The demo that would really help me would include:
- create a simple playbook and export the arm template
- is there anything useful in parameters.json that you need?
- after renaming template.json to azuredeploy.json, discuss:
- parameters - seems to make sense..
- variables - when to add variables? Is there a reference list for common variables? Are there specific requirements for these variables? eg. azuread-xxx, auzresentinel-xxx
- resources - am I ADDING or MODIFYING resources? Github suggest I'm ADDing resources?
- If I have to add resources, then where can I get a list of common resources? I have no idea how to build a resource from scratch w/o a reference to something.
In this example demonstrate what variables need to be included in the template:)
(note: connections_office365_1_externalid refers to the parameters.json file that was created during the arm template export from Azure)
"parameters": {
"$connections": {
"value": {
"office365": {
"connectionId": "[parameters('connections_office365_1_externalid')]",
"connectionName": "office365-1",
"id": "/subscriptions/<tenant>/providers/Microsoft.Web/locations/eastus/managedApis/office365"
}
}
}
}
Thanks!!
And I've gone through github and picked some playbooks with unique resources that would be useful for practical demonstrations:
Advanced-SNOW-Teams-Integration
Close-SentinelIncident-fromSNOW
AutoConnect-ASCSubscriptions
AzureFirewall-AddIPtoTIAllowList
Block-IPs-on-MDATP-Using-GraphSecurity
CarbonBlack
Close-Incident-ASCAlert
Close-Incident-MCAS
Get-CompromisedPasswords
Get-MDEFileActivityWithin30Mins
M365-Security-Posture
