Last active
June 18, 2020 16:46
-
-
Save brucedkyle/2ad67e11da90b9a06aacf085cc08bd08 to your computer and use it in GitHub Desktop.
Set up Security Center
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Requires -Version 7.0 | |
#Requires -Modules PowerShellGet, Az.Resources, Az.Security | |
<# | |
.SYNOPSIS | |
Sets up Security Center and the admin alerts for the subscription | |
.DESCRIPTION | |
Automatically sets Security Center standard tier to the subscription. | |
.PARAMETER OrganizationName | |
Used to create the management group name | |
.PARAMETER LogAnalyticsWorkplaceId | |
The resource ID for the Log Analytics workplace | |
.PARAMETER SecurityAdminEmail | |
The email for security notifications | |
.PARAMETER SecurityAdminPhone | |
The phone number to send security notifications | |
.OUTPUTS | |
If the creation was successful, it return the management group name; otherwise, null. | |
.NOTES | |
Version: 1.0 | |
Author: Bruce Kyle | |
Creation Date: 6/18/2020 | |
Purpose/Change: Initial script development | |
Copyright 2020 Stretegic Datatech LLC | |
License: MIT https://opensource.org/licenses/MIT | |
.EXAMPLE | |
.\New-ManagementGroup.ps1 "Strategic Datatech LLC" | |
.EXAMPLE | |
$SubscriptiondID = 9f241d6e-16e2-4b2b-a485-cc546f04799b | |
$OrganizationName = "Strategic Datatech LLC" | |
$SecurityAdminEmail = "security@strategicdatatech.com" | |
$SecurityAdminPhone = 2065557878 | |
$workspaceID = @(.\Add-LogAnalytics.ps1 -SubscriptionID $SubscriptionID -OrganizationName $OrganizationName) | |
.\Set-SubscriptionSecurity.ps1 SubscriptionID $SubscriptionID ` | |
-LogAnalyticsWorkplaceId $workspaceID ` | |
-SecurityAdminEmail $SecurityAdminEmail ` | |
-SecurityAdminPhone $SecurityAdminPhone | |
#> | |
## Run as Admin | |
[CmdletBinding()] | |
Param( | |
[Parameter(Mandatory)] [string] $SubscriptionID, | |
[Parameter(Mandatory)] [string] $LogAnalyticsWorkplaceId, | |
[Parameter(Mandatory)] [string] $SecurityAdminEmail, | |
[Parameter(Mandatory)] [string] $SecurityAdminPhone | |
) | |
Set-StrictMode -Version Latest | |
$ErrorActionPreference = "Stop" | |
Set-AzContext -Subscription $SubscriptionID | |
Register-AzResourceProvider -ProviderNamespace 'Microsoft.Security' | |
Set-AzSecurityPricing -Name "default" -PricingTier "Standard" | |
echo "Subscriptions has workspace id: $workspaceID" | |
Set-AzSecurityWorkspaceSetting -Name "default" ` | |
-Scope "/subscriptions/$SubscriptionID" ` | |
-WorkspaceId $LogAnalyticsWorkplaceId | |
Set-AzSecurityAutoProvisioningSetting -Name "default" -EnableAutoProvision | |
Set-AzSecurityContact -Name "default1" -Email $SecurityAdminEmail -Phone $SecurityAdminPhone -AlertAdmin -NotifyOnAlert | |
Register-AzResourceProvider -ProviderNamespace 'Microsoft.PolicyInsights' | |
$Policy = Get-AzPolicySetDefinition | where {$_.Properties.displayName -EQ '[Preview]: Enable Monitoring in Azure Security Center'} | |
New-AzPolicyAssignment -Name 'ASC Default <d07c0080-170c-4c24-861d-9c817742786c>' -DisplayName 'Security Center Default $SubscriptionID ' -PolicySetDefinition $Policy -Scope '/subscriptions/$SubscriptionID ' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment