JSON
Copy definition Copy definition 4 EPAC EPAC
{ 7 items displayName: "Deploy Azure Monitor Baseline Alerts (AMBA-ALZ) for Identity" , description: "This initiative deploys Azure Monitor Baseline Alerts (AMBA-ALZ) to monitor identity components." , metadata: { 5 items version: "1.1.2" , category: "Monitoring" , source: "https://github.com/Azure/azure-monitor-baseline-alerts/" , alzCloudEnvironments: [ 1 item ] , _deployed_by_amba: true } , parameters: { 44 items ALZMonitorResourceGroupName: { 3 items type: "String" , defaultValue: "rg-amba-monitoring-001" , metadata: { 2 items displayName: "ALZ Monitor Resource Group Name" , description: "Name of the resource group where the alerting resources will be deployed" } } , ALZMonitorResourceGroupTags: { 3 items type: "Object" , defaultValue: { 1 item _deployed_by_alz_monitor: true } , metadata: { 2 items displayName: "ALZ Monitor Resource Group Tags" , description: "Tags for the resource group where the alerting resources will be deployed" } } , ALZMonitorResourceGroupLocation: { 3 items type: "String" , defaultValue: "centralus" , metadata: { 2 items displayName: "ALZ Monitor Resource Group Location" , description: "Location of the resource group where the alerting resources will be deployed" } } , ALZMonitorDisableTagName: { 3 items type: "String" , metadata: { 2 items displayName: "ALZ Monitoring disabled tag name" , description: "Tag name used to disable monitoring at the resource level. Set to true if monitoring should be disabled." } , defaultValue: "MonitorDisable" } , ALZMonitorDisableTagValues: { 3 items type: "Array" , metadata: { 2 items displayName: "ALZ Monitoring disabled tag values(s)" , description: "Tag value(s) used to disable monitoring at the resource level. Set to true if monitoring should be disabled." } , defaultValue: [ 4 items "true" , "Test" , "Dev" , "Sandbox" ] } , KVRequestAlertSeverity: { 4 items } , KVRequestWindowSize: { 4 items type: "string" , defaultValue: "PT5M" , allowedValues: [ 8 items "PT1M" , "PT5M" , "PT15M" , "PT30M" , "PT1H" , "PT6H" , "PT12H" , "P1D" ] , metadata: { 2 items displayName: "KeyVault Request Alert Window Size" , description: "Window size for the alert" } } , KVRequestEvaluationFrequency: { 4 items type: "string" , defaultValue: "PT5M" , allowedValues: [ 5 items "PT1M" , "PT5M" , "PT15M" , "PT30M" , "PT1H" ] , metadata: { 2 items displayName: "KeyVault Request Alert Evaluation Frequency" , description: "Evaluation frequency for the alert" } } , KVRequestPolicyEffect: { 4 items type: "string" , defaultValue: "disabled" , allowedValues: [ 2 items "deployIfNotExists" , "disabled" ] , metadata: { 2 items displayName: "KeyVault Request Alert Policy Effect" , description: "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert" } } , KVRequestAlertState: { 3 items type: "string" , defaultValue: "true" , metadata: { 2 items displayName: "KeyVault Request Alert State" , description: "State of the alert, true will enable the alert, false will disable the alert" } } , KvAvailabilityAlertSeverity: { 4 items } , KvAvailabilityWindowSize: { 4 items type: "string" , defaultValue: "PT1M" , allowedValues: [ 8 items "PT1M" , "PT5M" , "PT15M" , "PT30M" , "PT1H" , "PT6H" , "PT12H" , "P1D" ] , metadata: { 2 items displayName: "KeyVault Availability Alert Window Size" , description: "Window size for the alert" } } , KvAvailabilityEvaluationFrequency: { 4 items type: "string" , defaultValue: "PT1M" , allowedValues: [ 5 items "PT1M" , "PT5M" , "PT15M" , "PT30M" , "PT1H" ] , metadata: { 2 items displayName: "KeyVault Availability Alert Evaluation Frequency" , description: "Evaluation frequency for the alert" } } , KvAvailabilityPolicyEffect: { 4 items type: "string" , defaultValue: "disabled" , allowedValues: [ 2 items "deployIfNotExists" , "disabled" ] , metadata: { 2 items displayName: "KeyVault Availability Alert Policy Effect" , description: "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert" } } , KvAvailabilityAlertState: { 3 items type: "string" , defaultValue: "true" , metadata: { 2 items displayName: "KeyVault Availability Alert State" , description: "State of the alert, true will enable the alert, false will disable the alert" } } , KVAvailabilityThreshold: { 3 items type: "string" , defaultValue: "20" , metadata: { 2 items displayName: "KeyVault Availability Alert Threshold" , description: "Threshold for the alert" } } , KvLatencyAvailabilityAlertSeverity: { 4 items } , KvLatencyAvailabilityWindowSize: { 4 items type: "string" , defaultValue: "PT5M" , allowedValues: [ 8 items "PT1M" , "PT5M" , "PT15M" , "PT30M" , "PT1H" , "PT6H" , "PT12H" , "P1D" ] , metadata: { 2 items displayName: "KeyVault Latency Alert Window Size" , description: "Window size for the alert" } } , KvLatencyAvailabilityEvaluationFrequency: { 4 items type: "string" , defaultValue: "PT5M" , allowedValues: [ 5 items "PT1M" , "PT5M" , "PT15M" , "PT30M" , "PT1H" ] , metadata: { 2 items displayName: "KeyVault Latency Alert Evaluation Frequency" , description: "Evaluation frequency for the alert" } } , KvLatencyAvailabilityPolicyEffect: { 4 items type: "string" , defaultValue: "disabled" , allowedValues: [ 2 items "deployIfNotExists" , "disabled" ] , metadata: { 2 items displayName: "KeyVault Latency Alert Policy Effect" , description: "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert" } } , KvLatencyAvailabilityAlertState: { 3 items type: "string" , defaultValue: "true" , metadata: { 2 items displayName: "KeyVault Latency Alert State" , description: "State of the alert, true will enable the alert, false will disable the alert" } } , KvLatencyAvailabilityThreshold: { 3 items type: "string" , defaultValue: "1000" , metadata: { 2 items displayName: "KeyVault Latency Alert Threshold" , description: "Threshold for the alert" } } , KVCapacityAlertSeverity: { 4 items } , KVCapacityWindowSize: { 4 items type: "string" , defaultValue: "PT5M" , allowedValues: [ 8 items "PT1M" , "PT5M" , "PT15M" , "PT30M" , "PT1H" , "PT6H" , "PT12H" , "P1D" ] , metadata: { 2 items displayName: "KeyVault Capacity Alert Window Size" , description: "Window size for the alert" } } , KVCapacityEvaluationFrequency: { 4 items type: "string" , defaultValue: "PT1M" , allowedValues: [ 5 items "PT1M" , "PT5M" , "PT15M" , "PT30M" , "PT1H" ] , metadata: { 2 items displayName: "KeyVault Capacity Alert Evaluation Frequency" , description: "Evaluation frequency for the alert" } } , KVCapacityPolicyEffect: { 4 items type: "string" , defaultValue: "disabled" , allowedValues: [ 2 items "deployIfNotExists" , "disabled" ] , metadata: { 2 items displayName: "KeyVault Capacity Alert Policy Effect" , description: "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist, disabled will not deploy the alert" } } , KVCapacityAlertState: { 3 items type: "string" , defaultValue: "true" , metadata: { 2 items displayName: "KeyVault Capacity Alert State" , description: "State of the alert, true will enable the alert, false will disable the alert" } } , KVCapacityThreshold: { 3 items type: "string" , defaultValue: "75" , metadata: { 2 items displayName: "KeyVault Capacity Alert Threshold" , description: "Threshold for the alert" } } , activityKVDeleteAlertState: { 3 items type: "string" , defaultValue: "true" , metadata: { 2 items displayName: "Activity Log KeyVault Delete Alert State" , description: "State of the alert, true will enable the alert, false will disable the alert" } } , activityKVDeletePolicyEffect: { 4 items type: "string" , defaultValue: "deployIfNotExists" , allowedValues: [ 2 items "deployIfNotExists" , "disabled" ] , metadata: { 2 items displayName: "Key Vault Delete Policy Effect" , description: "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" } } , HSMsAvailabilityAlertSeverity: { 4 items type: "String" , defaultValue: "1" , allowedValues: [ 5 items ] , metadata: { 2 items displayName: "Key Vault Managed HSMs Availability Alert Severity" , description: "Severity of the alert for Key Vault Managed HSMs Availability" } } , HSMsAvailabilityWindowSize: { 4 items type: "string" , defaultValue: "PT1M" , allowedValues: [ 8 items "PT1M" , "PT5M" , "PT15M" , "PT30M" , "PT1H" , "PT6H" , "PT12H" , "P1D" ] , metadata: { 2 items displayName: "Key Vault Managed HSMs Availability Window Size" , description: "Window size for the alert" } } , HSMsAvailabilityEvaluationFrequency: { 4 items type: "string" , defaultValue: "PT1M" , allowedValues: [ 5 items "PT1M" , "PT5M" , "PT15M" , "PT30M" , "PT1H" ] , metadata: { 2 items displayName: "Key Vault Managed HSMs Availability Evaluation Frequency" , description: "Evaluation frequency for the alert" } } , HSMsAvailabilityPolicyEffect: { 4 items type: "string" , defaultValue: "disabled" , allowedValues: [ 2 items "deployIfNotExists" , "disabled" ] , metadata: { 2 items displayName: "Key Vault Managed HSMs Availability Policy Effect" , description: "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" } } , HSMsAvailabilityAlertState: { 3 items type: "string" , defaultValue: "true" , metadata: { 2 items displayName: "Key Vault Managed HSMs Availability Alert State" , description: "Alert state for the alert" } } , HSMsAvailabilityThreshold: { 3 items type: "string" , defaultValue: "20" , metadata: { 2 items displayName: "Key Vault Managed HSMs Availability Threshold" , description: "Threshold for the alert" } } , HSMsLatencyAvailabilityAlertSeverity: { 4 items type: "String" , defaultValue: "3" , allowedValues: [ 5 items ] , metadata: { 2 items displayName: "Key Vault Managed HSMs Latency Availability Alert Severity" , description: "Severity of the alert for Key Vault Managed HSMs Latency Availability" } } , HSMsLatencyAvailabilityWindowSize: { 4 items type: "string" , defaultValue: "PT5M" , allowedValues: [ 8 items "PT1M" , "PT5M" , "PT15M" , "PT30M" , "PT1H" , "PT6H" , "PT12H" , "P1D" ] , metadata: { 2 items displayName: "Key Vault Managed HSMs Latency Availability Window Size" , description: "Window size for the alert" } } , HSMsLatencyAvailabilityEvaluationFrequency: { 4 items type: "string" , defaultValue: "PT5M" , allowedValues: [ 5 items "PT1M" , "PT5M" , "PT15M" , "PT30M" , "PT1H" ] , metadata: { 2 items displayName: "Key Vault Managed HSMs Latency Availability Evaluation Frequency" , description: "Evaluation frequency for the alert" } } , HSMsLatencyAvailabilityPolicyEffect: { 4 items type: "string" , defaultValue: "disabled" , allowedValues: [ 2 items "deployIfNotExists" , "disabled" ] , metadata: { 2 items displayName: "Key Vault Managed HSMs Latency Availability Policy Effect" , description: "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" } } , HSMsLatencyAvailabilityAlertState: { 3 items type: "string" , defaultValue: "true" , metadata: { 2 items displayName: "Key Vault Managed HSMs Latency Availability Alert State" , description: "Alert state for the alert" } } , HSMsLatencyAvailabilityThreshold: { 3 items type: "string" , defaultValue: "1000" , metadata: { 2 items displayName: "Key Vault Managed HSMs Latency Availability Threshold" , description: "Threshold for the alert" } } , activityHSMsDeleteAlertState: { 3 items type: "string" , defaultValue: "true" , metadata: { 2 items displayName: "Activity Key Vault Managed HSMs Delete Alert State" , description: "Alert state for the alert" } } , activityHSMsDeletePolicyEffect: { 4 items type: "string" , defaultValue: "deployIfNotExists" , allowedValues: [ 2 items "deployIfNotExists" , "disabled" ] , metadata: { 2 items displayName: "Key Vault Managed HSMs Delete Policy Effect" , description: "Policy effect for the alert, deployIfNotExists will deploy the alert if it does not exist" } } } , policyDefinitions: [ 8 items { 3 items policyDefinitionReferenceId: "ALZ_KVRequest" , policyDefinitionId: "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_KeyVault_Requests_Alert" , parameters: { 7 items } } , { 3 items policyDefinitionReferenceId: "ALZ_KvAvailability" , policyDefinitionId: "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_KeyVault_Availability_Alert" , parameters: { 8 items } } , { 3 items policyDefinitionReferenceId: "ALZ_KvLatencyAvailability" , policyDefinitionId: "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_KeyVault_Latency_Alert" , parameters: { 8 items } } , { 3 items policyDefinitionReferenceId: "ALZ_KVCapacity" , policyDefinitionId: "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_KeyVault_Capacity_Alert" , parameters: { 8 items } } , { 3 items policyDefinitionReferenceId: "ALZ_activityKVDelete" , policyDefinitionId: "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_activitylog_KeyVault_Delete" , parameters: { 7 items } } , { 3 items policyDefinitionReferenceId: "ALZ_ManagedHSMsAvailability" , policyDefinitionId: "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_ManagedHSMs_Availability_Alert" , parameters: { 8 items } } , { 3 items policyDefinitionReferenceId: "ALZ_ManagedHSMsLatencyAvailability" , policyDefinitionId: "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_ManagedHSMs_Latency_Alert" , parameters: { 8 items } } , { 3 items policyDefinitionReferenceId: "ALZ_activityManagedHSMsDelete" , policyDefinitionId: "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy_ActivityLog_ManagedHSMs_Delete" , parameters: { 7 items } } ] , policyType: "Custom" , policyDefinitionGroups: null }