brucedkyle/set-security-center.ps1

## set-security-center.ps1
#Requires -Version 7.0
#Requires -Modules PowerShellGet, Az.Resources, Az.Security
<#
.SYNOPSIS
  Sets up Security Center and the admin alerts for the subscription
.DESCRIPTION
  Automatically sets Security Center standard tier to the subscription.
.PARAMETER OrganizationName
    Used to create the management group name
.PARAMETER LogAnalyticsWorkplaceId
    The resource ID for the Log Analytics workplace
.PARAMETER SecurityAdminEmail
    The email for security notifications
.PARAMETER SecurityAdminPhone
    The phone number to send security notifications
.OUTPUTS
  If the creation was successful, it return the management group name; otherwise, null.
.NOTES
  Version:        1.0
  Author:         Bruce Kyle
  Creation Date:  6/18/2020
  Purpose/Change: Initial script development
  Copyright 2020 Stretegic Datatech LLC
  License: MIT https://opensource.org/licenses/MIT

.EXAMPLE
  .\New-ManagementGroup.ps1 "Strategic Datatech LLC"
.EXAMPLE
$SubscriptiondID = 9f241d6e-16e2-4b2b-a485-cc546f04799b
$OrganizationName = "Strategic Datatech LLC"
$SecurityAdminEmail = "security@strategicdatatech.com"
$SecurityAdminPhone = 2065557878
$workspaceID = @(.\Add-LogAnalytics.ps1 -SubscriptionID $SubscriptionID -OrganizationName $OrganizationName)
.\Set-SubscriptionSecurity.ps1 SubscriptionID $SubscriptionID `
    -LogAnalyticsWorkplaceId $workspaceID `
    -SecurityAdminEmail $SecurityAdminEmail `
    -SecurityAdminPhone $SecurityAdminPhone
#>

## Run as Admin
[CmdletBinding()]
Param(
    [Parameter(Mandatory)] [string] $SubscriptionID,
    [Parameter(Mandatory)] [string] $LogAnalyticsWorkplaceId,
    [Parameter(Mandatory)] [string] $SecurityAdminEmail,
    [Parameter(Mandatory)] [string] $SecurityAdminPhone
)

Set-StrictMode -Version Latest
$ErrorActionPreference = "Stop"

Set-AzContext -Subscription $SubscriptionID
Register-AzResourceProvider -ProviderNamespace 'Microsoft.Security'

Set-AzSecurityPricing -Name "default" -PricingTier "Standard"

echo "Subscriptions has workspace id: $workspaceID"

Set-AzSecurityWorkspaceSetting -Name "default" `
    -Scope "/subscriptions/$SubscriptionID" `
    -WorkspaceId $LogAnalyticsWorkplaceId

Set-AzSecurityAutoProvisioningSetting -Name "default" -EnableAutoProvision

Set-AzSecurityContact -Name "default1" -Email $SecurityAdminEmail -Phone $SecurityAdminPhone -AlertAdmin -NotifyOnAlert

Register-AzResourceProvider -ProviderNamespace 'Microsoft.PolicyInsights'
$Policy = Get-AzPolicySetDefinition | where {$_.Properties.displayName -EQ '[Preview]: Enable Monitoring in Azure Security Center'}
New-AzPolicyAssignment -Name 'ASC Default <d07c0080-170c-4c24-861d-9c817742786c>' -DisplayName 'Security Center Default $SubscriptionID ' -PolicySetDefinition $Policy -Scope '/subscriptions/$SubscriptionID '
	#Requires -Version 7.0
	#Requires -Modules PowerShellGet, Az.Resources, Az.Security
	<#
	.SYNOPSIS
	Sets up Security Center and the admin alerts for the subscription
	.DESCRIPTION
	Automatically sets Security Center standard tier to the subscription.
	.PARAMETER OrganizationName
	Used to create the management group name
	.PARAMETER LogAnalyticsWorkplaceId
	The resource ID for the Log Analytics workplace
	.PARAMETER SecurityAdminEmail
	The email for security notifications
	.PARAMETER SecurityAdminPhone
	The phone number to send security notifications
	.OUTPUTS
	If the creation was successful, it return the management group name; otherwise, null.
	.NOTES
	Version: 1.0
	Author: Bruce Kyle
	Creation Date: 6/18/2020
	Purpose/Change: Initial script development
	Copyright 2020 Stretegic Datatech LLC
	License: MIT https://opensource.org/licenses/MIT

	.EXAMPLE
	.\New-ManagementGroup.ps1 "Strategic Datatech LLC"
	.EXAMPLE
	$SubscriptiondID = 9f241d6e-16e2-4b2b-a485-cc546f04799b
	$OrganizationName = "Strategic Datatech LLC"
	$SecurityAdminEmail = "security@strategicdatatech.com"
	$SecurityAdminPhone = 2065557878
	$workspaceID = @(.\Add-LogAnalytics.ps1 -SubscriptionID $SubscriptionID -OrganizationName $OrganizationName)
	.\Set-SubscriptionSecurity.ps1 SubscriptionID $SubscriptionID `
	-LogAnalyticsWorkplaceId $workspaceID `
	-SecurityAdminEmail $SecurityAdminEmail `
	-SecurityAdminPhone $SecurityAdminPhone
	#>

	## Run as Admin
	[CmdletBinding()]
	Param(
	[Parameter(Mandatory)] [string] $SubscriptionID,
	[Parameter(Mandatory)] [string] $LogAnalyticsWorkplaceId,
	[Parameter(Mandatory)] [string] $SecurityAdminEmail,
	[Parameter(Mandatory)] [string] $SecurityAdminPhone
	)

	Set-StrictMode -Version Latest
	$ErrorActionPreference = "Stop"

	Set-AzContext -Subscription $SubscriptionID
	Register-AzResourceProvider -ProviderNamespace 'Microsoft.Security'

	Set-AzSecurityPricing -Name "default" -PricingTier "Standard"

	echo "Subscriptions has workspace id: $workspaceID"

	Set-AzSecurityWorkspaceSetting -Name "default" `
	-Scope "/subscriptions/$SubscriptionID" `
	-WorkspaceId $LogAnalyticsWorkplaceId

	Set-AzSecurityAutoProvisioningSetting -Name "default" -EnableAutoProvision

	Set-AzSecurityContact -Name "default1" -Email $SecurityAdminEmail -Phone $SecurityAdminPhone -AlertAdmin -NotifyOnAlert

	Register-AzResourceProvider -ProviderNamespace 'Microsoft.PolicyInsights'
	$Policy = Get-AzPolicySetDefinition \| where {$_.Properties.displayName -EQ '[Preview]: Enable Monitoring in Azure Security Center'}
	New-AzPolicyAssignment -Name 'ASC Default <d07c0080-170c-4c24-861d-9c817742786c>' -DisplayName 'Security Center Default $SubscriptionID ' -PolicySetDefinition $Policy -Scope '/subscriptions/$SubscriptionID '