Merge pull request Azure#10171 from TristankMS/patch-1

Adjust data source description
joanabmartins · Mar 19, 2024 · db2f2c7 · db2f2c7
2 parents 7a50afc + bfe72a5
commit db2f2c7
Show file tree

Hide file tree

Showing 6 changed files with 68 additions and 38 deletions.
diff --git a/...t Purview Information Protection/Data/Solution_MicrosoftPurviewInformationProtection.json b/...t Purview Information Protection/Data/Solution_MicrosoftPurviewInformationProtection.json
@@ -2,13 +2,13 @@
   "Name": "Microsoft Purview Information Protection",
   "Author": "Microsoft - support@microsoft.com",
   "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">",
-  "Description": "The [Microsoft Information Protection](https://learn.microsoft.com/microsoft-365/compliance/information-protection) Solution for Microsoft Sentinel integrates Microsoft Purview Information Protection logs for security monitoring in Microsoft Sentinel. Customers can stream auditing events generated from the Microsoft Purview Information Protection unified labeling clients and scanners and emitted to M365 audit log for central reporting in Sentinel.\n\n**Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\n\n a. [Azure Monitor Resource Diagnostics](https://docs.microsoft.com/azure/azure-monitor/essentials/diagnostic-settings?tabs=portal)",
+  "Description": "The [Microsoft Information Protection](https://learn.microsoft.com/microsoft-365/compliance/information-protection) Solution for Microsoft Sentinel integrates Microsoft Purview Information Protection logs for security monitoring in Microsoft Sentinel. Customers can stream auditing events generated from Microsoft Purview Information Protection unified labeling clients and scanners and emitted to M365 audit log for central reporting in Sentinel.",
   "Data Connectors": [
     "Data Connectors/MicrosoftPurviewInformationProtection.json"
   ],
   "Metadata": "SolutionMetadata.json",
   "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Microsoft Purview Information Protection",
-  "Version": "2.0.1",
+  "Version": "3.0.0",
   "TemplateSpec": true,
   "Is1PConnector": true
-}
+}
diff --git a/Solutions/Microsoft Purview Information Protection/Package/3.0.0.zip b/Solutions/Microsoft Purview Information Protection/Package/3.0.0.zip
diff --git a/Solutions/Microsoft Purview Information Protection/Package/createUiDefinition.json b/Solutions/Microsoft Purview Information Protection/Package/createUiDefinition.json
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** _There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing._\n\nThe [Microsoft Information Protection](https://learn.microsoft.com/microsoft-365/compliance/information-protection) Solution for Microsoft Sentinel integrates Microsoft Purview Information Protection logs for security monitoring in Microsoft Sentinel. Customers can stream auditing events generated from the Microsoft Purview Information Protection unified labeling clients and scanners and emitted to M365 audit log for central reporting in Sentinel.\n\n**Underlying Microsoft Technologies used:**\n\nThis solution takes a dependency on the following technologies, and some of these dependencies either may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or might result in additional ingestion or operational costs:\n\n a. [Azure Monitor Resource Diagnostics](https://docs.microsoft.com/azure/azure-monitor/essentials/diagnostic-settings?tabs=portal)\n\n**Data Connectors:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Microsoft%20Purview%20Information%20Protection/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Microsoft Information Protection](https://learn.microsoft.com/microsoft-365/compliance/information-protection) Solution for Microsoft Sentinel integrates Microsoft Purview Information Protection logs for security monitoring in Microsoft Sentinel. Customers can stream auditing events generated from Microsoft Purview Information Protection unified labeling clients and scanners and emitted to M365 audit log for central reporting in Sentinel.\n\n**Data Connectors:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",

diff --git a/Solutions/Microsoft Purview Information Protection/Package/mainTemplate.json b/Solutions/Microsoft Purview Information Protection/Package/mainTemplate.json
@@ -30,49 +30,34 @@
     }
   },
   "variables": {
-    "solutionId": "azuresentinel.azure-sentinel-solution-mip",
-    "_solutionId": "[variables('solutionId')]",
     "email": "support@microsoft.com",
     "_email": "[variables('email')]",
-    "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
+    "_solutionName": "Microsoft Purview Information Protection",
+    "_solutionVersion": "3.0.0",
+    "solutionId": "azuresentinel.azure-sentinel-solution-mip",
+    "_solutionId": "[variables('solutionId')]",
     "uiConfigId1": "MicrosoftPurviewInformationProtection",
     "_uiConfigId1": "[variables('uiConfigId1')]",
     "dataConnectorContentId1": "MicrosoftPurviewInformationProtection",
     "_dataConnectorContentId1": "[variables('dataConnectorContentId1')]",
     "dataConnectorId1": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
     "_dataConnectorId1": "[variables('dataConnectorId1')]",
-    "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1')))]",
-    "dataConnectorVersion1": "1.0.0"
+    "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1'))))]",
+    "dataConnectorVersion1": "1.0.0",
+    "_dataConnectorcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId1'),'-', variables('dataConnectorVersion1'))))]",
+    "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]"
   },
   "resources": [
     {
-      "type": "Microsoft.Resources/templateSpecs",
-      "apiVersion": "2021-05-01",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
+      "apiVersion": "2023-04-01-preview",
       "name": "[variables('dataConnectorTemplateSpecName1')]",
       "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "DataConnector"
-      },
-      "properties": {
-        "description": "Microsoft Purview Information Protection data connector with template",
-        "displayName": "Microsoft Purview Information Protection template"
-      }
-    },
-    {
-      "type": "Microsoft.Resources/templateSpecs/versions",
-      "apiVersion": "2021-05-01",
-      "name": "[concat(variables('dataConnectorTemplateSpecName1'),'/',variables('dataConnectorVersion1'))]",
-      "location": "[parameters('workspace-location')]",
-      "tags": {
-        "hidden-sentinelWorkspaceId": "[variables('workspaceResourceId')]",
-        "hidden-sentinelContentType": "DataConnector"
-      },
       "dependsOn": [
-        "[resourceId('Microsoft.Resources/templateSpecs', variables('dataConnectorTemplateSpecName1'))]"
+        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "Microsoft Purview Information Protection data connector with template version 2.0.1",
+        "description": "Microsoft Purview Information Protection data connector with template version 3.0.0",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('dataConnectorVersion1')]",
@@ -117,7 +102,7 @@
             },
             {
               "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2022-01-01-preview",
+              "apiVersion": "2023-04-01-preview",
               "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
               "properties": {
                 "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
@@ -142,12 +127,23 @@
               }
             }
           ]
-        }
+        },
+        "packageKind": "Solution",
+        "packageVersion": "[variables('_solutionVersion')]",
+        "packageName": "[variables('_solutionName')]",
+        "packageId": "[variables('_solutionId')]",
+        "contentSchemaVersion": "3.0.0",
+        "contentId": "[variables('_dataConnectorContentId1')]",
+        "contentKind": "DataConnector",
+        "displayName": "Microsoft Purview Information Protection",
+        "contentProductId": "[variables('_dataConnectorcontentProductId1')]",
+        "id": "[variables('_dataConnectorcontentProductId1')]",
+        "version": "[variables('dataConnectorVersion1')]"
       }
     },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-      "apiVersion": "2022-01-01-preview",
+      "apiVersion": "2023-04-01-preview",
       "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
       "dependsOn": [
         "[variables('_dataConnectorId1')]"
@@ -212,13 +208,20 @@
       }
     },
     {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-      "apiVersion": "2022-01-01-preview",
+      "type": "Microsoft.OperationalInsights/workspaces/providers/contentPackages",
+      "apiVersion": "2023-04-01-preview",
       "location": "[parameters('workspace-location')]",
       "properties": {
-        "version": "2.0.1",
+        "version": "3.0.0",
         "kind": "Solution",
-        "contentSchemaVersion": "2.0.0",
+        "contentSchemaVersion": "3.0.0",
+        "displayName": "Microsoft Purview Information Protection",
+        "publisherDisplayName": "Microsoft Sentinel, Microsoft Corporation",
+        "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Microsoft%20Purview%20Information%20Protection/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p>The <a href=\"https://learn.microsoft.com/microsoft-365/compliance/information-protection\">Microsoft Information Protection</a> Solution for Microsoft Sentinel integrates Microsoft Purview Information Protection logs for security monitoring in Microsoft Sentinel. Customers can stream auditing events generated from Microsoft Purview Information Protection unified labeling clients and scanners and emitted to M365 audit log for central reporting in Sentinel.</p>\n<p><strong>Data Connectors:</strong> 1</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
+        "contentKind": "Solution",
+        "contentProductId": "[variables('_solutioncontentProductId')]",
+        "id": "[variables('_solutioncontentProductId')]",
+        "icon": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">",
         "contentId": "[variables('_solutionId')]",
         "parentId": "[variables('_solutionId')]",
         "source": {

diff --git a/Solutions/Microsoft Purview Information Protection/Package/testParameters.json b/Solutions/Microsoft Purview Information Protection/Package/testParameters.json
@@ -0,0 +1,24 @@
+{
+  "location": {
+    "type": "string",
+    "minLength": 1,
+    "defaultValue": "[resourceGroup().location]",
+    "metadata": {
+      "description": "Not used, but needed to pass arm-ttk test `Location-Should-Not-Be-Hardcoded`.  We instead use the `workspace-location` which is derived from the LA workspace"
+    }
+  },
+  "workspace-location": {
+    "type": "string",
+    "defaultValue": "",
+    "metadata": {
+      "description": "[concat('Region to deploy solution resources -- separate from location selection',parameters('location'))]"
+    }
+  },
+  "workspace": {
+    "defaultValue": "",
+    "type": "string",
+    "metadata": {
+      "description": "Workspace name for Log Analytics where Microsoft Sentinel is setup"
+    }
+  }
+}
diff --git a/Solutions/Microsoft Purview Information Protection/ReleaseNotes.md b/Solutions/Microsoft Purview Information Protection/ReleaseNotes.md
@@ -0,0 +1,3 @@
+| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History**                                           |
+|-------------|--------------------------------|--------------------------------------------------------------|
+| 3.0.0       | 19-03-2024                     | Adjust wording for Microsoft Purview Information Protection logs - log source isn't Azure Diagnostics for this one                                     |