Minor improvements (#317)

Azure · Aug 17, 2023 · 15a1e35 · 15a1e35
1 parent e38aa00
commit 15a1e35
Show file tree

Hide file tree

Showing 7 changed files with 45 additions and 43 deletions.
diff --git a/Docs/integrating-with-alz.md b/Docs/integrating-with-alz.md
@@ -17,9 +17,6 @@ There are two scenarios for integrating EPAC with ALZ.
 
 ## Scenario 1 - Existing Deployment
 
-!!! warning
-    This feature is currently unsupported while an update to the extraction process is made. ETA is April 2023. This warning will be removed when the feature is available again.
-
 With an existing Azure Landing Zone deployment you can use EPAC's extract scripts to extract the existing policies and assignments.
 
 1. Install the EnterprisePolicyAsCode module from the PowerShell gallery and import it.

diff --git a/Scripts/CloudAdoptionFramework/Sync-ALZPolicies.ps1 b/Scripts/CloudAdoptionFramework/Sync-ALZPolicies.ps1
@@ -8,7 +8,12 @@ Param(
 
 if ($DefinitionsRootFolder -eq "") {
     if ($null -eq $env:PAC_DEFINITIONS_FOLDER) {
-        $DefinitionsRootFolder = "$PSScriptRoot/../../Definitions"
+        if ($ModuleRoot) {
+            $DefinitionsRootFolder = "./Definitions"
+        }
+        else {
+            $DefinitionsRootFolder = "$PSScriptRoot/../../Definitions"
+        }
     }
     else {
         $DefinitionsRootFolder = $env:PAC_DEFINITIONS_FOLDER
@@ -22,7 +27,7 @@ New-Item -Path "$DefinitionsRootFolder\policySetDefinitions\ALZ" -ItemType Direc
 New-Item -Path "$DefinitionsRootFolder\policyAssignments" -ItemType Directory -Force -ErrorAction SilentlyContinue
 New-Item -Path "$DefinitionsRootFolder\policyAssignments\ALZ" -ItemType Directory -Force -ErrorAction SilentlyContinue
 
-. .\Scripts\Helpers\ConvertTo-HashTable.ps1
+. "$PSScriptRoot/../Helpers/ConvertTo-HashTable.ps1"
 
 $defaultPolicyURIs = @(
     'https://raw.githubusercontent.com/Azure/Enterprise-Scale/main/eslzArm/managementGroupTemplates/policyDefinitions/policies.json'
@@ -98,8 +103,8 @@ foreach ($policySetFile in Get-ChildItem "$DefinitionsRootFolder\policySetDefini
 }
 
 if ($ModuleRoot) {
-    Copy-Item -Path $ModuleRoot\policyAssignments\*.* -Destination "$DefinitionsRootFolder\policyAssignments\ALZ\" -Force
+    Copy-Item -Path "$ModuleRoot/policyAssignments/*.*" -Destination "$DefinitionsRootFolder\policyAssignments\ALZ\" -Force
 }
 else {
-    Copy-Item -Path .\Scripts\CloudAdoptionFramework\policyAssignments\*.* -Destination "$DefinitionsRootFolder\policyAssignments\ALZ\" -Force
+    Copy-Item -Path "$PSScriptRoot/policyAssignments/*.*" -Destination "$DefinitionsRootFolder\policyAssignments\ALZ\" -Force
 }
diff --git a/Scripts/CloudAdoptionFramework/policyAssignments/CAF-Connectivity-Default.json b/Scripts/CloudAdoptionFramework/policyAssignments/CAF-Connectivity-Default.json
@@ -16,7 +16,7 @@
             },
             "definitionEntry": {
                 "policyId": "/providers/Microsoft.Authorization/policyDefinitions/94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d",
-                "friendlyNameToDocumentIfGuid": "Enable DDOS"
+                "displayName": "Enable DDOS"
             },
             "parameters": {
                 "effect": "Modify",

diff --git a/Scripts/CloudAdoptionFramework/policyAssignments/CAF-CorpMG-Default.jsonc b/Scripts/CloudAdoptionFramework/policyAssignments/CAF-CorpMG-Default.jsonc
@@ -19,7 +19,7 @@
                     },
                     "definitionEntry": {
                         "policySetName": "Deny-PublicPaaSEndpoints",
-                        "friendlyNameToDocumentIfGuid": "Deny Public PaaS Endpoints"
+                        "displayName": "Deny Public PaaS Endpoints"
                     },
                     "nonComplianceMessages": [
                         {
@@ -36,7 +36,7 @@
                     },
                     "definitionEntry": {
                         "policySetName": "Deploy-Private-DNS-Zones",
-                        "friendlyNameToDocumentIfGuid": "Deploy Private DNS Zones"
+                        "displayName": "Deploy Private DNS Zones"
                     },
                     "parameters": {
                         // Replace --DNSZonePrefix-- with a value similar to 

diff --git a/Scripts/CloudAdoptionFramework/policyAssignments/CAF-IdentityMG-Default.json b/Scripts/CloudAdoptionFramework/policyAssignments/CAF-IdentityMG-Default.json
@@ -19,7 +19,7 @@
                     },
                     "definitionEntry": {
                         "policyId": "/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749",
-                        "friendlyNameToDocumentIfGuid": "Deny Public IP"
+                        "displayName": "Deny Public IP"
                     },
                     "parameters": {
                         "listOfResourceTypesNotAllowed": [
@@ -42,7 +42,7 @@
                     },
                     "definitionEntry": {
                         "policyName": "Deny-MgmtPorts-From-Internet",
-                        "friendlyNameToDocumentIfGuid": "Deny Management Ports"
+                        "displayName": "Deny Management Ports"
                     },
                     "nonComplianceMessages": [
                         {
@@ -59,7 +59,7 @@
                     },
                     "definitionEntry": {
                         "policyName": "Deny-Subnet-Without-Nsg",
-                        "friendlyNameToDocumentIfGuid": "Deny Subnet without NSG"
+                        "displayName": "Deny Subnet without NSG"
                     },
                     "nonComplianceMessages": [
                         {
@@ -81,7 +81,7 @@
                     },
                     "definitionEntry": {
                         "policyId": "/providers/Microsoft.Authorization/policyDefinitions/98d0b9f8-fd90-49c9-88e2-d3baf3b0dd86",
-                        "friendlyNameToDocumentIfGuid": "Deploy VM Backup"
+                        "displayName": "Deploy VM Backup"
                     },
                     "parameters": {
                         "exclusionTagName": "",

diff --git a/Scripts/CloudAdoptionFramework/policyAssignments/CAF-LandingZonesMG.json b/Scripts/CloudAdoptionFramework/policyAssignments/CAF-LandingZonesMG.json
@@ -22,7 +22,7 @@
                     },
                     "definitionEntry": {
                         "policyId": "/providers/Microsoft.Authorization/policyDefinitions/1c6e92c9-99f0-4e55-9cf2-0c234dc48f99",
-                        "friendlyNameToDocumentIfGuid": "AKS Privilege Escalation"
+                        "displayName": "AKS Privilege Escalation"
                     },
                     "parameters": {
                         "effect": "Deny"
@@ -37,7 +37,7 @@
                     },
                     "definitionEntry": {
                         "policyId": "/providers/Microsoft.Authorization/policyDefinitions/95edb821-ddaf-4404-9732-666045e056b4",
-                        "friendlyNameToDocumentIfGuid": "AKS Privilege Containers"
+                        "displayName": "AKS Privilege Containers"
                     }
                 },
                 {
@@ -49,7 +49,7 @@
                     },
                     "definitionEntry": {
                         "policyId": "/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d",
-                        "friendlyNameToDocumentIfGuid": "AKS HTTPS Access"
+                        "displayName": "AKS HTTPS Access"
                     }
                 },
                 {
@@ -61,7 +61,7 @@
                     },
                     "definitionEntry": {
                         "policyId": "/providers/Microsoft.Authorization/policyDefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7",
-                        "friendlyNameToDocumentIfGuid": "Deploy AKS Policy"
+                        "displayName": "Deploy AKS Policy"
                     }
                 }
             ]
@@ -78,7 +78,7 @@
                     },
                     "definitionEntry": {
                         "policyId": "/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900",
-                        "friendlyNameToDocumentIfGuid": "Deny IP Forwarding"
+                        "displayName": "Deny IP Forwarding"
                     },
                     "nonComplianceMessages": [
                         {
@@ -95,7 +95,7 @@
                     },
                     "definitionEntry": {
                         "policyName": "Deny-Subnet-Without-Nsg",
-                        "friendlyNameToDocumentIfGuid": "Deny Subnet without NSG"
+                        "displayName": "Deny Subnet without NSG"
                     },
                     "nonComplianceMessages": [
                         {
@@ -112,7 +112,7 @@
                     },
                     "definitionEntry": {
                         "policyId": "/providers/Microsoft.Authorization/policyDefinitions/94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d",
-                        "friendlyNameToDocumentIfGuid": "Audit DDOS Landing Zones"
+                        "displayName": "Audit DDOS Landing Zones"
                     },
                     "parameters": {
                         "effect": "Modify",
@@ -133,7 +133,7 @@
                     },
                     "definitionEntry": {
                         "policyId": "/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66",
-                        "friendlyNameToDocumentIfGuid": "Application Gateway with WAF"
+                        "displayName": "Application Gateway with WAF"
                     },
                     "nonComplianceMessages": [
                         {
@@ -155,7 +155,7 @@
                     },
                     "definitionEntry": {
                         "policyId": "/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9",
-                        "friendlyNameToDocumentIfGuid": "Deny Storage HTTP"
+                        "displayName": "Deny Storage HTTP"
                     },
                     "parameters": {
                         "effect": "Deny"
@@ -180,7 +180,7 @@
                     },
                     "definitionEntry": {
                         "policyId": "/providers/Microsoft.Authorization/policyDefinitions/25da7dfb-0666-4a15-a8f5-402127efd8bb",
-                        "friendlyNameToDocumentIfGuid": "Deploy SQL DB Auditing"
+                        "displayName": "Deploy SQL DB Auditing"
                     },
                     "nonComplianceMessages": [
                         {
@@ -202,7 +202,7 @@
                     },
                     "definitionEntry": {
                         "policyId": "/providers/Microsoft.Authorization/policyDefinitions/98d0b9f8-fd90-49c9-88e2-d3baf3b0dd86",
-                        "friendlyNameToDocumentIfGuid": "Deploy VM Backup"
+                        "displayName": "Deploy VM Backup"
                     },
                     "parameters": {
                         "exclusionTagName": "",
@@ -228,7 +228,7 @@
                     },
                     "definitionEntry": {
                         "policySetName": "Enforce-Guardrails-KeyVault",
-                        "friendlyNameToDocumentIfGuid": "Key Vault Guardrails"
+                        "displayName": "Key Vault Guardrails"
                     },
                     "nonComplianceMessages": [
                         {
@@ -250,7 +250,7 @@
                     },
                     "definitionEntry": {
                         "policySetName": "Enforce-EncryptTransit",
-                        "friendlyNameToDocumentIfGuid": "Enforce Encrypt Transit"
+                        "displayName": "Enforce Encrypt Transit"
                     },
                     "nonComplianceMessages": [
                         {
@@ -267,7 +267,7 @@
                     },
                     "definitionEntry": {
                         "policyId": "/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5",
-                        "friendlyNameToDocumentIfGuid": "Deploy SQL Threat Detection"
+                        "displayName": "Deploy SQL Threat Detection"
                     },
                     "nonComplianceMessages": [
                         {
@@ -284,7 +284,7 @@
                     },
                     "definitionEntry": {
                         "policyId": "/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f",
-                        "friendlyNameToDocumentIfGuid": "Deploy SQL TDE"
+                        "displayName": "Deploy SQL TDE"
                     },
                     "nonComplianceMessages": [
                         {
@@ -317,7 +317,7 @@
                     },
                     "definitionEntry": {
                         "policyName": "Deny-MgmtPorts-From-Internet",
-                        "friendlyNameToDocumentIfGuid": "Deny Management Ports"
+                        "displayName": "Deny Management Ports"
                     },
                     "nonComplianceMessages": [
                         {

diff --git a/Scripts/CloudAdoptionFramework/policyAssignments/CAF-RootMG-Default.json b/Scripts/CloudAdoptionFramework/policyAssignments/CAF-RootMG-Default.json
@@ -26,7 +26,7 @@
                     },
                     "definitionEntry": {
                         "policySetName": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8",
-                        "friendlyNameToDocumentIfGuid": "Microsoft Cloud Security Benchmark"
+                        "displayName": "Microsoft Cloud Security Benchmark"
                     },
                     "parameters": {},
                     "nonComplianceMessages": [
@@ -44,7 +44,7 @@
                     },
                     "definitionEntry": {
                         "policySetName": "Deploy-MDFC-Config",
-                        "friendlyNameToDocumentIfGuid": "Microsoft Defender For Cloud"
+                        "displayName": "Microsoft Defender For Cloud"
                     },
                     "parameters": {
                         "enableAscForServers": "Disabled",
@@ -77,7 +77,7 @@
                     },
                     "definitionEntry": {
                         "policySetName": "e20d08c5-6d64-656d-6465-ce9e37fd0ebc",
-                        "friendlyNameToDocumentIfGuid": "Microsoft Defender for Endpoint agent"
+                        "displayName": "Microsoft Defender for Endpoint agent"
                     },
                     "parameters": {
                         "microsoftDefenderForEndpointWindowsVmAgentDeployEffect": "DeployIfNotExists",
@@ -100,7 +100,7 @@
                     },
                     "definitionEntry": {
                         "policySetName": "e77fc0b3-f7e9-4c58-bc13-cb753ed8e46e",
-                        "friendlyNameToDocumentIfGuid": "Microsoft Defender for Endpoint open-source relational databases"
+                        "displayName": "Microsoft Defender for Endpoint open-source relational databases"
                     },
                     "nonComplianceMessages": [
                         {
@@ -117,7 +117,7 @@
                     },
                     "definitionEntry": {
                         "policySetName": "9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97",
-                        "friendlyNameToDocumentIfGuid": "Microsoft Defender for SQL Servers and SQL Managed Instances"
+                        "displayName": "Microsoft Defender for SQL Servers and SQL Managed Instances"
                     },
                     "nonComplianceMessages": [
                         {
@@ -134,7 +134,7 @@
                     },
                     "definitionEntry": {
                         "policySetName": "Enforce-ACSB",
-                        "friendlyNameToDocumentIfGuid": "Azure Compute Security Baseline"
+                        "displayName": "Azure Compute Security Baseline"
                     },
                     "nonComplianceMessages": [
                         {
@@ -156,7 +156,7 @@
                     },
                     "definitionEntry": {
                         "policyName": "2465583e-4e78-4c15-b6be-a36cbc7c8b0f",
-                        "friendlyNameToDocumentIfGuid": "Activity Logs"
+                        "displayName": "Activity Logs"
                     },
                     "parameters": {},
                     "nonComplianceMessages": [
@@ -174,7 +174,7 @@
                     },
                     "definitionEntry": {
                         "policySetName": "Deploy-Diagnostics-LogAnalytics",
-                        "friendlyNameToDocumentIfGuid": "Resource Diagnostics"
+                        "displayName": "Resource Diagnostics"
                     },
                     "parameters": {},
                     "nonComplianceMessages": [
@@ -197,7 +197,7 @@
                     },
                     "definitionEntry": {
                         "policySetName": "55f3eceb-5573-4f18-9695-226972c6d74a",
-                        "friendlyNameToDocumentIfGuid": "VM Monitoring"
+                        "displayName": "VM Monitoring"
                     },
                     "nonComplianceMessages": [
                         {
@@ -214,7 +214,7 @@
                     },
                     "definitionEntry": {
                         "policySetName": "75714362-cae7-409e-9b99-a8e5075b7fad",
-                        "friendlyNameToDocumentIfGuid": "VMSS Monitoring"
+                        "displayName": "VMSS Monitoring"
                     },
                     "nonComplianceMessages": [
                         {
@@ -231,7 +231,7 @@
                     },
                     "definitionEntry": {
                         "policyName": "06a78e20-9358-41c9-923c-fb736d382a4d",
-                        "friendlyNameToDocumentIfGuid": "Unmanaged Disks"
+                        "displayName": "Unmanaged Disks"
                     },
                     "nonComplianceMessages": [
                         {
@@ -259,7 +259,7 @@
                     },
                     "definitionEntry": {
                         "policyName": "6c112d4e-5bc7-47ae-a041-ea2d9dccd749",
-                        "friendlyNameToDocumentIfGuid": "Deny Classic Resources"
+                        "displayName": "Deny Classic Resources"
                     },
                     "parameters": {
                         "listOfResourceTypesNotAllowed": [
@@ -337,7 +337,7 @@
                     },
                     "definitionEntry": {
                         "policySetName": "Audit-UnusedResourcesCostOptimization",
-                        "friendlyNameToDocumentIfGuid": "Unused Resources"
+                        "displayName": "Unused Resources"
                     },
                     "nonComplianceMessages": [
                         {