Skip to content
Merged
28 changes: 17 additions & 11 deletions infra/main.bicep
Original file line number Diff line number Diff line change
Expand Up @@ -550,19 +550,10 @@ module windowsVmDataCollectionRules 'br/public:avm/res/insights/data-collection-
{
name: 'SecurityAuditEvents'
streams: [
'Microsoft-WindowsEvent'
]
eventLogName: 'Security'
eventTypes: [
{
eventType: 'Audit Success'
}
{
eventType: 'Audit Failure'
}
'Microsoft-Event'
]
xPathQueries: [
'Security!*[System[(EventID=4624 or EventID=4625)]]'
'Security!*[System[(band(Keywords,13510798882111488)) and (EventID != 4624)]]'
]
Comment thread
VishalS-Microsoft marked this conversation as resolved.
}
]
Expand All @@ -586,6 +577,16 @@ module windowsVmDataCollectionRules 'br/public:avm/res/insights/data-collection-
transformKql: 'source'
outputStream: 'Microsoft-Perf'
}
{
streams: [
'Microsoft-Event'
]
destinations: [
'la--1264800308'
]
transformKql: 'source'
outputStream: 'Microsoft-Event'
}
]
}
}
Expand Down Expand Up @@ -1213,6 +1214,8 @@ module containerApp 'br/public:avm/res/app/container-app:0.22.0' = {
ingressTargetPort: 8000
ingressExternal: true
activeRevisionsMode: 'Single'
// SFI: Enforce HTTPS-only ingress. When false, HTTP requests are automatically redirected to HTTPS.
ingressAllowInsecure: false
corsPolicy: {
allowedOrigins: [
'https://${webSiteResourceName}.azurewebsites.net'
Expand Down Expand Up @@ -1421,6 +1424,8 @@ module containerAppMcp 'br/public:avm/res/app/container-app:0.22.0' = {
ingressTargetPort: 9000
ingressExternal: true
activeRevisionsMode: 'Single'
// SFI: Enforce HTTPS-only ingress. When false, HTTP requests are automatically redirected to HTTPS.
ingressAllowInsecure: false
corsPolicy: {
allowedOrigins: [
'https://${webSiteResourceName}.azurewebsites.net'
Expand Down Expand Up @@ -1596,6 +1601,7 @@ module avmStorageAccount 'br/public:avm/res/storage/storage-account:0.32.0' = {
tags: tags
accessTier: 'Hot'
supportsHttpsTrafficOnly: true
requireInfrastructureEncryption: true

roleAssignments: [
{
Expand Down
64 changes: 37 additions & 27 deletions infra/main.json
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,11 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.43.8.12551",
"templateHash": "12475542446442392463"
"version": "0.43.1.21952",
"templateHash": "11424525558363523540"
Comment thread
VishalS-Microsoft marked this conversation as resolved.
Outdated
},
"name": "Multi-Agent Custom Automation Engine",
"description": "This module contains the resources required to deploy the [Multi-Agent Custom Automation Engine solution accelerator](https://github.com/microsoft/Multi-Agent-Custom-Automation-Engine-Solution-Accelerator) for both Sandbox environments and WAF aligned environments.\n\n> **Note:** This module is not intended for broad, generic use, as it was designed by the Commercial Solution Areas CTO team, as a Microsoft Solution Accelerator. Feature requests and bug fix requests are welcome if they support the needs of this organization but may not be incorporated if they aim to make this module more generic than what it needs to be for its primary use case. This module will likely be updated to leverage AVM resource modules in the future. This may result in breaking changes in upcoming versions when these features are implemented.\n"
"description": "This module contains the resources required to deploy the [Multi-Agent Custom Automation Engine solution accelerator](https://github.com/microsoft/Multi-Agent-Custom-Automation-Engine-Solution-Accelerator) for both Sandbox environments and WAF aligned environments.\r\n\r\n> **Note:** This module is not intended for broad, generic use, as it was designed by the Commercial Solution Areas CTO team, as a Microsoft Solution Accelerator. Feature requests and bug fix requests are welcome if they support the needs of this organization but may not be incorporated if they aim to make this module more generic than what it needs to be for its primary use case. This module will likely be updated to leverage AVM resource modules in the future. This may result in breaking changes in upcoming versions when these features are implemented.\r\n"
Comment thread
VishalS-Microsoft marked this conversation as resolved.
Outdated
},
"parameters": {
"solutionName": {
Expand Down Expand Up @@ -4991,8 +4991,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.43.8.12551",
"templateHash": "9540091515555271756"
"version": "0.43.1.21952",
"templateHash": "10730664853596253902"
}
},
"definitions": {
Expand Down Expand Up @@ -10065,19 +10065,10 @@
{
"name": "SecurityAuditEvents",
"streams": [
"Microsoft-WindowsEvent"
],
"eventLogName": "Security",
"eventTypes": [
{
"eventType": "Audit Success"
},
{
"eventType": "Audit Failure"
}
"Microsoft-Event"
],
"xPathQueries": [
"Security!*[System[(EventID=4624 or EventID=4625)]]"
"Security!*[System[(band(Keywords,13510798882111488)) and (EventID != 4624)]]"
]
}
]
Expand All @@ -10100,6 +10091,16 @@
],
"transformKql": "source",
"outputStream": "Microsoft-Perf"
},
{
"streams": [
"Microsoft-Event"
],
"destinations": [
"la--1264800308"
],
"transformKql": "source",
"outputStream": "Microsoft-Event"
}
]
}
Expand Down Expand Up @@ -24308,8 +24309,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.43.8.12551",
"templateHash": "7866379492866507946"
"version": "0.43.1.21952",
"templateHash": "11439700826637328776"
}
},
"definitions": {
Expand Down Expand Up @@ -27974,8 +27975,8 @@
"dependsOn": [
"aiFoundryAiServices",
"[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').openAI)]",
"[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').cognitiveServices)]",
"[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').aiServices)]",
"[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').cognitiveServices)]",
"virtualNetwork"
]
Comment thread
VishalS-Microsoft marked this conversation as resolved.
},
Expand Down Expand Up @@ -28012,8 +28013,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.43.8.12551",
"templateHash": "2868048678223903575"
"version": "0.43.1.21952",
"templateHash": "14162462247640231136"
}
},
"parameters": {
Expand Down Expand Up @@ -38445,6 +38446,9 @@
"activeRevisionsMode": {
"value": "Single"
},
"ingressAllowInsecure": {
"value": false
},
"corsPolicy": {
"value": {
"allowedOrigins": [
Expand Down Expand Up @@ -40187,6 +40191,9 @@
"activeRevisionsMode": {
"value": "Single"
},
"ingressAllowInsecure": {
"value": false
},
"corsPolicy": {
"value": {
"allowedOrigins": [
Expand Down Expand Up @@ -42561,8 +42568,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.43.8.12551",
"templateHash": "18345308984648474640"
"version": "0.43.1.21952",
"templateHash": "15245457964306936933"
}
},
"definitions": {
Expand Down Expand Up @@ -43593,8 +43600,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.43.8.12551",
"templateHash": "1009721598684973971"
"version": "0.43.1.21952",
"templateHash": "7202268095676731580"
},
"name": "Site App Settings",
"description": "This module deploys a Site App Setting."
Expand Down Expand Up @@ -44510,6 +44517,9 @@
"supportsHttpsTrafficOnly": {
"value": true
},
"requireInfrastructureEncryption": {
"value": true
},
"roleAssignments": {
"value": [
{
Expand Down Expand Up @@ -54840,8 +54850,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.43.8.12551",
"templateHash": "9739523049889844356"
"version": "0.43.1.21952",
"templateHash": "11204886349087283921"
}
},
"parameters": {
Expand Down
28 changes: 17 additions & 11 deletions infra/main_custom.bicep
Original file line number Diff line number Diff line change
Expand Up @@ -549,19 +549,10 @@ module windowsVmDataCollectionRules 'br/public:avm/res/insights/data-collection-
{
name: 'SecurityAuditEvents'
streams: [
'Microsoft-WindowsEvent'
]
eventLogName: 'Security'
eventTypes: [
{
eventType: 'Audit Success'
}
{
eventType: 'Audit Failure'
}
'Microsoft-Event'
]
xPathQueries: [
'Security!*[System[(EventID=4624 or EventID=4625)]]'
'Security!*[System[(band(Keywords,13510798882111488)) and (EventID != 4624)]]'
]
Comment thread
VishalS-Microsoft marked this conversation as resolved.
}
]
Expand All @@ -585,6 +576,16 @@ module windowsVmDataCollectionRules 'br/public:avm/res/insights/data-collection-
transformKql: 'source'
outputStream: 'Microsoft-Perf'
}
{
streams: [
'Microsoft-Event'
]
destinations: [
'la--1264800308'
]
transformKql: 'source'
outputStream: 'Microsoft-Event'
}
]
}
}
Expand Down Expand Up @@ -1240,6 +1241,8 @@ module containerApp 'br/public:avm/res/app/container-app:0.22.0' = {
ingressTargetPort: 8000
ingressExternal: true
activeRevisionsMode: 'Single'
// SFI: Enforce HTTPS-only ingress. When false, HTTP requests are automatically redirected to HTTPS.
ingressAllowInsecure: false
corsPolicy: {
allowedOrigins: [
'https://${webSiteResourceName}.azurewebsites.net'
Expand Down Expand Up @@ -1463,6 +1466,8 @@ module containerAppMcp 'br/public:avm/res/app/container-app:0.22.0' = {
ingressTargetPort: 9000
ingressExternal: true
activeRevisionsMode: 'Single'
// SFI: Enforce HTTPS-only ingress. When false, HTTP requests are automatically redirected to HTTPS.
ingressAllowInsecure: false
corsPolicy: {
allowedOrigins: [
'https://${webSiteResourceName}.azurewebsites.net'
Expand Down Expand Up @@ -1648,6 +1653,7 @@ module avmStorageAccount 'br/public:avm/res/storage/storage-account:0.32.0' = {
tags: tags
accessTier: 'Hot'
supportsHttpsTrafficOnly: true
requireInfrastructureEncryption: true

roleAssignments: [
{
Expand Down