Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update tier3.bicep Adding Defender configuration to Tier 3 #725

Merged
merged 11 commits into from
Sep 1, 2022
Merged

Update tier3.bicep Adding Defender configuration to Tier 3 #725

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
d33ea98
Update tier3.bicep
LManning-Dev Jul 18, 2022
1ff3a9b
Tier 3 Defender Update
LManning-Dev Jul 27, 2022
e845594
Update Tier3. Removing Duplicate parameters and moving comments up
LManning-Dev Jul 27, 2022
dea4b99
Merge branch 'main' into loganmanning/tier3defender_723
lisamurphy-msft Aug 4, 2022
6c42098
Adding New Outputs to the Bicep Core Readme Documentation
LManning-Dev Aug 15, 2022
13d86e2
Merge branch 'loganmanning/tier3defender_723' of https://github.com/L…
LManning-Dev Aug 15, 2022
5a69cab
Merge branch 'main' into loganmanning/tier3defender_723
lisamurphy-msft Aug 24, 2022
c672e6b
Merge branch 'main' into loganmanning/tier3defender_723
lisamurphy-msft Aug 29, 2022
b57af12
Merge branch 'main' into loganmanning/tier3defender_723
lisamurphy-msft Aug 30, 2022
dc35bd8
Merge branch 'main' into loganmanning/tier3defender_723
lisamurphy-msft Aug 31, 2022
f1eef04
Removing parameters from the Tier3 Readme that are not needed because…
LManning-Dev Sep 1, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions src/bicep/add-ons/tier3/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,8 @@ resourcePrefix | mlz | A prefix, 3 to 10 characters in length, to append to reso
Optional Parameters | Default | Description
------------------- | ------- | -----------
virtualNetworkAddressPrefix | 10.0.125.0/26 | The address prefix for the network spoke vnet.
deployDefender | Output from mlz.bicep (false) | When set to "true", enables Microsoft Defender for Cloud for the subscriptions used in the deployment. It defaults to "false".
lisamurphy-msft marked this conversation as resolved.
Show resolved Hide resolved
emailSecurityContact | Output from mlz.bicep (empty '') | Email address of the contact, in the form of [email protected]
lisamurphy-msft marked this conversation as resolved.
Show resolved Hide resolved

### Generate MLZ Variable File

Expand Down
15 changes: 15 additions & 0 deletions src/bicep/add-ons/tier3/tier3.bicep
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,12 @@ param logAnalyticsWorkspaceResourceId string = mlzDeploymentVariables.logAnalyti
param logAnalyticsWorkspaceName string = mlzDeploymentVariables.logAnalyticsWorkspaceName.Value
param firewallPrivateIPAddress string = mlzDeploymentVariables.firewallPrivateIPAddress.Value

@description('When set to "true", enables Microsoft Defender for Cloud for the subscriptions used in the deployment. It defaults to "false".')
param deployDefender bool = mlzDeploymentVariables.deployDefender.Value
@description('Email address of the contact, in the form of [email protected]')
param emailSecurityContact string = mlzDeploymentVariables.emailSecurityContact.Value


@description('The address prefix for the network spoke vnet.')
param virtualNetworkAddressPrefix string = '10.0.125.0/26'

Expand Down Expand Up @@ -190,6 +196,15 @@ module workloadSubscriptionActivityLogging '../../modules/central-logging.bicep'
]
}

module spokeDefender '../../modules/defender.bicep' = if (deployDefender) {
name: 'set-${workloadName}-sub-defender'
scope: subscription(workloadSubscriptionId)
params: {
logAnalyticsWorkspaceId: logAnalyticsWorkspaceResourceId
emailSecurityContact: emailSecurityContact
}
}

output resourceGroupName string = resourceGroup.outputs.name
output location string = resourceGroup.outputs.location
output tags object = resourceGroup.outputs.tags
Expand Down
4 changes: 4 additions & 0 deletions src/bicep/mlz.bicep
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1048,6 +1048,10 @@ output hub object = {
networkSecurityGroupResourceId: hubNetwork.outputs.networkSecurityGroupResourceId
}

output deployDefender bool = deployDefender

output emailSecurityContact string = emailSecurityContact

output logAnalyticsWorkspaceName string = logAnalyticsWorkspace.outputs.name

output logAnalyticsWorkspaceResourceId string = logAnalyticsWorkspace.outputs.id
Expand Down