From 851e5d7aaae4707d7888e6987adf70df3c3ae46e Mon Sep 17 00:00:00 2001 From: Sacha Narinx Date: Mon, 3 Jun 2024 11:43:29 +0400 Subject: [PATCH 1/3] Adding note to remove default assignments. --- docs/wiki/Whats-new.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/docs/wiki/Whats-new.md b/docs/wiki/Whats-new.md index 42bd28137c..f11efaecfc 100644 --- a/docs/wiki/Whats-new.md +++ b/docs/wiki/Whats-new.md @@ -119,6 +119,13 @@ This release includes: - Fixed the assignment for [Configure periodic checking for missing system updates on azure virtual machines](https://www.azadvertizer.net/azpolicyadvertizer/59efceea-0c96-497e-a4a1-4eb2290dac15.html) to use the correct RBAC role. - Added new initiative for Microsoft Defender for Endpoints [Configure multiple Microsoft Defender for Endpoint integration settings with Microsoft Defender for Cloud](https://www.azadvertizer.net/azpolicyinitiativesadvertizer/77b391e3-2d5d-40c3-83bf-65c846b3c6a3.html). +Special Note: some "assigned by default" initiative assignments have changed, will need to be deleted, and have the new version assigned instead: + +| Initiative | Display Name | Original Assignment Name | New Assignment Name | +| --- | --- | --- | --- | +| Deploy-MDFC-Deploy | Deploy Microsoft Defender for Cloud configuration | Deploy-MDFC-Deploy | Deploy-MDFC-Config-H224 | +| Deploy-EncryptTransit | Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit | Enforce-TLS-SSL | Enforce-TLS-SSL-H224 | + ### May 2024 #### Documentation From 687557d415a5d035eadad4778e945ffa5a445446 Mon Sep 17 00:00:00 2001 From: Sacha Narinx Date: Mon, 3 Jun 2024 12:24:19 +0400 Subject: [PATCH 2/3] chore: Update initiative assignment for Deploy-Diagnostics-LogAnalytics --- docs/wiki/Whats-new.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/wiki/Whats-new.md b/docs/wiki/Whats-new.md index f11efaecfc..e0e8e92ba3 100644 --- a/docs/wiki/Whats-new.md +++ b/docs/wiki/Whats-new.md @@ -125,6 +125,7 @@ Special Note: some "assigned by default" initiative assignments have changed, wi | --- | --- | --- | --- | | Deploy-MDFC-Deploy | Deploy Microsoft Defender for Cloud configuration | Deploy-MDFC-Deploy | Deploy-MDFC-Config-H224 | | Deploy-EncryptTransit | Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit | Enforce-TLS-SSL | Enforce-TLS-SSL-H224 | +| Deploy-Diagnostics-LogAnalytics | Deploy Diagnostic Settings to Azure Services | Deploy-Resource-Diag | Deploy-Diag-Logs | ### May 2024 From 92211505c842c0043d3e19a962da7d4e24e72d43 Mon Sep 17 00:00:00 2001 From: Jack Tracey <41163455+jtracey93@users.noreply.github.com> Date: Mon, 3 Jun 2024 10:57:29 +0100 Subject: [PATCH 3/3] Apply suggestions from code review --- docs/wiki/Whats-new.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/wiki/Whats-new.md b/docs/wiki/Whats-new.md index e0e8e92ba3..d6a02a8032 100644 --- a/docs/wiki/Whats-new.md +++ b/docs/wiki/Whats-new.md @@ -119,13 +119,13 @@ This release includes: - Fixed the assignment for [Configure periodic checking for missing system updates on azure virtual machines](https://www.azadvertizer.net/azpolicyadvertizer/59efceea-0c96-497e-a4a1-4eb2290dac15.html) to use the correct RBAC role. - Added new initiative for Microsoft Defender for Endpoints [Configure multiple Microsoft Defender for Endpoint integration settings with Microsoft Defender for Cloud](https://www.azadvertizer.net/azpolicyinitiativesadvertizer/77b391e3-2d5d-40c3-83bf-65c846b3c6a3.html). -Special Note: some "assigned by default" initiative assignments have changed, will need to be deleted, and have the new version assigned instead: +Special Note: Existing consumers of ALZ will notice that some "assigned by default" initiative assignments have been replaced/renamed to avoid breaking changes to existing assignments. Therefore the below original assignments will need to be deleted, and have the new version assigned instead: -| Initiative | Display Name | Original Assignment Name | New Assignment Name | -| --- | --- | --- | --- | -| Deploy-MDFC-Deploy | Deploy Microsoft Defender for Cloud configuration | Deploy-MDFC-Deploy | Deploy-MDFC-Config-H224 | -| Deploy-EncryptTransit | Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit | Enforce-TLS-SSL | Enforce-TLS-SSL-H224 | -| Deploy-Diagnostics-LogAnalytics | Deploy Diagnostic Settings to Azure Services | Deploy-Resource-Diag | Deploy-Diag-Logs | +| Initiative | Display Name | Original Assignment Name | New Assignment Name | Scope of Assignment | +| --- | --- | --- | --- | --- | +| Deploy-MDFC-Deploy | Deploy Microsoft Defender for Cloud configuration | Deploy-MDFC-Deploy | Deploy-MDFC-Config-H224 | Intermediate Root Management Group | +| Deploy-EncryptTransit | Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit | Enforce-TLS-SSL | Enforce-TLS-SSL-H224 | Landing Zones Management Group | +| Deploy-Diagnostics-LogAnalytics | Deploy Diagnostic Settings to Azure Services | Deploy-Resource-Diag | Deploy-Diag-Logs | Intermediate Root Management Group | ### May 2024