From 7acb7a7ea795f0dd67e32485f33f32b2fa83492c Mon Sep 17 00:00:00 2001 From: Brunoga-MS Date: Tue, 17 Oct 2023 21:10:44 +0200 Subject: [PATCH 01/29] AMBA Service Health Granular Deployment Flexibility --- patterns/alz/alzArm.param.json | 12 ++++ patterns/alz/policyDefinitions/policies.json | 16 ++--- .../Deploy-ServiceHealth-Alerts.json | 60 +++++++++++++++++++ ...tyLog-ResourceHealth-UnHealthly-Alert.json | 2 +- ...ploy-ActivityLog-ServiceHealth-Health.json | 14 ++++- ...oy-ActivityLog-ServiceHealth-Incident.json | 14 ++++- ...ActivityLog-ServiceHealth-Maintenance.json | 12 ++++ ...oy-ActivityLog-ServiceHealth-Security.json | 12 ++++ 8 files changed, 131 insertions(+), 11 deletions(-) diff --git a/patterns/alz/alzArm.param.json b/patterns/alz/alzArm.param.json index 1eba86117..0758be820 100644 --- a/patterns/alz/alzArm.param.json +++ b/patterns/alz/alzArm.param.json @@ -64,14 +64,26 @@ "SvcHlthAdvisoryAlertState": { "value": "true" }, + "serviceHealthAdvisoryPolicyEffect": { + "value": "deployIfNotExists" + }, "SvcHlthIncidentAlertState": { "value": "true" }, + "serviceHealthIncidentPolicyEffect": { + "value": "deployIfNotExists" + }, "SvcHlthMaintenanceAlertState": { "value": "true" }, + "serviceHealthMaintenancePolicyEffect": { + "value": "deployIfNotExists" + }, "svcHlthSecAdvisoryAlertState": { "value": "true" + }, + "serviceHealthSecurityPolicyEffect": { + "value": "deployIfNotExists" } } }, diff --git a/patterns/alz/policyDefinitions/policies.json b/patterns/alz/policyDefinitions/policies.json index 9055e2c69..09aeb85b0 100644 --- a/patterns/alz/policyDefinitions/policies.json +++ b/patterns/alz/policyDefinitions/policies.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "16338450904490782365" + "version": "0.19.5.34762", + "templateHash": "6828187488840043056" } }, "parameters": { @@ -117,8 +117,8 @@ ], "$fxv#0": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_AA_TotalJob_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy Automation Account TotalJob Alert\",\r\n \"description\": \"Policy to audit/deploy Automation Account TotalJob Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.0.1\",\r\n \"category\": \"Automation\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"2\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"P1D\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"defaultValue\": \"PT1M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisable\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Tag name to disable monitoring on resource. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Automation/automationAccounts\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisable'), ']')]\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricNamespace\",\r\n \"equals\": \"Microsoft.Automation/automationAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricName\",\r\n \"equals\": \"TotalJob\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricalerts/scopes[*]\",\r\n \"equals\": \"[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Automation/automationAccounts/', field('fullName'))]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceName\",\r\n \"description\": \"Name of the resource\"\r\n }\r\n },\r\n \"resourceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceId\",\r\n \"description\": \"Resource ID of the resource emitting the metric that will be used for the comparison\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"name\": \"[[concat(parameters('resourceName'), '-TotalJob')]\",\r\n \"location\": \"global\",\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"description\": \"Metric Alert for Automation Account TotalJob Alert\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[parameters('resourceId')]\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"name\": \"TotalJob\",\r\n \"metricNamespace\": \"Microsoft.Automation/automationAccounts\",\r\n \"metricName\": \"TotalJob\",\r\n \"dimensions\": [\r\n {\r\n \"name\": \"Status\",\r\n \"operator\": \"Exclude\",\r\n \"values\": [\r\n \"Completed\"\r\n ]\r\n }\r\n ],\r\n \"operator\": \"GreaterThan\",\r\n \"threshold\": \"[[parameters('threshold')]\",\r\n \"timeAggregation\": \"Average\",\r\n \"criterionType\": \"StaticThresholdCriterion\"\r\n }\r\n ],\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\"\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"parameters\": {\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"value\": \"[[field('name')]\"\r\n },\r\n \"resourceId\": {\r\n \"value\": \"[[field('id')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", "$fxv#1": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_activitylog_Firewall_Delete\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy Activity Log Azure FireWall Delete Alert\",\r\n \"description\": \"Policy to Deploy Activity Log Azure Firewall Delete Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.0.2\",\r\n \"category\": \"Network\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name\",\r\n \"description\": \"Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"rg-amba-monitoring-001\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"Object\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Tags\",\r\n \"description\": \"Tags on the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": {\r\n \"environment\": \"test\",\r\n \"_deployed_by_amba\": true\r\n }\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Location\",\r\n \"description\": \"Location of the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"centralus\"\r\n },\r\n \"MonitorDisable\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Tag name to disable monitoring on resource. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/azureFirewalls\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisable'), ']')]\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/activityLogAlerts\",\r\n \"name\": \"ActivityAzureFirewallDelete\",\r\n \"existenceScope\": \"resourceGroup\",\r\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\r\n \"deploymentScope\": \"subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n },\r\n {\r\n \"count\": {\r\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*]\",\r\n \"where\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field\",\r\n \"equals\": \"category\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals\",\r\n \"equals\": \"Administrative\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field\",\r\n \"equals\": \"operationName\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals\",\r\n \"equals\": \"Microsoft.Network/azureFirewalls/delete\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n },\r\n \"equals\": 2\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"location\": \"northeurope\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"object\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"apiVersion\": \"2020-10-01\",\r\n \"name\": \"[[parameters('alertResourceGroupName')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n {\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"apiVersion\": \"2019-10-01\",\r\n \"name\": \"ActivityAzureFirewallDelete\",\r\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\r\n \"dependsOn\": [\r\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\r\n ],\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"microsoft.insights/activityLogAlerts\",\r\n \"apiVersion\": \"2020-10-01\",\r\n \"name\": \"ActivityAzureFirewallDelete\",\r\n \"location\": \"global\",\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"description\": \"Activity Log Firewall Delete\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[subscription().id]\"\r\n ],\r\n \"condition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"category\",\r\n \"equals\": \"Administrative\"\r\n },\r\n {\r\n \"field\": \"operationName\",\r\n \"equals\": \"Microsoft.Network/azurefirewalls/delete\"\r\n },\r\n {\r\n \"field\": \"status\",\r\n \"containsAny\": [\r\n \"succeeded\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", - "$fxv#10": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_activitylog_ServiceHealth_Maintenance\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy Service Health Maintenance Alert\",\r\n \"description\": \"Policy to Deploy Service Health Maintenance Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.1.1\",\r\n \"category\": \"Monitoring\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name\",\r\n \"description\": \"Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"rg-amba-monitoring-001\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"Object\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Tags\",\r\n \"description\": \"Tags on the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": {\r\n \"_deployed_by_amba\": true\r\n }\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Location\",\r\n \"description\": \"Location of the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"centralus\"\r\n },\r\n \"ALZMonitorActionGroupEmail\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Action Group Email\",\r\n \"description\": \"Email address to send alerts to\"\r\n },\r\n \"defaultValue\": \"action@mail.com\"\r\n },\r\n \"MonitorDisable\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Tag name to disable monitoring Subscription level alerts. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisable'), ']')]\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/activityLogAlerts\",\r\n \"existenceScope\": \"resourcegroup\",\r\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\r\n \"deploymentScope\": \"subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n },\r\n {\r\n \"count\": {\r\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*]\",\r\n \"where\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field\",\r\n \"equals\": \"category\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals\",\r\n \"equals\": \"ServiceHealth\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"microsoft.insights/activityLogAlerts/condition.allOf[*].field\",\r\n \"equals\": \"properties.incidentType\"\r\n },\r\n {\r\n \"field\": \"microsoft.insights/activityLogAlerts/condition.allOf[*].equals\",\r\n \"equals\": \"Maintenance\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n },\r\n \"equals\": 2\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"location\": \"northeurope\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"object\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"ALZMonitorActionGroupEmail\": {\r\n \"type\": \"string\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"varALZMonitorActionGroupEmail\": \"[[array(split(parameters('ALZMonitorActionGroupEmail'),','))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"apiVersion\": \"2021-04-01\",\r\n \"name\": \"[[parameters('alertResourceGroupName')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n {\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"apiVersion\": \"2019-10-01\",\r\n \"name\": \"ServiceHealthMaintenance\",\r\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\r\n \"dependsOn\": [\r\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\r\n ],\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ALZMonitorActionGroupEmail\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"microsoft.insights/activityLogAlerts\",\r\n \"apiVersion\": \"2020-10-01\",\r\n \"name\": \"ServiceHealthPlannedMaintenance\",\r\n \"location\": \"global\",\r\n \"dependsOn\": [\r\n \"[[concat(subscription().Id, '/resourceGroups/', parameters('alertResourceGroupName'), '/providers/Microsoft.Insights/actionGroups/AmbaActionGr')]\"\r\n ],\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"actions\": {\r\n \"actionGroups\": [\r\n {\r\n \"actionGroupId\": \"[[concat(subscription().Id, '/resourceGroups/', parameters('alertResourceGroupName'), '/providers/Microsoft.Insights/actionGroups/AmbaActionGr')]\"\r\n }\r\n ]\r\n },\r\n \"description\": \"ServiceHealthPlannedMaintenance Alert\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[subscription().id]\"\r\n ],\r\n \"condition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"category\",\r\n \"equals\": \"ServiceHealth\"\r\n },\r\n {\r\n \"field\": \"properties.incidentType\",\r\n \"equals\": \"Maintenance\"\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"type\": \"Microsoft.Insights/actionGroups\",\r\n \"apiVersion\": \"2022-06-01\",\r\n \"name\": \"AmbaActionGr\",\r\n \"location\": \"global\",\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"groupShortName\": \"AmbaActionGr\",\r\n \"enabled\": true,\r\n \"copy\": [\r\n {\r\n \"name\": \"emailReceivers\",\r\n \"count\": \"[[length(variables('varALZMonitorActionGroupEmail'))]\",\r\n \"mode\": \"serial\",\r\n \"input\": {\r\n \"name\": \"[[concat('AlzMail-', indexOf(variables('varALZMonitorActionGroupEmail'), variables('varALZMonitorActionGroupEmail')[copyIndex('emailReceivers')]))]\",\r\n \"emailAddress\": \"[[trim(variables('varALZMonitorActionGroupEmail')[copyIndex('emailReceivers')])]\",\r\n \"useCommonSchema\": true\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"ALZMonitorActionGroupEmail\": {\r\n \"value\": \"[[parameters('ALZMonitorActionGroupEmail')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"ALZMonitorActionGroupEmail\": {\r\n \"value\": \"[[parameters('ALZMonitorActionGroupEmail')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", - "$fxv#11": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_activitylog_ServiceHealth_SecurityAdvisory\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy Service Health Security Advisory Alert\",\r\n \"description\": \"Policy to Deploy Service Health Security Advisory Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.1.1\",\r\n \"category\": \"Monitoring\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name\",\r\n \"description\": \"Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"rg-amba-monitoring-001\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"Object\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Tags\",\r\n \"description\": \"Tags on the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": {\r\n \"_deployed_by_amba\": true\r\n }\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Location\",\r\n \"description\": \"Location of the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"centralus\"\r\n },\r\n \"ALZMonitorActionGroupEmail\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Action Group Email\",\r\n \"description\": \"Email address to send alerts to\"\r\n },\r\n \"defaultValue\": \"action@mail.com\"\r\n },\r\n \"MonitorDisable\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Tag name to disable monitoring Subscription level alerts. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisable'), ']')]\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/activityLogAlerts\",\r\n \"existenceScope\": \"resourcegroup\",\r\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\r\n \"deploymentScope\": \"subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n },\r\n {\r\n \"count\": {\r\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*]\",\r\n \"where\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field\",\r\n \"equals\": \"category\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals\",\r\n \"equals\": \"ServiceHealth\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"microsoft.insights/activityLogAlerts/condition.allOf[*].field\",\r\n \"equals\": \"properties.incidentType\"\r\n },\r\n {\r\n \"field\": \"microsoft.insights/activityLogAlerts/condition.allOf[*].equals\",\r\n \"equals\": \"Security\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n },\r\n \"equals\": 2\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"location\": \"northeurope\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"object\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"ALZMonitorActionGroupEmail\": {\r\n \"type\": \"string\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"varALZMonitorActionGroupEmail\": \"[[array(split(parameters('ALZMonitorActionGroupEmail'),','))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"apiVersion\": \"2021-04-01\",\r\n \"name\": \"[[parameters('alertResourceGroupName')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n {\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"apiVersion\": \"2019-10-01\",\r\n \"name\": \"ServiceSecurityIncident\",\r\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\r\n \"dependsOn\": [\r\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\r\n ],\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ALZMonitorActionGroupEmail\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"microsoft.insights/activityLogAlerts\",\r\n \"apiVersion\": \"2020-10-01\",\r\n \"name\": \"ServiceHealthSecurityIncident\",\r\n \"location\": \"global\",\r\n \"dependsOn\": [\r\n \"[[concat(subscription().Id, '/resourceGroups/', parameters('alertResourceGroupName'), '/providers/Microsoft.Insights/actionGroups/AmbaActionGr')]\"\r\n ],\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"actions\": {\r\n \"actionGroups\": [\r\n {\r\n \"actionGroupId\": \"[[concat(subscription().Id, '/resourceGroups/', parameters('alertResourceGroupName'), '/providers/Microsoft.Insights/actionGroups/AmbaActionGr')]\"\r\n }\r\n ]\r\n },\r\n \"description\": \"Service Health Security Alert\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[subscription().id]\"\r\n ],\r\n \"condition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"category\",\r\n \"equals\": \"ServiceHealth\"\r\n },\r\n {\r\n \"field\": \"properties.incidentType\",\r\n \"equals\": \"Security\"\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"type\": \"Microsoft.Insights/actionGroups\",\r\n \"apiVersion\": \"2022-06-01\",\r\n \"name\": \"AmbaActionGr\",\r\n \"location\": \"global\",\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"groupShortName\": \"AmbaActionGr\",\r\n \"enabled\": true,\r\n \"copy\": [\r\n {\r\n \"name\": \"emailReceivers\",\r\n \"count\": \"[[length(variables('varALZMonitorActionGroupEmail'))]\",\r\n \"mode\": \"serial\",\r\n \"input\": {\r\n \"name\": \"[[concat('AlzMail-', indexOf(variables('varALZMonitorActionGroupEmail'), variables('varALZMonitorActionGroupEmail')[copyIndex('emailReceivers')]))]\",\r\n \"emailAddress\": \"[[trim(variables('varALZMonitorActionGroupEmail')[copyIndex('emailReceivers')])]\",\r\n \"useCommonSchema\": true\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"ALZMonitorActionGroupEmail\": {\r\n \"value\": \"[[parameters('ALZMonitorActionGroupEmail')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n \"ALZMonitorActionGroupEmail\": {\r\n \"value\": \"[[parameters('ALZMonitorActionGroupEmail')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", + "$fxv#10": "{\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"name\": \"Deploy_activitylog_ServiceHealth_Maintenance\",\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"Deploy Service Health Maintenance Alert\",\n \"description\": \"Policy to Deploy Service Health Maintenance Alert\",\n \"metadata\": {\n \"version\": \"1.1.1\",\n \"category\": \"Monitoring\",\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\"\n ],\n \"_deployed_by_amba\": \"True\"\n },\n \"parameters\": {\n \"enabled\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Alert State\",\n \"description\": \"Alert state for the alert\"\n },\n \"allowedValues\": [\n \"true\",\n \"false\"\n ],\n \"defaultValue\": \"true\"\n },\n \"alertResourceGroupName\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Resource Group Name\",\n \"description\": \"Resource group the alert is placed in\"\n },\n \"defaultValue\": \"rg-amba-monitoring-001\"\n },\n \"alertResourceGroupTags\": {\n \"type\": \"Object\",\n \"metadata\": {\n \"displayName\": \"Resource Group Tags\",\n \"description\": \"Tags on the Resource group the alert is placed in\"\n },\n \"defaultValue\": {\n \"_deployed_by_amba\": true\n }\n },\n \"alertResourceGroupLocation\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Resource Group Location\",\n \"description\": \"Location of the Resource group the alert is placed in\"\n },\n \"defaultValue\": \"centralus\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Action Group Email\",\n \"description\": \"Email address to send alerts to\"\n },\n \"defaultValue\": \"action@mail.com\"\n },\n \"effect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Effect of the policy\"\n },\n \"allowedValues\": [\n \"deployIfNotExists\",\n \"disabled\"\n ],\n \"defaultValue\": \"disabled\"\n },\n \"MonitorDisable\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Tag name to disable monitoring Subscription level alerts. Set to true if monitoring should be disabled\"\n },\n \"defaultValue\": \"MonitorDisable\"\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Resources/subscriptions\"\n },\n {\n \"field\": \"[[concat('tags[', parameters('MonitorDisable'), ']')]\",\n \"notEquals\": \"true\"\n }\n ]\n },\n \"then\": {\n \"effect\": \"deployIfNotExists\",\n \"details\": {\n \"roleDefinitionIds\": [\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\n ],\n \"type\": \"Microsoft.Insights/activityLogAlerts\",\n \"existenceScope\": \"resourcegroup\",\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\n \"deploymentScope\": \"subscription\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/enabled\",\n \"equals\": \"[[parameters('enabled')]\"\n },\n {\n \"count\": {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*]\",\n \"where\": {\n \"anyOf\": [\n {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field\",\n \"equals\": \"category\"\n },\n {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals\",\n \"equals\": \"ServiceHealth\"\n }\n ]\n },\n {\n \"allOf\": [\n {\n \"field\": \"microsoft.insights/activityLogAlerts/condition.allOf[*].field\",\n \"equals\": \"properties.incidentType\"\n },\n {\n \"field\": \"microsoft.insights/activityLogAlerts/condition.allOf[*].equals\",\n \"equals\": \"Maintenance\"\n }\n ]\n }\n ]\n }\n },\n \"equals\": 2\n }\n ]\n },\n \"deployment\": {\n \"location\": \"northeurope\",\n \"properties\": {\n \"mode\": \"incremental\",\n \"template\": {\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"alertResourceGroupName\": {\n \"type\": \"string\"\n },\n \"alertResourceGroupTags\": {\n \"type\": \"object\"\n },\n \"alertResourceGroupLocation\": {\n \"type\": \"string\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"type\": \"string\"\n },\n \"enabled\": {\n \"type\": \"string\"\n }\n },\n \"variables\": {\n \"varALZMonitorActionGroupEmail\": \"[[array(split(parameters('ALZMonitorActionGroupEmail'),','))]\"\n },\n \"resources\": [\n {\n \"type\": \"Microsoft.Resources/resourceGroups\",\n \"apiVersion\": \"2021-04-01\",\n \"name\": \"[[parameters('alertResourceGroupName')]\",\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\n },\n {\n \"type\": \"Microsoft.Resources/deployments\",\n \"apiVersion\": \"2019-10-01\",\n \"name\": \"ServiceHealthMaintenance\",\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\n \"dependsOn\": [\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\n ],\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"enabled\": {\n \"type\": \"string\"\n },\n \"alertResourceGroupName\": {\n \"type\": \"string\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"type\": \"string\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"microsoft.insights/activityLogAlerts\",\n \"apiVersion\": \"2020-10-01\",\n \"name\": \"ServiceHealthPlannedMaintenance\",\n \"location\": \"global\",\n \"dependsOn\": [\n \"[[concat(subscription().Id, '/resourceGroups/', parameters('alertResourceGroupName'), '/providers/Microsoft.Insights/actionGroups/AmbaActionGr')]\"\n ],\n \"tags\": {\n \"_deployed_by_amba\": true\n },\n \"properties\": {\n \"actions\": {\n \"actionGroups\": [\n {\n \"actionGroupId\": \"[[concat(subscription().Id, '/resourceGroups/', parameters('alertResourceGroupName'), '/providers/Microsoft.Insights/actionGroups/AmbaActionGr')]\"\n }\n ]\n },\n \"description\": \"ServiceHealthPlannedMaintenance Alert\",\n \"enabled\": \"[[parameters('enabled')]\",\n \"scopes\": [\n \"[[subscription().id]\"\n ],\n \"condition\": {\n \"allOf\": [\n {\n \"field\": \"category\",\n \"equals\": \"ServiceHealth\"\n },\n {\n \"field\": \"properties.incidentType\",\n \"equals\": \"Maintenance\"\n }\n ]\n },\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('enabled')]\"\n }\n }\n }\n },\n {\n \"type\": \"Microsoft.Insights/actionGroups\",\n \"apiVersion\": \"2022-06-01\",\n \"name\": \"AmbaActionGr\",\n \"location\": \"global\",\n \"tags\": {\n \"_deployed_by_amba\": true\n },\n \"properties\": {\n \"groupShortName\": \"AmbaActionGr\",\n \"enabled\": true,\n \"copy\": [\n {\n \"name\": \"emailReceivers\",\n \"count\": \"[[length(variables('varALZMonitorActionGroupEmail'))]\",\n \"mode\": \"serial\",\n \"input\": {\n \"name\": \"[[concat('AlzMail-', indexOf(variables('varALZMonitorActionGroupEmail'), variables('varALZMonitorActionGroupEmail')[copyIndex('emailReceivers')]))]\",\n \"emailAddress\": \"[[trim(variables('varALZMonitorActionGroupEmail')[copyIndex('emailReceivers')])]\",\n \"useCommonSchema\": true\n }\n }\n ]\n }\n }\n ]\n },\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('enabled')]\"\n },\n \"alertResourceGroupName\": {\n \"value\": \"[[parameters('alertResourceGroupName')]\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"value\": \"[[parameters('ALZMonitorActionGroupEmail')]\"\n }\n }\n }\n }\n ]\n },\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('enabled')]\"\n },\n \"alertResourceGroupName\": {\n \"value\": \"[[parameters('alertResourceGroupName')]\"\n },\n \"alertResourceGroupTags\": {\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\n },\n \"alertResourceGroupLocation\": {\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"value\": \"[[parameters('ALZMonitorActionGroupEmail')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n}\n", + "$fxv#11": "{\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"name\": \"Deploy_activitylog_ServiceHealth_SecurityAdvisory\",\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"Deploy Service Health Security Advisory Alert\",\n \"description\": \"Policy to Deploy Service Health Security Advisory Alert\",\n \"metadata\": {\n \"version\": \"1.1.1\",\n \"category\": \"Monitoring\",\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\"\n ],\n \"_deployed_by_amba\": \"True\"\n },\n \"parameters\": {\n \"enabled\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Alert State\",\n \"description\": \"Alert state for the alert\"\n },\n \"allowedValues\": [\n \"true\",\n \"false\"\n ],\n \"defaultValue\": \"true\"\n },\n \"alertResourceGroupName\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Resource Group Name\",\n \"description\": \"Resource group the alert is placed in\"\n },\n \"defaultValue\": \"rg-amba-monitoring-001\"\n },\n \"alertResourceGroupTags\": {\n \"type\": \"Object\",\n \"metadata\": {\n \"displayName\": \"Resource Group Tags\",\n \"description\": \"Tags on the Resource group the alert is placed in\"\n },\n \"defaultValue\": {\n \"_deployed_by_amba\": true\n }\n },\n \"alertResourceGroupLocation\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Resource Group Location\",\n \"description\": \"Location of the Resource group the alert is placed in\"\n },\n \"defaultValue\": \"centralus\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Action Group Email\",\n \"description\": \"Email address to send alerts to\"\n },\n \"defaultValue\": \"action@mail.com\"\n },\n \"effect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Effect of the policy\"\n },\n \"allowedValues\": [\n \"deployIfNotExists\",\n \"disabled\"\n ],\n \"defaultValue\": \"disabled\"\n },\n \"MonitorDisable\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Tag name to disable monitoring Subscription level alerts. Set to true if monitoring should be disabled\"\n },\n \"defaultValue\": \"MonitorDisable\"\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Resources/subscriptions\"\n },\n {\n \"field\": \"[[concat('tags[', parameters('MonitorDisable'), ']')]\",\n \"notEquals\": \"true\"\n }\n ]\n },\n \"then\": {\n \"effect\": \"deployIfNotExists\",\n \"details\": {\n \"roleDefinitionIds\": [\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\n ],\n \"type\": \"Microsoft.Insights/activityLogAlerts\",\n \"existenceScope\": \"resourcegroup\",\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\n \"deploymentScope\": \"subscription\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/enabled\",\n \"equals\": \"[[parameters('enabled')]\"\n },\n {\n \"count\": {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*]\",\n \"where\": {\n \"anyOf\": [\n {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field\",\n \"equals\": \"category\"\n },\n {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals\",\n \"equals\": \"ServiceHealth\"\n }\n ]\n },\n {\n \"allOf\": [\n {\n \"field\": \"microsoft.insights/activityLogAlerts/condition.allOf[*].field\",\n \"equals\": \"properties.incidentType\"\n },\n {\n \"field\": \"microsoft.insights/activityLogAlerts/condition.allOf[*].equals\",\n \"equals\": \"Security\"\n }\n ]\n }\n ]\n }\n },\n \"equals\": 2\n }\n ]\n },\n \"deployment\": {\n \"location\": \"northeurope\",\n \"properties\": {\n \"mode\": \"incremental\",\n \"template\": {\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"alertResourceGroupName\": {\n \"type\": \"string\"\n },\n \"alertResourceGroupTags\": {\n \"type\": \"object\"\n },\n \"alertResourceGroupLocation\": {\n \"type\": \"string\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"type\": \"string\"\n },\n \"enabled\": {\n \"type\": \"string\"\n }\n },\n \"variables\": {\n \"varALZMonitorActionGroupEmail\": \"[[array(split(parameters('ALZMonitorActionGroupEmail'),','))]\"\n },\n \"resources\": [\n {\n \"type\": \"Microsoft.Resources/resourceGroups\",\n \"apiVersion\": \"2021-04-01\",\n \"name\": \"[[parameters('alertResourceGroupName')]\",\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\n },\n {\n \"type\": \"Microsoft.Resources/deployments\",\n \"apiVersion\": \"2019-10-01\",\n \"name\": \"ServiceSecurityIncident\",\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\n \"dependsOn\": [\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\n ],\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"enabled\": {\n \"type\": \"string\"\n },\n \"alertResourceGroupName\": {\n \"type\": \"string\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"type\": \"string\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"microsoft.insights/activityLogAlerts\",\n \"apiVersion\": \"2020-10-01\",\n \"name\": \"ServiceHealthSecurityIncident\",\n \"location\": \"global\",\n \"dependsOn\": [\n \"[[concat(subscription().Id, '/resourceGroups/', parameters('alertResourceGroupName'), '/providers/Microsoft.Insights/actionGroups/AmbaActionGr')]\"\n ],\n \"tags\": {\n \"_deployed_by_amba\": true\n },\n \"properties\": {\n \"actions\": {\n \"actionGroups\": [\n {\n \"actionGroupId\": \"[[concat(subscription().Id, '/resourceGroups/', parameters('alertResourceGroupName'), '/providers/Microsoft.Insights/actionGroups/AmbaActionGr')]\"\n }\n ]\n },\n \"description\": \"Service Health Security Alert\",\n \"enabled\": \"[[parameters('enabled')]\",\n \"scopes\": [\n \"[[subscription().id]\"\n ],\n \"condition\": {\n \"allOf\": [\n {\n \"field\": \"category\",\n \"equals\": \"ServiceHealth\"\n },\n {\n \"field\": \"properties.incidentType\",\n \"equals\": \"Security\"\n }\n ]\n },\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('enabled')]\"\n }\n }\n }\n },\n {\n \"type\": \"Microsoft.Insights/actionGroups\",\n \"apiVersion\": \"2022-06-01\",\n \"name\": \"AmbaActionGr\",\n \"location\": \"global\",\n \"tags\": {\n \"_deployed_by_amba\": true\n },\n \"properties\": {\n \"groupShortName\": \"AmbaActionGr\",\n \"enabled\": true,\n \"copy\": [\n {\n \"name\": \"emailReceivers\",\n \"count\": \"[[length(variables('varALZMonitorActionGroupEmail'))]\",\n \"mode\": \"serial\",\n \"input\": {\n \"name\": \"[[concat('AlzMail-', indexOf(variables('varALZMonitorActionGroupEmail'), variables('varALZMonitorActionGroupEmail')[copyIndex('emailReceivers')]))]\",\n \"emailAddress\": \"[[trim(variables('varALZMonitorActionGroupEmail')[copyIndex('emailReceivers')])]\",\n \"useCommonSchema\": true\n }\n }\n ]\n }\n }\n ]\n },\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('enabled')]\"\n },\n \"alertResourceGroupName\": {\n \"value\": \"[[parameters('alertResourceGroupName')]\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"value\": \"[[parameters('ALZMonitorActionGroupEmail')]\"\n }\n }\n }\n }\n ]\n },\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('enabled')]\"\n },\n \"alertResourceGroupName\": {\n \"value\": \"[[parameters('alertResourceGroupName')]\"\n },\n \"alertResourceGroupTags\": {\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"value\": \"[[parameters('ALZMonitorActionGroupEmail')]\"\n },\n \"alertResourceGroupLocation\": {\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n}\n", "$fxv#12": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_activitylog_VPNGateway_Delete\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy Activity Log VPN Gateway Delete Alert\",\r\n \"description\": \"Policy to Deploy Activity Log VPN Gateway Delete Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.0.1\",\r\n \"category\": \"Network\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name\",\r\n \"description\": \"Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"AlzMonitoring-rg\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"Object\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Tags\",\r\n \"description\": \"Tags on the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": {\r\n \"environment\": \"test\",\r\n \"_deployed_by_amba\": true\r\n }\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Location\",\r\n \"description\": \"Location of the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"centralus\"\r\n },\r\n \"MonitorDisable\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Tag name to disable monitoring resource. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/vpnGateways\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisable'), ']')]\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/activityLogAlerts\",\r\n \"existenceScope\": \"resourcegroup\",\r\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\r\n \"deploymentScope\": \"subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n },\r\n {\r\n \"count\": {\r\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*]\",\r\n \"where\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field\",\r\n \"equals\": \"category\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals\",\r\n \"equals\": \"Administrative\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"microsoft.insights/activityLogAlerts/condition.allOf[*].field\",\r\n \"equals\": \"operationName\"\r\n },\r\n {\r\n \"field\": \"microsoft.insights/activityLogAlerts/condition.allOf[*].equals\",\r\n \"equals\": \"Microsoft.Network/vpnGateways/delete\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n },\r\n \"equals\": 2\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"location\": \"northeurope\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"object\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"apiVersion\": \"2021-04-01\",\r\n \"name\": \"[[parameters('alertResourceGroupName')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n {\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"apiVersion\": \"2019-10-01\",\r\n \"name\": \"ActivityVPNGatewayDelete\",\r\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\r\n \"dependsOn\": [\r\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\r\n ],\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"microsoft.insights/activityLogAlerts\",\r\n \"apiVersion\": \"2020-10-01\",\r\n \"name\": \"ActivityVPNGatewayDelete\",\r\n \"location\": \"global\",\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"description\": \"Activity Log VPN Gateway Delete\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[subscription().id]\"\r\n ],\r\n \"condition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"category\",\r\n \"equals\": \"Administrative\"\r\n },\r\n {\r\n \"field\": \"operationName\",\r\n \"equals\": \"Microsoft.Network/vpnGateways/delete\"\r\n },\r\n {\r\n \"field\": \"status\",\r\n \"containsAny\": [\r\n \"succeeded\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", "$fxv#13": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_AFW_FirewallHealth_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy AFW FirewallHealth Alert\",\r\n \"description\": \"Policy to audit/deploy Azure Firewall FirewallHealth Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.0.1\",\r\n \"category\": \"Network\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"0\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"P1D\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"defaultValue\": \"PT1M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"90\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisable\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Tag name to disable monitoring resource. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/azureFirewalls\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisable'), ']')]\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace\",\r\n \"equals\": \"Microsoft.Network/azureFirewalls\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName\",\r\n \"equals\": \"FirewallHealth\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricalerts/scopes[*]\",\r\n \"equals\": \"[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/azureFirewalls/', field('fullName'))]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceName\",\r\n \"description\": \"Name of the resource\"\r\n }\r\n },\r\n \"resourceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceId\",\r\n \"description\": \"Resource ID of the resource emitting the metric that will be used for the comparison\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"name\": \"[[concat(parameters('resourceName'), '-FirewallHealth')]\",\r\n \"location\": \"global\",\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"description\": \"Metric Alert for AFW FirewallHealth\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[parameters('resourceId')]\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"name\": \"FirewallHealth\",\r\n \"metricNamespace\": \"Microsoft.Network/azureFirewalls\",\r\n \"metricName\": \"FirewallHealth\",\r\n \"operator\": \"LessThan\",\r\n \"threshold\": \"[[parameters('threshold')]\",\r\n \"timeAggregation\": \"Average\",\r\n \"criterionType\": \"StaticThresholdCriterion\"\r\n }\r\n ],\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\"\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"parameters\": {\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"value\": \"[[field('name')]\"\r\n },\r\n \"resourceId\": {\r\n \"value\": \"[[field('id')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", "$fxv#14": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_AFW_SNATPortUtilization_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy AFW SNATPortUtilization Alert\",\r\n \"description\": \"Policy to audit/deploy Azure Firewall SNATPortUtilization Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.0.1\",\r\n \"category\": \"Network\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"1\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"P1D\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"defaultValue\": \"PT1M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"80\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisable\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Tag name to disable monitoring resource. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/azureFirewalls\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisable'), ']')]\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace\",\r\n \"equals\": \"Microsoft.Network/azureFirewalls\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName\",\r\n \"equals\": \"SNATPortUtilization\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricalerts/scopes[*]\",\r\n \"equals\": \"[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/azureFirewalls/', field('fullName'))]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceName\",\r\n \"description\": \"Name of the resource\"\r\n }\r\n },\r\n \"resourceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceId\",\r\n \"description\": \"Resource ID of the resource emitting the metric that will be used for the comparison\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"name\": \"[[concat(parameters('resourceName'), '-SNATPortUtilization')]\",\r\n \"location\": \"global\",\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"description\": \"Metric Alert for AFW SNATPortUtilization\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[parameters('resourceId')]\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"name\": \"SNATPortUtilization\",\r\n \"metricNamespace\": \"Microsoft.Network/azureFirewalls\",\r\n \"metricName\": \"SNATPortUtilization\",\r\n \"operator\": \"GreaterThan\",\r\n \"threshold\": \"[[parameters('threshold')]\",\r\n \"timeAggregation\": \"Average\",\r\n \"criterionType\": \"StaticThresholdCriterion\"\r\n }\r\n ],\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\"\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"parameters\": {\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"value\": \"[[field('name')]\"\r\n },\r\n \"resourceId\": {\r\n \"value\": \"[[field('id')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", @@ -171,7 +171,7 @@ "$fxv#57": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_VnetGw_TunnelIngressPacketDropCount_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy VNetG Ingress Packet Drop Count Alert\",\r\n \"description\": \"Policy to audit/deploy Vnet Gateway Ingress Packet Drop Count Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.0.1\",\r\n \"category\": \"Network\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"3\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"P1D\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisable\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Tag name to disable monitoring resource. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.network/virtualNetworkGateways\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/virtualNetworkGateways/gatewayType\",\r\n \"equals\": \"VPN\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisable'), ']')]\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace\",\r\n \"equals\": \"microsoft.network/virtualNetworkGateways\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName\",\r\n \"equals\": \"TunnelIngressPacketDropCount\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricalerts/scopes[*]\",\r\n \"equals\": \"[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.network/virtualNetworkGateways/', field('fullName'))]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceName\",\r\n \"description\": \"Name of the resource\"\r\n }\r\n },\r\n \"resourceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceId\",\r\n \"description\": \"Resource ID of the resource emitting the metric that will be used for the comparison\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"name\": \"[[concat(parameters('resourceName'), '-TunnelIngressPacketDropCountAlert')]\",\r\n \"location\": \"global\",\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"description\": \"Metric Alert for Vnet Gateway tunnel TunnelIngressPacketDropCount\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[parameters('resourceId')]\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"alertSensitivity\": \"Medium\",\r\n \"failingPeriods\": {\r\n \"numberOfEvaluationPeriods\": 4,\r\n \"minFailingPeriodsToAlert\": 4\r\n },\r\n \"name\": \"TunnelIngressPacketDropCount\",\r\n \"metricNamespace\": \"microsoft.network/virtualNetworkGateways\",\r\n \"metricName\": \"TunnelIngressPacketDropCount\",\r\n \"operator\": \"GreaterThan\",\r\n \"timeAggregation\": \"Average\",\r\n \"criterionType\": \"DynamicThresholdCriterion\"\r\n }\r\n ],\r\n \"odata.type\": \"Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria\"\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"parameters\": {\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"value\": \"[[field('name')]\"\r\n },\r\n \"resourceId\": {\r\n \"value\": \"[[field('id')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", "$fxv#58": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_VnetGw_TunnelIngressPacketDropMismatch_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy VNetG Ingress Packet Drop Mismatch Alert\",\r\n \"description\": \"Policy to audit/deploy Vnet Gateway Ingress Packet Drop Mismatch Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.0.1\",\r\n \"category\": \"Network\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"3\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"P1D\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisable\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Tag name to disable monitoring resource. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.network/virtualNetworkGateways\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/virtualNetworkGateways/gatewayType\",\r\n \"equals\": \"VPN\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisable'), ']')]\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace\",\r\n \"equals\": \"microsoft.network/virtualNetworkGateways\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName\",\r\n \"equals\": \"TunnelIngressPacketDropTSMismatch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricalerts/scopes[*]\",\r\n \"equals\": \"[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.network/virtualNetworkGateways/', field('fullName'))]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceName\",\r\n \"description\": \"Name of the resource\"\r\n }\r\n },\r\n \"resourceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceId\",\r\n \"description\": \"Resource ID of the resource emitting the metric that will be used for the comparison\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"name\": \"[[concat(parameters('resourceName'), '-TunnelIngressPacketDropTSMismatchAlert')]\",\r\n \"location\": \"global\",\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"description\": \"Metric Alert for Vnet Gateway tunnel TunnelIngressPacketDropTSMismatch\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[parameters('resourceId')]\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"alertSensitivity\": \"Medium\",\r\n \"failingPeriods\": {\r\n \"numberOfEvaluationPeriods\": 4,\r\n \"minFailingPeriodsToAlert\": 4\r\n },\r\n \"name\": \"TunnelIngressPacketDropTSMismatch\",\r\n \"metricNamespace\": \"microsoft.network/virtualNetworkGateways\",\r\n \"metricName\": \"TunnelIngressPacketDropTSMismatch\",\r\n \"operator\": \"GreaterThan\",\r\n \"timeAggregation\": \"Average\",\r\n \"criterionType\": \"DynamicThresholdCriterion\"\r\n }\r\n ],\r\n \"odata.type\": \"Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria\"\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"parameters\": {\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"value\": \"[[field('name')]\"\r\n },\r\n \"resourceId\": {\r\n \"value\": \"[[field('id')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", "$fxv#59": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_VPNGw_BandwidthUtil_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy VPNG Bandwidth Utilization Alert\",\r\n \"description\": \"Policy to audit/deploy VPN Gateway Bandwidth Utilization Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.0.1\",\r\n \"category\": \"Network\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"0\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"P1D\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"defaultValue\": \"PT1M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisable\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Tag name to disable monitoring resource. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.network/vpngateways\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisable'), ']')]\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricNamespace\",\r\n \"equals\": \"microsoft.network/vpngateways\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricName\",\r\n \"equals\": \"tunnelaveragebandwidth\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricalerts/scopes[*]\",\r\n \"equals\": \"[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.network/vpngateways/', field('fullName'))]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceName\",\r\n \"description\": \"Name of the resource\"\r\n }\r\n },\r\n \"resourceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceId\",\r\n \"description\": \"Resource ID of the resource emitting the metric that will be used for the comparison\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"name\": \"[[concat(parameters('resourceName'), '-GatewayBandwidthAlert')]\",\r\n \"location\": \"global\",\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"description\": \"Metric Alert for VPN Gateway Bandwidth Utilization\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[parameters('resourceId')]\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"name\": \"tunnelaveragebandwidth\",\r\n \"metricNamespace\": \"microsoft.network/vpngateways\",\r\n \"metricName\": \"tunnelaveragebandwidth\",\r\n \"operator\": \"LessThan\",\r\n \"threshold\": \"[[parameters('threshold')]\",\r\n \"timeAggregation\": \"Average\",\r\n \"criterionType\": \"StaticThresholdCriterion\"\r\n }\r\n ],\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\"\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"parameters\": {\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"value\": \"[[field('name')]\"\r\n },\r\n \"resourceId\": {\r\n \"value\": \"[[field('id')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", - "$fxv#6": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_activitylog_ResourceHealth_Unhealthy_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy Resource Health Unhealthy Alert\",\r\n \"description\": \"Policy to Deploy Resource Health Unhealthy Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.0.2\",\r\n \"category\": \"Monitoring\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name\",\r\n \"description\": \"Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"rg-amba-monitoring-001\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"Object\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Tags\",\r\n \"description\": \"Tags on the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": {\r\n \"environment\": \"test\",\r\n \"_deployed_by_amba\": true\r\n }\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Location\",\r\n \"description\": \"Location of the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"centralus\"\r\n },\r\n \"MonitorDisable\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Tag name to disable monitoring on subscripton level alerts. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisable'), ']')]\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/activityLogAlerts\",\r\n \"existenceScope\": \"resourcegroup\",\r\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\r\n \"deploymentScope\": \"subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n },\r\n {\r\n \"count\": {\r\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*]\",\r\n \"where\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field\",\r\n \"equals\": \"category\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals\",\r\n \"equals\": \"ResourceHealth\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n },\r\n \"equals\": 1\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"location\": \"northeurope\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"object\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"apiVersion\": \"2021-04-01\",\r\n \"name\": \"[[parameters('alertResourceGroupName')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n {\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"apiVersion\": \"2019-10-01\",\r\n \"name\": \"ResourceHealtAlert\",\r\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\r\n \"dependsOn\": [\r\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\r\n ],\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"microsoft.insights/activityLogAlerts\",\r\n \"apiVersion\": \"2020-10-01\",\r\n \"name\": \"ResourceHealthUnhealthyAlert\",\r\n \"location\": \"global\",\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"description\": \"Resource Health Unhealthy Alert\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[subscription().id]\"\r\n ],\r\n \"condition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"category\",\r\n \"equals\": \"ResourceHealth\"\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"properties.cause\",\r\n \"equals\": \"PlatformInitiated\"\r\n },\r\n {\r\n \"field\": \"properties.cause\",\r\n \"equals\": \"UserInitiated\"\r\n }\r\n ]\r\n },\r\n {\r\n \"anyOf\": [\r\n {\r\n \"field\": \"properties.currentHealthStatus\",\r\n \"equals\": \"Degraded\"\r\n },\r\n {\r\n \"field\": \"properties.currentHealthStatus\",\r\n \"equals\": \"Unavailable\"\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", + "$fxv#6": "{\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"name\": \"Deploy_activitylog_ResourceHealth_Unhealthy_Alert\",\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"Deploy Resource Health Unhealthy Alert\",\n \"description\": \"Policy to Deploy Resource Health Unhealthy Alert\",\n \"metadata\": {\n \"version\": \"1.0.2\",\n \"category\": \"Monitoring\",\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\"\n ],\n \"_deployed_by_amba\": \"True\"\n },\n \"parameters\": {\n \"enabled\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Alert State\",\n \"description\": \"Alert state for the alert\"\n },\n \"allowedValues\": [\n \"true\",\n \"false\"\n ],\n \"defaultValue\": \"true\"\n },\n \"alertResourceGroupName\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Resource Group Name\",\n \"description\": \"Resource group the alert is placed in\"\n },\n \"defaultValue\": \"rg-amba-monitoring-001\"\n },\n \"alertResourceGroupTags\": {\n \"type\": \"Object\",\n \"metadata\": {\n \"displayName\": \"Resource Group Tags\",\n \"description\": \"Tags on the Resource group the alert is placed in\"\n },\n \"defaultValue\": {\n \"environment\": \"test\",\n \"_deployed_by_amba\": true\n }\n },\n \"alertResourceGroupLocation\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Resource Group Location\",\n \"description\": \"Location of the Resource group the alert is placed in\"\n },\n \"defaultValue\": \"centralus\"\n },\n \"MonitorDisable\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Tag name to disable monitoring on subscription level alerts. Set to true if monitoring should be disabled\"\n },\n \"defaultValue\": \"MonitorDisable\"\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Resources/subscriptions\"\n },\n {\n \"field\": \"[[concat('tags[', parameters('MonitorDisable'), ']')]\",\n \"notEquals\": \"true\"\n }\n ]\n },\n \"then\": {\n \"effect\": \"deployIfNotExists\",\n \"details\": {\n \"roleDefinitionIds\": [\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\n ],\n \"type\": \"Microsoft.Insights/activityLogAlerts\",\n \"existenceScope\": \"resourcegroup\",\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\n \"deploymentScope\": \"subscription\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/enabled\",\n \"equals\": \"[[parameters('enabled')]\"\n },\n {\n \"count\": {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*]\",\n \"where\": {\n \"anyOf\": [\n {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field\",\n \"equals\": \"category\"\n },\n {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals\",\n \"equals\": \"ResourceHealth\"\n }\n ]\n }\n ]\n }\n },\n \"equals\": 1\n }\n ]\n },\n \"deployment\": {\n \"location\": \"northeurope\",\n \"properties\": {\n \"mode\": \"incremental\",\n \"template\": {\n \"$schema\": \"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"alertResourceGroupName\": {\n \"type\": \"string\"\n },\n \"alertResourceGroupTags\": {\n \"type\": \"object\"\n },\n \"alertResourceGroupLocation\": {\n \"type\": \"string\"\n },\n \"enabled\": {\n \"type\": \"string\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"Microsoft.Resources/resourceGroups\",\n \"apiVersion\": \"2021-04-01\",\n \"name\": \"[[parameters('alertResourceGroupName')]\",\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\n },\n {\n \"type\": \"Microsoft.Resources/deployments\",\n \"apiVersion\": \"2019-10-01\",\n \"name\": \"ResourceHealtAlert\",\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\n \"dependsOn\": [\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\n ],\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"enabled\": {\n \"type\": \"string\"\n },\n \"alertResourceGroupName\": {\n \"type\": \"string\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"microsoft.insights/activityLogAlerts\",\n \"apiVersion\": \"2020-10-01\",\n \"name\": \"ResourceHealthUnhealthyAlert\",\n \"location\": \"global\",\n \"tags\": {\n \"_deployed_by_amba\": true\n },\n \"properties\": {\n \"description\": \"Resource Health Unhealthy Alert\",\n \"enabled\": \"[[parameters('enabled')]\",\n \"scopes\": [\n \"[[subscription().id]\"\n ],\n \"condition\": {\n \"allOf\": [\n {\n \"field\": \"category\",\n \"equals\": \"ResourceHealth\"\n },\n {\n \"anyOf\": [\n {\n \"field\": \"properties.cause\",\n \"equals\": \"PlatformInitiated\"\n },\n {\n \"field\": \"properties.cause\",\n \"equals\": \"UserInitiated\"\n }\n ]\n },\n {\n \"anyOf\": [\n {\n \"field\": \"properties.currentHealthStatus\",\n \"equals\": \"Degraded\"\n },\n {\n \"field\": \"properties.currentHealthStatus\",\n \"equals\": \"Unavailable\"\n }\n ]\n }\n ]\n },\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('enabled')]\"\n }\n }\n }\n }\n ]\n },\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('enabled')]\"\n },\n \"alertResourceGroupName\": {\n \"value\": \"[[parameters('alertResourceGroupName')]\"\n }\n }\n }\n }\n ]\n },\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('enabled')]\"\n },\n \"alertResourceGroupName\": {\n \"value\": \"[[parameters('alertResourceGroupName')]\"\n },\n \"alertResourceGroupTags\": {\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\n },\n \"alertResourceGroupLocation\": {\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n}\n", "$fxv#60": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_VPNGw_BGPPeerStatus_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy VPNG BGP Peer Status Alert\",\r\n \"description\": \"Policy to audit/deploy VPN Gateway BGP Peer Status Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.0.1\",\r\n \"category\": \"Network\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"0\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"P1D\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"defaultValue\": \"PT1M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisable\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Tag name to disable monitoring resource. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.network/vpngateways\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisable'), ']')]\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricNamespace\",\r\n \"equals\": \"microsoft.network/vpngateways\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricName\",\r\n \"equals\": \"bgppeerstatus\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricalerts/scopes[*]\",\r\n \"equals\": \"[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.network/vpngateways/', field('fullName'))]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceName\",\r\n \"description\": \"Name of the resource\"\r\n }\r\n },\r\n \"resourceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceId\",\r\n \"description\": \"Resource ID of the resource emitting the metric that will be used for the comparison\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"name\": \"[[concat(parameters('resourceName'), '-BGPPeerStatusAlert')]\",\r\n \"location\": \"global\",\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"description\": \"Metric Alert for VPN Gateway BGP peer status\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[parameters('resourceId')]\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"name\": \"bgppeerstatus\",\r\n \"metricNamespace\": \"microsoft.network/vpngateways\",\r\n \"metricName\": \"bgppeerstatus\",\r\n \"operator\": \"LessThan\",\r\n \"threshold\": \"[[parameters('threshold')]\",\r\n \"timeAggregation\": \"Total\",\r\n \"criterionType\": \"StaticThresholdCriterion\"\r\n }\r\n ],\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\"\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"parameters\": {\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"value\": \"[[field('name')]\"\r\n },\r\n \"resourceId\": {\r\n \"value\": \"[[field('id')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", "$fxv#61": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_VPNGw_Egress_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy VPNG Egress Alert\",\r\n \"description\": \"Policy to audit/deploy VPN Gateway Egress Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.0.1\",\r\n \"category\": \"Network\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"0\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"P1D\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"disabled\"\r\n },\r\n \"MonitorDisable\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Tag name to disable monitoring resource. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.network/vpngateways\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisable'), ']')]\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricNamespace\",\r\n \"equals\": \"microsoft.network/vpngateways\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricName\",\r\n \"equals\": \"tunnelegressbytes\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricalerts/scopes[*]\",\r\n \"equals\": \"[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.network/vpngateways/', field('fullName'))]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceName\",\r\n \"description\": \"Name of the resource\"\r\n }\r\n },\r\n \"resourceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceId\",\r\n \"description\": \"Resource ID of the resource emitting the metric that will be used for the comparison\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"name\": \"[[concat(parameters('resourceName'), '-TunnelEgressAlert')]\",\r\n \"location\": \"global\",\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"description\": \"Metric Alert for VPN Gateway tunnel egress bytes\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[parameters('resourceId')]\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"name\": \"tunnelegressbytes\",\r\n \"metricNamespace\": \"microsoft.network/vpngateways\",\r\n \"metricName\": \"tunnelegressbytes\",\r\n \"operator\": \"LessThan\",\r\n \"threshold\": \"[[parameters('threshold')]\",\r\n \"timeAggregation\": \"Average\",\r\n \"criterionType\": \"StaticThresholdCriterion\"\r\n }\r\n ],\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\"\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"parameters\": {\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"value\": \"[[field('name')]\"\r\n },\r\n \"resourceId\": {\r\n \"value\": \"[[field('id')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", "$fxv#62": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_VPNGw_TunnelEgressPacketDropCount_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy VPNG Egress Packet Drop Count Alert\",\r\n \"description\": \"Policy to audit/deploy VPN Gateway Egress Packet Drop Count Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.0.1\",\r\n \"category\": \"Network\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"3\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"P1D\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisable\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Tag name to disable monitoring resource. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.network/vpngateways\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisable'), ']')]\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace\",\r\n \"equals\": \"microsoft.network/vpngateways\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName\",\r\n \"equals\": \"TunnelEgressPacketDropCount\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricalerts/scopes[*]\",\r\n \"equals\": \"[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.network/vpngateways/', field('fullName'))]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceName\",\r\n \"description\": \"Name of the resource\"\r\n }\r\n },\r\n \"resourceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceId\",\r\n \"description\": \"Resource ID of the resource emitting the metric that will be used for the comparison\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"name\": \"[[concat(parameters('resourceName'), '-TunnelEgressPacketDropCountAlert')]\",\r\n \"location\": \"global\",\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"description\": \"Metric Alert for VPN Gateway tunnel TunnelEgressPacketDropCount\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[parameters('resourceId')]\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"alertSensitivity\": \"Medium\",\r\n \"failingPeriods\": {\r\n \"numberOfEvaluationPeriods\": 4,\r\n \"minFailingPeriodsToAlert\": 4\r\n },\r\n \"name\": \"TunnelEgressPacketDropCount\",\r\n \"metricNamespace\": \"microsoft.network/vpngateways\",\r\n \"metricName\": \"TunnelEgressPacketDropCount\",\r\n \"operator\": \"GreaterThan\",\r\n \"timeAggregation\": \"Average\",\r\n \"criterionType\": \"DynamicThresholdCriterion\"\r\n }\r\n ],\r\n \"odata.type\": \"Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria\"\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"parameters\": {\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"value\": \"[[field('name')]\"\r\n },\r\n \"resourceId\": {\r\n \"value\": \"[[field('id')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", @@ -193,7 +193,7 @@ "$fxv#77": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_ERP_ExpressRouteBitsOut_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy ER Direct ExpressRoute Bits Out Alert\",\r\n \"description\": \"Policy to audit/deploy ER Direct Connection BitsOutPerSecond Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.0.1\",\r\n \"Category\": \"Networking\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\"0\", \"1\", \"2\", \"3\", \"4\"],\r\n \"defaultValue\": \"0\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"P1D\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\"PT1M\", \"PT5M\", \"PT15M\", \"PT30M\", \"PT1H\"],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\"true\", \"false\"],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\"true\", \"false\"],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\"deployIfNotExists\", \"disabled\"],\r\n \"defaultValue\": \"disabled\"\r\n },\r\n \"MonitorDisable\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Tag name to disable monitoring resource. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/expressRoutePorts\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisable'), ']')]\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace\",\r\n \"equals\": \"Microsoft.Network/expressRoutePorts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName\",\r\n \"equals\": \"PortBitsOutPerSecond\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricalerts/scopes[*]\",\r\n \"equals\": \"[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/expressRoutePorts/', field('fullName'))]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceName\",\r\n \"description\": \"Name of the resource\"\r\n }\r\n },\r\n \"resourceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceId\",\r\n \"description\": \"Resource ID of the resource emitting the metric that will be used for the comparison\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"name\": \"[[concat(parameters('resourceName'), '-DirectERBitsOutAlert')]\",\r\n \"location\": \"global\",\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"description\": \"Metric Alert for ER Direct Connection BitsOutPerSecond\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\"[[parameters('resourceId')]\"],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"name\": \"PortBitsOutPerSecond\",\r\n \"metricNamespace\": \"Microsoft.Network/expressRoutePorts\",\r\n \"metricName\": \"PortBitsOutPerSecond\",\r\n \"operator\": \"LessThan\",\r\n \"threshold\": \"[[parameters('threshold')]\",\r\n \"timeAggregation\": \"Average\",\r\n \"criterionType\": \"StaticThresholdCriterion\"\r\n }\r\n ],\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\"\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"parameters\": {\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"value\": \"[[field('name')]\"\r\n },\r\n \"resourceId\": {\r\n \"value\": \"[[field('id')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", "$fxv#78": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_ERP_ExpressRoutLineProtocol_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy ER Direct ExpressRoute LineProtocol Alert\",\r\n \"description\": \"Policy to audit/deploy ER Direct LineProtocol Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.0.1\",\r\n \"Category\": \"Networking\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\"0\", \"1\", \"2\", \"3\", \"4\"],\r\n \"defaultValue\": \"0\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"P1D\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\"PT1M\", \"PT5M\", \"PT15M\", \"PT30M\", \"PT1H\"],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\"true\", \"false\"],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\"true\", \"false\"],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"0.9\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\"deployIfNotExists\", \"disabled\"],\r\n \"defaultValue\": \"disabled\"\r\n },\r\n \"MonitorDisable\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Tag name to disable monitoring resource. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/expressRoutePorts\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisable'), ']')]\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace\",\r\n \"equals\": \"Microsoft.Network/expressRoutePorts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName\",\r\n \"equals\": \"LineProtocol\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricalerts/scopes[*]\",\r\n \"equals\": \"[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/expressRoutePorts/', field('fullName'))]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceName\",\r\n \"description\": \"Name of the resource\"\r\n }\r\n },\r\n \"resourceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceId\",\r\n \"description\": \"Resource ID of the resource emitting the metric that will be used for the comparison\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"name\": \"[[concat(parameters('resourceName'), '-DirectERLineProtocolAlert')]\",\r\n \"location\": \"global\",\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"description\": \"Metric Alert for ER Direct Connection LineProtocolPerSecond\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\"[[parameters('resourceId')]\"],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"name\": \"LineProtocol\",\r\n \"metricNamespace\": \"Microsoft.Network/expressRoutePorts\",\r\n \"metricName\": \"LineProtocol\",\r\n \"operator\": \"LessThan\",\r\n \"threshold\": \"[[parameters('threshold')]\",\r\n \"timeAggregation\": \"Average\",\r\n \"criterionType\": \"StaticThresholdCriterion\"\r\n }\r\n ],\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\"\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"parameters\": {\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"value\": \"[[field('name')]\"\r\n },\r\n \"resourceId\": {\r\n \"value\": \"[[field('id')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", "$fxv#79": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_ERP_ExpressRoutRxLightLevell_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy ER Direct ExpressRoute RxLightLevel High Alert\",\r\n \"description\": \"Policy to audit/deploy ER Direct RxLightLevel High Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.0.1\",\r\n \"Category\": \"Networking\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\"0\", \"1\", \"2\", \"3\", \"4\"],\r\n \"defaultValue\": \"1\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"P1D\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\"PT1M\", \"PT5M\", \"PT15M\", \"PT30M\", \"PT1H\"],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\"true\", \"false\"],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\"true\", \"false\"],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\"deployIfNotExists\", \"disabled\"],\r\n \"defaultValue\": \"disabled\"\r\n },\r\n \"MonitorDisable\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Tag name to disable monitoring resource. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/expressRoutePorts\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisable'), ']')]\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace\",\r\n \"equals\": \"Microsoft.Network/expressRoutePorts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName\",\r\n \"equals\": \"RxLightLevel\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator\",\r\n \"equals\": \"GreaterThan\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricalerts/scopes[*]\",\r\n \"equals\": \"[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/expressRoutePorts/', field('fullName'))]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceName\",\r\n \"description\": \"Name of the resource\"\r\n }\r\n },\r\n \"resourceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceId\",\r\n \"description\": \"Resource ID of the resource emitting the metric that will be used for the comparison\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"name\": \"[[concat(parameters('resourceName'), '-DirectERRxLightLevelHighAlert')]\",\r\n \"location\": \"global\",\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"description\": \"Metric Alert for ER Direct Connection RxLightLevelHigh\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\"[[parameters('resourceId')]\"],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"name\": \"RxLightLevel\",\r\n \"metricNamespace\": \"Microsoft.Network/expressRoutePorts\",\r\n \"metricName\": \"RxLightLevel\",\r\n \"operator\": \"GreaterThan\",\r\n \"threshold\": \"[[parameters('threshold')]\",\r\n \"timeAggregation\": \"Average\",\r\n \"criterionType\": \"StaticThresholdCriterion\"\r\n }\r\n ],\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\"\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"parameters\": {\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"value\": \"[[field('name')]\"\r\n },\r\n \"resourceId\": {\r\n \"value\": \"[[field('id')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", - "$fxv#8": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_activitylog_ServiceHealth_HealthAdvisory\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy Service Health Advisory Alert\",\r\n \"description\": \"Policy to Deploy Service Health Advisory Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.1.1\",\r\n \"category\": \"Monitoring\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name\",\r\n \"description\": \"Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"rg-amba-monitoring-001\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"Object\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Tags\",\r\n \"description\": \"Tags on the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": {\r\n \"_deployed_by_amba\": true\r\n }\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Location\",\r\n \"description\": \"Location of the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"centralus\"\r\n },\r\n \"ALZMonitorActionGroupEmail\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Action Group Email\",\r\n \"description\": \"Email address to send alerts to\"\r\n },\r\n \"defaultValue\": \"action@mail.com\"\r\n },\r\n \"MonitorDisable\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Tag name to disable monitoring Subscription level alerts. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisable'), ']')]\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/activityLogAlerts\",\r\n \"existenceScope\": \"resourcegroup\",\r\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\r\n \"deploymentScope\": \"subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n },\r\n {\r\n \"count\": {\r\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*]\",\r\n \"where\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field\",\r\n \"equals\": \"category\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals\",\r\n \"equals\": \"ServiceHealth\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field\",\r\n \"equals\": \"properties.incidentType\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals\",\r\n \"equals\": \"ActionRequired\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n },\r\n \"equals\": 2\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"location\": \"northeurope\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"object\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"ALZMonitorActionGroupEmail\": {\r\n \"type\": \"string\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"varALZMonitorActionGroupEmail\": \"[[array(split(parameters('ALZMonitorActionGroupEmail'),','))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"apiVersion\": \"2021-04-01\",\r\n \"name\": \"[[parameters('alertResourceGroupName')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n {\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"apiVersion\": \"2019-10-01\",\r\n \"name\": \"ALZ-SvcHealth-Health\",\r\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\r\n \"dependsOn\": [\r\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\r\n ],\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ALZMonitorActionGroupEmail\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"microsoft.insights/activityLogAlerts\",\r\n \"apiVersion\": \"2020-10-01\",\r\n \"location\": \"Global\",\r\n \"dependsOn\": [\r\n \"[[concat(subscription().Id, '/resourceGroups/', parameters('alertResourceGroupName'), '/providers/Microsoft.Insights/actionGroups/AmbaActionGr')]\"\r\n ],\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"name\": \"ServiceHealthAdvisoryEvent\",\r\n \"properties\": {\r\n \"actions\": {\r\n \"actionGroups\": [\r\n {\r\n \"actionGroupId\": \"[[concat(subscription().Id, '/resourceGroups/', parameters('alertResourceGroupName'), '/providers/Microsoft.Insights/actionGroups/AmbaActionGr')]\"\r\n }\r\n ]\r\n },\r\n \"description\": \"Service Health Advisory Alert\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[subscription().id]\"\r\n ],\r\n \"condition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"category\",\r\n \"equals\": \"ServiceHealth\"\r\n },\r\n {\r\n \"field\": \"properties.incidentType\",\r\n \"equals\": \"ActionRequired\"\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"type\": \"Microsoft.Insights/actionGroups\",\r\n \"apiVersion\": \"2022-06-01\",\r\n \"name\": \"AmbaActionGr\",\r\n \"location\": \"Global\",\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"groupShortName\": \"AmbaActionGr\",\r\n \"enabled\": true,\r\n \"copy\": [\r\n {\r\n \"name\": \"emailReceivers\",\r\n \"count\": \"[[length(variables('varALZMonitorActionGroupEmail'))]\",\r\n \"mode\": \"serial\",\r\n \"input\": {\r\n \"name\": \"[[concat('AlzMail-', indexOf(variables('varALZMonitorActionGroupEmail'), variables('varALZMonitorActionGroupEmail')[copyIndex('emailReceivers')]))]\",\r\n \"emailAddress\": \"[[trim(variables('varALZMonitorActionGroupEmail')[copyIndex('emailReceivers')])]\",\r\n \"useCommonSchema\": true\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"ALZMonitorActionGroupEmail\": {\r\n \"value\": \"[[parameters('ALZMonitorActionGroupEmail')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"ALZMonitorActionGroupEmail\": {\r\n \"value\": \"[[parameters('ALZMonitorActionGroupEmail')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}", + "$fxv#8": "{\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"name\": \"Deploy_activitylog_ServiceHealth_HealthAdvisory\",\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"Deploy Service Health Advisory Alert\",\n \"description\": \"Policy to Deploy Service Health Advisory Alert\",\n \"metadata\": {\n \"version\": \"1.1.1\",\n \"category\": \"Monitoring\",\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\"\n ],\n \"_deployed_by_amba\": \"True\"\n },\n \"parameters\": {\n \"enabled\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Alert State\",\n \"description\": \"Alert state for the alert\"\n },\n \"allowedValues\": [\n \"true\",\n \"false\"\n ],\n \"defaultValue\": \"true\"\n },\n \"alertResourceGroupName\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Resource Group Name\",\n \"description\": \"Resource group the alert is placed in\"\n },\n \"defaultValue\": \"rg-amba-monitoring-001\"\n },\n \"alertResourceGroupTags\": {\n \"type\": \"Object\",\n \"metadata\": {\n \"displayName\": \"Resource Group Tags\",\n \"description\": \"Tags on the Resource group the alert is placed in\"\n },\n \"defaultValue\": {\n \"_deployed_by_amba\": true\n }\n },\n \"alertResourceGroupLocation\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Resource Group Location\",\n \"description\": \"Location of the Resource group the alert is placed in\"\n },\n \"defaultValue\": \"centralus\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Action Group Email\",\n \"description\": \"Email address to send alerts to\"\n },\n \"defaultValue\": \"action@mail.com\"\n },\n \"effect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Effect of the policy\"\n },\n \"allowedValues\": [\n \"deployIfNotExists\",\n \"disabled\"\n ],\n \"defaultValue\": \"disabled\"\n },\n \"MonitorDisable\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Tag name to disable monitoring Subscription level alerts. Set to true if monitoring should be disabled\"\n },\n \"defaultValue\": \"MonitorDisable\"\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Resources/subscriptions\"\n },\n {\n \"field\": \"[[concat('tags[', parameters('MonitorDisable'), ']')]\",\n \"notEquals\": \"true\"\n }\n ]\n },\n \"then\": {\n \"effect\": \"deployIfNotExists\",\n \"details\": {\n \"roleDefinitionIds\": [\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\n ],\n \"type\": \"Microsoft.Insights/activityLogAlerts\",\n \"existenceScope\": \"resourcegroup\",\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\n \"deploymentScope\": \"subscription\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/enabled\",\n \"equals\": \"[[parameters('enabled')]\"\n },\n {\n \"count\": {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*]\",\n \"where\": {\n \"anyOf\": [\n {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field\",\n \"equals\": \"category\"\n },\n {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals\",\n \"equals\": \"ServiceHealth\"\n }\n ]\n },\n {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field\",\n \"equals\": \"properties.incidentType\"\n },\n {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals\",\n \"equals\": \"ActionRequired\"\n }\n ]\n }\n ]\n }\n },\n \"equals\": 2\n }\n ]\n },\n \"deployment\": {\n \"location\": \"northeurope\",\n \"properties\": {\n \"mode\": \"incremental\",\n \"template\": {\n \"$schema\": \"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"alertResourceGroupName\": {\n \"type\": \"string\"\n },\n \"alertResourceGroupTags\": {\n \"type\": \"object\"\n },\n \"alertResourceGroupLocation\": {\n \"type\": \"string\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"type\": \"string\"\n },\n \"enabled\": {\n \"type\": \"string\"\n }\n },\n \"variables\": {\n \"varALZMonitorActionGroupEmail\": \"[[array(split(parameters('ALZMonitorActionGroupEmail'),','))]\"\n },\n \"resources\": [\n {\n \"type\": \"Microsoft.Resources/resourceGroups\",\n \"apiVersion\": \"2021-04-01\",\n \"name\": \"[[parameters('alertResourceGroupName')]\",\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\n },\n {\n \"type\": \"Microsoft.Resources/deployments\",\n \"apiVersion\": \"2019-10-01\",\n \"name\": \"ALZ-SvcHealth-Health\",\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\n \"dependsOn\": [\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\n ],\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"enabled\": {\n \"type\": \"string\"\n },\n \"alertResourceGroupName\": {\n \"type\": \"string\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"type\": \"string\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"microsoft.insights/activityLogAlerts\",\n \"apiVersion\": \"2020-10-01\",\n \"location\": \"Global\",\n \"dependsOn\": [\n \"[[concat(subscription().Id, '/resourceGroups/', parameters('alertResourceGroupName'), '/providers/Microsoft.Insights/actionGroups/AmbaActionGr')]\"\n ],\n \"tags\": {\n \"_deployed_by_amba\": true\n },\n \"name\": \"ServiceHealthAdvisoryEvent\",\n \"properties\": {\n \"actions\": {\n \"actionGroups\": [\n {\n \"actionGroupId\": \"[[concat(subscription().Id, '/resourceGroups/', parameters('alertResourceGroupName'), '/providers/Microsoft.Insights/actionGroups/AmbaActionGr')]\"\n }\n ]\n },\n \"description\": \"Service Health Advisory Alert\",\n \"enabled\": \"[[parameters('enabled')]\",\n \"scopes\": [\n \"[[subscription().id]\"\n ],\n \"condition\": {\n \"allOf\": [\n {\n \"field\": \"category\",\n \"equals\": \"ServiceHealth\"\n },\n {\n \"field\": \"properties.incidentType\",\n \"equals\": \"ActionRequired\"\n }\n ]\n },\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('enabled')]\"\n }\n }\n }\n },\n {\n \"type\": \"Microsoft.Insights/actionGroups\",\n \"apiVersion\": \"2022-06-01\",\n \"name\": \"AmbaActionGr\",\n \"location\": \"Global\",\n \"tags\": {\n \"_deployed_by_amba\": true\n },\n \"properties\": {\n \"groupShortName\": \"AmbaActionGr\",\n \"enabled\": true,\n \"copy\": [\n {\n \"name\": \"emailReceivers\",\n \"count\": \"[[length(variables('varALZMonitorActionGroupEmail'))]\",\n \"mode\": \"serial\",\n \"input\": {\n \"name\": \"[[concat('AlzMail-', indexOf(variables('varALZMonitorActionGroupEmail'), variables('varALZMonitorActionGroupEmail')[copyIndex('emailReceivers')]))]\",\n \"emailAddress\": \"[[trim(variables('varALZMonitorActionGroupEmail')[copyIndex('emailReceivers')])]\",\n \"useCommonSchema\": true\n }\n }\n ]\n }\n }\n ]\n },\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('enabled')]\"\n },\n \"alertResourceGroupName\": {\n \"value\": \"[[parameters('alertResourceGroupName')]\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"value\": \"[[parameters('ALZMonitorActionGroupEmail')]\"\n }\n }\n }\n }\n ]\n },\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('enabled')]\"\n },\n \"alertResourceGroupName\": {\n \"value\": \"[[parameters('alertResourceGroupName')]\"\n },\n \"alertResourceGroupTags\": {\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\n },\n \"alertResourceGroupLocation\": {\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"value\": \"[[parameters('ALZMonitorActionGroupEmail')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n}\n", "$fxv#80": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_ERP_ExpressRoutRxLightLevellow_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy ER Direct ExpressRoute RxLightLevel Low Alert\",\r\n \"description\": \"Policy to audit/deploy ER Direct RxLightLevel Low Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.0.1\",\r\n \"Category\": \"Networking\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\"0\", \"1\", \"2\", \"3\", \"4\"],\r\n \"defaultValue\": \"1\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"P1D\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\"PT1M\", \"PT5M\", \"PT15M\", \"PT30M\", \"PT1H\"],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\"true\", \"false\"],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\"true\", \"false\"],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"-10\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\"deployIfNotExists\", \"disabled\"],\r\n \"defaultValue\": \"disabled\"\r\n },\r\n \"MonitorDisable\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Tag name to disable monitoring resource. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/expressRoutePorts\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisable'), ']')]\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace\",\r\n \"equals\": \"Microsoft.Network/expressRoutePorts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName\",\r\n \"equals\": \"RxLightLevel\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator\",\r\n \"equals\": \"LessThan\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricalerts/scopes[*]\",\r\n \"equals\": \"[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/expressRoutePorts/', field('fullName'))]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceName\",\r\n \"description\": \"Name of the resource\"\r\n }\r\n },\r\n \"resourceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceId\",\r\n \"description\": \"Resource ID of the resource emitting the metric that will be used for the comparison\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"name\": \"[[concat(parameters('resourceName'), '-DirectERRxLightLevelLowAlert')]\",\r\n \"location\": \"global\",\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"description\": \"Metric Alert for ER Direct Connection RxLightLevelLow\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\"[[parameters('resourceId')]\"],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"name\": \"RxLightLevel\",\r\n \"metricNamespace\": \"Microsoft.Network/expressRoutePorts\",\r\n \"metricName\": \"RxLightLevel\",\r\n \"operator\": \"LessThan\",\r\n \"threshold\": \"[[parameters('threshold')]\",\r\n \"timeAggregation\": \"Average\",\r\n \"criterionType\": \"StaticThresholdCriterion\"\r\n }\r\n ],\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\"\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"parameters\": {\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"value\": \"[[field('name')]\"\r\n },\r\n \"resourceId\": {\r\n \"value\": \"[[field('id')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", "$fxv#81": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_ERP_ExpressRoutTxLightLevell_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy ER Direct ExpressRoute TxLightLevel High Alert\",\r\n \"description\": \"Policy to audit/deploy ER Direct TxLightLevel High Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.0.1\",\r\n \"Category\": \"Networking\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\"0\", \"1\", \"2\", \"3\", \"4\"],\r\n \"defaultValue\": \"1\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"P1D\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\"PT1M\", \"PT5M\", \"PT15M\", \"PT30M\", \"PT1H\"],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\"true\", \"false\"],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\"true\", \"false\"],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\"deployIfNotExists\", \"disabled\"],\r\n \"defaultValue\": \"disabled\"\r\n },\r\n \"MonitorDisable\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Tag name to disable monitoring resource. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/expressRoutePorts\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisable'), ']')]\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace\",\r\n \"equals\": \"Microsoft.Network/expressRoutePorts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName\",\r\n \"equals\": \"TxLightLevel\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator\",\r\n \"equals\": \"GreaterThan\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricalerts/scopes[*]\",\r\n \"equals\": \"[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/expressRoutePorts/', field('fullName'))]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceName\",\r\n \"description\": \"Name of the resource\"\r\n }\r\n },\r\n \"resourceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceId\",\r\n \"description\": \"Resource ID of the resource emitting the metric that will be used for the comparison\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"name\": \"[[concat(parameters('resourceName'), '-DirectERTxLightLevelHighAlert')]\",\r\n \"location\": \"global\",\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"description\": \"Metric Alert for ER Direct Connection TxLightLevelHigh\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\"[[parameters('resourceId')]\"],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"name\": \"TxLightLevel\",\r\n \"metricNamespace\": \"Microsoft.Network/expressRoutePorts\",\r\n \"metricName\": \"TxLightLevel\",\r\n \"operator\": \"GreaterThan\",\r\n \"threshold\": \"[[parameters('threshold')]\",\r\n \"timeAggregation\": \"Average\",\r\n \"criterionType\": \"StaticThresholdCriterion\"\r\n }\r\n ],\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\"\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"parameters\": {\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"value\": \"[[field('name')]\"\r\n },\r\n \"resourceId\": {\r\n \"value\": \"[[field('id')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", "$fxv#82": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_ERP_ExpressRoutTxLightLevellow_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy ER Direct ExpressRoute TxLightLevel Low Alert\",\r\n \"description\": \"Policy to audit/deploy ER Direct TxLightLevel Low Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.0.1\",\r\n \"Category\": \"Networking\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\"0\", \"1\", \"2\", \"3\", \"4\"],\r\n \"defaultValue\": \"1\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"P1D\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\"PT1M\", \"PT5M\", \"PT15M\", \"PT30M\", \"PT1H\"],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\"true\", \"false\"],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\"true\", \"false\"],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"-10\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\"deployIfNotExists\", \"disabled\"],\r\n \"defaultValue\": \"disabled\"\r\n },\r\n \"MonitorDisable\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Tag name to disable monitoring resource. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/expressRoutePorts\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisable'), ']')]\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace\",\r\n \"equals\": \"Microsoft.Network/expressRoutePorts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName\",\r\n \"equals\": \"TxLightLevel\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator\",\r\n \"equals\": \"LessThan\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricalerts/scopes[*]\",\r\n \"equals\": \"[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/expressRoutePorts/', field('fullName'))]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceName\",\r\n \"description\": \"Name of the resource\"\r\n }\r\n },\r\n \"resourceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceId\",\r\n \"description\": \"Resource ID of the resource emitting the metric that will be used for the comparison\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"name\": \"[[concat(parameters('resourceName'), '-DirectERTxLightLevelLowAlert')]\",\r\n \"location\": \"global\",\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"description\": \"Metric Alert for ER Direct Connection TxLightLevelLow\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\"[[parameters('resourceId')]\"],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"name\": \"TxLightLevel\",\r\n \"metricNamespace\": \"Microsoft.Network/expressRoutePorts\",\r\n \"metricName\": \"TxLightLevel\",\r\n \"operator\": \"LessThan\",\r\n \"threshold\": \"[[parameters('threshold')]\",\r\n \"timeAggregation\": \"Average\",\r\n \"criterionType\": \"StaticThresholdCriterion\"\r\n }\r\n ],\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\"\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"parameters\": {\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"value\": \"[[field('name')]\"\r\n },\r\n \"resourceId\": {\r\n \"value\": \"[[field('id')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", @@ -9271,9 +9271,9 @@ "policyDefinitionGroups": null } }, - "$fxv#9": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_activitylog_ServiceHealth_Incident\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy Service Health Incident Alert\",\r\n \"description\": \"Policy to Deploy Service Health Incident Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.1.2\",\r\n \"category\": \"Monitoring\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name\",\r\n \"description\": \"Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"rg-amba-monitoring-001\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"Object\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Tags\",\r\n \"description\": \"Tags on the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": {\r\n \"_deployed_by_amba\": true\r\n }\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Location\",\r\n \"description\": \"Location of the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"centralus\"\r\n },\r\n \"ALZMonitorActionGroupEmail\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Action Group Email\",\r\n \"description\": \"Email address to send alerts to\"\r\n },\r\n \"defaultValue\": \"action@mail.com\"\r\n },\r\n \"MonitorDisable\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Tag name to disable monitoring Subscription level alerts. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Resources/subscriptions\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisable'), ']')]\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/activityLogAlerts\",\r\n \"existenceScope\": \"resourcegroup\",\r\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\r\n \"deploymentScope\": \"subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n },\r\n {\r\n \"count\": {\r\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*]\",\r\n \"where\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field\",\r\n \"equals\": \"category\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals\",\r\n \"equals\": \"ServiceHealth\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"microsoft.insights/activityLogAlerts/condition.allOf[*].field\",\r\n \"equals\": \"properties.incidentType\"\r\n },\r\n {\r\n \"field\": \"microsoft.insights/activityLogAlerts/condition.allOf[*].equals\",\r\n \"equals\": \"Incident\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n },\r\n \"equals\": 2\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"location\": \"northeurope\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"object\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"ALZMonitorActionGroupEmail\": {\r\n \"type\": \"string\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"varALZMonitorActionGroupEmail\": \"[[array(split(parameters('ALZMonitorActionGroupEmail'),','))]\"\r\n },\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"apiVersion\": \"2021-04-01\",\r\n \"name\": \"[[parameters('alertResourceGroupName')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n {\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"apiVersion\": \"2019-10-01\",\r\n \"name\": \"ServiceHealthIncident\",\r\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\r\n \"dependsOn\": [\r\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\r\n ],\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"ALZMonitorActionGroupEmail\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"microsoft.insights/activityLogAlerts\",\r\n \"apiVersion\": \"2020-10-01\",\r\n \"name\": \"ServiceHealthIncident\",\r\n \"location\": \"global\",\r\n \"dependsOn\": [\r\n \"[[concat(subscription().Id, '/resourceGroups/', parameters('alertResourceGroupName'), '/providers/Microsoft.Insights/actionGroups/AmbaActionGr')]\"\r\n ],\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"actions\": {\r\n \"actionGroups\": [\r\n {\r\n \"actionGroupId\": \"[[concat(subscription().Id, '/resourceGroups/', parameters('alertResourceGroupName'), '/providers/Microsoft.Insights/actionGroups/AmbaActionGr')]\"\r\n }\r\n ]\r\n },\r\n \"description\": \"ServiceHealthIncidentAlert\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[subscription().id]\"\r\n ],\r\n \"condition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"category\",\r\n \"equals\": \"ServiceHealth\"\r\n },\r\n {\r\n \"field\": \"properties.incidentType\",\r\n \"equals\": \"Incident\"\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n }\r\n }\r\n }\r\n },\r\n {\r\n \"type\": \"Microsoft.Insights/actionGroups\",\r\n \"apiVersion\": \"2022-06-01\",\r\n \"name\": \"AmbaActionGr\",\r\n \"location\": \"global\",\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"groupShortName\": \"AmbaActionGr\",\r\n \"enabled\": true,\r\n \"copy\": [\r\n {\r\n \"name\": \"emailReceivers\",\r\n \"count\": \"[[length(variables('varALZMonitorActionGroupEmail'))]\",\r\n \"mode\": \"serial\",\r\n \"input\": {\r\n \"name\": \"[[concat('AlzMail-', indexOf(variables('varALZMonitorActionGroupEmail'), variables('varALZMonitorActionGroupEmail')[copyIndex('emailReceivers')]))]\",\r\n \"emailAddress\": \"[[trim(variables('varALZMonitorActionGroupEmail')[copyIndex('emailReceivers')])]\",\r\n \"useCommonSchema\": true\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"ALZMonitorActionGroupEmail\": {\r\n \"value\": \"[[parameters('ALZMonitorActionGroupEmail')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n },\r\n \"ALZMonitorActionGroupEmail\": {\r\n \"value\": \"[[parameters('ALZMonitorActionGroupEmail')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}", + "$fxv#9": "{\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"name\": \"Deploy_activitylog_ServiceHealth_Incident\",\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"Deploy Service Health Incident Alert\",\n \"description\": \"Policy to Deploy Service Health Incident Alert\",\n \"metadata\": {\n \"version\": \"1.1.2\",\n \"category\": \"Monitoring\",\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\"\n ],\n \"_deployed_by_amba\": \"True\"\n },\n \"parameters\": {\n \"enabled\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Alert State\",\n \"description\": \"Alert state for the alert\"\n },\n \"allowedValues\": [\n \"true\",\n \"false\"\n ],\n \"defaultValue\": \"true\"\n },\n \"alertResourceGroupName\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Resource Group Name\",\n \"description\": \"Resource group the alert is placed in\"\n },\n \"defaultValue\": \"rg-amba-monitoring-001\"\n },\n \"alertResourceGroupTags\": {\n \"type\": \"Object\",\n \"metadata\": {\n \"displayName\": \"Resource Group Tags\",\n \"description\": \"Tags on the Resource group the alert is placed in\"\n },\n \"defaultValue\": {\n \"_deployed_by_amba\": true\n }\n },\n \"alertResourceGroupLocation\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Resource Group Location\",\n \"description\": \"Location of the Resource group the alert is placed in\"\n },\n \"defaultValue\": \"centralus\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Action Group Email\",\n \"description\": \"Email address to send alerts to\"\n },\n \"defaultValue\": \"action@mail.com\"\n },\n \"effect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Effect of the policy\"\n },\n \"allowedValues\": [\n \"deployIfNotExists\",\n \"disabled\"\n ],\n \"defaultValue\": \"disabled\"\n },\n \"MonitorDisable\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Tag name to disable monitoring Subscription level alerts. Set to true if monitoring should be disabled\"\n },\n \"defaultValue\": \"MonitorDisable\"\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Resources/subscriptions\"\n },\n {\n \"field\": \"[[concat('tags[', parameters('MonitorDisable'), ']')]\",\n \"notEquals\": \"true\"\n }\n ]\n },\n \"then\": {\n \"effect\": \"deployIfNotExists\",\n \"details\": {\n \"roleDefinitionIds\": [\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\n ],\n \"type\": \"Microsoft.Insights/activityLogAlerts\",\n \"existenceScope\": \"resourcegroup\",\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\n \"deploymentScope\": \"subscription\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/enabled\",\n \"equals\": \"[[parameters('enabled')]\"\n },\n {\n \"count\": {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*]\",\n \"where\": {\n \"anyOf\": [\n {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field\",\n \"equals\": \"category\"\n },\n {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals\",\n \"equals\": \"ServiceHealth\"\n }\n ]\n },\n {\n \"allOf\": [\n {\n \"field\": \"microsoft.insights/activityLogAlerts/condition.allOf[*].field\",\n \"equals\": \"properties.incidentType\"\n },\n {\n \"field\": \"microsoft.insights/activityLogAlerts/condition.allOf[*].equals\",\n \"equals\": \"Incident\"\n }\n ]\n }\n ]\n }\n },\n \"equals\": 2\n }\n ]\n },\n \"deployment\": {\n \"location\": \"northeurope\",\n \"properties\": {\n \"mode\": \"incremental\",\n \"template\": {\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"alertResourceGroupName\": {\n \"type\": \"string\"\n },\n \"alertResourceGroupTags\": {\n \"type\": \"object\"\n },\n \"alertResourceGroupLocation\": {\n \"type\": \"string\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"type\": \"string\"\n },\n \"enabled\": {\n \"type\": \"string\"\n }\n },\n \"variables\": {\n \"varALZMonitorActionGroupEmail\": \"[[array(split(parameters('ALZMonitorActionGroupEmail'),','))]\"\n },\n \"resources\": [\n {\n \"type\": \"Microsoft.Resources/resourceGroups\",\n \"apiVersion\": \"2021-04-01\",\n \"name\": \"[[parameters('alertResourceGroupName')]\",\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\n },\n {\n \"type\": \"Microsoft.Resources/deployments\",\n \"apiVersion\": \"2019-10-01\",\n \"name\": \"ServiceHealthIncident\",\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\n \"dependsOn\": [\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\n ],\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"enabled\": {\n \"type\": \"string\"\n },\n \"alertResourceGroupName\": {\n \"type\": \"string\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"type\": \"string\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"microsoft.insights/activityLogAlerts\",\n \"apiVersion\": \"2020-10-01\",\n \"name\": \"ServiceHealthIncident\",\n \"location\": \"global\",\n \"dependsOn\": [\n \"[[concat(subscription().Id, '/resourceGroups/', parameters('alertResourceGroupName'), '/providers/Microsoft.Insights/actionGroups/AmbaActionGr')]\"\n ],\n \"tags\": {\n \"_deployed_by_amba\": true\n },\n \"properties\": {\n \"actions\": {\n \"actionGroups\": [\n {\n \"actionGroupId\": \"[[concat(subscription().Id, '/resourceGroups/', parameters('alertResourceGroupName'), '/providers/Microsoft.Insights/actionGroups/AmbaActionGr')]\"\n }\n ]\n },\n \"description\": \"ServiceHealthIncidentAlert\",\n \"enabled\": \"[[parameters('enabled')]\",\n \"scopes\": [\n \"[[subscription().id]\"\n ],\n \"condition\": {\n \"allOf\": [\n {\n \"field\": \"category\",\n \"equals\": \"ServiceHealth\"\n },\n {\n \"field\": \"properties.incidentType\",\n \"equals\": \"Incident\"\n }\n ]\n },\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('enabled')]\"\n }\n }\n }\n },\n {\n \"type\": \"Microsoft.Insights/actionGroups\",\n \"apiVersion\": \"2022-06-01\",\n \"name\": \"AmbaActionGr\",\n \"location\": \"global\",\n \"tags\": {\n \"_deployed_by_amba\": true\n },\n \"properties\": {\n \"groupShortName\": \"AmbaActionGr\",\n \"enabled\": true,\n \"copy\": [\n {\n \"name\": \"emailReceivers\",\n \"count\": \"[[length(variables('varALZMonitorActionGroupEmail'))]\",\n \"mode\": \"serial\",\n \"input\": {\n \"name\": \"[[concat('AlzMail-', indexOf(variables('varALZMonitorActionGroupEmail'), variables('varALZMonitorActionGroupEmail')[copyIndex('emailReceivers')]))]\",\n \"emailAddress\": \"[[trim(variables('varALZMonitorActionGroupEmail')[copyIndex('emailReceivers')])]\",\n \"useCommonSchema\": true\n }\n }\n ]\n }\n }\n ]\n },\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('enabled')]\"\n },\n \"alertResourceGroupName\": {\n \"value\": \"[[parameters('alertResourceGroupName')]\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"value\": \"[[parameters('ALZMonitorActionGroupEmail')]\"\n }\n }\n }\n }\n ]\n },\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('enabled')]\"\n },\n \"alertResourceGroupName\": {\n \"value\": \"[[parameters('alertResourceGroupName')]\"\n },\n \"alertResourceGroupTags\": {\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\n },\n \"alertResourceGroupLocation\": {\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"value\": \"[[parameters('ALZMonitorActionGroupEmail')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n}\n", "$fxv#90": "{\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Alerting-Management\",\r\n \"properties\": {\r\n \"displayName\": \"Deploy Azure Monitor Baseline Alerts for Management\",\r\n \"description\": \"Initiative to deploy AMBA alerts relevant to the ALZ Management management group\",\r\n \"metadata\": {\r\n \"version\": \"1.0.2\",\r\n \"category\": \"Monitoring\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": true\r\n },\r\n \"parameters\": {\r\n \"ALZMonitorResourceGroupName\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"ALZ-Monitoring-RG\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring Resource Group Name\",\r\n \"description\": \"Name of the resource group to deploy the ALZ monitoring resources to\"\r\n }\r\n },\r\n \"ALZMonitorResourceGroupTags\": {\r\n \"type\": \"Object\",\r\n \"defaultValue\": {\r\n \"_deployed_by_alz_monitor\": true\r\n },\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring Resource Group Tags\",\r\n \"description\": \"Tags to apply to the resource group\"\r\n }\r\n },\r\n \"ALZMonitorResourceGroupLocation\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"centralus\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring Resource Group Location\",\r\n \"description\": \"Location of the resource group\"\r\n }\r\n },\r\n \"AATotalJobAlertSeverity\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"2\",\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"AA Total Job Alert Severity\",\r\n \"description\": \"Severity of the alert\"\r\n }\r\n },\r\n \"AATotalJobAlertWindowSize\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT5M\",\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"P1D\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"AA Total Job Alert Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n }\r\n },\r\n \"AATotalJobAlertEvaluationFrequency\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT1M\",\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"AA Total Job Alert Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n }\r\n },\r\n \"AATotalJobAlertPolicyEffect\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"deployIfNotExists\",\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"AA Total Job Alert Policy Effect\",\r\n \"description\": \"Policy effect for the alert\"\r\n }\r\n },\r\n \"AATotalJobAlertAlertState\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"displayName\": \"AA Total Job Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n }\r\n },\r\n \"AATotalJobAlertThreshold\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"20\",\r\n \"metadata\": {\r\n \"displayName\": \"AA Total Job Alert Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n }\r\n },\r\n \"RVBackupHealthMonitorPolicyEffect\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"modify\",\r\n \"allowedValues\": [\r\n \"modify\",\r\n \"audit\",\r\n \"disabled\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"RV Backup Health Monitor Policy Effect\",\r\n \"description\": \"Policy effect for the alert, modify will create the alert if it does not exist and enable it on your Recovery Vaults, audit will only audit if alerting is enabled on Recovery Vaults, disabled will not create the alert on Recovery Vaults\"\r\n }\r\n },\r\n \"StorageAccountAvailabilityAlertSeverity\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"1\",\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Storage Account Availability Alert Severity\",\r\n \"description\": \"Severity of the alert\"\r\n }\r\n },\r\n \"StorageAccountAvailabilityWindowSize\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT5M\",\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"P1D\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Storage Account Availability Alert Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n }\r\n },\r\n \"StorageAccountAvailabilityFrequency\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT5M\",\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Storage Account Availability Alert Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n }\r\n },\r\n \"StorageAccountAvailabilityPolicyEffect\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"deployIfNotExists\",\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Storage Account Availability Alert Policy Effect\",\r\n \"description\": \"Policy effect for the alert, deployIfNotExists will create the alert if it does not exist, disabled will not create the alert\"\r\n }\r\n },\r\n \"StorageAccountAvailabilityAlertState\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"displayName\": \"Storage Account Availability Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n }\r\n },\r\n \"StorageAccountAvailabilityThreshold\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"90\",\r\n \"metadata\": {\r\n \"displayName\": \"Storage Account Availability Alert Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n }\r\n },\r\n \"activityLAWDeleteAlertState\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"displayName\": \"Activity Log Alert Delete Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n }\r\n },\r\n \"activityLAWKeyRegenAlertState\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"displayName\": \"Activity Log Alert Key Regen Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"ALZ_activityLAWDelete\",\r\n \"policyDefinitionId\": \"[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_LAWorkspace_Delete')]\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('activityLAWDeleteAlertState')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('ALZMonitorResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('ALZMonitorResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('ALZMonitorResourceGroupLocation')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ALZ_activityLAWKeyRegen\",\r\n \"policyDefinitionId\": \"[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_LAWorkspace_KeyRegen')]\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('activityLAWKeyRegenAlertState')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('ALZMonitorResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('ALZMonitorResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('ALZMonitorResourceGroupLocation')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ALZ_AATotalJob\",\r\n \"policyDefinitionId\": \"[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_AA_TotalJob_Alert')]\",\r\n \"parameters\": {\r\n \"severity\": {\r\n \"value\": \"[[parameters('AATotalJobAlertSeverity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('AATotalJobAlertWindowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('AATotalJobAlertEvaluationFrequency')]\"\r\n },\r\n \"effect\": {\r\n \"value\": \"[[parameters('AATotalJobAlertPolicyEffect')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('AATotalJobAlertAlertState')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('AATotalJobAlertThreshold')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ALZ_RVBackupHealth\",\r\n \"policyDefinitionId\": \"[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_RecoveryVault_BackupHealthMonitor_Alert')]\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[[parameters('RVBackupHealthMonitorPolicyEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ALZ_StorageAccountAvailability\",\r\n \"policyDefinitionId\": \"[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_StorageAccount_Availability_Alert')]\",\r\n \"parameters\": {\r\n \"severity\": {\r\n \"value\": \"[[parameters('StorageAccountAvailabilityAlertSeverity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('StorageAccountAvailabilityWindowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('StorageAccountAvailabilityFrequency')]\"\r\n },\r\n \"effect\": {\r\n \"value\": \"[[parameters('StorageAccountAvailabilityPolicyEffect')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('StorageAccountAvailabilityAlertState')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('StorageAccountAvailabilityThreshold')]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"policyType\": \"Custom\",\r\n \"policyDefinitionGroups\": null\r\n }\r\n}\r\n", - "$fxv#91": "{\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Alerting-ServiceHealth\",\r\n \"properties\": {\r\n \"displayName\": \"Deploy Azure Monitor Baseline Alerts for Service Health\",\r\n \"description\": \"Initiative to deploy AMBA Service Health alerts to Azure services\",\r\n \"metadata\": {\r\n \"version\": \"1.1.0\",\r\n \"category\": \"Monitoring\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": true\r\n },\r\n \"parameters\": {\r\n \"ALZMonitorResourceGroupName\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"ALZ-Monitoring-RG\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name\",\r\n \"description\": \"Name of the resource group to deploy the alerts to\"\r\n }\r\n },\r\n \"ALZMonitorResourceGroupTags\": {\r\n \"type\": \"Object\",\r\n \"defaultValue\": {\r\n \"_deployed_by_alz_monitor\": true\r\n },\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Tags\",\r\n \"description\": \"Tags to apply to the resource group\"\r\n }\r\n },\r\n \"ALZMonitorResourceGroupLocation\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"centralus\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Location\",\r\n \"description\": \"Location of the resource group\"\r\n }\r\n },\r\n \"ResHlthUnhealthyAlertState\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Health Unhealthy Alert State\",\r\n \"description\": \"State of the Resource Health Unhealthy alert\"\r\n }\r\n },\r\n \"SvcHlthAdvisoryAlertState\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"displayName\": \"Service Health Advisory Alert State\",\r\n \"description\": \"State of the Service Health Advisory alert\"\r\n }\r\n },\r\n \"SvcHlthIncidentAlertState\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"displayName\": \"Service Health Incident Alert State\",\r\n \"description\": \"State of the Service Health Incident alert\"\r\n }\r\n },\r\n \"SvcHlthMaintenanceAlertState\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"displayName\": \"Service Health Maintenance Alert State\",\r\n \"description\": \"State of the Service Health Maintenance alert\"\r\n }\r\n },\r\n \"svcHlthSecAdvisoryAlertState\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"displayName\": \"Service Health Security Advisory Alert State\",\r\n \"description\": \"State of the Service Health Security Advisory alert\"\r\n }\r\n },\r\n \"ALZMonitorActionGroupEmail\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"action@mail.com\",\r\n \"metadata\": {\r\n \"displayName\": \"Action Group Email\",\r\n \"description\": \"Email address to send alerts to\"\r\n }\r\n },\r\n \"MonitorDisable\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"MonitorDisable\",\r\n \"metadata\": {\r\n \"displayName\": \"Monitor Disable\",\r\n \"description\": \"Disable the Monitor\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"ALZ_ResHlthUnhealthy\",\r\n \"policyDefinitionId\": \"[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_ResourceHealth_Unhealthy_Alert')]\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('ResHlthUnhealthyAlertState')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('ALZMonitorResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('ALZMonitorResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('ALZMonitorResourceGroupLocation')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ALZ_SvcHlthAdvisory\",\r\n \"policyDefinitionId\": \"[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_ServiceHealth_HealthAdvisory')]\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('SvcHlthAdvisoryAlertState')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('ALZMonitorResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('ALZMonitorResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('ALZMonitorResourceGroupLocation')]\"\r\n },\r\n \"ALZMonitorActionGroupEmail\": {\r\n \"value\": \"[[parameters('ALZMonitorActionGroupEmail')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ALZ_SvcHlthIncident\",\r\n \"policyDefinitionId\": \"[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_ServiceHealth_Incident')]\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('SvcHlthIncidentAlertState')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('ALZMonitorResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('ALZMonitorResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('ALZMonitorResourceGroupLocation')]\"\r\n },\r\n \"ALZMonitorActionGroupEmail\": {\r\n \"value\": \"[[parameters('ALZMonitorActionGroupEmail')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ALZ_SvcHlthMaintenance\",\r\n \"policyDefinitionId\": \"[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_ServiceHealth_Maintenance')]\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('SvcHlthMaintenanceAlertState')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('ALZMonitorResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('ALZMonitorResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('ALZMonitorResourceGroupLocation')]\"\r\n },\r\n \"ALZMonitorActionGroupEmail\": {\r\n \"value\": \"[[parameters('ALZMonitorActionGroupEmail')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ALZ_svcHlthSecAdvisory\",\r\n \"policyDefinitionId\": \"[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_ServiceHealth_SecurityAdvisory')]\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('svcHlthSecAdvisoryAlertState')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('ALZMonitorResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('ALZMonitorResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('ALZMonitorResourceGroupLocation')]\"\r\n },\r\n \"ALZMonitorActionGroupEmail\": {\r\n \"value\": \"[[parameters('ALZMonitorActionGroupEmail')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ALZ_AlertProcessing_Rule\",\r\n \"policyDefinitionId\": \"[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_AlertProcessing_Rule')]\",\r\n \"parameters\": {\r\n \"ALZMonitorResourceGroupName\": {\r\n \"value\": \"[[parameters('ALZMonitorResourceGroupName')]\"\r\n },\r\n \"ALZMonitorResourceGroupTags\": {\r\n \"value\": \"[[parameters('ALZMonitorResourceGroupTags')]\"\r\n },\r\n \"ALZMonitorResourceGroupLocation\": {\r\n \"value\": \"[[parameters('ALZMonitorResourceGroupLocation')]\"\r\n },\r\n \"ALZMonitorActionGroupEmail\": {\r\n \"value\": \"[[parameters('ALZMonitorActionGroupEmail')]\"\r\n },\r\n \"MonitorDisable\": {\r\n \"value\": \"[[parameters('MonitorDisable')]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"policyType\": \"Custom\",\r\n \"policyDefinitionGroups\": null\r\n }\r\n}\r\n", + "$fxv#91": "{\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"name\": \"Alerting-ServiceHealth\",\n \"properties\": {\n \"displayName\": \"Deploy Azure Monitor Baseline Alerts for Service Health\",\n \"description\": \"Initiative to deploy AMBA Service Health alerts to Azure services\",\n \"metadata\": {\n \"version\": \"1.1.0\",\n \"category\": \"Monitoring\",\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\"\n ],\n \"_deployed_by_amba\": true\n },\n \"parameters\": {\n \"ALZMonitorResourceGroupName\": {\n \"type\": \"String\",\n \"defaultValue\": \"ALZ-Monitoring-RG\",\n \"metadata\": {\n \"displayName\": \"Resource Group Name\",\n \"description\": \"Name of the resource group to deploy the alerts to\"\n }\n },\n \"ALZMonitorResourceGroupTags\": {\n \"type\": \"Object\",\n \"defaultValue\": {\n \"_deployed_by_alz_monitor\": true\n },\n \"metadata\": {\n \"displayName\": \"Resource Group Tags\",\n \"description\": \"Tags to apply to the resource group\"\n }\n },\n \"ALZMonitorResourceGroupLocation\": {\n \"type\": \"String\",\n \"defaultValue\": \"centralus\",\n \"metadata\": {\n \"displayName\": \"Resource Group Location\",\n \"description\": \"Location of the resource group\"\n }\n },\n \"ResHlthUnhealthyAlertState\": {\n \"type\": \"string\",\n \"defaultValue\": \"true\",\n \"metadata\": {\n \"displayName\": \"Resource Health Unhealthy Alert State\",\n \"description\": \"State of the Resource Health Unhealthy alert\"\n }\n },\n \"SvcHlthAdvisoryAlertState\": {\n \"type\": \"string\",\n \"defaultValue\": \"true\",\n \"metadata\": {\n \"displayName\": \"Service Health Advisory Alert State\",\n \"description\": \"State of the Service Health Advisory alert\"\n }\n },\n \"serviceHealthAdvisoryPolicyEffect\": {\n \"type\": \"string\",\n \"defaultValue\": \"deployIfNotExists\",\n \"allowedValues\": [\n \"deployIfNotExists\",\n \"disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Service Health Advisory Alert Policy Effect\",\n \"description\": \"Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist\"\n }\n },\n \"SvcHlthIncidentAlertState\": {\n \"type\": \"string\",\n \"defaultValue\": \"true\",\n \"metadata\": {\n \"displayName\": \"Service Health Incident Alert State\",\n \"description\": \"State of the Service Health Incident alert\"\n }\n },\n \"serviceHealthIncidentPolicyEffect\": {\n \"type\": \"string\",\n \"defaultValue\": \"deployIfNotExists\",\n \"allowedValues\": [\n \"deployIfNotExists\",\n \"disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Service Health Incident Alert Policy Effect\",\n \"description\": \"Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist\"\n }\n },\n \"SvcHlthMaintenanceAlertState\": {\n \"type\": \"string\",\n \"defaultValue\": \"true\",\n \"metadata\": {\n \"displayName\": \"Service Health Maintenance Alert State\",\n \"description\": \"State of the Service Health Maintenance alert\"\n }\n },\n \"serviceHealthMaintenancePolicyEffect\": {\n \"type\": \"string\",\n \"defaultValue\": \"deployIfNotExists\",\n \"allowedValues\": [\n \"deployIfNotExists\",\n \"disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"VService Health Maintenance Alert Policy Effect\",\n \"description\": \"Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist\"\n }\n },\n \"svcHlthSecAdvisoryAlertState\": {\n \"type\": \"string\",\n \"defaultValue\": \"true\",\n \"metadata\": {\n \"displayName\": \"Service Health Security Advisory Alert State\",\n \"description\": \"State of the Service Health Security Advisory alert\"\n }\n },\n \"serviceHealthSecurityPolicyEffect\": {\n \"type\": \"string\",\n \"defaultValue\": \"deployIfNotExists\",\n \"allowedValues\": [\n \"deployIfNotExists\",\n \"disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Service Health Security Advisory Alert Policy Effect\",\n \"description\": \"Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist\"\n }\n },\n \"ALZMonitorActionGroupEmail\": {\n \"type\": \"string\",\n \"defaultValue\": \"action@mail.com\",\n \"metadata\": {\n \"displayName\": \"Action Group Email\",\n \"description\": \"Email address to send alerts to\"\n }\n },\n \"MonitorDisable\": {\n \"type\": \"string\",\n \"defaultValue\": \"MonitorDisable\",\n \"metadata\": {\n \"displayName\": \"Monitor Disable\",\n \"description\": \"Disable the Monitor\"\n }\n }\n },\n \"policyDefinitions\": [\n {\n \"policyDefinitionReferenceId\": \"ALZ_ResHlthUnhealthy\",\n \"policyDefinitionId\": \"[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_ResourceHealth_Unhealthy_Alert')]\",\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('ResHlthUnhealthyAlertState')]\"\n },\n \"alertResourceGroupName\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupName')]\"\n },\n \"alertResourceGroupTags\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupTags')]\"\n },\n \"alertResourceGroupLocation\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupLocation')]\"\n }\n }\n },\n {\n \"policyDefinitionReferenceId\": \"ALZ_SvcHlthAdvisory\",\n \"policyDefinitionId\": \"[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_ServiceHealth_HealthAdvisory')]\",\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('SvcHlthAdvisoryAlertState')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('serviceHealthAdvisoryPolicyEffect')]\"\n },\n \"alertResourceGroupName\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupName')]\"\n },\n \"alertResourceGroupTags\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupTags')]\"\n },\n \"alertResourceGroupLocation\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupLocation')]\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"value\": \"[[parameters('ALZMonitorActionGroupEmail')]\"\n }\n }\n },\n {\n \"policyDefinitionReferenceId\": \"ALZ_SvcHlthIncident\",\n \"policyDefinitionId\": \"[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_ServiceHealth_Incident')]\",\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('SvcHlthIncidentAlertState')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('serviceHealthIncidentPolicyEffect')]\"\n },\n \"alertResourceGroupName\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupName')]\"\n },\n \"alertResourceGroupTags\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupTags')]\"\n },\n \"alertResourceGroupLocation\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupLocation')]\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"value\": \"[[parameters('ALZMonitorActionGroupEmail')]\"\n }\n }\n },\n {\n \"policyDefinitionReferenceId\": \"ALZ_SvcHlthMaintenance\",\n \"policyDefinitionId\": \"[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_ServiceHealth_Maintenance')]\",\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('SvcHlthMaintenanceAlertState')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('serviceHealthMaintenancePolicyEffect')]\"\n },\n \"alertResourceGroupName\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupName')]\"\n },\n \"alertResourceGroupTags\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupTags')]\"\n },\n \"alertResourceGroupLocation\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupLocation')]\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"value\": \"[[parameters('ALZMonitorActionGroupEmail')]\"\n }\n }\n },\n {\n \"policyDefinitionReferenceId\": \"ALZ_svcHlthSecAdvisory\",\n \"policyDefinitionId\": \"[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_ServiceHealth_SecurityAdvisory')]\",\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('svcHlthSecAdvisoryAlertState')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('serviceHealthSecurityPolicyEffect')]\"\n },\n \"alertResourceGroupName\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupName')]\"\n },\n \"alertResourceGroupTags\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupTags')]\"\n },\n \"alertResourceGroupLocation\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupLocation')]\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"value\": \"[[parameters('ALZMonitorActionGroupEmail')]\"\n }\n }\n },\n {\n \"policyDefinitionReferenceId\": \"ALZ_AlertProcessing_Rule\",\n \"policyDefinitionId\": \"[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_AlertProcessing_Rule')]\",\n \"parameters\": {\n \"ALZMonitorResourceGroupName\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupName')]\"\n },\n \"ALZMonitorResourceGroupTags\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupTags')]\"\n },\n \"ALZMonitorResourceGroupLocation\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupLocation')]\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"value\": \"[[parameters('ALZMonitorActionGroupEmail')]\"\n },\n \"MonitorDisable\": {\n \"value\": \"[[parameters('MonitorDisable')]\"\n }\n }\n }\n ],\n \"policyType\": \"Custom\",\n \"policyDefinitionGroups\": null\n }\n}\n", "cloudEnv": "[environment().name]", "defaultDeploymentLocationByCloudType": { "AzureCloud": "northeurope", diff --git a/patterns/alz/policySetDefinitions/Deploy-ServiceHealth-Alerts.json b/patterns/alz/policySetDefinitions/Deploy-ServiceHealth-Alerts.json index ac8c5b6d2..a01ff5f9f 100644 --- a/patterns/alz/policySetDefinitions/Deploy-ServiceHealth-Alerts.json +++ b/patterns/alz/policySetDefinitions/Deploy-ServiceHealth-Alerts.json @@ -57,6 +57,18 @@ "description": "State of the Service Health Advisory alert" } }, + "serviceHealthAdvisoryPolicyEffect": { + "type": "string", + "defaultValue": "deployIfNotExists", + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "metadata": { + "displayName": "Service Health Advisory Alert Policy Effect", + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" + } + }, "SvcHlthIncidentAlertState": { "type": "string", "defaultValue": "true", @@ -65,6 +77,18 @@ "description": "State of the Service Health Incident alert" } }, + "serviceHealthIncidentPolicyEffect": { + "type": "string", + "defaultValue": "deployIfNotExists", + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "metadata": { + "displayName": "Service Health Incident Alert Policy Effect", + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" + } + }, "SvcHlthMaintenanceAlertState": { "type": "string", "defaultValue": "true", @@ -73,6 +97,18 @@ "description": "State of the Service Health Maintenance alert" } }, + "serviceHealthMaintenancePolicyEffect": { + "type": "string", + "defaultValue": "deployIfNotExists", + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "metadata": { + "displayName": "VService Health Maintenance Alert Policy Effect", + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" + } + }, "svcHlthSecAdvisoryAlertState": { "type": "string", "defaultValue": "true", @@ -81,6 +117,18 @@ "description": "State of the Service Health Security Advisory alert" } }, + "serviceHealthSecurityPolicyEffect": { + "type": "string", + "defaultValue": "deployIfNotExists", + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "metadata": { + "displayName": "Service Health Security Advisory Alert Policy Effect", + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" + } + }, "ALZMonitorActionGroupEmail": { "type": "string", "defaultValue": "action@mail.com", @@ -124,6 +172,9 @@ "enabled": { "value": "[[parameters('SvcHlthAdvisoryAlertState')]" }, + "effect": { + "value": "[[parameters('serviceHealthAdvisoryPolicyEffect')]" + }, "alertResourceGroupName": { "value": "[[parameters('ALZMonitorResourceGroupName')]" }, @@ -145,6 +196,9 @@ "enabled": { "value": "[[parameters('SvcHlthIncidentAlertState')]" }, + "effect": { + "value": "[[parameters('serviceHealthIncidentPolicyEffect')]" + }, "alertResourceGroupName": { "value": "[[parameters('ALZMonitorResourceGroupName')]" }, @@ -166,6 +220,9 @@ "enabled": { "value": "[[parameters('SvcHlthMaintenanceAlertState')]" }, + "effect": { + "value": "[[parameters('serviceHealthMaintenancePolicyEffect')]" + }, "alertResourceGroupName": { "value": "[[parameters('ALZMonitorResourceGroupName')]" }, @@ -187,6 +244,9 @@ "enabled": { "value": "[[parameters('svcHlthSecAdvisoryAlertState')]" }, + "effect": { + "value": "[[parameters('serviceHealthSecurityPolicyEffect')]" + }, "alertResourceGroupName": { "value": "[[parameters('ALZMonitorResourceGroupName')]" }, diff --git a/services/Resources/subscriptions/Deploy-ActivityLog-ResourceHealth-UnHealthly-Alert.json b/services/Resources/subscriptions/Deploy-ActivityLog-ResourceHealth-UnHealthly-Alert.json index 62eebc928..65ce3bb1e 100644 --- a/services/Resources/subscriptions/Deploy-ActivityLog-ResourceHealth-UnHealthly-Alert.json +++ b/services/Resources/subscriptions/Deploy-ActivityLog-ResourceHealth-UnHealthly-Alert.json @@ -60,7 +60,7 @@ "type": "String", "metadata": { "displayName": "Effect", - "description": "Tag name to disable monitoring on subscripton level alerts. Set to true if monitoring should be disabled" + "description": "Tag name to disable monitoring on subscription level alerts. Set to true if monitoring should be disabled" }, "defaultValue": "MonitorDisable" } diff --git a/services/Resources/subscriptions/Deploy-ActivityLog-ServiceHealth-Health.json b/services/Resources/subscriptions/Deploy-ActivityLog-ServiceHealth-Health.json index ed1861a8c..219a9ba1c 100644 --- a/services/Resources/subscriptions/Deploy-ActivityLog-ServiceHealth-Health.json +++ b/services/Resources/subscriptions/Deploy-ActivityLog-ServiceHealth-Health.json @@ -63,6 +63,18 @@ }, "defaultValue": "action@mail.com" }, + "effect": { + "type": "String", + "metadata": { + "displayName": "Effect", + "description": "Effect of the policy" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "disabled" + }, "MonitorDisable": { "type": "String", "metadata": { @@ -306,4 +318,4 @@ } } } -} \ No newline at end of file +} diff --git a/services/Resources/subscriptions/Deploy-ActivityLog-ServiceHealth-Incident.json b/services/Resources/subscriptions/Deploy-ActivityLog-ServiceHealth-Incident.json index 834add2df..48c40b7ee 100644 --- a/services/Resources/subscriptions/Deploy-ActivityLog-ServiceHealth-Incident.json +++ b/services/Resources/subscriptions/Deploy-ActivityLog-ServiceHealth-Incident.json @@ -63,6 +63,18 @@ }, "defaultValue": "action@mail.com" }, + "effect": { + "type": "String", + "metadata": { + "displayName": "Effect", + "description": "Effect of the policy" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "disabled" + }, "MonitorDisable": { "type": "String", "metadata": { @@ -306,4 +318,4 @@ } } } -} \ No newline at end of file +} diff --git a/services/Resources/subscriptions/Deploy-ActivityLog-ServiceHealth-Maintenance.json b/services/Resources/subscriptions/Deploy-ActivityLog-ServiceHealth-Maintenance.json index 8f7b4daa4..dc69579c5 100644 --- a/services/Resources/subscriptions/Deploy-ActivityLog-ServiceHealth-Maintenance.json +++ b/services/Resources/subscriptions/Deploy-ActivityLog-ServiceHealth-Maintenance.json @@ -63,6 +63,18 @@ }, "defaultValue": "action@mail.com" }, + "effect": { + "type": "String", + "metadata": { + "displayName": "Effect", + "description": "Effect of the policy" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "disabled" + }, "MonitorDisable": { "type": "String", "metadata": { diff --git a/services/Resources/subscriptions/Deploy-ActivityLog-ServiceHealth-Security.json b/services/Resources/subscriptions/Deploy-ActivityLog-ServiceHealth-Security.json index 3c49b2d13..49d0da365 100644 --- a/services/Resources/subscriptions/Deploy-ActivityLog-ServiceHealth-Security.json +++ b/services/Resources/subscriptions/Deploy-ActivityLog-ServiceHealth-Security.json @@ -63,6 +63,18 @@ }, "defaultValue": "action@mail.com" }, + "effect": { + "type": "String", + "metadata": { + "displayName": "Effect", + "description": "Effect of the policy" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "disabled" + }, "MonitorDisable": { "type": "String", "metadata": { From e94578f413667361d789e176f213413ce6ace0e1 Mon Sep 17 00:00:00 2001 From: Brunoga-MS Date: Tue, 17 Oct 2023 21:27:51 +0200 Subject: [PATCH 02/29] SH Granular Deployment Flexibility --- patterns/alz/policyDefinitions/policies.json | 10 +++++----- .../Deploy-ActivityLog-ServiceHealth-Health.json | 2 +- .../Deploy-ActivityLog-ServiceHealth-Incident.json | 2 +- .../Deploy-ActivityLog-ServiceHealth-Maintenance.json | 2 +- .../Deploy-ActivityLog-ServiceHealth-Security.json | 2 +- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/patterns/alz/policyDefinitions/policies.json b/patterns/alz/policyDefinitions/policies.json index 09aeb85b0..4d95eb71e 100644 --- a/patterns/alz/policyDefinitions/policies.json +++ b/patterns/alz/policyDefinitions/policies.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.19.5.34762", - "templateHash": "6828187488840043056" + "templateHash": "371160830915275346" } }, "parameters": { @@ -117,8 +117,8 @@ ], "$fxv#0": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_AA_TotalJob_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy Automation Account TotalJob Alert\",\r\n \"description\": \"Policy to audit/deploy Automation Account TotalJob Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.0.1\",\r\n \"category\": \"Automation\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"2\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"P1D\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"defaultValue\": \"PT1M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisable\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Tag name to disable monitoring on resource. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Automation/automationAccounts\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisable'), ']')]\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricNamespace\",\r\n \"equals\": \"Microsoft.Automation/automationAccounts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricName\",\r\n \"equals\": \"TotalJob\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricalerts/scopes[*]\",\r\n \"equals\": \"[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Automation/automationAccounts/', field('fullName'))]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceName\",\r\n \"description\": \"Name of the resource\"\r\n }\r\n },\r\n \"resourceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceId\",\r\n \"description\": \"Resource ID of the resource emitting the metric that will be used for the comparison\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"name\": \"[[concat(parameters('resourceName'), '-TotalJob')]\",\r\n \"location\": \"global\",\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"description\": \"Metric Alert for Automation Account TotalJob Alert\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[parameters('resourceId')]\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"name\": \"TotalJob\",\r\n \"metricNamespace\": \"Microsoft.Automation/automationAccounts\",\r\n \"metricName\": \"TotalJob\",\r\n \"dimensions\": [\r\n {\r\n \"name\": \"Status\",\r\n \"operator\": \"Exclude\",\r\n \"values\": [\r\n \"Completed\"\r\n ]\r\n }\r\n ],\r\n \"operator\": \"GreaterThan\",\r\n \"threshold\": \"[[parameters('threshold')]\",\r\n \"timeAggregation\": \"Average\",\r\n \"criterionType\": \"StaticThresholdCriterion\"\r\n }\r\n ],\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\"\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"parameters\": {\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"value\": \"[[field('name')]\"\r\n },\r\n \"resourceId\": {\r\n \"value\": \"[[field('id')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", "$fxv#1": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_activitylog_Firewall_Delete\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy Activity Log Azure FireWall Delete Alert\",\r\n \"description\": \"Policy to Deploy Activity Log Azure Firewall Delete Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.0.2\",\r\n \"category\": \"Network\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name\",\r\n \"description\": \"Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"rg-amba-monitoring-001\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"Object\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Tags\",\r\n \"description\": \"Tags on the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": {\r\n \"environment\": \"test\",\r\n \"_deployed_by_amba\": true\r\n }\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Location\",\r\n \"description\": \"Location of the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"centralus\"\r\n },\r\n \"MonitorDisable\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Tag name to disable monitoring on resource. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/azureFirewalls\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisable'), ']')]\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/activityLogAlerts\",\r\n \"name\": \"ActivityAzureFirewallDelete\",\r\n \"existenceScope\": \"resourceGroup\",\r\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\r\n \"deploymentScope\": \"subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n },\r\n {\r\n \"count\": {\r\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*]\",\r\n \"where\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field\",\r\n \"equals\": \"category\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals\",\r\n \"equals\": \"Administrative\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field\",\r\n \"equals\": \"operationName\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals\",\r\n \"equals\": \"Microsoft.Network/azureFirewalls/delete\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n },\r\n \"equals\": 2\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"location\": \"northeurope\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"object\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"apiVersion\": \"2020-10-01\",\r\n \"name\": \"[[parameters('alertResourceGroupName')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n {\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"apiVersion\": \"2019-10-01\",\r\n \"name\": \"ActivityAzureFirewallDelete\",\r\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\r\n \"dependsOn\": [\r\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\r\n ],\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"microsoft.insights/activityLogAlerts\",\r\n \"apiVersion\": \"2020-10-01\",\r\n \"name\": \"ActivityAzureFirewallDelete\",\r\n \"location\": \"global\",\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"description\": \"Activity Log Firewall Delete\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[subscription().id]\"\r\n ],\r\n \"condition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"category\",\r\n \"equals\": \"Administrative\"\r\n },\r\n {\r\n \"field\": \"operationName\",\r\n \"equals\": \"Microsoft.Network/azurefirewalls/delete\"\r\n },\r\n {\r\n \"field\": \"status\",\r\n \"containsAny\": [\r\n \"succeeded\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", - "$fxv#10": "{\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"name\": \"Deploy_activitylog_ServiceHealth_Maintenance\",\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"Deploy Service Health Maintenance Alert\",\n \"description\": \"Policy to Deploy Service Health Maintenance Alert\",\n \"metadata\": {\n \"version\": \"1.1.1\",\n \"category\": \"Monitoring\",\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\"\n ],\n \"_deployed_by_amba\": \"True\"\n },\n \"parameters\": {\n \"enabled\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Alert State\",\n \"description\": \"Alert state for the alert\"\n },\n \"allowedValues\": [\n \"true\",\n \"false\"\n ],\n \"defaultValue\": \"true\"\n },\n \"alertResourceGroupName\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Resource Group Name\",\n \"description\": \"Resource group the alert is placed in\"\n },\n \"defaultValue\": \"rg-amba-monitoring-001\"\n },\n \"alertResourceGroupTags\": {\n \"type\": \"Object\",\n \"metadata\": {\n \"displayName\": \"Resource Group Tags\",\n \"description\": \"Tags on the Resource group the alert is placed in\"\n },\n \"defaultValue\": {\n \"_deployed_by_amba\": true\n }\n },\n \"alertResourceGroupLocation\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Resource Group Location\",\n \"description\": \"Location of the Resource group the alert is placed in\"\n },\n \"defaultValue\": \"centralus\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Action Group Email\",\n \"description\": \"Email address to send alerts to\"\n },\n \"defaultValue\": \"action@mail.com\"\n },\n \"effect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Effect of the policy\"\n },\n \"allowedValues\": [\n \"deployIfNotExists\",\n \"disabled\"\n ],\n \"defaultValue\": \"disabled\"\n },\n \"MonitorDisable\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Tag name to disable monitoring Subscription level alerts. Set to true if monitoring should be disabled\"\n },\n \"defaultValue\": \"MonitorDisable\"\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Resources/subscriptions\"\n },\n {\n \"field\": \"[[concat('tags[', parameters('MonitorDisable'), ']')]\",\n \"notEquals\": \"true\"\n }\n ]\n },\n \"then\": {\n \"effect\": \"deployIfNotExists\",\n \"details\": {\n \"roleDefinitionIds\": [\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\n ],\n \"type\": \"Microsoft.Insights/activityLogAlerts\",\n \"existenceScope\": \"resourcegroup\",\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\n \"deploymentScope\": \"subscription\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/enabled\",\n \"equals\": \"[[parameters('enabled')]\"\n },\n {\n \"count\": {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*]\",\n \"where\": {\n \"anyOf\": [\n {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field\",\n \"equals\": \"category\"\n },\n {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals\",\n \"equals\": \"ServiceHealth\"\n }\n ]\n },\n {\n \"allOf\": [\n {\n \"field\": \"microsoft.insights/activityLogAlerts/condition.allOf[*].field\",\n \"equals\": \"properties.incidentType\"\n },\n {\n \"field\": \"microsoft.insights/activityLogAlerts/condition.allOf[*].equals\",\n \"equals\": \"Maintenance\"\n }\n ]\n }\n ]\n }\n },\n \"equals\": 2\n }\n ]\n },\n \"deployment\": {\n \"location\": \"northeurope\",\n \"properties\": {\n \"mode\": \"incremental\",\n \"template\": {\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"alertResourceGroupName\": {\n \"type\": \"string\"\n },\n \"alertResourceGroupTags\": {\n \"type\": \"object\"\n },\n \"alertResourceGroupLocation\": {\n \"type\": \"string\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"type\": \"string\"\n },\n \"enabled\": {\n \"type\": \"string\"\n }\n },\n \"variables\": {\n \"varALZMonitorActionGroupEmail\": \"[[array(split(parameters('ALZMonitorActionGroupEmail'),','))]\"\n },\n \"resources\": [\n {\n \"type\": \"Microsoft.Resources/resourceGroups\",\n \"apiVersion\": \"2021-04-01\",\n \"name\": \"[[parameters('alertResourceGroupName')]\",\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\n },\n {\n \"type\": \"Microsoft.Resources/deployments\",\n \"apiVersion\": \"2019-10-01\",\n \"name\": \"ServiceHealthMaintenance\",\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\n \"dependsOn\": [\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\n ],\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"enabled\": {\n \"type\": \"string\"\n },\n \"alertResourceGroupName\": {\n \"type\": \"string\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"type\": \"string\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"microsoft.insights/activityLogAlerts\",\n \"apiVersion\": \"2020-10-01\",\n \"name\": \"ServiceHealthPlannedMaintenance\",\n \"location\": \"global\",\n \"dependsOn\": [\n \"[[concat(subscription().Id, '/resourceGroups/', parameters('alertResourceGroupName'), '/providers/Microsoft.Insights/actionGroups/AmbaActionGr')]\"\n ],\n \"tags\": {\n \"_deployed_by_amba\": true\n },\n \"properties\": {\n \"actions\": {\n \"actionGroups\": [\n {\n \"actionGroupId\": \"[[concat(subscription().Id, '/resourceGroups/', parameters('alertResourceGroupName'), '/providers/Microsoft.Insights/actionGroups/AmbaActionGr')]\"\n }\n ]\n },\n \"description\": \"ServiceHealthPlannedMaintenance Alert\",\n \"enabled\": \"[[parameters('enabled')]\",\n \"scopes\": [\n \"[[subscription().id]\"\n ],\n \"condition\": {\n \"allOf\": [\n {\n \"field\": \"category\",\n \"equals\": \"ServiceHealth\"\n },\n {\n \"field\": \"properties.incidentType\",\n \"equals\": \"Maintenance\"\n }\n ]\n },\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('enabled')]\"\n }\n }\n }\n },\n {\n \"type\": \"Microsoft.Insights/actionGroups\",\n \"apiVersion\": \"2022-06-01\",\n \"name\": \"AmbaActionGr\",\n \"location\": \"global\",\n \"tags\": {\n \"_deployed_by_amba\": true\n },\n \"properties\": {\n \"groupShortName\": \"AmbaActionGr\",\n \"enabled\": true,\n \"copy\": [\n {\n \"name\": \"emailReceivers\",\n \"count\": \"[[length(variables('varALZMonitorActionGroupEmail'))]\",\n \"mode\": \"serial\",\n \"input\": {\n \"name\": \"[[concat('AlzMail-', indexOf(variables('varALZMonitorActionGroupEmail'), variables('varALZMonitorActionGroupEmail')[copyIndex('emailReceivers')]))]\",\n \"emailAddress\": \"[[trim(variables('varALZMonitorActionGroupEmail')[copyIndex('emailReceivers')])]\",\n \"useCommonSchema\": true\n }\n }\n ]\n }\n }\n ]\n },\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('enabled')]\"\n },\n \"alertResourceGroupName\": {\n \"value\": \"[[parameters('alertResourceGroupName')]\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"value\": \"[[parameters('ALZMonitorActionGroupEmail')]\"\n }\n }\n }\n }\n ]\n },\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('enabled')]\"\n },\n \"alertResourceGroupName\": {\n \"value\": \"[[parameters('alertResourceGroupName')]\"\n },\n \"alertResourceGroupTags\": {\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\n },\n \"alertResourceGroupLocation\": {\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"value\": \"[[parameters('ALZMonitorActionGroupEmail')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n}\n", - "$fxv#11": "{\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"name\": \"Deploy_activitylog_ServiceHealth_SecurityAdvisory\",\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"Deploy Service Health Security Advisory Alert\",\n \"description\": \"Policy to Deploy Service Health Security Advisory Alert\",\n \"metadata\": {\n \"version\": \"1.1.1\",\n \"category\": \"Monitoring\",\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\"\n ],\n \"_deployed_by_amba\": \"True\"\n },\n \"parameters\": {\n \"enabled\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Alert State\",\n \"description\": \"Alert state for the alert\"\n },\n \"allowedValues\": [\n \"true\",\n \"false\"\n ],\n \"defaultValue\": \"true\"\n },\n \"alertResourceGroupName\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Resource Group Name\",\n \"description\": \"Resource group the alert is placed in\"\n },\n \"defaultValue\": \"rg-amba-monitoring-001\"\n },\n \"alertResourceGroupTags\": {\n \"type\": \"Object\",\n \"metadata\": {\n \"displayName\": \"Resource Group Tags\",\n \"description\": \"Tags on the Resource group the alert is placed in\"\n },\n \"defaultValue\": {\n \"_deployed_by_amba\": true\n }\n },\n \"alertResourceGroupLocation\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Resource Group Location\",\n \"description\": \"Location of the Resource group the alert is placed in\"\n },\n \"defaultValue\": \"centralus\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Action Group Email\",\n \"description\": \"Email address to send alerts to\"\n },\n \"defaultValue\": \"action@mail.com\"\n },\n \"effect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Effect of the policy\"\n },\n \"allowedValues\": [\n \"deployIfNotExists\",\n \"disabled\"\n ],\n \"defaultValue\": \"disabled\"\n },\n \"MonitorDisable\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Tag name to disable monitoring Subscription level alerts. Set to true if monitoring should be disabled\"\n },\n \"defaultValue\": \"MonitorDisable\"\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Resources/subscriptions\"\n },\n {\n \"field\": \"[[concat('tags[', parameters('MonitorDisable'), ']')]\",\n \"notEquals\": \"true\"\n }\n ]\n },\n \"then\": {\n \"effect\": \"deployIfNotExists\",\n \"details\": {\n \"roleDefinitionIds\": [\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\n ],\n \"type\": \"Microsoft.Insights/activityLogAlerts\",\n \"existenceScope\": \"resourcegroup\",\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\n \"deploymentScope\": \"subscription\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/enabled\",\n \"equals\": \"[[parameters('enabled')]\"\n },\n {\n \"count\": {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*]\",\n \"where\": {\n \"anyOf\": [\n {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field\",\n \"equals\": \"category\"\n },\n {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals\",\n \"equals\": \"ServiceHealth\"\n }\n ]\n },\n {\n \"allOf\": [\n {\n \"field\": \"microsoft.insights/activityLogAlerts/condition.allOf[*].field\",\n \"equals\": \"properties.incidentType\"\n },\n {\n \"field\": \"microsoft.insights/activityLogAlerts/condition.allOf[*].equals\",\n \"equals\": \"Security\"\n }\n ]\n }\n ]\n }\n },\n \"equals\": 2\n }\n ]\n },\n \"deployment\": {\n \"location\": \"northeurope\",\n \"properties\": {\n \"mode\": \"incremental\",\n \"template\": {\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"alertResourceGroupName\": {\n \"type\": \"string\"\n },\n \"alertResourceGroupTags\": {\n \"type\": \"object\"\n },\n \"alertResourceGroupLocation\": {\n \"type\": \"string\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"type\": \"string\"\n },\n \"enabled\": {\n \"type\": \"string\"\n }\n },\n \"variables\": {\n \"varALZMonitorActionGroupEmail\": \"[[array(split(parameters('ALZMonitorActionGroupEmail'),','))]\"\n },\n \"resources\": [\n {\n \"type\": \"Microsoft.Resources/resourceGroups\",\n \"apiVersion\": \"2021-04-01\",\n \"name\": \"[[parameters('alertResourceGroupName')]\",\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\n },\n {\n \"type\": \"Microsoft.Resources/deployments\",\n \"apiVersion\": \"2019-10-01\",\n \"name\": \"ServiceSecurityIncident\",\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\n \"dependsOn\": [\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\n ],\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"enabled\": {\n \"type\": \"string\"\n },\n \"alertResourceGroupName\": {\n \"type\": \"string\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"type\": \"string\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"microsoft.insights/activityLogAlerts\",\n \"apiVersion\": \"2020-10-01\",\n \"name\": \"ServiceHealthSecurityIncident\",\n \"location\": \"global\",\n \"dependsOn\": [\n \"[[concat(subscription().Id, '/resourceGroups/', parameters('alertResourceGroupName'), '/providers/Microsoft.Insights/actionGroups/AmbaActionGr')]\"\n ],\n \"tags\": {\n \"_deployed_by_amba\": true\n },\n \"properties\": {\n \"actions\": {\n \"actionGroups\": [\n {\n \"actionGroupId\": \"[[concat(subscription().Id, '/resourceGroups/', parameters('alertResourceGroupName'), '/providers/Microsoft.Insights/actionGroups/AmbaActionGr')]\"\n }\n ]\n },\n \"description\": \"Service Health Security Alert\",\n \"enabled\": \"[[parameters('enabled')]\",\n \"scopes\": [\n \"[[subscription().id]\"\n ],\n \"condition\": {\n \"allOf\": [\n {\n \"field\": \"category\",\n \"equals\": \"ServiceHealth\"\n },\n {\n \"field\": \"properties.incidentType\",\n \"equals\": \"Security\"\n }\n ]\n },\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('enabled')]\"\n }\n }\n }\n },\n {\n \"type\": \"Microsoft.Insights/actionGroups\",\n \"apiVersion\": \"2022-06-01\",\n \"name\": \"AmbaActionGr\",\n \"location\": \"global\",\n \"tags\": {\n \"_deployed_by_amba\": true\n },\n \"properties\": {\n \"groupShortName\": \"AmbaActionGr\",\n \"enabled\": true,\n \"copy\": [\n {\n \"name\": \"emailReceivers\",\n \"count\": \"[[length(variables('varALZMonitorActionGroupEmail'))]\",\n \"mode\": \"serial\",\n \"input\": {\n \"name\": \"[[concat('AlzMail-', indexOf(variables('varALZMonitorActionGroupEmail'), variables('varALZMonitorActionGroupEmail')[copyIndex('emailReceivers')]))]\",\n \"emailAddress\": \"[[trim(variables('varALZMonitorActionGroupEmail')[copyIndex('emailReceivers')])]\",\n \"useCommonSchema\": true\n }\n }\n ]\n }\n }\n ]\n },\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('enabled')]\"\n },\n \"alertResourceGroupName\": {\n \"value\": \"[[parameters('alertResourceGroupName')]\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"value\": \"[[parameters('ALZMonitorActionGroupEmail')]\"\n }\n }\n }\n }\n ]\n },\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('enabled')]\"\n },\n \"alertResourceGroupName\": {\n \"value\": \"[[parameters('alertResourceGroupName')]\"\n },\n \"alertResourceGroupTags\": {\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"value\": \"[[parameters('ALZMonitorActionGroupEmail')]\"\n },\n \"alertResourceGroupLocation\": {\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n}\n", + "$fxv#10": "{\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"name\": \"Deploy_activitylog_ServiceHealth_Maintenance\",\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"Deploy Service Health Maintenance Alert\",\n \"description\": \"Policy to Deploy Service Health Maintenance Alert\",\n \"metadata\": {\n \"version\": \"1.1.1\",\n \"category\": \"Monitoring\",\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\"\n ],\n \"_deployed_by_amba\": \"True\"\n },\n \"parameters\": {\n \"enabled\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Alert State\",\n \"description\": \"Alert state for the alert\"\n },\n \"allowedValues\": [\n \"true\",\n \"false\"\n ],\n \"defaultValue\": \"true\"\n },\n \"alertResourceGroupName\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Resource Group Name\",\n \"description\": \"Resource group the alert is placed in\"\n },\n \"defaultValue\": \"rg-amba-monitoring-001\"\n },\n \"alertResourceGroupTags\": {\n \"type\": \"Object\",\n \"metadata\": {\n \"displayName\": \"Resource Group Tags\",\n \"description\": \"Tags on the Resource group the alert is placed in\"\n },\n \"defaultValue\": {\n \"_deployed_by_amba\": true\n }\n },\n \"alertResourceGroupLocation\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Resource Group Location\",\n \"description\": \"Location of the Resource group the alert is placed in\"\n },\n \"defaultValue\": \"centralus\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Action Group Email\",\n \"description\": \"Email address to send alerts to\"\n },\n \"defaultValue\": \"action@mail.com\"\n },\n \"effect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Effect of the policy\"\n },\n \"allowedValues\": [\n \"deployIfNotExists\",\n \"disabled\"\n ],\n \"defaultValue\": \"disabled\"\n },\n \"MonitorDisable\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Tag name to disable monitoring Subscription level alerts. Set to true if monitoring should be disabled\"\n },\n \"defaultValue\": \"MonitorDisable\"\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Resources/subscriptions\"\n },\n {\n \"field\": \"[[concat('tags[', parameters('MonitorDisable'), ']')]\",\n \"notEquals\": \"true\"\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\",\n \"details\": {\n \"roleDefinitionIds\": [\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\n ],\n \"type\": \"Microsoft.Insights/activityLogAlerts\",\n \"existenceScope\": \"resourcegroup\",\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\n \"deploymentScope\": \"subscription\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/enabled\",\n \"equals\": \"[[parameters('enabled')]\"\n },\n {\n \"count\": {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*]\",\n \"where\": {\n \"anyOf\": [\n {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field\",\n \"equals\": \"category\"\n },\n {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals\",\n \"equals\": \"ServiceHealth\"\n }\n ]\n },\n {\n \"allOf\": [\n {\n \"field\": \"microsoft.insights/activityLogAlerts/condition.allOf[*].field\",\n \"equals\": \"properties.incidentType\"\n },\n {\n \"field\": \"microsoft.insights/activityLogAlerts/condition.allOf[*].equals\",\n \"equals\": \"Maintenance\"\n }\n ]\n }\n ]\n }\n },\n \"equals\": 2\n }\n ]\n },\n \"deployment\": {\n \"location\": \"northeurope\",\n \"properties\": {\n \"mode\": \"incremental\",\n \"template\": {\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"alertResourceGroupName\": {\n \"type\": \"string\"\n },\n \"alertResourceGroupTags\": {\n \"type\": \"object\"\n },\n \"alertResourceGroupLocation\": {\n \"type\": \"string\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"type\": \"string\"\n },\n \"enabled\": {\n \"type\": \"string\"\n }\n },\n \"variables\": {\n \"varALZMonitorActionGroupEmail\": \"[[array(split(parameters('ALZMonitorActionGroupEmail'),','))]\"\n },\n \"resources\": [\n {\n \"type\": \"Microsoft.Resources/resourceGroups\",\n \"apiVersion\": \"2021-04-01\",\n \"name\": \"[[parameters('alertResourceGroupName')]\",\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\n },\n {\n \"type\": \"Microsoft.Resources/deployments\",\n \"apiVersion\": \"2019-10-01\",\n \"name\": \"ServiceHealthMaintenance\",\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\n \"dependsOn\": [\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\n ],\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"enabled\": {\n \"type\": \"string\"\n },\n \"alertResourceGroupName\": {\n \"type\": \"string\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"type\": \"string\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"microsoft.insights/activityLogAlerts\",\n \"apiVersion\": \"2020-10-01\",\n \"name\": \"ServiceHealthPlannedMaintenance\",\n \"location\": \"global\",\n \"dependsOn\": [\n \"[[concat(subscription().Id, '/resourceGroups/', parameters('alertResourceGroupName'), '/providers/Microsoft.Insights/actionGroups/AmbaActionGr')]\"\n ],\n \"tags\": {\n \"_deployed_by_amba\": true\n },\n \"properties\": {\n \"actions\": {\n \"actionGroups\": [\n {\n \"actionGroupId\": \"[[concat(subscription().Id, '/resourceGroups/', parameters('alertResourceGroupName'), '/providers/Microsoft.Insights/actionGroups/AmbaActionGr')]\"\n }\n ]\n },\n \"description\": \"ServiceHealthPlannedMaintenance Alert\",\n \"enabled\": \"[[parameters('enabled')]\",\n \"scopes\": [\n \"[[subscription().id]\"\n ],\n \"condition\": {\n \"allOf\": [\n {\n \"field\": \"category\",\n \"equals\": \"ServiceHealth\"\n },\n {\n \"field\": \"properties.incidentType\",\n \"equals\": \"Maintenance\"\n }\n ]\n },\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('enabled')]\"\n }\n }\n }\n },\n {\n \"type\": \"Microsoft.Insights/actionGroups\",\n \"apiVersion\": \"2022-06-01\",\n \"name\": \"AmbaActionGr\",\n \"location\": \"global\",\n \"tags\": {\n \"_deployed_by_amba\": true\n },\n \"properties\": {\n \"groupShortName\": \"AmbaActionGr\",\n \"enabled\": true,\n \"copy\": [\n {\n \"name\": \"emailReceivers\",\n \"count\": \"[[length(variables('varALZMonitorActionGroupEmail'))]\",\n \"mode\": \"serial\",\n \"input\": {\n \"name\": \"[[concat('AlzMail-', indexOf(variables('varALZMonitorActionGroupEmail'), variables('varALZMonitorActionGroupEmail')[copyIndex('emailReceivers')]))]\",\n \"emailAddress\": \"[[trim(variables('varALZMonitorActionGroupEmail')[copyIndex('emailReceivers')])]\",\n \"useCommonSchema\": true\n }\n }\n ]\n }\n }\n ]\n },\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('enabled')]\"\n },\n \"alertResourceGroupName\": {\n \"value\": \"[[parameters('alertResourceGroupName')]\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"value\": \"[[parameters('ALZMonitorActionGroupEmail')]\"\n }\n }\n }\n }\n ]\n },\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('enabled')]\"\n },\n \"alertResourceGroupName\": {\n \"value\": \"[[parameters('alertResourceGroupName')]\"\n },\n \"alertResourceGroupTags\": {\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\n },\n \"alertResourceGroupLocation\": {\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"value\": \"[[parameters('ALZMonitorActionGroupEmail')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n}\n", + "$fxv#11": "{\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"name\": \"Deploy_activitylog_ServiceHealth_SecurityAdvisory\",\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"Deploy Service Health Security Advisory Alert\",\n \"description\": \"Policy to Deploy Service Health Security Advisory Alert\",\n \"metadata\": {\n \"version\": \"1.1.1\",\n \"category\": \"Monitoring\",\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\"\n ],\n \"_deployed_by_amba\": \"True\"\n },\n \"parameters\": {\n \"enabled\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Alert State\",\n \"description\": \"Alert state for the alert\"\n },\n \"allowedValues\": [\n \"true\",\n \"false\"\n ],\n \"defaultValue\": \"true\"\n },\n \"alertResourceGroupName\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Resource Group Name\",\n \"description\": \"Resource group the alert is placed in\"\n },\n \"defaultValue\": \"rg-amba-monitoring-001\"\n },\n \"alertResourceGroupTags\": {\n \"type\": \"Object\",\n \"metadata\": {\n \"displayName\": \"Resource Group Tags\",\n \"description\": \"Tags on the Resource group the alert is placed in\"\n },\n \"defaultValue\": {\n \"_deployed_by_amba\": true\n }\n },\n \"alertResourceGroupLocation\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Resource Group Location\",\n \"description\": \"Location of the Resource group the alert is placed in\"\n },\n \"defaultValue\": \"centralus\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Action Group Email\",\n \"description\": \"Email address to send alerts to\"\n },\n \"defaultValue\": \"action@mail.com\"\n },\n \"effect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Effect of the policy\"\n },\n \"allowedValues\": [\n \"deployIfNotExists\",\n \"disabled\"\n ],\n \"defaultValue\": \"disabled\"\n },\n \"MonitorDisable\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Tag name to disable monitoring Subscription level alerts. Set to true if monitoring should be disabled\"\n },\n \"defaultValue\": \"MonitorDisable\"\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Resources/subscriptions\"\n },\n {\n \"field\": \"[[concat('tags[', parameters('MonitorDisable'), ']')]\",\n \"notEquals\": \"true\"\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\",\n \"details\": {\n \"roleDefinitionIds\": [\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\n ],\n \"type\": \"Microsoft.Insights/activityLogAlerts\",\n \"existenceScope\": \"resourcegroup\",\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\n \"deploymentScope\": \"subscription\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/enabled\",\n \"equals\": \"[[parameters('enabled')]\"\n },\n {\n \"count\": {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*]\",\n \"where\": {\n \"anyOf\": [\n {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field\",\n \"equals\": \"category\"\n },\n {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals\",\n \"equals\": \"ServiceHealth\"\n }\n ]\n },\n {\n \"allOf\": [\n {\n \"field\": \"microsoft.insights/activityLogAlerts/condition.allOf[*].field\",\n \"equals\": \"properties.incidentType\"\n },\n {\n \"field\": \"microsoft.insights/activityLogAlerts/condition.allOf[*].equals\",\n \"equals\": \"Security\"\n }\n ]\n }\n ]\n }\n },\n \"equals\": 2\n }\n ]\n },\n \"deployment\": {\n \"location\": \"northeurope\",\n \"properties\": {\n \"mode\": \"incremental\",\n \"template\": {\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"alertResourceGroupName\": {\n \"type\": \"string\"\n },\n \"alertResourceGroupTags\": {\n \"type\": \"object\"\n },\n \"alertResourceGroupLocation\": {\n \"type\": \"string\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"type\": \"string\"\n },\n \"enabled\": {\n \"type\": \"string\"\n }\n },\n \"variables\": {\n \"varALZMonitorActionGroupEmail\": \"[[array(split(parameters('ALZMonitorActionGroupEmail'),','))]\"\n },\n \"resources\": [\n {\n \"type\": \"Microsoft.Resources/resourceGroups\",\n \"apiVersion\": \"2021-04-01\",\n \"name\": \"[[parameters('alertResourceGroupName')]\",\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\n },\n {\n \"type\": \"Microsoft.Resources/deployments\",\n \"apiVersion\": \"2019-10-01\",\n \"name\": \"ServiceSecurityIncident\",\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\n \"dependsOn\": [\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\n ],\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"enabled\": {\n \"type\": \"string\"\n },\n \"alertResourceGroupName\": {\n \"type\": \"string\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"type\": \"string\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"microsoft.insights/activityLogAlerts\",\n \"apiVersion\": \"2020-10-01\",\n \"name\": \"ServiceHealthSecurityIncident\",\n \"location\": \"global\",\n \"dependsOn\": [\n \"[[concat(subscription().Id, '/resourceGroups/', parameters('alertResourceGroupName'), '/providers/Microsoft.Insights/actionGroups/AmbaActionGr')]\"\n ],\n \"tags\": {\n \"_deployed_by_amba\": true\n },\n \"properties\": {\n \"actions\": {\n \"actionGroups\": [\n {\n \"actionGroupId\": \"[[concat(subscription().Id, '/resourceGroups/', parameters('alertResourceGroupName'), '/providers/Microsoft.Insights/actionGroups/AmbaActionGr')]\"\n }\n ]\n },\n \"description\": \"Service Health Security Alert\",\n \"enabled\": \"[[parameters('enabled')]\",\n \"scopes\": [\n \"[[subscription().id]\"\n ],\n \"condition\": {\n \"allOf\": [\n {\n \"field\": \"category\",\n \"equals\": \"ServiceHealth\"\n },\n {\n \"field\": \"properties.incidentType\",\n \"equals\": \"Security\"\n }\n ]\n },\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('enabled')]\"\n }\n }\n }\n },\n {\n \"type\": \"Microsoft.Insights/actionGroups\",\n \"apiVersion\": \"2022-06-01\",\n \"name\": \"AmbaActionGr\",\n \"location\": \"global\",\n \"tags\": {\n \"_deployed_by_amba\": true\n },\n \"properties\": {\n \"groupShortName\": \"AmbaActionGr\",\n \"enabled\": true,\n \"copy\": [\n {\n \"name\": \"emailReceivers\",\n \"count\": \"[[length(variables('varALZMonitorActionGroupEmail'))]\",\n \"mode\": \"serial\",\n \"input\": {\n \"name\": \"[[concat('AlzMail-', indexOf(variables('varALZMonitorActionGroupEmail'), variables('varALZMonitorActionGroupEmail')[copyIndex('emailReceivers')]))]\",\n \"emailAddress\": \"[[trim(variables('varALZMonitorActionGroupEmail')[copyIndex('emailReceivers')])]\",\n \"useCommonSchema\": true\n }\n }\n ]\n }\n }\n ]\n },\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('enabled')]\"\n },\n \"alertResourceGroupName\": {\n \"value\": \"[[parameters('alertResourceGroupName')]\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"value\": \"[[parameters('ALZMonitorActionGroupEmail')]\"\n }\n }\n }\n }\n ]\n },\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('enabled')]\"\n },\n \"alertResourceGroupName\": {\n \"value\": \"[[parameters('alertResourceGroupName')]\"\n },\n \"alertResourceGroupTags\": {\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"value\": \"[[parameters('ALZMonitorActionGroupEmail')]\"\n },\n \"alertResourceGroupLocation\": {\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n}\n", "$fxv#12": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_activitylog_VPNGateway_Delete\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy Activity Log VPN Gateway Delete Alert\",\r\n \"description\": \"Policy to Deploy Activity Log VPN Gateway Delete Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.0.1\",\r\n \"category\": \"Network\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Name\",\r\n \"description\": \"Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"AlzMonitoring-rg\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"Object\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Tags\",\r\n \"description\": \"Tags on the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": {\r\n \"environment\": \"test\",\r\n \"_deployed_by_amba\": true\r\n }\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Resource Group Location\",\r\n \"description\": \"Location of the Resource group the alert is placed in\"\r\n },\r\n \"defaultValue\": \"centralus\"\r\n },\r\n \"MonitorDisable\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Tag name to disable monitoring resource. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/vpnGateways\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisable'), ']')]\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/activityLogAlerts\",\r\n \"existenceScope\": \"resourcegroup\",\r\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\r\n \"deploymentScope\": \"subscription\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n },\r\n {\r\n \"count\": {\r\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*]\",\r\n \"where\": {\r\n \"anyOf\": [\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field\",\r\n \"equals\": \"category\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals\",\r\n \"equals\": \"Administrative\"\r\n }\r\n ]\r\n },\r\n {\r\n \"allOf\": [\r\n {\r\n \"field\": \"microsoft.insights/activityLogAlerts/condition.allOf[*].field\",\r\n \"equals\": \"operationName\"\r\n },\r\n {\r\n \"field\": \"microsoft.insights/activityLogAlerts/condition.allOf[*].equals\",\r\n \"equals\": \"Microsoft.Network/vpnGateways/delete\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n },\r\n \"equals\": 2\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"location\": \"northeurope\",\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"type\": \"object\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"type\": \"string\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Resources/resourceGroups\",\r\n \"apiVersion\": \"2021-04-01\",\r\n \"name\": \"[[parameters('alertResourceGroupName')]\",\r\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\r\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n {\r\n \"type\": \"Microsoft.Resources/deployments\",\r\n \"apiVersion\": \"2019-10-01\",\r\n \"name\": \"ActivityVPNGatewayDelete\",\r\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\r\n \"dependsOn\": [\r\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\r\n ],\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"type\": \"string\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"microsoft.insights/activityLogAlerts\",\r\n \"apiVersion\": \"2020-10-01\",\r\n \"name\": \"ActivityVPNGatewayDelete\",\r\n \"location\": \"global\",\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"description\": \"Activity Log VPN Gateway Delete\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[subscription().id]\"\r\n ],\r\n \"condition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"category\",\r\n \"equals\": \"Administrative\"\r\n },\r\n {\r\n \"field\": \"operationName\",\r\n \"equals\": \"Microsoft.Network/vpnGateways/delete\"\r\n },\r\n {\r\n \"field\": \"status\",\r\n \"containsAny\": [\r\n \"succeeded\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('alertResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", "$fxv#13": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_AFW_FirewallHealth_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy AFW FirewallHealth Alert\",\r\n \"description\": \"Policy to audit/deploy Azure Firewall FirewallHealth Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.0.1\",\r\n \"category\": \"Network\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"0\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"P1D\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"defaultValue\": \"PT1M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"90\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisable\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Tag name to disable monitoring resource. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/azureFirewalls\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisable'), ']')]\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace\",\r\n \"equals\": \"Microsoft.Network/azureFirewalls\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName\",\r\n \"equals\": \"FirewallHealth\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricalerts/scopes[*]\",\r\n \"equals\": \"[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/azureFirewalls/', field('fullName'))]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceName\",\r\n \"description\": \"Name of the resource\"\r\n }\r\n },\r\n \"resourceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceId\",\r\n \"description\": \"Resource ID of the resource emitting the metric that will be used for the comparison\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"name\": \"[[concat(parameters('resourceName'), '-FirewallHealth')]\",\r\n \"location\": \"global\",\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"description\": \"Metric Alert for AFW FirewallHealth\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[parameters('resourceId')]\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"name\": \"FirewallHealth\",\r\n \"metricNamespace\": \"Microsoft.Network/azureFirewalls\",\r\n \"metricName\": \"FirewallHealth\",\r\n \"operator\": \"LessThan\",\r\n \"threshold\": \"[[parameters('threshold')]\",\r\n \"timeAggregation\": \"Average\",\r\n \"criterionType\": \"StaticThresholdCriterion\"\r\n }\r\n ],\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\"\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"parameters\": {\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"value\": \"[[field('name')]\"\r\n },\r\n \"resourceId\": {\r\n \"value\": \"[[field('id')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", "$fxv#14": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_AFW_SNATPortUtilization_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy AFW SNATPortUtilization Alert\",\r\n \"description\": \"Policy to audit/deploy Azure Firewall SNATPortUtilization Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.0.1\",\r\n \"category\": \"Network\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"1\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"P1D\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"defaultValue\": \"PT1M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"80\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisable\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Tag name to disable monitoring resource. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/azureFirewalls\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisable'), ']')]\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace\",\r\n \"equals\": \"Microsoft.Network/azureFirewalls\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName\",\r\n \"equals\": \"SNATPortUtilization\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricalerts/scopes[*]\",\r\n \"equals\": \"[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/azureFirewalls/', field('fullName'))]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceName\",\r\n \"description\": \"Name of the resource\"\r\n }\r\n },\r\n \"resourceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceId\",\r\n \"description\": \"Resource ID of the resource emitting the metric that will be used for the comparison\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"name\": \"[[concat(parameters('resourceName'), '-SNATPortUtilization')]\",\r\n \"location\": \"global\",\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"description\": \"Metric Alert for AFW SNATPortUtilization\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[parameters('resourceId')]\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"name\": \"SNATPortUtilization\",\r\n \"metricNamespace\": \"Microsoft.Network/azureFirewalls\",\r\n \"metricName\": \"SNATPortUtilization\",\r\n \"operator\": \"GreaterThan\",\r\n \"threshold\": \"[[parameters('threshold')]\",\r\n \"timeAggregation\": \"Average\",\r\n \"criterionType\": \"StaticThresholdCriterion\"\r\n }\r\n ],\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\"\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"parameters\": {\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"value\": \"[[field('name')]\"\r\n },\r\n \"resourceId\": {\r\n \"value\": \"[[field('id')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", @@ -193,7 +193,7 @@ "$fxv#77": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_ERP_ExpressRouteBitsOut_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy ER Direct ExpressRoute Bits Out Alert\",\r\n \"description\": \"Policy to audit/deploy ER Direct Connection BitsOutPerSecond Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.0.1\",\r\n \"Category\": \"Networking\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\"0\", \"1\", \"2\", \"3\", \"4\"],\r\n \"defaultValue\": \"0\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"P1D\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\"PT1M\", \"PT5M\", \"PT15M\", \"PT30M\", \"PT1H\"],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\"true\", \"false\"],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\"true\", \"false\"],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\"deployIfNotExists\", \"disabled\"],\r\n \"defaultValue\": \"disabled\"\r\n },\r\n \"MonitorDisable\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Tag name to disable monitoring resource. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/expressRoutePorts\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisable'), ']')]\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace\",\r\n \"equals\": \"Microsoft.Network/expressRoutePorts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName\",\r\n \"equals\": \"PortBitsOutPerSecond\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricalerts/scopes[*]\",\r\n \"equals\": \"[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/expressRoutePorts/', field('fullName'))]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceName\",\r\n \"description\": \"Name of the resource\"\r\n }\r\n },\r\n \"resourceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceId\",\r\n \"description\": \"Resource ID of the resource emitting the metric that will be used for the comparison\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"name\": \"[[concat(parameters('resourceName'), '-DirectERBitsOutAlert')]\",\r\n \"location\": \"global\",\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"description\": \"Metric Alert for ER Direct Connection BitsOutPerSecond\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\"[[parameters('resourceId')]\"],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"name\": \"PortBitsOutPerSecond\",\r\n \"metricNamespace\": \"Microsoft.Network/expressRoutePorts\",\r\n \"metricName\": \"PortBitsOutPerSecond\",\r\n \"operator\": \"LessThan\",\r\n \"threshold\": \"[[parameters('threshold')]\",\r\n \"timeAggregation\": \"Average\",\r\n \"criterionType\": \"StaticThresholdCriterion\"\r\n }\r\n ],\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\"\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"parameters\": {\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"value\": \"[[field('name')]\"\r\n },\r\n \"resourceId\": {\r\n \"value\": \"[[field('id')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", "$fxv#78": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_ERP_ExpressRoutLineProtocol_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy ER Direct ExpressRoute LineProtocol Alert\",\r\n \"description\": \"Policy to audit/deploy ER Direct LineProtocol Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.0.1\",\r\n \"Category\": \"Networking\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\"0\", \"1\", \"2\", \"3\", \"4\"],\r\n \"defaultValue\": \"0\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"P1D\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\"PT1M\", \"PT5M\", \"PT15M\", \"PT30M\", \"PT1H\"],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\"true\", \"false\"],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\"true\", \"false\"],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"0.9\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\"deployIfNotExists\", \"disabled\"],\r\n \"defaultValue\": \"disabled\"\r\n },\r\n \"MonitorDisable\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Tag name to disable monitoring resource. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/expressRoutePorts\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisable'), ']')]\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace\",\r\n \"equals\": \"Microsoft.Network/expressRoutePorts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName\",\r\n \"equals\": \"LineProtocol\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricalerts/scopes[*]\",\r\n \"equals\": \"[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/expressRoutePorts/', field('fullName'))]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceName\",\r\n \"description\": \"Name of the resource\"\r\n }\r\n },\r\n \"resourceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceId\",\r\n \"description\": \"Resource ID of the resource emitting the metric that will be used for the comparison\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"name\": \"[[concat(parameters('resourceName'), '-DirectERLineProtocolAlert')]\",\r\n \"location\": \"global\",\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"description\": \"Metric Alert for ER Direct Connection LineProtocolPerSecond\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\"[[parameters('resourceId')]\"],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"name\": \"LineProtocol\",\r\n \"metricNamespace\": \"Microsoft.Network/expressRoutePorts\",\r\n \"metricName\": \"LineProtocol\",\r\n \"operator\": \"LessThan\",\r\n \"threshold\": \"[[parameters('threshold')]\",\r\n \"timeAggregation\": \"Average\",\r\n \"criterionType\": \"StaticThresholdCriterion\"\r\n }\r\n ],\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\"\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"parameters\": {\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"value\": \"[[field('name')]\"\r\n },\r\n \"resourceId\": {\r\n \"value\": \"[[field('id')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", "$fxv#79": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_ERP_ExpressRoutRxLightLevell_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy ER Direct ExpressRoute RxLightLevel High Alert\",\r\n \"description\": \"Policy to audit/deploy ER Direct RxLightLevel High Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.0.1\",\r\n \"Category\": \"Networking\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\"0\", \"1\", \"2\", \"3\", \"4\"],\r\n \"defaultValue\": \"1\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"P1D\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\"PT1M\", \"PT5M\", \"PT15M\", \"PT30M\", \"PT1H\"],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\"true\", \"false\"],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\"true\", \"false\"],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\"deployIfNotExists\", \"disabled\"],\r\n \"defaultValue\": \"disabled\"\r\n },\r\n \"MonitorDisable\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Tag name to disable monitoring resource. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/expressRoutePorts\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisable'), ']')]\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace\",\r\n \"equals\": \"Microsoft.Network/expressRoutePorts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName\",\r\n \"equals\": \"RxLightLevel\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator\",\r\n \"equals\": \"GreaterThan\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricalerts/scopes[*]\",\r\n \"equals\": \"[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/expressRoutePorts/', field('fullName'))]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceName\",\r\n \"description\": \"Name of the resource\"\r\n }\r\n },\r\n \"resourceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceId\",\r\n \"description\": \"Resource ID of the resource emitting the metric that will be used for the comparison\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"name\": \"[[concat(parameters('resourceName'), '-DirectERRxLightLevelHighAlert')]\",\r\n \"location\": \"global\",\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"description\": \"Metric Alert for ER Direct Connection RxLightLevelHigh\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\"[[parameters('resourceId')]\"],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"name\": \"RxLightLevel\",\r\n \"metricNamespace\": \"Microsoft.Network/expressRoutePorts\",\r\n \"metricName\": \"RxLightLevel\",\r\n \"operator\": \"GreaterThan\",\r\n \"threshold\": \"[[parameters('threshold')]\",\r\n \"timeAggregation\": \"Average\",\r\n \"criterionType\": \"StaticThresholdCriterion\"\r\n }\r\n ],\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\"\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"parameters\": {\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"value\": \"[[field('name')]\"\r\n },\r\n \"resourceId\": {\r\n \"value\": \"[[field('id')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", - "$fxv#8": "{\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"name\": \"Deploy_activitylog_ServiceHealth_HealthAdvisory\",\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"Deploy Service Health Advisory Alert\",\n \"description\": \"Policy to Deploy Service Health Advisory Alert\",\n \"metadata\": {\n \"version\": \"1.1.1\",\n \"category\": \"Monitoring\",\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\"\n ],\n \"_deployed_by_amba\": \"True\"\n },\n \"parameters\": {\n \"enabled\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Alert State\",\n \"description\": \"Alert state for the alert\"\n },\n \"allowedValues\": [\n \"true\",\n \"false\"\n ],\n \"defaultValue\": \"true\"\n },\n \"alertResourceGroupName\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Resource Group Name\",\n \"description\": \"Resource group the alert is placed in\"\n },\n \"defaultValue\": \"rg-amba-monitoring-001\"\n },\n \"alertResourceGroupTags\": {\n \"type\": \"Object\",\n \"metadata\": {\n \"displayName\": \"Resource Group Tags\",\n \"description\": \"Tags on the Resource group the alert is placed in\"\n },\n \"defaultValue\": {\n \"_deployed_by_amba\": true\n }\n },\n \"alertResourceGroupLocation\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Resource Group Location\",\n \"description\": \"Location of the Resource group the alert is placed in\"\n },\n \"defaultValue\": \"centralus\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Action Group Email\",\n \"description\": \"Email address to send alerts to\"\n },\n \"defaultValue\": \"action@mail.com\"\n },\n \"effect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Effect of the policy\"\n },\n \"allowedValues\": [\n \"deployIfNotExists\",\n \"disabled\"\n ],\n \"defaultValue\": \"disabled\"\n },\n \"MonitorDisable\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Tag name to disable monitoring Subscription level alerts. Set to true if monitoring should be disabled\"\n },\n \"defaultValue\": \"MonitorDisable\"\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Resources/subscriptions\"\n },\n {\n \"field\": \"[[concat('tags[', parameters('MonitorDisable'), ']')]\",\n \"notEquals\": \"true\"\n }\n ]\n },\n \"then\": {\n \"effect\": \"deployIfNotExists\",\n \"details\": {\n \"roleDefinitionIds\": [\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\n ],\n \"type\": \"Microsoft.Insights/activityLogAlerts\",\n \"existenceScope\": \"resourcegroup\",\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\n \"deploymentScope\": \"subscription\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/enabled\",\n \"equals\": \"[[parameters('enabled')]\"\n },\n {\n \"count\": {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*]\",\n \"where\": {\n \"anyOf\": [\n {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field\",\n \"equals\": \"category\"\n },\n {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals\",\n \"equals\": \"ServiceHealth\"\n }\n ]\n },\n {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field\",\n \"equals\": \"properties.incidentType\"\n },\n {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals\",\n \"equals\": \"ActionRequired\"\n }\n ]\n }\n ]\n }\n },\n \"equals\": 2\n }\n ]\n },\n \"deployment\": {\n \"location\": \"northeurope\",\n \"properties\": {\n \"mode\": \"incremental\",\n \"template\": {\n \"$schema\": \"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"alertResourceGroupName\": {\n \"type\": \"string\"\n },\n \"alertResourceGroupTags\": {\n \"type\": \"object\"\n },\n \"alertResourceGroupLocation\": {\n \"type\": \"string\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"type\": \"string\"\n },\n \"enabled\": {\n \"type\": \"string\"\n }\n },\n \"variables\": {\n \"varALZMonitorActionGroupEmail\": \"[[array(split(parameters('ALZMonitorActionGroupEmail'),','))]\"\n },\n \"resources\": [\n {\n \"type\": \"Microsoft.Resources/resourceGroups\",\n \"apiVersion\": \"2021-04-01\",\n \"name\": \"[[parameters('alertResourceGroupName')]\",\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\n },\n {\n \"type\": \"Microsoft.Resources/deployments\",\n \"apiVersion\": \"2019-10-01\",\n \"name\": \"ALZ-SvcHealth-Health\",\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\n \"dependsOn\": [\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\n ],\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"enabled\": {\n \"type\": \"string\"\n },\n \"alertResourceGroupName\": {\n \"type\": \"string\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"type\": \"string\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"microsoft.insights/activityLogAlerts\",\n \"apiVersion\": \"2020-10-01\",\n \"location\": \"Global\",\n \"dependsOn\": [\n \"[[concat(subscription().Id, '/resourceGroups/', parameters('alertResourceGroupName'), '/providers/Microsoft.Insights/actionGroups/AmbaActionGr')]\"\n ],\n \"tags\": {\n \"_deployed_by_amba\": true\n },\n \"name\": \"ServiceHealthAdvisoryEvent\",\n \"properties\": {\n \"actions\": {\n \"actionGroups\": [\n {\n \"actionGroupId\": \"[[concat(subscription().Id, '/resourceGroups/', parameters('alertResourceGroupName'), '/providers/Microsoft.Insights/actionGroups/AmbaActionGr')]\"\n }\n ]\n },\n \"description\": \"Service Health Advisory Alert\",\n \"enabled\": \"[[parameters('enabled')]\",\n \"scopes\": [\n \"[[subscription().id]\"\n ],\n \"condition\": {\n \"allOf\": [\n {\n \"field\": \"category\",\n \"equals\": \"ServiceHealth\"\n },\n {\n \"field\": \"properties.incidentType\",\n \"equals\": \"ActionRequired\"\n }\n ]\n },\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('enabled')]\"\n }\n }\n }\n },\n {\n \"type\": \"Microsoft.Insights/actionGroups\",\n \"apiVersion\": \"2022-06-01\",\n \"name\": \"AmbaActionGr\",\n \"location\": \"Global\",\n \"tags\": {\n \"_deployed_by_amba\": true\n },\n \"properties\": {\n \"groupShortName\": \"AmbaActionGr\",\n \"enabled\": true,\n \"copy\": [\n {\n \"name\": \"emailReceivers\",\n \"count\": \"[[length(variables('varALZMonitorActionGroupEmail'))]\",\n \"mode\": \"serial\",\n \"input\": {\n \"name\": \"[[concat('AlzMail-', indexOf(variables('varALZMonitorActionGroupEmail'), variables('varALZMonitorActionGroupEmail')[copyIndex('emailReceivers')]))]\",\n \"emailAddress\": \"[[trim(variables('varALZMonitorActionGroupEmail')[copyIndex('emailReceivers')])]\",\n \"useCommonSchema\": true\n }\n }\n ]\n }\n }\n ]\n },\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('enabled')]\"\n },\n \"alertResourceGroupName\": {\n \"value\": \"[[parameters('alertResourceGroupName')]\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"value\": \"[[parameters('ALZMonitorActionGroupEmail')]\"\n }\n }\n }\n }\n ]\n },\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('enabled')]\"\n },\n \"alertResourceGroupName\": {\n \"value\": \"[[parameters('alertResourceGroupName')]\"\n },\n \"alertResourceGroupTags\": {\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\n },\n \"alertResourceGroupLocation\": {\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"value\": \"[[parameters('ALZMonitorActionGroupEmail')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n}\n", + "$fxv#8": "{\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"name\": \"Deploy_activitylog_ServiceHealth_HealthAdvisory\",\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"Deploy Service Health Advisory Alert\",\n \"description\": \"Policy to Deploy Service Health Advisory Alert\",\n \"metadata\": {\n \"version\": \"1.1.1\",\n \"category\": \"Monitoring\",\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\"\n ],\n \"_deployed_by_amba\": \"True\"\n },\n \"parameters\": {\n \"enabled\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Alert State\",\n \"description\": \"Alert state for the alert\"\n },\n \"allowedValues\": [\n \"true\",\n \"false\"\n ],\n \"defaultValue\": \"true\"\n },\n \"alertResourceGroupName\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Resource Group Name\",\n \"description\": \"Resource group the alert is placed in\"\n },\n \"defaultValue\": \"rg-amba-monitoring-001\"\n },\n \"alertResourceGroupTags\": {\n \"type\": \"Object\",\n \"metadata\": {\n \"displayName\": \"Resource Group Tags\",\n \"description\": \"Tags on the Resource group the alert is placed in\"\n },\n \"defaultValue\": {\n \"_deployed_by_amba\": true\n }\n },\n \"alertResourceGroupLocation\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Resource Group Location\",\n \"description\": \"Location of the Resource group the alert is placed in\"\n },\n \"defaultValue\": \"centralus\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Action Group Email\",\n \"description\": \"Email address to send alerts to\"\n },\n \"defaultValue\": \"action@mail.com\"\n },\n \"effect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Effect of the policy\"\n },\n \"allowedValues\": [\n \"deployIfNotExists\",\n \"disabled\"\n ],\n \"defaultValue\": \"disabled\"\n },\n \"MonitorDisable\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Tag name to disable monitoring Subscription level alerts. Set to true if monitoring should be disabled\"\n },\n \"defaultValue\": \"MonitorDisable\"\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Resources/subscriptions\"\n },\n {\n \"field\": \"[[concat('tags[', parameters('MonitorDisable'), ']')]\",\n \"notEquals\": \"true\"\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\",\n \"details\": {\n \"roleDefinitionIds\": [\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\n ],\n \"type\": \"Microsoft.Insights/activityLogAlerts\",\n \"existenceScope\": \"resourcegroup\",\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\n \"deploymentScope\": \"subscription\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/enabled\",\n \"equals\": \"[[parameters('enabled')]\"\n },\n {\n \"count\": {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*]\",\n \"where\": {\n \"anyOf\": [\n {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field\",\n \"equals\": \"category\"\n },\n {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals\",\n \"equals\": \"ServiceHealth\"\n }\n ]\n },\n {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field\",\n \"equals\": \"properties.incidentType\"\n },\n {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals\",\n \"equals\": \"ActionRequired\"\n }\n ]\n }\n ]\n }\n },\n \"equals\": 2\n }\n ]\n },\n \"deployment\": {\n \"location\": \"northeurope\",\n \"properties\": {\n \"mode\": \"incremental\",\n \"template\": {\n \"$schema\": \"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"alertResourceGroupName\": {\n \"type\": \"string\"\n },\n \"alertResourceGroupTags\": {\n \"type\": \"object\"\n },\n \"alertResourceGroupLocation\": {\n \"type\": \"string\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"type\": \"string\"\n },\n \"enabled\": {\n \"type\": \"string\"\n }\n },\n \"variables\": {\n \"varALZMonitorActionGroupEmail\": \"[[array(split(parameters('ALZMonitorActionGroupEmail'),','))]\"\n },\n \"resources\": [\n {\n \"type\": \"Microsoft.Resources/resourceGroups\",\n \"apiVersion\": \"2021-04-01\",\n \"name\": \"[[parameters('alertResourceGroupName')]\",\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\n },\n {\n \"type\": \"Microsoft.Resources/deployments\",\n \"apiVersion\": \"2019-10-01\",\n \"name\": \"ALZ-SvcHealth-Health\",\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\n \"dependsOn\": [\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\n ],\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"enabled\": {\n \"type\": \"string\"\n },\n \"alertResourceGroupName\": {\n \"type\": \"string\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"type\": \"string\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"microsoft.insights/activityLogAlerts\",\n \"apiVersion\": \"2020-10-01\",\n \"location\": \"Global\",\n \"dependsOn\": [\n \"[[concat(subscription().Id, '/resourceGroups/', parameters('alertResourceGroupName'), '/providers/Microsoft.Insights/actionGroups/AmbaActionGr')]\"\n ],\n \"tags\": {\n \"_deployed_by_amba\": true\n },\n \"name\": \"ServiceHealthAdvisoryEvent\",\n \"properties\": {\n \"actions\": {\n \"actionGroups\": [\n {\n \"actionGroupId\": \"[[concat(subscription().Id, '/resourceGroups/', parameters('alertResourceGroupName'), '/providers/Microsoft.Insights/actionGroups/AmbaActionGr')]\"\n }\n ]\n },\n \"description\": \"Service Health Advisory Alert\",\n \"enabled\": \"[[parameters('enabled')]\",\n \"scopes\": [\n \"[[subscription().id]\"\n ],\n \"condition\": {\n \"allOf\": [\n {\n \"field\": \"category\",\n \"equals\": \"ServiceHealth\"\n },\n {\n \"field\": \"properties.incidentType\",\n \"equals\": \"ActionRequired\"\n }\n ]\n },\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('enabled')]\"\n }\n }\n }\n },\n {\n \"type\": \"Microsoft.Insights/actionGroups\",\n \"apiVersion\": \"2022-06-01\",\n \"name\": \"AmbaActionGr\",\n \"location\": \"Global\",\n \"tags\": {\n \"_deployed_by_amba\": true\n },\n \"properties\": {\n \"groupShortName\": \"AmbaActionGr\",\n \"enabled\": true,\n \"copy\": [\n {\n \"name\": \"emailReceivers\",\n \"count\": \"[[length(variables('varALZMonitorActionGroupEmail'))]\",\n \"mode\": \"serial\",\n \"input\": {\n \"name\": \"[[concat('AlzMail-', indexOf(variables('varALZMonitorActionGroupEmail'), variables('varALZMonitorActionGroupEmail')[copyIndex('emailReceivers')]))]\",\n \"emailAddress\": \"[[trim(variables('varALZMonitorActionGroupEmail')[copyIndex('emailReceivers')])]\",\n \"useCommonSchema\": true\n }\n }\n ]\n }\n }\n ]\n },\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('enabled')]\"\n },\n \"alertResourceGroupName\": {\n \"value\": \"[[parameters('alertResourceGroupName')]\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"value\": \"[[parameters('ALZMonitorActionGroupEmail')]\"\n }\n }\n }\n }\n ]\n },\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('enabled')]\"\n },\n \"alertResourceGroupName\": {\n \"value\": \"[[parameters('alertResourceGroupName')]\"\n },\n \"alertResourceGroupTags\": {\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\n },\n \"alertResourceGroupLocation\": {\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"value\": \"[[parameters('ALZMonitorActionGroupEmail')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n}\n", "$fxv#80": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_ERP_ExpressRoutRxLightLevellow_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy ER Direct ExpressRoute RxLightLevel Low Alert\",\r\n \"description\": \"Policy to audit/deploy ER Direct RxLightLevel Low Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.0.1\",\r\n \"Category\": \"Networking\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\"0\", \"1\", \"2\", \"3\", \"4\"],\r\n \"defaultValue\": \"1\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"P1D\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\"PT1M\", \"PT5M\", \"PT15M\", \"PT30M\", \"PT1H\"],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\"true\", \"false\"],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\"true\", \"false\"],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"-10\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\"deployIfNotExists\", \"disabled\"],\r\n \"defaultValue\": \"disabled\"\r\n },\r\n \"MonitorDisable\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Tag name to disable monitoring resource. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/expressRoutePorts\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisable'), ']')]\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace\",\r\n \"equals\": \"Microsoft.Network/expressRoutePorts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName\",\r\n \"equals\": \"RxLightLevel\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator\",\r\n \"equals\": \"LessThan\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricalerts/scopes[*]\",\r\n \"equals\": \"[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/expressRoutePorts/', field('fullName'))]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceName\",\r\n \"description\": \"Name of the resource\"\r\n }\r\n },\r\n \"resourceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceId\",\r\n \"description\": \"Resource ID of the resource emitting the metric that will be used for the comparison\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"name\": \"[[concat(parameters('resourceName'), '-DirectERRxLightLevelLowAlert')]\",\r\n \"location\": \"global\",\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"description\": \"Metric Alert for ER Direct Connection RxLightLevelLow\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\"[[parameters('resourceId')]\"],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"name\": \"RxLightLevel\",\r\n \"metricNamespace\": \"Microsoft.Network/expressRoutePorts\",\r\n \"metricName\": \"RxLightLevel\",\r\n \"operator\": \"LessThan\",\r\n \"threshold\": \"[[parameters('threshold')]\",\r\n \"timeAggregation\": \"Average\",\r\n \"criterionType\": \"StaticThresholdCriterion\"\r\n }\r\n ],\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\"\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"parameters\": {\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"value\": \"[[field('name')]\"\r\n },\r\n \"resourceId\": {\r\n \"value\": \"[[field('id')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", "$fxv#81": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_ERP_ExpressRoutTxLightLevell_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy ER Direct ExpressRoute TxLightLevel High Alert\",\r\n \"description\": \"Policy to audit/deploy ER Direct TxLightLevel High Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.0.1\",\r\n \"Category\": \"Networking\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\"0\", \"1\", \"2\", \"3\", \"4\"],\r\n \"defaultValue\": \"1\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"P1D\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\"PT1M\", \"PT5M\", \"PT15M\", \"PT30M\", \"PT1H\"],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\"true\", \"false\"],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\"true\", \"false\"],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"0\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\"deployIfNotExists\", \"disabled\"],\r\n \"defaultValue\": \"disabled\"\r\n },\r\n \"MonitorDisable\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Tag name to disable monitoring resource. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/expressRoutePorts\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisable'), ']')]\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace\",\r\n \"equals\": \"Microsoft.Network/expressRoutePorts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName\",\r\n \"equals\": \"TxLightLevel\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator\",\r\n \"equals\": \"GreaterThan\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricalerts/scopes[*]\",\r\n \"equals\": \"[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/expressRoutePorts/', field('fullName'))]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceName\",\r\n \"description\": \"Name of the resource\"\r\n }\r\n },\r\n \"resourceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceId\",\r\n \"description\": \"Resource ID of the resource emitting the metric that will be used for the comparison\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"name\": \"[[concat(parameters('resourceName'), '-DirectERTxLightLevelHighAlert')]\",\r\n \"location\": \"global\",\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"description\": \"Metric Alert for ER Direct Connection TxLightLevelHigh\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\"[[parameters('resourceId')]\"],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"name\": \"TxLightLevel\",\r\n \"metricNamespace\": \"Microsoft.Network/expressRoutePorts\",\r\n \"metricName\": \"TxLightLevel\",\r\n \"operator\": \"GreaterThan\",\r\n \"threshold\": \"[[parameters('threshold')]\",\r\n \"timeAggregation\": \"Average\",\r\n \"criterionType\": \"StaticThresholdCriterion\"\r\n }\r\n ],\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\"\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"parameters\": {\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"value\": \"[[field('name')]\"\r\n },\r\n \"resourceId\": {\r\n \"value\": \"[[field('id')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", "$fxv#82": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_ERP_ExpressRoutTxLightLevellow_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy ER Direct ExpressRoute TxLightLevel Low Alert\",\r\n \"description\": \"Policy to audit/deploy ER Direct TxLightLevel Low Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.0.1\",\r\n \"Category\": \"Networking\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\"0\", \"1\", \"2\", \"3\", \"4\"],\r\n \"defaultValue\": \"1\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"P1D\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\"PT1M\", \"PT5M\", \"PT15M\", \"PT30M\", \"PT1H\"],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\"true\", \"false\"],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\"true\", \"false\"],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"-10\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\"deployIfNotExists\", \"disabled\"],\r\n \"defaultValue\": \"disabled\"\r\n },\r\n \"MonitorDisable\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Tag name to disable monitoring resource. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/expressRoutePorts\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisable'), ']')]\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace\",\r\n \"equals\": \"Microsoft.Network/expressRoutePorts\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName\",\r\n \"equals\": \"TxLightLevel\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].StaticThresholdCriterion.operator\",\r\n \"equals\": \"LessThan\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricalerts/scopes[*]\",\r\n \"equals\": \"[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/expressRoutePorts/', field('fullName'))]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceName\",\r\n \"description\": \"Name of the resource\"\r\n }\r\n },\r\n \"resourceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceId\",\r\n \"description\": \"Resource ID of the resource emitting the metric that will be used for the comparison\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"name\": \"[[concat(parameters('resourceName'), '-DirectERTxLightLevelLowAlert')]\",\r\n \"location\": \"global\",\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"description\": \"Metric Alert for ER Direct Connection TxLightLevelLow\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\"[[parameters('resourceId')]\"],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"name\": \"TxLightLevel\",\r\n \"metricNamespace\": \"Microsoft.Network/expressRoutePorts\",\r\n \"metricName\": \"TxLightLevel\",\r\n \"operator\": \"LessThan\",\r\n \"threshold\": \"[[parameters('threshold')]\",\r\n \"timeAggregation\": \"Average\",\r\n \"criterionType\": \"StaticThresholdCriterion\"\r\n }\r\n ],\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\"\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"parameters\": {\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"value\": \"[[field('name')]\"\r\n },\r\n \"resourceId\": {\r\n \"value\": \"[[field('id')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", @@ -9271,7 +9271,7 @@ "policyDefinitionGroups": null } }, - "$fxv#9": "{\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"name\": \"Deploy_activitylog_ServiceHealth_Incident\",\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"Deploy Service Health Incident Alert\",\n \"description\": \"Policy to Deploy Service Health Incident Alert\",\n \"metadata\": {\n \"version\": \"1.1.2\",\n \"category\": \"Monitoring\",\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\"\n ],\n \"_deployed_by_amba\": \"True\"\n },\n \"parameters\": {\n \"enabled\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Alert State\",\n \"description\": \"Alert state for the alert\"\n },\n \"allowedValues\": [\n \"true\",\n \"false\"\n ],\n \"defaultValue\": \"true\"\n },\n \"alertResourceGroupName\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Resource Group Name\",\n \"description\": \"Resource group the alert is placed in\"\n },\n \"defaultValue\": \"rg-amba-monitoring-001\"\n },\n \"alertResourceGroupTags\": {\n \"type\": \"Object\",\n \"metadata\": {\n \"displayName\": \"Resource Group Tags\",\n \"description\": \"Tags on the Resource group the alert is placed in\"\n },\n \"defaultValue\": {\n \"_deployed_by_amba\": true\n }\n },\n \"alertResourceGroupLocation\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Resource Group Location\",\n \"description\": \"Location of the Resource group the alert is placed in\"\n },\n \"defaultValue\": \"centralus\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Action Group Email\",\n \"description\": \"Email address to send alerts to\"\n },\n \"defaultValue\": \"action@mail.com\"\n },\n \"effect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Effect of the policy\"\n },\n \"allowedValues\": [\n \"deployIfNotExists\",\n \"disabled\"\n ],\n \"defaultValue\": \"disabled\"\n },\n \"MonitorDisable\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Tag name to disable monitoring Subscription level alerts. Set to true if monitoring should be disabled\"\n },\n \"defaultValue\": \"MonitorDisable\"\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Resources/subscriptions\"\n },\n {\n \"field\": \"[[concat('tags[', parameters('MonitorDisable'), ']')]\",\n \"notEquals\": \"true\"\n }\n ]\n },\n \"then\": {\n \"effect\": \"deployIfNotExists\",\n \"details\": {\n \"roleDefinitionIds\": [\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\n ],\n \"type\": \"Microsoft.Insights/activityLogAlerts\",\n \"existenceScope\": \"resourcegroup\",\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\n \"deploymentScope\": \"subscription\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/enabled\",\n \"equals\": \"[[parameters('enabled')]\"\n },\n {\n \"count\": {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*]\",\n \"where\": {\n \"anyOf\": [\n {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field\",\n \"equals\": \"category\"\n },\n {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals\",\n \"equals\": \"ServiceHealth\"\n }\n ]\n },\n {\n \"allOf\": [\n {\n \"field\": \"microsoft.insights/activityLogAlerts/condition.allOf[*].field\",\n \"equals\": \"properties.incidentType\"\n },\n {\n \"field\": \"microsoft.insights/activityLogAlerts/condition.allOf[*].equals\",\n \"equals\": \"Incident\"\n }\n ]\n }\n ]\n }\n },\n \"equals\": 2\n }\n ]\n },\n \"deployment\": {\n \"location\": \"northeurope\",\n \"properties\": {\n \"mode\": \"incremental\",\n \"template\": {\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"alertResourceGroupName\": {\n \"type\": \"string\"\n },\n \"alertResourceGroupTags\": {\n \"type\": \"object\"\n },\n \"alertResourceGroupLocation\": {\n \"type\": \"string\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"type\": \"string\"\n },\n \"enabled\": {\n \"type\": \"string\"\n }\n },\n \"variables\": {\n \"varALZMonitorActionGroupEmail\": \"[[array(split(parameters('ALZMonitorActionGroupEmail'),','))]\"\n },\n \"resources\": [\n {\n \"type\": \"Microsoft.Resources/resourceGroups\",\n \"apiVersion\": \"2021-04-01\",\n \"name\": \"[[parameters('alertResourceGroupName')]\",\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\n },\n {\n \"type\": \"Microsoft.Resources/deployments\",\n \"apiVersion\": \"2019-10-01\",\n \"name\": \"ServiceHealthIncident\",\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\n \"dependsOn\": [\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\n ],\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"enabled\": {\n \"type\": \"string\"\n },\n \"alertResourceGroupName\": {\n \"type\": \"string\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"type\": \"string\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"microsoft.insights/activityLogAlerts\",\n \"apiVersion\": \"2020-10-01\",\n \"name\": \"ServiceHealthIncident\",\n \"location\": \"global\",\n \"dependsOn\": [\n \"[[concat(subscription().Id, '/resourceGroups/', parameters('alertResourceGroupName'), '/providers/Microsoft.Insights/actionGroups/AmbaActionGr')]\"\n ],\n \"tags\": {\n \"_deployed_by_amba\": true\n },\n \"properties\": {\n \"actions\": {\n \"actionGroups\": [\n {\n \"actionGroupId\": \"[[concat(subscription().Id, '/resourceGroups/', parameters('alertResourceGroupName'), '/providers/Microsoft.Insights/actionGroups/AmbaActionGr')]\"\n }\n ]\n },\n \"description\": \"ServiceHealthIncidentAlert\",\n \"enabled\": \"[[parameters('enabled')]\",\n \"scopes\": [\n \"[[subscription().id]\"\n ],\n \"condition\": {\n \"allOf\": [\n {\n \"field\": \"category\",\n \"equals\": \"ServiceHealth\"\n },\n {\n \"field\": \"properties.incidentType\",\n \"equals\": \"Incident\"\n }\n ]\n },\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('enabled')]\"\n }\n }\n }\n },\n {\n \"type\": \"Microsoft.Insights/actionGroups\",\n \"apiVersion\": \"2022-06-01\",\n \"name\": \"AmbaActionGr\",\n \"location\": \"global\",\n \"tags\": {\n \"_deployed_by_amba\": true\n },\n \"properties\": {\n \"groupShortName\": \"AmbaActionGr\",\n \"enabled\": true,\n \"copy\": [\n {\n \"name\": \"emailReceivers\",\n \"count\": \"[[length(variables('varALZMonitorActionGroupEmail'))]\",\n \"mode\": \"serial\",\n \"input\": {\n \"name\": \"[[concat('AlzMail-', indexOf(variables('varALZMonitorActionGroupEmail'), variables('varALZMonitorActionGroupEmail')[copyIndex('emailReceivers')]))]\",\n \"emailAddress\": \"[[trim(variables('varALZMonitorActionGroupEmail')[copyIndex('emailReceivers')])]\",\n \"useCommonSchema\": true\n }\n }\n ]\n }\n }\n ]\n },\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('enabled')]\"\n },\n \"alertResourceGroupName\": {\n \"value\": \"[[parameters('alertResourceGroupName')]\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"value\": \"[[parameters('ALZMonitorActionGroupEmail')]\"\n }\n }\n }\n }\n ]\n },\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('enabled')]\"\n },\n \"alertResourceGroupName\": {\n \"value\": \"[[parameters('alertResourceGroupName')]\"\n },\n \"alertResourceGroupTags\": {\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\n },\n \"alertResourceGroupLocation\": {\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"value\": \"[[parameters('ALZMonitorActionGroupEmail')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n}\n", + "$fxv#9": "{\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"name\": \"Deploy_activitylog_ServiceHealth_Incident\",\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"Deploy Service Health Incident Alert\",\n \"description\": \"Policy to Deploy Service Health Incident Alert\",\n \"metadata\": {\n \"version\": \"1.1.2\",\n \"category\": \"Monitoring\",\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\"\n ],\n \"_deployed_by_amba\": \"True\"\n },\n \"parameters\": {\n \"enabled\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Alert State\",\n \"description\": \"Alert state for the alert\"\n },\n \"allowedValues\": [\n \"true\",\n \"false\"\n ],\n \"defaultValue\": \"true\"\n },\n \"alertResourceGroupName\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Resource Group Name\",\n \"description\": \"Resource group the alert is placed in\"\n },\n \"defaultValue\": \"rg-amba-monitoring-001\"\n },\n \"alertResourceGroupTags\": {\n \"type\": \"Object\",\n \"metadata\": {\n \"displayName\": \"Resource Group Tags\",\n \"description\": \"Tags on the Resource group the alert is placed in\"\n },\n \"defaultValue\": {\n \"_deployed_by_amba\": true\n }\n },\n \"alertResourceGroupLocation\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Resource Group Location\",\n \"description\": \"Location of the Resource group the alert is placed in\"\n },\n \"defaultValue\": \"centralus\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Action Group Email\",\n \"description\": \"Email address to send alerts to\"\n },\n \"defaultValue\": \"action@mail.com\"\n },\n \"effect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Effect of the policy\"\n },\n \"allowedValues\": [\n \"deployIfNotExists\",\n \"disabled\"\n ],\n \"defaultValue\": \"disabled\"\n },\n \"MonitorDisable\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Tag name to disable monitoring Subscription level alerts. Set to true if monitoring should be disabled\"\n },\n \"defaultValue\": \"MonitorDisable\"\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Resources/subscriptions\"\n },\n {\n \"field\": \"[[concat('tags[', parameters('MonitorDisable'), ']')]\",\n \"notEquals\": \"true\"\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\",\n \"details\": {\n \"roleDefinitionIds\": [\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\n ],\n \"type\": \"Microsoft.Insights/activityLogAlerts\",\n \"existenceScope\": \"resourcegroup\",\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\n \"deploymentScope\": \"subscription\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/enabled\",\n \"equals\": \"[[parameters('enabled')]\"\n },\n {\n \"count\": {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*]\",\n \"where\": {\n \"anyOf\": [\n {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field\",\n \"equals\": \"category\"\n },\n {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals\",\n \"equals\": \"ServiceHealth\"\n }\n ]\n },\n {\n \"allOf\": [\n {\n \"field\": \"microsoft.insights/activityLogAlerts/condition.allOf[*].field\",\n \"equals\": \"properties.incidentType\"\n },\n {\n \"field\": \"microsoft.insights/activityLogAlerts/condition.allOf[*].equals\",\n \"equals\": \"Incident\"\n }\n ]\n }\n ]\n }\n },\n \"equals\": 2\n }\n ]\n },\n \"deployment\": {\n \"location\": \"northeurope\",\n \"properties\": {\n \"mode\": \"incremental\",\n \"template\": {\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"alertResourceGroupName\": {\n \"type\": \"string\"\n },\n \"alertResourceGroupTags\": {\n \"type\": \"object\"\n },\n \"alertResourceGroupLocation\": {\n \"type\": \"string\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"type\": \"string\"\n },\n \"enabled\": {\n \"type\": \"string\"\n }\n },\n \"variables\": {\n \"varALZMonitorActionGroupEmail\": \"[[array(split(parameters('ALZMonitorActionGroupEmail'),','))]\"\n },\n \"resources\": [\n {\n \"type\": \"Microsoft.Resources/resourceGroups\",\n \"apiVersion\": \"2021-04-01\",\n \"name\": \"[[parameters('alertResourceGroupName')]\",\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\n },\n {\n \"type\": \"Microsoft.Resources/deployments\",\n \"apiVersion\": \"2019-10-01\",\n \"name\": \"ServiceHealthIncident\",\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\n \"dependsOn\": [\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\n ],\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"enabled\": {\n \"type\": \"string\"\n },\n \"alertResourceGroupName\": {\n \"type\": \"string\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"type\": \"string\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"microsoft.insights/activityLogAlerts\",\n \"apiVersion\": \"2020-10-01\",\n \"name\": \"ServiceHealthIncident\",\n \"location\": \"global\",\n \"dependsOn\": [\n \"[[concat(subscription().Id, '/resourceGroups/', parameters('alertResourceGroupName'), '/providers/Microsoft.Insights/actionGroups/AmbaActionGr')]\"\n ],\n \"tags\": {\n \"_deployed_by_amba\": true\n },\n \"properties\": {\n \"actions\": {\n \"actionGroups\": [\n {\n \"actionGroupId\": \"[[concat(subscription().Id, '/resourceGroups/', parameters('alertResourceGroupName'), '/providers/Microsoft.Insights/actionGroups/AmbaActionGr')]\"\n }\n ]\n },\n \"description\": \"ServiceHealthIncidentAlert\",\n \"enabled\": \"[[parameters('enabled')]\",\n \"scopes\": [\n \"[[subscription().id]\"\n ],\n \"condition\": {\n \"allOf\": [\n {\n \"field\": \"category\",\n \"equals\": \"ServiceHealth\"\n },\n {\n \"field\": \"properties.incidentType\",\n \"equals\": \"Incident\"\n }\n ]\n },\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('enabled')]\"\n }\n }\n }\n },\n {\n \"type\": \"Microsoft.Insights/actionGroups\",\n \"apiVersion\": \"2022-06-01\",\n \"name\": \"AmbaActionGr\",\n \"location\": \"global\",\n \"tags\": {\n \"_deployed_by_amba\": true\n },\n \"properties\": {\n \"groupShortName\": \"AmbaActionGr\",\n \"enabled\": true,\n \"copy\": [\n {\n \"name\": \"emailReceivers\",\n \"count\": \"[[length(variables('varALZMonitorActionGroupEmail'))]\",\n \"mode\": \"serial\",\n \"input\": {\n \"name\": \"[[concat('AlzMail-', indexOf(variables('varALZMonitorActionGroupEmail'), variables('varALZMonitorActionGroupEmail')[copyIndex('emailReceivers')]))]\",\n \"emailAddress\": \"[[trim(variables('varALZMonitorActionGroupEmail')[copyIndex('emailReceivers')])]\",\n \"useCommonSchema\": true\n }\n }\n ]\n }\n }\n ]\n },\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('enabled')]\"\n },\n \"alertResourceGroupName\": {\n \"value\": \"[[parameters('alertResourceGroupName')]\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"value\": \"[[parameters('ALZMonitorActionGroupEmail')]\"\n }\n }\n }\n }\n ]\n },\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('enabled')]\"\n },\n \"alertResourceGroupName\": {\n \"value\": \"[[parameters('alertResourceGroupName')]\"\n },\n \"alertResourceGroupTags\": {\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\n },\n \"alertResourceGroupLocation\": {\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"value\": \"[[parameters('ALZMonitorActionGroupEmail')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n}\n", "$fxv#90": "{\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Alerting-Management\",\r\n \"properties\": {\r\n \"displayName\": \"Deploy Azure Monitor Baseline Alerts for Management\",\r\n \"description\": \"Initiative to deploy AMBA alerts relevant to the ALZ Management management group\",\r\n \"metadata\": {\r\n \"version\": \"1.0.2\",\r\n \"category\": \"Monitoring\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": true\r\n },\r\n \"parameters\": {\r\n \"ALZMonitorResourceGroupName\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"ALZ-Monitoring-RG\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring Resource Group Name\",\r\n \"description\": \"Name of the resource group to deploy the ALZ monitoring resources to\"\r\n }\r\n },\r\n \"ALZMonitorResourceGroupTags\": {\r\n \"type\": \"Object\",\r\n \"defaultValue\": {\r\n \"_deployed_by_alz_monitor\": true\r\n },\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring Resource Group Tags\",\r\n \"description\": \"Tags to apply to the resource group\"\r\n }\r\n },\r\n \"ALZMonitorResourceGroupLocation\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"centralus\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring Resource Group Location\",\r\n \"description\": \"Location of the resource group\"\r\n }\r\n },\r\n \"AATotalJobAlertSeverity\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"2\",\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"AA Total Job Alert Severity\",\r\n \"description\": \"Severity of the alert\"\r\n }\r\n },\r\n \"AATotalJobAlertWindowSize\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT5M\",\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"P1D\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"AA Total Job Alert Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n }\r\n },\r\n \"AATotalJobAlertEvaluationFrequency\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT1M\",\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"AA Total Job Alert Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n }\r\n },\r\n \"AATotalJobAlertPolicyEffect\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"deployIfNotExists\",\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"AA Total Job Alert Policy Effect\",\r\n \"description\": \"Policy effect for the alert\"\r\n }\r\n },\r\n \"AATotalJobAlertAlertState\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"displayName\": \"AA Total Job Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n }\r\n },\r\n \"AATotalJobAlertThreshold\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"20\",\r\n \"metadata\": {\r\n \"displayName\": \"AA Total Job Alert Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n }\r\n },\r\n \"RVBackupHealthMonitorPolicyEffect\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"modify\",\r\n \"allowedValues\": [\r\n \"modify\",\r\n \"audit\",\r\n \"disabled\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"RV Backup Health Monitor Policy Effect\",\r\n \"description\": \"Policy effect for the alert, modify will create the alert if it does not exist and enable it on your Recovery Vaults, audit will only audit if alerting is enabled on Recovery Vaults, disabled will not create the alert on Recovery Vaults\"\r\n }\r\n },\r\n \"StorageAccountAvailabilityAlertSeverity\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"1\",\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Storage Account Availability Alert Severity\",\r\n \"description\": \"Severity of the alert\"\r\n }\r\n },\r\n \"StorageAccountAvailabilityWindowSize\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT5M\",\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"P1D\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Storage Account Availability Alert Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n }\r\n },\r\n \"StorageAccountAvailabilityFrequency\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT5M\",\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Storage Account Availability Alert Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n }\r\n },\r\n \"StorageAccountAvailabilityPolicyEffect\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"deployIfNotExists\",\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Storage Account Availability Alert Policy Effect\",\r\n \"description\": \"Policy effect for the alert, deployIfNotExists will create the alert if it does not exist, disabled will not create the alert\"\r\n }\r\n },\r\n \"StorageAccountAvailabilityAlertState\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"displayName\": \"Storage Account Availability Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n }\r\n },\r\n \"StorageAccountAvailabilityThreshold\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"90\",\r\n \"metadata\": {\r\n \"displayName\": \"Storage Account Availability Alert Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n }\r\n },\r\n \"activityLAWDeleteAlertState\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"displayName\": \"Activity Log Alert Delete Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n }\r\n },\r\n \"activityLAWKeyRegenAlertState\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"displayName\": \"Activity Log Alert Key Regen Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"ALZ_activityLAWDelete\",\r\n \"policyDefinitionId\": \"[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_LAWorkspace_Delete')]\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('activityLAWDeleteAlertState')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('ALZMonitorResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('ALZMonitorResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('ALZMonitorResourceGroupLocation')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ALZ_activityLAWKeyRegen\",\r\n \"policyDefinitionId\": \"[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_LAWorkspace_KeyRegen')]\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('activityLAWKeyRegenAlertState')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('ALZMonitorResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('ALZMonitorResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('ALZMonitorResourceGroupLocation')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ALZ_AATotalJob\",\r\n \"policyDefinitionId\": \"[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_AA_TotalJob_Alert')]\",\r\n \"parameters\": {\r\n \"severity\": {\r\n \"value\": \"[[parameters('AATotalJobAlertSeverity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('AATotalJobAlertWindowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('AATotalJobAlertEvaluationFrequency')]\"\r\n },\r\n \"effect\": {\r\n \"value\": \"[[parameters('AATotalJobAlertPolicyEffect')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('AATotalJobAlertAlertState')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('AATotalJobAlertThreshold')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ALZ_RVBackupHealth\",\r\n \"policyDefinitionId\": \"[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_RecoveryVault_BackupHealthMonitor_Alert')]\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[[parameters('RVBackupHealthMonitorPolicyEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ALZ_StorageAccountAvailability\",\r\n \"policyDefinitionId\": \"[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_StorageAccount_Availability_Alert')]\",\r\n \"parameters\": {\r\n \"severity\": {\r\n \"value\": \"[[parameters('StorageAccountAvailabilityAlertSeverity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('StorageAccountAvailabilityWindowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('StorageAccountAvailabilityFrequency')]\"\r\n },\r\n \"effect\": {\r\n \"value\": \"[[parameters('StorageAccountAvailabilityPolicyEffect')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('StorageAccountAvailabilityAlertState')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('StorageAccountAvailabilityThreshold')]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"policyType\": \"Custom\",\r\n \"policyDefinitionGroups\": null\r\n }\r\n}\r\n", "$fxv#91": "{\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"name\": \"Alerting-ServiceHealth\",\n \"properties\": {\n \"displayName\": \"Deploy Azure Monitor Baseline Alerts for Service Health\",\n \"description\": \"Initiative to deploy AMBA Service Health alerts to Azure services\",\n \"metadata\": {\n \"version\": \"1.1.0\",\n \"category\": \"Monitoring\",\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\"\n ],\n \"_deployed_by_amba\": true\n },\n \"parameters\": {\n \"ALZMonitorResourceGroupName\": {\n \"type\": \"String\",\n \"defaultValue\": \"ALZ-Monitoring-RG\",\n \"metadata\": {\n \"displayName\": \"Resource Group Name\",\n \"description\": \"Name of the resource group to deploy the alerts to\"\n }\n },\n \"ALZMonitorResourceGroupTags\": {\n \"type\": \"Object\",\n \"defaultValue\": {\n \"_deployed_by_alz_monitor\": true\n },\n \"metadata\": {\n \"displayName\": \"Resource Group Tags\",\n \"description\": \"Tags to apply to the resource group\"\n }\n },\n \"ALZMonitorResourceGroupLocation\": {\n \"type\": \"String\",\n \"defaultValue\": \"centralus\",\n \"metadata\": {\n \"displayName\": \"Resource Group Location\",\n \"description\": \"Location of the resource group\"\n }\n },\n \"ResHlthUnhealthyAlertState\": {\n \"type\": \"string\",\n \"defaultValue\": \"true\",\n \"metadata\": {\n \"displayName\": \"Resource Health Unhealthy Alert State\",\n \"description\": \"State of the Resource Health Unhealthy alert\"\n }\n },\n \"SvcHlthAdvisoryAlertState\": {\n \"type\": \"string\",\n \"defaultValue\": \"true\",\n \"metadata\": {\n \"displayName\": \"Service Health Advisory Alert State\",\n \"description\": \"State of the Service Health Advisory alert\"\n }\n },\n \"serviceHealthAdvisoryPolicyEffect\": {\n \"type\": \"string\",\n \"defaultValue\": \"deployIfNotExists\",\n \"allowedValues\": [\n \"deployIfNotExists\",\n \"disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Service Health Advisory Alert Policy Effect\",\n \"description\": \"Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist\"\n }\n },\n \"SvcHlthIncidentAlertState\": {\n \"type\": \"string\",\n \"defaultValue\": \"true\",\n \"metadata\": {\n \"displayName\": \"Service Health Incident Alert State\",\n \"description\": \"State of the Service Health Incident alert\"\n }\n },\n \"serviceHealthIncidentPolicyEffect\": {\n \"type\": \"string\",\n \"defaultValue\": \"deployIfNotExists\",\n \"allowedValues\": [\n \"deployIfNotExists\",\n \"disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Service Health Incident Alert Policy Effect\",\n \"description\": \"Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist\"\n }\n },\n \"SvcHlthMaintenanceAlertState\": {\n \"type\": \"string\",\n \"defaultValue\": \"true\",\n \"metadata\": {\n \"displayName\": \"Service Health Maintenance Alert State\",\n \"description\": \"State of the Service Health Maintenance alert\"\n }\n },\n \"serviceHealthMaintenancePolicyEffect\": {\n \"type\": \"string\",\n \"defaultValue\": \"deployIfNotExists\",\n \"allowedValues\": [\n \"deployIfNotExists\",\n \"disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"VService Health Maintenance Alert Policy Effect\",\n \"description\": \"Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist\"\n }\n },\n \"svcHlthSecAdvisoryAlertState\": {\n \"type\": \"string\",\n \"defaultValue\": \"true\",\n \"metadata\": {\n \"displayName\": \"Service Health Security Advisory Alert State\",\n \"description\": \"State of the Service Health Security Advisory alert\"\n }\n },\n \"serviceHealthSecurityPolicyEffect\": {\n \"type\": \"string\",\n \"defaultValue\": \"deployIfNotExists\",\n \"allowedValues\": [\n \"deployIfNotExists\",\n \"disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Service Health Security Advisory Alert Policy Effect\",\n \"description\": \"Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist\"\n }\n },\n \"ALZMonitorActionGroupEmail\": {\n \"type\": \"string\",\n \"defaultValue\": \"action@mail.com\",\n \"metadata\": {\n \"displayName\": \"Action Group Email\",\n \"description\": \"Email address to send alerts to\"\n }\n },\n \"MonitorDisable\": {\n \"type\": \"string\",\n \"defaultValue\": \"MonitorDisable\",\n \"metadata\": {\n \"displayName\": \"Monitor Disable\",\n \"description\": \"Disable the Monitor\"\n }\n }\n },\n \"policyDefinitions\": [\n {\n \"policyDefinitionReferenceId\": \"ALZ_ResHlthUnhealthy\",\n \"policyDefinitionId\": \"[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_ResourceHealth_Unhealthy_Alert')]\",\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('ResHlthUnhealthyAlertState')]\"\n },\n \"alertResourceGroupName\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupName')]\"\n },\n \"alertResourceGroupTags\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupTags')]\"\n },\n \"alertResourceGroupLocation\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupLocation')]\"\n }\n }\n },\n {\n \"policyDefinitionReferenceId\": \"ALZ_SvcHlthAdvisory\",\n \"policyDefinitionId\": \"[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_ServiceHealth_HealthAdvisory')]\",\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('SvcHlthAdvisoryAlertState')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('serviceHealthAdvisoryPolicyEffect')]\"\n },\n \"alertResourceGroupName\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupName')]\"\n },\n \"alertResourceGroupTags\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupTags')]\"\n },\n \"alertResourceGroupLocation\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupLocation')]\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"value\": \"[[parameters('ALZMonitorActionGroupEmail')]\"\n }\n }\n },\n {\n \"policyDefinitionReferenceId\": \"ALZ_SvcHlthIncident\",\n \"policyDefinitionId\": \"[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_ServiceHealth_Incident')]\",\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('SvcHlthIncidentAlertState')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('serviceHealthIncidentPolicyEffect')]\"\n },\n \"alertResourceGroupName\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupName')]\"\n },\n \"alertResourceGroupTags\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupTags')]\"\n },\n \"alertResourceGroupLocation\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupLocation')]\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"value\": \"[[parameters('ALZMonitorActionGroupEmail')]\"\n }\n }\n },\n {\n \"policyDefinitionReferenceId\": \"ALZ_SvcHlthMaintenance\",\n \"policyDefinitionId\": \"[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_ServiceHealth_Maintenance')]\",\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('SvcHlthMaintenanceAlertState')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('serviceHealthMaintenancePolicyEffect')]\"\n },\n \"alertResourceGroupName\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupName')]\"\n },\n \"alertResourceGroupTags\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupTags')]\"\n },\n \"alertResourceGroupLocation\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupLocation')]\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"value\": \"[[parameters('ALZMonitorActionGroupEmail')]\"\n }\n }\n },\n {\n \"policyDefinitionReferenceId\": \"ALZ_svcHlthSecAdvisory\",\n \"policyDefinitionId\": \"[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_ServiceHealth_SecurityAdvisory')]\",\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('svcHlthSecAdvisoryAlertState')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('serviceHealthSecurityPolicyEffect')]\"\n },\n \"alertResourceGroupName\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupName')]\"\n },\n \"alertResourceGroupTags\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupTags')]\"\n },\n \"alertResourceGroupLocation\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupLocation')]\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"value\": \"[[parameters('ALZMonitorActionGroupEmail')]\"\n }\n }\n },\n {\n \"policyDefinitionReferenceId\": \"ALZ_AlertProcessing_Rule\",\n \"policyDefinitionId\": \"[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_AlertProcessing_Rule')]\",\n \"parameters\": {\n \"ALZMonitorResourceGroupName\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupName')]\"\n },\n \"ALZMonitorResourceGroupTags\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupTags')]\"\n },\n \"ALZMonitorResourceGroupLocation\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupLocation')]\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"value\": \"[[parameters('ALZMonitorActionGroupEmail')]\"\n },\n \"MonitorDisable\": {\n \"value\": \"[[parameters('MonitorDisable')]\"\n }\n }\n }\n ],\n \"policyType\": \"Custom\",\n \"policyDefinitionGroups\": null\n }\n}\n", "cloudEnv": "[environment().name]", diff --git a/services/Resources/subscriptions/Deploy-ActivityLog-ServiceHealth-Health.json b/services/Resources/subscriptions/Deploy-ActivityLog-ServiceHealth-Health.json index 219a9ba1c..979b8782f 100644 --- a/services/Resources/subscriptions/Deploy-ActivityLog-ServiceHealth-Health.json +++ b/services/Resources/subscriptions/Deploy-ActivityLog-ServiceHealth-Health.json @@ -98,7 +98,7 @@ ] }, "then": { - "effect": "deployIfNotExists", + "effect": "[[parameters('effect')]", "details": { "roleDefinitionIds": [ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" diff --git a/services/Resources/subscriptions/Deploy-ActivityLog-ServiceHealth-Incident.json b/services/Resources/subscriptions/Deploy-ActivityLog-ServiceHealth-Incident.json index 48c40b7ee..8e2b4abfb 100644 --- a/services/Resources/subscriptions/Deploy-ActivityLog-ServiceHealth-Incident.json +++ b/services/Resources/subscriptions/Deploy-ActivityLog-ServiceHealth-Incident.json @@ -98,7 +98,7 @@ ] }, "then": { - "effect": "deployIfNotExists", + "effect": "[[parameters('effect')]", "details": { "roleDefinitionIds": [ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" diff --git a/services/Resources/subscriptions/Deploy-ActivityLog-ServiceHealth-Maintenance.json b/services/Resources/subscriptions/Deploy-ActivityLog-ServiceHealth-Maintenance.json index dc69579c5..c52fd6e0c 100644 --- a/services/Resources/subscriptions/Deploy-ActivityLog-ServiceHealth-Maintenance.json +++ b/services/Resources/subscriptions/Deploy-ActivityLog-ServiceHealth-Maintenance.json @@ -98,7 +98,7 @@ ] }, "then": { - "effect": "deployIfNotExists", + "effect": "[[parameters('effect')]", "details": { "roleDefinitionIds": [ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" diff --git a/services/Resources/subscriptions/Deploy-ActivityLog-ServiceHealth-Security.json b/services/Resources/subscriptions/Deploy-ActivityLog-ServiceHealth-Security.json index 49d0da365..e985a5f3b 100644 --- a/services/Resources/subscriptions/Deploy-ActivityLog-ServiceHealth-Security.json +++ b/services/Resources/subscriptions/Deploy-ActivityLog-ServiceHealth-Security.json @@ -98,7 +98,7 @@ ] }, "then": { - "effect": "deployIfNotExists", + "effect": "[[parameters('effect')]", "details": { "roleDefinitionIds": [ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" From de70d0fb0ba294067a5592f464a01f7b9b2b9478 Mon Sep 17 00:00:00 2001 From: Luke Murray <24467442+lukemurraynz@users.noreply.github.com> Date: Wed, 18 Oct 2023 16:18:57 +1300 Subject: [PATCH 03/29] Update alzMetricAlerts.html --- docs/layouts/shortcodes/alzMetricAlerts.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/layouts/shortcodes/alzMetricAlerts.html b/docs/layouts/shortcodes/alzMetricAlerts.html index b5f96e170..5f3e66710 100644 --- a/docs/layouts/shortcodes/alzMetricAlerts.html +++ b/docs/layouts/shortcodes/alzMetricAlerts.html @@ -10,7 +10,7 @@ Frequency Severity Scope - Support for Multiple Resoruces + Support for Multiple Resources Verified References From 3911eae13d621fff2221d167c30f86da5e2dbf37 Mon Sep 17 00:00:00 2001 From: Matthew Bratschun Date: Thu, 19 Oct 2023 15:47:15 -0600 Subject: [PATCH 04/29] update cleanup scripts to use ARG for role assignment query --- patterns/alz/alzArm.param.json | 12 +++++------ .../alz/scripts/Start-ALZMonitorCleanup.ps1 | 20 ++++--------------- patterns/alz/scripts/Start-AMBACleanup.ps1 | 20 ++++--------------- 3 files changed, 14 insertions(+), 38 deletions(-) diff --git a/patterns/alz/alzArm.param.json b/patterns/alz/alzArm.param.json index 1eba86117..f5be3f199 100644 --- a/patterns/alz/alzArm.param.json +++ b/patterns/alz/alzArm.param.json @@ -3,22 +3,22 @@ "contentVersion": "1.0.0.0", "parameters": { "enterpriseScaleCompanyPrefix": { - "value": "contoso" + "value": "NonProd" }, "platformManagementGroup": { - "value": "contoso-platform" + "value": "NonProd" }, "IdentityManagementGroup": { - "value": "contoso-identity" + "value": "NonProd" }, "managementManagementGroup": { - "value": "contoso-management" + "value": "NonProd" }, "connectivityManagementGroup": { - "value": "contoso-connectivity" + "value": "NonProd" }, "LandingZoneManagementGroup": { - "value": "contoso-landingzones" + "value": "NonProd" }, "enableAMBAConnectivity": { "value": "Yes" diff --git a/patterns/alz/scripts/Start-ALZMonitorCleanup.ps1 b/patterns/alz/scripts/Start-ALZMonitorCleanup.ps1 index 4f3abb0e5..78340f266 100644 --- a/patterns/alz/scripts/Start-ALZMonitorCleanup.ps1 +++ b/patterns/alz/scripts/Start-ALZMonitorCleanup.ps1 @@ -124,22 +124,10 @@ $policyDefinitionIds = Search-AzGraphRecursive -Query "policyresources | where t Select-Object -ExpandProperty Id Write-Host "Found '$($policyDefinitionIds.Count)' policy definitions with metadata '_deployed_by_alz_monitor=True' to be deleted." -# get policy assignment role assignments to delete -$policyAssignmentIdentities = $policyAssignments.identity.principalId | Sort-Object | Get-Unique -Write-Host "There are '$($policyAssignmentIdentities.Count)' policy assignment identities to check for role assignments with description '_deployed_by_alz_monitor' to be deleted." - -# get policy assignment role assignments to delete -$roleAssignments = @() -ForEach ($identity in $policyAssignmentIdentities) { - $identityRoleAssignments = Get-AzRoleAssignment -ObjectId $identity - - ForEach ($roleAssignment in $identityRoleAssignments) { - - If ($roleAssignment.Description -like '*_deployed_by_alz_monitor*') { - $roleAssignments += $roleAssignment - } - } -} +# get role assignments to delete +$roleAssignmentIds = Search-AzGraphRecursive -Query "authorizationresources | where type == "microsoft.authorization/roleassignments" and properties.description == '_deployed_by_alz_monitor' | project id" -ManagementGroupNames $managementGroups.Name | +Select-Object -ExpandProperty Id +Write-Host "There are '$($roleAssignmentIds.Count)' role assignment with description '_deployed_by_alz_monitor' to be deleted." If (!$reportOnly.IsPresent) { diff --git a/patterns/alz/scripts/Start-AMBACleanup.ps1 b/patterns/alz/scripts/Start-AMBACleanup.ps1 index 7496b58d5..7283ab527 100644 --- a/patterns/alz/scripts/Start-AMBACleanup.ps1 +++ b/patterns/alz/scripts/Start-AMBACleanup.ps1 @@ -124,22 +124,10 @@ $policyDefinitionIds = Search-AzGraphRecursive -Query "policyresources | where t Select-Object -ExpandProperty Id Write-Host "Found '$($policyDefinitionIds.Count)' policy definitions with metadata '_deployed_by_amba=True' to be deleted." -# get policy assignment role assignments to delete -$policyAssignmentIdentities = $policyAssignments.identity.principalId | Sort-Object | Get-Unique -Write-Host "There are '$($policyAssignmentIdentities.Count)' policy assignment identities to check for role assignments with description '_deployed_by_amba' to be deleted." - -# get policy assignment role assignments to delete -$roleAssignments = @() -ForEach ($identity in $policyAssignmentIdentities) { - $identityRoleAssignments = Get-AzRoleAssignment -ObjectId $identity - - ForEach ($roleAssignment in $identityRoleAssignments) { - - If ($roleAssignment.Description -eq '_deployed_by_amba') { - $roleAssignments += $roleAssignment - } - } -} +# get role assignments to delete +$roleAssignmentIds = Search-AzGraphRecursive -Query "authorizationresources | where type == "microsoft.authorization/roleassignments" and properties.description == '_deployed_by_amba' | project id" -ManagementGroupNames $managementGroups.Name | +Select-Object -ExpandProperty Id +Write-Host "There are '$($roleAssignmentIds.Count)' role assignment with description '_deployed_by_amba' to be deleted." If (!$reportOnly.IsPresent) { From 7dfd180d9a15d4072af3f380ba5c8a9864d7920b Mon Sep 17 00:00:00 2001 From: Matthew Bratschun Date: Thu, 19 Oct 2023 15:50:32 -0600 Subject: [PATCH 05/29] update cleanup scripts to use ARG for role assignment query --- .../alz/scripts/Start-ALZMonitorCleanup.ps1 | 26 +++++++++---------- patterns/alz/scripts/Start-AMBACleanup.ps1 | 2 +- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/patterns/alz/scripts/Start-ALZMonitorCleanup.ps1 b/patterns/alz/scripts/Start-ALZMonitorCleanup.ps1 index 78340f266..55f5ae83b 100644 --- a/patterns/alz/scripts/Start-ALZMonitorCleanup.ps1 +++ b/patterns/alz/scripts/Start-ALZMonitorCleanup.ps1 @@ -1,14 +1,14 @@ <# .SYNOPSIS - This script cleans up the resources deployed by the ALZ-Monitor automation, including alerts, policy assignments, policy definitions, and policy assignment role assignments. + This script cleans up the resources deployed by the ALZ-Monitor automation, including alerts, policy assignments, policy definitions, and policy assignment role assignments. .DESCRIPTION - + .NOTES - In order for this script to function the deployed resources must have a tag _deployed_by_alz_monitor with a value of true and Policy resources must have metadata property + In order for this script to function the deployed resources must have a tag _deployed_by_alz_monitor with a value of true and Policy resources must have metadata property named _deployed_by_alz_monitor with a value of True. These tags and metadata are included in the automation, but if they are subsequently removed, there may be orphaned - resources after this script executes. + resources after this script executes. - The Role Assignments associated with Policy assignment identities and including _deployed_by_alz_monitor in the description field will also be deleted. + The Role Assignments associated with Policy assignment identities and including _deployed_by_alz_monitor in the description field will also be deleted. This script leverages the Azure Resource Graph to find object to delete. Note that the Resource Graph lags behind ARM by a couple minutes. .LINK @@ -51,7 +51,7 @@ Function Search-AzGraphRecursive { For ($i=0;$i -le $managementGroupNames.count;$i=$i+10) { $batchGroups = $managementGroupNames[$i..($i+9)] $managementGroupBatches += ,@($batchGroups) - + If ($batchGroups.count -lt 10) { continue } @@ -100,12 +100,12 @@ If ($managementGroups.count -eq 0) { } # get alert resources to delete -$alertResourceIds = Search-AzGraphRecursive -Query "Resources | where type in~ ('Microsoft.Insights/metricAlerts','Microsoft.Insights/activityLogAlerts', 'Microsoft.Insights/scheduledQueryRules') and tags['_deployed_by_alz_monitor'] =~ 'True' | project id" -ManagementGroupNames $managementGroups.Name | +$alertResourceIds = Search-AzGraphRecursive -Query "Resources | where type in~ ('Microsoft.Insights/metricAlerts','Microsoft.Insights/activityLogAlerts', 'Microsoft.Insights/scheduledQueryRules') and tags['_deployed_by_alz_monitor'] =~ 'True' | project id" -ManagementGroupNames $managementGroups.Name | Select-Object -ExpandProperty Id Write-Host "Found '$($alertResourceIds.Count)' metric activity and log alerts with tag '_deployed_by_alz_monitor=True' to be deleted." # get resource group to delete -$resourceGroupIds = Search-AzGraphRecursive -Query "ResourceContainers | where type =~ 'microsoft.resources/subscriptions/resourcegroups' and tags['_deployed_by_alz_monitor'] =~ 'True' | project id" -ManagementGroupNames $managementGroups.Name | +$resourceGroupIds = Search-AzGraphRecursive -Query "ResourceContainers | where type =~ 'microsoft.resources/subscriptions/resourcegroups' and tags['_deployed_by_alz_monitor'] =~ 'True' | project id" -ManagementGroupNames $managementGroups.Name | Select-Object -ExpandProperty Id Write-Host "Found '$($resourceGroupIds.Count)' resource groups with tag '_deployed_by_alz_monitor=True' to be deleted." @@ -115,24 +115,24 @@ $policyAssignmentIds = $policyAssignments | Select-Object -ExpandProperty Id Write-Host "Found '$($policyAssignmentIds.Count)' policy assignments with metadata '_deployed_by_alz_monitor=True' to be deleted." # get policy set definitions to delete -$policySetDefinitionIds = Search-AzGraphRecursive -Query "policyresources | where type =~ 'microsoft.authorization/policysetdefinitions' | project name,metadata=parse_json(properties.metadata),type,id | where metadata._deployed_by_alz_monitor =~ 'true' | project id" -ManagementGroupNames $managementGroups.Name | +$policySetDefinitionIds = Search-AzGraphRecursive -Query "policyresources | where type =~ 'microsoft.authorization/policysetdefinitions' | project name,metadata=parse_json(properties.metadata),type,id | where metadata._deployed_by_alz_monitor =~ 'true' | project id" -ManagementGroupNames $managementGroups.Name | Select-Object -ExpandProperty Id Write-Host "Found '$($policySetDefinitionIds.Count)' policy set definitions with metadata '_deployed_by_alz_monitor=True' to be deleted." # get policy definitions to delete -$policyDefinitionIds = Search-AzGraphRecursive -Query "policyresources | where type =~ 'microsoft.authorization/policyDefinitions' | project name,metadata=parse_json(properties.metadata),type,id | where metadata._deployed_by_alz_monitor =~ 'true' | project id" -ManagementGroupNames $managementGroups.Name | +$policyDefinitionIds = Search-AzGraphRecursive -Query "policyresources | where type =~ 'microsoft.authorization/policyDefinitions' | project name,metadata=parse_json(properties.metadata),type,id | where metadata._deployed_by_alz_monitor =~ 'true' | project id" -ManagementGroupNames $managementGroups.Name | Select-Object -ExpandProperty Id Write-Host "Found '$($policyDefinitionIds.Count)' policy definitions with metadata '_deployed_by_alz_monitor=True' to be deleted." # get role assignments to delete -$roleAssignmentIds = Search-AzGraphRecursive -Query "authorizationresources | where type == "microsoft.authorization/roleassignments" and properties.description == '_deployed_by_alz_monitor' | project id" -ManagementGroupNames $managementGroups.Name | +$roleAssignmentIds = Search-AzGraphRecursive -Query "authorizationresources | type =~ 'microsoft.authorization/roleassignments' and properties.description == '_deployed_by_alz_monitor' | project id" -ManagementGroupNames $managementGroups.Name | Select-Object -ExpandProperty Id Write-Host "There are '$($roleAssignmentIds.Count)' role assignment with description '_deployed_by_alz_monitor' to be deleted." If (!$reportOnly.IsPresent) { Write-Warning "This script will delete the resources discovered above." - + If (!$force.IsPresent) { While ($prompt -notmatch '[yYnN]') { $prompt = Read-Host -Prompt 'Would you like to proceed with the deletion? (y/n)' @@ -175,4 +175,4 @@ Else { $resourceToBeDeleted = $alertResourceIds + $resourceGroupIds + $policyAssignmentIds + $policySetDefinitionIds + $policyDefinitionIds + $roleAssignments.RoleAssignmentId return $resourceToBeDeleted -} \ No newline at end of file +} diff --git a/patterns/alz/scripts/Start-AMBACleanup.ps1 b/patterns/alz/scripts/Start-AMBACleanup.ps1 index 7283ab527..01d267df4 100644 --- a/patterns/alz/scripts/Start-AMBACleanup.ps1 +++ b/patterns/alz/scripts/Start-AMBACleanup.ps1 @@ -125,7 +125,7 @@ Select-Object -ExpandProperty Id Write-Host "Found '$($policyDefinitionIds.Count)' policy definitions with metadata '_deployed_by_amba=True' to be deleted." # get role assignments to delete -$roleAssignmentIds = Search-AzGraphRecursive -Query "authorizationresources | where type == "microsoft.authorization/roleassignments" and properties.description == '_deployed_by_amba' | project id" -ManagementGroupNames $managementGroups.Name | +$roleAssignmentIds = Search-AzGraphRecursive -Query "authorizationresources | where type =~ 'microsoft.authorization/roleassignments' and properties.description == '_deployed_by_amba' | project id" -ManagementGroupNames $managementGroups.Name | Select-Object -ExpandProperty Id Write-Host "There are '$($roleAssignmentIds.Count)' role assignment with description '_deployed_by_amba' to be deleted." From a21f41e4318545cb71f6f81b835c2f2d1b799fcc Mon Sep 17 00:00:00 2001 From: Matthew Bratschun Date: Thu, 19 Oct 2023 15:51:37 -0600 Subject: [PATCH 06/29] update cleanup scripts to use ARG for role assignment query --- patterns/alz/scripts/Start-ALZMonitorCleanup.ps1 | 2 +- patterns/alz/scripts/Start-AMBACleanup.ps1 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/patterns/alz/scripts/Start-ALZMonitorCleanup.ps1 b/patterns/alz/scripts/Start-ALZMonitorCleanup.ps1 index 55f5ae83b..2db5d9f54 100644 --- a/patterns/alz/scripts/Start-ALZMonitorCleanup.ps1 +++ b/patterns/alz/scripts/Start-ALZMonitorCleanup.ps1 @@ -127,7 +127,7 @@ Write-Host "Found '$($policyDefinitionIds.Count)' policy definitions with metada # get role assignments to delete $roleAssignmentIds = Search-AzGraphRecursive -Query "authorizationresources | type =~ 'microsoft.authorization/roleassignments' and properties.description == '_deployed_by_alz_monitor' | project id" -ManagementGroupNames $managementGroups.Name | Select-Object -ExpandProperty Id -Write-Host "There are '$($roleAssignmentIds.Count)' role assignment with description '_deployed_by_alz_monitor' to be deleted." +Write-Host "Found '$($roleAssignmentIds.Count)' role assignment with description '_deployed_by_alz_monitor' to be deleted." If (!$reportOnly.IsPresent) { diff --git a/patterns/alz/scripts/Start-AMBACleanup.ps1 b/patterns/alz/scripts/Start-AMBACleanup.ps1 index 01d267df4..9ee93e1ab 100644 --- a/patterns/alz/scripts/Start-AMBACleanup.ps1 +++ b/patterns/alz/scripts/Start-AMBACleanup.ps1 @@ -127,7 +127,7 @@ Write-Host "Found '$($policyDefinitionIds.Count)' policy definitions with metada # get role assignments to delete $roleAssignmentIds = Search-AzGraphRecursive -Query "authorizationresources | where type =~ 'microsoft.authorization/roleassignments' and properties.description == '_deployed_by_amba' | project id" -ManagementGroupNames $managementGroups.Name | Select-Object -ExpandProperty Id -Write-Host "There are '$($roleAssignmentIds.Count)' role assignment with description '_deployed_by_amba' to be deleted." +Write-Host "Found '$($roleAssignmentIds.Count)' role assignment with description '_deployed_by_amba' to be deleted." If (!$reportOnly.IsPresent) { From 9fcd5e0cdbd41eb98910a9bb49f4b2643e5901eb Mon Sep 17 00:00:00 2001 From: Matthew Bratschun Date: Thu, 19 Oct 2023 19:42:14 -0600 Subject: [PATCH 07/29] fix duplicate results, role assignments arg - Fixed an issue with duplicate results returned from resource graph (parent scopes including child results) - Fixed ARG query for role assignments, splatting --- .../alz/scripts/Start-ALZMonitorCleanup.ps1 | 25 ++++++++++--------- patterns/alz/scripts/Start-AMBACleanup.ps1 | 23 +++++++++-------- 2 files changed, 25 insertions(+), 23 deletions(-) diff --git a/patterns/alz/scripts/Start-ALZMonitorCleanup.ps1 b/patterns/alz/scripts/Start-ALZMonitorCleanup.ps1 index 2db5d9f54..7f61d8f6e 100644 --- a/patterns/alz/scripts/Start-ALZMonitorCleanup.ps1 +++ b/patterns/alz/scripts/Start-ALZMonitorCleanup.ps1 @@ -101,33 +101,33 @@ If ($managementGroups.count -eq 0) { # get alert resources to delete $alertResourceIds = Search-AzGraphRecursive -Query "Resources | where type in~ ('Microsoft.Insights/metricAlerts','Microsoft.Insights/activityLogAlerts', 'Microsoft.Insights/scheduledQueryRules') and tags['_deployed_by_alz_monitor'] =~ 'True' | project id" -ManagementGroupNames $managementGroups.Name | -Select-Object -ExpandProperty Id -Write-Host "Found '$($alertResourceIds.Count)' metric activity and log alerts with tag '_deployed_by_alz_monitor=True' to be deleted." + Select-Object -ExpandProperty Id | Sort-Object | Get-Unique +Write-Host "Found '$($alertResourceIds.Count)' metric, activity log and log alerts with tag '_deployed_by_alz_monitor=True' to be deleted." # get resource group to delete $resourceGroupIds = Search-AzGraphRecursive -Query "ResourceContainers | where type =~ 'microsoft.resources/subscriptions/resourcegroups' and tags['_deployed_by_alz_monitor'] =~ 'True' | project id" -ManagementGroupNames $managementGroups.Name | -Select-Object -ExpandProperty Id + Select-Object -ExpandProperty Id | Sort-Object | Get-Unique Write-Host "Found '$($resourceGroupIds.Count)' resource groups with tag '_deployed_by_alz_monitor=True' to be deleted." # get policy assignments to delete -$policyAssignments = Search-AzGraphRecursive -Query "policyresources | where type =~ 'microsoft.authorization/policyAssignments' | project name,metadata=parse_json(properties.metadata),type,identity,id | where metadata._deployed_by_alz_monitor =~ 'true'" -ManagementGroupNames $managementGroups.Name -$policyAssignmentIds = $policyAssignments | Select-Object -ExpandProperty Id +$policyAssignmentIds = Search-AzGraphRecursive -Query "policyresources | where type =~ 'microsoft.authorization/policyAssignments' | project name,metadata=parse_json(properties.metadata),type,identity,id | where metadata._deployed_by_alz_monitor =~ 'true'" -ManagementGroupNames $managementGroups.Name | + Select-Object -ExpandProperty Id | Sort-Object | Get-Unique Write-Host "Found '$($policyAssignmentIds.Count)' policy assignments with metadata '_deployed_by_alz_monitor=True' to be deleted." # get policy set definitions to delete $policySetDefinitionIds = Search-AzGraphRecursive -Query "policyresources | where type =~ 'microsoft.authorization/policysetdefinitions' | project name,metadata=parse_json(properties.metadata),type,id | where metadata._deployed_by_alz_monitor =~ 'true' | project id" -ManagementGroupNames $managementGroups.Name | -Select-Object -ExpandProperty Id + Select-Object -ExpandProperty Id | Sort-Object | Get-Unique Write-Host "Found '$($policySetDefinitionIds.Count)' policy set definitions with metadata '_deployed_by_alz_monitor=True' to be deleted." # get policy definitions to delete $policyDefinitionIds = Search-AzGraphRecursive -Query "policyresources | where type =~ 'microsoft.authorization/policyDefinitions' | project name,metadata=parse_json(properties.metadata),type,id | where metadata._deployed_by_alz_monitor =~ 'true' | project id" -ManagementGroupNames $managementGroups.Name | -Select-Object -ExpandProperty Id + Select-Object -ExpandProperty Id | Sort-Object | Get-Unique Write-Host "Found '$($policyDefinitionIds.Count)' policy definitions with metadata '_deployed_by_alz_monitor=True' to be deleted." # get role assignments to delete -$roleAssignmentIds = Search-AzGraphRecursive -Query "authorizationresources | type =~ 'microsoft.authorization/roleassignments' and properties.description == '_deployed_by_alz_monitor' | project id" -ManagementGroupNames $managementGroups.Name | -Select-Object -ExpandProperty Id -Write-Host "Found '$($roleAssignmentIds.Count)' role assignment with description '_deployed_by_alz_monitor' to be deleted." +$roleAssignments = Search-AzGraphRecursive -Query "authorizationresources | where type =~ 'microsoft.authorization/roleassignments' and properties.description == '_deployed_by_alz_monitor' | project roleDefinitionId = properties.roleDefinitionId, objectId = properties.principalId, scope = properties.scope, id" -ManagementGroupNames $managementGroups.Name | + Sort-Object -Property id | Get-Unique -AsString +Write-Host "Found '$($roleAssignments.Count)' role assignment with description '_deployed_by_alz_monitor' to be deleted." If (!$reportOnly.IsPresent) { @@ -168,11 +168,12 @@ If (!$reportOnly.IsPresent) { # delete policy assignment role assignments Write-Host "Deleting role assignments..." - $roleAssignments | ForEach-Object { $_ | Remove-AzRoleAssignment -Confirm:(!$force) | Out-Null } + $roleAssignments | Select-Object -Property objectId,roleDefinitionId,scope | ForEach-Object { Remove-AzRoleAssignment @psItem -Confirm:(!$force) | Out-Null } + Write-Host "Cleanup complete." } Else { - $resourceToBeDeleted = $alertResourceIds + $resourceGroupIds + $policyAssignmentIds + $policySetDefinitionIds + $policyDefinitionIds + $roleAssignments.RoleAssignmentId + $resourceToBeDeleted = $alertResourceIds + $resourceGroupIds + $policyAssignmentIds + $policySetDefinitionIds + $policyDefinitionIds + $roleAssignments.Id return $resourceToBeDeleted } diff --git a/patterns/alz/scripts/Start-AMBACleanup.ps1 b/patterns/alz/scripts/Start-AMBACleanup.ps1 index 9ee93e1ab..009189a18 100644 --- a/patterns/alz/scripts/Start-AMBACleanup.ps1 +++ b/patterns/alz/scripts/Start-AMBACleanup.ps1 @@ -101,33 +101,33 @@ If ($managementGroups.count -eq 0) { # get alert resources to delete $alertResourceIds = Search-AzGraphRecursive -Query "Resources | where type in~ ('Microsoft.Insights/metricAlerts','Microsoft.Insights/activityLogAlerts', 'Microsoft.Insights/scheduledQueryRules') and tags['_deployed_by_amba'] =~ 'True' | project id" -ManagementGroupNames $managementGroups.Name | -Select-Object -ExpandProperty Id + Select-Object -ExpandProperty Id | Sort-Object | Get-Unique Write-Host "Found '$($alertResourceIds.Count)' metric, activity log and log alerts with tag '_deployed_by_amba=True' to be deleted." # get resource group to delete $resourceGroupIds = Search-AzGraphRecursive -Query "ResourceContainers | where type =~ 'microsoft.resources/subscriptions/resourcegroups' and tags['_deployed_by_amba'] =~ 'True' | project id" -ManagementGroupNames $managementGroups.Name | -Select-Object -ExpandProperty Id + Select-Object -ExpandProperty Id | Sort-Object | Get-Unique Write-Host "Found '$($resourceGroupIds.Count)' resource groups with tag '_deployed_by_amba=True' to be deleted." # get policy assignments to delete -$policyAssignments = Search-AzGraphRecursive -Query "policyresources | where type =~ 'microsoft.authorization/policyAssignments' | project name,metadata=parse_json(properties.metadata),type,identity,id | where metadata._deployed_by_amba =~ 'true'" -ManagementGroupNames $managementGroups.Name -$policyAssignmentIds = $policyAssignments | Select-Object -ExpandProperty Id +$policyAssignmentIds = Search-AzGraphRecursive -Query "policyresources | where type =~ 'microsoft.authorization/policyAssignments' | project name,metadata=parse_json(properties.metadata),type,identity,id | where metadata._deployed_by_amba =~ 'true'" -ManagementGroupNames $managementGroups.Name | + Select-Object -ExpandProperty Id | Sort-Object | Get-Unique Write-Host "Found '$($policyAssignmentIds.Count)' policy assignments with metadata '_deployed_by_amba=True' to be deleted." # get policy set definitions to delete $policySetDefinitionIds = Search-AzGraphRecursive -Query "policyresources | where type =~ 'microsoft.authorization/policysetdefinitions' | project name,metadata=parse_json(properties.metadata),type,id | where metadata._deployed_by_amba =~ 'true' | project id" -ManagementGroupNames $managementGroups.Name | -Select-Object -ExpandProperty Id + Select-Object -ExpandProperty Id | Sort-Object | Get-Unique Write-Host "Found '$($policySetDefinitionIds.Count)' policy set definitions with metadata '_deployed_by_amba=True' to be deleted." # get policy definitions to delete $policyDefinitionIds = Search-AzGraphRecursive -Query "policyresources | where type =~ 'microsoft.authorization/policyDefinitions' | project name,metadata=parse_json(properties.metadata),type,id | where metadata._deployed_by_amba =~ 'true' | project id" -ManagementGroupNames $managementGroups.Name | -Select-Object -ExpandProperty Id + Select-Object -ExpandProperty Id | Sort-Object | Get-Unique Write-Host "Found '$($policyDefinitionIds.Count)' policy definitions with metadata '_deployed_by_amba=True' to be deleted." # get role assignments to delete -$roleAssignmentIds = Search-AzGraphRecursive -Query "authorizationresources | where type =~ 'microsoft.authorization/roleassignments' and properties.description == '_deployed_by_amba' | project id" -ManagementGroupNames $managementGroups.Name | -Select-Object -ExpandProperty Id -Write-Host "Found '$($roleAssignmentIds.Count)' role assignment with description '_deployed_by_amba' to be deleted." +$roleAssignments = Search-AzGraphRecursive -Query "authorizationresources | where type =~ 'microsoft.authorization/roleassignments' and properties.description == '_deployed_by_amba' | project roleDefinitionId = properties.roleDefinitionId, objectId = properties.principalId, scope = properties.scope, id" -ManagementGroupNames $managementGroups.Name | + Sort-Object -Property id | Get-Unique -AsString +Write-Host "Found '$($roleAssignments.Count)' role assignment with description '_deployed_by_amba' to be deleted." If (!$reportOnly.IsPresent) { @@ -168,11 +168,12 @@ If (!$reportOnly.IsPresent) { # delete policy assignment role assignments Write-Host "Deleting role assignments..." - $roleAssignments | ForEach-Object { $_ | Remove-AzRoleAssignment -Confirm:(!$force) | Out-Null } + $roleAssignments | Select-Object -Property objectId,roleDefinitionId,scope | ForEach-Object { Remove-AzRoleAssignment @psItem -Confirm:(!$force) | Out-Null } + Write-Host "Cleanup complete." } Else { - $resourceToBeDeleted = $alertResourceIds + $resourceGroupIds + $policyAssignmentIds + $policySetDefinitionIds + $policyDefinitionIds + $roleAssignments.RoleAssignmentId + $resourceToBeDeleted = $alertResourceIds + $resourceGroupIds + $policyAssignmentIds + $policySetDefinitionIds + $policyDefinitionIds + $roleAssignments.Id return $resourceToBeDeleted } From 59a48d92b5ddfff0ee1fee9d293e9320ca53aeb3 Mon Sep 17 00:00:00 2001 From: Matthew Bratschun Date: Thu, 19 Oct 2023 19:46:04 -0600 Subject: [PATCH 08/29] revert param changes --- .vscode/launch.json | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 .vscode/launch.json diff --git a/.vscode/launch.json b/.vscode/launch.json new file mode 100644 index 000000000..3ee855da8 --- /dev/null +++ b/.vscode/launch.json @@ -0,0 +1,19 @@ +{ + // Use IntelliSense to learn about possible attributes. + // Hover to view descriptions of existing attributes. + // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387 + "version": "0.2.0", + "configurations": [ + { + "name": "PowerShell: Interactive Session", + "type": "PowerShell", + "request": "launch" + }, + { + "name": "PowerShell: -reportONly", + "type": "PowerShell", + "request": "launch", + "args": ["-reportOnly"] + } + ] +} From 43328290c6822d9f0724a5d82718bc89eb39d2fc Mon Sep 17 00:00:00 2001 From: Matthew Bratschun Date: Thu, 19 Oct 2023 19:47:04 -0600 Subject: [PATCH 09/29] remove .vscode --- .vscode/launch.json | 19 ------------------- 1 file changed, 19 deletions(-) delete mode 100644 .vscode/launch.json diff --git a/.vscode/launch.json b/.vscode/launch.json deleted file mode 100644 index 3ee855da8..000000000 --- a/.vscode/launch.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - // Use IntelliSense to learn about possible attributes. - // Hover to view descriptions of existing attributes. - // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387 - "version": "0.2.0", - "configurations": [ - { - "name": "PowerShell: Interactive Session", - "type": "PowerShell", - "request": "launch" - }, - { - "name": "PowerShell: -reportONly", - "type": "PowerShell", - "request": "launch", - "args": ["-reportOnly"] - } - ] -} From 382fbf095f3ef6bdbb128b5ab0dbbb9989cace8d Mon Sep 17 00:00:00 2001 From: Matthew Bratschun Date: Thu, 19 Oct 2023 19:47:34 -0600 Subject: [PATCH 10/29] revert param changes --- patterns/alz/alzArm.param.json | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/patterns/alz/alzArm.param.json b/patterns/alz/alzArm.param.json index f5be3f199..1eba86117 100644 --- a/patterns/alz/alzArm.param.json +++ b/patterns/alz/alzArm.param.json @@ -3,22 +3,22 @@ "contentVersion": "1.0.0.0", "parameters": { "enterpriseScaleCompanyPrefix": { - "value": "NonProd" + "value": "contoso" }, "platformManagementGroup": { - "value": "NonProd" + "value": "contoso-platform" }, "IdentityManagementGroup": { - "value": "NonProd" + "value": "contoso-identity" }, "managementManagementGroup": { - "value": "NonProd" + "value": "contoso-management" }, "connectivityManagementGroup": { - "value": "NonProd" + "value": "contoso-connectivity" }, "LandingZoneManagementGroup": { - "value": "NonProd" + "value": "contoso-landingzones" }, "enableAMBAConnectivity": { "value": "Yes" From b1ac65053e152169c48532aa0140461db3c3e529 Mon Sep 17 00:00:00 2001 From: Matthew Bratschun Date: Fri, 20 Oct 2023 16:38:37 -0600 Subject: [PATCH 11/29] move commands to single lines --- patterns/alz/alzArm.param.json | 12 +++++----- .../alz/scripts/Start-ALZMonitorCleanup.ps1 | 24 +++++++++---------- patterns/alz/scripts/Start-AMBACleanup.ps1 | 24 +++++++++---------- 3 files changed, 30 insertions(+), 30 deletions(-) diff --git a/patterns/alz/alzArm.param.json b/patterns/alz/alzArm.param.json index 1eba86117..f5be3f199 100644 --- a/patterns/alz/alzArm.param.json +++ b/patterns/alz/alzArm.param.json @@ -3,22 +3,22 @@ "contentVersion": "1.0.0.0", "parameters": { "enterpriseScaleCompanyPrefix": { - "value": "contoso" + "value": "NonProd" }, "platformManagementGroup": { - "value": "contoso-platform" + "value": "NonProd" }, "IdentityManagementGroup": { - "value": "contoso-identity" + "value": "NonProd" }, "managementManagementGroup": { - "value": "contoso-management" + "value": "NonProd" }, "connectivityManagementGroup": { - "value": "contoso-connectivity" + "value": "NonProd" }, "LandingZoneManagementGroup": { - "value": "contoso-landingzones" + "value": "NonProd" }, "enableAMBAConnectivity": { "value": "Yes" diff --git a/patterns/alz/scripts/Start-ALZMonitorCleanup.ps1 b/patterns/alz/scripts/Start-ALZMonitorCleanup.ps1 index 7f61d8f6e..2f98f9ab4 100644 --- a/patterns/alz/scripts/Start-ALZMonitorCleanup.ps1 +++ b/patterns/alz/scripts/Start-ALZMonitorCleanup.ps1 @@ -100,33 +100,33 @@ If ($managementGroups.count -eq 0) { } # get alert resources to delete -$alertResourceIds = Search-AzGraphRecursive -Query "Resources | where type in~ ('Microsoft.Insights/metricAlerts','Microsoft.Insights/activityLogAlerts', 'Microsoft.Insights/scheduledQueryRules') and tags['_deployed_by_alz_monitor'] =~ 'True' | project id" -ManagementGroupNames $managementGroups.Name | - Select-Object -ExpandProperty Id | Sort-Object | Get-Unique +$query = "Resources | where type in~ ('Microsoft.Insights/metricAlerts','Microsoft.Insights/activityLogAlerts', 'Microsoft.Insights/scheduledQueryRules') and tags['_deployed_by_alz_monitor'] =~ 'True' | project id" +$alertResourceIds = Search-AzGraphRecursive -Query $query -ManagementGroupNames $managementGroups.Name | Select-Object -ExpandProperty Id | Sort-Object | Get-Unique Write-Host "Found '$($alertResourceIds.Count)' metric, activity log and log alerts with tag '_deployed_by_alz_monitor=True' to be deleted." # get resource group to delete -$resourceGroupIds = Search-AzGraphRecursive -Query "ResourceContainers | where type =~ 'microsoft.resources/subscriptions/resourcegroups' and tags['_deployed_by_alz_monitor'] =~ 'True' | project id" -ManagementGroupNames $managementGroups.Name | - Select-Object -ExpandProperty Id | Sort-Object | Get-Unique +$query = "ResourceContainers | where type =~ 'microsoft.resources/subscriptions/resourcegroups' and tags['_deployed_by_alz_monitor'] =~ 'True' | project id" +$resourceGroupIds = Search-AzGraphRecursive -Query $query -ManagementGroupNames $managementGroups.Name | Select-Object -ExpandProperty Id | Sort-Object | Get-Unique Write-Host "Found '$($resourceGroupIds.Count)' resource groups with tag '_deployed_by_alz_monitor=True' to be deleted." # get policy assignments to delete -$policyAssignmentIds = Search-AzGraphRecursive -Query "policyresources | where type =~ 'microsoft.authorization/policyAssignments' | project name,metadata=parse_json(properties.metadata),type,identity,id | where metadata._deployed_by_alz_monitor =~ 'true'" -ManagementGroupNames $managementGroups.Name | - Select-Object -ExpandProperty Id | Sort-Object | Get-Unique +$query = "policyresources | where type =~ 'microsoft.authorization/policyAssignments' | project name,metadata=parse_json(properties.metadata),type,identity,id | where metadata._deployed_by_alz_monitor =~ 'true'" +$policyAssignmentIds = Search-AzGraphRecursive -Query $query -ManagementGroupNames $managementGroups.Name | Select-Object -ExpandProperty Id | Sort-Object | Get-Unique Write-Host "Found '$($policyAssignmentIds.Count)' policy assignments with metadata '_deployed_by_alz_monitor=True' to be deleted." # get policy set definitions to delete -$policySetDefinitionIds = Search-AzGraphRecursive -Query "policyresources | where type =~ 'microsoft.authorization/policysetdefinitions' | project name,metadata=parse_json(properties.metadata),type,id | where metadata._deployed_by_alz_monitor =~ 'true' | project id" -ManagementGroupNames $managementGroups.Name | - Select-Object -ExpandProperty Id | Sort-Object | Get-Unique +$query = "policyresources | where type =~ 'microsoft.authorization/policysetdefinitions' | project name,metadata=parse_json(properties.metadata),type,id | where metadata._deployed_by_alz_monitor =~ 'true' | project id" +$policySetDefinitionIds = Search-AzGraphRecursive -Query $query -ManagementGroupNames $managementGroups.Name | Select-Object -ExpandProperty Id | Sort-Object | Get-Unique Write-Host "Found '$($policySetDefinitionIds.Count)' policy set definitions with metadata '_deployed_by_alz_monitor=True' to be deleted." # get policy definitions to delete -$policyDefinitionIds = Search-AzGraphRecursive -Query "policyresources | where type =~ 'microsoft.authorization/policyDefinitions' | project name,metadata=parse_json(properties.metadata),type,id | where metadata._deployed_by_alz_monitor =~ 'true' | project id" -ManagementGroupNames $managementGroups.Name | - Select-Object -ExpandProperty Id | Sort-Object | Get-Unique +$query = "policyresources | where type =~ 'microsoft.authorization/policyDefinitions' | project name,metadata=parse_json(properties.metadata),type,id | where metadata._deployed_by_alz_monitor =~ 'true' | project id" +$policyDefinitionIds = Search-AzGraphRecursive -Query $query -ManagementGroupNames $managementGroups.Name | Select-Object -ExpandProperty Id | Sort-Object | Get-Unique Write-Host "Found '$($policyDefinitionIds.Count)' policy definitions with metadata '_deployed_by_alz_monitor=True' to be deleted." # get role assignments to delete -$roleAssignments = Search-AzGraphRecursive -Query "authorizationresources | where type =~ 'microsoft.authorization/roleassignments' and properties.description == '_deployed_by_alz_monitor' | project roleDefinitionId = properties.roleDefinitionId, objectId = properties.principalId, scope = properties.scope, id" -ManagementGroupNames $managementGroups.Name | - Sort-Object -Property id | Get-Unique -AsString +$query = "authorizationresources | where type =~ 'microsoft.authorization/roleassignments' and properties.description == '_deployed_by_alz_monitor' | project roleDefinitionId = properties.roleDefinitionId, objectId = properties.principalId, scope = properties.scope, id" +$roleAssignments = Search-AzGraphRecursive -Query $query -ManagementGroupNames $managementGroups.Name | Sort-Object -Property id | Get-Unique -AsString Write-Host "Found '$($roleAssignments.Count)' role assignment with description '_deployed_by_alz_monitor' to be deleted." If (!$reportOnly.IsPresent) { diff --git a/patterns/alz/scripts/Start-AMBACleanup.ps1 b/patterns/alz/scripts/Start-AMBACleanup.ps1 index 009189a18..a7e83984d 100644 --- a/patterns/alz/scripts/Start-AMBACleanup.ps1 +++ b/patterns/alz/scripts/Start-AMBACleanup.ps1 @@ -100,33 +100,33 @@ If ($managementGroups.count -eq 0) { } # get alert resources to delete -$alertResourceIds = Search-AzGraphRecursive -Query "Resources | where type in~ ('Microsoft.Insights/metricAlerts','Microsoft.Insights/activityLogAlerts', 'Microsoft.Insights/scheduledQueryRules') and tags['_deployed_by_amba'] =~ 'True' | project id" -ManagementGroupNames $managementGroups.Name | - Select-Object -ExpandProperty Id | Sort-Object | Get-Unique +$query = "Resources | where type in~ ('Microsoft.Insights/metricAlerts','Microsoft.Insights/activityLogAlerts', 'Microsoft.Insights/scheduledQueryRules') and tags['_deployed_by_amba'] =~ 'True' | project id" +$alertResourceIds = Search-AzGraphRecursive -Query $query -ManagementGroupNames $managementGroups.Name | Select-Object -ExpandProperty Id | Sort-Object | Get-Unique Write-Host "Found '$($alertResourceIds.Count)' metric, activity log and log alerts with tag '_deployed_by_amba=True' to be deleted." # get resource group to delete -$resourceGroupIds = Search-AzGraphRecursive -Query "ResourceContainers | where type =~ 'microsoft.resources/subscriptions/resourcegroups' and tags['_deployed_by_amba'] =~ 'True' | project id" -ManagementGroupNames $managementGroups.Name | - Select-Object -ExpandProperty Id | Sort-Object | Get-Unique +$query = "ResourceContainers | where type =~ 'microsoft.resources/subscriptions/resourcegroups' and tags['_deployed_by_amba'] =~ 'True' | project id" +$resourceGroupIds = Search-AzGraphRecursive -Query $query -ManagementGroupNames $managementGroups.Name | Select-Object -ExpandProperty Id | Sort-Object | Get-Unique Write-Host "Found '$($resourceGroupIds.Count)' resource groups with tag '_deployed_by_amba=True' to be deleted." # get policy assignments to delete -$policyAssignmentIds = Search-AzGraphRecursive -Query "policyresources | where type =~ 'microsoft.authorization/policyAssignments' | project name,metadata=parse_json(properties.metadata),type,identity,id | where metadata._deployed_by_amba =~ 'true'" -ManagementGroupNames $managementGroups.Name | - Select-Object -ExpandProperty Id | Sort-Object | Get-Unique +$query = "policyresources | where type =~ 'microsoft.authorization/policyAssignments' | project name,metadata=parse_json(properties.metadata),type,identity,id | where metadata._deployed_by_amba =~ 'true'" +$policyAssignmentIds = Search-AzGraphRecursive -Query $query -ManagementGroupNames $managementGroups.Name | Select-Object -ExpandProperty Id | Sort-Object | Get-Unique Write-Host "Found '$($policyAssignmentIds.Count)' policy assignments with metadata '_deployed_by_amba=True' to be deleted." # get policy set definitions to delete -$policySetDefinitionIds = Search-AzGraphRecursive -Query "policyresources | where type =~ 'microsoft.authorization/policysetdefinitions' | project name,metadata=parse_json(properties.metadata),type,id | where metadata._deployed_by_amba =~ 'true' | project id" -ManagementGroupNames $managementGroups.Name | - Select-Object -ExpandProperty Id | Sort-Object | Get-Unique +$query = "policyresources | where type =~ 'microsoft.authorization/policysetdefinitions' | project name,metadata=parse_json(properties.metadata),type,id | where metadata._deployed_by_amba =~ 'true' | project id" +$policySetDefinitionIds = Search-AzGraphRecursive -Query $query -ManagementGroupNames $managementGroups.Name | Select-Object -ExpandProperty Id | Sort-Object | Get-Unique Write-Host "Found '$($policySetDefinitionIds.Count)' policy set definitions with metadata '_deployed_by_amba=True' to be deleted." # get policy definitions to delete -$policyDefinitionIds = Search-AzGraphRecursive -Query "policyresources | where type =~ 'microsoft.authorization/policyDefinitions' | project name,metadata=parse_json(properties.metadata),type,id | where metadata._deployed_by_amba =~ 'true' | project id" -ManagementGroupNames $managementGroups.Name | - Select-Object -ExpandProperty Id | Sort-Object | Get-Unique +$query = "policyresources | where type =~ 'microsoft.authorization/policyDefinitions' | project name,metadata=parse_json(properties.metadata),type,id | where metadata._deployed_by_amba =~ 'true' | project id" +$policyDefinitionIds = Search-AzGraphRecursive -Query $query -ManagementGroupNames $managementGroups.Name | Select-Object -ExpandProperty Id | Sort-Object | Get-Unique Write-Host "Found '$($policyDefinitionIds.Count)' policy definitions with metadata '_deployed_by_amba=True' to be deleted." # get role assignments to delete -$roleAssignments = Search-AzGraphRecursive -Query "authorizationresources | where type =~ 'microsoft.authorization/roleassignments' and properties.description == '_deployed_by_amba' | project roleDefinitionId = properties.roleDefinitionId, objectId = properties.principalId, scope = properties.scope, id" -ManagementGroupNames $managementGroups.Name | - Sort-Object -Property id | Get-Unique -AsString +$query = "authorizationresources | where type =~ 'microsoft.authorization/roleassignments' and properties.description == '_deployed_by_amba' | project roleDefinitionId = properties.roleDefinitionId, objectId = properties.principalId, scope = properties.scope, id" +$roleAssignments = Search-AzGraphRecursive -Query $query -ManagementGroupNames $managementGroups.Name | Sort-Object -Property id | Get-Unique -AsString Write-Host "Found '$($roleAssignments.Count)' role assignment with description '_deployed_by_amba' to be deleted." If (!$reportOnly.IsPresent) { From 38dd27eff11f787c162b339b472aedd01977a2ad Mon Sep 17 00:00:00 2001 From: Matthew Bratschun Date: Fri, 20 Oct 2023 16:39:02 -0600 Subject: [PATCH 12/29] move commands to single lines --- patterns/alz/alzArm.param.json | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/patterns/alz/alzArm.param.json b/patterns/alz/alzArm.param.json index f5be3f199..1eba86117 100644 --- a/patterns/alz/alzArm.param.json +++ b/patterns/alz/alzArm.param.json @@ -3,22 +3,22 @@ "contentVersion": "1.0.0.0", "parameters": { "enterpriseScaleCompanyPrefix": { - "value": "NonProd" + "value": "contoso" }, "platformManagementGroup": { - "value": "NonProd" + "value": "contoso-platform" }, "IdentityManagementGroup": { - "value": "NonProd" + "value": "contoso-identity" }, "managementManagementGroup": { - "value": "NonProd" + "value": "contoso-management" }, "connectivityManagementGroup": { - "value": "NonProd" + "value": "contoso-connectivity" }, "LandingZoneManagementGroup": { - "value": "NonProd" + "value": "contoso-landingzones" }, "enableAMBAConnectivity": { "value": "Yes" From e0fe4e00ae369969056fe3ef21c9ee22bfc0540e Mon Sep 17 00:00:00 2001 From: maheshbenke Date: Sun, 22 Oct 2023 17:30:25 -0700 Subject: [PATCH 13/29] Updating the recommendations for Azure Front Door --- services/Network/frontdoors/_index.md | 5 ++--- services/Network/frontdoors/alerts.yaml | 21 +++++++++++++++------ 2 files changed, 17 insertions(+), 9 deletions(-) diff --git a/services/Network/frontdoors/_index.md b/services/Network/frontdoors/_index.md index cc69d42ab..03da3afd6 100644 --- a/services/Network/frontdoors/_index.md +++ b/services/Network/frontdoors/_index.md @@ -1,7 +1,6 @@ --- -title: frontdoors +title: Frontdoors geekdocCollapseSection: true -geekdocHidden: true --- -{{< alertList name="alertList" >}} \ No newline at end of file +{{< alertList name="alertList" >}} diff --git a/services/Network/frontdoors/alerts.yaml b/services/Network/frontdoors/alerts.yaml index 204e45d8a..d1f5787ec 100644 --- a/services/Network/frontdoors/alerts.yaml +++ b/services/Network/frontdoors/alerts.yaml @@ -1,9 +1,9 @@ -- name: BackendHealthPercentage +- name: Backend Health Percentage description: The percentage of successful health probes from the HTTP/S proxy to backends type: Metric verified: false - visible: false + visible: true tags: - auto-generated - agc-2156 @@ -18,11 +18,14 @@ criterionType: StaticThresholdCriterion threshold: 80.0 autoMitigate: false -- name: RequestCount + references: + - name: Supported metrics for Microsoft.Network/frontdoors + url: https://learn.microsoft.com/en-us/azure/azure-monitor/reference/supported-metrics/microsoft-network-frontdoors-metrics +- name: Request Count description: The number of client requests served by the HTTP/S proxy type: Metric verified: false - visible: false + visible: true tags: - auto-generated - agc-1350 @@ -42,13 +45,16 @@ - 5xx threshold: 10.0 autoMitigate: false -- name: TotalLatency + references: + - name: Supported metrics for Microsoft.Network/frontdoors + url: https://learn.microsoft.com/en-us/azure/azure-monitor/reference/supported-metrics/microsoft-network-frontdoors-metrics +- name: Total Latency description: The time calculated from when the client request was received by the HTTP/S proxy until the client acknowledged the last response byte from the HTTP/S proxy type: Metric verified: false - visible: false + visible: true tags: - auto-generated - agc-1310 @@ -63,6 +69,9 @@ criterionType: StaticThresholdCriterion threshold: 25000.0 autoMitigate: false + references: + - name: Supported metrics for Microsoft.Network/frontdoors + url: https://learn.microsoft.com/en-us/azure/azure-monitor/reference/supported-metrics/microsoft-network-frontdoors-metrics - name: BackendRequestLatency description: The time calculated from when the request was sent by the HTTP/S proxy to the backend until the HTTP/S proxy received the last response byte from the From f204afa8a1d82f9b7177e8c0ebb1f27a12b6c42e Mon Sep 17 00:00:00 2001 From: Alexey Zolotukhin Date: Mon, 23 Oct 2023 11:59:00 +0200 Subject: [PATCH 14/29] Add missing '\' to the example commands in Start-AMBARemediation.ps1 --- patterns/alz/scripts/Start-AMBARemediation.ps1 | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/patterns/alz/scripts/Start-AMBARemediation.ps1 b/patterns/alz/scripts/Start-AMBARemediation.ps1 index 79f398265..dcdd30e77 100644 --- a/patterns/alz/scripts/Start-AMBARemediation.ps1 +++ b/patterns/alz/scripts/Start-AMBARemediation.ps1 @@ -11,11 +11,11 @@ Examples: $connectivityManagementGroup = "The management group id for Connectivity" $LZManagementGroup="The management group id for Landing Zones" #Run the following commands to initiate remediation - .\patterns\alz\scriptsStart-AMBARemediation.ps1 -managementGroupName $managementManagementGroup -policyName Alerting-Management - .\patterns\alz\scriptsStart-AMBARemediation.ps1 -managementGroupName $connectivityManagementGroup -policyName Alerting-Connectivity - .\patterns\alz\scriptsStart-AMBARemediation.ps1 -managementGroupName $identityManagementGroup -policyName Alerting-Identity - .\patterns\alz\scriptsStart-AMBARemediation.ps1 -managementGroupName $LZManagementGroup -policyName Alerting-LandingZone - .\patterns\alz\scriptsStart-AMBARemediation.ps1 -managementGroupName $pseudoRootManagementGroup -policyName Alerting-ServiceHealth + .\patterns\alz\scripts\Start-AMBARemediation.ps1 -managementGroupName $managementManagementGroup -policyName Alerting-Management + .\patterns\alz\scripts\Start-AMBARemediation.ps1 -managementGroupName $connectivityManagementGroup -policyName Alerting-Connectivity + .\patterns\alz\scripts\Start-AMBARemediation.ps1 -managementGroupName $identityManagementGroup -policyName Alerting-Identity + .\patterns\alz\scripts\Start-AMBARemediation.ps1 -managementGroupName $LZManagementGroup -policyName Alerting-LandingZone + .\patterns\alz\scripts\Start-AMBARemediation.ps1 -managementGroupName $pseudoRootManagementGroup -policyName Alerting-ServiceHealth #> Param( From 43ab7354ad97c0e18d7012c0b15926740fbffadc Mon Sep 17 00:00:00 2001 From: Brunoga-MS Date: Tue, 24 Oct 2023 14:47:16 +0200 Subject: [PATCH 15/29] Adding ReseHlth to Granular Deployment Flexibility --- patterns/alz/alzArm.param.json | 3 +++ .../Deploy-ServiceHealth-Alerts.json | 17 ++++++++++++++++- ...vityLog-ResourceHealth-UnHealthly-Alert.json | 14 +++++++++++++- 3 files changed, 32 insertions(+), 2 deletions(-) diff --git a/patterns/alz/alzArm.param.json b/patterns/alz/alzArm.param.json index 0758be820..37993b872 100644 --- a/patterns/alz/alzArm.param.json +++ b/patterns/alz/alzArm.param.json @@ -61,6 +61,9 @@ "ResHlthUnhealthyAlertState": { "value": "true" }, + "ResHlthUnhealthyPolicyEffect": { + "value": "deployIfNotExists" + }, "SvcHlthAdvisoryAlertState": { "value": "true" }, diff --git a/patterns/alz/policySetDefinitions/Deploy-ServiceHealth-Alerts.json b/patterns/alz/policySetDefinitions/Deploy-ServiceHealth-Alerts.json index a01ff5f9f..9e7fa2166 100644 --- a/patterns/alz/policySetDefinitions/Deploy-ServiceHealth-Alerts.json +++ b/patterns/alz/policySetDefinitions/Deploy-ServiceHealth-Alerts.json @@ -49,6 +49,18 @@ "description": "State of the Resource Health Unhealthy alert" } }, + "ResHlthUnhealthyPolicyEffect": { + "type": "string", + "defaultValue": "deployIfNotExists", + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "metadata": { + "displayName": "Resource Health Unhealthy Alert Policy Effect", + "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" + } + }, "SvcHlthAdvisoryAlertState": { "type": "string", "defaultValue": "true", @@ -105,7 +117,7 @@ "disabled" ], "metadata": { - "displayName": "VService Health Maintenance Alert Policy Effect", + "displayName": "Service Health Maintenance Alert Policy Effect", "description": "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" } }, @@ -154,6 +166,9 @@ "enabled": { "value": "[[parameters('ResHlthUnhealthyAlertState')]" }, + "effect": { + "value": "[[parameters('ResHlthUnhealthyPolicyEffect')]" + }, "alertResourceGroupName": { "value": "[[parameters('ALZMonitorResourceGroupName')]" }, diff --git a/services/Resources/subscriptions/Deploy-ActivityLog-ResourceHealth-UnHealthly-Alert.json b/services/Resources/subscriptions/Deploy-ActivityLog-ResourceHealth-UnHealthly-Alert.json index 65ce3bb1e..a988ab564 100644 --- a/services/Resources/subscriptions/Deploy-ActivityLog-ResourceHealth-UnHealthly-Alert.json +++ b/services/Resources/subscriptions/Deploy-ActivityLog-ResourceHealth-UnHealthly-Alert.json @@ -56,6 +56,18 @@ }, "defaultValue": "centralus" }, + "effect": { + "type": "String", + "metadata": { + "displayName": "Effect", + "description": "Effect of the policy" + }, + "allowedValues": [ + "deployIfNotExists", + "disabled" + ], + "defaultValue": "disabled" + }, "MonitorDisable": { "type": "String", "metadata": { @@ -79,7 +91,7 @@ ] }, "then": { - "effect": "deployIfNotExists", + "effect": "[[parameters('effect')]", "details": { "roleDefinitionIds": [ "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" From 55e5ec7a9f74fe9622e21f573734adbb0fccb86e Mon Sep 17 00:00:00 2001 From: Brunoga-MS Date: Tue, 24 Oct 2023 14:49:34 +0200 Subject: [PATCH 16/29] re-building policies.json file --- patterns/alz/policyDefinitions/policies.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/patterns/alz/policyDefinitions/policies.json b/patterns/alz/policyDefinitions/policies.json index 4d95eb71e..5f6f5f768 100644 --- a/patterns/alz/policyDefinitions/policies.json +++ b/patterns/alz/policyDefinitions/policies.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.19.5.34762", - "templateHash": "371160830915275346" + "templateHash": "10767426305168551574" } }, "parameters": { @@ -171,7 +171,7 @@ "$fxv#57": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_VnetGw_TunnelIngressPacketDropCount_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy VNetG Ingress Packet Drop Count Alert\",\r\n \"description\": \"Policy to audit/deploy Vnet Gateway Ingress Packet Drop Count Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.0.1\",\r\n \"category\": \"Network\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"3\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"P1D\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisable\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Tag name to disable monitoring resource. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.network/virtualNetworkGateways\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/virtualNetworkGateways/gatewayType\",\r\n \"equals\": \"VPN\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisable'), ']')]\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace\",\r\n \"equals\": \"microsoft.network/virtualNetworkGateways\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName\",\r\n \"equals\": \"TunnelIngressPacketDropCount\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricalerts/scopes[*]\",\r\n \"equals\": \"[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.network/virtualNetworkGateways/', field('fullName'))]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceName\",\r\n \"description\": \"Name of the resource\"\r\n }\r\n },\r\n \"resourceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceId\",\r\n \"description\": \"Resource ID of the resource emitting the metric that will be used for the comparison\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"name\": \"[[concat(parameters('resourceName'), '-TunnelIngressPacketDropCountAlert')]\",\r\n \"location\": \"global\",\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"description\": \"Metric Alert for Vnet Gateway tunnel TunnelIngressPacketDropCount\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[parameters('resourceId')]\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"alertSensitivity\": \"Medium\",\r\n \"failingPeriods\": {\r\n \"numberOfEvaluationPeriods\": 4,\r\n \"minFailingPeriodsToAlert\": 4\r\n },\r\n \"name\": \"TunnelIngressPacketDropCount\",\r\n \"metricNamespace\": \"microsoft.network/virtualNetworkGateways\",\r\n \"metricName\": \"TunnelIngressPacketDropCount\",\r\n \"operator\": \"GreaterThan\",\r\n \"timeAggregation\": \"Average\",\r\n \"criterionType\": \"DynamicThresholdCriterion\"\r\n }\r\n ],\r\n \"odata.type\": \"Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria\"\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"parameters\": {\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"value\": \"[[field('name')]\"\r\n },\r\n \"resourceId\": {\r\n \"value\": \"[[field('id')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", "$fxv#58": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_VnetGw_TunnelIngressPacketDropMismatch_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy VNetG Ingress Packet Drop Mismatch Alert\",\r\n \"description\": \"Policy to audit/deploy Vnet Gateway Ingress Packet Drop Mismatch Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.0.1\",\r\n \"category\": \"Network\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"3\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"P1D\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisable\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Tag name to disable monitoring resource. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.network/virtualNetworkGateways\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Network/virtualNetworkGateways/gatewayType\",\r\n \"equals\": \"VPN\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisable'), ']')]\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace\",\r\n \"equals\": \"microsoft.network/virtualNetworkGateways\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName\",\r\n \"equals\": \"TunnelIngressPacketDropTSMismatch\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricalerts/scopes[*]\",\r\n \"equals\": \"[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.network/virtualNetworkGateways/', field('fullName'))]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceName\",\r\n \"description\": \"Name of the resource\"\r\n }\r\n },\r\n \"resourceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceId\",\r\n \"description\": \"Resource ID of the resource emitting the metric that will be used for the comparison\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"name\": \"[[concat(parameters('resourceName'), '-TunnelIngressPacketDropTSMismatchAlert')]\",\r\n \"location\": \"global\",\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"description\": \"Metric Alert for Vnet Gateway tunnel TunnelIngressPacketDropTSMismatch\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[parameters('resourceId')]\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"alertSensitivity\": \"Medium\",\r\n \"failingPeriods\": {\r\n \"numberOfEvaluationPeriods\": 4,\r\n \"minFailingPeriodsToAlert\": 4\r\n },\r\n \"name\": \"TunnelIngressPacketDropTSMismatch\",\r\n \"metricNamespace\": \"microsoft.network/virtualNetworkGateways\",\r\n \"metricName\": \"TunnelIngressPacketDropTSMismatch\",\r\n \"operator\": \"GreaterThan\",\r\n \"timeAggregation\": \"Average\",\r\n \"criterionType\": \"DynamicThresholdCriterion\"\r\n }\r\n ],\r\n \"odata.type\": \"Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria\"\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"parameters\": {\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"value\": \"[[field('name')]\"\r\n },\r\n \"resourceId\": {\r\n \"value\": \"[[field('id')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", "$fxv#59": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_VPNGw_BandwidthUtil_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy VPNG Bandwidth Utilization Alert\",\r\n \"description\": \"Policy to audit/deploy VPN Gateway Bandwidth Utilization Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.0.1\",\r\n \"category\": \"Network\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"0\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"P1D\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"defaultValue\": \"PT1M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisable\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Tag name to disable monitoring resource. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.network/vpngateways\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisable'), ']')]\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricNamespace\",\r\n \"equals\": \"microsoft.network/vpngateways\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricName\",\r\n \"equals\": \"tunnelaveragebandwidth\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricalerts/scopes[*]\",\r\n \"equals\": \"[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.network/vpngateways/', field('fullName'))]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceName\",\r\n \"description\": \"Name of the resource\"\r\n }\r\n },\r\n \"resourceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceId\",\r\n \"description\": \"Resource ID of the resource emitting the metric that will be used for the comparison\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"name\": \"[[concat(parameters('resourceName'), '-GatewayBandwidthAlert')]\",\r\n \"location\": \"global\",\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"description\": \"Metric Alert for VPN Gateway Bandwidth Utilization\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[parameters('resourceId')]\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"name\": \"tunnelaveragebandwidth\",\r\n \"metricNamespace\": \"microsoft.network/vpngateways\",\r\n \"metricName\": \"tunnelaveragebandwidth\",\r\n \"operator\": \"LessThan\",\r\n \"threshold\": \"[[parameters('threshold')]\",\r\n \"timeAggregation\": \"Average\",\r\n \"criterionType\": \"StaticThresholdCriterion\"\r\n }\r\n ],\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\"\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"parameters\": {\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"value\": \"[[field('name')]\"\r\n },\r\n \"resourceId\": {\r\n \"value\": \"[[field('id')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", - "$fxv#6": "{\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"name\": \"Deploy_activitylog_ResourceHealth_Unhealthy_Alert\",\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"Deploy Resource Health Unhealthy Alert\",\n \"description\": \"Policy to Deploy Resource Health Unhealthy Alert\",\n \"metadata\": {\n \"version\": \"1.0.2\",\n \"category\": \"Monitoring\",\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\"\n ],\n \"_deployed_by_amba\": \"True\"\n },\n \"parameters\": {\n \"enabled\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Alert State\",\n \"description\": \"Alert state for the alert\"\n },\n \"allowedValues\": [\n \"true\",\n \"false\"\n ],\n \"defaultValue\": \"true\"\n },\n \"alertResourceGroupName\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Resource Group Name\",\n \"description\": \"Resource group the alert is placed in\"\n },\n \"defaultValue\": \"rg-amba-monitoring-001\"\n },\n \"alertResourceGroupTags\": {\n \"type\": \"Object\",\n \"metadata\": {\n \"displayName\": \"Resource Group Tags\",\n \"description\": \"Tags on the Resource group the alert is placed in\"\n },\n \"defaultValue\": {\n \"environment\": \"test\",\n \"_deployed_by_amba\": true\n }\n },\n \"alertResourceGroupLocation\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Resource Group Location\",\n \"description\": \"Location of the Resource group the alert is placed in\"\n },\n \"defaultValue\": \"centralus\"\n },\n \"MonitorDisable\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Tag name to disable monitoring on subscription level alerts. Set to true if monitoring should be disabled\"\n },\n \"defaultValue\": \"MonitorDisable\"\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Resources/subscriptions\"\n },\n {\n \"field\": \"[[concat('tags[', parameters('MonitorDisable'), ']')]\",\n \"notEquals\": \"true\"\n }\n ]\n },\n \"then\": {\n \"effect\": \"deployIfNotExists\",\n \"details\": {\n \"roleDefinitionIds\": [\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\n ],\n \"type\": \"Microsoft.Insights/activityLogAlerts\",\n \"existenceScope\": \"resourcegroup\",\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\n \"deploymentScope\": \"subscription\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/enabled\",\n \"equals\": \"[[parameters('enabled')]\"\n },\n {\n \"count\": {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*]\",\n \"where\": {\n \"anyOf\": [\n {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field\",\n \"equals\": \"category\"\n },\n {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals\",\n \"equals\": \"ResourceHealth\"\n }\n ]\n }\n ]\n }\n },\n \"equals\": 1\n }\n ]\n },\n \"deployment\": {\n \"location\": \"northeurope\",\n \"properties\": {\n \"mode\": \"incremental\",\n \"template\": {\n \"$schema\": \"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"alertResourceGroupName\": {\n \"type\": \"string\"\n },\n \"alertResourceGroupTags\": {\n \"type\": \"object\"\n },\n \"alertResourceGroupLocation\": {\n \"type\": \"string\"\n },\n \"enabled\": {\n \"type\": \"string\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"Microsoft.Resources/resourceGroups\",\n \"apiVersion\": \"2021-04-01\",\n \"name\": \"[[parameters('alertResourceGroupName')]\",\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\n },\n {\n \"type\": \"Microsoft.Resources/deployments\",\n \"apiVersion\": \"2019-10-01\",\n \"name\": \"ResourceHealtAlert\",\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\n \"dependsOn\": [\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\n ],\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"enabled\": {\n \"type\": \"string\"\n },\n \"alertResourceGroupName\": {\n \"type\": \"string\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"microsoft.insights/activityLogAlerts\",\n \"apiVersion\": \"2020-10-01\",\n \"name\": \"ResourceHealthUnhealthyAlert\",\n \"location\": \"global\",\n \"tags\": {\n \"_deployed_by_amba\": true\n },\n \"properties\": {\n \"description\": \"Resource Health Unhealthy Alert\",\n \"enabled\": \"[[parameters('enabled')]\",\n \"scopes\": [\n \"[[subscription().id]\"\n ],\n \"condition\": {\n \"allOf\": [\n {\n \"field\": \"category\",\n \"equals\": \"ResourceHealth\"\n },\n {\n \"anyOf\": [\n {\n \"field\": \"properties.cause\",\n \"equals\": \"PlatformInitiated\"\n },\n {\n \"field\": \"properties.cause\",\n \"equals\": \"UserInitiated\"\n }\n ]\n },\n {\n \"anyOf\": [\n {\n \"field\": \"properties.currentHealthStatus\",\n \"equals\": \"Degraded\"\n },\n {\n \"field\": \"properties.currentHealthStatus\",\n \"equals\": \"Unavailable\"\n }\n ]\n }\n ]\n },\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('enabled')]\"\n }\n }\n }\n }\n ]\n },\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('enabled')]\"\n },\n \"alertResourceGroupName\": {\n \"value\": \"[[parameters('alertResourceGroupName')]\"\n }\n }\n }\n }\n ]\n },\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('enabled')]\"\n },\n \"alertResourceGroupName\": {\n \"value\": \"[[parameters('alertResourceGroupName')]\"\n },\n \"alertResourceGroupTags\": {\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\n },\n \"alertResourceGroupLocation\": {\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n}\n", + "$fxv#6": "{\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"name\": \"Deploy_activitylog_ResourceHealth_Unhealthy_Alert\",\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"Deploy Resource Health Unhealthy Alert\",\n \"description\": \"Policy to Deploy Resource Health Unhealthy Alert\",\n \"metadata\": {\n \"version\": \"1.0.2\",\n \"category\": \"Monitoring\",\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\"\n ],\n \"_deployed_by_amba\": \"True\"\n },\n \"parameters\": {\n \"enabled\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Alert State\",\n \"description\": \"Alert state for the alert\"\n },\n \"allowedValues\": [\n \"true\",\n \"false\"\n ],\n \"defaultValue\": \"true\"\n },\n \"alertResourceGroupName\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Resource Group Name\",\n \"description\": \"Resource group the alert is placed in\"\n },\n \"defaultValue\": \"rg-amba-monitoring-001\"\n },\n \"alertResourceGroupTags\": {\n \"type\": \"Object\",\n \"metadata\": {\n \"displayName\": \"Resource Group Tags\",\n \"description\": \"Tags on the Resource group the alert is placed in\"\n },\n \"defaultValue\": {\n \"environment\": \"test\",\n \"_deployed_by_amba\": true\n }\n },\n \"alertResourceGroupLocation\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Resource Group Location\",\n \"description\": \"Location of the Resource group the alert is placed in\"\n },\n \"defaultValue\": \"centralus\"\n },\n \"effect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Effect of the policy\"\n },\n \"allowedValues\": [\n \"deployIfNotExists\",\n \"disabled\"\n ],\n \"defaultValue\": \"disabled\"\n },\n \"MonitorDisable\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Tag name to disable monitoring on subscription level alerts. Set to true if monitoring should be disabled\"\n },\n \"defaultValue\": \"MonitorDisable\"\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Resources/subscriptions\"\n },\n {\n \"field\": \"[[concat('tags[', parameters('MonitorDisable'), ']')]\",\n \"notEquals\": \"true\"\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\",\n \"details\": {\n \"roleDefinitionIds\": [\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\n ],\n \"type\": \"Microsoft.Insights/activityLogAlerts\",\n \"existenceScope\": \"resourcegroup\",\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\n \"deploymentScope\": \"subscription\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/enabled\",\n \"equals\": \"[[parameters('enabled')]\"\n },\n {\n \"count\": {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*]\",\n \"where\": {\n \"anyOf\": [\n {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field\",\n \"equals\": \"category\"\n },\n {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals\",\n \"equals\": \"ResourceHealth\"\n }\n ]\n }\n ]\n }\n },\n \"equals\": 1\n }\n ]\n },\n \"deployment\": {\n \"location\": \"northeurope\",\n \"properties\": {\n \"mode\": \"incremental\",\n \"template\": {\n \"$schema\": \"https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"alertResourceGroupName\": {\n \"type\": \"string\"\n },\n \"alertResourceGroupTags\": {\n \"type\": \"object\"\n },\n \"alertResourceGroupLocation\": {\n \"type\": \"string\"\n },\n \"enabled\": {\n \"type\": \"string\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"Microsoft.Resources/resourceGroups\",\n \"apiVersion\": \"2021-04-01\",\n \"name\": \"[[parameters('alertResourceGroupName')]\",\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\n },\n {\n \"type\": \"Microsoft.Resources/deployments\",\n \"apiVersion\": \"2019-10-01\",\n \"name\": \"ResourceHealtAlert\",\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\n \"dependsOn\": [\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\n ],\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"enabled\": {\n \"type\": \"string\"\n },\n \"alertResourceGroupName\": {\n \"type\": \"string\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"microsoft.insights/activityLogAlerts\",\n \"apiVersion\": \"2020-10-01\",\n \"name\": \"ResourceHealthUnhealthyAlert\",\n \"location\": \"global\",\n \"tags\": {\n \"_deployed_by_amba\": true\n },\n \"properties\": {\n \"description\": \"Resource Health Unhealthy Alert\",\n \"enabled\": \"[[parameters('enabled')]\",\n \"scopes\": [\n \"[[subscription().id]\"\n ],\n \"condition\": {\n \"allOf\": [\n {\n \"field\": \"category\",\n \"equals\": \"ResourceHealth\"\n },\n {\n \"anyOf\": [\n {\n \"field\": \"properties.cause\",\n \"equals\": \"PlatformInitiated\"\n },\n {\n \"field\": \"properties.cause\",\n \"equals\": \"UserInitiated\"\n }\n ]\n },\n {\n \"anyOf\": [\n {\n \"field\": \"properties.currentHealthStatus\",\n \"equals\": \"Degraded\"\n },\n {\n \"field\": \"properties.currentHealthStatus\",\n \"equals\": \"Unavailable\"\n }\n ]\n }\n ]\n },\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('enabled')]\"\n }\n }\n }\n }\n ]\n },\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('enabled')]\"\n },\n \"alertResourceGroupName\": {\n \"value\": \"[[parameters('alertResourceGroupName')]\"\n }\n }\n }\n }\n ]\n },\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('enabled')]\"\n },\n \"alertResourceGroupName\": {\n \"value\": \"[[parameters('alertResourceGroupName')]\"\n },\n \"alertResourceGroupTags\": {\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\n },\n \"alertResourceGroupLocation\": {\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n}\n", "$fxv#60": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_VPNGw_BGPPeerStatus_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy VPNG BGP Peer Status Alert\",\r\n \"description\": \"Policy to audit/deploy VPN Gateway BGP Peer Status Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.0.1\",\r\n \"category\": \"Network\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"0\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"P1D\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"defaultValue\": \"PT1M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisable\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Tag name to disable monitoring resource. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.network/vpngateways\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisable'), ']')]\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricNamespace\",\r\n \"equals\": \"microsoft.network/vpngateways\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricName\",\r\n \"equals\": \"bgppeerstatus\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricalerts/scopes[*]\",\r\n \"equals\": \"[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.network/vpngateways/', field('fullName'))]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceName\",\r\n \"description\": \"Name of the resource\"\r\n }\r\n },\r\n \"resourceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceId\",\r\n \"description\": \"Resource ID of the resource emitting the metric that will be used for the comparison\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"name\": \"[[concat(parameters('resourceName'), '-BGPPeerStatusAlert')]\",\r\n \"location\": \"global\",\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"description\": \"Metric Alert for VPN Gateway BGP peer status\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[parameters('resourceId')]\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"name\": \"bgppeerstatus\",\r\n \"metricNamespace\": \"microsoft.network/vpngateways\",\r\n \"metricName\": \"bgppeerstatus\",\r\n \"operator\": \"LessThan\",\r\n \"threshold\": \"[[parameters('threshold')]\",\r\n \"timeAggregation\": \"Total\",\r\n \"criterionType\": \"StaticThresholdCriterion\"\r\n }\r\n ],\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\"\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"parameters\": {\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"value\": \"[[field('name')]\"\r\n },\r\n \"resourceId\": {\r\n \"value\": \"[[field('id')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", "$fxv#61": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_VPNGw_Egress_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy VPNG Egress Alert\",\r\n \"description\": \"Policy to audit/deploy VPN Gateway Egress Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.0.1\",\r\n \"category\": \"Network\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"0\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"P1D\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n },\r\n \"defaultValue\": \"1\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"disabled\"\r\n },\r\n \"MonitorDisable\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Tag name to disable monitoring resource. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.network/vpngateways\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisable'), ']')]\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricNamespace\",\r\n \"equals\": \"microsoft.network/vpngateways\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft-Azure-Monitor-SingleResourceMultipleMetricCriteria.allOf[*].metricName\",\r\n \"equals\": \"tunnelegressbytes\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricalerts/scopes[*]\",\r\n \"equals\": \"[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.network/vpngateways/', field('fullName'))]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceName\",\r\n \"description\": \"Name of the resource\"\r\n }\r\n },\r\n \"resourceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceId\",\r\n \"description\": \"Resource ID of the resource emitting the metric that will be used for the comparison\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"threshold\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"name\": \"[[concat(parameters('resourceName'), '-TunnelEgressAlert')]\",\r\n \"location\": \"global\",\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"description\": \"Metric Alert for VPN Gateway tunnel egress bytes\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[parameters('resourceId')]\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"name\": \"tunnelegressbytes\",\r\n \"metricNamespace\": \"microsoft.network/vpngateways\",\r\n \"metricName\": \"tunnelegressbytes\",\r\n \"operator\": \"LessThan\",\r\n \"threshold\": \"[[parameters('threshold')]\",\r\n \"timeAggregation\": \"Average\",\r\n \"criterionType\": \"StaticThresholdCriterion\"\r\n }\r\n ],\r\n \"odata.type\": \"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\"\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"parameters\": {\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"value\": \"[[field('name')]\"\r\n },\r\n \"resourceId\": {\r\n \"value\": \"[[field('id')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('threshold')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", "$fxv#62": "{\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Deploy_VPNGw_TunnelEgressPacketDropCount_Alert\",\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Deploy VPNG Egress Packet Drop Count Alert\",\r\n \"description\": \"Policy to audit/deploy VPN Gateway Egress Packet Drop Count Alert\",\r\n \"metadata\": {\r\n \"version\": \"1.0.1\",\r\n \"category\": \"Network\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": \"True\"\r\n },\r\n \"parameters\": {\r\n \"severity\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Severity\",\r\n \"description\": \"Severity of the Alert\"\r\n },\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"defaultValue\": \"3\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"P1D\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"defaultValue\": \"PT5M\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Auto Mitigate\",\r\n \"description\": \"Auto Mitigate for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n },\r\n \"allowedValues\": [\r\n \"true\",\r\n \"false\"\r\n ],\r\n \"defaultValue\": \"true\"\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Effect of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"defaultValue\": \"deployIfNotExists\"\r\n },\r\n \"MonitorDisable\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Tag name to disable monitoring resource. Set to true if monitoring should be disabled\"\r\n },\r\n \"defaultValue\": \"MonitorDisable\"\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"microsoft.network/vpngateways\"\r\n },\r\n {\r\n \"field\": \"[[concat('tags[', parameters('MonitorDisable'), ']')]\",\r\n \"notEquals\": \"true\"\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"[[parameters('effect')]\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricNamespace\",\r\n \"equals\": \"microsoft.network/vpngateways\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/criteria.Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria.allOf[*].metricName\",\r\n \"equals\": \"TunnelEgressPacketDropCount\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricalerts/scopes[*]\",\r\n \"equals\": \"[[concat(subscription().id, '/resourceGroups/', resourceGroup().name, '/providers/microsoft.network/vpngateways/', field('fullName'))]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/metricAlerts/enabled\",\r\n \"equals\": \"[[parameters('enabled')]\"\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceName\",\r\n \"description\": \"Name of the resource\"\r\n }\r\n },\r\n \"resourceId\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"resourceId\",\r\n \"description\": \"Resource ID of the resource emitting the metric that will be used for the comparison\"\r\n }\r\n },\r\n \"severity\": {\r\n \"type\": \"String\"\r\n },\r\n \"windowSize\": {\r\n \"type\": \"String\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"type\": \"String\"\r\n },\r\n \"autoMitigate\": {\r\n \"type\": \"String\"\r\n },\r\n \"enabled\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Insights/metricAlerts\",\r\n \"apiVersion\": \"2018-03-01\",\r\n \"name\": \"[[concat(parameters('resourceName'), '-TunnelEgressPacketDropCountAlert')]\",\r\n \"location\": \"global\",\r\n \"tags\": {\r\n \"_deployed_by_amba\": true\r\n },\r\n \"properties\": {\r\n \"description\": \"Metric Alert for VPN Gateway tunnel TunnelEgressPacketDropCount\",\r\n \"severity\": \"[[parameters('severity')]\",\r\n \"enabled\": \"[[parameters('enabled')]\",\r\n \"scopes\": [\r\n \"[[parameters('resourceId')]\"\r\n ],\r\n \"evaluationFrequency\": \"[[parameters('evaluationFrequency')]\",\r\n \"windowSize\": \"[[parameters('windowSize')]\",\r\n \"criteria\": {\r\n \"allOf\": [\r\n {\r\n \"alertSensitivity\": \"Medium\",\r\n \"failingPeriods\": {\r\n \"numberOfEvaluationPeriods\": 4,\r\n \"minFailingPeriodsToAlert\": 4\r\n },\r\n \"name\": \"TunnelEgressPacketDropCount\",\r\n \"metricNamespace\": \"microsoft.network/vpngateways\",\r\n \"metricName\": \"TunnelEgressPacketDropCount\",\r\n \"operator\": \"GreaterThan\",\r\n \"timeAggregation\": \"Average\",\r\n \"criterionType\": \"DynamicThresholdCriterion\"\r\n }\r\n ],\r\n \"odata.type\": \"Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria\"\r\n },\r\n \"autoMitigate\": \"[[parameters('autoMitigate')]\",\r\n \"parameters\": {\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n }\r\n }\r\n }\r\n }\r\n ]\r\n },\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"value\": \"[[field('name')]\"\r\n },\r\n \"resourceId\": {\r\n \"value\": \"[[field('id')]\"\r\n },\r\n \"severity\": {\r\n \"value\": \"[[parameters('severity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('windowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('evaluationFrequency')]\"\r\n },\r\n \"autoMitigate\": {\r\n \"value\": \"[[parameters('autoMitigate')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('enabled')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}\r\n", @@ -9273,7 +9273,7 @@ }, "$fxv#9": "{\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"name\": \"Deploy_activitylog_ServiceHealth_Incident\",\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"Deploy Service Health Incident Alert\",\n \"description\": \"Policy to Deploy Service Health Incident Alert\",\n \"metadata\": {\n \"version\": \"1.1.2\",\n \"category\": \"Monitoring\",\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\"\n ],\n \"_deployed_by_amba\": \"True\"\n },\n \"parameters\": {\n \"enabled\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Alert State\",\n \"description\": \"Alert state for the alert\"\n },\n \"allowedValues\": [\n \"true\",\n \"false\"\n ],\n \"defaultValue\": \"true\"\n },\n \"alertResourceGroupName\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Resource Group Name\",\n \"description\": \"Resource group the alert is placed in\"\n },\n \"defaultValue\": \"rg-amba-monitoring-001\"\n },\n \"alertResourceGroupTags\": {\n \"type\": \"Object\",\n \"metadata\": {\n \"displayName\": \"Resource Group Tags\",\n \"description\": \"Tags on the Resource group the alert is placed in\"\n },\n \"defaultValue\": {\n \"_deployed_by_amba\": true\n }\n },\n \"alertResourceGroupLocation\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Resource Group Location\",\n \"description\": \"Location of the Resource group the alert is placed in\"\n },\n \"defaultValue\": \"centralus\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Action Group Email\",\n \"description\": \"Email address to send alerts to\"\n },\n \"defaultValue\": \"action@mail.com\"\n },\n \"effect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Effect of the policy\"\n },\n \"allowedValues\": [\n \"deployIfNotExists\",\n \"disabled\"\n ],\n \"defaultValue\": \"disabled\"\n },\n \"MonitorDisable\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Tag name to disable monitoring Subscription level alerts. Set to true if monitoring should be disabled\"\n },\n \"defaultValue\": \"MonitorDisable\"\n }\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Resources/subscriptions\"\n },\n {\n \"field\": \"[[concat('tags[', parameters('MonitorDisable'), ']')]\",\n \"notEquals\": \"true\"\n }\n ]\n },\n \"then\": {\n \"effect\": \"[[parameters('effect')]\",\n \"details\": {\n \"roleDefinitionIds\": [\n \"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\n ],\n \"type\": \"Microsoft.Insights/activityLogAlerts\",\n \"existenceScope\": \"resourcegroup\",\n \"resourceGroupName\": \"[[parameters('alertResourceGroupName')]\",\n \"deploymentScope\": \"subscription\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/enabled\",\n \"equals\": \"[[parameters('enabled')]\"\n },\n {\n \"count\": {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*]\",\n \"where\": {\n \"anyOf\": [\n {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].field\",\n \"equals\": \"category\"\n },\n {\n \"field\": \"Microsoft.Insights/ActivityLogAlerts/condition.allOf[*].equals\",\n \"equals\": \"ServiceHealth\"\n }\n ]\n },\n {\n \"allOf\": [\n {\n \"field\": \"microsoft.insights/activityLogAlerts/condition.allOf[*].field\",\n \"equals\": \"properties.incidentType\"\n },\n {\n \"field\": \"microsoft.insights/activityLogAlerts/condition.allOf[*].equals\",\n \"equals\": \"Incident\"\n }\n ]\n }\n ]\n }\n },\n \"equals\": 2\n }\n ]\n },\n \"deployment\": {\n \"location\": \"northeurope\",\n \"properties\": {\n \"mode\": \"incremental\",\n \"template\": {\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"alertResourceGroupName\": {\n \"type\": \"string\"\n },\n \"alertResourceGroupTags\": {\n \"type\": \"object\"\n },\n \"alertResourceGroupLocation\": {\n \"type\": \"string\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"type\": \"string\"\n },\n \"enabled\": {\n \"type\": \"string\"\n }\n },\n \"variables\": {\n \"varALZMonitorActionGroupEmail\": \"[[array(split(parameters('ALZMonitorActionGroupEmail'),','))]\"\n },\n \"resources\": [\n {\n \"type\": \"Microsoft.Resources/resourceGroups\",\n \"apiVersion\": \"2021-04-01\",\n \"name\": \"[[parameters('alertResourceGroupName')]\",\n \"location\": \"[[parameters('alertResourceGroupLocation')]\",\n \"tags\": \"[[parameters('alertResourceGroupTags')]\"\n },\n {\n \"type\": \"Microsoft.Resources/deployments\",\n \"apiVersion\": \"2019-10-01\",\n \"name\": \"ServiceHealthIncident\",\n \"resourceGroup\": \"[[parameters('alertResourceGroupName')]\",\n \"dependsOn\": [\n \"[[concat('Microsoft.Resources/resourceGroups/', parameters('alertResourceGroupName'))]\"\n ],\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"enabled\": {\n \"type\": \"string\"\n },\n \"alertResourceGroupName\": {\n \"type\": \"string\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"type\": \"string\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"microsoft.insights/activityLogAlerts\",\n \"apiVersion\": \"2020-10-01\",\n \"name\": \"ServiceHealthIncident\",\n \"location\": \"global\",\n \"dependsOn\": [\n \"[[concat(subscription().Id, '/resourceGroups/', parameters('alertResourceGroupName'), '/providers/Microsoft.Insights/actionGroups/AmbaActionGr')]\"\n ],\n \"tags\": {\n \"_deployed_by_amba\": true\n },\n \"properties\": {\n \"actions\": {\n \"actionGroups\": [\n {\n \"actionGroupId\": \"[[concat(subscription().Id, '/resourceGroups/', parameters('alertResourceGroupName'), '/providers/Microsoft.Insights/actionGroups/AmbaActionGr')]\"\n }\n ]\n },\n \"description\": \"ServiceHealthIncidentAlert\",\n \"enabled\": \"[[parameters('enabled')]\",\n \"scopes\": [\n \"[[subscription().id]\"\n ],\n \"condition\": {\n \"allOf\": [\n {\n \"field\": \"category\",\n \"equals\": \"ServiceHealth\"\n },\n {\n \"field\": \"properties.incidentType\",\n \"equals\": \"Incident\"\n }\n ]\n },\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('enabled')]\"\n }\n }\n }\n },\n {\n \"type\": \"Microsoft.Insights/actionGroups\",\n \"apiVersion\": \"2022-06-01\",\n \"name\": \"AmbaActionGr\",\n \"location\": \"global\",\n \"tags\": {\n \"_deployed_by_amba\": true\n },\n \"properties\": {\n \"groupShortName\": \"AmbaActionGr\",\n \"enabled\": true,\n \"copy\": [\n {\n \"name\": \"emailReceivers\",\n \"count\": \"[[length(variables('varALZMonitorActionGroupEmail'))]\",\n \"mode\": \"serial\",\n \"input\": {\n \"name\": \"[[concat('AlzMail-', indexOf(variables('varALZMonitorActionGroupEmail'), variables('varALZMonitorActionGroupEmail')[copyIndex('emailReceivers')]))]\",\n \"emailAddress\": \"[[trim(variables('varALZMonitorActionGroupEmail')[copyIndex('emailReceivers')])]\",\n \"useCommonSchema\": true\n }\n }\n ]\n }\n }\n ]\n },\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('enabled')]\"\n },\n \"alertResourceGroupName\": {\n \"value\": \"[[parameters('alertResourceGroupName')]\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"value\": \"[[parameters('ALZMonitorActionGroupEmail')]\"\n }\n }\n }\n }\n ]\n },\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('enabled')]\"\n },\n \"alertResourceGroupName\": {\n \"value\": \"[[parameters('alertResourceGroupName')]\"\n },\n \"alertResourceGroupTags\": {\n \"value\": \"[[parameters('alertResourceGroupTags')]\"\n },\n \"alertResourceGroupLocation\": {\n \"value\": \"[[parameters('alertResourceGroupLocation')]\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"value\": \"[[parameters('ALZMonitorActionGroupEmail')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n}\n", "$fxv#90": "{\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"name\": \"Alerting-Management\",\r\n \"properties\": {\r\n \"displayName\": \"Deploy Azure Monitor Baseline Alerts for Management\",\r\n \"description\": \"Initiative to deploy AMBA alerts relevant to the ALZ Management management group\",\r\n \"metadata\": {\r\n \"version\": \"1.0.2\",\r\n \"category\": \"Monitoring\",\r\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\r\n \"alzCloudEnvironments\": [\r\n \"AzureCloud\"\r\n ],\r\n \"_deployed_by_amba\": true\r\n },\r\n \"parameters\": {\r\n \"ALZMonitorResourceGroupName\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"ALZ-Monitoring-RG\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring Resource Group Name\",\r\n \"description\": \"Name of the resource group to deploy the ALZ monitoring resources to\"\r\n }\r\n },\r\n \"ALZMonitorResourceGroupTags\": {\r\n \"type\": \"Object\",\r\n \"defaultValue\": {\r\n \"_deployed_by_alz_monitor\": true\r\n },\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring Resource Group Tags\",\r\n \"description\": \"Tags to apply to the resource group\"\r\n }\r\n },\r\n \"ALZMonitorResourceGroupLocation\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"centralus\",\r\n \"metadata\": {\r\n \"displayName\": \"ALZ Monitoring Resource Group Location\",\r\n \"description\": \"Location of the resource group\"\r\n }\r\n },\r\n \"AATotalJobAlertSeverity\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"2\",\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"AA Total Job Alert Severity\",\r\n \"description\": \"Severity of the alert\"\r\n }\r\n },\r\n \"AATotalJobAlertWindowSize\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT5M\",\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"P1D\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"AA Total Job Alert Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n }\r\n },\r\n \"AATotalJobAlertEvaluationFrequency\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT1M\",\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"AA Total Job Alert Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n }\r\n },\r\n \"AATotalJobAlertPolicyEffect\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"deployIfNotExists\",\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"AA Total Job Alert Policy Effect\",\r\n \"description\": \"Policy effect for the alert\"\r\n }\r\n },\r\n \"AATotalJobAlertAlertState\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"displayName\": \"AA Total Job Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n }\r\n },\r\n \"AATotalJobAlertThreshold\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"20\",\r\n \"metadata\": {\r\n \"displayName\": \"AA Total Job Alert Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n }\r\n },\r\n \"RVBackupHealthMonitorPolicyEffect\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"modify\",\r\n \"allowedValues\": [\r\n \"modify\",\r\n \"audit\",\r\n \"disabled\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"RV Backup Health Monitor Policy Effect\",\r\n \"description\": \"Policy effect for the alert, modify will create the alert if it does not exist and enable it on your Recovery Vaults, audit will only audit if alerting is enabled on Recovery Vaults, disabled will not create the alert on Recovery Vaults\"\r\n }\r\n },\r\n \"StorageAccountAvailabilityAlertSeverity\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"1\",\r\n \"allowedValues\": [\r\n \"0\",\r\n \"1\",\r\n \"2\",\r\n \"3\",\r\n \"4\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Storage Account Availability Alert Severity\",\r\n \"description\": \"Severity of the alert\"\r\n }\r\n },\r\n \"StorageAccountAvailabilityWindowSize\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT5M\",\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\",\r\n \"PT6H\",\r\n \"PT12H\",\r\n \"P1D\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Storage Account Availability Alert Window Size\",\r\n \"description\": \"Window size for the alert\"\r\n }\r\n },\r\n \"StorageAccountAvailabilityFrequency\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"PT5M\",\r\n \"allowedValues\": [\r\n \"PT1M\",\r\n \"PT5M\",\r\n \"PT15M\",\r\n \"PT30M\",\r\n \"PT1H\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Storage Account Availability Alert Evaluation Frequency\",\r\n \"description\": \"Evaluation frequency for the alert\"\r\n }\r\n },\r\n \"StorageAccountAvailabilityPolicyEffect\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"deployIfNotExists\",\r\n \"allowedValues\": [\r\n \"deployIfNotExists\",\r\n \"disabled\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Storage Account Availability Alert Policy Effect\",\r\n \"description\": \"Policy effect for the alert, deployIfNotExists will create the alert if it does not exist, disabled will not create the alert\"\r\n }\r\n },\r\n \"StorageAccountAvailabilityAlertState\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"displayName\": \"Storage Account Availability Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n }\r\n },\r\n \"StorageAccountAvailabilityThreshold\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"90\",\r\n \"metadata\": {\r\n \"displayName\": \"Storage Account Availability Alert Threshold\",\r\n \"description\": \"Threshold for the alert\"\r\n }\r\n },\r\n \"activityLAWDeleteAlertState\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"displayName\": \"Activity Log Alert Delete Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n }\r\n },\r\n \"activityLAWKeyRegenAlertState\": {\r\n \"type\": \"string\",\r\n \"defaultValue\": \"true\",\r\n \"metadata\": {\r\n \"displayName\": \"Activity Log Alert Key Regen Alert State\",\r\n \"description\": \"Alert state for the alert\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"ALZ_activityLAWDelete\",\r\n \"policyDefinitionId\": \"[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_LAWorkspace_Delete')]\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('activityLAWDeleteAlertState')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('ALZMonitorResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('ALZMonitorResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('ALZMonitorResourceGroupLocation')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ALZ_activityLAWKeyRegen\",\r\n \"policyDefinitionId\": \"[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_LAWorkspace_KeyRegen')]\",\r\n \"parameters\": {\r\n \"enabled\": {\r\n \"value\": \"[[parameters('activityLAWKeyRegenAlertState')]\"\r\n },\r\n \"alertResourceGroupName\": {\r\n \"value\": \"[[parameters('ALZMonitorResourceGroupName')]\"\r\n },\r\n \"alertResourceGroupTags\": {\r\n \"value\": \"[[parameters('ALZMonitorResourceGroupTags')]\"\r\n },\r\n \"alertResourceGroupLocation\": {\r\n \"value\": \"[[parameters('ALZMonitorResourceGroupLocation')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ALZ_AATotalJob\",\r\n \"policyDefinitionId\": \"[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_AA_TotalJob_Alert')]\",\r\n \"parameters\": {\r\n \"severity\": {\r\n \"value\": \"[[parameters('AATotalJobAlertSeverity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('AATotalJobAlertWindowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('AATotalJobAlertEvaluationFrequency')]\"\r\n },\r\n \"effect\": {\r\n \"value\": \"[[parameters('AATotalJobAlertPolicyEffect')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('AATotalJobAlertAlertState')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('AATotalJobAlertThreshold')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ALZ_RVBackupHealth\",\r\n \"policyDefinitionId\": \"[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_RecoveryVault_BackupHealthMonitor_Alert')]\",\r\n \"parameters\": {\r\n \"effect\": {\r\n \"value\": \"[[parameters('RVBackupHealthMonitorPolicyEffect')]\"\r\n }\r\n }\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"ALZ_StorageAccountAvailability\",\r\n \"policyDefinitionId\": \"[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_StorageAccount_Availability_Alert')]\",\r\n \"parameters\": {\r\n \"severity\": {\r\n \"value\": \"[[parameters('StorageAccountAvailabilityAlertSeverity')]\"\r\n },\r\n \"windowSize\": {\r\n \"value\": \"[[parameters('StorageAccountAvailabilityWindowSize')]\"\r\n },\r\n \"evaluationFrequency\": {\r\n \"value\": \"[[parameters('StorageAccountAvailabilityFrequency')]\"\r\n },\r\n \"effect\": {\r\n \"value\": \"[[parameters('StorageAccountAvailabilityPolicyEffect')]\"\r\n },\r\n \"enabled\": {\r\n \"value\": \"[[parameters('StorageAccountAvailabilityAlertState')]\"\r\n },\r\n \"threshold\": {\r\n \"value\": \"[[parameters('StorageAccountAvailabilityThreshold')]\"\r\n }\r\n }\r\n }\r\n ],\r\n \"policyType\": \"Custom\",\r\n \"policyDefinitionGroups\": null\r\n }\r\n}\r\n", - "$fxv#91": "{\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"name\": \"Alerting-ServiceHealth\",\n \"properties\": {\n \"displayName\": \"Deploy Azure Monitor Baseline Alerts for Service Health\",\n \"description\": \"Initiative to deploy AMBA Service Health alerts to Azure services\",\n \"metadata\": {\n \"version\": \"1.1.0\",\n \"category\": \"Monitoring\",\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\"\n ],\n \"_deployed_by_amba\": true\n },\n \"parameters\": {\n \"ALZMonitorResourceGroupName\": {\n \"type\": \"String\",\n \"defaultValue\": \"ALZ-Monitoring-RG\",\n \"metadata\": {\n \"displayName\": \"Resource Group Name\",\n \"description\": \"Name of the resource group to deploy the alerts to\"\n }\n },\n \"ALZMonitorResourceGroupTags\": {\n \"type\": \"Object\",\n \"defaultValue\": {\n \"_deployed_by_alz_monitor\": true\n },\n \"metadata\": {\n \"displayName\": \"Resource Group Tags\",\n \"description\": \"Tags to apply to the resource group\"\n }\n },\n \"ALZMonitorResourceGroupLocation\": {\n \"type\": \"String\",\n \"defaultValue\": \"centralus\",\n \"metadata\": {\n \"displayName\": \"Resource Group Location\",\n \"description\": \"Location of the resource group\"\n }\n },\n \"ResHlthUnhealthyAlertState\": {\n \"type\": \"string\",\n \"defaultValue\": \"true\",\n \"metadata\": {\n \"displayName\": \"Resource Health Unhealthy Alert State\",\n \"description\": \"State of the Resource Health Unhealthy alert\"\n }\n },\n \"SvcHlthAdvisoryAlertState\": {\n \"type\": \"string\",\n \"defaultValue\": \"true\",\n \"metadata\": {\n \"displayName\": \"Service Health Advisory Alert State\",\n \"description\": \"State of the Service Health Advisory alert\"\n }\n },\n \"serviceHealthAdvisoryPolicyEffect\": {\n \"type\": \"string\",\n \"defaultValue\": \"deployIfNotExists\",\n \"allowedValues\": [\n \"deployIfNotExists\",\n \"disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Service Health Advisory Alert Policy Effect\",\n \"description\": \"Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist\"\n }\n },\n \"SvcHlthIncidentAlertState\": {\n \"type\": \"string\",\n \"defaultValue\": \"true\",\n \"metadata\": {\n \"displayName\": \"Service Health Incident Alert State\",\n \"description\": \"State of the Service Health Incident alert\"\n }\n },\n \"serviceHealthIncidentPolicyEffect\": {\n \"type\": \"string\",\n \"defaultValue\": \"deployIfNotExists\",\n \"allowedValues\": [\n \"deployIfNotExists\",\n \"disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Service Health Incident Alert Policy Effect\",\n \"description\": \"Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist\"\n }\n },\n \"SvcHlthMaintenanceAlertState\": {\n \"type\": \"string\",\n \"defaultValue\": \"true\",\n \"metadata\": {\n \"displayName\": \"Service Health Maintenance Alert State\",\n \"description\": \"State of the Service Health Maintenance alert\"\n }\n },\n \"serviceHealthMaintenancePolicyEffect\": {\n \"type\": \"string\",\n \"defaultValue\": \"deployIfNotExists\",\n \"allowedValues\": [\n \"deployIfNotExists\",\n \"disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"VService Health Maintenance Alert Policy Effect\",\n \"description\": \"Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist\"\n }\n },\n \"svcHlthSecAdvisoryAlertState\": {\n \"type\": \"string\",\n \"defaultValue\": \"true\",\n \"metadata\": {\n \"displayName\": \"Service Health Security Advisory Alert State\",\n \"description\": \"State of the Service Health Security Advisory alert\"\n }\n },\n \"serviceHealthSecurityPolicyEffect\": {\n \"type\": \"string\",\n \"defaultValue\": \"deployIfNotExists\",\n \"allowedValues\": [\n \"deployIfNotExists\",\n \"disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Service Health Security Advisory Alert Policy Effect\",\n \"description\": \"Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist\"\n }\n },\n \"ALZMonitorActionGroupEmail\": {\n \"type\": \"string\",\n \"defaultValue\": \"action@mail.com\",\n \"metadata\": {\n \"displayName\": \"Action Group Email\",\n \"description\": \"Email address to send alerts to\"\n }\n },\n \"MonitorDisable\": {\n \"type\": \"string\",\n \"defaultValue\": \"MonitorDisable\",\n \"metadata\": {\n \"displayName\": \"Monitor Disable\",\n \"description\": \"Disable the Monitor\"\n }\n }\n },\n \"policyDefinitions\": [\n {\n \"policyDefinitionReferenceId\": \"ALZ_ResHlthUnhealthy\",\n \"policyDefinitionId\": \"[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_ResourceHealth_Unhealthy_Alert')]\",\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('ResHlthUnhealthyAlertState')]\"\n },\n \"alertResourceGroupName\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupName')]\"\n },\n \"alertResourceGroupTags\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupTags')]\"\n },\n \"alertResourceGroupLocation\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupLocation')]\"\n }\n }\n },\n {\n \"policyDefinitionReferenceId\": \"ALZ_SvcHlthAdvisory\",\n \"policyDefinitionId\": \"[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_ServiceHealth_HealthAdvisory')]\",\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('SvcHlthAdvisoryAlertState')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('serviceHealthAdvisoryPolicyEffect')]\"\n },\n \"alertResourceGroupName\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupName')]\"\n },\n \"alertResourceGroupTags\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupTags')]\"\n },\n \"alertResourceGroupLocation\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupLocation')]\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"value\": \"[[parameters('ALZMonitorActionGroupEmail')]\"\n }\n }\n },\n {\n \"policyDefinitionReferenceId\": \"ALZ_SvcHlthIncident\",\n \"policyDefinitionId\": \"[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_ServiceHealth_Incident')]\",\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('SvcHlthIncidentAlertState')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('serviceHealthIncidentPolicyEffect')]\"\n },\n \"alertResourceGroupName\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupName')]\"\n },\n \"alertResourceGroupTags\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupTags')]\"\n },\n \"alertResourceGroupLocation\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupLocation')]\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"value\": \"[[parameters('ALZMonitorActionGroupEmail')]\"\n }\n }\n },\n {\n \"policyDefinitionReferenceId\": \"ALZ_SvcHlthMaintenance\",\n \"policyDefinitionId\": \"[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_ServiceHealth_Maintenance')]\",\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('SvcHlthMaintenanceAlertState')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('serviceHealthMaintenancePolicyEffect')]\"\n },\n \"alertResourceGroupName\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupName')]\"\n },\n \"alertResourceGroupTags\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupTags')]\"\n },\n \"alertResourceGroupLocation\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupLocation')]\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"value\": \"[[parameters('ALZMonitorActionGroupEmail')]\"\n }\n }\n },\n {\n \"policyDefinitionReferenceId\": \"ALZ_svcHlthSecAdvisory\",\n \"policyDefinitionId\": \"[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_ServiceHealth_SecurityAdvisory')]\",\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('svcHlthSecAdvisoryAlertState')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('serviceHealthSecurityPolicyEffect')]\"\n },\n \"alertResourceGroupName\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupName')]\"\n },\n \"alertResourceGroupTags\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupTags')]\"\n },\n \"alertResourceGroupLocation\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupLocation')]\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"value\": \"[[parameters('ALZMonitorActionGroupEmail')]\"\n }\n }\n },\n {\n \"policyDefinitionReferenceId\": \"ALZ_AlertProcessing_Rule\",\n \"policyDefinitionId\": \"[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_AlertProcessing_Rule')]\",\n \"parameters\": {\n \"ALZMonitorResourceGroupName\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupName')]\"\n },\n \"ALZMonitorResourceGroupTags\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupTags')]\"\n },\n \"ALZMonitorResourceGroupLocation\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupLocation')]\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"value\": \"[[parameters('ALZMonitorActionGroupEmail')]\"\n },\n \"MonitorDisable\": {\n \"value\": \"[[parameters('MonitorDisable')]\"\n }\n }\n }\n ],\n \"policyType\": \"Custom\",\n \"policyDefinitionGroups\": null\n }\n}\n", + "$fxv#91": "{\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"name\": \"Alerting-ServiceHealth\",\n \"properties\": {\n \"displayName\": \"Deploy Azure Monitor Baseline Alerts for Service Health\",\n \"description\": \"Initiative to deploy AMBA Service Health alerts to Azure services\",\n \"metadata\": {\n \"version\": \"1.1.0\",\n \"category\": \"Monitoring\",\n \"source\": \"https://github.com/Azure/azure-monitor-baseline-alerts/\",\n \"alzCloudEnvironments\": [\n \"AzureCloud\"\n ],\n \"_deployed_by_amba\": true\n },\n \"parameters\": {\n \"ALZMonitorResourceGroupName\": {\n \"type\": \"String\",\n \"defaultValue\": \"ALZ-Monitoring-RG\",\n \"metadata\": {\n \"displayName\": \"Resource Group Name\",\n \"description\": \"Name of the resource group to deploy the alerts to\"\n }\n },\n \"ALZMonitorResourceGroupTags\": {\n \"type\": \"Object\",\n \"defaultValue\": {\n \"_deployed_by_alz_monitor\": true\n },\n \"metadata\": {\n \"displayName\": \"Resource Group Tags\",\n \"description\": \"Tags to apply to the resource group\"\n }\n },\n \"ALZMonitorResourceGroupLocation\": {\n \"type\": \"String\",\n \"defaultValue\": \"centralus\",\n \"metadata\": {\n \"displayName\": \"Resource Group Location\",\n \"description\": \"Location of the resource group\"\n }\n },\n \"ResHlthUnhealthyAlertState\": {\n \"type\": \"string\",\n \"defaultValue\": \"true\",\n \"metadata\": {\n \"displayName\": \"Resource Health Unhealthy Alert State\",\n \"description\": \"State of the Resource Health Unhealthy alert\"\n }\n },\n \"ResHlthUnhealthyPolicyEffect\": {\n \"type\": \"string\",\n \"defaultValue\": \"deployIfNotExists\",\n \"allowedValues\": [\n \"deployIfNotExists\",\n \"disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Resource Health Unhealthy Alert Policy Effect\",\n \"description\": \"Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist\"\n }\n },\n \"SvcHlthAdvisoryAlertState\": {\n \"type\": \"string\",\n \"defaultValue\": \"true\",\n \"metadata\": {\n \"displayName\": \"Service Health Advisory Alert State\",\n \"description\": \"State of the Service Health Advisory alert\"\n }\n },\n \"serviceHealthAdvisoryPolicyEffect\": {\n \"type\": \"string\",\n \"defaultValue\": \"deployIfNotExists\",\n \"allowedValues\": [\n \"deployIfNotExists\",\n \"disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Service Health Advisory Alert Policy Effect\",\n \"description\": \"Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist\"\n }\n },\n \"SvcHlthIncidentAlertState\": {\n \"type\": \"string\",\n \"defaultValue\": \"true\",\n \"metadata\": {\n \"displayName\": \"Service Health Incident Alert State\",\n \"description\": \"State of the Service Health Incident alert\"\n }\n },\n \"serviceHealthIncidentPolicyEffect\": {\n \"type\": \"string\",\n \"defaultValue\": \"deployIfNotExists\",\n \"allowedValues\": [\n \"deployIfNotExists\",\n \"disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Service Health Incident Alert Policy Effect\",\n \"description\": \"Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist\"\n }\n },\n \"SvcHlthMaintenanceAlertState\": {\n \"type\": \"string\",\n \"defaultValue\": \"true\",\n \"metadata\": {\n \"displayName\": \"Service Health Maintenance Alert State\",\n \"description\": \"State of the Service Health Maintenance alert\"\n }\n },\n \"serviceHealthMaintenancePolicyEffect\": {\n \"type\": \"string\",\n \"defaultValue\": \"deployIfNotExists\",\n \"allowedValues\": [\n \"deployIfNotExists\",\n \"disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Service Health Maintenance Alert Policy Effect\",\n \"description\": \"Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist\"\n }\n },\n \"svcHlthSecAdvisoryAlertState\": {\n \"type\": \"string\",\n \"defaultValue\": \"true\",\n \"metadata\": {\n \"displayName\": \"Service Health Security Advisory Alert State\",\n \"description\": \"State of the Service Health Security Advisory alert\"\n }\n },\n \"serviceHealthSecurityPolicyEffect\": {\n \"type\": \"string\",\n \"defaultValue\": \"deployIfNotExists\",\n \"allowedValues\": [\n \"deployIfNotExists\",\n \"disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Service Health Security Advisory Alert Policy Effect\",\n \"description\": \"Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist\"\n }\n },\n \"ALZMonitorActionGroupEmail\": {\n \"type\": \"string\",\n \"defaultValue\": \"action@mail.com\",\n \"metadata\": {\n \"displayName\": \"Action Group Email\",\n \"description\": \"Email address to send alerts to\"\n }\n },\n \"MonitorDisable\": {\n \"type\": \"string\",\n \"defaultValue\": \"MonitorDisable\",\n \"metadata\": {\n \"displayName\": \"Monitor Disable\",\n \"description\": \"Disable the Monitor\"\n }\n }\n },\n \"policyDefinitions\": [\n {\n \"policyDefinitionReferenceId\": \"ALZ_ResHlthUnhealthy\",\n \"policyDefinitionId\": \"[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_ResourceHealth_Unhealthy_Alert')]\",\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('ResHlthUnhealthyAlertState')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('ResHlthUnhealthyPolicyEffect')]\"\n },\n \"alertResourceGroupName\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupName')]\"\n },\n \"alertResourceGroupTags\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupTags')]\"\n },\n \"alertResourceGroupLocation\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupLocation')]\"\n }\n }\n },\n {\n \"policyDefinitionReferenceId\": \"ALZ_SvcHlthAdvisory\",\n \"policyDefinitionId\": \"[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_ServiceHealth_HealthAdvisory')]\",\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('SvcHlthAdvisoryAlertState')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('serviceHealthAdvisoryPolicyEffect')]\"\n },\n \"alertResourceGroupName\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupName')]\"\n },\n \"alertResourceGroupTags\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupTags')]\"\n },\n \"alertResourceGroupLocation\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupLocation')]\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"value\": \"[[parameters('ALZMonitorActionGroupEmail')]\"\n }\n }\n },\n {\n \"policyDefinitionReferenceId\": \"ALZ_SvcHlthIncident\",\n \"policyDefinitionId\": \"[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_ServiceHealth_Incident')]\",\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('SvcHlthIncidentAlertState')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('serviceHealthIncidentPolicyEffect')]\"\n },\n \"alertResourceGroupName\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupName')]\"\n },\n \"alertResourceGroupTags\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupTags')]\"\n },\n \"alertResourceGroupLocation\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupLocation')]\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"value\": \"[[parameters('ALZMonitorActionGroupEmail')]\"\n }\n }\n },\n {\n \"policyDefinitionReferenceId\": \"ALZ_SvcHlthMaintenance\",\n \"policyDefinitionId\": \"[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_ServiceHealth_Maintenance')]\",\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('SvcHlthMaintenanceAlertState')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('serviceHealthMaintenancePolicyEffect')]\"\n },\n \"alertResourceGroupName\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupName')]\"\n },\n \"alertResourceGroupTags\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupTags')]\"\n },\n \"alertResourceGroupLocation\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupLocation')]\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"value\": \"[[parameters('ALZMonitorActionGroupEmail')]\"\n }\n }\n },\n {\n \"policyDefinitionReferenceId\": \"ALZ_svcHlthSecAdvisory\",\n \"policyDefinitionId\": \"[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_ServiceHealth_SecurityAdvisory')]\",\n \"parameters\": {\n \"enabled\": {\n \"value\": \"[[parameters('svcHlthSecAdvisoryAlertState')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('serviceHealthSecurityPolicyEffect')]\"\n },\n \"alertResourceGroupName\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupName')]\"\n },\n \"alertResourceGroupTags\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupTags')]\"\n },\n \"alertResourceGroupLocation\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupLocation')]\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"value\": \"[[parameters('ALZMonitorActionGroupEmail')]\"\n }\n }\n },\n {\n \"policyDefinitionReferenceId\": \"ALZ_AlertProcessing_Rule\",\n \"policyDefinitionId\": \"[concat('/providers/Microsoft.Management/managementGroups/',managementGroup().name, '/providers/Microsoft.Authorization/policyDefinitions/Deploy_AlertProcessing_Rule')]\",\n \"parameters\": {\n \"ALZMonitorResourceGroupName\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupName')]\"\n },\n \"ALZMonitorResourceGroupTags\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupTags')]\"\n },\n \"ALZMonitorResourceGroupLocation\": {\n \"value\": \"[[parameters('ALZMonitorResourceGroupLocation')]\"\n },\n \"ALZMonitorActionGroupEmail\": {\n \"value\": \"[[parameters('ALZMonitorActionGroupEmail')]\"\n },\n \"MonitorDisable\": {\n \"value\": \"[[parameters('MonitorDisable')]\"\n }\n }\n }\n ],\n \"policyType\": \"Custom\",\n \"policyDefinitionGroups\": null\n }\n}\n", "cloudEnv": "[environment().name]", "defaultDeploymentLocationByCloudType": { "AzureCloud": "northeurope", From 90dad537b853f2a46627e329568775b364195984 Mon Sep 17 00:00:00 2001 From: Heyko Oelrichs Date: Wed, 25 Oct 2023 10:58:44 +0200 Subject: [PATCH 17/29] add bastion --- services/Network/bastionHosts/alerts.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 services/Network/bastionHosts/alerts.yaml diff --git a/services/Network/bastionHosts/alerts.yaml b/services/Network/bastionHosts/alerts.yaml new file mode 100644 index 000000000..6dc28df3b --- /dev/null +++ b/services/Network/bastionHosts/alerts.yaml @@ -0,0 +1,18 @@ +- name: Bastion Communication Status + description: Communication status shows 1 if all communication is good and 0 if its bad. + type: Metric + verified: false + visible: false + properties: + metricName: pingmesh + metricNamespace: Microsoft.Network/bastionHosts + severity: 2 + windowSize: PT5M + evaluationFrequency: PT5M + timeAggregation: Average + operator: LessThan + threshold: 1 + criterionType: StaticThresholdCriterion + references: + - name: Supported metrics for microsoft.network/bastionHosts + urls: https://learn.microsoft.com/en-us/azure/azure-monitor/reference/supported-metrics/microsoft-network-bastionhosts-metrics \ No newline at end of file From 4b811c3f9530554881d2004b00b4e4efda8492fb Mon Sep 17 00:00:00 2001 From: Heyko Oelrichs Date: Wed, 25 Oct 2023 11:14:09 +0200 Subject: [PATCH 18/29] adding more --- services/Network/bastionHosts/alerts.yaml | 36 +++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/services/Network/bastionHosts/alerts.yaml b/services/Network/bastionHosts/alerts.yaml index 6dc28df3b..38e938fc9 100644 --- a/services/Network/bastionHosts/alerts.yaml +++ b/services/Network/bastionHosts/alerts.yaml @@ -14,5 +14,41 @@ threshold: 1 criterionType: StaticThresholdCriterion references: + - name: Supported metrics for microsoft.network/bastionHosts + urls: https://learn.microsoft.com/en-us/azure/azure-monitor/reference/supported-metrics/microsoft-network-bastionhosts-metrics +- name: CPU Usage + description: CPU Usage stats. + type: Metric + verified: false + visible: false + properties: + metricName: usage_user + metricNamespace: Microsoft.Network/bastionHosts + severity: 3 + windowSize: PT5M + evaluationFrequency: PT5M + timeAggregation: Average + operator: GreaterThan + threshold: 85 + criterionType: StaticThresholdCriterion + references: + - name: Supported metrics for microsoft.network/bastionHosts + urls: https://learn.microsoft.com/en-us/azure/azure-monitor/reference/supported-metrics/microsoft-network-bastionhosts-metrics +- name: Memory Usage + description: Memory Usage stats. + type: Metric + verified: false + visible: false + properties: + metricName: used + metricNamespace: Microsoft.Network/bastionHosts + severity: 3 + windowSize: PT5M + evaluationFrequency: PT5M + timeAggregation: Average + operator: GreaterThan + threshold: 85 + criterionType: StaticThresholdCriterion + references: - name: Supported metrics for microsoft.network/bastionHosts urls: https://learn.microsoft.com/en-us/azure/azure-monitor/reference/supported-metrics/microsoft-network-bastionhosts-metrics \ No newline at end of file From 1906a37f838a1818d126067d218ca7d2c65d3e68 Mon Sep 17 00:00:00 2001 From: Heyko Oelrichs Date: Wed, 25 Oct 2023 11:17:39 +0200 Subject: [PATCH 19/29] add _index.md --- services/Network/bastionHosts/_index.md | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 services/Network/bastionHosts/_index.md diff --git a/services/Network/bastionHosts/_index.md b/services/Network/bastionHosts/_index.md new file mode 100644 index 000000000..9b57294b0 --- /dev/null +++ b/services/Network/bastionHosts/_index.md @@ -0,0 +1,6 @@ +--- +title: Azure Bastion Host +geekdocCollapseSection: true +--- + +{{< alertList name="alertList">}} From 0e96b13efdae68bb4f3ab73dada80faf57e680a2 Mon Sep 17 00:00:00 2001 From: Heyko Oelrichs Date: Wed, 25 Oct 2023 11:24:29 +0200 Subject: [PATCH 20/29] add missing final newline --- services/Network/bastionHosts/alerts.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/Network/bastionHosts/alerts.yaml b/services/Network/bastionHosts/alerts.yaml index 38e938fc9..496c42f8d 100644 --- a/services/Network/bastionHosts/alerts.yaml +++ b/services/Network/bastionHosts/alerts.yaml @@ -51,4 +51,4 @@ criterionType: StaticThresholdCriterion references: - name: Supported metrics for microsoft.network/bastionHosts - urls: https://learn.microsoft.com/en-us/azure/azure-monitor/reference/supported-metrics/microsoft-network-bastionhosts-metrics \ No newline at end of file + urls: https://learn.microsoft.com/en-us/azure/azure-monitor/reference/supported-metrics/microsoft-network-bastionhosts-metrics From 36275955b3cbd748a5369f345e29c8b873f18f02 Mon Sep 17 00:00:00 2001 From: Arjen Huitema Date: Wed, 25 Oct 2023 11:27:25 +0200 Subject: [PATCH 21/29] Formatting --- patterns/alz/alzArm.param.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/patterns/alz/alzArm.param.json b/patterns/alz/alzArm.param.json index 37993b872..44966ca5e 100644 --- a/patterns/alz/alzArm.param.json +++ b/patterns/alz/alzArm.param.json @@ -62,7 +62,7 @@ "value": "true" }, "ResHlthUnhealthyPolicyEffect": { - "value": "deployIfNotExists" + "value": "deployIfNotExists" }, "SvcHlthAdvisoryAlertState": { "value": "true" From 45d58125d871b3325e9e9d71dc1d2795b300b83e Mon Sep 17 00:00:00 2001 From: Joseph Barnes Date: Wed, 25 Oct 2023 11:07:56 -0500 Subject: [PATCH 22/29] Added telemetry to Microsoft Clarity --- docs/layouts/partials/head/custom.html | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 docs/layouts/partials/head/custom.html diff --git a/docs/layouts/partials/head/custom.html b/docs/layouts/partials/head/custom.html new file mode 100644 index 000000000..63483f747 --- /dev/null +++ b/docs/layouts/partials/head/custom.html @@ -0,0 +1,7 @@ + \ No newline at end of file From b9acde7b53024d6c55170900bb3c2d23030faedc Mon Sep 17 00:00:00 2001 From: Arjen Huitema Date: Wed, 25 Oct 2023 18:52:50 +0200 Subject: [PATCH 23/29] Added guide to deploy service health only --- .../Deploy-only-Service-Health-Alerts.md | 232 ++++++++++++++++++ .../patterns/alz/deploy/Remediate-Policies.md | 2 +- 2 files changed, 233 insertions(+), 1 deletion(-) create mode 100644 docs/content/patterns/alz/deploy/Deploy-only-Service-Health-Alerts.md diff --git a/docs/content/patterns/alz/deploy/Deploy-only-Service-Health-Alerts.md b/docs/content/patterns/alz/deploy/Deploy-only-Service-Health-Alerts.md new file mode 100644 index 000000000..50c810e0d --- /dev/null +++ b/docs/content/patterns/alz/deploy/Deploy-only-Service-Health-Alerts.md @@ -0,0 +1,232 @@ +--- +title: Deploy only Service Health Alerts +geekdocCollapseSection: true +weight: 70 +--- + +The following guide describes the steps to leverage the ALZ pattern to implement Service Health Alerts. When you deploy one initiative, like Service Health, you will only need the Policy Definitions required by that Initiative. You can still choose to deploy all Policy Definitions that are provided in the ALZ Pattern, this is recommended when you want to deploy other Initiatives in the future. In case you first deploy a subset of the Policy Definitions, you can easily deploy additional definitions at a later stage. This document covers two deployment options: + +1. [Quick Deployment](../Deploy-only-Service-Health-Alerts/#quick-deployment): Deploys the ALZ Pattern including all Policy Definitions, Policy Set Definitions, however, this assigns only the Service Health initiative. +1. [Custom Deployment](../Deploy-only-Service-Health-Alerts/#custom-deployment): Deploy only the Policy Definitions and Policy Set Definition that are needed for the Service Health Alerts. Assings only the Service Health initiative. + +{{< hint type=note >}} +In this example we will deploy the Service Health initiative via Azure CLI. However, the same principles and steps apply to other initiatives and deployment methods as well. +{{< /hint >}} + +  +# Quick deployment + +## 1. Parameter configuration + +To start, you can either download a copy of the parameter file or clone/fork the repository. + +- [alzArm.param.json](https://github.com/azure/azure-monitor-baseline-alerts/blob/main/patterns/alz/alzArm.param.json) + +Make the following changes to the parameter file: + +- Change the value of _enterpriseScaleCompanyPrefix_ to the management group where you wish to deploy the policies and the initiatives. This is usually the so called "pseudo root management group", e.g. in [ALZ terminology](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/resource-org-management-groups), this would be the so called "Intermediate Root Management Group" (directly beneath the "Tenant Root Group"). +- Disable initiative assignments. When deploying only the Service Health initiative you should change the value of the following parameters; _enableAMBAConnectivity_, _enableAMBAIdentity_, _enableAMBALandingZone_, _enableAMBAManagement_ to "No". +- Change the value of _ALZMonitorResourceGroupName_ to the name of the resource group where the activity logs, resource health alerts, actions groups and alert processing rules will be deployed in. +- Change the value of _ALZMonitorResourceGroupTags_ to specify the tags to be added to said resource group. +- Change the value of _ALZMonitorResourceGroupLocation_ to specify the location for said resource group. +- Change the value of _ALZMonitorActionGroupEmail_ (specific to the Service Health initiative) to the email address(es) where notifications of the alerts are sent to. + + {{< hint type=note >}} + For multiple email addresses, make sure they are entered a single string with values separated by comma. Example: + + "ALZMonitorActionGroupEmail": { + "value": "action1@mail.com , action2@mail.com , action3@mail.com" + }, + {{< /hint >}} + +## 2. Example Parameter file + +Note that the following parameter file example shows a specific example configuration that already shows other initiatives as disabled. The file shown has been truncated for brevity, compared to the samples included. + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "enterpriseScaleCompanyPrefix": { + "value": "contoso" + }, + "platformManagementGroup": { + "value": "contoso-platform" + }, + "IdentityManagementGroup": { + "value": "contoso-identity" + }, + "managementManagementGroup": { + "value": "contoso-management" + }, + "connectivityManagementGroup": { + "value": "contoso-connectivity" + }, + "LandingZoneManagementGroup": { + "value": "contoso-landingzones" + }, + "enableAMBAConnectivity": { + "value": "No" + }, + "enableAMBAIdentity": { + "value": "No" + }, + "enableAMBALandingZone": { + "value": "No" + }, + "enableAMBAManagement": { + "value": "No" + }, + "enableAMBAServiceHealth": { + "value": "Yes" + }, + "policyAssignmentParametersCommon": { + "value": { + "ALZMonitorResourceGroupName": { + "value": "rg-amba-monitoring-001" + }, + "ALZMonitorResourceGroupTags": { + "value": { + "Project": "amba-monitoring" + } + }, + "ALZMonitorResourceGroupLocation": { + "value": "eastus" + } + } + } + } +} +``` + +## 3. Configuring variables for deployment + +Open your preferred command line tool (Windows PowerShell, Cmd, Bash or other Unix shells), and navigate to the root of the cloned repo and log on to Azure with an account with at least Resource Policy Contributor access at the root of the management group hierarchy where you will be creating the policies and initiatives. + +Run the following commands: + +```bash +location="Your Azure location of choice" +pseudoRootManagementGroup="The pseudo root management group id parenting the identity, management and connectivity management groups" +``` + +{{< hint type=Important >}} +When running Azure CLI from PowerShell the variables have to start with a $. + +Above-mentioned "pseudoRootManagementGroup" variable value, being the so called "pseudo root management group id", should _coincide_ with the value of the "enterpriseScaleCompanyPrefix" parameter, as set previously within the parameter files. + +The location variable refers to the deployment location. Deploying to multiple regions is not necessary as the definitions and assignments are scoped to a management group and are not region specific. +{{< /hint >}} + +## 4. Deploying AMBA + +Using your preferred command line tool (Windows PowerShell, Cmd, Bash or other Unix shells), if you closed your previous session, navigate again to the root of the cloned repo and log on to Azure with an account with at least Resource Policy Contributor access at the root of the management group hierarchy where you will be creating the policies and initiatives. + +```bash +az deployment mg create --template-uri https://raw.githubusercontent.com/Azure/azure-monitor-baseline-alerts/main/patterns/alz/alzArm.json --location $location --management-group-id $pseudoRootManagementGroup --parameters .\patterns\alz\alzArm.param.json +``` +  +# Custom deployment + +## 1. Create a copy of policies.bicep + +To create a copy of a Bicep policy file (policies.bicep), you can use standard file copying techniques based on your operating system and programming language of choice. For example, run the following command in PowerShell: + +```powershell +Copy-Item -Path .\patterns\alz\templates\policies.bicep -Destination .\patterns\alz\templates\policies-sh.bicep +``` + +## 2. Edit policies-sh.bicep + +Open the newly created Bicep file in your favorite text editor, such as Visual Studio Code (VSCode). Edit the variables **"loadPolicyDefinitions"** and **"loadPolicySetDefinitions"** in your Bicep file to include only the relevant policy definitions. Here's an example of how you can modify these variables: + +**loadPolicyDefinitions variable** + +```bicep +{ +var loadPolicyDefinitions = { + All: [ + loadTextContent('../../../services/AlertsManagement/actionRules/Deploy-AlertProcessingRule-Deploy.json') + loadTextContent('../../../services/Resources/subscriptions/Deploy-ActivityLog-ResourceHealth-UnHealthly-Alert.json') + loadTextContent('../../../services/Resources/subscriptions/Deploy-ActivityLog-ServiceHealth-Health.json') + loadTextContent('../../../services/Resources/subscriptions/Deploy-ActivityLog-ServiceHealth-Incident.json') + loadTextContent('../../../services/Resources/subscriptions/Deploy-ActivityLog-ServiceHealth-Maintenance.json') + loadTextContent('../../../services/Resources/subscriptions/Deploy-ActivityLog-ServiceHealth-Security.json') + ] + AzureCloud: [] + AzureChinaCloud: [] + AzureUSGovernment: [] +} +} +``` + +**loadPolicySetDefinitions variable** + +```bicep +var loadPolicySetDefinitions = { + All: [ + loadTextContent('../policySetDefinitions/Deploy-ServiceHealth-Alerts.json') + ] + AzureCloud: [] + AzureChinaCloud: [] + AzureUSGovernment: [] +} +``` + +## 3. Build policies-sh.json + +To compile your Bicep file and generate the corresponding JSON ARM template file, you can use the bicep build command. Follow these steps: + +```bash +bicep build .\patterns\alz\templates\policies-sh.bicep --outfile .\patterns\alz\policyDefinitions\policies-sh.json +``` + +{{< hint type=note >}} +Make sure you have the [Bicep CLI](https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/install) installed and configured in your environment before running this command. +{{< /hint >}} + +## 4. Configuring variables for deployment + +Open your preferred command line tool (Windows PowerShell, Cmd, Bash or other Unix shells), and navigate to the root of the cloned repo and log on to Azure with an account with at least Resource Policy Contributor access at the root of the management group hierarchy where you will be creating the policies and initiatives. + +Run the following commands: + +```bash +location="Your Azure location of choice" +pseudoRootManagementGroup="The pseudo root management group id parenting the identity, management and connectivity management groups" +``` + +{{< hint type=Important >}} +When running Azure CLI from PowerShell the variables have to start with a $. + +Above-mentioned "pseudoRootManagementGroup" variable value, being the so called "pseudo root management group id", should _coincide_ with the value of the "enterpriseScaleCompanyPrefix" parameter, as set previously within the parameter files. + +The location variable refers to the deployment location. Deploying to multiple regions is not necessary as the definitions and assignments are scoped to a management group and are not region specific. +{{< /hint >}} + + +## 5. Deploy Policy Definitions +To deploy policy definitions to the intermediate management group, run the following command: + +```bash +az deployment mg create --template-file .\patterns\alz\policyDefinitions\policies-sh.json --location $location --management-group-id $pseudoRootManagementGroup +``` + +## 6. Assign the Service Health Policy Initiative +Assign an initiative by running the following command: + +```bash +az deployment mg create --template-file .\patterns\alz\policyAssignments\DINE-ServiceHealthAssignment.json --location $location --management-group-id $pseudoRootManagementGroup --parameters '{ \"topLevelManagementGroupPrefix\": { \"value\": \"contoso\" }, \"policyAssignmentParameters\": { \"value\": { \"ALZMonitorResourceGroupName\": { \"value\": \"rg-amba-monitoring-001\" }, \"ALZMonitorResourceGroupTags\": { \"value\": { \"Project\": \"amba-monitoring\" } }, \"ALZMonitorResourceGroupLocation\": { \"value\": \"eastus\" }, \"ALZMonitorActionGroupEmail\": { \"value\": \"test@test.com\"} } } }' +``` + +{{< hint type=important >}} +The final parameter is the --parameters parameter, which is used to pass a JSON string that contains the parameters for the deployment. The JSON string is enclosed in single quotes and contains escaped double quotes for the keys and values of the parameters. + +The JSON object contains two parameters: topLevelManagementGroupPrefix and policyAssignmentParameters. The topLevelManagementGroupPrefix parameter is used to specify the intermediate root management group, and should _coincide_ with the value of the "pseudoRootManagementGroup". The policyAssignmentParameters parameter is an object that contains the values for the parameters that are used to configure the monitoring resource group. The parameters include the name of the resource group, the tags for the resource group, the location of the resource group, and the email address for the action group associated with the Service Health Initiative. +{{< /hint >}} + +  +# Next steps + +To remediate non-compliant policies, please proceed with [Policy remediation](../Remediate-Policies) diff --git a/docs/content/patterns/alz/deploy/Remediate-Policies.md b/docs/content/patterns/alz/deploy/Remediate-Policies.md index a63a7d1d0..1ea34fc4b 100644 --- a/docs/content/patterns/alz/deploy/Remediate-Policies.md +++ b/docs/content/patterns/alz/deploy/Remediate-Policies.md @@ -1,6 +1,6 @@ --- title: Remediate Policies -weight: 70 +weight: 80 --- The policies are all deploy-if-not-exists, by default, meaning that any new deployments will be influenced by them. Therefore, if you are deploying in a greenfield scenario and will afterwards be deploying any of the covered resource types, including subscriptions, then the policies will take effect and the relevant alert rules, action groups and alert processing rules will be created. From 6eab87989c246661cb5c6979b270382d81408785 Mon Sep 17 00:00:00 2001 From: Joseph Barnes Date: Wed, 25 Oct 2023 12:18:07 -0500 Subject: [PATCH 24/29] added privacy page --- config/_default/hugo.toml | 2 +- docs/content/privacy/_index.md | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) create mode 100644 docs/content/privacy/_index.md diff --git a/config/_default/hugo.toml b/config/_default/hugo.toml index de4726657..851ad47b1 100644 --- a/config/_default/hugo.toml +++ b/config/_default/hugo.toml @@ -115,7 +115,7 @@ enableRobotsTXT = true # (Optional, default none) Add a link to your Privacy Policy page to the site footer. # It can be either a remote url or a local file path relative to your content directory. - # geekdocPrivacyPolicy = "/privacy" + geekdocPrivacyPolicy = "privacy" # (Optional, default true) Add an anchor link to headlines. geekdocAnchor = true diff --git a/docs/content/privacy/_index.md b/docs/content/privacy/_index.md new file mode 100644 index 000000000..d79689da9 --- /dev/null +++ b/docs/content/privacy/_index.md @@ -0,0 +1,6 @@ +--- +title: Privacy +geekdocHidden: true +--- + +We partner with Microsoft Clarity to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay to improve the content and usage of the website. Website usage data is captured using first and third-party cookies and other tracking technologies and is used for site optimization. For more information about how Microsoft collects and uses your data, visit the [Microsoft Privacy Statement](https://privacy.microsoft.com/en-US/privacystatement). From cc334068a829e1dbe26a0e954809bed52fe264e3 Mon Sep 17 00:00:00 2001 From: Arjen Huitema Date: Wed, 25 Oct 2023 19:55:56 +0200 Subject: [PATCH 25/29] Update docs/content/patterns/alz/deploy/Deploy-only-Service-Health-Alerts.md Co-authored-by: Paul Grimley <25264573+paulgrimley@users.noreply.github.com> --- .../patterns/alz/deploy/Deploy-only-Service-Health-Alerts.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/content/patterns/alz/deploy/Deploy-only-Service-Health-Alerts.md b/docs/content/patterns/alz/deploy/Deploy-only-Service-Health-Alerts.md index 50c810e0d..c2e3998fe 100644 --- a/docs/content/patterns/alz/deploy/Deploy-only-Service-Health-Alerts.md +++ b/docs/content/patterns/alz/deploy/Deploy-only-Service-Health-Alerts.md @@ -4,7 +4,7 @@ geekdocCollapseSection: true weight: 70 --- -The following guide describes the steps to leverage the ALZ pattern to implement Service Health Alerts. When you deploy one initiative, like Service Health, you will only need the Policy Definitions required by that Initiative. You can still choose to deploy all Policy Definitions that are provided in the ALZ Pattern, this is recommended when you want to deploy other Initiatives in the future. In case you first deploy a subset of the Policy Definitions, you can easily deploy additional definitions at a later stage. This document covers two deployment options: +The following guide describes the steps to leverage the ALZ pattern to implement Service Health Alerts. When you deploy one Initiative, like Service Health, you will only need the Policy Definitions required by that Initiative. You can still choose to deploy all Policy Definitions that are provided in the ALZ Pattern, this is recommended when you want to deploy other Initiatives in the future. In case you first deploy a subset of the Policy Definitions, you can easily deploy additional definitions at a later stage. This document covers two deployment options: 1. [Quick Deployment](../Deploy-only-Service-Health-Alerts/#quick-deployment): Deploys the ALZ Pattern including all Policy Definitions, Policy Set Definitions, however, this assigns only the Service Health initiative. 1. [Custom Deployment](../Deploy-only-Service-Health-Alerts/#custom-deployment): Deploy only the Policy Definitions and Policy Set Definition that are needed for the Service Health Alerts. Assings only the Service Health initiative. From 4c6223a8eaee17160b712aa46e966534e352db1c Mon Sep 17 00:00:00 2001 From: Arjen Huitema Date: Wed, 25 Oct 2023 19:56:02 +0200 Subject: [PATCH 26/29] Update docs/content/patterns/alz/deploy/Deploy-only-Service-Health-Alerts.md Co-authored-by: Paul Grimley <25264573+paulgrimley@users.noreply.github.com> --- .../patterns/alz/deploy/Deploy-only-Service-Health-Alerts.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/content/patterns/alz/deploy/Deploy-only-Service-Health-Alerts.md b/docs/content/patterns/alz/deploy/Deploy-only-Service-Health-Alerts.md index c2e3998fe..fbd7e7d84 100644 --- a/docs/content/patterns/alz/deploy/Deploy-only-Service-Health-Alerts.md +++ b/docs/content/patterns/alz/deploy/Deploy-only-Service-Health-Alerts.md @@ -6,7 +6,7 @@ weight: 70 The following guide describes the steps to leverage the ALZ pattern to implement Service Health Alerts. When you deploy one Initiative, like Service Health, you will only need the Policy Definitions required by that Initiative. You can still choose to deploy all Policy Definitions that are provided in the ALZ Pattern, this is recommended when you want to deploy other Initiatives in the future. In case you first deploy a subset of the Policy Definitions, you can easily deploy additional definitions at a later stage. This document covers two deployment options: -1. [Quick Deployment](../Deploy-only-Service-Health-Alerts/#quick-deployment): Deploys the ALZ Pattern including all Policy Definitions, Policy Set Definitions, however, this assigns only the Service Health initiative. +1. [Quick Deployment](../Deploy-only-Service-Health-Alerts/#quick-deployment): Deploys the ALZ Pattern including all Policy Definitions, Policy Set Definitions, however, this assigns only the Service Health Initiative. 1. [Custom Deployment](../Deploy-only-Service-Health-Alerts/#custom-deployment): Deploy only the Policy Definitions and Policy Set Definition that are needed for the Service Health Alerts. Assings only the Service Health initiative. {{< hint type=note >}} From d0c562ce026b464f2f55c97438fd11ec753e6c70 Mon Sep 17 00:00:00 2001 From: Arjen Huitema Date: Wed, 25 Oct 2023 19:56:12 +0200 Subject: [PATCH 27/29] Update docs/content/patterns/alz/deploy/Deploy-only-Service-Health-Alerts.md Co-authored-by: Paul Grimley <25264573+paulgrimley@users.noreply.github.com> --- .../patterns/alz/deploy/Deploy-only-Service-Health-Alerts.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/content/patterns/alz/deploy/Deploy-only-Service-Health-Alerts.md b/docs/content/patterns/alz/deploy/Deploy-only-Service-Health-Alerts.md index fbd7e7d84..01fc1c01c 100644 --- a/docs/content/patterns/alz/deploy/Deploy-only-Service-Health-Alerts.md +++ b/docs/content/patterns/alz/deploy/Deploy-only-Service-Health-Alerts.md @@ -10,7 +10,7 @@ The following guide describes the steps to leverage the ALZ pattern to implement 1. [Custom Deployment](../Deploy-only-Service-Health-Alerts/#custom-deployment): Deploy only the Policy Definitions and Policy Set Definition that are needed for the Service Health Alerts. Assings only the Service Health initiative. {{< hint type=note >}} -In this example we will deploy the Service Health initiative via Azure CLI. However, the same principles and steps apply to other initiatives and deployment methods as well. +In this example we will deploy the Service Health initiative via Azure CLI. However, the same principles and steps apply to other Initiatives and deployment methods as well. {{< /hint >}}   From 00ed6d1e1cbd9fd32019614aeb9d5a805cef34af Mon Sep 17 00:00:00 2001 From: Arjen Huitema Date: Wed, 25 Oct 2023 20:08:12 +0200 Subject: [PATCH 28/29] Use same language Policy Set Definition --- .../Deploy-only-Service-Health-Alerts.md | 28 +++++++++---------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/docs/content/patterns/alz/deploy/Deploy-only-Service-Health-Alerts.md b/docs/content/patterns/alz/deploy/Deploy-only-Service-Health-Alerts.md index 01fc1c01c..981f07d39 100644 --- a/docs/content/patterns/alz/deploy/Deploy-only-Service-Health-Alerts.md +++ b/docs/content/patterns/alz/deploy/Deploy-only-Service-Health-Alerts.md @@ -4,13 +4,13 @@ geekdocCollapseSection: true weight: 70 --- -The following guide describes the steps to leverage the ALZ pattern to implement Service Health Alerts. When you deploy one Initiative, like Service Health, you will only need the Policy Definitions required by that Initiative. You can still choose to deploy all Policy Definitions that are provided in the ALZ Pattern, this is recommended when you want to deploy other Initiatives in the future. In case you first deploy a subset of the Policy Definitions, you can easily deploy additional definitions at a later stage. This document covers two deployment options: +The following guide describes the steps to leverage the ALZ pattern to implement Service Health Alerts. When you deploy one Policy Set Definition, like Service Health, you will only need the Policy Definitions required by that Policy Set Definition. You can still choose to deploy all Policy Definitions that are provided in the ALZ Pattern, this is recommended when you want to deploy other Policy Set Definitions in the future. In case you first deploy a subset of the Policy Definitions, you can easily deploy additional definitions at a later stage. This document covers two deployment options: -1. [Quick Deployment](../Deploy-only-Service-Health-Alerts/#quick-deployment): Deploys the ALZ Pattern including all Policy Definitions, Policy Set Definitions, however, this assigns only the Service Health Initiative. -1. [Custom Deployment](../Deploy-only-Service-Health-Alerts/#custom-deployment): Deploy only the Policy Definitions and Policy Set Definition that are needed for the Service Health Alerts. Assings only the Service Health initiative. +1. [Quick Deployment](../Deploy-only-Service-Health-Alerts/#quick-deployment): Deploys the ALZ Pattern including all Policy Definitions, Policy Set Definitions, however, this assigns only the Service Health Policy Set Definition. +1. [Custom Deployment](../Deploy-only-Service-Health-Alerts/#custom-deployment): Deploy only the Policy Definitions and Policy Set Definition that are needed for the Service Health Alerts. Assings only the Service Health Policy Set Definition. {{< hint type=note >}} -In this example we will deploy the Service Health initiative via Azure CLI. However, the same principles and steps apply to other Initiatives and deployment methods as well. +In this example we will deploy the Service Health Policy Set Definition via Azure CLI. However, the same principles and steps apply to other Policy Set Definitions and deployment methods as well. {{< /hint >}}   @@ -24,12 +24,12 @@ To start, you can either download a copy of the parameter file or clone/fork the Make the following changes to the parameter file: -- Change the value of _enterpriseScaleCompanyPrefix_ to the management group where you wish to deploy the policies and the initiatives. This is usually the so called "pseudo root management group", e.g. in [ALZ terminology](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/resource-org-management-groups), this would be the so called "Intermediate Root Management Group" (directly beneath the "Tenant Root Group"). -- Disable initiative assignments. When deploying only the Service Health initiative you should change the value of the following parameters; _enableAMBAConnectivity_, _enableAMBAIdentity_, _enableAMBALandingZone_, _enableAMBAManagement_ to "No". +- Change the value of _enterpriseScaleCompanyPrefix_ to the management group where you wish to deploy the policies and the Policy Set Definitions. This is usually the so called "pseudo root management group", e.g. in [ALZ terminology](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/resource-org-management-groups), this would be the so called "Intermediate Root Management Group" (directly beneath the "Tenant Root Group"). +- Disable Policy Set Definition assignments. When deploying only the Service Health Policy Set Definition you should change the value of the following parameters; _enableAMBAConnectivity_, _enableAMBAIdentity_, _enableAMBALandingZone_, _enableAMBAManagement_ to "No". - Change the value of _ALZMonitorResourceGroupName_ to the name of the resource group where the activity logs, resource health alerts, actions groups and alert processing rules will be deployed in. - Change the value of _ALZMonitorResourceGroupTags_ to specify the tags to be added to said resource group. - Change the value of _ALZMonitorResourceGroupLocation_ to specify the location for said resource group. -- Change the value of _ALZMonitorActionGroupEmail_ (specific to the Service Health initiative) to the email address(es) where notifications of the alerts are sent to. +- Change the value of _ALZMonitorActionGroupEmail_ (specific to the Service Health Policy Set Definition) to the email address(es) where notifications of the alerts are sent to. {{< hint type=note >}} For multiple email addresses, make sure they are entered a single string with values separated by comma. Example: @@ -41,7 +41,7 @@ Make the following changes to the parameter file: ## 2. Example Parameter file -Note that the following parameter file example shows a specific example configuration that already shows other initiatives as disabled. The file shown has been truncated for brevity, compared to the samples included. +Note that the following parameter file example shows a specific example configuration that already shows other Policy Set Definitions as disabled. The file shown has been truncated for brevity, compared to the samples included. ```json { @@ -102,7 +102,7 @@ Note that the following parameter file example shows a specific example configur ## 3. Configuring variables for deployment -Open your preferred command line tool (Windows PowerShell, Cmd, Bash or other Unix shells), and navigate to the root of the cloned repo and log on to Azure with an account with at least Resource Policy Contributor access at the root of the management group hierarchy where you will be creating the policies and initiatives. +Open your preferred command line tool (Windows PowerShell, Cmd, Bash or other Unix shells), and navigate to the root of the cloned repo and log on to Azure with an account with at least Resource Policy Contributor access at the root of the management group hierarchy where you will be creating the policies and Policy Set Definitions. Run the following commands: @@ -121,7 +121,7 @@ The location variable refers to the deployment location. Deploying to multiple r ## 4. Deploying AMBA -Using your preferred command line tool (Windows PowerShell, Cmd, Bash or other Unix shells), if you closed your previous session, navigate again to the root of the cloned repo and log on to Azure with an account with at least Resource Policy Contributor access at the root of the management group hierarchy where you will be creating the policies and initiatives. +Using your preferred command line tool (Windows PowerShell, Cmd, Bash or other Unix shells), if you closed your previous session, navigate again to the root of the cloned repo and log on to Azure with an account with at least Resource Policy Contributor access at the root of the management group hierarchy where you will be creating the policies and Policy Set Definitions. ```bash az deployment mg create --template-uri https://raw.githubusercontent.com/Azure/azure-monitor-baseline-alerts/main/patterns/alz/alzArm.json --location $location --management-group-id $pseudoRootManagementGroup --parameters .\patterns\alz\alzArm.param.json @@ -188,7 +188,7 @@ Make sure you have the [Bicep CLI](https://learn.microsoft.com/en-us/azure/azure ## 4. Configuring variables for deployment -Open your preferred command line tool (Windows PowerShell, Cmd, Bash or other Unix shells), and navigate to the root of the cloned repo and log on to Azure with an account with at least Resource Policy Contributor access at the root of the management group hierarchy where you will be creating the policies and initiatives. +Open your preferred command line tool (Windows PowerShell, Cmd, Bash or other Unix shells), and navigate to the root of the cloned repo and log on to Azure with an account with at least Resource Policy Contributor access at the root of the management group hierarchy where you will be creating the policies and Policy Set Definitions. Run the following commands: @@ -213,8 +213,8 @@ To deploy policy definitions to the intermediate management group, run the follo az deployment mg create --template-file .\patterns\alz\policyDefinitions\policies-sh.json --location $location --management-group-id $pseudoRootManagementGroup ``` -## 6. Assign the Service Health Policy Initiative -Assign an initiative by running the following command: +## 6. Assign the Service Health Policy Policy Set Definition +Assign an Policy Set Definition by running the following command: ```bash az deployment mg create --template-file .\patterns\alz\policyAssignments\DINE-ServiceHealthAssignment.json --location $location --management-group-id $pseudoRootManagementGroup --parameters '{ \"topLevelManagementGroupPrefix\": { \"value\": \"contoso\" }, \"policyAssignmentParameters\": { \"value\": { \"ALZMonitorResourceGroupName\": { \"value\": \"rg-amba-monitoring-001\" }, \"ALZMonitorResourceGroupTags\": { \"value\": { \"Project\": \"amba-monitoring\" } }, \"ALZMonitorResourceGroupLocation\": { \"value\": \"eastus\" }, \"ALZMonitorActionGroupEmail\": { \"value\": \"test@test.com\"} } } }' @@ -223,7 +223,7 @@ az deployment mg create --template-file .\patterns\alz\policyAssignments\DINE-Se {{< hint type=important >}} The final parameter is the --parameters parameter, which is used to pass a JSON string that contains the parameters for the deployment. The JSON string is enclosed in single quotes and contains escaped double quotes for the keys and values of the parameters. -The JSON object contains two parameters: topLevelManagementGroupPrefix and policyAssignmentParameters. The topLevelManagementGroupPrefix parameter is used to specify the intermediate root management group, and should _coincide_ with the value of the "pseudoRootManagementGroup". The policyAssignmentParameters parameter is an object that contains the values for the parameters that are used to configure the monitoring resource group. The parameters include the name of the resource group, the tags for the resource group, the location of the resource group, and the email address for the action group associated with the Service Health Initiative. +The JSON object contains two parameters: topLevelManagementGroupPrefix and policyAssignmentParameters. The topLevelManagementGroupPrefix parameter is used to specify the intermediate root management group, and should _coincide_ with the value of the "pseudoRootManagementGroup". The policyAssignmentParameters parameter is an object that contains the values for the parameters that are used to configure the monitoring resource group. The parameters include the name of the resource group, the tags for the resource group, the location of the resource group, and the email address for the action group associated with the Service Health Policy Set Definition. {{< /hint >}}   From 1a63f53a3e5874db4f5fb1d2af385e43a5ebfe9d Mon Sep 17 00:00:00 2001 From: Arjen Huitema Date: Fri, 27 Oct 2023 11:08:26 +0200 Subject: [PATCH 29/29] Changed wording --- .../Deploy-only-Service-Health-Alerts.md | 28 +++++++++---------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/docs/content/patterns/alz/deploy/Deploy-only-Service-Health-Alerts.md b/docs/content/patterns/alz/deploy/Deploy-only-Service-Health-Alerts.md index 981f07d39..a5bf1ff27 100644 --- a/docs/content/patterns/alz/deploy/Deploy-only-Service-Health-Alerts.md +++ b/docs/content/patterns/alz/deploy/Deploy-only-Service-Health-Alerts.md @@ -24,12 +24,12 @@ To start, you can either download a copy of the parameter file or clone/fork the Make the following changes to the parameter file: -- Change the value of _enterpriseScaleCompanyPrefix_ to the management group where you wish to deploy the policies and the Policy Set Definitions. This is usually the so called "pseudo root management group", e.g. in [ALZ terminology](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/resource-org-management-groups), this would be the so called "Intermediate Root Management Group" (directly beneath the "Tenant Root Group"). -- Disable Policy Set Definition assignments. When deploying only the Service Health Policy Set Definition you should change the value of the following parameters; _enableAMBAConnectivity_, _enableAMBAIdentity_, _enableAMBALandingZone_, _enableAMBAManagement_ to "No". -- Change the value of _ALZMonitorResourceGroupName_ to the name of the resource group where the activity logs, resource health alerts, actions groups and alert processing rules will be deployed in. -- Change the value of _ALZMonitorResourceGroupTags_ to specify the tags to be added to said resource group. -- Change the value of _ALZMonitorResourceGroupLocation_ to specify the location for said resource group. -- Change the value of _ALZMonitorActionGroupEmail_ (specific to the Service Health Policy Set Definition) to the email address(es) where notifications of the alerts are sent to. +- Change the value of ```enterpriseScaleCompanyPrefix``` to the management group where you wish to deploy the policies and the Policy Set Definitions. This is usually the so called "pseudo root management group", e.g. in [ALZ terminology](https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/resource-org-management-groups), this would be the so called "Intermediate Root Management Group" (directly beneath the "Tenant Root Group"). +- Disable Policy Set Definition assignments. When deploying only the Service Health Policy Set Definition you should change the value of the following parameters; ```enableAMBAConnectivity```, ```enableAMBAIdentity```, ```enableAMBALandingZone```, ```enableAMBAManagement``` to "No". +- Change the value of ```ALZMonitorResourceGroupName``` to the name of the resource group where the activity logs, resource health alerts, actions groups and alert processing rules will be deployed in. +- Change the value of ```ALZMonitorResourceGroupTags``` to specify the tags to be added to said resource group. +- Change the value of ```ALZMonitorResourceGroupLocation``` to specify the location for said resource group. +- Change the value of ```ALZMonitorActionGroupEmail``` (specific to the Service Health Policy Set Definition) to the email address(es) where notifications of the alerts are sent to. {{< hint type=note >}} For multiple email addresses, make sure they are entered a single string with values separated by comma. Example: @@ -114,9 +114,9 @@ pseudoRootManagementGroup="The pseudo root management group id parenting the ide {{< hint type=Important >}} When running Azure CLI from PowerShell the variables have to start with a $. -Above-mentioned "pseudoRootManagementGroup" variable value, being the so called "pseudo root management group id", should _coincide_ with the value of the "enterpriseScaleCompanyPrefix" parameter, as set previously within the parameter files. +Above-mentioned ```pseudoRootManagementGroup``` variable value, being the so called "pseudo root management group id", should _coincide_ with the value of the ```enterpriseScaleCompanyPrefix``` parameter, as set previously within the parameter files. -The location variable refers to the deployment location. Deploying to multiple regions is not necessary as the definitions and assignments are scoped to a management group and are not region specific. +The ```location``` variable refers to the deployment location. Deploying to multiple regions is not necessary as the definitions and assignments are scoped to a management group and are not region specific. {{< /hint >}} ## 4. Deploying AMBA @@ -139,7 +139,7 @@ Copy-Item -Path .\patterns\alz\templates\policies.bicep -Destination .\patterns\ ## 2. Edit policies-sh.bicep -Open the newly created Bicep file in your favorite text editor, such as Visual Studio Code (VSCode). Edit the variables **"loadPolicyDefinitions"** and **"loadPolicySetDefinitions"** in your Bicep file to include only the relevant policy definitions. Here's an example of how you can modify these variables: +Open the newly created Bicep file in your favorite text editor, such as Visual Studio Code (VSCode). Edit the variables ```loadPolicyDefinitions``` and ```loadPolicySetDefinitions``` in your Bicep file to include only the relevant policy definitions. You should delete or comment out the unnecessary lines. In bicep use ``` // ``` to comment a line. The example below shows the lines you need to keep for the Service Health Policy Set Definition. **loadPolicyDefinitions variable** @@ -200,9 +200,9 @@ pseudoRootManagementGroup="The pseudo root management group id parenting the ide {{< hint type=Important >}} When running Azure CLI from PowerShell the variables have to start with a $. -Above-mentioned "pseudoRootManagementGroup" variable value, being the so called "pseudo root management group id", should _coincide_ with the value of the "enterpriseScaleCompanyPrefix" parameter, as set previously within the parameter files. +Above-mentioned ```pseudoRootManagementGroup``` variable value, being the so called "pseudo root management group id", should _coincide_ with the value of the ```enterpriseScaleCompanyPrefix``` parameter, as set previously within the parameter files. -The location variable refers to the deployment location. Deploying to multiple regions is not necessary as the definitions and assignments are scoped to a management group and are not region specific. +The ```location``` variable refers to the deployment location. Deploying to multiple regions is not necessary as the definitions and assignments are scoped to a management group and are not region specific. {{< /hint >}} @@ -214,16 +214,16 @@ az deployment mg create --template-file .\patterns\alz\policyDefinitions\policie ``` ## 6. Assign the Service Health Policy Policy Set Definition -Assign an Policy Set Definition by running the following command: +Assign a Policy Set Definition by running the following command: ```bash az deployment mg create --template-file .\patterns\alz\policyAssignments\DINE-ServiceHealthAssignment.json --location $location --management-group-id $pseudoRootManagementGroup --parameters '{ \"topLevelManagementGroupPrefix\": { \"value\": \"contoso\" }, \"policyAssignmentParameters\": { \"value\": { \"ALZMonitorResourceGroupName\": { \"value\": \"rg-amba-monitoring-001\" }, \"ALZMonitorResourceGroupTags\": { \"value\": { \"Project\": \"amba-monitoring\" } }, \"ALZMonitorResourceGroupLocation\": { \"value\": \"eastus\" }, \"ALZMonitorActionGroupEmail\": { \"value\": \"test@test.com\"} } } }' ``` {{< hint type=important >}} -The final parameter is the --parameters parameter, which is used to pass a JSON string that contains the parameters for the deployment. The JSON string is enclosed in single quotes and contains escaped double quotes for the keys and values of the parameters. +The final parameter is the ```--parameters``` parameter, which is used to pass a JSON string that contains the parameters for the deployment. The JSON string is enclosed in single quotes and contains escaped double quotes for the keys and values of the parameters. -The JSON object contains two parameters: topLevelManagementGroupPrefix and policyAssignmentParameters. The topLevelManagementGroupPrefix parameter is used to specify the intermediate root management group, and should _coincide_ with the value of the "pseudoRootManagementGroup". The policyAssignmentParameters parameter is an object that contains the values for the parameters that are used to configure the monitoring resource group. The parameters include the name of the resource group, the tags for the resource group, the location of the resource group, and the email address for the action group associated with the Service Health Policy Set Definition. +The JSON object contains two parameters: ```topLevelManagementGroupPrefix``` and ```policyAssignmentParameters```. The ```topLevelManagementGroupPrefix``` parameter is used to specify the intermediate root management group, and should _coincide_ with the value of the ```pseudoRootManagementGroup```. The ```policyAssignmentParameters``` parameter is an object that contains the values for the parameters that are used to configure the monitoring resource group. The parameters include the name of the resource group, the tags for the resource group, the location of the resource group, and the email address for the action group associated with the Service Health Policy Set Definition. {{< /hint >}}