Public/Security/security-centre/Set-CmAzSecurityCentre.json
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": { "AssignUkNhs": { "type": "bool" }, "InitiativeLocation": { "type": "string" }, "SecurityContacts": { "type": "object", "metadata": { "comments": "Workaround used for security contacts deployment, the first contact resource allows 'phone' and 'email' properties, but any additional contacts only allow 'email'" } }, "Workspace": { "type": "object" } }, "variables": { "dataExportNames": [ "MCAS", "WDATP" ], "securityResources": [ "VirtualMachines", "AppServices", "SqlServers", "SqlServerVirtualMachines", "StorageAccounts", "KubernetesService", "ContainerRegistry", "KeyVaults" ], "ukNHS": "UK and NHS", "assignedBy": "Cloudmarque" }, "resources": [ { "type": "Microsoft.Security/securityContacts", "apiVersion": "2017-08-01-preview", "name": "[parameters('SecurityContacts').primary.email]", "properties": { "email": "[parameters('SecurityContacts').primary.email]", "phone": "[parameters('SecurityContacts').primary.phone]", "alertNotifications": "On", "alertsToAdmins": "On" } }, { "type": "Microsoft.Security/securityContacts", "apiVersion": "2017-08-01-preview", "name": "[parameters('SecurityContacts').additionalEmails[copyIndex('SecurityContactsCopy')]]", "properties": { "email": "[parameters('SecurityContacts').additionalEmails[copyIndex('SecurityContactsCopy')]]", "alertNotifications": "On", "alertsToAdmins": "On" }, "copy": { "name": "SecurityContactsCopy", "count": "[length(parameters('SecurityContacts').additionalEmails)]" } }, { "type": "Microsoft.Security/pricings", "apiVersion": "2018-06-01", "name": "[variables('securityResources')[copyIndex('SecurityResourcesCopy')]]", "properties": { "pricingTier": "Standard" }, "copy": { "name": "SecurityResourcesCopy", "count": "[length(variables('securityResources'))]", "mode": "serial" } }, { "type": "Microsoft.Security/autoProvisioningSettings", "name": "default", "apiVersion": "2017-08-01-preview", "properties": { "autoProvision": "On" } }, { "type": "Microsoft.Security/workspaceSettings", "apiVersion": "2017-08-01-preview", "name": "default", "properties": { "scope": "[subscription().id]", "workspaceId": "[concat(subscription().id,'/resourceGroups/', parameters('Workspace').ResourceGroupName, '/providers/Microsoft.OperationalInsights/workspaces/', parameters('workspace').Name)]" } }, { "type": "Microsoft.Security/settings", "apiVersion": "2019-01-01", "name": "[variables('dataExportNames')[copyIndex('DataExportCopy')]]", "kind": "DataExportSettings", "properties": { "enabled": true }, "copy": { "name": "DataExportCopy", "count": "[length(variables('dataExportNames'))]" } }, { "condition": "[parameters('AssignUkNhs')]", "type": "Microsoft.Authorization/policyAssignments", "name": "[variables('ukNHS')]", "apiVersion": "2019-09-01", "identity": { "type": "SystemAssigned" }, "metadata": { "assignedBy": "[variables('assignedBy')]", "category": "Regulatory Compliance" }, "location": "[parameters('InitiativeLocation')]", "properties": { "displayName": "[variables('ukNHS')]", "scope": "[subscription().id]", "enforcementMode": "Default", "policyDefinitionId": "/providers/Microsoft.Authorization/policySetDefinitions/3937f550-eedd-4639-9c5e-294358be442e" } } ] } |