Enhancement: Policy Refresh H2 FY24 and Changes for AMA

infra-as-code/bicep/modules/logging/README.md

@@ -115,7 +115,9 @@ New-AzResourceGroup `
 
 New-AzResourceGroupDeployment @inputObject
 ```
+
 OR
+
 ```powershell
 # For Azure China regions
 # Set Platform management subscripion ID as the the current subscription

infra-as-code/bicep/modules/logging/generateddocs/logging.bicep.md

@@ -9,12 +9,20 @@ Parameter name | Required | Description
 parGlobalResourceLock | No       | Global Resource Lock Configuration used for all resources deployed in this module.  - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock.  
 parLogAnalyticsWorkspaceName | No       | Log Analytics Workspace name.
 parLogAnalyticsWorkspaceLocation | No       | Log Analytics region name - Ensure the regions selected is a supported mapping as per: https://docs.microsoft.com/azure/automation/how-to/region-mappings.
+parDataCollectionRuleVMInsightsName | No       | VM Insights Data Collection Rule name for AMA integration.
+parDataCollectionRuleVMInsightsLock | No       | Resource Lock Configuration for VM Insights Data Collection Rule.  - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock.  
+parDataCollectionRuleChangeTrackingName | No       | Change Tracking Data Collection Rule name for AMA integration.
+parDataCollectionRuleChangeTrackingLock | No       | Resource Lock Configuration for Change Tracking Data Collection Rule.  - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock.  
+parDataCollectionRuleMDFCSQLName | No       | MDFC for SQL Data Collection Rule name for AMA integration.
+parDataCollectionRuleMDFCSQLLock | No       | Resource Lock Configuration for MDFC Defender for SQL Data Collection Rule.  - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock.  
 parLogAnalyticsWorkspaceSkuName | No       | Log Analytics Workspace sku name.
 parLogAnalyticsWorkspaceCapacityReservationLevel | No       | Log Analytics Workspace Capacity Reservation Level. Only used if parLogAnalyticsWorkspaceSkuName is set to CapacityReservation.
 parLogAnalyticsWorkspaceLogRetentionInDays | No       | Number of days of log retention for Log Analytics Workspace.
 parLogAnalyticsWorkspaceLock | No       | Resource Lock Configuration for Log Analytics Workspace.  - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock.  
 parLogAnalyticsWorkspaceSolutions | No       | Solutions that will be added to the Log Analytics Workspace.
 parLogAnalyticsWorkspaceSolutionsLock | No       | Resource Lock Configuration for Log Analytics Workspace Solutions.  - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock.  
+parUserAssignedManagedIdentityName | No       | Name of the User Assigned Managed Identity required for authenticating Azure Monitoring Agent to Azure.
+parUserAssignedManagedIdentityLocation | No       | User Assigned Managed Identity location.
 parLogAnalyticsWorkspaceLinkAutomationAccount | No       | Log Analytics Workspace should be linked with the automation account.
 parAutomationAccountName | No       | Automation account name.
 parAutomationAccountLocation | No       | Automation Account region name. - Ensure the regions selected is a supported mapping as per: https://docs.microsoft.com/azure/automation/how-to/region-mappings.
@@ -57,6 +65,69 @@ Log Analytics region name - Ensure the regions selected is a supported mapping a
 
 - Default value: `[resourceGroup().location]`
 
+### parDataCollectionRuleVMInsightsName
+
+![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
+
+VM Insights Data Collection Rule name for AMA integration.
+
+- Default value: `alz-ama-vmi-dcr`
+
+### parDataCollectionRuleVMInsightsLock
+
+![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
+
+Resource Lock Configuration for VM Insights Data Collection Rule.
+
+- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None.
+- `notes` - Notes about this lock.
+
+
+
+- Default value: `@{kind=None; notes=This lock was created by the ALZ Bicep Logging Module.}`
+
+### parDataCollectionRuleChangeTrackingName
+
+![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
+
+Change Tracking Data Collection Rule name for AMA integration.
+
+- Default value: `alz-ama-ct-dcr`
+
+### parDataCollectionRuleChangeTrackingLock
+
+![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
+
+Resource Lock Configuration for Change Tracking Data Collection Rule.
+
+- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None.
+- `notes` - Notes about this lock.
+
+
+
+- Default value: `@{kind=None; notes=This lock was created by the ALZ Bicep Logging Module.}`
+
+### parDataCollectionRuleMDFCSQLName
+
+![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
+
+MDFC for SQL Data Collection Rule name for AMA integration.
+
+- Default value: `alz-ama-mdfcsql-dcr`
+
+### parDataCollectionRuleMDFCSQLLock
+
+![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
+
+Resource Lock Configuration for MDFC Defender for SQL Data Collection Rule.
+
+- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None.
+- `notes` - Notes about this lock.
+
+
+
+- Default value: `@{kind=None; notes=This lock was created by the ALZ Bicep Logging Module.}`
+
 ### parLogAnalyticsWorkspaceSkuName
 
 ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
@@ -104,9 +175,9 @@ Resource Lock Configuration for Log Analytics Workspace.
 
 Solutions that will be added to the Log Analytics Workspace.
 
-- Default value: `AgentHealthAssessment AntiMalware ChangeTracking Security SecurityInsights SQLAdvancedThreatProtection SQLVulnerabilityAssessment SQLAssessment Updates VMInsights`
+- Default value: `AntiMalware Security SecurityInsights ServiceMap`
 
-- Allowed values: `AgentHealthAssessment`, `AntiMalware`, `ChangeTracking`, `Security`, `SecurityInsights`, `ServiceMap`, `SQLAdvancedThreatProtection`, `SQLVulnerabilityAssessment`, `SQLAssessment`, `Updates`, `VMInsights`
+- Allowed values: `AntiMalware`, `Security`, `SecurityInsights`, `ServiceMap`
 
 ### parLogAnalyticsWorkspaceSolutionsLock
 
@@ -121,6 +192,22 @@ Resource Lock Configuration for Log Analytics Workspace Solutions.
 
 - Default value: `@{kind=None; notes=This lock was created by the ALZ Bicep Logging Module.}`
 
+### parUserAssignedManagedIdentityName
+
+![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
+
+Name of the User Assigned Managed Identity required for authenticating Azure Monitoring Agent to Azure.
+
+- Default value: `alz-logging-mi`
+
+### parUserAssignedManagedIdentityLocation
+
+![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
+
+User Assigned Managed Identity location.
+
+- Default value: `[resourceGroup().location]`
+
 ### parLogAnalyticsWorkspaceLinkAutomationAccount
 
 ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
@@ -255,6 +342,33 @@ outAutomationAccountId | string |
         "parLogAnalyticsWorkspaceLocation": {
             "value": "[resourceGroup().location]"
         },
+        "parDataCollectionRuleVMInsightsName": {
+            "value": "alz-ama-vmi-dcr"
+        },
+        "parDataCollectionRuleVMInsightsLock": {
+            "value": {
+                "kind": "None",
+                "notes": "This lock was created by the ALZ Bicep Logging Module."
+            }
+        },
+        "parDataCollectionRuleChangeTrackingName": {
+            "value": "alz-ama-ct-dcr"
+        },
+        "parDataCollectionRuleChangeTrackingLock": {
+            "value": {
+                "kind": "None",
+                "notes": "This lock was created by the ALZ Bicep Logging Module."
+            }
+        },
+        "parDataCollectionRuleMDFCSQLName": {
+            "value": "alz-ama-mdfcsql-dcr"
+        },
+        "parDataCollectionRuleMDFCSQLLock": {
+            "value": {
+                "kind": "None",
+                "notes": "This lock was created by the ALZ Bicep Logging Module."
+            }
+        },
         "parLogAnalyticsWorkspaceSkuName": {
             "value": "PerGB2018"
         },
@@ -272,16 +386,10 @@ outAutomationAccountId | string |
         },
         "parLogAnalyticsWorkspaceSolutions": {
             "value": [
-                "AgentHealthAssessment",
                 "AntiMalware",
-                "ChangeTracking",
                 "Security",
                 "SecurityInsights",
-                "SQLAdvancedThreatProtection",
-                "SQLVulnerabilityAssessment",
-                "SQLAssessment",
-                "Updates",
-                "VMInsights"
+                "ServiceMap"
             ]
         },
         "parLogAnalyticsWorkspaceSolutionsLock": {
@@ -290,6 +398,12 @@ outAutomationAccountId | string |
                 "notes": "This lock was created by the ALZ Bicep Logging Module."
             }
         },
+        "parUserAssignedManagedIdentityName": {
+            "value": "alz-logging-mi"
+        },
+        "parUserAssignedManagedIdentityLocation": {
+            "value": "[resourceGroup().location]"
+        },
         "parLogAnalyticsWorkspaceLinkAutomationAccount": {
             "value": true
         },