diff --git a/docs/wiki/Whats-new.md b/docs/wiki/Whats-new.md index 2c1e04212f..d0f53fc652 100644 --- a/docs/wiki/Whats-new.md +++ b/docs/wiki/Whats-new.md @@ -1,7 +1,7 @@ ## In this Section - [Updates](#updates) - - [July 2024](#july-2024) + - [August 2024](#august-2024) - [June 2024](#june-2024) - [🆕 AMA Updates](#-ama-updates) - [🔃 Policy Refresh H2 FY24](#-policy-refresh-h2-fy24) @@ -47,11 +47,12 @@ This article will be updated as and when changes are made to the above and anyth Here's what's changed in Enterprise Scale/Azure Landing Zones: -### July 2024 +### August 2024 #### Other - Cleaned up the Log Analytics "solutions" in portal ARM template, as these are no longer required and deployed by ALZ. +- Re-introduced the option to enable "Sentinel" in the portal accelerator. - Updated Microsoft Sentinel onboarding (enablement) using the new mechanism that fixes issues after 1 July 2024. Microsoft Sentinel is enabled by default through the portal accelerator as a best practice - we do not however configure any data connectors, we only enable the service. Should you wish to remove this, you can delete the association from the Azure Portal after deployment from the "Sentinel" feature blade. ### June 2024 diff --git a/eslzArm/eslz-portal.json b/eslzArm/eslz-portal.json index 047668d1f5..01d7885490 100644 --- a/eslzArm/eslz-portal.json +++ b/eslzArm/eslz-portal.json @@ -439,6 +439,26 @@ "style": "Info" } }, + { + "name": "enableSentinel", + "type": "Microsoft.Common.OptionsGroup", + "label": "Deploy Microsoft Sentinel and enable security monitoring for your platform and resources", + "defaultValue": "Yes (recommended)", + "toolTip": "If 'Yes' is selected Sentinel will be enabled on the Log Analytics workspace.", + "constraints": { + "allowedValues": [ + { + "label": "Yes (recommended)", + "value": "Yes" + }, + { + "label": "No", + "value": "No" + } + ] + }, + "visible": true + }, { "name": "esMgmtSubSection", "type": "Microsoft.Common.Section", @@ -8972,6 +8992,7 @@ "enableUpdateMgmt": "[steps('management').enableUpdateMgmt]", "enableVmInsights": "[steps('management').enableVmInsights]", "retentionInDays": "[string(steps('management').retentionInDays)]", + "enableSentinel": "[steps('management').enableSentinel]", "managementSubscriptionId": "[steps('management').esMgmtSubSection.esMgmtSub]", "enableAsc": "[steps('management').enableAsc]", "emailContactAsc": "[steps('management').emailContactAsc]", diff --git a/eslzArm/eslzArm.json b/eslzArm/eslzArm.json index 5a9aa8b753..585b870ee6 100644 --- a/eslzArm/eslzArm.json +++ b/eslzArm/eslzArm.json @@ -40,6 +40,10 @@ "type": "string", "defaultValue": "" }, + "enableSentinel": { + "type": "string", + "defaultValue": "Yes" + }, "managementSubscriptionId": { "type": "string", "defaultValue": "", @@ -2403,6 +2407,9 @@ }, "retentionInDays": { "value": "[parameters('retentionInDays')]" + }, + "enableSentinel": { + "value": "[parameters('enableSentinel')]" } } } @@ -2566,6 +2573,9 @@ }, "retentionInDays": { "value": "[parameters('retentionInDays')]" + }, + "enableSentinel": { + "value": "[parameters('enableSentinel')]" } } } @@ -7499,6 +7509,9 @@ }, "retentionInDays": { "value": "[parameters('retentionInDays')]" + }, + "enableSentinel": { + "value": "[parameters('enableSentinel')]" } } } @@ -7578,6 +7591,9 @@ }, "retentionInDays": { "value": "[parameters('retentionInDays')]" + }, + "enableSentinel": { + "value": "[parameters('enableSentinel')]" } } } diff --git a/eslzArm/subscriptionTemplates/logAnalyticsWorkspace.json b/eslzArm/subscriptionTemplates/logAnalyticsWorkspace.json index 0ff1cea57e..811f1b29e9 100644 --- a/eslzArm/subscriptionTemplates/logAnalyticsWorkspace.json +++ b/eslzArm/subscriptionTemplates/logAnalyticsWorkspace.json @@ -19,6 +19,9 @@ }, "retentionInDays": { "type": "String" + }, + "enableSentinel": { + "type": "String" } }, "variables": { @@ -88,6 +91,7 @@ }, { // Onboard Sentinel + "condition": "[equals(parameters('enableSentinel'), 'Yes')]", "apiVersion": "2023-02-01-preview", "type": "Microsoft.SecurityInsights/onboardingStates", "name": "default",