As the excitement builds for Microsoft Ignite 2024, tech enthusiasts and professionals worldwide are eagerly anticipating the Azure Adaptive Cloud Pre-Days to learn more about hybrid, multicloud, and edge with Microsoft Azure. Scheduled just before the main event (on Monday November 17th), these Pre-Days offer a unique opportunity to delve deep into the innovative world of Azure Adaptive Cloud, facilitating a seamless integration of cloud and edge technologies.

Microsoft Ignite Pre-Days feature two comprehensive workshop sessions, each designed to equip attendees with practical knowledge and tools to optimize and transform their infrastructure and operations and you can still book your spot!

Optimize and Secure Hybrid Infrastructure with a Unified Control Plane

Trying to optimize deployment and management of public cloud and existing local infrastructure to accelerate innovation? Tackle the challenge of unifying and extending existing systems across cloud and edge. Learn about Azure’s adaptive cloud approach, architecture patterns, and deploying cloud-native apps seamlessly using Azure Arc, AI-enhanced tools, and management services across environments. Securely store, process, and derive insights from data throughout digital and physical environments. This pre-day focusing on Azure Arc-enabled servers other Arc-enabled infrastructure.

Transforming Industries with Azure IoT, AI, Edge & Operational Excellence

Join us in a hands-on workshop on industrial and retail transformation. Explore Azure IoT Operations, Kubernetes, and AI-driven solutions like real-time footfall inferencing, intrusion detection, and loss prevention, enhanced by Edge computing. Discover how these innovations, alongside Azure Arc and Microsoft’s adaptive cloud approach, drive operational excellence across industries. Through labs, explore AI and IoT strategies for safer, more efficient, and responsive operations.

Booking and Additional Information

To attend these insightful Pre-Days sessions at Microsoft Ignite 2024, participants must book in advance on the Microsoft Ignite website. Note that these sessions come with an additional cost, reflecting the value and depth of the knowledge and skills imparted.

Why Attend the Azure Adaptive Cloud Pre-Days?

The Azure Adaptive Cloud Pre-Days offer a unique opportunity to:

Gain In-Depth Knowledge: These sessions provide a deep dive into the latest advancements in cloud and edge technologies, offering insights that are not typically covered in regular conference sessions.
Hands-On Experience: Through interactive workshops and labs, attendees gain practical experience that can be directly applied to their own projects and operations. (Hands-on lab only for  “Transforming Industries with Azure IoT, AI, Edge & Operational Excellence”)
Expert Guidance: Learn from industry experts who bring a wealth of knowledge and experience. Their insights and best practices can help you navigate the complexities of modern infrastructure management and operational excellence.
Networking Opportunities: Connect with like-minded professionals and industry leaders. These sessions provide a platform for networking and collaboration, fostering relationships that can lead to future partnerships and opportunities.

The Azure Adaptive Cloud Pre-Days at Microsoft Ignite 2024 promise to be an invaluable experience for anyone looking to optimize their infrastructure and transform their operations with the latest in cloud and edge technologies. By attending these sessions, you will be equipped with the knowledge, tools, and strategies to drive innovation and efficiency in your organization.

Don’t miss out on this opportunity to stay ahead of the curve. Book your sessions today and prepare to embrace the future of cloud and edge integration with Microsoft Azure.

More Azure Adaptive Cloud at Microsoft Ignite

The official Ignite session catalog is published. Azure Adaptive Cloud will host 4 break-out sessions, 3 theater style demo sessions,1 Hands-on-lab and  pre-day sessions for a deeper dive on scenarios and architectural patterns.

Adaptive cloud sessions include:

Breakout: Adaptive cloud: Unify hybrid, multi-cloud and edge with Azure Arc
Breakout: Simplify operations with AI: Copilot, Azure Arc, and Azure Monitor
Breakout: Scale apps and data with Azure Arc, Kubernetes, and Microsoft Fabric
Breakout: Operate infrastructure across distributed locations with Azure Arc
Demo: Fortify critical applications with Azure Business Continuity Center
Demo: Bringing the power of Azure AI to your adaptive cloud environments
Demo: Enhance cloud native troubleshooting with Azure Monitor & Chaos Studio
Theater: Explore next-gen industrial transformation architecture patterns
Hands-on-Lab: Accelerate Windows Server modernization and migration with Azure Arc

As you browse through the catalog, you will also see a range of partner and technical sessions that also highlight or relate to the adaptive cloud approach such as “How AI is transforming the Migration economic opportunity for Partners” and “Windows Server 2025: New ways to gain cloud agility and security”.

There is more to come such as Expert Meet-ups where you can meet Azure Adaptive cloud experts from Microsoft, as well was Microsoft MVPs.

Stay tuned and see you at Microsoft Ignite 2024!

​Microsoft Tech Community – Latest Blogs –Read More 

I’m experiencing an issue with the New Outlook Desktop application. When I first open it, the search bar at the top is visible. However, after some time, it disappears along with the options in the top right corner (minimize, close, settings, etc.).

The only way to restore it seems to be by closing and reopening Outlook, which is quite inconvenient. I’ve checked the settings but can’t find any option to toggle this feature on or off.

Any help would be appreciated. Thanks!

​I’m experiencing an issue with the New Outlook Desktop application. When I first open it, the search bar at the top is visible. However, after some time, it disappears along with the options in the top right corner (minimize, close, settings, etc.).The only way to restore it seems to be by closing and reopening Outlook, which is quite inconvenient. I’ve checked the settings but can’t find any option to toggle this feature on or off.Any help would be appreciated. Thanks!    Read More

​

In this blog post, we will explore how to manage the resiliency and high availability of read workloads offloaded to a Hyperscale named replica. Offloading read workloads to a read replica has many use cases. We’ll discuss a scenario involving Contoso, an energy company that has offloaded their read APIs workloads to named replicas. Contoso uses dedicated named replicas for multiple APIs and reporting workloads to fetch details such as power outage status, energy usage, billing information, business reporting, etc.

Additionally, we’ll explore how to create high availability (HA) replicas for Hyperscale named replicas using the Azure Portal, PowerShell, and Azure CLI.

Brief about named replica: A named replica is a compute-only secondary replica available exclusively in the Azure SQL Database Hyperscale tier. It can be
added on-demand to offload read workloads from the primary Hyperscale replica. Since it uses the same storage as the primary Hyperscale
replica, it does not incur additional storage or license costs. Read applications can connect to a named replica via a dedicated connection
endpoint, and isolated access can be configured for the users. Each named replica can have a different compute size or service level
objective (SLO). It also has its own buffer pool and SSD cache to retain hot data pages in memory or local to the compute node, enhancing
read performance. Read more about named replica

Scenario: Contoso experienced few application connectivity issues due to unplanned outages, such as process crash or load balancing. Azure’s infrastructure can dynamically reconfigure servers when heavy workloads in the SQL Database service, which might cause your application to lose their connection to the database. These errors, known as transient faults, can be investigated and managed by following the practices outlined in the article Troubleshoot common connection issues.

However, Contoso’s issue was prolonged because they didn’t have a high availability (HA) secondary replica for their named replica. Without an HA secondary replica, during an unplanned event, a new named replica is provisioned and recovers automatically, but the failover process can take from a few seconds to minutes, during which the application cannot connect to the named replica. Since Contoso directed critical read workloads to named replicas, even brief outage causes incidents for their customers.

To prevent such prolonged incidents, Contoso added an HA secondary replica for their named replica. This setup ensures that during unplanned outages, automatic failover to the HA secondary replica minimizes downtime. Additionally, Contoso could use the HA secondary replica to handle read workloads from APIs, further enhancing their system performance.

NOTE: The HA secondary replica will have the same compute size as the named replica and will scale accordingly when you scale the named replica’s compute.
Application directing read workload to a named replica can load balance the workload on its HA secondary replica using the connection
string parameter “ApplicationIntent=ReadOnly”.

Let’s discuss the steps to create HA secondary replica for an existing named replica.

Azure Portal

You can create a HA secondary replica for a named replica, you can refer following steps as shown in the animation:

Go to the Azure portal and select your Hyperscale database. 
Under Data Management, select the Replicas. Choose the existing named replica.
Under Settings, select the Compute + storage.
Add desired number of High-Availability secondary replicas to your configuration and select Apply.

PowerShell

The -HighAvailabilityReplicaCount input parameter in ‘Set-AzSqlDatabase’ can be used to add HA secondary replica for a named replica. For more information, see Set-AzSQLDatabase.

To validate if his property is enabled, you can use PowerShell: ‘Get-AzSqlDatabase’. For more information, see Get-AzSqlDatabase (Az.Sql). 

 Example: 

Add a HA secondary replica for a named replica contoso_named_replica_db under logical server contososerver. 

Set-AzSqlDatabase -ResourceGroupName contosorg -DatabaseName contoso_named_replica_db -ServerName contososerver -HighAvailabilityReplicaCount 1

To validate if HA secondary replica is added for a named replica.

Get-AzSqlDatabase -ResourceGroupName contosorg -DatabaseName contoso_named_replica_db -ServerName contososerver | Select-Object -ExpandProperty HighAvailabilityReplicaCount

Azure CLI

By using the –ha-replicas input parameter in the ‘az sql db replica create’ command, you can add a HA secondary replica for a named replica. For more details on this CLI command, see az sql db replica.

To validate if HA secondary replica is added, you can use the CLI command: ‘az sql db show’. For more information, see az sql db show. 

Example: 

To add a HA secondary replica for a named replica contoso_named_replica_db. 

az sql db replica create -g contosorg -n contoso_named_replica_db -s contososerver –secondary-type named –partner-database contoso_named_replica_db –partner-server contososerver –ha-replicas 1

To validate if the HA secondary replica has been added.

az sql db show -g contosorg -n contoso_named_replica_db -s contososerver –query “highAvailabilityReplicaCount”

Limitations:

Named replicas and their HA replica are not automatically load balanced currently. To utilize HA secondary replica for read operations, the application connection string must include the parameter “ApplicationIntent = ReadOnly”.

Named replicas do not support Geo failover or failover groups currently. In the event of a Geo failover where the primary Hyperscale database fails over to a Geo secondary replica, you have two options:

Add a named replica for the Geo secondary replica when it becomes primary to save compute costs by provisioning the replica only when required.
Pre-provision a named replica for the Geo secondary replica to ensure both the primary and Geo secondary environments have the same configuration and replica topology.

Please note that the connection string or endpoint for each named replica is unique. Therefore, you will need to update the application connection string for your application pointing to a named replica on the Geo secondary replica with the new named replica endpoint provisioned for the Geo secondary replica.

FAQs: HA secondary replicas for named replicas:

Question: If we scale a named replica from 40 to 80 cores, will the HA secondary replicas also scale automatically?

Answer: Yes, if a named replica is scaled up or down, the associated HA secondary replicas will scale automatically without any manual intervention.

Question: In the absence of an HA secondary replica, if there is a planned failover (e.g., for maintenance), will the new named replica compute be created before the failover to minimize downtime?

Answer: Yes, for planned failovers, a temporary secondary replica is created automatically, and a hot failover is performed.

Question: If there is an unplanned but manageable failover, such as load balancing, will the failover take more time because a new compute needs to be created, or will the system create a new compute before the failover?

Answer: Load balancing is considered a planned failover. In this situation, a temporary secondary replica is created automatically, and a hot failover is performed.

Question: If there is an unplanned failover due to a failure or problem with the compute, will the failover take more time because a new compute needs to be created?

Answer: Yes, if the failover is unplanned (e.g., due to SQL crashes or replica node failures), it will take more time because a new SQL instance needs to be created and recovered on a different node.

Question: Do the Log service and Page servers have HA secondary replicas by default, independent of the compute HA replica?

Answer: Yes, they maintain internal replicas to ensure resiliency, regardless of whether you add an HA replica.

Conclusion

Creating HA replica for your Hyperscale named replica is a straightforward process that can significantly enhance the reliability and performance of your applications. Whether you use the Azure Portal, PowerShell, or Azure CLI, the steps are simple and effective. By implementing HA replicas, you ensure that your critical read workloads run smoothly and efficiently, even in the face of potential failures. Please share your feedback and questions by leaving a comment; you can also email us at sqlhsfeedback AT microsoft DOT com. We are eager to hear from you all! 

​Microsoft Tech Community – Latest Blogs –Read More 

After adding custom buildings in Microsoft Places for users to choose from as their hybrid work location in Outlook, is there a way to hide or remove the generic “Office” location? Currently, users tend to select “Office” (Kontor in Swedish) instead of the specific building, which causes confusion.

​After adding custom buildings in Microsoft Places for users to choose from as their hybrid work location in Outlook, is there a way to hide or remove the generic “Office” location? Currently, users tend to select “Office” (Kontor in Swedish) instead of the specific building, which causes confusion.    Read More

​

When trying to complete this secure score item on the “General Tab” it states under Users affected “No data to show”.  Going to the “Exposed Entities” tab I get “Failed to load data, please try again later”. This has been happening for a couple of days since I first looked at this item and I am not able to progress it. Please can you advise…

Also the help link on the “Implementation” tab sends you to the defender home page which isn’t very helpful… 

this link is this
https://security.microsoft.com/%E2%80%AFhttps://go.microsoft.com/fwlink/?linkid=2283220

Thanks

​When trying to complete this secure score item on the “General Tab” it states under Users affected “No data to show”.  Going to the “Exposed Entities” tab I get “Failed to load data, please try again later”. This has been happening for a couple of days since I first looked at this item and I am not able to progress it. Please can you advise…Also the help link on the “Implementation” tab sends you to the defender home page which isn’t very helpful… this link is thishttps://security.microsoft.com/%E2%80%AFhttps://go.microsoft.com/fwlink/?linkid=2283220Thanks  Read More

​

Hi, I am trying to install a Win32 app SQL Management Studio (SSMS). The app installed on 2 computers but 5 others are “Install Pending”. Anyone had this before? How can I remotely access the log file on the c: drive?

Thanks

​Hi, I am trying to install a Win32 app SQL Management Studio (SSMS). The app installed on 2 computers but 5 others are “Install Pending”. Anyone had this before? How can I remotely access the log file on the c: drive? Thanks  Read More

​

I know that when deleting a Sentinel rule, you need to wait a specific amount of time before it can be redeployed. However, in this tenant, we’ve been waiting for almost a month and are still getting the same deployment error (‘was recently deleted. You need to allow some time before re-using the same ID. Please try again later. Click here for details’). I still want to use the same ID ect. Does anyone have any idea or similar issue why it’s still not possible after waiting for about a month?

​I know that when deleting a Sentinel rule, you need to wait a specific amount of time before it can be redeployed. However, in this tenant, we’ve been waiting for almost a month and are still getting the same deployment error (‘was recently deleted. You need to allow some time before re-using the same ID. Please try again later. Click here for details’). I still want to use the same ID ect. Does anyone have any idea or similar issue why it’s still not possible after waiting for about a month?  Read More

​

Hi,

I am using my Outlook add-in to display a dialog box. However, if I use displayInIframe:true then the contents of the dialog box won’t load. After a few seconds, it will display the attached error in the dialog box and I’ll see an error in the console that says “[Report Only] This document requires ‘TrustedScript’ assignment.”  I have tried to see if there’s any error by using a callback, but that always says that it succeeded. The URL is on the same domain as the code hosted by the add-in. I am getting this issue in OWA on Chrome and Firefox as well as PWA. In classic Outlook the content doesn’t load either, but I also don’t see that error in the console.

​Hi,I am using my Outlook add-in to display a dialog box. However, if I use displayInIframe:true then the contents of the dialog box won’t load. After a few seconds, it will display the attached error in the dialog box and I’ll see an error in the console that says “[Report Only] This document requires ‘TrustedScript’ assignment.”  I have tried to see if there’s any error by using a callback, but that always says that it succeeded. The URL is on the same domain as the code hosted by the add-in. I am getting this issue in OWA on Chrome and Firefox as well as PWA. In classic Outlook the content doesn’t load either, but I also don’t see that error in the console. Office.context.ui.displayDialogAsync(url, {height: 30, width: 20, promptBeforeOpen: false, displayInIframe: true}, function (result) { console.log(‘Callback result:’); console.log(result); });  Read More

​

My laptop was completely up to date.
I have Open Shell installed!

Cumulative Update Preview for Windows 11 Version 23H2 for x64-based Systems (KB5044380)

I have just installed this update onto my Windows 11 Laptop.
The result was a Black Screen and basically an unusable system.
I managed, with difficulty, to restore the System back to the state before the update.
I have postponed Updates until this problem can be resolved.
Any assistance/advise would be much appreciated

Has anybody else reported problems with this update?

​My laptop was completely up to date.I have Open Shell installed!Cumulative Update Preview for Windows 11 Version 23H2 for x64-based Systems (KB5044380)I have just installed this update onto my Windows 11 Laptop.The result was a Black Screen and basically an unusable system.I managed, with difficulty, to restore the System back to the state before the update.I have postponed Updates until this problem can be resolved.Any assistance/advise would be much appreciatedHas anybody else reported problems with this update?  Read More

​

Bicep is a domain-specific language that uses declarative syntax to deploy Azure resources.  It provides benefits over Azure Resource Management (ARM) templates including smaller file size, integrated parameter files, and better support to tools like Visual Studio code.  To learn more about Bicep go to What is Bicep 

In order to learn more about what you can do in Microsoft Sentinel in Bicep, you can go to Microsoft Sentinel Bicep resources. Note that this link takes you to “Aggregations” as the top-level entry (which is still incorrectly called “Azure Sentinel”) doesn’t have a direct link.   If you were to select an entry, like “Alert Rules”, you will see the format of the Bicep resource definition and at least one example of how to use it.  Very handy.

Using this page, and a few others selected from the menu on the left side of the page, and some help from users on the internet including Kevin Hemelrijk and Mark Palmer, I have created the Bicep resource and parameter files.  Note that due to some limitations in the Bicep resources, there will be a call to a PowerShell file as well.

Resource Group

While you can create a resource group using a Bicep file, due to the way the file is called, the resource group needs to be present first.  You can do this using whatever process you like, including the Azure CLI command listed below:

az group create –location <location> –resource-group <resourceGroup>

For example

az group create –location eastus –resource-group testRG

Bicep File

 The first thing that is done in the Bicep file is to setup the parameters that will be read in from the parameter file (more on that later) and some variables.   Note that “subscription” and “resourceGroup” are built in variables that refer to the environment into which this Bicep file is being run. 

@description(‘Specifies the name of the client who needs Sentinel.’)
param workspaceName string

@description(‘Specifies the number of days to retain data.’)
param retentionInDays int

@description(‘Which solutions to deploy automatically’)
param contentSolutions string[]

var subscriptionId = subscription().id
var location = resourceGroup().location
//Sentinel Contributor role GUID
var roleDefinitionId = ‘ab8e14d6-4a74-4a29-9ba8-549422addade’

Notice that the parameters have a type associated with them.  This is another check to make sure the correct type of data is being passed in as a parameter.  There can also be restrains applied like maximum length or allowed item selections.  More on parameters later in this article.

The last parameter is an array that contains the name of the solutions from the content hub that will be deployed.  Keep in mind that the name shown in the Azure Portal may not be the correct name to use here as some changes to the name may have taken place.  The best way to get the proper name is to make a call to the Microsoft Sentinel “contentProductPackages” REST API.  You can get more information about this at Microsoft Sentinel Content Packages. After making the call, you can look at the “.properties.displayName” to get the proper name.

Let’s take a look at the Bicep call to create the Log Analytics workspace.

resource workspace ‘Microsoft.OperationalInsights/workspaces@2022-10-01’ = {
name: workspaceName
location: location
properties: {
retentionInDays: retentionInDays
}
}

 Line 1 starts with “resource” to say that Bicep is deploying a resource as opposed to something like a loop.  Then the word “workspace” is called the symbolic name and is used to reference the resource later on.  For example, when creating the Microsoft Sentinel instance, one of the properties is “workspaceResourceId” and it can be referenced by passing in “workspace.id”
Line 2 is the name of the resource.   In this case, the parameter called “workspaceName” is being used.
Line 3 is the location for the workspace.  The variable, location, is being passed in here.
Line 4 starts the properties that are needed.  In this case, only the retention time in days is being used.  Different resources will have different properties.

Next are the calls to make the workspace, the Microsoft Sentinel instance, and a call to finish the Microsoft Sentinel onboarding:

// Create the Log Analytics Workspace
resource workspace ‘Microsoft.OperationalInsights/workspaces@2022-10-01’ = {
name: workspaceName
location: location
properties: {
retentionInDays: retentionInDays
}
}

// Create Microsoft Sentinel on the Log Analytics Workspace
resource sentinel ‘Microsoft.OperationsManagement/solutions@2015-11-01-preview’ = {
name: ‘SecurityInsights(${workspaceName})’
location: location
properties: {
workspaceResourceId: workspace.id
}
plan: {
name: ‘SecurityInsights(${workspaceName})’
product: ‘OMSGallery/SecurityInsights’
promotionCode: ”
publisher: ‘Microsoft’
}
}

// Onboard Sentinel after it has been created
resource onboardingStates ‘Microsoft.SecurityInsights/onboardingStates@2022-12-01-preview’ = {
scope: workspace
name: ‘default’
}

After the Microsoft Sentinel instance has been setup, there are some settings that can be applied, including the Entity Behavior directory service, in this case Azure Entra Id (which is still called “AzureActiveDirectory” in the code), and the data sources.

// Enable the Entity Behavior directory service
resource EntityAnalytics ‘Microsoft.SecurityInsights/settings@2023-02-01-preview’ = {
name: ‘EntityAnalytics’
kind: ‘EntityAnalytics’
scope: workspace
properties: {
entityProviders: [‘AzureActiveDirectory’]
}
dependsOn: [
onboardingStates
]
}

// Enable the additional UEBA data sources
resource uebaAnalytics ‘Microsoft.SecurityInsights/settings@2023-02-01-preview’ = {
name: ‘Ueba’
kind: ‘Ueba’
scope: workspace
properties: {
dataSources: [‘AuditLogs’, ‘AzureActivity’, ‘SigninLogs’, ‘SecurityEvent’]
}
dependsOn: [
EntityAnalytics
]
}

Bicep does provide a way to deploy solutions, but it doesn’t work correctly.  This is due to the underlying REST API not working correctly.  Also, as Bicep is used to create resources, there is no way to get a list of solutions to deploy using Bicep, hence the parameter mentioned previously.   Luckily, it does provide a way to call PowerShell so that the solutions can be deployed.

Because the PowerShell interacts with Azure, there needs to be a user identity created.  This identity will then need the proper permission, Microsoft Sentinel Contributor, on the resource group.   There is a 5-minute pause in between these calls to allow the identity time to propagate.  Calling a PowerShell script is described more below.

//Create the user identity to interact with Azure
@description(‘The user identity for the deployment script.’)
resource scriptIdentity ‘Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31’ = {
name: ‘script-identity’
location: location
}

//Pausing for 5 minutes to allow the new user identity to propagate
resource pauseScript ‘Microsoft.Resources/deploymentScripts@2023-08-01’ = {
name: ‘pauseScript’
location: resourceGroup().location
kind: ‘AzurePowerShell’
properties: {
azPowerShellVersion: ‘12.2.0’
scriptContent: ‘Start-Sleep -Seconds 300’
timeout: ‘PT30M’
cleanupPreference: ‘OnSuccess’
retentionInterval: ‘PT1H’
}
dependsOn: [
scriptIdentity
]
}

//Assign the Sentinel Contributor rights on the Resource Group to the User Identity that was just created
resource roleAssignment ‘Microsoft.Authorization/roleAssignments@2022-04-01’ = {
name: guid(resourceGroup().name, roleDefinitionId)
properties: {
roleDefinitionId: subscriptionResourceId(‘Microsoft.Authorization/roleDefinitions’, roleDefinitionId)
principalId: scriptIdentity.properties.principalId
}
dependsOn: [
pauseScript
]
}

Finally, a call is made to the PowerShell script, Create-NewSolutionAndRulesFromList.ps1, to deploy the passed in solutions and create the rules from the rule templates.   This code was taken from the Microsoft Sentinel All-In-One V2 offering so it won’t be discussed much here.  The only exception is that because the user identity account is making all the calls to Azure, the “Connect-AzAccount” is configured to pass in an identity

Connect-AzAccount -Identity -AccountId $Identity

Where $Identity is the client identity that was passed in as a parameter.

resource deploymentScript ‘Microsoft.Resources/deploymentScripts@2023-08-01’ = {
name: ‘deploySolutionsScript’
location: resourceGroup().location
kind: ‘AzurePowerShell’
identity: {
type: ‘UserAssigned’
userAssignedIdentities: {
‘${scriptIdentity.id}’: {}
}
}
properties: {
azPowerShellVersion: ‘12.2.0’
arguments: ‘-ResourceGroup ${resourceGroup().name} -Workspace ${workspaceName} -Region ${resourceGroup().location} -Solutions ${contentSolutions} -SubscriptionId ${subscriptionId} -TenantId ${subscription().tenantId} -Identity ${scriptIdentity.properties.clientId} ‘
scriptContent: loadTextContent(‘./Create-NewSolutionAndRulesFromList.ps1’)
timeout: ‘PT30M’
cleanupPreference: ‘OnSuccess’
retentionInterval: ‘P1D’
}
dependsOn: [
roleAssignment
]
}

Some things to note on this call:

Lines 5-10:  Because we are making calls into Azure, this resource call will require an Identity.  
Line 12:  This was set to the latest version of PowerShell at the time of this writing.  It could use a lower version but there will probably be a message in the logs that there is a newer version.
Line 13: These are all the arguments being passed into the PowerShell script.  They will need to be read in as parameters in the script
Line 14: This is the location of the script.   The code could be included inline, like what was done for the “pauseScript” call made above.
Line 15: This is how long to allow the script to run.  Keep this in mind if a lot of solutions were passed in.
Line 16: This is the cleanup preference when the script executes.  Other options include “Always” and “OnExpiration”
Line 17: This is how long the script resource will be retained after it finishes running.
Line 19: The “dependsOn” states that this resource will not start to run until after the other resource, “roleAssignment” in this case.  finishes.   There are other instances of this throughout the file.  Note that if the resource makes use of data from a previous resource, it does not need a “dependsOn.  For example, since the “sentinel” resource uses “workspace.id”, it does not need a “dependsOn”

Parameter File

Bicep can use two different formats for the parameter file. It can either be a JSON or the Bicep Parameter file (that has a file extension of “bicepparam”.  The Bicep Parameter file has advantages over the regular JSON file.

The biggest advantage is that it references the Bicep file so editors like Visual Studio Code will know if there are any parameters missing from either the parameter file or the Bicep file.  

For the Bicep file that is in this article, this is the parameter file

using ‘./Sentinel.bicep’

param workspaceName = ‘demo7’
param retentionInDays = 90
param contentSolutions = [
‘Amazon Web Services’
‘Microsoft Entra ID’
‘Azure Logic Apps’
]

Most of it should be self-explanatory except for the first line.  This is a reference to the Bicep file that this file is send its data into.   This allows editors like Visual Studio Code to make sure all the parameters are accounted for in both the parameter file and the Bicep file.  For more on the Bicep parameter file go to Bicep Parameter Files 

Deploying a Bicep file

Using the Azure CLI, the Bicep file can be deployed by using the following call

az deployment group create –name <deploymentName> –template-file <BicepFile> –parameters <BicepParameterFile> –resource-group <resourceGroup>

For example

az deployment group create –name testDeploy –template-file .sentinel.bicep –parameters .sentinelParams.bicepparam –resource-group rgTest

Summary

This article shows how to create a Microsoft Sentinel instance, add some settings, and deploy solutions and Analytic Rule templates using Bicep templates.  There is far more that can be done including setting Commitment Tiers, configuring some of the Microsoft Data Connectors like Entra ID or Azure Data logs, and setting limitations around the parameters.

You can save these templates as part of your CI/CD for Microsoft Sentinel and, if you have to deploy multiple Microsoft Sentinel instances, reuse the templates with just some minor tweaks to the parameter file.

​Microsoft Tech Community – Latest Blogs –Read More