Merge pull request #118 from Azure/Dev

Merging Dev into main to include latest commits about work items #32151, #32068, #31953

docs/content/patterns/alz/Cleaning-up-a-Deployment.md

@@ -37,23 +37,29 @@ Follow the instructions below to download the cleanup script file. Alternatively
 1. Open PowerShell
 2. Install the **Az.ResourceGraph** module: `Install-Module Az.ResourceGraph`
 3. Change directories to the location of the **Start-AMBACleanup.ps1** script
-4. Sign in to the Azure with the `Connect-AzAccount` command. The account you sign in as needs to have permissions to remove Policy Assignments, Policy Definitions, and resources at the desired Management Group scope.
-5. Execute the script using the option below
+4. Configure the _**$pseudoRootManagementGroup**_ variable using the command below:
+
+  ```powershell
+  $pseudoRootManagementGroup = "The pseudo root management group id parenting the identity, management and connectivity management groups"
+  ```
+
+5. Sign in to the Azure with the `Connect-AzAccount` command. The account you sign in as needs to have permissions to remove Policy Assignments, Policy Definitions, and resources at the desired Management Group scope.
+6. Execute the script using one of the options below:
 
 **Generate a list of the resource IDs which would be deleted by this script:**
 
   ```powershell
-  ./Start-AMBACleanup.ps1 -ReportOnly
+  ./Start-AMBACleanup.ps1 -pseudoRootManagementGroup $pseudoRootManagementGroup -ReportOnly
   ```
 
 **Show output of what would happen if deletes executed:**
 
   ```powershell
-  ./Start-AMBACleanup.ps1 -WhatIf
+  ./Start-AMBACleanup.ps1 -pseudoRootManagementGroup $pseudoRootManagementGroup -WhatIf
   ```
 
 **Delete all resources deployed by the ALZ-Monitor IaC without prompting for confirmation:**
 
   ```powershell
-  ./Start-AMBACleanup.ps1 -Force
+  ./Start-AMBACleanup.ps1 -pseudoRootManagementGroup $pseudoRootManagementGroup -Force
   ```

docs/content/patterns/alz/Policy-Initiatives.md

@@ -6,11 +6,11 @@ weight: 40
 
 ## Overview
 
-This document details the ALZ-Monitor Azure policy initiatives leveraged for deploying the ALZ-Monitor baselines. For references on individual alerts/policies please refer to [Alert Details](../Alerts-Details).
+This document details the ALZ-Monitor Azure policy initiatives leveraged for deploying the ALZ-Monitor baselines. For references on individual alerts/policies, refer to [Alert Details](../Alerts-Details).
 
 ## Connectivity initiative
 
-This initiative is intended for assignment of policies relevant to networking components in ALZ. With the guidance provided in  [Introduction to deploying the ALZ Pattern](../deploy/Introduction-to-deploying-the-ALZ-Pattern), this will assign to the alz-platform-connectivity management group structure in the ALZ reference architecture. For details on which policies are included in the initiative as well as what the default enablement state of the policy is, please refer to the below table.
+This initiative is intended for assignment of policies relevant to networking components in ALZ. With the guidance provided in  [Introduction to deploying the ALZ Pattern](../deploy/Introduction-to-deploying-the-ALZ-Pattern), this will assign to the alz-platform-connectivity management group structure in the ALZ reference architecture. For details on which policies are included in the initiative as well as what the default enablement state of the policy is, refer to the below table.
 
 | **Policy Name** | **Path to policy json file** | **Policy default effect** |
 |----------|----------|----------|
@@ -55,31 +55,33 @@ This initiative is intended for assignment of policies relevant to networking co
 
 ## Management initiative
 
-This initiative is intended for assignment of policies relevant to management components in ALZ. With the guidance provided in [Introduction to deploying the ALZ Pattern](../deploy/Introduction-to-deploying-the-ALZ-Pattern), this will assign to the alz-platform-management group structure in the ALZ reference architecture. For details on which policies are included in the initiative as well as what the default enablement state of the policy is, please refer to the below table.
+This initiative is intended for assignment of policies relevant to management components in ALZ. With the guidance provided in [Introduction to deploying the ALZ Pattern](../deploy/Introduction-to-deploying-the-ALZ-Pattern), this will assign to the alz-platform-management group structure in the ALZ reference architecture. For details on which policies are included in the initiative as well as what the default enablement state of the policy is, refer to the below table.
 
 | **Policy Name** | **Path to policy json file** | **Policy default effect** |
 |----------|----------|----------|
 | Deploy_AA_TotalJob_Alert | [deploy-aa_totaljob_alert.json](../../../services/Automation/automationAccounts/Deploy-AA-TotalJob-Alert.json) | deployIfNotExists |
 | Deploy_RecoveryVault_BackupHealth_Alert | [deploy-rv_backuphealth_alert.json](../../../services/RecoveryServices/vaults/Modify-RSV-BackupHealth-Alert.json)  | modify |
 | Deploy_StorageAccount_Availability_Alert | [deploy-sa_availability_alert.json](../../../services/Storage/storageAccounts/Deploy-SA-Availability-Alert.json)  | deployIfNotExists |
+| Deploy_activitylog_StorageAccount_Delete | [Deploy_activitylog_StorageAccount_Delete.json](../../../services/Storage/storageAccounts/Deploy_activitylog_StorageAccount_Delete.json)  | deployIfNotExists |
 | Deploy_activitylog_LAWorkspace_Delete | [deploy-activitylog-LAWorkspace-Del.json](../../../services/OperationalInsights/workspaces/Deploy-ActivityLog-LAWorkspace-Del.json)  | deployIfNotExists |
 | Deploy_activitylog_LAWorkspace_KeyRegen | [deploy-activitylog-LAWorkspace-ReGen.json](../../../services/OperationalInsights/workspaces/Deploy-ActivityLog-LAWorkspace-KeyRegen.json)  | deployIfNotExists |
 
 ## Identity initiative
 
-This initiative is intended for assignment of policies relevant to identity components in ALZ. With the guidance provided in [Introduction to deploying the ALZ Pattern](../deploy/Introduction-to-deploying-the-ALZ-Pattern), this will assign to the alz-platform-identity management group structure in the ALZ reference architecture. For details on which policies are included in the initiative as well as what the default enablement state of the policy is, please refer to the below table.
+This initiative is intended for assignment of policies relevant to identity components in ALZ. With the guidance provided in [Introduction to deploying the ALZ Pattern](../deploy/Introduction-to-deploying-the-ALZ-Pattern), this will assign to the alz-platform-identity management group structure in the ALZ reference architecture. For details on which policies are included in the initiative as well as what the default enablement state of the policy is, refer to the below table.
 
 | **Policy Name** | **Path to policy json file** | **Policy default effect** |
 |----------|----------|----------|
 | Deploy_KeyVault_Requests_Alert | [deploy-kv_requests_alert.json](../../../services/KeyVault/vaults/Deploy-KV-Requests-Alert.json) | disabled |
+| Deploy_activitylog_StorageAccount_Delete | [Deploy_activitylog_StorageAccount_Delete.json](../../../services/Storage/storageAccounts/Deploy_activitylog_StorageAccount_Delete.json)  | deployIfNotExists |
 | Deploy_KeyVault_Availability_Alert | [deploy-kv_availability_alert.json](../../../services/KeyVault/vaults/Deploy-KV-Availability-Alert.json)  | disabled |
 | Deploy_KeyVault_Latency_Alert | [deploy-kv_latency_alert.json](../../../services/KeyVault/vaults/Deploy-KV-Latency-Alert.json)  | disabled |
 | Deploy_KeyVault_Capacity_Alert | [deploy-kv_capacity_alert.json](../../../services/KeyVault/vaults/Deploy-KV-Capacity-Alert.json)  | disabled |
 | Deploy_activitylog_KeyVault_Delete | [deploy-activitylog-KeyVault-Del.json](../../../services/KeyVault/vaults/Deploy-ActivityLog-KeyVault-Del.json)  | deployIfNotExists |
 
 ## Landing Zone initiative
 
-This initiative is intended for assignment of policies relevant to a landing zone in the ALZ structure. With the guidance provided in [Introduction to deploying the ALZ Pattern](../deploy/Introduction-to-deploying-the-ALZ-Pattern) this will be assigned to the Landing Zones management group in the ALZ reference architecture. For details on which policies are included in the initiative as well as what the default enablement state of the policy is, please refer to the below table.
+This initiative is intended for assignment of policies relevant to a landing zone in the ALZ structure. With the guidance provided in [Introduction to deploying the ALZ Pattern](../deploy/Introduction-to-deploying-the-ALZ-Pattern) this will be assigned to the Landing Zones management group in the ALZ reference architecture. For details on which policies are included in the initiative as well as what the default enablement state of the policy is, refer to the below table.
 
 | **Policy Name** | **Path to policy json file** | **Policy default effect** |
 |----------|----------|----------|
@@ -111,7 +113,7 @@ This initiative is intended for assignment of policies relevant to a landing zon
 
 ## Service Health initiative
 
-This initiative is intended for assignment of policies relevant to service health alerts in ALZ. With the guidance provided in [Introduction to deploying the ALZ Pattern](../deploy/Introduction-to-deploying-the-ALZ-Pattern), this will assign to the alz intermediate root management group structure in the ALZ reference architecture. For details on which policies are included in the initiative as well as what the default enablement state of the policy is, please refer to the below table.
+This initiative is intended for assignment of policies relevant to service health alerts in ALZ. With the guidance provided in [Introduction to deploying the ALZ Pattern](../deploy/Introduction-to-deploying-the-ALZ-Pattern), this will assign to the alz intermediate root management group structure in the ALZ reference architecture. For details on which policies are included in the initiative as well as what the default enablement state of the policy is, refer to the below table.
 
 | **Policy Name** | **Path to policy json file** | **Policy default effect** |
 |----------|----------|----------|

docs/content/patterns/alz/Telemetry.md

@@ -54,11 +54,12 @@ The default value is `No`, but can be changed to `Yes` in the parameter file. If
 
 The following are the unique ID's (also known as PIDs) used in the AMBA deployment
 
-| Name                            | PID                                  |
-| ------------------------------- | ------------------------------------ |
-| Azure Monitor Baseline Alerts   | d6b3b08c-5825-4b89-a62b-e3168d3d8fb0 |
-| Connectivity Policy Initiative  | 2d69aa07-8780-4697-a431-79882cb9f00e |
-| Identity Policy Initiative      | 8d257c20-97bf-4d14-acb3-38dd1436d13a |
-| Management Policy Initiative    | d87415c4-01ef-4667-af89-0b5adc14af1b |
-| LandingZone Policy Initiative   | 7bcfc615-be78-43da-b81d-98959a9465a5 |
-| ServiceHealth Policy Initiative | 860d2afd-b71e-452f-9d3a-e56196cba570 |
+| Name                                  | PID                                  |
+| ------------------------------------- | ------------------------------------ |
+| Azure Monitor Baseline Alerts         | d6b3b08c-5825-4b89-a62b-e3168d3d8fb0 |
+| Connectivity Policy Initiative        | 2d69aa07-8780-4697-a431-79882cb9f00e |
+| Identity Policy Initiative            | 8d257c20-97bf-4d14-acb3-38dd1436d13a |
+| Management Policy Initiative          | d87415c4-01ef-4667-af89-0b5adc14af1b |
+| LandingZone Policy Initiative         | 7bcfc615-be78-43da-b81d-98959a9465a5 |
+| ServiceHealth Policy Initiative       | 860d2afd-b71e-452f-9d3a-e56196cba570 |
+| Notification Assets Policy Initiative | eabaaf0b-eed4-48a9-9f91-4f7e431ba807 |

docs/content/patterns/alz/UpdateToNewReleases/Update_from_release_2023-11-14.md

@@ -0,0 +1,42 @@
+---
+title: Update from release 2023-11-14
+geekdocCollapseSection: true
+weight: 100
+---
+
+## Post update actions
+
+Updating from release 2023-11-14 will require running a post update script to remove the old Service Health action group(s) no longer in use.
+
+  To run the script, follow the instructions below:
+
+  1. Open PowerShell
+  2. Install the **Az.ResourceGraph** module: `Install-Module Az.ResourceGraph`
+  3. Change directories to the location of the **Start-AMBAOldArpCleanup.ps1** script
+  4. Configure the _**$pseudoRootManagementGroup**_ variable using the command below:
+
+  ```powershell
+  $pseudoRootManagementGroup = "The pseudo root management group id parenting the identity, management and connectivity management groups"
+  ```
+
+  1. Sign in to the Azure with the `Connect-AzAccount` command. The account you sign in as needs to have permissions to remove Policy Assignments, Policy Definitions, and resources at the desired Management Group scope.
+
+  2. Execute the script using one of the options below:
+
+  **Generate a list of the resource IDs which would be deleted by this script:**
+
+  ```powershell
+  ./Start-AMBAOldArpCleanup.ps1 -pseudoRootManagementGroup $pseudoRootManagementGroup -ReportOnly
+  ```
+
+  **Show output of what would happen if deletes executed:**
+
+  ```powershell
+  ./Start-AMBAOldArpCleanup.ps1 -pseudoRootManagementGroup $pseudoRootManagementGroup -WhatIf
+  ```
+
+  **Delete all resources deployed by the ALZ-Monitor IaC without prompting for confirmation:**
+
+  ```powershell
+  ./Start-AMBAOldArpCleanup.ps1 -pseudoRootManagementGroup $pseudoRootManagementGroup -Force
+  ```

docs/content/patterns/alz/Update-to-new-Release.md → docs/content/patterns/alz/UpdateToNewReleases/_index.md

@@ -1,5 +1,5 @@
 ---
-title: Update to a new release
+title: Update to new releases
 geekdocCollapseSection: true
 weight: 71
 ---
@@ -8,15 +8,15 @@ weight: 71
 
 The list of enhancement, additions and fixed bugs contained in every release can be seen by navigating to corresponding page linked in the home page of the [azure-monitor-baseline-alerts](https://github.com/Azure/azure-monitor-baseline-alerts) repository.
 
-On the center-right side of the page there's a specific section indicating the latest release. Click on the release number to see the release content.
+On the center-right side of the page, there's a specific section indicating the latest release. Click on the release number to see the release content.
 
 ![Releases](../media/Releases.png)
 
 </br>
 
 ## Steps to update to the latest release
 
-This section will guide you through the necessary steps to update the current deployment with the latest enhancements contained in the latest release. Guidance on updating to releases containing breaking changes is not in scope and could eventually be described in a dedicated pages.
+This section will guide you through the necessary steps to update the current deployment with the latest enhancements contained in the latest release. Guidance on updating to releases containing breaking changes is not in scope and could eventually be described in a dedicated page.
 
 {{< hint type=Important >}}
 This scenario only applies to AMBA deployments performed using GitHub. If not using GitHub, please refer to the [Can I use AMBA without a GitHub repository](../FAQ/#can-i-use-amba-without-a-github-repository) scenario documented in the *Frequently Asked Questions* making sure you update the template spec as required.
@@ -32,8 +32,8 @@ Depending if you used the official code from the official GitHub repository or f
 
 Synching a fork means that we're making sure any update made to the main branch in the official repo is replicated over yours. To sync your fork:
 
-1. Open the your GitHub repo page. If you don't remember the URL, consider that it normally looks like `https://github.com/***<YourGitHubId>***/azure-monitor-baseline-alerts`.
-2. You should be redirected to the default page which is **<> Code**. If not, click on the **<> Code** tab.
+1. Open your GitHub repo page. If you don't remember the URL, consider that it normally looks like `https://github.com/***<YourGitHubId>***/azure-monitor-baseline-alerts`.
+2. You should be redirected to the default page, which is **<> Code**. If not, click on the **<> Code** tab.
 
     ![<> Code](../media/GitHub_Code.png)
 
@@ -49,9 +49,9 @@ Synching a fork means that we're making sure any update made to the main branch
 
 ### Update your local copy (only required if you cloned your fork on your local hard drive)
 
-Within the code editor of your choice, make sure you pull the changes from your remote fork. Pulling changes from origin/main is necessary to ensure that the local branch is exactly the same as the remote. In this guide, we will use VSCode.
+Within the code editor of your choice, make sure you pull the changes from your remote fork. Pulling changes from origin/main is necessary to ensure that the local branch is exactly the same as the remote. In this guide, we will use VS Code.
 
-1. Open VSCode and open the folder containing the cloned repo.
+1. Open VS Code and open the folder containing the cloned repo.
 2. In the bottom-left corner click on the pull icon
 
     ![Pull icon](../media/PullIcon.png)
@@ -71,6 +71,8 @@ Within the code editor of your choice, make sure you pull the changes from your
 Once you reached this stage, you are ready to deploy the latest release. You can deploy using a method of your choice among the allowed one:
 
 - To deploy with GitHub Actions, please proceed with [Deploy with GitHub Actions](../deploy/Deploy-with-GitHub-Actions)
-- To deploy with Azure DevOps Pipelines, please proceed with [Deploy with Azure Pipelines](../deploy/Deploy-with-Azure-Pipelines)
+- To deploy with Azure Pipelines, please proceed with [Deploy with Azure Pipelines](../deploy/Deploy-with-Azure-Pipelines)
 - To deploy with Azure CLI, please proceed with [Deploy with Azure CLI](../deploy/Deploy-with-Azure-CLI)
 - To deploy with Azure PowerShell, please proceed with [Deploy with Azure PowerShell](../deploy/Deploy-with-Azure-PowerShell)
+
+