From 54697782e0f0c985e6e0dffe0a5cac6d7ff13e27 Mon Sep 17 00:00:00 2001 From: Andrew Kanieski Date: Tue, 20 Aug 2024 15:02:37 -0400 Subject: [PATCH 1/5] Changed new-ActionGroupReceiver to new syntax --- TemplateFiles/DeploymentFiles/AzTSSetup.ps1 | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/TemplateFiles/DeploymentFiles/AzTSSetup.ps1 b/TemplateFiles/DeploymentFiles/AzTSSetup.ps1 index a61c3157..a37b1599 100644 --- a/TemplateFiles/DeploymentFiles/AzTSSetup.ps1 +++ b/TemplateFiles/DeploymentFiles/AzTSSetup.ps1 @@ -1049,11 +1049,10 @@ function Set-AzTSMonitoringAlert $EmailReceivers = @() $SendAlertNotificationToEmailIds | ForEach-Object { - $EmailReceivers += New-AzActionGroupReceiver -Name "Notify_$($_)" -EmailReceiver -EmailAddress $_ + $EmailReceivers += New-AzActionGroupEmailReceiverObject -Name "Notify_$($_)" -EmailAddress $_ } - - $alertActionGroup = Set-AzActionGroup -Name ‘AzTSAlertActionGroup’ -ResourceGroupName $ScanHostRGName -ShortName ‘AzTSAlert’ -Receiver $EmailReceivers -WarningAction SilentlyContinue - + + $alertActionGroup = New-AzActionGroup -Name ‘AzTSAlertActionGroup’ -ResourceGroup $keyVaultRGName -ShortName ‘AzTSAlert’ -EmailReceiver $EmailReceivers -WarningAction SilentlyContinue if($DeploymentResult.Outputs.ContainsKey('logAnalyticsResourceId') -and $DeploymentResult.Outputs.ContainsKey('applicationInsightsId')) { @@ -2098,12 +2097,11 @@ function Grant-AzSKAccessOnKeyVaultToUserAssignedIdentity Write-Host "Creating monitoring alerts..." -ForegroundColor $([Constants]::MessageType.Info) $EmailReceivers = @() $SendAlertsToEmailIds | ForEach-Object { - $EmailReceivers += New-AzActionGroupReceiver -Name "Notify_$($_)" -EmailReceiver -EmailAddress $_ + $EmailReceivers += New-AzActionGroupEmailReceiverObject -Name "Notify_$($_)" -EmailAddress $_ } $keyVaultRGName = $ResourceId.Split("/")[4] # ResourceId is in format - /subscriptions/SubIdGuid/resourceGroups/RGName/providers/Microsoft.KeyVault/vaults/KeyVaultName - $alertActionGroupForKV = Set-AzActionGroup -Name ‘AzTSAlertActionGroupForKV’ -ResourceGroupName $keyVaultRGName -ShortName ‘AzTSKVAlert’ -Receiver $EmailReceivers -WarningAction SilentlyContinue - + $alertActionGroupForKV = New-AzActionGroup -Name ‘AzTSAlertActionGroupForKV’ -ResourceGroup $keyVaultRGName -ShortName ‘AzTSKVAlert’ -EmailReceiver $EmailReceivers -WarningAction SilentlyContinue $deploymentName = "AzTSenvironmentmonitoringsetupforkv-$([datetime]::Now.ToString("yyyymmddThhmmss"))" $alertQuery = [string]::Format([Constants]::UnintendedSecretAccessAlertQuery, $ResourceId, $ScanIdentitySecretUri, $UserAssignedIdentityObjectId) @@ -2943,4 +2941,4 @@ function Enable-ByDesignExceptionFeature return; } } -} \ No newline at end of file +} From 487afff1047936250d054427980979f1ee0f4b13 Mon Sep 17 00:00:00 2001 From: Andrew Kanieski Date: Tue, 20 Aug 2024 15:12:52 -0400 Subject: [PATCH 2/5] Update MMARemovalUtilitySetup.ps1 --- .../DeploymentFiles/MMARemovalUtilitySetup.ps1 | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/MMA Removal Utility/DeploymentFiles/MMARemovalUtilitySetup.ps1 b/MMA Removal Utility/DeploymentFiles/MMARemovalUtilitySetup.ps1 index 355dd8f9..800e8a65 100644 --- a/MMA Removal Utility/DeploymentFiles/MMARemovalUtilitySetup.ps1 +++ b/MMA Removal Utility/DeploymentFiles/MMARemovalUtilitySetup.ps1 @@ -1734,13 +1734,14 @@ function Grant-AzTSMMARemediationIdentityAccessOnKeyVault Write-Host "Creating monitoring alerts..." -ForegroundColor $([Constants]::MessageType.Info) $EmailReceivers = @() $SendAlertsToEmailIds | ForEach-Object { - $EmailReceivers += New-AzActionGroupReceiver -Name "Notify_$($_)" -EmailReceiver -EmailAddress $_ + $EmailReceivers += New-AzActionGroupEmailReceiverObject -Name "Notify_$($_)" -EmailAddress $_ } $keyVaultRGName = $ResourceId.Split("/")[4] # ResourceId is in format - /subscriptions/SubIdGuid/resourceGroups/RGName/providers/Microsoft.KeyVault/vaults/KeyVaultName - $alertActionGroupForKV = Set-AzActionGroup -Name 'MMARemovalUtilityActionGroupForKV' -ResourceGroupName $keyVault.ResourceGroupName -ShortName 'MMAKVAlert' -Receiver $EmailReceivers -WarningAction SilentlyContinue - - $deploymentName = "MMARemovalenvironmentmonitoringsetupforkv-$([datetime]::Now.ToString("yyyymmddThhmmss"))" + + $alertActionGroupForKV = Update-AzActionGroup -Name 'MMARemovalUtilityActionGroupForKV' -ResourceGroupName $keyVault.ResourceGroupName -Name 'MMAKVAlert' -EmailReceiver $EmailReceivers -WarningAction SilentlyContinue + + $deploymentName = "MMARemovalenvironmentmonitoringsetupforkv-$([datetime]::Now.ToString("yyyymmddThhmmss"))" $alertQuery = [string]::Format([Constants]::UnintendedSecretAccessAlertQuery, $ResourceId, $IdentitySecretUri, $UserAssignedIdentityObjectId) $deploymentOutput = New-AzResourceGroupDeployment -Name $deploymentName ` From d7d7dbb188bfb522130e201cfdc276a924b40445 Mon Sep 17 00:00:00 2001 From: Andrew Kanieski Date: Tue, 20 Aug 2024 15:15:16 -0400 Subject: [PATCH 3/5] Switched to Update-AzActionGroup instead of New --- TemplateFiles/DeploymentFiles/AzTSSetup.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/TemplateFiles/DeploymentFiles/AzTSSetup.ps1 b/TemplateFiles/DeploymentFiles/AzTSSetup.ps1 index a37b1599..deeb37df 100644 --- a/TemplateFiles/DeploymentFiles/AzTSSetup.ps1 +++ b/TemplateFiles/DeploymentFiles/AzTSSetup.ps1 @@ -1052,7 +1052,7 @@ function Set-AzTSMonitoringAlert $EmailReceivers += New-AzActionGroupEmailReceiverObject -Name "Notify_$($_)" -EmailAddress $_ } - $alertActionGroup = New-AzActionGroup -Name ‘AzTSAlertActionGroup’ -ResourceGroup $keyVaultRGName -ShortName ‘AzTSAlert’ -EmailReceiver $EmailReceivers -WarningAction SilentlyContinue + $alertActionGroup = Update-AzActionGroup -Name ‘AzTSAlertActionGroup’ -ResourceGroupName $keyVaultRGName -ShortName ‘AzTSAlert’ -EmailReceiver $EmailReceivers -WarningAction SilentlyContinue if($DeploymentResult.Outputs.ContainsKey('logAnalyticsResourceId') -and $DeploymentResult.Outputs.ContainsKey('applicationInsightsId')) { @@ -2101,7 +2101,7 @@ function Grant-AzSKAccessOnKeyVaultToUserAssignedIdentity } $keyVaultRGName = $ResourceId.Split("/")[4] # ResourceId is in format - /subscriptions/SubIdGuid/resourceGroups/RGName/providers/Microsoft.KeyVault/vaults/KeyVaultName - $alertActionGroupForKV = New-AzActionGroup -Name ‘AzTSAlertActionGroupForKV’ -ResourceGroup $keyVaultRGName -ShortName ‘AzTSKVAlert’ -EmailReceiver $EmailReceivers -WarningAction SilentlyContinue + $alertActionGroupForKV = New-AzActionGroup -Name ‘AzTSAlertActionGroupForKV’ -ResourceGroupName $keyVaultRGName -ShortName ‘AzTSKVAlert’ -EmailReceiver $EmailReceivers -WarningAction SilentlyContinue $deploymentName = "AzTSenvironmentmonitoringsetupforkv-$([datetime]::Now.ToString("yyyymmddThhmmss"))" $alertQuery = [string]::Format([Constants]::UnintendedSecretAccessAlertQuery, $ResourceId, $ScanIdentitySecretUri, $UserAssignedIdentityObjectId) From ac3bbf278dd17960e08521df0a8f07f9848262e6 Mon Sep 17 00:00:00 2001 From: Andrew Kanieski Date: Tue, 20 Aug 2024 16:42:36 -0400 Subject: [PATCH 4/5] Update AzTSSetup.ps1 --- TemplateFiles/DeploymentFiles/AzTSSetup.ps1 | 29 ++++++++++++++++++--- 1 file changed, 25 insertions(+), 4 deletions(-) diff --git a/TemplateFiles/DeploymentFiles/AzTSSetup.ps1 b/TemplateFiles/DeploymentFiles/AzTSSetup.ps1 index deeb37df..af8d6f7d 100644 --- a/TemplateFiles/DeploymentFiles/AzTSSetup.ps1 +++ b/TemplateFiles/DeploymentFiles/AzTSSetup.ps1 @@ -1,4 +1,4 @@ -# Load all other scripts that are required by this script. +# Load all other scripts that are required by this script. . "$PSScriptRoot\OnDemandScan.ps1" # Standard configuration @@ -1051,8 +1051,17 @@ function Set-AzTSMonitoringAlert $SendAlertNotificationToEmailIds | ForEach-Object { $EmailReceivers += New-AzActionGroupEmailReceiverObject -Name "Notify_$($_)" -EmailAddress $_ } - - $alertActionGroup = Update-AzActionGroup -Name ‘AzTSAlertActionGroup’ -ResourceGroupName $keyVaultRGName -ShortName ‘AzTSAlert’ -EmailReceiver $EmailReceivers -WarningAction SilentlyContinue + $alertActionGroup = Get-AzActionGroup -Name ‘AzTSAlertActionGroup’ -ResourceGroupName $ScanHostRGName -ErrorAction SilentlyContinue + if ($null -ne $alertActionGroup) + { + Write-Verbose "Updating existing AzTSAlertActiongroup..." + $alertActionGroup = Update-AzActionGroup -Name ‘AzTSAlertActionGroup’ -ResourceGroupName $ScanHostRGName -GroupShortName ‘AzTSAlert’ -EmailReceiver $EmailReceivers -WarningAction SilentlyContinue + } + else + { + Write-Verbose "Creating new AzTSAlertActiongroup..." + $alertActionGroup = New-AzActionGroup -Name ‘AzTSAlertActionGroup’ -ResourceGroupName $ScanHostRGName -GroupShortName ‘AzTSAlert’ -Location "Global" -EmailReceiver $EmailReceivers -WarningAction SilentlyContinue + } if($DeploymentResult.Outputs.ContainsKey('logAnalyticsResourceId') -and $DeploymentResult.Outputs.ContainsKey('applicationInsightsId')) { @@ -2101,7 +2110,19 @@ function Grant-AzSKAccessOnKeyVaultToUserAssignedIdentity } $keyVaultRGName = $ResourceId.Split("/")[4] # ResourceId is in format - /subscriptions/SubIdGuid/resourceGroups/RGName/providers/Microsoft.KeyVault/vaults/KeyVaultName - $alertActionGroupForKV = New-AzActionGroup -Name ‘AzTSAlertActionGroupForKV’ -ResourceGroupName $keyVaultRGName -ShortName ‘AzTSKVAlert’ -EmailReceiver $EmailReceivers -WarningAction SilentlyContinue + + $alertActionGroupForKV = Get-AzActionGroup -Name ‘AzTSAlertActionGroupForKV’ -ResourceGroupName $keyVaultRGName -ErrorAction SilentlyContinue + if ($null -ne $alertActionGroupForKV) + { + Write-Verbose "Updating existing AzTSAlertActionGroupForKV..." + $alertActionGroupForKV = Update-AzActionGroup -Name ‘AzTSAlertActionGroupForKV’ -ResourceGroupName $keyVaultRGName -GroupShortName ‘AzTSKVAlert’ -EmailReceiver $EmailReceivers -WarningAction SilentlyContinue + } + else + { + Write-Verbose "Creating new AzTSAlertActionGroupForKV..." + $alertActionGroupForKV = New-AzActionGroup -Name ‘AzTSAlertActionGroupForKV’ -ResourceGroupName $keyVaultRGName -GroupShortName ‘AzTSKVAlert’ -Location "Global" -EmailReceiver $EmailReceivers -WarningAction SilentlyContinue + } + $deploymentName = "AzTSenvironmentmonitoringsetupforkv-$([datetime]::Now.ToString("yyyymmddThhmmss"))" $alertQuery = [string]::Format([Constants]::UnintendedSecretAccessAlertQuery, $ResourceId, $ScanIdentitySecretUri, $UserAssignedIdentityObjectId) From a07e3bb2497918016a74ecd8b31d1b0986fe301c Mon Sep 17 00:00:00 2001 From: Andrew Kanieski Date: Tue, 20 Aug 2024 16:45:27 -0400 Subject: [PATCH 5/5] Update MMARemovalUtilitySetup.ps1 --- .../DeploymentFiles/MMARemovalUtilitySetup.ps1 | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/MMA Removal Utility/DeploymentFiles/MMARemovalUtilitySetup.ps1 b/MMA Removal Utility/DeploymentFiles/MMARemovalUtilitySetup.ps1 index 800e8a65..746b54ef 100644 --- a/MMA Removal Utility/DeploymentFiles/MMARemovalUtilitySetup.ps1 +++ b/MMA Removal Utility/DeploymentFiles/MMARemovalUtilitySetup.ps1 @@ -1739,8 +1739,18 @@ function Grant-AzTSMMARemediationIdentityAccessOnKeyVault $keyVaultRGName = $ResourceId.Split("/")[4] # ResourceId is in format - /subscriptions/SubIdGuid/resourceGroups/RGName/providers/Microsoft.KeyVault/vaults/KeyVaultName - $alertActionGroupForKV = Update-AzActionGroup -Name 'MMARemovalUtilityActionGroupForKV' -ResourceGroupName $keyVault.ResourceGroupName -Name 'MMAKVAlert' -EmailReceiver $EmailReceivers -WarningAction SilentlyContinue - + $alertActionGroupForKV = Get-AzActionGroup -Name ‘MMARemovalUtilityActionGroupForKV’ -ResourceGroupName $keyVaultRGName -ErrorAction SilentlyContinue + if ($null -ne $alertActionGroupForKV) + { + Write-Verbose "Updating existing AzTSAlertActionGroupForKV..." + $alertActionGroupForKV = Update-AzActionGroup -Name ‘MMARemovalUtilityActionGroupForKV’ -ResourceGroupName $keyVaultRGName -GroupShortName ‘MMAKVAlert’ -EmailReceiver $EmailReceivers -WarningAction SilentlyContinue + } + else + { + Write-Verbose "Creating new AzTSAlertActionGroupForKV..." + $alertActionGroupForKV = New-AzActionGroup -Name ‘MMARemovalUtilityActionGroupForKV’ -ResourceGroupName $keyVaultRGName -GroupShortName ‘MMAKVAlert’ -Location "Global" -EmailReceiver $EmailReceivers -WarningAction SilentlyContinue + } + $deploymentName = "MMARemovalenvironmentmonitoringsetupforkv-$([datetime]::Now.ToString("yyyymmddThhmmss"))" $alertQuery = [string]::Format([Constants]::UnintendedSecretAccessAlertQuery, $ResourceId, $IdentitySecretUri, $UserAssignedIdentityObjectId)