diff --git a/docs/wiki/Whats-new.md b/docs/wiki/Whats-new.md index 40b2b46cd..ec4fc8977 100644 --- a/docs/wiki/Whats-new.md +++ b/docs/wiki/Whats-new.md @@ -58,6 +58,7 @@ Here's what's changed in Enterprise Scale/Azure Landing Zones: - Updated the ***Baseline alerts and monitoring*** integration section in the portal accelerator to deploy the latest release of AMBA (2025-01-10). To read more on the changes, see the [What's new](https://aka.ms/amba/alz/whatsnew) page in the AMBA documentation. - Added SQL Advanced Threat Protection status log to [dataCollectionRule-DefenderSQL.json](Enterprise-Scale/eslzArm/resourceGroupTemplates/dataCollectionRule-DefenderSQL.json) data collection rule. The logs allows identifying machines connected to the workspace with SQL ATP and the protection status on each instance on those machines and is used by MDfC Defender for SQL. +- Resolved deployment issues related to Service Health alerts. Previously, Service Health was not deployed when selected unless Azure Monitor Baseline Alerts were also selected. ### 🔃 Policy Refresh Q2 FY25 diff --git a/eslzArm/eslzArm.json b/eslzArm/eslzArm.json index ccf1a44fd..c792b11d2 100644 --- a/eslzArm/eslzArm.json +++ b/eslzArm/eslzArm.json @@ -2252,7 +2252,7 @@ }, { // Deploying AMBA custom policies. Note: These policies are pulled from AMBA remote repo (https://www.github.com/Azure/azure-monitor-baseline-alerts). See definition of deploymentUris.monitorPolicyDefinitions for more details - "condition": "[and(empty(parameters('singlePlatformSubscriptionId')), equals(parameters('enableMonitorBaselines'), 'Yes'))]", + "condition": "[and(empty(parameters('singlePlatformSubscriptionId')), or(equals(parameters('enableMonitorBaselines'), 'Yes'), equals(parameters('enableServiceHealth'), 'Yes')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2019-10-01", "name": "[variables('deploymentNames').monitorPolicyDeploymentName]", @@ -2292,40 +2292,40 @@ "value": "[variables('mgmtGroups').lzs]" }, "enableAMBAConnectivity": { - "value": "[parameters('enableMonitorConnectivity')]" + "value": "[if(and(equals(parameters('enableMonitorBaselines'), 'No'), equals(parameters('enableServiceHealth'), 'Yes')), 'No', parameters('enableMonitorConnectivity'))]" }, "enableAMBAIdentity": { - "value": "[parameters('enableMonitorIdentity')]" + "value": "[if(and(equals(parameters('enableMonitorBaselines'), 'No'), equals(parameters('enableServiceHealth'), 'Yes')), 'No', parameters('enableMonitorIdentity'))]" }, "enableAMBAManagement": { - "value": "[parameters('enableMonitorManagement')]" + "value": "[if(and(equals(parameters('enableMonitorBaselines'), 'No'), equals(parameters('enableServiceHealth'), 'Yes')), 'No', parameters('enableMonitorManagement'))]" }, "enableAMBAServiceHealth": { "value": "[parameters('enableServiceHealth')]" }, "enableAMBAHybridVM": { - "value": "[parameters('enableAMBAHybridVM')]" + "value": "[if(and(equals(parameters('enableMonitorBaselines'), 'No'), equals(parameters('enableServiceHealth'), 'Yes')), 'No', parameters('enableAMBAHybridVM'))]" }, "enableAMBAKeyManagement": { - "value": "[parameters('enableAMBAKeyManagement')]" + "value": "[if(and(equals(parameters('enableMonitorBaselines'), 'No'), equals(parameters('enableServiceHealth'), 'Yes')), 'No', parameters('enableAMBAKeyManagement'))]" }, "enableAMBALoadBalancing": { - "value": "[parameters('enableAMBALoadBalancing')]" + "value": "[if(and(equals(parameters('enableMonitorBaselines'), 'No'), equals(parameters('enableServiceHealth'), 'Yes')), 'No', parameters('enableAMBALoadBalancing'))]" }, "enableAMBANetworkChanges": { - "value": "[parameters('enableAMBANetworkChanges')]" + "value": "[if(and(equals(parameters('enableMonitorBaselines'), 'No'), equals(parameters('enableServiceHealth'), 'Yes')), 'No', parameters('enableAMBANetworkChanges'))]" }, "enableAMBARecoveryServices": { - "value": "[parameters('enableAMBARecoveryServices')]" + "value": "[if(and(equals(parameters('enableMonitorBaselines'), 'No'), equals(parameters('enableServiceHealth'), 'Yes')), 'No', parameters('enableAMBARecoveryServices'))]" }, "enableAMBAStorage": { - "value": "[parameters('enableAMBAStorage')]" + "value": "[if(and(equals(parameters('enableMonitorBaselines'), 'No'), equals(parameters('enableServiceHealth'), 'Yes')), 'No', parameters('enableAMBAStorage'))]" }, "enableAMBAVM": { - "value": "[parameters('enableAMBAVM')]" + "value": "[if(and(equals(parameters('enableMonitorBaselines'), 'No'), equals(parameters('enableServiceHealth'), 'Yes')), 'No', parameters('enableAMBAVM'))]" }, "enableAMBAWeb": { - "value": "[parameters('enableAMBAWeb')]" + "value": "[if(and(equals(parameters('enableMonitorBaselines'), 'No'), equals(parameters('enableServiceHealth'), 'Yes')), 'No', parameters('enableAMBAWeb'))]" }, "userAssignedManagedIdentityName": { "value": "[parameters('userAssignedManagedIdentityName')]" @@ -2356,7 +2356,7 @@ }, { /// Deploying AMBA custom policies. Note: These policies are pulled from AMBA remote repo (https://www.github.com/Azure/azure-monitor-baseline-alerts). See definition of deploymentUris.monitorPolicyDefinitions for more details - "condition": "[and(not(empty(parameters('singlePlatformSubscriptionId'))), equals(parameters('enableMonitorBaselines'), 'Yes'))]", + "condition": "[and(not(empty(parameters('singlePlatformSubscriptionId'))), or(equals(parameters('enableMonitorBaselines'), 'Yes'), equals(parameters('enableServiceHealth'), 'Yes')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2019-10-01", "name": "[variables('esLiteDeploymentNames').monitorPolicyLiteDeploymentName]", @@ -2395,46 +2395,46 @@ "value": "[variables('mgmtGroups').lzs]" }, "enableAMBAConnectivity": { - "value": "[parameters('enableMonitorConnectivity')]" + "value": "[if(and(equals(parameters('enableMonitorBaselines'), 'No'), equals(parameters('enableServiceHealth'), 'Yes')), 'No', parameters('enableMonitorConnectivity'))]" }, "enableAMBAIdentity": { - "value": "[parameters('enableMonitorIdentity')]" + "value": "[if(and(equals(parameters('enableMonitorBaselines'), 'No'), equals(parameters('enableServiceHealth'), 'Yes')), 'No', parameters('enableMonitorIdentity'))]" }, "enableAMBAManagement": { - "value": "[parameters('enableMonitorManagement')]" + "value": "[if(and(equals(parameters('enableMonitorBaselines'), 'No'), equals(parameters('enableServiceHealth'), 'Yes')), 'No', parameters('enableMonitorManagement'))]" }, "enableAMBAServiceHealth": { "value": "[parameters('enableServiceHealth')]" }, "enableAMBAHybridVM": { - "value": "[parameters('enableAMBAHybridVM')]" + "value": "[if(and(equals(parameters('enableMonitorBaselines'), 'No'), equals(parameters('enableServiceHealth'), 'Yes')), 'No', parameters('enableAMBAHybridVM'))]" }, "enableAMBAKeyManagement": { - "value": "[parameters('enableAMBAKeyManagement')]" + "value": "[if(and(equals(parameters('enableMonitorBaselines'), 'No'), equals(parameters('enableServiceHealth'), 'Yes')), 'No', parameters('enableAMBAKeyManagement'))]" }, "enableAMBALoadBalancing": { - "value": "[parameters('enableAMBALoadBalancing')]" + "value": "[if(and(equals(parameters('enableMonitorBaselines'), 'No'), equals(parameters('enableServiceHealth'), 'Yes')), 'No', parameters('enableAMBALoadBalancing'))]" }, "enableAMBANetworkChanges": { - "value": "[parameters('enableAMBANetworkChanges')]" + "value": "[if(and(equals(parameters('enableMonitorBaselines'), 'No'), equals(parameters('enableServiceHealth'), 'Yes')), 'No', parameters('enableAMBANetworkChanges'))]" }, "enableAMBARecoveryServices": { - "value": "[parameters('enableAMBARecoveryServices')]" + "value": "[if(and(equals(parameters('enableMonitorBaselines'), 'No'), equals(parameters('enableServiceHealth'), 'Yes')), 'No', parameters('enableAMBARecoveryServices'))]" }, "enableAMBAStorage": { - "value": "[parameters('enableAMBAStorage')]" + "value": "[if(and(equals(parameters('enableMonitorBaselines'), 'No'), equals(parameters('enableServiceHealth'), 'Yes')), 'No', parameters('enableAMBAStorage'))]" }, "enableAMBAVM": { - "value": "[parameters('enableAMBAVM')]" + "value": "[if(and(equals(parameters('enableMonitorBaselines'), 'No'), equals(parameters('enableServiceHealth'), 'Yes')), 'No', parameters('enableAMBAVM'))]" }, "enableAMBAWeb": { - "value": "[parameters('enableAMBAWeb')]" + "value": "[if(and(equals(parameters('enableMonitorBaselines'), 'No'), equals(parameters('enableServiceHealth'), 'Yes')), 'No', parameters('enableAMBAWeb'))]" }, "userAssignedManagedIdentityName": { "value": "[parameters('userAssignedManagedIdentityName')]" }, "ALZWebhookServiceUri": { - "value": "[array(parameters('ambaAgServiceHook'))]" + "value": "[if(empty(parameters('ambaAgServiceHook')), null(), array(parameters('ambaAgServiceHook')))]" }, "ALZArmRoleId": { "value": "[array(parameters('ambaAgArmRole'))]" @@ -2446,12 +2446,11 @@ "value": "[deployment().location]" }, "ALZMonitorActionGroupEmail": { - "value": "[array(parameters('ambaAgEmailContact'))]" + "value": "[if(empty(parameters('ambaAgEmailContact')), null(), array(parameters('ambaAgEmailContact')))]" }, "managementSubscriptionId": { "value": "[parameters('singlePlatformSubscriptionId')]" }, - "deployALZPortalAccelerator": { "value": "Yes" }