Closed cloudchristoph closed 2 months ago
Thanks for reporting @cloudchristoph, we are looking into this now across all ALZ implementation options.
Would you be interested in submitting a PR to ALZ Bicep for these changes?
Would you be interested in submitting a PR to ALZ Bicep for these changes?
Yes. Will develop an update at the end of this week. Sure.
What happened? Provide a clear and concise description of the bug, including deployment details.
Currently the activation of Sentinel is done via deployment of the
SecurityInsights
solution to the Log Analytics Workspace.This is deprecated and won't work after July 1st (i.e. now) . I learned this via E-Mail from MS (see screenshot below).
The "new" method uses the OnboardingStates API (see: https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/what-s-new-azure-sentinel-new-onboarding-offboarding-api/ba-p/2640471).
We should implement the new method based on this ARM template: https://github.com/Azure/Azure-Sentinel/blob/master/Tools/ARM-Templates/Onboarding/OnboardSentinel.json
This is a first draft - untested for now, but should head us in the right direction:
Best, Christoph
Please provide the correlation id associated with your error or bug.
xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
What was the expected outcome?
No response
Relevant log output
No response
Check previous GitHub issues
Code of Conduct