chore: Update logAnalyticsWorkspace.json to enable Sentinel onboardin…

…g using the "default" name
Azure · Aug 13, 2024 · 0ecbc06 · 0ecbc06
1 parent f4e106f
commit 0ecbc06
Show file tree

Hide file tree

Showing 4 changed files with 44 additions and 2 deletions.
diff --git a/docs/wiki/Whats-new.md b/docs/wiki/Whats-new.md
@@ -1,7 +1,7 @@
 ## In this Section
 
 - [Updates](#updates)
-  - [July 2024](#july-2024)
+  - [August 2024](#august-2024)
   - [June 2024](#june-2024)
   - [🆕 AMA Updates](#-ama-updates)
   - [🔃 Policy Refresh H2 FY24](#-policy-refresh-h2-fy24)
@@ -47,11 +47,12 @@ This article will be updated as and when changes are made to the above and anyth
 
 Here's what's changed in Enterprise Scale/Azure Landing Zones:
 
-### July 2024
+### August 2024
 
 #### Other
 
 - Cleaned up the Log Analytics "solutions" in portal ARM template, as these are no longer required and deployed by ALZ.
+- Re-introduced the option to enable "Sentinel" in the portal accelerator.
 - Updated Microsoft Sentinel onboarding (enablement) using the new mechanism that fixes issues after 1 July 2024. Microsoft Sentinel is enabled by default through the portal accelerator as a best practice - we do not however configure any data connectors, we only enable the service. Should you wish to remove this, you can delete the association from the Azure Portal after deployment from the "Sentinel" feature blade.
 
 ### June 2024

diff --git a/eslzArm/eslz-portal.json b/eslzArm/eslz-portal.json
@@ -439,6 +439,26 @@
                                 "style": "Info"
                             }
                         },
+                        {
+                            "name": "enableSentinel",
+                            "type": "Microsoft.Common.OptionsGroup",
+                            "label": "Deploy Microsoft Sentinel and enable security monitoring for your platform and resources",
+                            "defaultValue": "Yes (recommended)",
+                            "toolTip": "If 'Yes' is selected Sentinel will be enabled on the Log Analytics workspace.",
+                            "constraints": {
+                                "allowedValues": [
+                                    {
+                                        "label": "Yes (recommended)",
+                                        "value": "Yes"
+                                    },
+                                    {
+                                        "label": "No",
+                                        "value": "No"
+                                    }
+                                ]
+                            },
+                            "visible": true
+                        },
                         {
                             "name": "esMgmtSubSection",
                             "type": "Microsoft.Common.Section",
@@ -8972,6 +8992,7 @@
                 "enableUpdateMgmt": "[steps('management').enableUpdateMgmt]",
                 "enableVmInsights": "[steps('management').enableVmInsights]",
                 "retentionInDays": "[string(steps('management').retentionInDays)]",
+                "enableSentinel": "[steps('management').enableSentinel]",
                 "managementSubscriptionId": "[steps('management').esMgmtSubSection.esMgmtSub]",
                 "enableAsc": "[steps('management').enableAsc]",
                 "emailContactAsc": "[steps('management').emailContactAsc]",

diff --git a/eslzArm/eslzArm.json b/eslzArm/eslzArm.json
@@ -40,6 +40,10 @@
             "type": "string",
             "defaultValue": ""
         },
+        "enableSentinel": {
+            "type": "string",
+            "defaultValue": "Yes"
+        },
         "managementSubscriptionId": {
             "type": "string",
             "defaultValue": "",
@@ -2403,6 +2407,9 @@
                     },
                     "retentionInDays": {
                         "value": "[parameters('retentionInDays')]"
+                    },
+                    "enableSentinel": {
+                        "value": "[parameters('enableSentinel')]"
                     }
                 }
             }
@@ -2566,6 +2573,9 @@
                     },
                     "retentionInDays": {
                         "value": "[parameters('retentionInDays')]"
+                    },
+                    "enableSentinel": {
+                        "value": "[parameters('enableSentinel')]"
                     }
                 }
             }
@@ -7499,6 +7509,9 @@
                     },
                     "retentionInDays": {
                         "value": "[parameters('retentionInDays')]"
+                    },
+                    "enableSentinel": {
+                        "value": "[parameters('enableSentinel')]"
                     }
                 }
             }
@@ -7578,6 +7591,9 @@
                     },
                     "retentionInDays": {
                         "value": "[parameters('retentionInDays')]"
+                    },
+                    "enableSentinel": {
+                        "value": "[parameters('enableSentinel')]"
                     }
                 }
             }

diff --git a/eslzArm/subscriptionTemplates/logAnalyticsWorkspace.json b/eslzArm/subscriptionTemplates/logAnalyticsWorkspace.json
@@ -19,6 +19,9 @@
       },
       "retentionInDays": {
         "type": "String"
+      },
+      "enableSentinel": {
+        "type": "String"
       }
     },
     "variables": {
@@ -88,6 +91,7 @@
               },
               {
                   // Onboard Sentinel
+                  "condition": "[equals(parameters('enableSentinel'), 'Yes')]",
                   "apiVersion": "2023-02-01-preview",
                   "type": "Microsoft.SecurityInsights/onboardingStates",
                   "name": "default",