName: 'Deploy VPNG BGP Peer Status Alert' + description: 'Policy to audit/deploy VPN Gateway BGP Peer Status Alert' location: policyLocation metadata: { version: '1.0.1' - Category: 'Networking' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Network' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] _deployed_by_alz_monitor: 'True' } parameters: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vpng_egress_alert.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vpng_egress_alert.bicep index 490beb17..f30953e4 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vpng_egress_alert.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vpng_egress_alert.bicep @@ -56,13 +56,16 @@ module VpngEgressAlert '../../arm/Microsoft.Authorization/policyDefinitions/mana name: '${uniqueString(deployment().name)}-vpngtea-policyDefinitions' params: { name: 'Deploy_VPNGw_Egress_Alert' - displayName: '[DINE] Deploy VPNG Egress Alert' - description: 'DINE policy to audit/deploy VPN Gateway Egress Alert' + displayName: 'Deploy VPNG Egress Alert' + description: 'Policy to audit/deploy VPN Gateway Egress Alert' location: policyLocation metadata: { version: '1.0.1' - Category: 'Networking' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Network' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] _deployed_by_alz_monitor: 'True' } parameters: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vpng_egresspacketdropcount_alert.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vpng_egresspacketdropcount_alert.bicep index 58323853..a2dfb321 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vpng_egresspacketdropcount_alert.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vpng_egresspacketdropcount_alert.bicep @@ -54,13 +54,16 @@ module VpngTunnelEgressPacketDropCountAlert '../../arm/Microsoft.Authorization/p name: '${uniqueString(deployment().name)}-vpngegresspacketdropcount-policyDefinitions' params: { name: 'Deploy_VPNGw_TunnelEgressPacketDropCount_Alert' - displayName: '[DINE] Deploy VPNG Egress Packet Drop Count Alert' - description: 'DINE policy to audit/deploy VPN Gateway Egress Packet Drop Count Alert' + displayName: 'Deploy VPNG Egress Packet Drop Count Alert' + description: 'Policy to audit/deploy VPN Gateway Egress Packet Drop Count Alert' location: policyLocation metadata: { version: '1.0.1' - Category: 'Networking' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Network' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] _deployed_by_alz_monitor: 'True' } parameters: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vpng_egresspacketdropmismatch_alert.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vpng_egresspacketdropmismatch_alert.bicep index d36c0728..9e26fb39 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vpng_egresspacketdropmismatch_alert.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vpng_egresspacketdropmismatch_alert.bicep @@ -54,13 +54,16 @@ module VpngTunnelEgressPacketDropMismatchAlert '../../arm/Microsoft.Authorizatio name: '${uniqueString(deployment().name)}-vpngegresspacketdropmismatch-policyDefinitions' params: { name: 'Deploy_VPNGw_TunnelEgressPacketDropMismatch_Alert' - displayName: '[DINE] Deploy VPNG Egress Packet Drop Mismatch Alert' - description: 'DINE policy to audit/deploy VPN Gateway Egress Packet Drop Mismatch Alert' + displayName: 'Deploy VPNG Egress Packet Drop Mismatch Alert' + description: 'Policy to audit/deploy VPN Gateway Egress Packet Drop Mismatch Alert' location: policyLocation metadata: { version: '1.0.1' - Category: 'Networking' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Network' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] _deployed_by_alz_monitor: 'True' } parameters: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vpng_ingress_alert.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vpng_ingress_alert.bicep index 8dcf1d1e..33bd8e58 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vpng_ingress_alert.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vpng_ingress_alert.bicep @@ -56,13 +56,16 @@ module VpngIngressAlert '../../arm/Microsoft.Authorization/policyDefinitions/man name: '${uniqueString(deployment().name)}-vpngtia-policyDefinitions' params: { name: 'Deploy_VPNGw_Ingress_Alert' - displayName: '[DINE] Deploy VPNG Ingress Alert' - description: 'DINE policy to audit/deploy VPN Gateway Ingress Alert' + displayName: 'Deploy VPNG Ingress Alert' + description: 'Policy to audit/deploy VPN Gateway Ingress Alert' location: policyLocation metadata: { version: '1.0.1' - Category: 'Networking' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Network' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] _deployed_by_alz_monitor: 'True' } parameters: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vpng_ingresspacketdropcount_alert.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vpng_ingresspacketdropcount_alert.bicep index 8d0b0304..d455ad89 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vpng_ingresspacketdropcount_alert.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vpng_ingresspacketdropcount_alert.bicep @@ -54,13 +54,16 @@ module VpngTunnelIngressPacketDropCountAlert '../../arm/Microsoft.Authorization/ name: '${uniqueString(deployment().name)}-vpngingresspacketdropcount-policyDefinitions' params: { name: 'Deploy_VPNGw_TunnelIngressPacketDropCount_Alert' - displayName: '[DINE] Deploy VPNG Ingress Packet Drop Count Alert' - description: 'DINE policy to audit/deploy VPN Gateway Ingress Packet Drop Count Alert' + displayName: 'Deploy VPNG Ingress Packet Drop Count Alert' + description: 'Policy to audit/deploy VPN Gateway Ingress Packet Drop Count Alert' location: policyLocation metadata: { version: '1.0.1' - Category: 'Networking' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Network' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] _deployed_by_alz_monitor: 'True' } parameters: { diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vpng_ingresspacketdropmismatch_alert.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vpng_ingresspacketdropmismatch_alert.bicep index 08520011..4f33c2ba 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vpng_ingresspacketdropmismatch_alert.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vpng_ingresspacketdropmismatch_alert.bicep @@ -54,13 +54,16 @@ module VpngTunnelIngressPacketDropMismatchAlert '../../arm/Microsoft.Authorizati name: '${uniqueString(deployment().name)}-vpngingresspacketdropmismatch-policyDefinitions' params: { name: 'Deploy_VPNGw_TunnelIngressPacketDropMismatch_Alert' - displayName: '[DINE] Deploy VPNG Ingress Packet Drop Mismatch Alert' - description: 'DINE policy to audit/deploy VPN Gateway Ingress Packet Drop Mismatch Alert' + displayName: 'Deploy VPNG Ingress Packet Drop Mismatch Alert' + description: 'Policy to audit/deploy VPN Gateway Ingress Packet Drop Mismatch Alert' location: policyLocation metadata: { version: '1.0.1' - Category: 'Networking' - source: 'https://github.com/Azure/ALZ-Monitor/' + category: 'Network' + source: 'https://github.com/Azure/Enterprise-Scale/' + alzCloudEnvironments: [ + 'AzureCloud' + ] _deployed_by_alz_monitor: 'True' } parameters: { From d7b27058a8c8ce8642099db9629b22122428a02a Mon Sep 17 00:00:00 2001 From: Jan Faurskov <22591930+jfaurskov@users.noreply.github.com> Date: Fri, 30 Jun 2023 11:15:17 +0200 Subject: [PATCH 2/7] Push initiatives --- .../policySetDefinitions/ALZ-MonitorConnectivity.json | 7 ++++++- .../policySetDefinitions/ALZ-MonitorIdentity.json | 7 ++++++- .../policySetDefinitions/ALZ-MonitorLandingZone.json | 7 ++++++- .../policySetDefinitions/ALZ-MonitorManagement.json | 7 ++++++- .../policySetDefinitions/ALZ-MonitorServiceHealth.json | 7 ++++++- 5 files changed, 30 insertions(+), 5 deletions(-) diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorConnectivity.json b/src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorConnectivity.json index 7b948d80..64048ddb 100644 --- a/src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorConnectivity.json +++ b/src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorConnectivity.json @@ -20,9 +20,14 @@ "name": "Alerting-Connectivity", "properties": { "metadata": { + "displayName": "Deploy ALZ Connectivity alerts", + "description": "This policy set deploys select alert rules for ALZ connectivity resources. Aslo a basic action and alert processing rule is deployed", "version": "1.0.1", "category": "Monitoring", - "source": "https://github.com/Azure/ALZ-Monitor/", + "source": "https://github.com/Azure/Enterprise-Scale/", + "alzCloudEnvironments": [ + "AzureCloud" + ], "_deployed_by_alz_monitor": true }, "parameters": { diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorIdentity.json b/src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorIdentity.json index 08c3c11f..e755a3d7 100644 --- a/src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorIdentity.json +++ b/src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorIdentity.json @@ -20,9 +20,14 @@ "name": "Alerting-Identity", "properties": { "metadata": { + "displayName": "Deploy ALZ Identity alerts", + "description": "This policy set deploys select alert rules for ALZ identity resources. Aslo a basic action and alert processing rule is deployed", "version": "1.0.1", "category": "Monitoring", - "source": "https://github.com/Azure/ALZ-Monitor/", + "source": "https://github.com/Azure/Enterprise-Scale/", + "alzCloudEnvironments": [ + "AzureCloud" + ], "_deployed_by_alz_monitor": true }, "parameters": { diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorLandingZone.json b/src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorLandingZone.json index 837bdecb..c0b58b16 100644 --- a/src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorLandingZone.json +++ b/src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorLandingZone.json @@ -19,10 +19,15 @@ "apiVersion": "2021-06-01", "name": "Alerting-LandingZone", "properties": { + "displayName": "Deploy ALZ Landing zone alerts", + "description": "This policy set deploys basic alert rules for landing zone resources. Aslo a basic action and alert processing rule is deployed", "metadata": { "version": "1.0.2", "category": "Monitoring", - "source": "https://github.com/Azure/ALZ-Monitor/", + "source": "https://github.com/Azure/Enterprise-Scale/", + "alzCloudEnvironments": [ + "AzureCloud" + ], "_deployed_by_alz_monitor": true }, "parameters": { diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorManagement.json b/src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorManagement.json index 728beee1..3cb64776 100644 --- a/src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorManagement.json +++ b/src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorManagement.json @@ -20,9 +20,14 @@ "name": "Alerting-Management", "properties": { "metadata": { + "displayName": "Deploy ALZ Management alerts", + "description": "This policy set deploys select alert rules for ALZ management resources. Aslo a basic action and alert processing rule is deployed", "version": "1.0.1", "category": "Monitoring", - "source": "https://github.com/Azure/ALZ-Monitor/", + "source": "https://github.com/Azure/Enterprise-Scale/", + "alzCloudEnvironments": [ + "AzureCloud" + ], "_deployed_by_alz_monitor": true }, "parameters": { diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorServiceHealth.json b/src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorServiceHealth.json index 4ac2e0d2..8637ad27 100644 --- a/src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorServiceHealth.json +++ b/src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorServiceHealth.json @@ -19,10 +19,15 @@ "apiVersion": "2021-06-01", "name": "Alerting-ServiceHealth", "properties": { + "displayName": "Deploy Service Health alerts", + "description": "This policy set deploys Service Health alerts for Azure services. Aslo a basic action and alert processing rule is deployed", "metadata": { "version": "1.1.0", "category": "Monitoring", - "source": "https://github.com/Azure/ALZ-Monitor/", + "source": "https://github.com/Azure/Enterprise-Scale/", + "alzCloudEnvironments": [ + "AzureCloud" + ], "_deployed_by_alz_monitor": true }, "parameters": { From ac304107f0beb08ddceada05de29549de90cb333 Mon Sep 17 00:00:00 2001 From: Jan Faurskov <22591930+jfaurskov@users.noreply.github.com> Date: Fri, 30 Jun 2023 15:50:26 +0200 Subject: [PATCH 3/7] Update policydef ref id except lz initiative --- .../ALZ-MonitorConnectivity.json | 63 +++++++++++++++---- .../ALZ-MonitorIdentity.json | 5 ++ .../ALZ-MonitorManagement.json | 5 ++ .../ALZ-MonitorServiceHealth.json | 18 ++++-- 4 files changed, 72 insertions(+), 19 deletions(-) diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorConnectivity.json b/src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorConnectivity.json index 64048ddb..cbddaf08 100644 --- a/src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorConnectivity.json +++ b/src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorConnectivity.json @@ -25,9 +25,9 @@ "version": "1.0.1", "category": "Monitoring", "source": "https://github.com/Azure/Enterprise-Scale/", - "alzCloudEnvironments": [ - "AzureCloud" - ], + "alzCloudEnvironments": [ + "AzureCloud" + ], "_deployed_by_alz_monitor": true }, "parameters": { @@ -1848,6 +1848,7 @@ }, "policyDefinitions": [ { + "policyDefinitionReferenceId": "ALZ_ERCIRQoSDropBitsinPerSec", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_ERCIR_QosDropBitsInPerSecond_Alert')]", "parameters": { "severity": { @@ -1868,6 +1869,7 @@ } }, { + "policyDefinitionReferenceId": "ALZ_ERCIRQoSDropBitsoutPerSec", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_ERCIR_QosDropBitsOutPerSecond_Alert')]", "parameters": { "severity": { @@ -1888,6 +1890,7 @@ } }, { + "policyDefinitionReferenceId": "ALZ_VPNGwBGPPeerStatus", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_VPNGw_BGPPeerStatus_Alert')]", "parameters": { "severity": { @@ -1911,6 +1914,7 @@ } }, { + "policyDefinitionReferenceId": "ALZ_VnetGwERCpuUtil", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_VnetGw_ExpressRouteCpuUtil_Alert')]", "parameters": { "severity": { @@ -1934,6 +1938,7 @@ } }, { + "policyDefinitionReferenceId": "ALZ_VnetGwTunnelBW", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_VnetGw_TunnelBandwidth_Alert')]", "parameters": { "severity": { @@ -1957,6 +1962,7 @@ } }, { + "policyDefinitionReferenceId": "ALZ_VnetGwTunnelEgress", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_VnetGw_TunnelEgress_Alert')]", "parameters": { "severity": { @@ -1980,6 +1986,7 @@ } }, { + "policyDefinitionReferenceId": "ALZ_VnetGwTunnelIngress", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_VnetGw_TunnelIngress_Alert')]", "parameters": { "severity": { @@ -2003,6 +2010,7 @@ } }, { + "policyDefinitionReferenceId": "ALZ_VPNGWBandWidthUtil", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_VPNGw_BandwidthUtil_Alert')]", "parameters": { "severity": { @@ -2023,10 +2031,10 @@ "threshold": { "value": "[[parameters('VPNGWBandWidthUtilThreshold')]" } - } }, { + "policyDefinitionReferenceId": "ALZ_VPNGWEgress", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_VPNGw_Egress_Alert')]", "parameters": { "severity": { @@ -2050,6 +2058,7 @@ } }, { + "policyDefinitionReferenceId": "ALZ_VPNGWTunnelEgressPacketDropCount", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_VPNGw_TunnelEgressPacketDropCount_Alert')]", "parameters": { "severity": { @@ -2070,6 +2079,7 @@ } }, { + "policyDefinitionReferenceId": "ALZ_VPNGWTunnelEgressPacketDropMismatch", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_VPNGw_TunnelEgressPacketDropMismatch_Alert')]", "parameters": { "severity": { @@ -2090,6 +2100,7 @@ } }, { + "policyDefinitionReferenceId": "ALZ_VPNGWIngress", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_VPNGw_Ingress_Alert')]", "parameters": { "severity": { @@ -2116,6 +2127,7 @@ } }, { + "policyDefinitionReferenceId": "ALZ_VPNGWTunnelIngressPacketDropCount", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_VPNGw_TunnelIngressPacketDropCount_Alert')]", "parameters": { "severity": { @@ -2136,6 +2148,7 @@ } }, { + "policyDefinitionReferenceId": "ALZ_VPNGWTunnelIngressPacketDropMismatch", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_VPNGw_TunnelIngressPacketDropMismatch_Alert')]", "parameters": { "severity": { @@ -2156,6 +2169,7 @@ } }, { + "policyDefinitionReferenceId": "ALZ_PDNSZCapacityUtil", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_PDNSZ_CapacityUtil_Alert')]", "parameters": { "severity": { @@ -2179,6 +2193,7 @@ } }, { + "policyDefinitionReferenceId": "ALZ_PDNSZQueryVolume", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_PDNSZ_QueryVolume_Alert')]", "parameters": { "severity": { @@ -2202,6 +2217,7 @@ } }, { + "policyDefinitionReferenceId": "ALZ_PDNSZRecordSetCapacity", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_PDNSZ_RecordSetCapacity_Alert')]", "parameters": { "severity": { @@ -2225,6 +2241,7 @@ } }, { + "policyDefinitionReferenceId": "ALZ_PDNSZRegistrationCapacityUtil", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_DNSZ_RegistrationCapacityUtil_Alert')]", "parameters": { "severity": { @@ -2248,6 +2265,7 @@ } }, { + "policyDefinitionReferenceId": "ALZ_ERGwExpressRouteBitsIn", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_ERGw_ExpressRouteBitsIn_Alert')]", "parameters": { "severity": { @@ -2271,6 +2289,7 @@ } }, { + "policyDefinitionReferenceId": "ALZ_ERGwExpressRouteBitsOut", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_ERGw_ExpressRouteBitsOut_Alert')]", "parameters": { "severity": { @@ -2294,6 +2313,7 @@ } }, { + "policyDefinitionReferenceId": "ALZ_ERGwExpressRouteCpuUtil", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_ERGw_ExpressRouteCpuUtil_Alert')]", "parameters": { "severity": { @@ -2317,6 +2337,7 @@ } }, { + "policyDefinitionReferenceId": "ALZ_VnetGwTunnelEgressPacketDropCount", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_VnetGw_TunnelEgressPacketDropCount_Alert')]", "parameters": { "severity": { @@ -2337,6 +2358,7 @@ } }, { + "policyDefinitionReferenceId": "ALZ_VnetGwTunnelEgressPacketDropMismatch", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_VnetGw_TunnelEgressPacketDropMismatch_Alert')]", "parameters": { "severity": { @@ -2357,6 +2379,7 @@ } }, { + "policyDefinitionReferenceId": "ALZ_VnetGwExpressRouteBitsPerSecond", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_VnetGw_ExpressRouteBitsPerSecond_Alert')]", "parameters": { "severity": { @@ -2380,6 +2403,7 @@ } }, { + "policyDefinitionReferenceId": "ALZ_VnetGwTunnelIngressPacketDropMismatchWindowSize", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_VnetGw_TunnelIngressPacketDropMismatch_Alert')]", "parameters": { "severity": { @@ -2400,6 +2424,7 @@ } }, { + "policyDefinitionReferenceId": "ALZ_VnetGwTunnelIngressPacketDropCountWindowSize", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_VnetGw_TunnelIngressPacketDropCount_Alert')]", "parameters": { "severity": { @@ -2420,6 +2445,7 @@ } }, { + "policyDefinitionReferenceId": "ALZ_ERCIRBgpAvailability", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_ERCIR_BgpAvailability_Alert')]", "parameters": { "severity": { @@ -2443,6 +2469,7 @@ } }, { + "policyDefinitionReferenceId": "ALZ_ERCIRArpAvailability", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_ERCIR_ArpAvailability_Alert')]", "parameters": { "severity": { @@ -2466,6 +2493,7 @@ } }, { + "policyDefinitionReferenceId": "ALZ_AFWSNATPortUtilization", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_AFW_SNATPortUtilization_Alert')]", "parameters": { "severity": { @@ -2489,6 +2517,7 @@ } }, { + "policyDefinitionReferenceId": "ALZ_PIPBytesInDDoSEvaluationFrequency", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_PublicIp_BytesInDDoSAttack_Alert')]", "parameters": { "severity": { @@ -2512,6 +2541,7 @@ } }, { + "policyDefinitionReferenceId": "ALZ_PIPDDoSAttack", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_PublicIp_DDoSAttack_Alert')]", "parameters": { "severity": { @@ -2535,6 +2565,7 @@ } }, { + "policyDefinitionReferenceId": "ALZ_PIPPacketsInDDoS", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_PublicIp_PacketsInDDoSAttack_Alert')]", "parameters": { "severity": { @@ -2558,6 +2589,7 @@ } }, { + "policyDefinitionReferenceId": "ALZ_PIPVIPAvailability", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_PublicIp_VIPAvailability_Alert')]", "parameters": { "severity": { @@ -2581,6 +2613,7 @@ } }, { + "policyDefinitionReferenceId": "ALZ_VNETDDOSAttack", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_VNET_DDoSAttack_Alert')]", "parameters": { "severity": { @@ -2601,10 +2634,10 @@ "threshold": { "value": "[[parameters('VNETDDOSAttackThreshold')]" } - } }, { + "policyDefinitionReferenceId": "ALZ_FirewallHealth", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_AFW_FirewallHealth_Alert')]", "parameters": { "severity": { @@ -2628,6 +2661,8 @@ } }, { + "policyDefinitionReferenceId": "ALZ_activityFWDelete", + "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_Firewall_Delete')]", "parameters": { "enabled": { "value": "[[parameters('activityFWDeleteAlertState')]" @@ -2641,10 +2676,11 @@ "alertResourceGroupLocation": { "value": "[[parameters('ALZMonitorResourceGroupLocation')]" } - }, - "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_Firewall_Delete')]" + } }, { + "policyDefinitionReferenceId": "ALZ_activityNSGDelete", + "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_NSG_Delete')]", "parameters": { "enabled": { "value": "[[parameters('activityNSGDeleteAlertState')]" @@ -2658,10 +2694,11 @@ "alertResourceGroupLocation": { "value": "[[parameters('ALZMonitorResourceGroupLocation')]" } - }, - "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_NSG_Delete')]" + } }, { + "policyDefinitionReferenceId": "ALZ_activityUDRUpdate", + "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_RouteTable_Update')]", "parameters": { "enabled": { "value": "[[parameters('activityUDRUpdateAlertState')]" @@ -2675,10 +2712,11 @@ "alertResourceGroupLocation": { "value": "[[parameters('ALZMonitorResourceGroupLocation')]" } - }, - "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_RouteTable_Update')]" + } }, { + "policyDefinitionReferenceId": "ALZ_activityVPNGWDelete", + "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_VPNGateway_Delete')]", "parameters": { "enabled": { "value": "[[parameters('activityVPNGWDeleteAlertState')]" @@ -2692,8 +2730,7 @@ "alertResourceGroupLocation": { "value": "[[parameters('ALZMonitorResourceGroupLocation')]" } - }, - "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_VPNGateway_Delete')]" + } } ], "policyType": "Custom" diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorIdentity.json b/src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorIdentity.json index e755a3d7..ada4494d 100644 --- a/src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorIdentity.json +++ b/src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorIdentity.json @@ -257,6 +257,7 @@ "policyDefinitions": [ { + "policyDefinitionReferenceId": "ALZ_KVRequest", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_KeyVault_Requests_Alert')]", "parameters": { "severity": { @@ -277,6 +278,7 @@ } }, { + "policyDefinitionReferenceId": "ALZ_KvAvailability", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_KeyVault_Availability_Alert')]", "parameters": { "severity": { @@ -300,6 +302,7 @@ } }, { + "policyDefinitionReferenceId": "ALZ_KvLatencyAvailability", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_KeyVault_Latency_Alert')]", "parameters": { @@ -324,6 +327,7 @@ } }, { + "policyDefinitionReferenceId": "ALZ_KVCapacity", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_KeyVault_Capacity_Alert')]", "parameters": { "severity": { @@ -347,6 +351,7 @@ } }, { + "policyDefinitionReferenceId": "ALZ_activityKVDelete", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_KeyVault_Delete')]", "parameters": { "enabled": { diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorManagement.json b/src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorManagement.json index 3cb64776..ae5878e9 100644 --- a/src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorManagement.json +++ b/src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorManagement.json @@ -212,6 +212,7 @@ }, "policyDefinitions": [ { + "policyDefinitionReferenceId": "ALZ_activityLAWDelete", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_LAWorkspace_Delete')]", "parameters": { "enabled": { @@ -229,6 +230,7 @@ } }, { + "policyDefinitionReferenceId": "ALZ_activityLAWKeyRegen", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_LAWorkspace_KeyRegen')]", "parameters": { "enabled": { @@ -246,6 +248,7 @@ } }, { + "policyDefinitionReferenceId": "ALZ_AATotalJob", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_AA_TotalJob_Alert')]", "parameters": { "severity": { @@ -269,6 +272,7 @@ } }, { + "policyDefinitionReferenceId": "ALZ_RVBackupHealth", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_RecoveryVault_BackupHealth_Alert')]", "parameters": { "severity": { @@ -292,6 +296,7 @@ } }, { + "policyDefinitionReferenceId": "ALZ_StorageAccountAvailability", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_StorageAccount_Availability_Alert')]", "parameters": { "severity": { diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorServiceHealth.json b/src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorServiceHealth.json index 8637ad27..520dc09e 100644 --- a/src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorServiceHealth.json +++ b/src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorServiceHealth.json @@ -76,6 +76,7 @@ }, "policyDefinitions": [ { + "policyDefinitionReferenceId": "ALZ_ResHlthUnhealthy", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_ResourceHealth_Unhealthy_Alert')]", "parameters": { "enabled": { @@ -93,6 +94,7 @@ } }, { + "policyDefinitionReferenceId": "ALZ_SvcHlthAdvisory", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_ServiceHealth_HealthAdvisory')]", "parameters": { "enabled": { @@ -113,6 +115,7 @@ } }, { + "policyDefinitionReferenceId": "ALZ_SvcHlthIncident", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_ServiceHealth_Incident')]", "parameters": { "enabled": { @@ -133,6 +136,8 @@ } }, { + "policyDefinitionReferenceId": "ALZ_SvcHlthMaintenance", + "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_ServiceHealth_Maintenance')]", "parameters": { "enabled": { "value": "[[parameters('SvcHlthMaintenanceAlertState')]" @@ -149,10 +154,11 @@ "ALZMonitorActionGroupEmail": { "value": "[[parameters('ALZMonitorActionGroupEmail')]" } - }, - "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_ServiceHealth_Maintenance')]" + } }, { + "policyDefinitionReferenceId": "ALZ_svcHlthSecAdvisory", + "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_ServiceHealth_SecurityAdvisory')]", "parameters": { "enabled": { "value": "[[parameters('svcHlthSecAdvisoryAlertState')]" @@ -169,10 +175,11 @@ "ALZMonitorActionGroupEmail": { "value": "[[parameters('ALZMonitorActionGroupEmail')]" } - }, - "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_ServiceHealth_SecurityAdvisory')]" + } }, { + "policyDefinitionReferenceId": "ALZ_AlertProcessing_Rule", + "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_AlertProcessing_Rule')]", "parameters": { "ALZMonitorResourceGroupName": { "value": "[[parameters('ALZMonitorResourceGroupName')]" @@ -189,8 +196,7 @@ "MonitorDisable": { "value": "[[parameters('MonitorDisable')]" } - }, - "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_AlertProcessing_Rule')]" + } } ], "policyType": "Custom" From bc774375825b7c6c43d250f0fd5e3d21e131a179 Mon Sep 17 00:00:00 2001 From: Jan Faurskov <22591930+jfaurskov@users.noreply.github.com> Date: Mon, 3 Jul 2023 09:41:45 +0200 Subject: [PATCH 4/7] Include landing zone initiative --- .../ALZ-MonitorLandingZone.json | 120 +++++++++++++----- 1 file changed, 85 insertions(+), 35 deletions(-) diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorLandingZone.json b/src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorLandingZone.json index 0c5261ac..580fa86a 100644 --- a/src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorLandingZone.json +++ b/src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorLandingZone.json @@ -25,9 +25,9 @@ "version": "1.0.2", "category": "Monitoring", "source": "https://github.com/Azure/Enterprise-Scale/", - "alzCloudEnvironments": [ - "AzureCloud" - ], + "alzCloudEnvironments": [ + "AzureCloud" + ], "_deployed_by_alz_monitor": true }, "parameters": { @@ -764,11 +764,15 @@ }, "VMNetworkInComputersToInclude": { "type": "array", - "defaultValue": ["*"] + "defaultValue": [ + "*" + ] }, "VMNetworkInNetworkInterfaceToInclude": { "type": "array", - "defaultValue": ["*"] + "defaultValue": [ + "*" + ] }, "VMNetworkOutAlertSeverity": { "type": "String", @@ -866,11 +870,15 @@ }, "VMNetworkOutComputersToInclude": { "type": "array", - "defaultValue": ["*"] + "defaultValue": [ + "*" + ] }, "VMNetworkOutNetworkInterfaceToInclude": { "type": "array", - "defaultValue": ["*"] + "defaultValue": [ + "*" + ] }, "VMInsightsAlertResourceGroupName": { "type": "string", @@ -884,7 +892,7 @@ "type": "object", "defaultValue": { "environment": "test" - } + } }, "VMOSDiskReadLatencyAlertSeverity": { "type": "String", @@ -988,7 +996,7 @@ }, "VMOSDiskReadLatencyDisksToInclude": { "type": "array", - "defaultValue":[ + "defaultValue": [ "C:", "/" ] @@ -1089,11 +1097,16 @@ }, "VMOSDiskWriteLatencyComputersToInclude": { "type": "array", - "defaultValue": ["*"] + "defaultValue": [ + "*" + ] }, "VMOSDiskWriteLatencyDisksToInclude": { "type": "array", - "defaultValue":["C:", "/"] + "defaultValue": [ + "C:", + "/" + ] }, "VMOSDiskSpaceAlertSeverity": { "type": "String", @@ -1191,11 +1204,16 @@ }, "VMOSDiskSpaceComputersToInclude": { "type": "array", - "defaultValue": ["*"] + "defaultValue": [ + "*" + ] }, "VMOSDiskSpaceDisksToInclude": { "type": "array", - "defaultValue":["C:","/"] + "defaultValue": [ + "C:", + "/" + ] }, "VMPercentCPUAlertSeverity": { "type": "String", @@ -1465,7 +1483,9 @@ }, "VMDataDiskSpaceDisksToInclude": { "type": "array", - "defaultValue":["*"] + "defaultValue": [ + "*" + ] }, "VMDataDiskReadLatencyAlertSeverity": { "type": "String", @@ -1563,11 +1583,15 @@ }, "VMDataDiskReadLatencyComputersToInclude": { "type": "array", - "defaultValue": ["*"] + "defaultValue": [ + "*" + ] }, "VMDataDiskReadLatencyDisksToInclude": { "type": "array", - "defaultValue":["*"] + "defaultValue": [ + "*" + ] }, "VMDataDiskWriteLatencyAlertSeverity": { "type": "String", @@ -1665,16 +1689,20 @@ }, "VMDataDiskWriteLatencyComputersToInclude": { "type": "array", - "defaultValue": ["*"] + "defaultValue": [ + "*" + ] }, "VMDataDiskWriteLatencyDisksToInclude": { "type": "array", - "defaultValue":["*"] + "defaultValue": [ + "*" + ] } }, "policyDefinitions": [ - { + "policyDefinitionReferenceId": "ALZ_KVRequest", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_KeyVault_Requests_Alert')]", "parameters": { "severity": { @@ -1695,6 +1723,7 @@ } }, { + "policyDefinitionReferenceId": "ALZ_KvAvailability", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_KeyVault_Availability_Alert')]", "parameters": { "severity": { @@ -1718,9 +1747,9 @@ } }, { + "policyDefinitionReferenceId": "ALZ_KvLatencyAvailability", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_KeyVault_Latency_Alert')]", "parameters": { - "severity": { "value": "[[parameters('KvLatencyAvailabilityAlertSeverity')]" }, @@ -1742,6 +1771,7 @@ } }, { + "policyDefinitionReferenceId": "ALZ_KVCapacity", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_KeyVault_Capacity_Alert')]", "parameters": { "severity": { @@ -1765,6 +1795,7 @@ } }, { + "policyDefinitionReferenceId": "ALZ_activityKVDelete", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_KeyVault_Delete')]", "parameters": { "enabled": { @@ -1782,6 +1813,7 @@ } }, { + "policyDefinitionReferenceId": "ALZ_StorageAccountAvailability", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_StorageAccount_Availability_Alert')]", "parameters": { "severity": { @@ -1802,10 +1834,10 @@ "threshold": { "value": "[[parameters('StorageAccountAvailabilityThreshold')]" } - } }, { + "policyDefinitionReferenceId": "ALZ_PIPBytesInDDoS", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_PublicIp_BytesInDDoSAttack_Alert')]", "parameters": { "severity": { @@ -1829,6 +1861,7 @@ } }, { + "policyDefinitionReferenceId": "ALZ_PIPDDoSAttack", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_PublicIp_DDoSAttack_Alert')]", "parameters": { "severity": { @@ -1852,6 +1885,7 @@ } }, { + "policyDefinitionReferenceId": "ALZ_PIPPacketsInDDoS", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_PublicIp_PacketsInDDoSAttack_Alert')]", "parameters": { "severity": { @@ -1875,6 +1909,7 @@ } }, { + "policyDefinitionReferenceId": "ALZ_PIPVIPAvailability", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_PublicIp_VIPAvailability_Alert')]", "parameters": { "severity": { @@ -1898,6 +1933,8 @@ } }, { + "policyDefinitionReferenceId": "ALZ_activityNSGDelete", + "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_NSG_Delete')]", "parameters": { "enabled": { "value": "[[parameters('activityNSGDeleteAlertState')]" @@ -1911,10 +1948,11 @@ "alertResourceGroupLocation": { "value": "[[parameters('ALZMonitorResourceGroupLocation')]" } - }, - "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_NSG_Delete')]" + } }, { + "policyDefinitionReferenceId": "ALZ_activityUDRUpdate", + "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_RouteTable_Update')]", "parameters": { "enabled": { "value": "[[parameters('activityUDRUpdateAlertState')]" @@ -1928,11 +1966,11 @@ "alertResourceGroupLocation": { "value": "[[parameters('ALZMonitorResourceGroupLocation')]" } - }, - "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_RouteTable_Update')]" + } }, { - "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_RecoveryVault_BackupHealthMonitor_Alert')]", + "policyDefinitionReferenceId": "ALZ_RVBackupHealthMonitor", + "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_RecoveryVault_BackupHealthMonitor_Alert')]", "parameters": { "effect": { "value": "[[parameters('RVBackupHealthMonitorPolicyEffect')]" @@ -1940,6 +1978,7 @@ } }, { + "policyDefinitionReferenceId": "ALZ_VNETDDOSAttack", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_VNET_DDoSAttack_Alert')]", "parameters": { "severity": { @@ -1963,6 +2002,7 @@ } }, { + "policyDefinitionReferenceId": "ALZ_VMHeartBeatRG", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_VM_HeartBeat_Alert')]", "parameters": { "severity": { @@ -2001,6 +2041,7 @@ } }, { + "policyDefinitionReferenceId": "ALZ_VMNetworkIn", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_VM_NetworkIn_Alert')]", "parameters": { "severity": { @@ -2056,10 +2097,11 @@ }, "alertResourceGroupLocation": { "value": "[[parameters('VMInsightsAlertResourceGroupLocation')]" - } + } } }, - { + { + "policyDefinitionReferenceId": "ALZ_VMNetworkOut", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_VM_NetworkOut_Alert')]", "parameters": { "severity": { @@ -2115,10 +2157,11 @@ }, "alertResourceGroupLocation": { "value": "[[parameters('VMInsightsAlertResourceGroupLocation')]" - } + } } }, { + "policyDefinitionReferenceId": "ALZ_VMOSDiskReadLatency", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_VM_OSDiskreadLatency_Alert')]", "parameters": { "severity": { @@ -2174,10 +2217,11 @@ }, "alertResourceGroupLocation": { "value": "[[parameters('VMInsightsAlertResourceGroupLocation')]" - } + } } }, { + "policyDefinitionReferenceId": "ALZ_VMOSDiskWriteLatency", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_VM_OSDiskwriteLatency_Alert')]", "parameters": { "severity": { @@ -2233,10 +2277,11 @@ }, "alertResourceGroupLocation": { "value": "[[parameters('VMInsightsAlertResourceGroupLocation')]" - } + } } }, { + "policyDefinitionReferenceId": "ALZ_VMOSDiskSpace", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_VM_OSDiskSpace_Alert')]", "parameters": { "severity": { @@ -2292,10 +2337,11 @@ }, "alertResourceGroupLocation": { "value": "[[parameters('VMInsightsAlertResourceGroupLocation')]" - } + } } }, { + "policyDefinitionReferenceId": "ALZ_VMPercentCPU", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_VM_CPU_Alert')]", "parameters": { "severity": { @@ -2343,6 +2389,7 @@ } }, { + "policyDefinitionReferenceId": "ALZ_VMPercentMemory", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_VM_Memory_Alert')]", "parameters": { "severity": { @@ -2390,6 +2437,7 @@ } }, { + "policyDefinitionReferenceId": "ALZ_VMDataDiskSpace", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_VM_dataDiskSpace_Alert')]", "parameters": { "severity": { @@ -2442,10 +2490,11 @@ }, "alertResourceGroupLocation": { "value": "[[parameters('VMInsightsAlertResourceGroupLocation')]" - } + } } }, { + "policyDefinitionReferenceId": "ALZ_VMDataDiskReadLatency", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_VM_dataDiskReadLatency_Alert')]", "parameters": { "severity": { @@ -2501,10 +2550,11 @@ }, "alertResourceGroupLocation": { "value": "[[parameters('VMInsightsAlertResourceGroupLocation')]" - } + } } }, { + "policyDefinitionReferenceId": "ALZ_VMDataDiskWriteLatency", "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_VM_dataDiskWriteLatency_Alert')]", "parameters": { "severity": { @@ -2560,7 +2610,7 @@ }, "alertResourceGroupLocation": { "value": "[[parameters('VMInsightsAlertResourceGroupLocation')]" - } + } } } ], From 6e5ff8a1939f5f7abe857efe8a40e7cf951381c7 Mon Sep 17 00:00:00 2001 From: Jan Faurskov <22591930+jfaurskov@users.noreply.github.com> Date: Mon, 3 Jul 2023 11:02:07 +0200 Subject: [PATCH 5/7] Fix rv backup monitor --- .../ALZ-MonitorManagement.json | 66 ++----------------- 1 file changed, 4 insertions(+), 62 deletions(-) diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorManagement.json b/src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorManagement.json index ae5878e9..87fd9239 100644 --- a/src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorManagement.json +++ b/src/resources/Microsoft.Authorization/policySetDefinitions/ALZ-MonitorManagement.json @@ -97,58 +97,15 @@ "type": "string", "defaultValue": "20" }, - "RVBackupHealthAlertSeverity": { - "type": "String", - "defaultValue": "3", - "allowedValues": [ - "0", - "1", - "2", - "3", - "4" - ] - }, - "RVBackupHealthWindowSize": { - "type": "string", - "defaultValue": "P1D", - "allowedValues": [ - "PT1M", - "PT5M", - "PT15M", - "PT30M", - "PT1H", - "PT6H", - "PT12H", - "P1D" - ] - }, - "RVBackupHealthEvaluationFrequency": { - "type": "string", - "defaultValue": "PT1H", - "allowedValues": [ - "PT1M", - "PT5M", - "PT15M", - "PT30M", - "PT1H" - ] - }, "RVBackupHealthPolicyEffect": { "type": "string", - "defaultValue": "deployIfNotExists", + "defaultValue": "modify", "allowedValues": [ - "deployIfNotExists", + "modify", + "audit", "disabled" ] }, - "RVBackupHealthAlertState": { - "type": "string", - "defaultValue": "true" - }, - "RVBackupHealthThreshold": { - "type": "string", - "defaultValue": "20" - }, "StorageAccountAvailabilityAlertSeverity": { "type": "String", "defaultValue": "1", @@ -273,25 +230,10 @@ }, { "policyDefinitionReferenceId": "ALZ_RVBackupHealth", - "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_RecoveryVault_BackupHealth_Alert')]", + "policyDefinitionId": "[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_RecoveryVault_BackupHealthMonitor_Alert')]", "parameters": { - "severity": { - "value": "[[parameters('RVBackupHealthAlertSeverity')]" - }, - "windowSize": { - "value": "[[parameters('RVBackupHealthWindowSize')]" - }, - "evaluationFrequency": { - "value": "[[parameters('RVBackupHealthEvaluationFrequency')]" - }, "effect": { "value": "[[parameters('RVBackupHealthPolicyEffect')]" - }, - "enabled": { - "value": "[[parameters('RVBackupHealthAlertState')]" - }, - "threshold": { - "value": "[[parameters('RVBackupHealthThreshold')]" } } }, From bf41d8d8bb2148612818359a010619759bf6fe80 Mon Sep 17 00:00:00 2001 From: Jan Faurskov <22591930+jfaurskov@users.noreply.github.com> Date: Mon, 3 Jul 2023 11:16:36 +0200 Subject: [PATCH 6/7] spell check --- .../deploy-activitylog-ServiceHealth-Security.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-ServiceHealth-Security.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-ServiceHealth-Security.bicep index af94a8ce..9fddaaa5 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-ServiceHealth-Security.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-activitylog-ServiceHealth-Security.bicep @@ -25,7 +25,7 @@ module ServiceHealthSecurityAlert '../../arm/Microsoft.Authorization/policyDefin location: policyLocation metadata: { version: '1.1.0' - category: 'Monitroring' + category: 'Monitoring' source: 'https://github.com/Azure/Enterprise-Scale/' alzCloudEnvironments: [ 'AzureCloud' From 86c9d61a21a89437b9a7f014e638b3ccd9dc76a7 Mon Sep 17 00:00:00 2001 From: Jan Faurskov <22591930+jfaurskov@users.noreply.github.com> Date: Wed, 5 Jul 2023 10:56:54 +0200 Subject: [PATCH 7/7] Fix name collision for VM heart beat alerts --- .../policyDefinitions/deploy-vm-HeartBeatAlertRG.bicep | 4 ++-- .../policyDefinitions/deploy-vm-HeartBeat_alert.bicep | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vm-HeartBeatAlertRG.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vm-HeartBeatAlertRG.bicep index 47d13894..4a34a313 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vm-HeartBeatAlertRG.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vm-HeartBeatAlertRG.bicep @@ -78,9 +78,9 @@ param parMonitorDisable string = 'MonitorDisable' module AvailableMemoryAlert '../../arm/Microsoft.Authorization/policyDefinitions/managementGroup/deploy.bicep' = { name: '${uniqueString(deployment().name)}-vmama-policyDefinitions' params: { - name: 'Deploy_VM_HeartBeat_Alert' + name: 'Deploy_VM_HeartBeat_Alert_RG' displayName: 'Deploy VM HeartBeat Alert' - description: 'Policy to audit/deploy VM HeartBeat Alert' + description: 'Policy to audit/deploy VM HeartBeat Alert for VMs in the resource group' location: policyLocation metadata: { version: '1.0.0' diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vm-HeartBeat_alert.bicep b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vm-HeartBeat_alert.bicep index cccee75f..65653495 100644 --- a/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vm-HeartBeat_alert.bicep +++ b/src/resources/Microsoft.Authorization/policyDefinitions/deploy-vm-HeartBeat_alert.bicep @@ -89,7 +89,7 @@ module HeartBeatAlert '../../arm/Microsoft.Authorization/policyDefinitions/manag params: { name: 'Deploy_VM_HeartBeat_Alert' displayName: 'Deploy VM HeartBeat Alert' - description: 'Policy to audit/deploy VM HeartBeat Alert' + description: 'Policy to audit/deploy VM HeartBeat Alert for all VMs in the subscription' location: policyLocation metadata: { version: '1.0.0'