Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Diag Settings - AllLogs vs Audit #1729

Merged
merged 20 commits into from
Aug 27, 2024
Merged

Diag Settings - AllLogs vs Audit #1729

merged 20 commits into from
Aug 27, 2024

Conversation

Springstone
Copy link
Member

Overview/Summary

This pull request introduces several updates to the Azure Landing Zones (ALZ) policies and configurations, focusing on enhancing security and logging capabilities. Key changes include the addition of new policy definitions, updates to existing policies, and the introduction of new configuration options in the eslzArm templates.

Policy Updates:

  • Added a new built-in policy definition, Subnets should be private, to ensure subnets are secure by default by preventing default outbound access. [1] [2]

Documentation Updates:

  • Updated the ALZ-Policies.md to reflect the new policy counts and the addition of the Subnets should be private policy. [1] [2]
  • Updated Whats-new.md to include the addition of the new built-in policy assignment for Subnets should be private.

Template Updates:

  • Introduced new parameters and options in eslzArm/eslz-portal.json to support the Subnets should be private policy, including a new options group for enabling this policy. [1] [2] [3]
  • Updated eslzArm/eslzArm.json to add new parameters for enablePrivateSubnet and laCategory, and included new deployment conditions and URIs for the private subnet policy assignment. [1] [2] [3] [4] [5] [6]

Policy Assignment Updates:

  • Modified DINE-ResourceDiagnosticsPolicyAssignment.json to include a new parameter laCategory for selecting the category of logs to be forwarded to Log Analytics. [1] [2]

Azure Public

Deploy To Azure

Springstone and others added 18 commits August 14, 2024 20:34
@Springstone Springstone requested a review from a team as a code owner August 15, 2024 15:55
@Springstone Springstone added the Area: Policy 📝 Issues / PR's related to Policy label Aug 15, 2024
@Springstone Springstone added this to the policy-refresh-fy25-q1 milestone Aug 15, 2024
@jtracey93 jtracey93 added the PR: Safe to test 🧪 PRs can run more advanced tests that may deploy or access environments label Aug 16, 2024
@jtracey93 jtracey93 closed this Aug 16, 2024
@jtracey93 jtracey93 reopened this Aug 16, 2024
@jtracey93 jtracey93 merged commit 1f15462 into Azure:policy-refresh-q1fy25 Aug 27, 2024
2 of 3 checks passed
@Springstone Springstone deleted the DiagAudit branch August 29, 2024 09:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jtracey93 jtracey93 jtracey93 approved these changes

Assignees
No one assigned
Labels
Area: Policy 📝 Issues / PR's related to Policy PR: Safe to test 🧪 PRs can run more advanced tests that may deploy or access environments
Projects
None yet
Milestone
policy-refresh-fy25-q1
Development

Successfully merging this pull request may close these issues.
2 participants
@Springstone @jtracey93