From fbe0ece4f83dd37bb8e8bf0b98ef8969ab79d6e6 Mon Sep 17 00:00:00 2001 From: Bryan Zabchuk Date: Wed, 1 Nov 2023 10:32:00 -0400 Subject: [PATCH 1/8] Update Connectivity initiative table, included ALB policy defs. --- .../patterns/alz/Policy-Initiatives.md | 85 ++++++++++--------- 1 file changed, 45 insertions(+), 40 deletions(-) diff --git a/docs/content/patterns/alz/Policy-Initiatives.md b/docs/content/patterns/alz/Policy-Initiatives.md index 1230aeedb..05f3ba9e0 100644 --- a/docs/content/patterns/alz/Policy-Initiatives.md +++ b/docs/content/patterns/alz/Policy-Initiatives.md @@ -12,46 +12,51 @@ This document details the ALZ-Monitor Azure policy initiatives leveraged for dep This initiative is intended for assignment of policies relevant to networking components in ALZ. With the guidance provided in [Introduction to deploying the ALZ Pattern](../deploy/Introduction-to-deploying-the-ALZ-Pattern), this will assign to the alz-platform-connectivity management group structure in the ALZ reference architecture. For details on which policies are included in the initiative as well as what the default enablement state of the policy is, please refer to the below table. -| **Policy Name** | **Path to policy json file** | **Policy default effect** | -|----------|----------|----------| -| Deploy_ERCIR_QosDropBitsInPerSecond_Alert | [deploy-ercir_qosdropsbitsin_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-ercir_qosdropsbitsin_alert.json) | deployIfNotExists | -| Deploy_ERCIR_QosDropBitsOutPerSecond_Alert | [deploy-ercir_qosdropsbitsout_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-ercir_qosdropsbitsout_alert.json) | deployIfNotExists| -| Deploy_VPNGw_BGPPeerStatus_Alert | [deploy-vpng_bgppeerstatus_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vpng_bgppeerstatus_alert.json) | deployIfNotExists| -| Deploy_VnetGw_ExpressRouteCpuUtil_Alert | [deploy-vnetg_expressroutecpuutilization_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vnetg_expressroutecpuutilization_alert.json) | deployIfNotExists| -| Deploy_VnetGw_TunnelBandwidth_Alert | [deploy-vnetg_bandwidthutilization_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vnetg_bandwidthutilization_alert.json) | deployIfNotExists | -| Deploy_VnetGw_TunnelEgress_Alert | [deploy-vnetg_egress_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vnetg_egress_alert.json) | disabled| -| Deploy_VnetGw_TunnelIngress_Alert | [deploy-vnetg_ingress_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vnetg_ingress_alert.json) | disabled | -| Deploy_VPNGw_BandwidthUtil_Alert | [deploy-vpng_bandwidthutilization_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vpng_bandwidthutilization_alert.json) | deployIfNotExists | -| Deploy_VPNGw_Egress_Alert | [deploy-vpng_egress_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vpng_egress_alert.json) | disabled | -| Deploy_VPNGw_TunnelEgressPacketDropCount_Alert | [deploy-vpng_egresspacketdropcount_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vpng_egresspacketdropcount_alert.json) | deployIfNotExists| -| Deploy_VPNGw_TunnelEgressPacketDropMismatch_Alert | [deploy-vpng_egresspacketdropmismatch_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vpng_egresspacketdropmismatch_alert.json) | deployIfNotExists| -| Deploy_VPNGw_Ingress_Alert | [deploy-vpng_ingress_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vpng_ingress_alert.json) | disabled | -| Deploy_VPNGw_TunnelIngressPacketDropCount_Alert | [deploy-vpng_ingresspacketdropcount_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vpng_ingresspacketdropcount_alert.json) | deployIfNotExists| -| Deploy_VPNGw_TunnelIngressPacketDropMismatch_Alert | [deploy-vpng_ingresspacketdropmismatch_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vpng_ingresspacketdropmismatch_alert.json) | deployIfNotExists | -| Deploy_PDNSZ_CapacityUtil_Alert | [deploy-pdnsz_capacityutilization_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-pdnsz_capacityutilization_alert.json) | deployIfNotExists| -| Deploy_PDNSZ_QueryVolume_Alert | [deploy-pdnsz_queryvolume_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-pdnsz_queryvolume_alert.json) | disabled | -| Deploy_PDNSZ_RecordSetCapacity_Alert | [deploy-pdnsz_recordsetcapacity_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-pdnsz_recordsetcapacity_alert.json) | deployIfNotExists | -| Deploy_DNSZ_RegistrationCapacityUtil_Alert | [deploy-pdnsz_registrationcapacityutilization_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-pdnsz_registrationcapacityutilization_alert.json) | deployIfNotExists| -| Deploy_ERGw_ExpressRouteBitsIn_Alert | [deploy-erg_bitsinpersecond_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-erg_bitsinpersecond_alert.json) | disabled| -| Deploy_ERGw_ExpressRouteBitsOut_Alert | [deploy-erg_bitsoutpersecond_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-erg_bitsoutpersecond_alert.json) | disabled| -| Deploy_ERGw_ExpressRouteCpuUtil_Alert | [deploy-erg_expressroutecpuutilization_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-erg_expressroutecpuutilization_alert.json) | deployIfNotExists | -| Deploy_VnetGw_TunnelEgressPacketDropMismatch_Alert | [deploy-vnetg_egresspacketdropmismatch_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vnetg_egresspacketdropmismatch_alert.json) | deployIfNotExists | -| Deploy_VnetGw_ExpressRouteBitsPerSecond_Alert | [deploy-vnetg_expressroutebitspersecond_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vnetg_expressroutebitspersecond_alert.json) | deployIfNotExists | -| Deploy_VnetGw_TunnelIngressPacketDropMismatch_Alert | [deploy-vnetg_ingresspacketdropmismatch_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vnetg_ingresspacketdropmismatch_alert.json) | deployIfNotExists | -| Deploy_VnetGw_TunnelIngressPacketDropCount_Alert | [deploy-vnetg_ingresspacketdropcount_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vnetg_ingresspacketdropcount_alert.json) | deployIfNotExists | -| Deploy_ERCIR_BgpAvailability_Alert | [deploy-ercir_bgpavailability_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-ercir_bgpavailability_alert.json) | deployIfNotExists | -| Deploy_ERCIR_ArpAvailability_Alert | [deploy-ercir_arpavailability_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-ercir_arpavailability_alert.json) | deployIfNotExists | -| Deploy_AFW_SNATPortUtilization_Alert | [deploy-afw_snatportutilization_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-afw_snatportutilization_alert.json) | deployIfNotExists | -| Deploy_AFW_FirewallHealth_Alert | [deploy-afw_firewallhealth_alert](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-afw_firewallhealth_alert.json) | deployIfNotExists | -| Deploy_PublicIp_BytesInDDoSAttack_Alert | [deploy-pip_bytesinddosattack_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-pip_bytesinddosattack_alert.json) | disabled | -| Deploy_PublicIp_DDoSAttack_Alert | [deploy-pip_ddosattack_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-pip_ddosattack_alert.json) | deployIfNotExists | -| Deploy_PublicIp_PacketsInDDoSAttack_Alert | [deploy-pip_packetsinddos_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-pip_packetsinddos_alert.json) | disabled | -| Deploy_PublicIp_VIPAvailability_Alert | [deploy-pip_vipavailability_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-pip_vipavailability_alert.json) | deployIfNotExists | -| Deploy_VNET_DDoSAttack_Alert | [deploy-vnet_ddosattack_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vnet_ddosattack_alert.json) | deployIfNotExists | -| Deploy_activitylog_Firewall_Delete | [deploy-activitylog-AzureFirewall-Del.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-activitylog-AzureFirewall-Del.json) | deployIfNotExists | -| Deploy_activitylog_RouteTable_Update | [deploy-activitylog-RouteTable-Update.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-activitylog-RouteTable-Update.json) | deployIfNotExists | -| Deploy_activitylog_NSG_Delete | [deploy-activitylog-NSG-Del.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-activitylog-NSG-Del.json) | deployIfNotExists | -| Deploy_activitylog_VPNGateway_Delete | [deploy-activitylog-VPNGate-Del.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-activitylog-VPNGate-Del.json) | deployIfNotExists | +| **Policy Name** | **Path to policy json file** | **Policy default effect** | +|-----------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------| +| Deploy_ERCIR_QosDropBitsInPerSecond_Alert | [deploy-ercir_qosdropsbitsin_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-ercir_qosdropsbitsin_alert.json) | deployIfNotExists | +| Deploy_ERCIR_QosDropBitsOutPerSecond_Alert | [deploy-ercir_qosdropsbitsout_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-ercir_qosdropsbitsout_alert.json) | deployIfNotExists | +| Deploy_VPNGw_BGPPeerStatus_Alert | [deploy-vpng_bgppeerstatus_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vpng_bgppeerstatus_alert.json) | deployIfNotExists | +| Deploy_VnetGw_ExpressRouteCpuUtil_Alert | [deploy-vnetg_expressroutecpuutilization_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vnetg_expressroutecpuutilization_alert.json) | deployIfNotExists | +| Deploy_VnetGw_TunnelBandwidth_Alert | [deploy-vnetg_bandwidthutilization_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vnetg_bandwidthutilization_alert.json) | deployIfNotExists | +| Deploy_VnetGw_TunnelEgress_Alert | [deploy-vnetg_egress_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vnetg_egress_alert.json) | disabled | +| Deploy_VnetGw_TunnelIngress_Alert | [deploy-vnetg_ingress_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vnetg_ingress_alert.json) | disabled | +| Deploy_VPNGw_BandwidthUtil_Alert | [deploy-vpng_bandwidthutilization_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vpng_bandwidthutilization_alert.json) | deployIfNotExists | +| Deploy_VPNGw_Egress_Alert | [deploy-vpng_egress_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vpng_egress_alert.json) | disabled | +| Deploy_VPNGw_TunnelEgressPacketDropCount_Alert | [deploy-vpng_egresspacketdropcount_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vpng_egresspacketdropcount_alert.json) | deployIfNotExists | +| Deploy_VPNGw_TunnelEgressPacketDropMismatch_Alert | [deploy-vpng_egresspacketdropmismatch_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vpng_egresspacketdropmismatch_alert.json) | deployIfNotExists | +| Deploy_VPNGw_Ingress_Alert | [deploy-vpng_ingress_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vpng_ingress_alert.json) | disabled | +| Deploy_VPNGw_TunnelIngressPacketDropCount_Alert | [deploy-vpng_ingresspacketdropcount_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vpng_ingresspacketdropcount_alert.json) | deployIfNotExists | +| Deploy_VPNGw_TunnelIngressPacketDropMismatch_Alert | [deploy-vpng_ingresspacketdropmismatch_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vpng_ingresspacketdropmismatch_alert.json) | deployIfNotExists | +| Deploy_PDNSZ_CapacityUtil_Alert | [deploy-pdnsz_capacityutilization_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-pdnsz_capacityutilization_alert.json) | deployIfNotExists | +| Deploy_PDNSZ_QueryVolume_Alert | [deploy-pdnsz_queryvolume_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-pdnsz_queryvolume_alert.json) | disabled | +| Deploy_PDNSZ_RecordSetCapacity_Alert | [deploy-pdnsz_recordsetcapacity_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-pdnsz_recordsetcapacity_alert.json) | deployIfNotExists | +| Deploy_DNSZ_RegistrationCapacityUtil_Alert | [deploy-pdnsz_registrationcapacityutilization_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-pdnsz_registrationcapacityutilization_alert.json) | deployIfNotExists | +| Deploy_ERGw_ExpressRouteBitsIn_Alert | [deploy-erg_bitsinpersecond_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-erg_bitsinpersecond_alert.json) | disabled | +| Deploy_ERGw_ExpressRouteBitsOut_Alert | [deploy-erg_bitsoutpersecond_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-erg_bitsoutpersecond_alert.json) | disabled | +| Deploy_ERGw_ExpressRouteCpuUtil_Alert | [deploy-erg_expressroutecpuutilization_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-erg_expressroutecpuutilization_alert.json) | deployIfNotExists | +| Deploy_VnetGw_TunnelEgressPacketDropMismatch_Alert | [deploy-vnetg_egresspacketdropmismatch_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vnetg_egresspacketdropmismatch_alert.json) | deployIfNotExists | +| Deploy_VnetGw_ExpressRouteBitsPerSecond_Alert | [deploy-vnetg_expressroutebitspersecond_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vnetg_expressroutebitspersecond_alert.json) | deployIfNotExists | +| Deploy_VnetGw_TunnelIngressPacketDropMismatch_Alert | [deploy-vnetg_ingresspacketdropmismatch_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vnetg_ingresspacketdropmismatch_alert.json) | deployIfNotExists | +| Deploy_VnetGw_TunnelIngressPacketDropCount_Alert | [deploy-vnetg_ingresspacketdropcount_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vnetg_ingresspacketdropcount_alert.json) | deployIfNotExists | +| Deploy_ERCIR_BgpAvailability_Alert | [deploy-ercir_bgpavailability_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-ercir_bgpavailability_alert.json) | deployIfNotExists | +| Deploy_ERCIR_ArpAvailability_Alert | [deploy-ercir_arpavailability_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-ercir_arpavailability_alert.json) | deployIfNotExists | +| Deploy_AFW_SNATPortUtilization_Alert | [deploy-afw_snatportutilization_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-afw_snatportutilization_alert.json) | deployIfNotExists | +| Deploy_AFW_FirewallHealth_Alert | [deploy-afw_firewallhealth_alert](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-afw_firewallhealth_alert.json) | deployIfNotExists | +| Deploy_PublicIp_BytesInDDoSAttack_Alert | [deploy-pip_bytesinddosattack_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-pip_bytesinddosattack_alert.json) | disabled | +| Deploy_PublicIp_DDoSAttack_Alert | [deploy-pip_ddosattack_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-pip_ddosattack_alert.json) | deployIfNotExists | +| Deploy_PublicIp_PacketsInDDoSAttack_Alert | [deploy-pip_packetsinddos_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-pip_packetsinddos_alert.json) | disabled | +| Deploy_PublicIp_VIPAvailability_Alert | [deploy-pip_vipavailability_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-pip_vipavailability_alert.json) | deployIfNotExists | +| Deploy_VNET_DDoSAttack_Alert | [deploy-vnet_ddosattack_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vnet_ddosattack_alert.json) | deployIfNotExists | +| Deploy_ALB_DataPathAvailability_Alert | [Deploy-LB-DatapathAvailability-Alert.json](../blob/main/services/Network/loadBalancers/Deploy-LB-DatapathAvailability-Alert.json) | deployIfNotExists | +| Deploy_ALB_GlobalBackendAvailability_Alert | [Deploy-LB-GlobalBackendAvailability-Alert.json](../blob/main/services/Network/loadBalancers/Deploy-LB-GlobalBackendAvailability-Alert.json) | deployIfNotExists | +| Deploy_ALB_HealthProbeStatus_Alert | [Deploy-LB-HealthProbeStatus-Alert.json](../blob/main/services/Network/loadBalancers/Deploy-LB-HealthProbeStatus-Alert.json) | deployIfNotExists | +| Deploy_ALB_UsedSNATPorts_Alert | [Deploy-LB-UsedSNATPorts-Alert.json](../blob/main/services/Network/loadBalancers/Deploy-LB-UsedSNATPorts-Alert.json) | deployIfNotExists | +| Deploy_activitylog_Firewall_Delete | [deploy-activitylog-AzureFirewall-Del.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-activitylog-AzureFirewall-Del.json) | deployIfNotExists | +| Deploy_activitylog_RouteTable_Update | [deploy-activitylog-RouteTable-Update.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-activitylog-RouteTable-Update.json) | deployIfNotExists | +| Deploy_activitylog_NSG_Delete | [deploy-activitylog-NSG-Del.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-activitylog-NSG-Del.json) | deployIfNotExists | +| Deploy_activitylog_VPNGateway_Delete | [deploy-activitylog-VPNGate-Del.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-activitylog-VPNGate-Del.json) | deployIfNotExists | + ## Management initiative From 77169c0d3462d11d71f5272491339db6e78e2537 Mon Sep 17 00:00:00 2001 From: Bryan Zabchuk Date: Wed, 1 Nov 2023 11:16:05 -0400 Subject: [PATCH 2/8] Updated Landing Zone initiative table in Policy-Initiatives.md to add App Gateway policy defs. --- docs/content/patterns/alz/Policy-Initiatives.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/docs/content/patterns/alz/Policy-Initiatives.md b/docs/content/patterns/alz/Policy-Initiatives.md index 05f3ba9e0..1f43b887a 100644 --- a/docs/content/patterns/alz/Policy-Initiatives.md +++ b/docs/content/patterns/alz/Policy-Initiatives.md @@ -113,6 +113,14 @@ This initiative is intended for assignment of policies relevant to a landing zon | Deploy_VM_dataDiskSpace_Alert | [deploy-vm-dataDiskSpace_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vm-dataDiskSpace_alert.json) | deployIfNotExists | | Deploy_VM_dataDiskReadLatency_Alert | [deploy-vm-dataDiskreadLatency_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vm-dataDiskreadLatency_alert.json) | deployIfNotExists | | Deploy_VM_dataDiskWriteLatency_Alert | [deploy-vm-dataDiskwriteLatency_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vm-dataDiskwriteLatency_alert.json) | deployIfNotExists | +| Deploy_AG_ApplicationGatewayTotalTime_Alert | [Deploy-AGW-ApplicationGatewayTotalTime-Alert.json](../blob/main/services/Network/applicationGateways/Deploy-AGW-ApplicationGatewayTotalTime-Alert.json) | deployIfNotExists | +| Deploy_AG_BackendLastByteResponseTime_Alert | [Deploy-AGW-BackendLastByteResponseTime-Alert.json](../blob/main/services/Network/applicationGateways/Deploy-AGW-BackendLastByteResponseTime-Alert.json) | deployIfNotExists | +| Deploy_AG_CapacityUnits_Alert | [Deploy-AGW-CapacityUnits-Alert.json](../blob/main/services/Network/applicationGateways/Deploy-AGW-CapacityUnits-Alert.json) | deployIfNotExists | +| Deploy_AG_ComputeUnits_Alert | [Deploy-AGW-ComputeUnits-Alert.json](../blob/main/services/Network/applicationGateways/Deploy-AGW-ComputeUnits-Alert.json) | deployIfNotExists | +| Deploy_AG_CPUUtilization_Alert | [Deploy-AGW-CPUUtil-Alert.json](../blob/main/services/Network/applicationGateways/Deploy-AGW-CPUUtil-Alert.json) | deployIfNotExists | +| Deploy_AG_FailedRequests_Alert | [Deploy-AGW-FailedRequests-Alert.json](../blob/main/services/Network/applicationGateways/Deploy-AGW-FailedRequests-Alert.json) | deployIfNotExists | +| Deploy_AG_ResponseStatus_Alert | [Deploy-AGW-ResponseStatus-Alert.json](../blob/main/services/Network/applicationGateways/Deploy-AGW-ResponseStatus-Alert.json) | deployIfNotExists | +| Deploy_AG_UnhealthyHostCount_Alert | [Deploy-AGW-UnhealthyHostCount-Alert.json](../blob/main/services/Network/applicationGateways/Deploy-AGW-UnhealthyHostCount-Alert.json) | deployIfNotExists | ## Service Health initiative From e206e5eeb0ad106e9095d3324bb1dc0306c088b1 Mon Sep 17 00:00:00 2001 From: Bryan Zabchuk Date: Wed, 8 Nov 2023 12:09:54 -0500 Subject: [PATCH 3/8] Updated Landing Zone Initiative table in Policy-Initiatives.md --- .../patterns/alz/Policy-Initiatives.md | 256 +++++++----------- 1 file changed, 94 insertions(+), 162 deletions(-) diff --git a/docs/content/patterns/alz/Policy-Initiatives.md b/docs/content/patterns/alz/Policy-Initiatives.md index 5dc45414c..abb3cebc1 100644 --- a/docs/content/patterns/alz/Policy-Initiatives.md +++ b/docs/content/patterns/alz/Policy-Initiatives.md @@ -12,95 +12,51 @@ This document details the ALZ-Monitor Azure policy initiatives leveraged for dep This initiative is intended for assignment of policies relevant to networking components in ALZ. With the guidance provided in [Introduction to deploying the ALZ Pattern](../deploy/Introduction-to-deploying-the-ALZ-Pattern), this will assign to the alz-platform-connectivity management group structure in the ALZ reference architecture. For details on which policies are included in the initiative as well as what the default enablement state of the policy is, please refer to the below table. -| **Policy Name** | **Path to policy json file** | **Policy default effect** | -|-----------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------| -| Deploy_ERCIR_QosDropBitsInPerSecond_Alert | [deploy-ercir_qosdropsbitsin_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-ercir_qosdropsbitsin_alert.json) | deployIfNotExists | -| Deploy_ERCIR_QosDropBitsOutPerSecond_Alert | [deploy-ercir_qosdropsbitsout_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-ercir_qosdropsbitsout_alert.json) | deployIfNotExists | -| Deploy_VPNGw_BGPPeerStatus_Alert | [deploy-vpng_bgppeerstatus_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vpng_bgppeerstatus_alert.json) | deployIfNotExists | -| Deploy_VnetGw_ExpressRouteCpuUtil_Alert | [deploy-vnetg_expressroutecpuutilization_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vnetg_expressroutecpuutilization_alert.json) | deployIfNotExists | -| Deploy_VnetGw_TunnelBandwidth_Alert | [deploy-vnetg_bandwidthutilization_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vnetg_bandwidthutilization_alert.json) | deployIfNotExists | -| Deploy_VnetGw_TunnelEgress_Alert | [deploy-vnetg_egress_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vnetg_egress_alert.json) | disabled | -| Deploy_VnetGw_TunnelIngress_Alert | [deploy-vnetg_ingress_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vnetg_ingress_alert.json) | disabled | -| Deploy_VPNGw_BandwidthUtil_Alert | [deploy-vpng_bandwidthutilization_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vpng_bandwidthutilization_alert.json) | deployIfNotExists | -| Deploy_VPNGw_Egress_Alert | [deploy-vpng_egress_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vpng_egress_alert.json) | disabled | -| Deploy_VPNGw_TunnelEgressPacketDropCount_Alert | [deploy-vpng_egresspacketdropcount_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vpng_egresspacketdropcount_alert.json) | deployIfNotExists | -| Deploy_VPNGw_TunnelEgressPacketDropMismatch_Alert | [deploy-vpng_egresspacketdropmismatch_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vpng_egresspacketdropmismatch_alert.json) | deployIfNotExists | -| Deploy_VPNGw_Ingress_Alert | [deploy-vpng_ingress_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vpng_ingress_alert.json) | disabled | -| Deploy_VPNGw_TunnelIngressPacketDropCount_Alert | [deploy-vpng_ingresspacketdropcount_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vpng_ingresspacketdropcount_alert.json) | deployIfNotExists | -| Deploy_VPNGw_TunnelIngressPacketDropMismatch_Alert | [deploy-vpng_ingresspacketdropmismatch_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vpng_ingresspacketdropmismatch_alert.json) | deployIfNotExists | -| Deploy_PDNSZ_CapacityUtil_Alert | [deploy-pdnsz_capacityutilization_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-pdnsz_capacityutilization_alert.json) | deployIfNotExists | -| Deploy_PDNSZ_QueryVolume_Alert | [deploy-pdnsz_queryvolume_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-pdnsz_queryvolume_alert.json) | disabled | -| Deploy_PDNSZ_RecordSetCapacity_Alert | [deploy-pdnsz_recordsetcapacity_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-pdnsz_recordsetcapacity_alert.json) | deployIfNotExists | -| Deploy_DNSZ_RegistrationCapacityUtil_Alert | [deploy-pdnsz_registrationcapacityutilization_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-pdnsz_registrationcapacityutilization_alert.json) | deployIfNotExists | -| Deploy_ERGw_ExpressRouteBitsIn_Alert | [deploy-erg_bitsinpersecond_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-erg_bitsinpersecond_alert.json) | disabled | -| Deploy_ERGw_ExpressRouteBitsOut_Alert | [deploy-erg_bitsoutpersecond_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-erg_bitsoutpersecond_alert.json) | disabled | -| Deploy_ERGw_ExpressRouteCpuUtil_Alert | [deploy-erg_expressroutecpuutilization_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-erg_expressroutecpuutilization_alert.json) | deployIfNotExists | -| Deploy_VnetGw_TunnelEgressPacketDropMismatch_Alert | [deploy-vnetg_egresspacketdropmismatch_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vnetg_egresspacketdropmismatch_alert.json) | deployIfNotExists | -| Deploy_VnetGw_ExpressRouteBitsPerSecond_Alert | [deploy-vnetg_expressroutebitspersecond_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vnetg_expressroutebitspersecond_alert.json) | deployIfNotExists | -| Deploy_VnetGw_TunnelIngressPacketDropMismatch_Alert | [deploy-vnetg_ingresspacketdropmismatch_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vnetg_ingresspacketdropmismatch_alert.json) | deployIfNotExists | -| Deploy_VnetGw_TunnelIngressPacketDropCount_Alert | [deploy-vnetg_ingresspacketdropcount_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vnetg_ingresspacketdropcount_alert.json) | deployIfNotExists | -| Deploy_ERCIR_BgpAvailability_Alert | [deploy-ercir_bgpavailability_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-ercir_bgpavailability_alert.json) | deployIfNotExists | -| Deploy_ERCIR_ArpAvailability_Alert | [deploy-ercir_arpavailability_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-ercir_arpavailability_alert.json) | deployIfNotExists | -| Deploy_AFW_SNATPortUtilization_Alert | [deploy-afw_snatportutilization_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-afw_snatportutilization_alert.json) | deployIfNotExists | -| Deploy_AFW_FirewallHealth_Alert | [deploy-afw_firewallhealth_alert](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-afw_firewallhealth_alert.json) | deployIfNotExists | -| Deploy_PublicIp_BytesInDDoSAttack_Alert | [deploy-pip_bytesinddosattack_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-pip_bytesinddosattack_alert.json) | disabled | -| Deploy_PublicIp_DDoSAttack_Alert | [deploy-pip_ddosattack_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-pip_ddosattack_alert.json) | deployIfNotExists | -| Deploy_PublicIp_PacketsInDDoSAttack_Alert | [deploy-pip_packetsinddos_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-pip_packetsinddos_alert.json) | disabled | -| Deploy_PublicIp_VIPAvailability_Alert | [deploy-pip_vipavailability_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-pip_vipavailability_alert.json) | deployIfNotExists | -| Deploy_VNET_DDoSAttack_Alert | [deploy-vnet_ddosattack_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vnet_ddosattack_alert.json) | deployIfNotExists | -| Deploy_ALB_DataPathAvailability_Alert | [Deploy-LB-DatapathAvailability-Alert.json](../blob/main/services/Network/loadBalancers/Deploy-LB-DatapathAvailability-Alert.json) | deployIfNotExists | -| Deploy_ALB_GlobalBackendAvailability_Alert | [Deploy-LB-GlobalBackendAvailability-Alert.json](../blob/main/services/Network/loadBalancers/Deploy-LB-GlobalBackendAvailability-Alert.json) | deployIfNotExists | -| Deploy_ALB_HealthProbeStatus_Alert | [Deploy-LB-HealthProbeStatus-Alert.json](../blob/main/services/Network/loadBalancers/Deploy-LB-HealthProbeStatus-Alert.json) | deployIfNotExists | -| Deploy_ALB_UsedSNATPorts_Alert | [Deploy-LB-UsedSNATPorts-Alert.json](../blob/main/services/Network/loadBalancers/Deploy-LB-UsedSNATPorts-Alert.json) | deployIfNotExists | -| Deploy_activitylog_Firewall_Delete | [deploy-activitylog-AzureFirewall-Del.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-activitylog-AzureFirewall-Del.json) | deployIfNotExists | -| Deploy_activitylog_RouteTable_Update | [deploy-activitylog-RouteTable-Update.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-activitylog-RouteTable-Update.json) | deployIfNotExists | -| Deploy_activitylog_NSG_Delete | [deploy-activitylog-NSG-Del.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-activitylog-NSG-Del.json) | deployIfNotExists | -| Deploy_activitylog_VPNGateway_Delete | [deploy-activitylog-VPNGate-Del.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-activitylog-VPNGate-Del.json) | deployIfNotExists | - -| **Policy Name** | **Path to policy json file** | **Policy default effect** | + +| **Policy Name**| **Path to policy json file**| **Policy default effect** | |-----------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------| -| Deploy_ERCIR_QosDropBitsInPerSecond_Alert | [deploy-ercir_qosdropsbitsin_alert.json](../../../services/Network/expressRouteCircuits/Deploy-ERCIR-QOSDropsBitsIn-Alert.json) | deployIfNotExists | -| Deploy_ERCIR_QosDropBitsOutPerSecond_Alert | [deploy-ercir_qosdropsbitsout_alert.json](../../../services/Network/expressRouteCircuits/Deploy-ERCIR-QOSDropsBitsOut-Alert.json) | deployIfNotExists | -| Deploy_VPNGw_BGPPeerStatus_Alert | [deploy-vpng_bgppeerstatus_alert.json](../../../services/Network/vpnGateways/Deploy-VPNG-BGPPeerStatus-Alert.json) | deployIfNotExists | -| Deploy_VnetGw_ExpressRouteCpuUtil_Alert | [deploy-vnetg_expressroutecpuutilization_alert.json](../../../services/Network/virtualNetworkGateways/Deploy-VNETG-ERGCPUUtilization-Alert.json) | deployIfNotExists | -| Deploy_VnetGw_TunnelBandwidth_Alert | [deploy-vnetg_bandwidthutilization_alert.json](../../../services/Network/virtualNetworkGateways/Deploy-VNETG-BandwidthUtilization-Alert.json) | deployIfNotExists | -| Deploy_VnetGw_TunnelEgress_Alert | [deploy-vnetg_egress_alert.json](../../../services/Network/virtualNetworkGateways/Deploy-VNETG-Egress-Alert.json) | disabled | -| Deploy_VnetGw_TunnelIngress_Alert | [deploy-vnetg_ingress_alert.json](../../../services/Network/virtualNetworkGateways/Deploy-VNETG-Ingress-Alert.json) | disabled | -| Deploy_VPNGw_BandwidthUtil_Alert | [deploy-vpng_bandwidthutilization_alert.json](../../../services/Network/vpnGateways/Deploy-VPNG-BandwidthUtilization-Alert.json) | deployIfNotExists | -| Deploy_VPNGw_Egress_Alert | [deploy-vpng_egress_alert.json](../../../services/Network/vpnGateways/Deploy-VPNG-Egress-Alert.json) | disabled | -| Deploy_VPNGw_TunnelEgressPacketDropCount_Alert | [deploy-vpng_egresspacketdropcount_alert.json](../../../services/Network/vpnGateways/Deploy-VPNG-EgressPacketDropCount-Alert.json) | deployIfNotExists | -| Deploy_VPNGw_TunnelEgressPacketDropMismatch_Alert | [deploy-vpng_egresspacketdropmismatch_alert.json](../../../services/Network/vpnGateways/Deploy-VPNG-EgressPacketDropMismatch-Alert.json) | deployIfNotExists | -| Deploy_VPNGw_Ingress_Alert | [deploy-vpng_ingress_alert.json](../../../services/Network/vpnGateways/Deploy-VPNG-Ingress-Alert.json) | disabled | -| Deploy_VPNGw_TunnelIngressPacketDropCount_Alert | [deploy-vpng_ingresspacketdropcount_alert.json](../../../services/Network/vpnGateways/Deploy-VPNG-IngressPacketDropCount-Alert.json) | deployIfNotExists | -| Deploy_VPNGw_TunnelIngressPacketDropMismatch_Alert | [deploy-vpng_ingresspacketdropmismatch_alert.json](../../../services/Network/vpnGateways/Deploy-VPNG-IngressPacketDropMismatch-Alert.json) | deployIfNotExists | -| Deploy_PDNSZ_CapacityUtil_Alert | [deploy-pdnsz_capacityutilization_alert.json](../../../services/Network/privateDnsZones/Deploy-PDNSZ-CapacityUtilization-Alert.json) | deployIfNotExists | -| Deploy_PDNSZ_QueryVolume_Alert | [deploy-pdnsz_queryvolume_alert.json](../../../services/Network/privateDnsZones/Deploy-PDNSZ-QueryVolume-Alert.json) | disabled | -| Deploy_PDNSZ_RecordSetCapacity_Alert | [deploy-pdnsz_recordsetcapacity_alert.json](../../../services/Network/privateDnsZones/Deploy-PDNSZ-RecordSetCapacity-Alert.json) | deployIfNotExists | -| Deploy_DNSZ_RegistrationCapacityUtil_Alert | [deploy-pdnsz_registrationcapacityutilization_alert.json](../../../services/Network/privateDnsZones/Deploy-PDNSZ-RegistrationCapacityUtilization-Alert.json) | deployIfNotExists | -| Deploy_ERGw_ExpressRouteBitsIn_Alert | [deploy-erg_bitsinpersecond_alert.json](../../../services/Network/expressRouteGateways/Deploy-ERG-BitsInPerSecond-Alert.json) | disabled | -| Deploy_ERGw_ExpressRouteBitsOut_Alert | [deploy-erg_bitsoutpersecond_alert.json](../../../services/Network/expressRouteGateways/Deploy-ERG-BitsOutPerSecond-Alert.json) | disabled | -| Deploy_ERGw_ExpressRouteCpuUtil_Alert | [deploy-erg_expressroutecpuutilization_alert.json](../../../services/Network/expressRouteGateways/Deploy-ERG-CPUUtilization-Alert.json) | deployIfNotExists | -| Deploy_VnetGw_TunnelEgressPacketDropMismatch_Alert | [deploy-vnetg_egresspacketdropmismatch_alert.json](../../../services/Network/virtualNetworkGateways/Deploy-VNETG-EgressPacketDropMismatch-Alert.json) | deployIfNotExists | -| Deploy_VnetGw_ExpressRouteBitsPerSecond_Alert | [deploy-vnetg_expressroutebitspersecond_alert.json](../../../services/Network/virtualNetworkGateways/Deploy-VNETG-ERGBitsPerSecond-Alert.json) | deployIfNotExists | -| Deploy_VnetGw_TunnelIngressPacketDropMismatch_Alert | [deploy-vnetg_ingresspacketdropmismatch_alert.json](../../../services/Network/virtualNetworkGateways/Deploy-VNETG-IngressPacketDropMismatch-Alert.json) | deployIfNotExists | -| Deploy_VnetGw_TunnelIngressPacketDropCount_Alert | [deploy-vnetg_ingresspacketdropcount_alert.json](../../../services/Network/virtualNetworkGateways/Deploy-VNETG-IngressPacketDropCount-Alert.json) | deployIfNotExists | -| Deploy_ERCIR_BgpAvailability_Alert | [deploy-ercir_bgpavailability_alert.json](../../../services/Network/expressRouteCircuits/Deploy-ERCIR-BGPAvailability-Alert.json) | deployIfNotExists | -| Deploy_ERCIR_ArpAvailability_Alert | [deploy-ercir_arpavailability_alert.json](../../../services/Network/expressRouteCircuits/Deploy-ERCIR-ARPAvailability-Alert.json) | deployIfNotExists | -| Deploy_AFW_SNATPortUtilization_Alert | [deploy-afw_snatportutilization_alert.json](../../../services/Network/azureFirewalls/Deploy-AFW-SNATPortUtilization-Alert.json) | deployIfNotExists | -| Deploy_AFW_FirewallHealth_Alert | [deploy-afw_firewallhealth_alert](../../../services/Network/azureFirewalls/Deploy-AFW-FirewallHealth-Alert.json) | deployIfNotExists | -| Deploy_PublicIp_BytesInDDoSAttack_Alert | [deploy-pip_bytesinddosattack_alert.json](../../../services/Network/publicIPAddresses/Deploy-PIP-BytesInDDOSAttack-Alert.json) | disabled | -| Deploy_PublicIp_DDoSAttack_Alert | [deploy-pip_ddosattack_alert.json](../../../services/Network/publicIPAddresses/Deploy-PIP-DDOSAttack-Alert.json) | deployIfNotExists | -| Deploy_PublicIp_PacketsInDDoSAttack_Alert | [deploy-pip_packetsinddos_alert.json](../../../services/Network/publicIPAddresses/Deploy-PIP-PacketsInDDOS-Alert.json) | disabled | -| Deploy_PublicIp_VIPAvailability_Alert | [deploy-pip_vipavailability_alert.json](../../../services/Network/publicIPAddresses/Deploy-PIP-VIPAvailability-Alert.json) | deployIfNotExists | -| Deploy_VNET_DDoSAttack_Alert | [deploy-vnet_ddosattack_alert.json](../../../services/Network/virtualNetworks/Deploy-VNET-DDOSAttack-Alert.json) | deployIfNotExists | -| Deploy_ALB_DataPathAvailability_Alert | [Deploy-LB-DatapathAvailability-Alert.json](../blob/main/services/Network/loadBalancers/Deploy-LB-DatapathAvailability-Alert.json) | deployIfNotExists | -| Deploy_ALB_GlobalBackendAvailability_Alert | [Deploy-LB-GlobalBackendAvailability-Alert.json](../blob/main/services/Network/loadBalancers/Deploy-LB-GlobalBackendAvailability-Alert.json) | deployIfNotExists | -| Deploy_ALB_HealthProbeStatus_Alert | [Deploy-LB-HealthProbeStatus-Alert.json](../blob/main/services/Network/loadBalancers/Deploy-LB-HealthProbeStatus-Alert.json) | deployIfNotExists | -| Deploy_ALB_UsedSNATPorts_Alert | [Deploy-LB-UsedSNATPorts-Alert.json](../blob/main/services/Network/loadBalancers/Deploy-LB-UsedSNATPorts-Alert.json) | deployIfNotExists | -| Deploy_activitylog_Firewall_Delete | [deploy-activitylog-AzureFirewall-Del.json](../../../services/Network/azureFirewalls/Deploy-ActivityLog-AzureFirewall-Del.json) | deployIfNotExists | -| Deploy_activitylog_RouteTable_Update | [deploy-activitylog-RouteTable-Update.json](../../../services/Network/routeTables/Deploy-ActivityLog-RouteTable-Update.json) | deployIfNotExists | -| Deploy_activitylog_NSG_Delete | [deploy-activitylog-NSG-Del.json](../../../services/Network/networkSecurityGroups/Deploy-ActivityLog-NSG-Del.json) | deployIfNotExists | -| Deploy_activitylog_VPNGateway_Delete | [deploy-activitylog-VPNGate-Del.json](../../../services/Network/vpnGateways/Deploy-ActivityLog-VPNG-Del.json) | deployIfNotExists | +| Deploy_ERCIR_QosDropBitsInPerSecond_Alert | [deploy-ercir_qosdropsbitsin_alert.json](../../../../services/Network/expressRouteCircuits/Deploy-ERCIR-QOSDropsBitsIn-Alert.json) | deployIfNotExists | +| Deploy_ERCIR_QosDropBitsOutPerSecond_Alert | [deploy-ercir_qosdropsbitsout_alert.json](../../../../services/Network/expressRouteCircuits/Deploy-ERCIR-QOSDropsBitsOut-Alert.json) | deployIfNotExists | +| Deploy_VPNGw_BGPPeerStatus_Alert | [deploy-vpng_bgppeerstatus_alert.json](../../../../services/Network/vpnGateways/Deploy-VPNG-BGPPeerStatus-Alert.json) | deployIfNotExists | +| Deploy_VnetGw_ExpressRouteCpuUtil_Alert | [deploy-vnetg_expressroutecpuutilization_alert.json](../../../../services/Network/virtualNetworkGateways/Deploy-VNETG-ERGCPUUtilization-Alert.json) | deployIfNotExists | +| Deploy_VnetGw_TunnelBandwidth_Alert | [deploy-vnetg_bandwidthutilization_alert.json](../../../../services/Network/virtualNetworkGateways/Deploy-VNETG-BandwidthUtilization-Alert.json) | deployIfNotExists | +| Deploy_VnetGw_TunnelEgress_Alert | [deploy-vnetg_egress_alert.json](../../../../services/Network/virtualNetworkGateways/Deploy-VNETG-Egress-Alert.json) | disabled | +| Deploy_VnetGw_TunnelIngress_Alert | [deploy-vnetg_ingress_alert.json](../../../../services/Network/virtualNetworkGateways/Deploy-VNETG-Ingress-Alert.json) | disabled | +| Deploy_VPNGw_BandwidthUtil_Alert | [deploy-vpng_bandwidthutilization_alert.json](../../../../services/Network/vpnGateways/Deploy-VPNG-BandwidthUtilization-Alert.json) | deployIfNotExists | +| Deploy_VPNGw_Egress_Alert | [deploy-vpng_egress_alert.json](../../../../services/Network/vpnGateways/Deploy-VPNG-Egress-Alert.json) | disabled | +| Deploy_VPNGw_TunnelEgressPacketDropCount_Alert | [deploy-vpng_egresspacketdropcount_alert.json](../../../../services/Network/vpnGateways/Deploy-VPNG-EgressPacketDropCount-Alert.json) | deployIfNotExists | +| Deploy_VPNGw_TunnelEgressPacketDropMismatch_Alert | [deploy-vpng_egresspacketdropmismatch_alert.json](../../../../services/Network/vpnGateways/Deploy-VPNG-EgressPacketDropMismatch-Alert.json) | deployIfNotExists | +| Deploy_VPNGw_Ingress_Alert | [deploy-vpng_ingress_alert.json](../../../../services/Network/vpnGateways/Deploy-VPNG-Ingress-Alert.json) | disabled | +| Deploy_VPNGw_TunnelIngressPacketDropCount_Alert | [deploy-vpng_ingresspacketdropcount_alert.json](../../../../services/Network/vpnGateways/Deploy-VPNG-IngressPacketDropCount-Alert.json) | deployIfNotExists | +| Deploy_VPNGw_TunnelIngressPacketDropMismatch_Alert | [deploy-vpng_ingresspacketdropmismatch_alert.json](../../../../services/Network/vpnGateways/Deploy-VPNG-IngressPacketDropMismatch-Alert.json) | deployIfNotExists | +| Deploy_PDNSZ_CapacityUtil_Alert | [deploy-pdnsz_capacityutilization_alert.json](../../../../services/Network/privateDnsZones/Deploy-PDNSZ-CapacityUtilization-Alert.json) | deployIfNotExists | +| Deploy_PDNSZ_QueryVolume_Alert | [deploy-pdnsz_queryvolume_alert.json](../../../../services/Network/privateDnsZones/Deploy-PDNSZ-QueryVolume-Alert.json) | disabled | +| Deploy_PDNSZ_RecordSetCapacity_Alert | [deploy-pdnsz_recordsetcapacity_alert.json](../../../../services/Network/privateDnsZones/Deploy-PDNSZ-RecordSetCapacity-Alert.json) | deployIfNotExists | +| Deploy_DNSZ_RegistrationCapacityUtil_Alert | [deploy-pdnsz_registrationcapacityutilization_alert.json](../../../../services/Network/privateDnsZones/Deploy-PDNSZ-RegistrationCapacityUtilization-Alert.json) | deployIfNotExists | +| Deploy_ERGw_ExpressRouteBitsIn_Alert | [deploy-erg_bitsinpersecond_alert.json](../../../../services/Network/expressRouteGateways/Deploy-ERG-BitsInPerSecond-Alert.json) | disabled | +| Deploy_ERGw_ExpressRouteBitsOut_Alert | [deploy-erg_bitsoutpersecond_alert.json](../../../../services/Network/expressRouteGateways/Deploy-ERG-BitsOutPerSecond-Alert.json) | disabled | +| Deploy_ERGw_ExpressRouteCpuUtil_Alert | [deploy-erg_expressroutecpuutilization_alert.json](../../../../services/Network/expressRouteGateways/Deploy-ERG-CPUUtilization-Alert.json) | deployIfNotExists | +| Deploy_VnetGw_TunnelEgressPacketDropMismatch_Alert | [deploy-vnetg_egresspacketdropmismatch_alert.json](../../../../services/Network/virtualNetworkGateways/Deploy-VNETG-EgressPacketDropMismatch-Alert.json) | deployIfNotExists | +| Deploy_VnetGw_ExpressRouteBitsPerSecond_Alert | [deploy-vnetg_expressroutebitspersecond_alert.json](../../../../services/Network/virtualNetworkGateways/Deploy-VNETG-ERGBitsPerSecond-Alert.json) | deployIfNotExists | +| Deploy_VnetGw_TunnelIngressPacketDropMismatch_Alert | [deploy-vnetg_ingresspacketdropmismatch_alert.json](../../../../services/Network/virtualNetworkGateways/Deploy-VNETG-IngressPacketDropMismatch-Alert.json) | deployIfNotExists | +| Deploy_VnetGw_TunnelIngressPacketDropCount_Alert | [deploy-vnetg_ingresspacketdropcount_alert.json](../../../../services/Network/virtualNetworkGateways/Deploy-VNETG-IngressPacketDropCount-Alert.json) | deployIfNotExists | +| Deploy_ERCIR_BgpAvailability_Alert | [deploy-ercir_bgpavailability_alert.json](../../../../services/Network/expressRouteCircuits/Deploy-ERCIR-BGPAvailability-Alert.json) | deployIfNotExists | +| Deploy_ERCIR_ArpAvailability_Alert | [deploy-ercir_arpavailability_alert.json](../../../../services/Network/expressRouteCircuits/Deploy-ERCIR-ARPAvailability-Alert.json) | deployIfNotExists | +| Deploy_AFW_SNATPortUtilization_Alert | [deploy-afw_snatportutilization_alert.json](../../../../services/Network/azureFirewalls/Deploy-AFW-SNATPortUtilization-Alert.json) | deployIfNotExists | +| Deploy_AFW_FirewallHealth_Alert | [deploy-afw_firewallhealth_alert](../../../../services/Network/azureFirewalls/Deploy-AFW-FirewallHealth-Alert.json) | deployIfNotExists | +| Deploy_PublicIp_BytesInDDoSAttack_Alert | [deploy-pip_bytesinddosattack_alert.json](../../../../services/Network/publicIPAddresses/Deploy-PIP-BytesInDDOSAttack-Alert.json) | disabled | +| Deploy_PublicIp_DDoSAttack_Alert | [deploy-pip_ddosattack_alert.json](../../../../services/Network/publicIPAddresses/Deploy-PIP-DDOSAttack-Alert.json) | deployIfNotExists | +| Deploy_PublicIp_PacketsInDDoSAttack_Alert | [deploy-pip_packetsinddos_alert.json](../../../../services/Network/publicIPAddresses/Deploy-PIP-PacketsInDDOS-Alert.json) | disabled | +| Deploy_PublicIp_VIPAvailability_Alert | [deploy-pip_vipavailability_alert.json](../../../../services/Network/publicIPAddresses/Deploy-PIP-VIPAvailability-Alert.json) | deployIfNotExists | +| Deploy_VNET_DDoSAttack_Alert | [deploy-vnet_ddosattack_alert.json](../../../../services/Network/virtualNetworks/Deploy-VNET-DDOSAttack-Alert.json) | deployIfNotExists | +| Deploy_ALB_DataPathAvailability_Alert | [Deploy-LB-DatapathAvailability-Alert.json](../../../../services/Network/loadBalancers/Deploy-LB-DatapathAvailability-Alert.json) | deployIfNotExists | +| Deploy_ALB_GlobalBackendAvailability_Alert | [Deploy-LB-GlobalBackendAvailability-Alert.json](../../../../services/Network/loadBalancers/Deploy-LB-GlobalBackendAvailability-Alert.json) | deployIfNotExists | +| Deploy_ALB_HealthProbeStatus_Alert | [Deploy-LB-HealthProbeStatus-Alert.json](../../../../services/Network/loadBalancers/Deploy-LB-HealthProbeStatus-Alert.json) | deployIfNotExists | +| Deploy_ALB_UsedSNATPorts_Alert | [Deploy-LB-UsedSNATPorts-Alert.json](../../../../services/Network/loadBalancers/Deploy-LB-UsedSNATPorts-Alert.json) | deployIfNotExists | +| Deploy_activitylog_Firewall_Delete | [deploy-activitylog-AzureFirewall-Del.json](../../../../services/Network/azureFirewalls/Deploy-ActivityLog-AzureFirewall-Del.json) | deployIfNotExists | +| Deploy_activitylog_RouteTable_Update | [deploy-activitylog-RouteTable-Update.json](../../../../services/Network/routeTables/Deploy-ActivityLog-RouteTable-Update.json) | deployIfNotExists | +| Deploy_activitylog_NSG_Delete | [deploy-activitylog-NSG-Del.json](../../../../services/Network/networkSecurityGroups/Deploy-ActivityLog-NSG-Del.json) | deployIfNotExists | +| Deploy_activitylog_VPNGateway_Delete | [deploy-activitylog-VPNGate-Del.json](../../../../services/Network/vpnGateways/Deploy-ActivityLog-VPNG-Del.json) | deployIfNotExists | ## Management initiative @@ -109,11 +65,11 @@ This initiative is intended for assignment of policies relevant to management co | **Policy Name** | **Path to policy json file** | **Policy default effect** | |----------|----------|----------| -| Deploy_AA_TotalJob_Alert | [deploy-aa_totaljob_alert.json](../../../services/Automation/automationAccounts/Deploy-AA-TotalJob-Alert.json) | deployIfNotExists | -| Deploy_RecoveryVault_BackupHealth_Alert | [deploy-rv_backuphealth_alert.json](../../../services/RecoveryServices/vaults/Modify-RSV-BackupHealth-Alert.json) | modify | -| Deploy_StorageAccount_Availability_Alert | [deploy-sa_availability_alert.json](../../../services/Storage/storageAccounts/Deploy-SA-Availability-Alert.json) | deployIfNotExists | -| Deploy_activitylog_LAWorkspace_Delete | [deploy-activitylog-LAWorkspace-Del.json](../../../services/OperationalInsights/workspaces/Deploy-ActivityLog-LAWorkspace-Del.json) | deployIfNotExists | -| Deploy_activitylog_LAWorkspace_KeyRegen | [deploy-activitylog-LAWorkspace-ReGen.json](../../../services/OperationalInsights/workspaces/Deploy-ActivityLog-LAWorkspace-KeyRegen.json) | deployIfNotExists | +| Deploy_AA_TotalJob_Alert | [deploy-aa_totaljob_alert.json](../../../../services/Automation/automationAccounts/Deploy-AA-TotalJob-Alert.json) | deployIfNotExists | +| Deploy_RecoveryVault_BackupHealth_Alert | [deploy-rv_backuphealth_alert.json](../../../../services/RecoveryServices/vaults/Modify-RSV-BackupHealth-Alert.json) | modify | +| Deploy_StorageAccount_Availability_Alert | [deploy-sa_availability_alert.json](../../../../services/Storage/storageAccounts/Deploy-SA-Availability-Alert.json) | deployIfNotExists | +| Deploy_activitylog_LAWorkspace_Delete | [deploy-activitylog-LAWorkspace-Del.json](../../../../services/OperationalInsights/workspaces/Deploy-ActivityLog-LAWorkspace-Del.json) | deployIfNotExists | +| Deploy_activitylog_LAWorkspace_KeyRegen | [deploy-activitylog-LAWorkspace-ReGen.json](../../../../services/OperationalInsights/workspaces/Deploy-ActivityLog-LAWorkspace-KeyRegen.json) | deployIfNotExists | ## Identity initiative @@ -121,11 +77,11 @@ This initiative is intended for assignment of policies relevant to identity comp | **Policy Name** | **Path to policy json file** | **Policy default effect** | |----------|----------|----------| -| Deploy_KeyVault_Requests_Alert | [deploy-kv_requests_alert.json](../../../services/KeyVault/vaults/Deploy-KV-Requests-Alert.json) | disabled | -| Deploy_KeyVault_Availability_Alert | [deploy-kv_availability_alert.json](../../../services/KeyVault/vaults/Deploy-KV-Availability-Alert.json) | disabled | -| Deploy_KeyVault_Latency_Alert | [deploy-kv_latency_alert.json](../../../services/KeyVault/vaults/Deploy-KV-Latency-Alert.json) | disabled | -| Deploy_KeyVault_Capacity_Alert | [deploy-kv_capacity_alert.json](../../../services/KeyVault/vaults/Deploy-KV-Capacity-Alert.json) | disabled | -| Deploy_activitylog_KeyVault_Delete | [deploy-activitylog-KeyVault-Del.json](../../../services/KeyVault/vaults/Deploy-ActivityLog-KeyVault-Del.json) | deployIfNotExists | +| Deploy_KeyVault_Requests_Alert | [deploy-kv_requests_alert.json](../../../../services/KeyVault/vaults/Deploy-KV-Requests-Alert.json) | disabled | +| Deploy_KeyVault_Availability_Alert | [deploy-kv_availability_alert.json](../../../../services/KeyVault/vaults/Deploy-KV-Availability-Alert.json) | disabled | +| Deploy_KeyVault_Latency_Alert | [deploy-kv_latency_alert.json](../../../../services/KeyVault/vaults/Deploy-KV-Latency-Alert.json) | disabled | +| Deploy_KeyVault_Capacity_Alert | [deploy-kv_capacity_alert.json](../../../../services/KeyVault/vaults/Deploy-KV-Capacity-Alert.json) | disabled | +| Deploy_activitylog_KeyVault_Delete | [deploy-activitylog-KeyVault-Del.json](../../../../services/KeyVault/vaults/Deploy-ActivityLog-KeyVault-Del.json) | deployIfNotExists | ## Landing Zone initiative @@ -133,64 +89,40 @@ This initiative is intended for assignment of policies relevant to a landing zon | **Policy Name** | **Path to policy json file** | **Policy default effect** | |----------|----------|----------| -| Deploy_StorageAccount_Availability_Alert | [deploy-sa_availability_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-sa_availability_alert.json) | deployIfNotExists | -| Deploy_KeyVault_Requests_Alert | [deploy-kv_requests_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-kv_requests_alert.json) | disabled | -| Deploy_KeyVault_Availability_Alert | [deploy-kv_availability_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-kv_availability_alert.json) | deployIfNotExists- | -| Deploy_KeyVault_Latency_Alert | [deploy-kv_latency_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-kv_latency_alert.json) | deployIfNotExists | -| Deploy_KeyVault_Capacity_Alert | [deploy-kv_capacity_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-kv_capacity_alert.json) | deployIfNotExists | -| Deploy_activitylog_KeyVault_Delete | [deploy-activitylog-KeyVault-Del.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-activitylog-KeyVault-Del.json) | deployIfNotExists | -| Deploy_activitylog_RouteTable_Update | [deploy-activitylog-RouteTable-Update.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-activitylog-RouteTable-Update.json) | deployIfNotExists | -| Deploy_activitylog_NSG_Delete | [deploy-activitylog-NSG-Del.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-activitylog-NSG-Del.json) | deployIfNotExists | -| Deploy_PublicIp_BytesInDDoSAttack_Alert | [deploy-pip_bytesinddosattack_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-pip_bytesinddosattack_alert.json) | disabled | -| Deploy_PublicIp_DDoSAttack_Alert | [deploy-pip_ddosattack_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-pip_ddosattack_alert.json) | deployIfNotExists | -| Deploy_PublicIp_PacketsInDDoSAttack_Alert | [deploy-pip_packetsinddos_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-pip_packetsinddos_alert.json) | disabled | -| Deploy_PublicIp_VIPAvailability_Alert | [deploy-pip_vipavailability_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-pip_vipavailability_alert.json) | deployIfNotExists | -| Deploy_VNET_DDoSAttack_Alert | [deploy-vnet_ddosattack_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vnet_ddosattack_alert.json) | deployIfNotExists | -| Deploy_RecoveryVault_BackupHealthMonitor_Alert | [deploy-rv_backuphealth_monitor.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-rv_backuphealth_monitor.json) | modify | -| Deploy_VM_HeartBeat_Alert | [deploy-vm-HeartBeat_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vm-HeartBeat_alert.json) | deployIfNotExists | -| Deploy_VM_NetworkIn_Alert | [deploy-vm-NetworkIn_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vm-NetworkIn_alert.json) | deployIfNotExists | -| Deploy_VM_NetworkOut_Alert | [deploy-vm-NetworkOut_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vm-NetworkOut_alert.json) | deployIfNotExists | -| Deploy_VM_OSDiskreadLatency_Alert | [deploy-vm-OSDiskreadLatency_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vm-OSDiskreadLatency_alert.json) | deployIfNotExists | -| Deploy_VM_OSDiskwriteLatency_Alert | [deploy-vm-OSDiskwriteLatency_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vm-OSDiskwriteLatency_alert.json) | deployIfNotExists | -| Deploy_VM_OSDiskSpace_Alert | [deploy-vm-OSDiskSpace_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vm-OSDiskSpace_alert.json) | deployIfNotExists | -| Deploy_VM_CPU_Alert | [deploy-vm-PercentCPU_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vm-PercentCPU_alert.json) | deployIfNotExists | -| Deploy_VM_Memory_Alert | [deploy-vm-PercentMemory_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vm-PercentMemory_alert.json) | deployIfNotExists | -| Deploy_VM_dataDiskSpace_Alert | [deploy-vm-dataDiskSpace_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vm-dataDiskSpace_alert.json) | deployIfNotExists | -| Deploy_VM_dataDiskReadLatency_Alert | [deploy-vm-dataDiskreadLatency_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vm-dataDiskreadLatency_alert.json) | deployIfNotExists | -| Deploy_VM_dataDiskWriteLatency_Alert | [deploy-vm-dataDiskwriteLatency_alert.json](../blob/main/src/resources/Microsoft.Authorization/policyDefinitions/amba/deploy-vm-dataDiskwriteLatency_alert.json) | deployIfNotExists | -| Deploy_AG_ApplicationGatewayTotalTime_Alert | [Deploy-AGW-ApplicationGatewayTotalTime-Alert.json](../blob/main/services/Network/applicationGateways/Deploy-AGW-ApplicationGatewayTotalTime-Alert.json) | deployIfNotExists | -| Deploy_AG_BackendLastByteResponseTime_Alert | [Deploy-AGW-BackendLastByteResponseTime-Alert.json](../blob/main/services/Network/applicationGateways/Deploy-AGW-BackendLastByteResponseTime-Alert.json) | deployIfNotExists | -| Deploy_AG_CapacityUnits_Alert | [Deploy-AGW-CapacityUnits-Alert.json](../blob/main/services/Network/applicationGateways/Deploy-AGW-CapacityUnits-Alert.json) | deployIfNotExists | -| Deploy_AG_ComputeUnits_Alert | [Deploy-AGW-ComputeUnits-Alert.json](../blob/main/services/Network/applicationGateways/Deploy-AGW-ComputeUnits-Alert.json) | deployIfNotExists | -| Deploy_AG_CPUUtilization_Alert | [Deploy-AGW-CPUUtil-Alert.json](../blob/main/services/Network/applicationGateways/Deploy-AGW-CPUUtil-Alert.json) | deployIfNotExists | -| Deploy_AG_FailedRequests_Alert | [Deploy-AGW-FailedRequests-Alert.json](../blob/main/services/Network/applicationGateways/Deploy-AGW-FailedRequests-Alert.json) | deployIfNotExists | -| Deploy_AG_ResponseStatus_Alert | [Deploy-AGW-ResponseStatus-Alert.json](../blob/main/services/Network/applicationGateways/Deploy-AGW-ResponseStatus-Alert.json) | deployIfNotExists | -| Deploy_AG_UnhealthyHostCount_Alert | [Deploy-AGW-UnhealthyHostCount-Alert.json](../blob/main/services/Network/applicationGateways/Deploy-AGW-UnhealthyHostCount-Alert.json) | deployIfNotExists | -| Deploy_StorageAccount_Availability_Alert | [deploy-sa_availability_alert.json](../../../services/Storage/storageAccounts/Deploy-SA-Availability-Alert.json) | deployIfNotExists | -| Deploy_KeyVault_Requests_Alert | [deploy-kv_requests_alert.json](../../../services/KeyVault/vaults/Deploy-KV-Requests-Alert.json) | disabled | -| Deploy_KeyVault_Availability_Alert | [deploy-kv_availability_alert.json](../../../services/KeyVault/vaults/Deploy-KV-Availability-Alert.json) | deployIfNotExists- | -| Deploy_KeyVault_Latency_Alert | [deploy-kv_latency_alert.json](../../../services/KeyVault/vaults/Deploy-KV-Latency-Alert.json) | deployIfNotExists | -| Deploy_KeyVault_Capacity_Alert | [deploy-kv_capacity_alert.json](../../../services/KeyVault/vaults/Deploy-KV-Capacity-Alert.json) | deployIfNotExists | -| Deploy_activitylog_KeyVault_Delete | [deploy-activitylog-KeyVault-Del.json](../../../services/KeyVault/vaults/Deploy-ActivityLog-KeyVault-Del.json) | deployIfNotExists | -| Deploy_activitylog_RouteTable_Update | [deploy-activitylog-RouteTable-Update.json](../../../services/Network/routeTables/Deploy-ActivityLog-RouteTable-Update.json) | deployIfNotExists | -| Deploy_activitylog_NSG_Delete | [deploy-activitylog-NSG-Del.json](../../../services/Network/networkSecurityGroups/Deploy-ActivityLog-NSG-Del.json) | deployIfNotExists | -| Deploy_PublicIp_BytesInDDoSAttack_Alert | [deploy-pip_bytesinddosattack_alert.json](../../../services/Network/publicIPAddresses/Deploy-PIP-BytesInDDOSAttack-Alert.json) | disabled | -| Deploy_PublicIp_DDoSAttack_Alert | [deploy-pip_ddosattack_alert.json](../../../services/Network/publicIPAddresses/Deploy-PIP-DDOSAttack-Alert.json) | deployIfNotExists | -| Deploy_PublicIp_PacketsInDDoSAttack_Alert | [deploy-pip_packetsinddos_alert.json](../../../services/Network/publicIPAddresses/Deploy-PIP-PacketsInDDOS-Alert.json) | disabled | -| Deploy_PublicIp_VIPAvailability_Alert | [deploy-pip_vipavailability_alert.json](../../../services/Network/publicIPAddresses/Deploy-PIP-VIPAvailability-Alert.json) | deployIfNotExists | -| Deploy_VNET_DDoSAttack_Alert | [deploy-vnet_ddosattack_alert.json](../../../services/Network/virtualNetworks/Deploy-VNET-DDOSAttack-Alert.json) | deployIfNotExists | -| Deploy_RecoveryVault_BackupHealthMonitor_Alert | [deploy-rv_backuphealth_monitor.json](../../../services/RecoveryServices/vaults/Modify-RSV-BackupHealth-Alert.json) | modify | -| Deploy_VM_HeartBeat_Alert | [deploy-vm-HeartBeat_alert.json](../../../services/Compute/virtualMachines/Deploy-VM-HeartBeat-Alert.json) | deployIfNotExists | -| Deploy_VM_NetworkIn_Alert | [deploy-vm-NetworkIn_alert.json](../../../services/Compute/virtualMachines/Deploy-VM-NetworkIn-Alert.json) | deployIfNotExists | -| Deploy_VM_NetworkOut_Alert | [deploy-vm-NetworkOut_alert.json](../../../services/Compute/virtualMachines/Deploy-VM-NetworkOut-Alert.json) | deployIfNotExists | -| Deploy_VM_OSDiskreadLatency_Alert | [deploy-vm-OSDiskreadLatency_alert.json](../../../services/Compute/virtualMachines/Deploy-VM-OSDiskReadLatency-Alert.json) | deployIfNotExists | -| Deploy_VM_OSDiskwriteLatency_Alert | [deploy-vm-OSDiskwriteLatency_alert.json](../../../services/Compute/virtualMachines/Deploy-VM-OSDiskWriteLatency-Alert.json) | deployIfNotExists | -| Deploy_VM_OSDiskSpace_Alert | [deploy-vm-OSDiskSpace_alert.json](../../../services/Compute/virtualMachines/Deploy-VM-OSDiskSpace-Alert.json) | deployIfNotExists | -| Deploy_VM_CPU_Alert | [deploy-vm-PercentCPU_alert.json](../../../services/Compute/virtualMachines/Deploy-VM-PercentCPU-Alert.json) | deployIfNotExists | -| Deploy_VM_Memory_Alert | [deploy-vm-PercentMemory_alert.json](../../../services/Compute/virtualMachines/Deploy-VM-PercentMemory-Alert.json) | deployIfNotExists | -| Deploy_VM_dataDiskSpace_Alert | [deploy-vm-dataDiskSpace_alert.json](../../../services/Compute/virtualMachines/Deploy-VM-DataDiskSpace-Alert.json) | deployIfNotExists | -| Deploy_VM_dataDiskReadLatency_Alert | [deploy-vm-dataDiskreadLatency_alert.json](../../../services/Compute/virtualMachines/Deploy-VM-DataDiskReadLatency-Alert.json) | deployIfNotExists | -| Deploy_VM_dataDiskWriteLatency_Alert | [deploy-vm-dataDiskwriteLatency_alert.json](../../../services/Compute/virtualMachines/Deploy-VM-DataDiskWriteLatency-Alert.json) | deployIfNotExists | +| Deploy_StorageAccount_Availability_Alert | [deploy-sa_availability_alert.json](../../../../services/Storage/storageAccounts/Deploy-SA-Availability-Alert.json) | deployIfNotExists | +| Deploy_KeyVault_Requests_Alert | [deploy-kv_requests_alert.json](../../../../services/KeyVault/vaults/Deploy-KV-Requests-Alert.json) | disabled | +| Deploy_KeyVault_Availability_Alert | [deploy-kv_availability_alert.json](../../../../services/KeyVault/vaults/Deploy-KV-Availability-Alert.json) | deployIfNotExists- | +| Deploy_KeyVault_Latency_Alert | [deploy-kv_latency_alert.json](../../../../services/KeyVault/vaults/Deploy-KV-Latency-Alert.json) | deployIfNotExists | +| Deploy_KeyVault_Capacity_Alert | [deploy-kv_capacity_alert.json](../../../../services/KeyVault/vaults/Deploy-KV-Capacity-Alert.json) | deployIfNotExists | +| Deploy_activitylog_KeyVault_Delete | [deploy-activitylog-KeyVault-Del.json](../../../../services/KeyVault/vaults/Deploy-ActivityLog-KeyVault-Del.json) | deployIfNotExists | +| Deploy_activitylog_RouteTable_Update | [deploy-activitylog-RouteTable-Update.json](../../../../services/Network/routeTables/Deploy-ActivityLog-RouteTable-Update.json) | deployIfNotExists | +| Deploy_activitylog_NSG_Delete | [deploy-activitylog-NSG-Del.json](../../../../services/Network/networkSecurityGroups/Deploy-ActivityLog-NSG-Del.json) | deployIfNotExists | +| Deploy_PublicIp_BytesInDDoSAttack_Alert | [deploy-pip_bytesinddosattack_alert.json](../../../../services/Network/publicIPAddresses/Deploy-PIP-BytesInDDOSAttack-Alert.json) | disabled | +| Deploy_PublicIp_DDoSAttack_Alert | [deploy-pip_ddosattack_alert.json](../../../../services/Network/publicIPAddresses/Deploy-PIP-DDOSAttack-Alert.json) | deployIfNotExists | +| Deploy_PublicIp_PacketsInDDoSAttack_Alert | [deploy-pip_packetsinddos_alert.json](../../../../services/Network/publicIPAddresses/Deploy-PIP-PacketsInDDOS-Alert.json) | disabled | +| Deploy_PublicIp_VIPAvailability_Alert | [deploy-pip_vipavailability_alert.json](../../../../services/Network/publicIPAddresses/Deploy-PIP-VIPAvailability-Alert.json) | deployIfNotExists | +| Deploy_VNET_DDoSAttack_Alert | [deploy-vnet_ddosattack_alert.json](../../../../services/Network/virtualNetworks/Deploy-VNET-DDOSAttack-Alert.json) | deployIfNotExists | +| Deploy_RecoveryVault_BackupHealthMonitor_Alert | [deploy-rv_backuphealth_monitor.json](../../../../services/RecoveryServices/vaults/Modify-RSV-BackupHealth-Alert.json) | modify | +| Deploy_VM_HeartBeat_Alert | [deploy-vm-HeartBeat_alert.json](../../../../services/Compute/virtualMachines/Deploy-VM-HeartBeat-Alert.json) | deployIfNotExists | +| Deploy_VM_NetworkIn_Alert | [deploy-vm-NetworkIn_alert.json](../../../../services/Compute/virtualMachines/Deploy-VM-NetworkIn-Alert.json) | deployIfNotExists | +| Deploy_VM_NetworkOut_Alert | [deploy-vm-NetworkOut_alert.json](../../../../services/Compute/virtualMachines/Deploy-VM-NetworkOut-Alert.json) | deployIfNotExists | +| Deploy_VM_OSDiskreadLatency_Alert | [deploy-vm-OSDiskreadLatency_alert.json](../../../../services/Compute/virtualMachines/Deploy-VM-OSDiskReadLatency-Alert.json) | deployIfNotExists | +| Deploy_VM_OSDiskwriteLatency_Alert | [deploy-vm-OSDiskwriteLatency_alert.json](../../../../services/Compute/virtualMachines/Deploy-VM-OSDiskWriteLatency-Alert.json) | deployIfNotExists | +| Deploy_VM_OSDiskSpace_Alert | [deploy-vm-OSDiskSpace_alert.json](../../../../services/Compute/virtualMachines/Deploy-VM-OSDiskSpace-Alert.json) | deployIfNotExists | +| Deploy_VM_CPU_Alert | [deploy-vm-PercentCPU_alert.json](../../../../services/Compute/virtualMachines/Deploy-VM-PercentCPU-Alert.json) | deployIfNotExists | +| Deploy_VM_Memory_Alert | [deploy-vm-PercentMemory_alert.json](../../../../services/Compute/virtualMachines/Deploy-VM-PercentMemory-Alert.json) | deployIfNotExists | +| Deploy_VM_dataDiskSpace_Alert | [deploy-vm-dataDiskSpace_alert.json](../../../../services/Compute/virtualMachines/Deploy-VM-DataDiskSpace-Alert.json) | deployIfNotExists | +| Deploy_VM_dataDiskReadLatency_Alert | [deploy-vm-dataDiskreadLatency_alert.json](../../../../services/Compute/virtualMachines/Deploy-VM-DataDiskReadLatency-Alert.json) | deployIfNotExists | +| Deploy_VM_dataDiskWriteLatency_Alert | [deploy-vm-dataDiskwriteLatency_alert.json](../../../../services/Compute/virtualMachines/Deploy-VM-DataDiskWriteLatency-Alert.json) | deployIfNotExists | +| Deploy_AG_ApplicationGatewayTotalTime_Alert | [Deploy-AGW-ApplicationGatewayTotalTime-Alert.json](../../../../services/Network/applicationGateways/Deploy-AGW-ApplicationGatewayTotalTime-Alert.json) | deployIfNotExists | +| Deploy_AG_BackendLastByteResponseTime_Alert | [Deploy-AGW-BackendLastByteResponseTime-Alert.json](../../../../services/Network/applicationGateways/Deploy-AGW-BackendLastByteResponseTime-Alert.json) | deployIfNotExists | +| Deploy_AG_CapacityUnits_Alert | [Deploy-AGW-CapacityUnits-Alert.json](../../../../services/Network/applicationGateways/Deploy-AGW-CapacityUnits-Alert.json) | deployIfNotExists | +| Deploy_AG_ComputeUnits_Alert | [Deploy-AGW-ComputeUnits-Alert.json](../../../../services/Network/applicationGateways/Deploy-AGW-ComputeUnits-Alert.json) | deployIfNotExists | +| Deploy_AG_CPUUtilization_Alert | [Deploy-AGW-CPUUtil-Alert.json](../../../../services/Network/applicationGateways/Deploy-AGW-CPUUtil-Alert.json) | deployIfNotExists | +| Deploy_AG_FailedRequests_Alert | [Deploy-AGW-FailedRequests-Alert.json](../../../../services/Network/applicationGateways/Deploy-AGW-FailedRequests-Alert.json) | deployIfNotExists | +| Deploy_AG_ResponseStatus_Alert | [Deploy-AGW-ResponseStatus-Alert.json](../../../../services/Network/applicationGateways/Deploy-AGW-ResponseStatus-Alert.json) | deployIfNotExists | +| Deploy_AG_UnhealthyHostCount_Alert | [Deploy-AGW-UnhealthyHostCount-Alert.json](../../../../services/Network/applicationGateways/Deploy-AGW-UnhealthyHostCount-Alert.json) | deployIfNotExists | + ## Service Health initiative @@ -198,9 +130,9 @@ This initiative is intended for assignment of policies relevant to service healt | **Policy Name** | **Path to policy json file** | **Policy default effect** | |----------|----------|----------| -| Deploy_activitylog_ServiceHealth_SecurityAdvisory | [deploy-activitylog-ServiceHealth-Security.json](../../../services/Resources/subscriptions/Deploy-ActivityLog-ServiceHealth-Security.json) | deployIfNotExists | -| Deploy_activitylog_ResourceHealth_Unhealthy_Alert | [deploy-activitylog-ResourceHealth-UnHealthly-alert.json](../../../services/Resources/subscriptions/Deploy-ActivityLog-ResourceHealth-UnHealthly-Alert.json) | deployIfNotExists | -| Deploy_activitylog_ServiceHealth_HealthAdvisory | [deploy-activitylog-ServiceHealth-Health.json](../../../services/Resources/subscriptions/Deploy-ActivityLog-ServiceHealth-Health.json) | deployIfNotExists | -| Deploy_activitylog_ServiceHealth_Incident | [deploy-activitylog-ServiceHealth-Incident.json](../../../services/Resources/subscriptions/Deploy-ActivityLog-ServiceHealth-Incident.json) | deployIfNotExists | -| Deploy_activitylog_ServiceHealth_Maintenance | [deploy-activitylog-ServiceHealth-Maintenance.json](../../../services/Resources/subscriptions/Deploy-ActivityLog-ServiceHealth-Maintenance.json) | deployIfNotExists | -| Deploy_AlertProcessing_Rule | [deploy-alertprocessingrule-deploy.json](../../../services/AlertsManagement/actionRules/Deploy-AlertProcessingRule-Deploy.json) | deployIfNotExists | +| Deploy_activitylog_ServiceHealth_SecurityAdvisory | [deploy-activitylog-ServiceHealth-Security.json](../../../../services/Resources/subscriptions/Deploy-ActivityLog-ServiceHealth-Security.json) | deployIfNotExists | +| Deploy_activitylog_ResourceHealth_Unhealthy_Alert | [deploy-activitylog-ResourceHealth-UnHealthly-alert.json](../../../../services/Resources/subscriptions/Deploy-ActivityLog-ResourceHealth-UnHealthly-Alert.json) | deployIfNotExists | +| Deploy_activitylog_ServiceHealth_HealthAdvisory | [deploy-activitylog-ServiceHealth-Health.json](../../../../services/Resources/subscriptions/Deploy-ActivityLog-ServiceHealth-Health.json) | deployIfNotExists | +| Deploy_activitylog_ServiceHealth_Incident | [deploy-activitylog-ServiceHealth-Incident.json](../../../../services/Resources/subscriptions/Deploy-ActivityLog-ServiceHealth-Incident.json) | deployIfNotExists | +| Deploy_activitylog_ServiceHealth_Maintenance | [deploy-activitylog-ServiceHealth-Maintenance.json](../../../../services/Resources/subscriptions/Deploy-ActivityLog-ServiceHealth-Maintenance.json) | deployIfNotExists | +| Deploy_AlertProcessing_Rule | [deploy-alertprocessingrule-deploy.json](../../../../services/AlertsManagement/actionRules/Deploy-AlertProcessingRule-Deploy.json) | deployIfNotExists | From 0c6015f12404cd2288706ee88eaa6ce83c01bafd Mon Sep 17 00:00:00 2001 From: Bryan Zabchuk Date: Wed, 8 Nov 2023 12:11:21 -0500 Subject: [PATCH 4/8] Updated spacing between tables in Policy-Initiatives.md --- docs/content/patterns/alz/Policy-Initiatives.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/docs/content/patterns/alz/Policy-Initiatives.md b/docs/content/patterns/alz/Policy-Initiatives.md index abb3cebc1..7a51f9ac4 100644 --- a/docs/content/patterns/alz/Policy-Initiatives.md +++ b/docs/content/patterns/alz/Policy-Initiatives.md @@ -12,7 +12,6 @@ This document details the ALZ-Monitor Azure policy initiatives leveraged for dep This initiative is intended for assignment of policies relevant to networking components in ALZ. With the guidance provided in [Introduction to deploying the ALZ Pattern](../deploy/Introduction-to-deploying-the-ALZ-Pattern), this will assign to the alz-platform-connectivity management group structure in the ALZ reference architecture. For details on which policies are included in the initiative as well as what the default enablement state of the policy is, please refer to the below table. - | **Policy Name**| **Path to policy json file**| **Policy default effect** | |-----------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------| | Deploy_ERCIR_QosDropBitsInPerSecond_Alert | [deploy-ercir_qosdropsbitsin_alert.json](../../../../services/Network/expressRouteCircuits/Deploy-ERCIR-QOSDropsBitsIn-Alert.json) | deployIfNotExists | @@ -58,7 +57,6 @@ This initiative is intended for assignment of policies relevant to networking co | Deploy_activitylog_NSG_Delete | [deploy-activitylog-NSG-Del.json](../../../../services/Network/networkSecurityGroups/Deploy-ActivityLog-NSG-Del.json) | deployIfNotExists | | Deploy_activitylog_VPNGateway_Delete | [deploy-activitylog-VPNGate-Del.json](../../../../services/Network/vpnGateways/Deploy-ActivityLog-VPNG-Del.json) | deployIfNotExists | - ## Management initiative This initiative is intended for assignment of policies relevant to management components in ALZ. With the guidance provided in [Introduction to deploying the ALZ Pattern](../deploy/Introduction-to-deploying-the-ALZ-Pattern), this will assign to the alz-platform-management group structure in the ALZ reference architecture. For details on which policies are included in the initiative as well as what the default enablement state of the policy is, please refer to the below table. @@ -123,7 +121,6 @@ This initiative is intended for assignment of policies relevant to a landing zon | Deploy_AG_ResponseStatus_Alert | [Deploy-AGW-ResponseStatus-Alert.json](../../../../services/Network/applicationGateways/Deploy-AGW-ResponseStatus-Alert.json) | deployIfNotExists | | Deploy_AG_UnhealthyHostCount_Alert | [Deploy-AGW-UnhealthyHostCount-Alert.json](../../../../services/Network/applicationGateways/Deploy-AGW-UnhealthyHostCount-Alert.json) | deployIfNotExists | - ## Service Health initiative This initiative is intended for assignment of policies relevant to service health alerts in ALZ. With the guidance provided in [Introduction to deploying the ALZ Pattern](../deploy/Introduction-to-deploying-the-ALZ-Pattern), this will assign to the alz intermediate root management group structure in the ALZ reference architecture. For details on which policies are included in the initiative as well as what the default enablement state of the policy is, please refer to the below table. From ecd27b6e976050e88598e768db9dfaad3b07a7b9 Mon Sep 17 00:00:00 2001 From: Bryan Zabchuk Date: Wed, 8 Nov 2023 13:48:01 -0500 Subject: [PATCH 5/8] capitalized ALZ in Service Health initiative sub-section. --- docs/content/patterns/alz/Policy-Initiatives.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/content/patterns/alz/Policy-Initiatives.md b/docs/content/patterns/alz/Policy-Initiatives.md index 7a51f9ac4..7d437701b 100644 --- a/docs/content/patterns/alz/Policy-Initiatives.md +++ b/docs/content/patterns/alz/Policy-Initiatives.md @@ -123,7 +123,7 @@ This initiative is intended for assignment of policies relevant to a landing zon ## Service Health initiative -This initiative is intended for assignment of policies relevant to service health alerts in ALZ. With the guidance provided in [Introduction to deploying the ALZ Pattern](../deploy/Introduction-to-deploying-the-ALZ-Pattern), this will assign to the alz intermediate root management group structure in the ALZ reference architecture. For details on which policies are included in the initiative as well as what the default enablement state of the policy is, please refer to the below table. +This initiative is intended for assignment of policies relevant to service health alerts in ALZ. With the guidance provided in [Introduction to deploying the ALZ Pattern](../deploy/Introduction-to-deploying-the-ALZ-Pattern), this will assign to the ALZ intermediate root management group structure in the ALZ reference architecture. For details on which policies are included in the initiative as well as what the default enablement state of the policy is, please refer to the below table. | **Policy Name** | **Path to policy json file** | **Policy default effect** | |----------|----------|----------| From 7dd4504904e8dfd43cc0b99f6463eac6d4177fea Mon Sep 17 00:00:00 2001 From: Bryan Zabchuk Date: Sat, 9 Dec 2023 12:21:02 -0500 Subject: [PATCH 6/8] Fix broken links. --- docs/content/patterns/alz/Alerts-Details.md | 4 ++-- .../patterns/alz/deploy/Customize-Policy-Assignment.md | 2 ++ .../patterns/alz/deploy/Deploy-with-Azure-Pipelines.md | 2 +- .../patterns/alz/deploy/Deploy-with-Azure-PowerShell.md | 2 +- .../content/patterns/alz/deploy/Deploy-with-GitHub-Actions.md | 2 +- 5 files changed, 7 insertions(+), 5 deletions(-) diff --git a/docs/content/patterns/alz/Alerts-Details.md b/docs/content/patterns/alz/Alerts-Details.md index 1c9d24e30..2acf5b5c7 100644 --- a/docs/content/patterns/alz/Alerts-Details.md +++ b/docs/content/patterns/alz/Alerts-Details.md @@ -8,7 +8,7 @@ Specific alerts for ALZ can be downloaded by clicking on the Download icon (high ![Alert-Details Download icon](../media/AlertDetailsDownloadReference.png) -The best way to see which policy alert rules are part of the ALZ pattern it is best to go to the [Policy-Initiatives](docs/content/patterns/alz/Policy-Initiatives.md) page. +The best way to see which policy alert rules are part of the ALZ pattern it is best to go to the [Policy-Initiatives](../Policy-Initiatives/). The resources, metric alerts and their settings provide you with a starting point to help you address the following monitoring questions: "What should we monitor in Azure?" and "What alert settings should we use?" While they are opinionated settings and they are meant to cover the most common Azure Landing Zone components, we encourage you to adjust these settings to suit your monitoring needs based on how you're using Azure. @@ -29,7 +29,7 @@ We have tried to make it so that the table doesn't require a lot of side to side {{< alzMetricAlerts >}} -1 See "Why are the availability alert thresholds lower than 100% in this solution when the product group documention recommends 100%?" in the [FAQ](FAQ.md) for more details. +1 See "Why are the availability alert thresholds lower than 100% in this solution when the product group documention recommends 100%?" in the [FAQ](../FAQ/) for more details. ## Azure Landing Zone Activity Log Alerts diff --git a/docs/content/patterns/alz/deploy/Customize-Policy-Assignment.md b/docs/content/patterns/alz/deploy/Customize-Policy-Assignment.md index 0fd89f9c5..049815414 100644 --- a/docs/content/patterns/alz/deploy/Customize-Policy-Assignment.md +++ b/docs/content/patterns/alz/deploy/Customize-Policy-Assignment.md @@ -88,9 +88,11 @@ The following parameters can be changed for activity log, service health alert a Note that the above parameters specifies the resource group that activity log alerts are placed in. If the resource group does not exist it gets created. Also the parameter for tags can take several tags, if multiple tags are needed. Tags are only applied at the resource group level. The tags parameter is set to a default value of one tag with the name *environment* and the value *test*, you can add more tags as already mentioned or set it to be an empty value. ### Disabling Policies + - To review the options for disabling policies, please proceed with [Disabling Policies](../../Disabling-Policies) # Next steps + - To deploy with GitHub Actions, please proceed with [Deploy with GitHub Actions](../Deploy-with-GitHub-Actions) - To deploy with Azure DevOps Pipelines, please proceed with [Deploy with Azure Pipelines](../Deploy-with-Azure-Pipelines) - To deploy with Azure CLI, please proceed with [Deploy with Azure CLI](../Deploy-with-Azure-CLI) diff --git a/docs/content/patterns/alz/deploy/Deploy-with-Azure-Pipelines.md b/docs/content/patterns/alz/deploy/Deploy-with-Azure-Pipelines.md index 6adb3ee4b..2b4ed99aa 100644 --- a/docs/content/patterns/alz/deploy/Deploy-with-Azure-Pipelines.md +++ b/docs/content/patterns/alz/deploy/Deploy-with-Azure-Pipelines.md @@ -129,7 +129,7 @@ Note that the parameter file shown below has been truncated for brevity, compare First configure your Azure DevOps project with a pipeline hosted in GitHub as described [here](https://learn.microsoft.com/en-us/azure/devops/pipelines/repos/github?view=azure-devops&tabs=yaml#access-to-github-repositories). The pipeline should be configured to use the [sample-pipeline.yml](https://github.com/Azure/azure-monitor-baseline-alerts/blob/main/patterns/alz/examples/sample-pipeline.yml) file. {{< hint type=note >}} -If you customized the policies as documented at [How to modify individual policies](./Introduction-to-deploying-the-ALZ-Pattern.md#how-to-modify-individual-policies), make sure to modify the pipeline file to have the **inlineScript** pointing to your own repository and branch. Example: +If you customized the policies as documented at [How to modify individual policies](../Introduction-to-deploying-the-ALZ-Pattern/#how-to-modify-individual-policies), make sure to modify the pipeline file to have the **inlineScript** pointing to your own repository and branch. Example: inlineScript: | az deployment mg create --template-uri https://raw.githubusercontent.com/***YourGithubFork***/azure-monitor-baseline-alerts/***main or branchname***/patterns/alz/alzArm.json diff --git a/docs/content/patterns/alz/deploy/Deploy-with-Azure-PowerShell.md b/docs/content/patterns/alz/deploy/Deploy-with-Azure-PowerShell.md index b4aea4b70..1708aecd8 100644 --- a/docs/content/patterns/alz/deploy/Deploy-with-Azure-PowerShell.md +++ b/docs/content/patterns/alz/deploy/Deploy-with-Azure-PowerShell.md @@ -152,7 +152,7 @@ Using a PowerShell prompt, if you closed your previous session, navigate again t {{< hint type=note >}} This should be tested in a safe environment. If you are subsequently looking to deploy to prod environments, consider leveraging the guidance found in [Customize Policy Assignment](../Customize-Policy-Assignment), to deploy and enable alerts in a controlled manner. -If you customized the policies as documented at [How to modify individual policies](./Introduction-to-deploying-the-ALZ-Pattern.md#how-to-modify-individual-policies), make sure the run the deployment command using your own repository and branch in the ***-TemplateUri*** parameter value. Example: +If you customized the policies as documented at [How to modify individual policies](../Introduction-to-deploying-the-ALZ-Pattern/#how-to-modify-individual-policies), make sure the run the deployment command using your own repository and branch in the ***-TemplateUri*** parameter value. Example: New-AzManagementGroupDeployment -ManagementGroupId $pseudoRootManagementGroup -Location $location -TemplateUri "https://raw.githubusercontent.com/***YourGithubFork***/azure- monitor-baseline-alerts/***main or branchname***/patterns/alz/alzArm.json" -TemplateParameterFile ".\patterns\alz\alzArm.param.json" diff --git a/docs/content/patterns/alz/deploy/Deploy-with-GitHub-Actions.md b/docs/content/patterns/alz/deploy/Deploy-with-GitHub-Actions.md index ad49776bc..820ec571a 100644 --- a/docs/content/patterns/alz/deploy/Deploy-with-GitHub-Actions.md +++ b/docs/content/patterns/alz/deploy/Deploy-with-GitHub-Actions.md @@ -131,7 +131,7 @@ First, configure your OpenID Connect as described [here](https://learn.microsoft To deploy through GitHub actions, please refer to the [sample-workflow.yml](https://github.com/Azure/azure-monitor-baseline-alerts/blob/main/patterns/alz/examples/sample-workflow.yml). {{< hint type=note >}} -If you customized the policies as documented at [How to modify individual policies](./Introduction-to-deploying-the-ALZ-Pattern.md#how-to-modify-individual-policies), make sure to modify the workflow file to have the **run** pointing to your own repository and branch. Example: +If you customized the policies as documented at [How to modify individual policies](../Introduction-to-deploying-the-ALZ-Pattern/#how-to-modify-individual-policies), make sure to modify the workflow file to have the **run** pointing to your own repository and branch. Example: run: | az deployment mg create --template-uri https://raw.githubusercontent.com/***YourGithubFork***/azure-monitor-baseline-alerts/***main or branchname***/patterns/alz/alzArm.json From 511abcd8078c4e9eccee864183ccc62d06002e61 Mon Sep 17 00:00:00 2001 From: Bryan Zabchuk Date: Sat, 9 Dec 2023 12:41:03 -0500 Subject: [PATCH 7/8] Fix markdown linting errors. --- .../patterns/alz/deploy/Customize-Policy-Assignment.md | 4 ++-- .../patterns/alz/deploy/Deploy-with-Azure-Pipelines.md | 4 +++- .../patterns/alz/deploy/Deploy-with-Azure-PowerShell.md | 5 ++++- .../patterns/alz/deploy/Deploy-with-GitHub-Actions.md | 2 ++ 4 files changed, 11 insertions(+), 4 deletions(-) diff --git a/docs/content/patterns/alz/deploy/Customize-Policy-Assignment.md b/docs/content/patterns/alz/deploy/Customize-Policy-Assignment.md index 049815414..0d023b685 100644 --- a/docs/content/patterns/alz/deploy/Customize-Policy-Assignment.md +++ b/docs/content/patterns/alz/deploy/Customize-Policy-Assignment.md @@ -85,13 +85,13 @@ The following parameters can be changed for activity log, service health alert a | ALZMonitorResourceGroupTags | Any tags than needs to be added to the resource group created | | ALZMonitorResourceGroupLocation | The location of the resource group to place the alerts in | -Note that the above parameters specifies the resource group that activity log alerts are placed in. If the resource group does not exist it gets created. Also the parameter for tags can take several tags, if multiple tags are needed. Tags are only applied at the resource group level. The tags parameter is set to a default value of one tag with the name *environment* and the value *test*, you can add more tags as already mentioned or set it to be an empty value. +Note that the above parameters specifies the resource group that activity log alerts are placed in. If the resource group does not exist it gets created. Also the parameter for tags can take several tags, if multiple tags are needed. Tags are only applied at the resource group level. The tags parameter is set to a default value of one tag with the name _environment_ and the value _test_, you can add more tags as already mentioned or set it to be an empty value. ### Disabling Policies - To review the options for disabling policies, please proceed with [Disabling Policies](../../Disabling-Policies) -# Next steps +## Next steps - To deploy with GitHub Actions, please proceed with [Deploy with GitHub Actions](../Deploy-with-GitHub-Actions) - To deploy with Azure DevOps Pipelines, please proceed with [Deploy with Azure Pipelines](../Deploy-with-Azure-Pipelines) diff --git a/docs/content/patterns/alz/deploy/Deploy-with-Azure-Pipelines.md b/docs/content/patterns/alz/deploy/Deploy-with-Azure-Pipelines.md index 2b4ed99aa..911e45466 100644 --- a/docs/content/patterns/alz/deploy/Deploy-with-Azure-Pipelines.md +++ b/docs/content/patterns/alz/deploy/Deploy-with-Azure-Pipelines.md @@ -131,9 +131,11 @@ First configure your Azure DevOps project with a pipeline hosted in GitHub as de {{< hint type=note >}} If you customized the policies as documented at [How to modify individual policies](../Introduction-to-deploying-the-ALZ-Pattern/#how-to-modify-individual-policies), make sure to modify the pipeline file to have the **inlineScript** pointing to your own repository and branch. Example: - inlineScript: | +```azurecli +inlineScript: | az deployment mg create --template-uri https://raw.githubusercontent.com/***YourGithubFork***/azure-monitor-baseline-alerts/***main or branchname***/patterns/alz/alzArm.json --location $(location) --management-group-id $(ManagementGroupPrefix) --parameters .\patterns\alz\alzArm.param.json +``` {{< /hint >}} diff --git a/docs/content/patterns/alz/deploy/Deploy-with-Azure-PowerShell.md b/docs/content/patterns/alz/deploy/Deploy-with-Azure-PowerShell.md index 1708aecd8..03e33d0a1 100644 --- a/docs/content/patterns/alz/deploy/Deploy-with-Azure-PowerShell.md +++ b/docs/content/patterns/alz/deploy/Deploy-with-Azure-PowerShell.md @@ -152,10 +152,13 @@ Using a PowerShell prompt, if you closed your previous session, navigate again t {{< hint type=note >}} This should be tested in a safe environment. If you are subsequently looking to deploy to prod environments, consider leveraging the guidance found in [Customize Policy Assignment](../Customize-Policy-Assignment), to deploy and enable alerts in a controlled manner. -If you customized the policies as documented at [How to modify individual policies](../Introduction-to-deploying-the-ALZ-Pattern/#how-to-modify-individual-policies), make sure the run the deployment command using your own repository and branch in the ***-TemplateUri*** parameter value. Example: +If you customized the policies as documented at [How to modify individual policies](../Introduction-to-deploying-the-ALZ-Pattern/#how-to-modify-individual-policies), make sure the run the deployment command using your own repository and branch in the _**-TemplateUri**_ parameter value. Example: +```powershell New-AzManagementGroupDeployment -ManagementGroupId $pseudoRootManagementGroup -Location $location -TemplateUri "https://raw.githubusercontent.com/***YourGithubFork***/azure- monitor-baseline-alerts/***main or branchname***/patterns/alz/alzArm.json" -TemplateParameterFile ".\patterns\alz\alzArm.param.json" +``` + {{< /hint >}} ```powershell diff --git a/docs/content/patterns/alz/deploy/Deploy-with-GitHub-Actions.md b/docs/content/patterns/alz/deploy/Deploy-with-GitHub-Actions.md index 820ec571a..55c95ad1a 100644 --- a/docs/content/patterns/alz/deploy/Deploy-with-GitHub-Actions.md +++ b/docs/content/patterns/alz/deploy/Deploy-with-GitHub-Actions.md @@ -133,9 +133,11 @@ To deploy through GitHub actions, please refer to the [sample-workflow.yml](http {{< hint type=note >}} If you customized the policies as documented at [How to modify individual policies](../Introduction-to-deploying-the-ALZ-Pattern/#how-to-modify-individual-policies), make sure to modify the workflow file to have the **run** pointing to your own repository and branch. Example: +```yaml run: | az deployment mg create --template-uri https://raw.githubusercontent.com/***YourGithubFork***/azure-monitor-baseline-alerts/***main or branchname***/patterns/alz/alzArm.json --location ${{ env.Location }} --management-group-id ${{ env.ManagementGroupPrefix }} --parameters .\patterns\alz\alzArm.param.json +``` {{< /hint >}} From 997551cd4bb5e358be1678215c840c6bbfbd41e5 Mon Sep 17 00:00:00 2001 From: Bryan Zabchuk Date: Sat, 9 Dec 2023 12:51:05 -0500 Subject: [PATCH 8/8] fixed lined 149 in Deploy-with-GitHub-Actions.md to bold the command and make sure it uses underscores. --- docs/content/patterns/alz/deploy/Deploy-with-GitHub-Actions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/content/patterns/alz/deploy/Deploy-with-GitHub-Actions.md b/docs/content/patterns/alz/deploy/Deploy-with-GitHub-Actions.md index 55c95ad1a..67b865ad8 100644 --- a/docs/content/patterns/alz/deploy/Deploy-with-GitHub-Actions.md +++ b/docs/content/patterns/alz/deploy/Deploy-with-GitHub-Actions.md @@ -146,7 +146,7 @@ If you customized the policies as documented at [How to modify individual polici - Modify the following values in [amba-sample-workflow.yml](https://github.com/Azure/azure-monitor-baseline-alerts/blob/main/patterns/alz/examples/sample-workflow.yml): - Change _Location: "norwayeast"_, to your preferred Azure region - Change _ManagementGroupPrefix: "alz"_, to the pseudo root management group id parenting the identity, management and connectivity management groups. -- Go to GitHub actions and run the action *Deploy AMBA* +- Go to GitHub actions and run the action _**Deploy AMBA**_ {{< hint type=important >}} Above-mentioned "ManagementGroupPrefix" variable value, being the so called "pseudo root management group id", should _coincide_ with the value of the "parPolicyPseudoRootMgmtGroup" parameter, as set previously within the parameter files.