AVD Alerts v2.2.0 update - docs, sub opt for LAW, bug fixes #315 and #457

docs/content/patterns/alz/HowTo/Bring-your-own-Managed-Identity.md

@@ -1,7 +1,7 @@
 ---
 title: Bring Your Own User Assigned Managed Identity
 geekdocCollapseSection: true
-weight: 95
+weight: 80
 ---
 
 ## Overview

docs/content/patterns/alz/HowTo/Bring-your-own-Notifications.md

@@ -1,7 +1,7 @@
 ---
 title: Bring Your Own Notifications
 geekdocCollapseSection: true
-weight: 100
+weight: 90
 ---
 
 ## Overview

docs/content/patterns/alz/HowTo/Cleaning-up-a-Deployment.md

@@ -1,7 +1,7 @@
 ---
 title: Clean-up AMBA-ALZ Deployment
 geekdocCollapseSection: true
-weight: 70
+weight: 52
 ---
 
 In some cases, you may need to remove all resources deployed by the AMBA-ALZ solution. The following instructions provide a detailed guide on executing a PowerShell script to delete all deployed resources, including:

docs/content/patterns/alz/HowTo/Disabling-Policies.md

@@ -52,7 +52,7 @@ If "allOf" evaluates to true, the policy effect is satisfied, and deployment doe
 
 1. Set AlertState to "false" for relevant policies via command line or parameter file.
 2. Deploy the policies and assignments.
-3. Identify non-compliant policies based on alerts to be disabled. Remediate these policies through the portal or use the script at [patterns/alz/scripts/Start-AMBARemediation](https://github.com/Azure/azure-monitor-baseline-alerts/blob/main/patterns/alz/scripts/Start-AMBARemediation.ps1).
+3. Identify non-compliant policies based on alerts to be disabled. Remediate these policies through the portal or use the script at [patterns/alz/scripts/Start-AMBA-ALZ-Remediation](https://github.com/Azure/azure-monitor-baseline-alerts/blob/main/patterns/alz/scripts/Start-AMBA-ALZ-Remediation.ps1).
 
 Note: This approach disables alerts but does not delete them. Delete alerts manually if needed. Ensure successful remediation before engaging PolicyEffect to avoid deploying new alerts.
 

docs/content/patterns/alz/HowTo/Telemetry.md

@@ -1,7 +1,7 @@
 ---
 title: Disable telemetry tracking
 geekdocCollapseSection: true
-weight: 90
+weight: 100
 ---
 
 <!-- markdownlint-disable -->

docs/content/patterns/alz/HowTo/Threshold-Override.md

@@ -1,7 +1,7 @@
 ---
 title: Override alert thresholds
 geekdocCollapseSection: true
-weight: 85
+weight: 70
 ---
 
 ## Overview

docs/content/patterns/alz/HowTo/UpdateToNewReleases/Update_to_release_2024_12_10.md

@@ -0,0 +1,13 @@
+---
+title: Updating to release 2024-12-10
+geekdocCollapseSection: true
+weight: 95
+---
+
+{{< hint type=Info >}}
+**_No pre-update or post-update actions_** are required.
+{{< /hint >}}
+
+## Update
+
+Complete the activities documented in the [Steps to update to the latest release](../#steps-to-update-to-the-latest-release) page.

docs/content/patterns/alz/HowTo/UpdateToNewReleases/_index.md

@@ -1,7 +1,7 @@
 ---
 title: Update to new releases
 geekdocCollapseSection: true
-weight: 71
+weight: 51
 ---
 
 ## What is included in the latest release

docs/content/patterns/alz/HowTo/deploy/Customize-Policy-Assignment.md

@@ -16,7 +16,7 @@ To adjust alert thresholds for one or more metric alerts, specify the relevant p
 
 Two versions of the parameter file are available:
 
-1. [alzArm.param.json](https://github.com/azure/azure-monitor-baseline-alerts/blob/2024-11-01/patterns/alz/alzArm.param.json) aligned with the latest release.
+1. [alzArm.param.json](https://github.com/azure/azure-monitor-baseline-alerts/blob/2024-12-10/patterns/alz/alzArm.param.json) aligned with the latest release.
 2. [alzArm.param.json](https://github.com/azure/azure-monitor-baseline-alerts/blob/main/patterns/alz/alzArm.param.json) aligned with the main branch.
 
 ### Applying Changes to the Parameter File

docs/content/patterns/alz/HowTo/deploy/Deploy-only-Service-Health-Alerts.md

@@ -23,7 +23,7 @@ In this example we will deploy the Service Health Policy Set Definition via Azur
 
 To start, you can either download a copy of the parameter file according the version of AMBA-ALZ you are going to deploy or clone/fork the repository.
 
-- [alzArm.param.json](https://github.com/azure/azure-monitor-baseline-alerts/blob/2024-11-01/patterns/alz/alzArm.param.json) aligned to the latest release
+- [alzArm.param.json](https://github.com/azure/azure-monitor-baseline-alerts/blob/2024-12-10/patterns/alz/alzArm.param.json) aligned to the latest release
 - [alzArm.param.json](https://github.com/azure/azure-monitor-baseline-alerts/blob/main/patterns/alz/alzArm.param.json) aligned to the main branch
 
 The following changes apply to all scenarios, whether you are aligned or unaligned with ALZ or have a single management group.
@@ -253,7 +253,7 @@ The ```location``` variable refers to the deployment location. Deploying to mult
 Using your preferred command-line tool (Windows PowerShell, Cmd, Bash or other Unix shells), if you closed your previous session, navigate again to the root of the cloned repo and log on to Azure with an account with at least Resource Policy Contributor access at the root of the management group hierarchy where you will be creating the policies and Policy Set Definitions.
 
 ```bash
-az deployment mg create --template-uri https://raw.githubusercontent.com/Azure/azure-monitor-baseline-alerts/2024-11-01/patterns/alz/alzArm.json --name "amba-GeneralDeployment" --location $location --management-group-id $pseudoRootManagementGroup --parameters .\patterns\alz\alzArm.param.json
+az deployment mg create --template-uri https://raw.githubusercontent.com/Azure/azure-monitor-baseline-alerts/2024-12-10/patterns/alz/alzArm.json --name "amba-GeneralDeployment" --location $location --management-group-id $pseudoRootManagementGroup --parameters .\patterns\alz\alzArm.param.json
 ```
 
 </br>

docs/content/patterns/alz/HowTo/deploy/Deploy-via-Azure-Portal-UI.md

@@ -27,24 +27,44 @@ weight: 30
 
 ## Management Groups Settings Blade
 
-- Change the values on the Management Groups Settings blade to the following instructions:
+![Management Groups Settings Blade](../../../media/PortalAccelerator/MGSettings.png)
 
-  ![Management Groups Settings Blade](../../../media/PortalAccelerator/MGSettings.png)
+</br>
+
+In the Management Groups Settings blade, change the value of the policy set definitions you would like to enable according to the following instructions:
+
+- Set the value of _`Enable AMBA Service Health`_ to _`Yes`_. This initiative deploys Azure Monitor Baseline Alerts to monitor Service Health Events such as Service issues, Planned maintenance, Health advisories, Security advisories, and Resource health together with action groups for Service Health alerts notifications.
+- Change the value of _`Enable AMBA Connectivity`_ to _`Yes`_. This initiative deploys Azure Monitor Baseline Alerts to monitor Network components such as Azure Firewalls, ExpressRoute, VPN, and Private DNS Zones.
+- Change the value of _`Enable AMBA Identity`_ to _`Yes`_. This initiative deploys Azure Monitor Baseline Alerts to monitor Identity services such as Key Vaults, Managed HSMs.
+- Change the value of _`Enable AMBA Management`_ to _`Yes`_. This initiative deploys Azure Monitor Baseline Alerts to monitor Management services such as Log Analytics Workspaces, Storage Accounts, Automation Accounts.
+- Change the value of _`Enable AMBA Hybrid VM`_ to _`Yes`_ This initiative deploys Azure Monitor Baseline Alerts to monitor Azure Arc-enabled Servers.
+- Change the value of _`Enable AMBA Azure VM`_ to _`Yes`_ This initiative deploys Azure Monitor Baseline Alerts to monitor Azure Virtual Machines.
+- Change the value of _`Enable AMBA Key Management`_ to _`Yes`_ This initiative deploys Azure Monitor Baseline Alerts to monitor Key Management Services such as Azure Key Vault, and Managed HSM.
+- Change the value of _`Enable AMBA Load Balancing`_ to _`Yes`_ This initiative deploys Azure Monitor Baseline Alerts to monitor Load Balancing Services such as Load Balancer, Application Gateway, Traffic Manager, and Azure Front Door.
+- Change the value of _`Enable AMBA Network Changes`_ to _`Yes`_ This initiative implements Azure Monitor Baseline Alerts to monitor alterations in Network Routing and Security, such as modifications to Route Tables and the removal of Network Security Groups.
+- Change the value of _`Enable AMBA Recovery Services`_ to _`Yes`_ This initiative deploys Azure Monitor Baseline Alerts to monitor Recovery Services such as Azure Backup, and Azure Site Recovery.
+- Change the value of _`Enable AMBA Storage`_ to _`Yes`_ This initiative deploys Azure Monitor Baseline Alerts to monitor Storage Services such as Storage accounts.
+- Change the value of _`Enable AMBA Web`_ to _`Yes`_ This initiative deploys Azure Monitor Baseline Alerts to monitor Web Services such as App Services.
+- Set the value of _`Enable AMBA Notification Assets`_ to _`Yes`_. This configuration will deploy notification assets broad notifications.
+
+- Change the values on the Management Groups Settings blade according to the following instructions:
 
 ### If you are aligned to ALZ
 
 - Choose the value of _```Enterprise Scale Company Management Group```_ to the management group ID for Platform.
+- Choose the value of _```Platform Management Group```_ to the management group ID for Platform.
+- Choose the value of _```Connectivity Management Group```_ to the management group ID for Connectivity.
 - Choose the value of _```Identity Management Group```_ to the management group ID for Identity.
 - Choose the value of _```Management Management Group```_ to the management group ID for Management.
-- Choose the value of _```Connectivity Management Group```_ to the management group ID for Connectivity.
 - Choose the value of _```Landing Zone Management Group```_ to the management group ID for Landing Zones.
 
 ### If you are unaligned to ALZ
 
 - Choose the value of _`Enterprise Scale Company Management Group`_ to the management group ID for Platform. The same management group ID may be repeated.
+- Choose the value of _`Platform Management Group`_ to the management group ID for Platform. The same management group ID may be repeated.
+- Choose the value of _`Connectivity Management Group`_ to the management group ID for Connectivity. The same management group ID may be repeated.
 - Choose the value of _`Identity Management Group`_ to the management group ID for Identity. The same management group ID may be repeated.
 - Choose the value of _`Management Management Group`_ to the management group ID for Management. The same management group ID may be repeated.
-- Choose the value of _`Connectivity Management Group`_ to the management group ID for Connectivity. The same management group ID may be repeated.
 - Choose the value of _`Landing Zone Management Group`_ to the management group ID for Landing Zones. The same management group ID may be repeated.
 
 {{< hint type=note >}}
@@ -54,26 +74,16 @@ For ease of deployment and maintenance we have kept the same variables.
 ### If you have a single management group
 
 - Choose the value of _`Enterprise Scale Company Management Group`_ to the pseudo root management group ID, also called the "Intermediate Root Management Group".
+- Choose the value of _`Platform Management Group`_ to the pseudo root management group ID, also called the "Intermediate Root Management Group".
+- Choose the value of _`Connectivity Management Group`_ to the pseudo root management group ID, also called the "Intermediate Root Management Group".
 - Choose the value of _`Identity Management Group`_ to the pseudo root management group ID, also called the "Intermediate Root Management Group".
 - Choose the value of _`Management Management Group`_ to the pseudo root management group ID, also called the "Intermediate Root Management Group".
-- Choose the value of _`Connectivity Management Group`_ to the pseudo root management group ID, also called the "Intermediate Root Management Group".
 - Choose the value of _`Landing Zone Management Group`_ to the pseudo root management group ID, also called the "Intermediate Root Management Group".
 
 {{< hint type=note >}}
 For ease of deployment and maintenance we have kept the same variables.
 {{< /hint >}}
 
-- Set the value of _`Enable AMBA notification assets`_ to _`Yes`_. This configuration will deploy notification assets broad notifications.
-- Set the value of _`Enable AMBA Service Health`_ to _`Yes`_. This setting will assign the Service Health Policy Set Definition during deployment and deploy action groups for Service Health alerts notifications.
-- Change the value of _`Enable AMBA Hybrid VM`_ to _`Yes`_ This initiative deploys Azure Monitor Baseline Alerts to monitor Azure Arc-enabled Servers.
-- Change the value of _`Enable AMBA Key Management`_ to _`Yes`_ This initiative deploys Azure Monitor Baseline Alerts to monitor Key Management Services such as Azure Key Vault, and Managed HSM.
-- Change the value of _`Enable AMBA Load Balancing`_ to _`Yes`_ This initiative deploys Azure Monitor Baseline Alerts to monitor Load Balancing Services such as Load Balancer, Application Gateway, Traffic Manager, and Azure Front Door.
-- Change the value of _`Enable AMBA Network Changes`_ to _`Yes`_ This initiative implements Azure Monitor Baseline Alerts to monitor alterations in Network Routing and Security, such as modifications to Route Tables and the removal of Network Security Groups.
-- Change the value of _`Enable AMBA Recovery Services`_ to _`Yes`_ This initiative deploys Azure Monitor Baseline Alerts to monitor Recovery Services such as Azure Backup, and Azure Site Recovery.
-- Change the value of _`Enable AMBA Storage`_ to _`Yes`_ This initiative deploys Azure Monitor Baseline Alerts to monitor Storage Services such as Storage accounts.
-- Change the value of _`Enable AMBA VM`_ to _`Yes`_ This initiative deploys Azure Monitor Baseline Alerts to monitor Azure Virtual Machines.
-- Change the value of _`Enable AMBA Web`_ to _`Yes`_ This initiative deploys Azure Monitor Baseline Alerts to monitor Web Services such as App Services.
-
 ## Notification Settings Blade
 
 ![Notification Settings Blade](../../../media/PortalAccelerator/NotificationSettings.png)

docs/content/patterns/alz/HowTo/deploy/Deploy-with-Azure-CLI.md

@@ -44,7 +44,7 @@ If you have customized the policies as described in [How to modify individual po
 {{< /hint >}}
 
 ```bash
-az deployment mg create --name "amba-GeneralDeployment" --template-uri https://raw.githubusercontent.com/Azure/azure-monitor-baseline-alerts/2024-11-01/patterns/alz/alzArm.json --location $location --management-group-id $pseudoRootManagementGroup --parameters ".\patterns\alz\alzArm.param.json"
+az deployment mg create --name "amba-GeneralDeployment" --template-uri https://raw.githubusercontent.com/Azure/azure-monitor-baseline-alerts/2024-12-10/patterns/alz/alzArm.json --location $location --management-group-id $pseudoRootManagementGroup --parameters ".\patterns\alz\alzArm.param.json"
 ```
 
 ## Next Steps

docs/content/patterns/alz/HowTo/deploy/Deploy-with-Azure-PowerShell.md

@@ -51,7 +51,7 @@ New-AzManagementGroupDeployment -Name "amba-GeneralDeployment" -ManagementGroupI
 {{< /hint >}}
 
 ```powershell
-New-AzManagementGroupDeployment -Name "amba-GeneralDeployment" -ManagementGroupId $pseudoRootManagementGroup -Location $location -TemplateUri "https://raw.githubusercontent.com/Azure/azure-monitor-baseline-alerts/2024-11-01/patterns/alz/alzArm.json" -TemplateParameterFile ".\patterns\alz\alzArm.param.json"
+New-AzManagementGroupDeployment -Name "amba-GeneralDeployment" -ManagementGroupId $pseudoRootManagementGroup -Location $location -TemplateUri "https://raw.githubusercontent.com/Azure/azure-monitor-baseline-alerts/2024-12-10/patterns/alz/alzArm.json" -TemplateParameterFile ".\patterns\alz\alzArm.param.json"
 ```
 
 ## Next Steps