fix: address SFI security compliance issues

VishalS-Microsoft · VishalS-Microsoft · commit 9d7cb94892a7 · 2026-05-19T09:34:33.000+05:30
diff --git a/infra/main.bicep b/infra/main.bicep
@@ -550,19 +550,10 @@ module windowsVmDataCollectionRules 'br/public:avm/res/insights/data-collection-
           {
             name: 'SecurityAuditEvents'
             streams: [
-              'Microsoft-WindowsEvent'
-            ]
-            eventLogName: 'Security'
-            eventTypes: [
-              {
-                eventType: 'Audit Success'
-              }
-              {
-                eventType: 'Audit Failure'
-              }
+              'Microsoft-Event'
             ]
             xPathQueries: [
-              'Security!*[System[(EventID=4624 or EventID=4625)]]'
+              'Security!*[System[(band(Keywords,13510798882111488)) and (EventID != 4624)]]'
             ]
           }
         ]
@@ -586,6 +577,16 @@ module windowsVmDataCollectionRules 'br/public:avm/res/insights/data-collection-
           transformKql: 'source'
           outputStream: 'Microsoft-Perf'
         }
+        {
+          streams: [
+            'Microsoft-Event'
+          ]
+          destinations: [
+            'la--1264800308'
+          ]
+          transformKql: 'source'
+          outputStream: 'Microsoft-Event'
+        }
       ]
     }
   }
@@ -1596,6 +1597,7 @@ module avmStorageAccount 'br/public:avm/res/storage/storage-account:0.32.0' = {
     tags: tags
     accessTier: 'Hot'
     supportsHttpsTrafficOnly: true
+    requireInfrastructureEncryption: true
 
     roleAssignments: [
       {
diff --git a/infra/main.json b/infra/main.json
@@ -5,8 +5,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.42.1.51946",
-      "templateHash": "8490920419623942773"
+      "version": "0.43.1.21952",
+      "templateHash": "13738770643510560400"
     },
     "name": "Multi-Agent Custom Automation Engine",
     "description": "This module contains the resources required to deploy the [Multi-Agent Custom Automation Engine solution accelerator](https://github.com/microsoft/Multi-Agent-Custom-Automation-Engine-Solution-Accelerator) for both Sandbox environments and WAF aligned environments.\r\n\r\n> **Note:** This module is not intended for broad, generic use, as it was designed by the Commercial Solution Areas CTO team, as a Microsoft Solution Accelerator. Feature requests and bug fix requests are welcome if they support the needs of this organization but may not be incorporated if they aim to make this module more generic than what it needs to be for its primary use case. This module will likely be updated to leverage AVM resource modules in the future. This may result in breaking changes in upcoming versions when these features are implemented.\r\n"
@@ -4991,8 +4991,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.42.1.51946",
-              "templateHash": "4286500745908716598"
+              "version": "0.43.1.21952",
+              "templateHash": "10730664853596253902"
             }
           },
           "definitions": {
@@ -10065,19 +10065,10 @@
                   {
                     "name": "SecurityAuditEvents",
                     "streams": [
-                      "Microsoft-WindowsEvent"
-                    ],
-                    "eventLogName": "Security",
-                    "eventTypes": [
-                      {
-                        "eventType": "Audit Success"
-                      },
-                      {
-                        "eventType": "Audit Failure"
-                      }
+                      "Microsoft-Event"
                     ],
                     "xPathQueries": [
-                      "Security!*[System[(EventID=4624 or EventID=4625)]]"
+                      "Security!*[System[(band(Keywords,13510798882111488)) and (EventID != 4624)]]"
                     ]
                   }
                 ]
@@ -10100,6 +10091,16 @@
                   ],
                   "transformKql": "source",
                   "outputStream": "Microsoft-Perf"
+                },
+                {
+                  "streams": [
+                    "Microsoft-Event"
+                  ],
+                  "destinations": [
+                    "la--1264800308"
+                  ],
+                  "transformKql": "source",
+                  "outputStream": "Microsoft-Event"
                 }
               ]
             }
@@ -24308,8 +24309,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.42.1.51946",
-              "templateHash": "6570260143045999127"
+              "version": "0.43.1.21952",
+              "templateHash": "11439700826637328776"
             }
           },
           "definitions": {
@@ -27973,8 +27974,8 @@
       },
       "dependsOn": [
         "aiFoundryAiServices",
-        "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').openAI)]",
         "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').cognitiveServices)]",
+        "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').openAI)]",
         "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').aiServices)]",
         "virtualNetwork"
       ]
@@ -28012,8 +28013,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.42.1.51946",
-              "templateHash": "14513113443903512301"
+              "version": "0.43.1.21952",
+              "templateHash": "14162462247640231136"
             }
           },
           "parameters": {
@@ -42561,8 +42562,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.42.1.51946",
-              "templateHash": "15053339789155096730"
+              "version": "0.43.1.21952",
+              "templateHash": "15245457964306936933"
             }
           },
           "definitions": {
@@ -43593,8 +43594,8 @@
                   "metadata": {
                     "_generator": {
                       "name": "bicep",
-                      "version": "0.42.1.51946",
-                      "templateHash": "16493651611122310009"
+                      "version": "0.43.1.21952",
+                      "templateHash": "7202268095676731580"
                     },
                     "name": "Site App Settings",
                     "description": "This module deploys a Site App Setting."
@@ -44510,6 +44511,9 @@
           "supportsHttpsTrafficOnly": {
             "value": true
           },
+          "requireInfrastructureEncryption": {
+            "value": true
+          },
           "roleAssignments": {
             "value": [
               {
@@ -54840,8 +54844,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.42.1.51946",
-              "templateHash": "4859654437121510695"
+              "version": "0.43.1.21952",
+              "templateHash": "11204886349087283921"
             }
           },
           "parameters": {
diff --git a/infra/main_custom.bicep b/infra/main_custom.bicep
@@ -549,19 +549,10 @@ module windowsVmDataCollectionRules 'br/public:avm/res/insights/data-collection-
           {
             name: 'SecurityAuditEvents'
             streams: [
-              'Microsoft-WindowsEvent'
-            ]
-            eventLogName: 'Security'
-            eventTypes: [
-              {
-                eventType: 'Audit Success'
-              }
-              {
-                eventType: 'Audit Failure'
-              }
+              'Microsoft-Event'
             ]
             xPathQueries: [
-              'Security!*[System[(EventID=4624 or EventID=4625)]]'
+              'Security!*[System[(band(Keywords,13510798882111488)) and (EventID != 4624)]]'
             ]
           }
         ]
@@ -585,6 +576,16 @@ module windowsVmDataCollectionRules 'br/public:avm/res/insights/data-collection-
           transformKql: 'source'
           outputStream: 'Microsoft-Perf'
         }
+        {
+          streams: [
+            'Microsoft-Event'
+          ]
+          destinations: [
+            'la--1264800308'
+          ]
+          transformKql: 'source'
+          outputStream: 'Microsoft-Event'
+        }
       ]
     }
   }
@@ -1648,6 +1649,7 @@ module avmStorageAccount 'br/public:avm/res/storage/storage-account:0.32.0' = {
     tags: tags
     accessTier: 'Hot'
     supportsHttpsTrafficOnly: true
+    requireInfrastructureEncryption: true
 
     roleAssignments: [
       {

Original file line number	Diff line number	Diff line change
`@@ -550,19 +550,10 @@ module windowsVmDataCollectionRules 'br/public:avm/res/insights/data-collection-`
`550`	`550`	`{`
`551`	`551`	`name: 'SecurityAuditEvents'`
`552`	`552`	`streams: [`
`553`		`- 'Microsoft-WindowsEvent'`
`554`		`- ]`
`555`		`- eventLogName: 'Security'`
`556`		`- eventTypes: [`
`557`		`- {`
`558`		`- eventType: 'Audit Success'`
`559`		`- }`
`560`		`- {`
`561`		`- eventType: 'Audit Failure'`
`562`		`- }`
	`553`	`+ 'Microsoft-Event'`
`563`	`554`	`]`
`564`	`555`	`xPathQueries: [`
`565`		`- 'Security!*[System[(EventID=4624 or EventID=4625)]]'`
	`556`	`+ 'Security!*[System[(band(Keywords,13510798882111488)) and (EventID != 4624)]]'`
`566`	`557`	`]`
`567`	`558`	`}`
`568`	`559`	`]`
`@@ -586,6 +577,16 @@ module windowsVmDataCollectionRules 'br/public:avm/res/insights/data-collection-`
`586`	`577`	`transformKql: 'source'`
`587`	`578`	`outputStream: 'Microsoft-Perf'`
`588`	`579`	`}`
	`580`	`+ {`
	`581`	`+ streams: [`
	`582`	`+ 'Microsoft-Event'`
	`583`	`+ ]`
	`584`	`+ destinations: [`
	`585`	`+ 'la--1264800308'`
	`586`	`+ ]`
	`587`	`+ transformKql: 'source'`
	`588`	`+ outputStream: 'Microsoft-Event'`
	`589`	`+ }`
`589`	`590`	`]`
`590`	`591`	`}`
`591`	`592`	`}`
`@@ -1596,6 +1597,7 @@ module avmStorageAccount 'br/public:avm/res/storage/storage-account:0.32.0' = {`
`1596`	`1597`	`tags: tags`
`1597`	`1598`	`accessTier: 'Hot'`
`1598`	`1599`	`supportsHttpsTrafficOnly: true`
	`1600`	`+ requireInfrastructureEncryption: true`
`1599`	`1601`
`1600`	`1602`	`roleAssignments: [`
`1601`	`1603`	`{`
Original file line number	Diff line number	Diff line change
`@@ -549,19 +549,10 @@ module windowsVmDataCollectionRules 'br/public:avm/res/insights/data-collection-`
`549`	`549`	`{`
`550`	`550`	`name: 'SecurityAuditEvents'`
`551`	`551`	`streams: [`
`552`		`- 'Microsoft-WindowsEvent'`
`553`		`- ]`
`554`		`- eventLogName: 'Security'`
`555`		`- eventTypes: [`
`556`		`- {`
`557`		`- eventType: 'Audit Success'`
`558`		`- }`
`559`		`- {`
`560`		`- eventType: 'Audit Failure'`
`561`		`- }`
	`552`	`+ 'Microsoft-Event'`
`562`	`553`	`]`
`563`	`554`	`xPathQueries: [`
`564`		`- 'Security!*[System[(EventID=4624 or EventID=4625)]]'`
	`555`	`+ 'Security!*[System[(band(Keywords,13510798882111488)) and (EventID != 4624)]]'`
`565`	`556`	`]`
`566`	`557`	`}`
`567`	`558`	`]`
`@@ -585,6 +576,16 @@ module windowsVmDataCollectionRules 'br/public:avm/res/insights/data-collection-`
`585`	`576`	`transformKql: 'source'`
`586`	`577`	`outputStream: 'Microsoft-Perf'`
`587`	`578`	`}`
	`579`	`+ {`
	`580`	`+ streams: [`
	`581`	`+ 'Microsoft-Event'`
	`582`	`+ ]`
	`583`	`+ destinations: [`
	`584`	`+ 'la--1264800308'`
	`585`	`+ ]`
	`586`	`+ transformKql: 'source'`
	`587`	`+ outputStream: 'Microsoft-Event'`
	`588`	`+ }`
`588`	`589`	`]`
`589`	`590`	`}`
`590`	`591`	`}`
`@@ -1648,6 +1649,7 @@ module avmStorageAccount 'br/public:avm/res/storage/storage-account:0.32.0' = {`
`1648`	`1649`	`tags: tags`
`1649`	`1650`	`accessTier: 'Hot'`
`1650`	`1651`	`supportsHttpsTrafficOnly: true`
	`1652`	`+ requireInfrastructureEncryption: true`
`1651`	`1653`
`1652`	`1654`	`roleAssignments: [`
`1653`	`1655`	`{`