Merge pull request Azure#11617 from anders-alex/mdvm-connector-updates

Deployment fixes and updates.
malowe101 · Jan 15, 2025 · 39270c3 · 39270c3
2 parents fafd0a9 + 752e29a
commit 39270c3
Show file tree

Hide file tree

Showing 12 changed files with 711 additions and 406 deletions.
diff --git a/DataConnectors/M365Defender-VulnerabilityManagement/azureDeploy.json b/DataConnectors/M365Defender-VulnerabilityManagement/azureDeploy.json
diff --git a/DataConnectors/M365Defender-VulnerabilityManagement/main.bicep b/DataConnectors/M365Defender-VulnerabilityManagement/main.bicep
diff --git a/...nnectors/M365Defender-VulnerabilityManagement/maintenance/deployLatestFunctionPackage.ps1 b/...nnectors/M365Defender-VulnerabilityManagement/maintenance/deployLatestFunctionPackage.ps1
@@ -1,5 +1,5 @@
 param(
-    [string] $PackageUri = 'https://raw.githubusercontent.com/anders-alex/Azure-Sentinel/DataConnector-M365Defender-VulnerabilityManagement/DataConnectors/M365Defender-VulnerabilityManagement/functionPackage.zip',
+    [string] $PackageUri = 'https://raw.githubusercontent.com/Azure/Azure-Sentinel/refs/heads/master/DataConnectors/M365Defender-VulnerabilityManagement/functionPackage.zip',
     [string] $ResourceGroupName,
     [string] $FunctionAppName
 )

diff --git a/DataConnectors/M365Defender-VulnerabilityManagement/modules/customDcrTables.bicep b/DataConnectors/M365Defender-VulnerabilityManagement/modules/customDcrTables.bicep
@@ -9,23 +9,25 @@ param LogAnalyticsWorkspaceLocation string
 @description('Optional: Managed Identity or Service Principal ID to be assigned the Metrics Publisher role on the data collection rule.')
 param ServicePrincipalId string = ''
 
-resource dce 'Microsoft.Insights/dataCollectionEndpoints@2021-09-01-preview' = {
+var roleDefId = '/providers/Microsoft.Authorization/roleDefinitions/3913510d-42f4-4e42-8a64-420c390055eb'
+
+resource dce 'Microsoft.Insights/dataCollectionEndpoints@2023-03-11' = {
   name: DataCollectionEndpointName
   location: LogAnalyticsWorkspaceLocation
   properties: {}
 }
 
-resource roleAssignmentDcr 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = if (ServicePrincipalId != '') {
-  name: guid(dcr.id, '/providers/Microsoft.Authorization/roleDefinitions/3913510d-42f4-4e42-8a64-420c390055eb')
+resource roleAssignmentDcr 'Microsoft.Authorization/roleAssignments@2022-04-01' = if (ServicePrincipalId != '') {
+  name: guid(dcr.id, roleDefId, ServicePrincipalId)
   scope: dcr
   properties: {
-    roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/3913510d-42f4-4e42-8a64-420c390055eb'
+    roleDefinitionId: roleDefId
     principalId: ServicePrincipalId
     principalType: 'ServicePrincipal'
   }
 }
 
-resource dcr 'Microsoft.Insights/dataCollectionRules@2022-06-01' = {
+resource dcr 'Microsoft.Insights/dataCollectionRules@2023-03-11' = {
   dependsOn: [
     tableMDVMCveKb
     tableMDVMRecommendations

diff --git a/DataConnectors/M365Defender-VulnerabilityManagement/modules/functionApp.bicep b/DataConnectors/M365Defender-VulnerabilityManagement/modules/functionApp.bicep
@@ -0,0 +1,59 @@
+param FunctionAppName string
+param Location string
+param UserAssignedMiId string
+param UserAssignedMiPrincipalId string
+param HostingPlanId string
+param EnablePrivateNetworking bool
+param FunctionAppSubnetId string = ''
+param AppSettings array
+param DeployFunctionCode bool
+param RoleIdOwner string
+
+resource functionApp 'Microsoft.Web/sites@2024-04-01' = {
+  name: FunctionAppName
+  location: Location
+  identity: {
+    type: 'UserAssigned'
+    userAssignedIdentities: {
+      '${UserAssignedMiId}': {}
+    }
+  }
+  kind: 'functionapp'
+  properties: {
+    serverFarmId: HostingPlanId
+    keyVaultReferenceIdentity: UserAssignedMiId
+    httpsOnly: true
+    clientCertEnabled: true
+    clientCertMode: 'OptionalInteractiveUser'
+    virtualNetworkSubnetId: EnablePrivateNetworking == true ? FunctionAppSubnetId : (null)
+    vnetContentShareEnabled: EnablePrivateNetworking == true ? true : false
+    vnetRouteAllEnabled: EnablePrivateNetworking == true ? true : false 
+    siteConfig: {
+      appSettings: AppSettings
+      powerShellVersion: '7.4'
+      minTlsVersion: '1.2' 
+      ftpsState: 'Disabled'
+      http20Enabled: true
+      alwaysOn: true
+      publicNetworkAccess: 'Enabled'
+      cors: {
+        allowedOrigins: [
+          'https://portal.azure.com'
+        ] 
+      }  
+    }
+  }
+}
+
+resource roleAssignmentFa 'Microsoft.Authorization/roleAssignments@2022-04-01' = if (DeployFunctionCode == true) {
+  name: guid(subscription().id, resourceGroup().id, UserAssignedMiId)
+  scope: functionApp
+  properties: {
+    principalId: UserAssignedMiPrincipalId
+    roleDefinitionId: RoleIdOwner
+    principalType: 'ServicePrincipal'
+  }
+}
+
+output functionAppName string = functionApp.name
+output functionAppId string = functionApp.id
diff --git a/DataConnectors/M365Defender-VulnerabilityManagement/modules/functionAppPE.bicep b/DataConnectors/M365Defender-VulnerabilityManagement/modules/functionAppPE.bicep
@@ -4,7 +4,7 @@ param PrivateEndpointSubnetId string
 param Location string
 param VnetId string
 
-resource peFunctionApp 'Microsoft.Network/privateEndpoints@2022-07-01' = {
+resource peFunctionApp 'Microsoft.Network/privateEndpoints@2024-05-01' = {
   name: 'pe-${FunctionAppName}'
   location: Location
   properties: { 
@@ -25,12 +25,12 @@ resource peFunctionApp 'Microsoft.Network/privateEndpoints@2022-07-01' = {
   } 
 }
 
-resource privateDnsZoneFunctionApp 'Microsoft.Network/privateDnsZones@2020-06-01' = {
+resource privateDnsZoneFunctionApp 'Microsoft.Network/privateDnsZones@2024-06-01' = {
   name: 'privatelink.azurewebsites.net'
   location: 'global'
 }
 
-resource privateDnsZoneLinkFunctionApp 'Microsoft.Network/privateDnsZones/virtualNetworkLinks@2020-06-01' = {
+resource privateDnsZoneLinkFunctionApp 'Microsoft.Network/privateDnsZones/virtualNetworkLinks@2024-06-01' = {
   name: '${privateDnsZoneFunctionApp.name}-link'
   parent: privateDnsZoneFunctionApp
   location: 'global'
@@ -42,7 +42,7 @@ resource privateDnsZoneLinkFunctionApp 'Microsoft.Network/privateDnsZones/virtua
   }   
 }
 
-resource peDnsGroupFunctionApp 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2022-07-01' = {
+resource peDnsGroupFunctionApp 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2024-05-01' = {
   name: 'dnsGroup'
   parent: peFunctionApp
   properties: {

diff --git a/DataConnectors/M365Defender-VulnerabilityManagement/modules/lawCustomTable.bicep b/DataConnectors/M365Defender-VulnerabilityManagement/modules/lawCustomTable.bicep
@@ -4,11 +4,11 @@ param Plan string
 param Columns array
 param Retention int = -1
 
-resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2022-10-01' existing = {
+resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2023-09-01' existing = {
   name: LawName
 }
 
-resource table 'Microsoft.OperationalInsights/workspaces/tables@2022-10-01' = {
+resource table 'Microsoft.OperationalInsights/workspaces/tables@2023-09-01' = {
   parent: logAnalyticsWorkspace
   name: TableName
   properties: {

diff --git a/DataConnectors/M365Defender-VulnerabilityManagement/modules/lawRoleAssignment.bicep b/DataConnectors/M365Defender-VulnerabilityManagement/modules/lawRoleAssignment.bicep
@@ -18,36 +18,36 @@ var roleDescription = 'Provides access to query Sentinel Watchlists and alert ru
 
 var roleDefName = guid(resourceGroup().id, string(Actions), string(NotActions))
 
-resource law 'Microsoft.OperationalInsights/workspaces@2022-10-01' existing = {
+resource law 'Microsoft.OperationalInsights/workspaces@2023-09-01' existing = {
   name: LawName  
  }
 
- resource tableMDVMCveKb 'Microsoft.OperationalInsights/workspaces/tables@2022-10-01' existing = {
+ resource tableMDVMCveKb 'Microsoft.OperationalInsights/workspaces/tables@2023-09-01' existing = {
    parent: law
    name: 'MDVMCVEKB_CL'
  }
 
- resource tableMDVMRecommendations 'Microsoft.OperationalInsights/workspaces/tables@2022-10-01' existing = {
+ resource tableMDVMRecommendations 'Microsoft.OperationalInsights/workspaces/tables@2023-09-01' existing = {
    parent: law
    name: 'MDVMRecommendations_CL'
  }
 
- resource tableMDVMVulnerabilitiesByDevice 'Microsoft.OperationalInsights/workspaces/tables@2022-10-01' existing = {
+ resource tableMDVMVulnerabilitiesByDevice 'Microsoft.OperationalInsights/workspaces/tables@2023-09-01' existing = {
    parent: law
    name: 'MDVMVulnerabilitiesByDevice_CL'
  }
 
- resource tableMDVMNistCveKb 'Microsoft.OperationalInsights/workspaces/tables@2022-10-01' existing = {
+ resource tableMDVMNistCveKb 'Microsoft.OperationalInsights/workspaces/tables@2023-09-01' existing = {
    parent: law
    name: 'MDVMNistCveKb_CL'
  }
 
- resource tableMDVMNISTConfigurations 'Microsoft.OperationalInsights/workspaces/tables@2022-10-01' existing = {
+ resource tableMDVMNISTConfigurations 'Microsoft.OperationalInsights/workspaces/tables@2023-09-01' existing = {
    parent: law
    name: 'MDVMNISTConfigurations_CL'
  }
 
- resource tableMDVMSecureConfigurationsByDevice'Microsoft.OperationalInsights/workspaces/tables@2022-10-01' existing = {
+ resource tableMDVMSecureConfigurationsByDevice'Microsoft.OperationalInsights/workspaces/tables@2023-09-01' existing = {
    parent: law
    name: 'MDVMSecureConfigurationsByDevice_CL'
  }

diff --git a/DataConnectors/M365Defender-VulnerabilityManagement/modules/privateNetwork.bicep b/DataConnectors/M365Defender-VulnerabilityManagement/modules/privateNetwork.bicep
@@ -10,7 +10,7 @@ param location string
 param PrincipalId string
 param DeployCode bool
 
-resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = {
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2024-05-01' = {
   name: 'vnet-${FunctionAppName}'
   location: location
   properties: {
@@ -50,7 +50,7 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = {
   }    
 }
 
-resource peKeyVault 'Microsoft.Network/privateEndpoints@2022-07-01' = {
+resource peKeyVault 'Microsoft.Network/privateEndpoints@2024-05-01' = {
   name: 'pe-${KeyVaultName}'
   location: location
   properties: {
@@ -71,7 +71,7 @@ resource peKeyVault 'Microsoft.Network/privateEndpoints@2022-07-01' = {
   } 
 }
 
-resource peBlob 'Microsoft.Network/privateEndpoints@2022-07-01' = {
+resource peBlob 'Microsoft.Network/privateEndpoints@2024-05-01' = {
   name: 'pe-blob-${StorageAccountName}'
   location: location
   properties: {
@@ -92,7 +92,7 @@ resource peBlob 'Microsoft.Network/privateEndpoints@2022-07-01' = {
   } 
 }
 
-resource peQueue 'Microsoft.Network/privateEndpoints@2022-07-01' = {
+resource peQueue 'Microsoft.Network/privateEndpoints@2024-05-01' = {
   name: 'pe-queue-${StorageAccountName}'
   location: location
   properties: {
@@ -113,7 +113,7 @@ resource peQueue 'Microsoft.Network/privateEndpoints@2022-07-01' = {
   } 
 }
 
-resource peFile 'Microsoft.Network/privateEndpoints@2022-07-01' = {
+resource peFile 'Microsoft.Network/privateEndpoints@2024-05-01' = {
   name: 'pe-file-${StorageAccountName}'
   location: location
   properties: {
@@ -134,7 +134,7 @@ resource peFile 'Microsoft.Network/privateEndpoints@2022-07-01' = {
   } 
 }
 
-resource privateDnsZoneBlob 'Microsoft.Network/privateDnsZones@2020-06-01' = {
+resource privateDnsZoneBlob 'Microsoft.Network/privateDnsZones@2024-06-01' = {
   name: 'privatelink.blob.${environment().suffixes.storage}' 
   location: 'global'
   dependsOn: [
@@ -143,31 +143,31 @@ resource privateDnsZoneBlob 'Microsoft.Network/privateDnsZones@2020-06-01' = {
 }
 
 
-resource privateDnsZoneFile 'Microsoft.Network/privateDnsZones@2020-06-01' = {
+resource privateDnsZoneFile 'Microsoft.Network/privateDnsZones@2024-06-01' = {
   name: 'privatelink.file.${environment().suffixes.storage}'
   location: 'global'
   dependsOn: [
     virtualNetwork
   ]
 }
 
-resource privateDnsZoneQueue 'Microsoft.Network/privateDnsZones@2020-06-01' = {
+resource privateDnsZoneQueue 'Microsoft.Network/privateDnsZones@2024-06-01' = {
   name: 'privatelink.queue.${environment().suffixes.storage}'
   location: 'global'
   dependsOn: [
     virtualNetwork
   ]
 }
 
-resource privateDnsZoneKeyVault 'Microsoft.Network/privateDnsZones@2020-06-01' = {
+resource privateDnsZoneKeyVault 'Microsoft.Network/privateDnsZones@2024-06-01' = {
   name: 'privatelink.vaultcore.azure.net'
   location: 'global'
   dependsOn: [
     virtualNetwork
   ]
 }
 
-resource privateDnsZoneLinkBlob 'Microsoft.Network/privateDnsZones/virtualNetworkLinks@2020-06-01' = {
+resource privateDnsZoneLinkBlob 'Microsoft.Network/privateDnsZones/virtualNetworkLinks@2024-06-01' = {
   name: '${privateDnsZoneBlob.name}-link'
   parent: privateDnsZoneBlob
   location: 'global'
@@ -179,7 +179,7 @@ resource privateDnsZoneLinkBlob 'Microsoft.Network/privateDnsZones/virtualNetwor
   }   
 }
 
-resource privateDnsZoneLinkFile 'Microsoft.Network/privateDnsZones/virtualNetworkLinks@2020-06-01' = {
+resource privateDnsZoneLinkFile 'Microsoft.Network/privateDnsZones/virtualNetworkLinks@2024-06-01' = {
   name: '${privateDnsZoneFile.name}-link'
   parent: privateDnsZoneFile
   location: 'global'
@@ -191,7 +191,7 @@ resource privateDnsZoneLinkFile 'Microsoft.Network/privateDnsZones/virtualNetwor
   }   
 }
 
-resource privateDnsZoneLinkQueue 'Microsoft.Network/privateDnsZones/virtualNetworkLinks@2020-06-01' = {
+resource privateDnsZoneLinkQueue 'Microsoft.Network/privateDnsZones/virtualNetworkLinks@2024-06-01' = {
   name: '${privateDnsZoneQueue.name}-link'
   parent: privateDnsZoneQueue
   location: 'global'
@@ -203,7 +203,7 @@ resource privateDnsZoneLinkQueue 'Microsoft.Network/privateDnsZones/virtualNetwo
   }   
 }
 
-resource privateDnsZoneLinkKeyVault 'Microsoft.Network/privateDnsZones/virtualNetworkLinks@2020-06-01' = {
+resource privateDnsZoneLinkKeyVault 'Microsoft.Network/privateDnsZones/virtualNetworkLinks@2024-06-01' = {
   name: '${privateDnsZoneKeyVault.name}-link'
   parent: privateDnsZoneKeyVault
   location: 'global'
@@ -215,7 +215,7 @@ resource privateDnsZoneLinkKeyVault 'Microsoft.Network/privateDnsZones/virtualNe
   }   
 }
 
-resource peDnsGroupBlob 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2022-07-01' = {
+resource peDnsGroupBlob 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2024-05-01' = {
   name: 'dnsGroup'
   parent: peBlob 
   properties: {
@@ -230,7 +230,7 @@ resource peDnsGroupBlob 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups
   }
 }
 
-resource peDnsGroupFile 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2022-07-01' = {
+resource peDnsGroupFile 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2024-05-01' = {
   name: 'dnsGroup'
   parent: peFile 
   properties: {
@@ -245,7 +245,7 @@ resource peDnsGroupFile 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups
   }
 }
 
-resource peDnsGroupQueue 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2022-07-01' = {
+resource peDnsGroupQueue 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2024-05-01' = {
   name: 'dnsGroup'
   parent: peQueue
   properties: {
@@ -260,7 +260,7 @@ resource peDnsGroupQueue 'Microsoft.Network/privateEndpoints/privateDnsZoneGroup
   }
 }
 
-resource peDnsGroupKeyVault 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2022-07-01' = {
+resource peDnsGroupKeyVault 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2024-05-01' = {
   name: 'dnsGroup'
   parent: peKeyVault 
   properties: {
@@ -287,7 +287,7 @@ resource roleAssignmentVnet 'Microsoft.Authorization/roleAssignments@2022-04-01'
   }
 }
 
-resource nsg 'Microsoft.Network/networkSecurityGroups@2023-05-01' = {
+resource nsg 'Microsoft.Network/networkSecurityGroups@2024-05-01' = {
   name: 'nsg-sentinelmdvm'
   location: location
   /*

diff --git a/DataConnectors/M365Defender-VulnerabilityManagement/modules/sentinelWorkbooks.bicep b/DataConnectors/M365Defender-VulnerabilityManagement/modules/sentinelWorkbooks.bicep
@@ -11,7 +11,7 @@ param WorkbookIdCVEDetails string = guid(WorkbookSourceId, '79ac946b-2986-4274-a
 
 param Location string
 
-resource workbookId_resource 'microsoft.insights/workbooks@2021-03-08' = {
+resource workbookId_resource 'Microsoft.Insights/workbooks@2023-06-01' = {
   name: WorkbookIdVulnerabilityManagement
   location: Location
   kind: 'shared'
@@ -24,7 +24,7 @@ resource workbookId_resource 'microsoft.insights/workbooks@2021-03-08' = {
   }
 }
 
-resource cveDetailsWorkbook 'microsoft.insights/workbooks@2021-03-08' = {
+resource cveDetailsWorkbook 'Microsoft.Insights/workbooks@2023-06-01' = {
   name: WorkbookIdCVEDetails
   location: Location
   kind: 'shared'

diff --git a/DataConnectors/M365Defender-VulnerabilityManagement/readme.md b/DataConnectors/M365Defender-VulnerabilityManagement/readme.md
@@ -62,7 +62,7 @@ The Function App is configured to run daily at 12:00 AM UTC. You can either wait
 1. Open the newly deployed Function App in the Azure Portal.
 2. Select the **GetMDVMData** Function in the Overview section.
 3. Select **Code and Test**.
-4. Select **Test/Run**. Note: You will have to add https://portal.azure.com as an allowed [CORS](https://learn.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-rest-api) origin via the main Function App menu option (Under the API section). Also, if you deployed using private networking, you will either need to have connectivity to the private endpoint (and add the additional CORS origins as mentioned [here](https://learn.microsoft.com/en-us/azure/azure-functions/functions-networking-options?tabs=azure-cli#testing-considerations)), or temporarily remove [network access restrictions](https://learn.microsoft.com/en-us/azure/app-service/overview-access-restrictions).
+4. Select **Test/Run**. Note: If you deployed using private networking, you will either need to have connectivity to the private endpoint or, temporarily remove [network access restrictions](https://learn.microsoft.com/en-us/azure/app-service/overview-access-restrictions).
 5. Select **Run**.
 
 After a successful run, you should see data populated in the MDVM* custom tables.