fix: address PR review - remove unneeded SecurityEvent DCR/solution

Revert the Microsoft.OperationsManagement/solutions 'Security' resource and the Microsoft-SecurityEvent data source/dataflow added in the previous commit. The SecurityEvent table is not provisioned by OMSGallery/Security in modern subscriptions and this workload has no Windows VMs to source the events, which was causing 'InvalidOutputTable' deployment failures. Retain only the storage account double-encryption change.

Author: Prachig-Microsoft

infra/main.bicep

@@ -514,27 +514,12 @@ module maintenanceConfiguration 'br/public:avm/res/maintenance/maintenance-confi
   }
 }
 
-resource securitySolution 'Microsoft.OperationsManagement/solutions@2015-11-01-preview' = if (enablePrivateNetworking && enableMonitoring) {
-  name: 'Security(log-${solutionSuffix})'
-  location: location
-  plan: {
-    name: 'Security(log-${solutionSuffix})'
-    publisher: 'Microsoft'
-    product: 'OMSGallery/Security'
-    promotionCode: ''
-  }
-  properties: {
-    workspaceResourceId: logAnalyticsWorkspaceResourceId
-  }
-}
-
 var dataCollectionRulesResourceName = 'dcr-${solutionSuffix}'
 var dataCollectionRulesLocation = useExistingLogAnalytics
   ? existingLogAnalyticsWorkspace!.location
   : logAnalyticsWorkspace!.outputs.location
 module windowsVmDataCollectionRules 'br/public:avm/res/insights/data-collection-rule:0.11.0' = if (enablePrivateNetworking && enableMonitoring) {
   name: take('avm.res.insights.data-collection-rule.${dataCollectionRulesResourceName}', 64)
-  dependsOn: [securitySolution]
   params: {
     name: dataCollectionRulesResourceName
     tags: tags
@@ -601,17 +586,6 @@ module windowsVmDataCollectionRules 'br/public:avm/res/insights/data-collection-
             name: 'perfCounterDataSource60'
           }
         ]
-        windowsEventLogs: [
-          {
-            name: 'SecurityAuditEvents'
-            streams: [
-              'Microsoft-SecurityEvent'
-            ]
-            xPathQueries: [
-              'Security!*[System[(EventID=4624 or EventID=4625)]]'
-            ]
-          }
-        ]
       }
       destinations: {
         logAnalytics: [
@@ -630,14 +604,6 @@ module windowsVmDataCollectionRules 'br/public:avm/res/insights/data-collection-
             'la-${dataCollectionRulesResourceName}'
           ]
         }
-        {
-          streams: [
-            'Microsoft-SecurityEvent'
-          ]
-          destinations: [
-            'la-${dataCollectionRulesResourceName}'
-          ]
-        }
       ]
     }
   }

infra/main.json

@@ -6,7 +6,7 @@
     "_generator": {
       "name": "bicep",
       "version": "0.42.1.51946",
-      "templateHash": "16804124823752948659"
+      "templateHash": "17498808897015217801"
     },
     "name": "Modernize Your Code Solution Accelerator",
     "description": "CSA CTO Gold Standard Solution Accelerator for Modernize Your Code. \r\n"
@@ -308,25 +308,6 @@
       "resourceGroup": "[variables('existingLawResourceGroup')]",
       "name": "[variables('existingLawName')]"
     },
-    "securitySolution": {
-      "condition": "[and(parameters('enablePrivateNetworking'), parameters('enableMonitoring'))]",
-      "type": "Microsoft.OperationsManagement/solutions",
-      "apiVersion": "2015-11-01-preview",
-      "name": "[format('Security(log-{0})', variables('solutionSuffix'))]",
-      "location": "[parameters('location')]",
-      "plan": {
-        "name": "[format('Security(log-{0})', variables('solutionSuffix'))]",
-        "publisher": "Microsoft",
-        "product": "OMSGallery/Security",
-        "promotionCode": ""
-      },
-      "properties": {
-        "workspaceResourceId": "[if(variables('useExistingLogAnalytics'), parameters('existingLogAnalyticsWorkspaceId'), reference('logAnalyticsWorkspace').outputs.resourceId.value)]"
-      },
-      "dependsOn": [
-        "logAnalyticsWorkspace"
-      ]
-    },
     "appIdentity": {
       "type": "Microsoft.Resources/deployments",
       "apiVersion": "2025-04-01",
@@ -13120,11 +13101,11 @@
       },
       "dependsOn": [
         "applicationInsights",
-        "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').agentSvc)]",
         "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').monitor)]",
         "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').oms)]",
         "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').storageBlob)]",
         "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').ods)]",
+        "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').agentSvc)]",
         "dataCollectionEndpoint",
         "logAnalyticsWorkspace",
         "virtualNetwork"
@@ -15370,17 +15351,6 @@
                     ],
                     "name": "perfCounterDataSource60"
                   }
-                ],
-                "windowsEventLogs": [
-                  {
-                    "name": "SecurityAuditEvents",
-                    "streams": [
-                      "Microsoft-SecurityEvent"
-                    ],
-                    "xPathQueries": [
-                      "Security!*[System[(EventID=4624 or EventID=4625)]]"
-                    ]
-                  }
                 ]
               },
               "destinations": {
@@ -15399,14 +15369,6 @@
                   "destinations": [
                     "[format('la-{0}', variables('dataCollectionRulesResourceName'))]"
                   ]
-                },
-                {
-                  "streams": [
-                    "Microsoft-SecurityEvent"
-                  ],
-                  "destinations": [
-                    "[format('la-{0}', variables('dataCollectionRulesResourceName'))]"
-                  ]
                 }
               ]
             }
@@ -16616,8 +16578,7 @@
       "dependsOn": [
         "dataCollectionEndpoint",
         "existingLogAnalyticsWorkspace",
-        "logAnalyticsWorkspace",
-        "securitySolution"
+        "logAnalyticsWorkspace"
       ]
     },
     "proximityPlacementGroup": {
@@ -32056,8 +32017,8 @@
       },
       "dependsOn": [
         "aiServices",
-        "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').openAI)]",
         "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').aiServices)]",
+        "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').openAI)]",
         "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').cognitiveServices)]",
         "virtualNetwork"
       ]

infra/main_custom.bicep

@@ -422,27 +422,12 @@ module maintenanceConfiguration 'br/public:avm/res/maintenance/maintenance-confi
   }
 }
 
-resource securitySolution 'Microsoft.OperationsManagement/solutions@2015-11-01-preview' = if (enablePrivateNetworking && enableMonitoring) {
-  name: 'Security(log-${solutionSuffix})'
-  location: location
-  plan: {
-    name: 'Security(log-${solutionSuffix})'
-    publisher: 'Microsoft'
-    product: 'OMSGallery/Security'
-    promotionCode: ''
-  }
-  properties: {
-    workspaceResourceId: logAnalyticsWorkspaceResourceId
-  }
-}
-
 var dataCollectionRulesResourceName = 'dcr-${solutionSuffix}'
 var dataCollectionRulesLocation = useExistingLogAnalytics
   ? existingLogAnalyticsWorkspace!.location
   : logAnalyticsWorkspace!.outputs.location
 module windowsVmDataCollectionRules 'br/public:avm/res/insights/data-collection-rule:0.11.0' = if (enablePrivateNetworking && enableMonitoring) {
   name: take('avm.res.insights.data-collection-rule.${dataCollectionRulesResourceName}', 64)
-  dependsOn: [securitySolution]
   params: {
     name: dataCollectionRulesResourceName
     tags: tags
@@ -512,7 +497,7 @@ module windowsVmDataCollectionRules 'br/public:avm/res/insights/data-collection-
           {
             name: 'SecurityAuditEvents'
             streams: [
-              'Microsoft-SecurityEvent'
+              'Microsoft-WindowsEvent'
             ]
             xPathQueries: [
               'Security!*[System[(EventID=4624 or EventID=4625)]]'
@@ -539,14 +524,6 @@ module windowsVmDataCollectionRules 'br/public:avm/res/insights/data-collection-
           transformKql: 'source'
           outputStream: 'Microsoft-Perf'
         }
-        {
-          streams: [
-            'Microsoft-SecurityEvent'
-          ]
-          destinations: [
-            'la-${dataCollectionRulesResourceName}'
-          ]
-        }
       ]
     }
   }