Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Remove default security contact email and correct TLS assignment #971

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

fix: Remove default security contact email and correct TLS assignment #971

wants to merge 2 commits into from
+7 −9

Conversation

oZakari
Copy link
Contributor

@oZakari oZakari commented Feb 28, 2025
edited
Loading

Overview/Summary

This pull request includes several updates to the Azure policy assignments and related documentation. The changes primarily focus on updating policy definitions, modifying default parameter values, and updating documentation to reflect these changes.

Policy Definition Updates:

  • Updated the definitionId for the Enforce-EncryptTransit policy to a new version in alzDefaultPolicyAssignments.bicep and policy_assignment_es_enforce_tls_ssl.tmpl.json. [1] [2]

Parameter Value Modifications:

  • Changed the default value of parMsDefenderForCloudEmailSecurityContact to an empty string in multiple files to remove the placeholder email. [1] [2] [3]

Documentation Updates:

  • Updated the documentation to reflect the change in parMsDefenderForCloudEmailSecurityContact parameter from No to Yes to indicate it is now required.
  • Updated the example value for parMsDefenderForCloudEmailSecurityContact to an empty string in the generated documentation.

Related Issues/Work Items

Closes #969

This PR fixes/adds/changes/removes

  1. Replaced outdated TLS policy set definition in applicable assignment
  2. Remove default value for Security Contact email parameter and make it a required field as per request of SLZ team

Breaking Changes

None. Although the default parameter for the Security Contact email address parameter is removed, it does 't break an existing deployment.

Testing Evidence

Replace this with any testing evidence to show that your Pull Request works/fixes as described and planned (include screenshots, if appropriate).

As part of this Pull Request I have

@oZakari oZakari requested a deployment to BicepUpdateDocumentation February 28, 2025 19:39 — with GitHub Actions Waiting
@oZakari oZakari requested a review from Copilot February 28, 2025 19:42
@oZakari oZakari requested a deployment to BicepUpdateDocumentation February 28, 2025 19:42 — with GitHub Actions Waiting
@oZakari oZakari requested a review from jtracey93 February 28, 2025 19:42
@oZakari oZakari added Area: Policy 📝 Issues / PR's related to Policy Type: Bug 🪲 Something isn't working labels Feb 28, 2025
@oZakari oZakari requested a deployment to BicepUpdateDocumentation February 28, 2025 19:42 — with GitHub Actions Waiting
@oZakari oZakari requested a deployment to BicepUpdateDocumentation February 28, 2025 19:42 — with GitHub Actions Waiting
@oZakari oZakari requested a deployment to BicepUpdateDocumentation February 28, 2025 19:42 — with GitHub Actions Waiting
@oZakari oZakari requested a deployment to BicepUpdateDocumentation February 28, 2025 19:42 — with GitHub Actions Waiting
@oZakari oZakari requested a deployment to BicepUpdateDocumentation February 28, 2025 19:42 — with GitHub Actions Waiting
@oZakari oZakari requested a deployment to BicepUpdateDocumentation February 28, 2025 19:42 — with GitHub Actions Waiting
@oZakari oZakari temporarily deployed to BicepUpdateDocumentation February 28, 2025 19:42 — with GitHub Actions Inactive
@oZakari oZakari changed the title Remove default email and correct TLS assignment fix: Remove default security contact email and correct TLS assignment Feb 28, 2025
@oZakari oZakari requested a deployment to BicepUpdateDocumentation February 28, 2025 19:51 — with GitHub Actions Waiting
Copilot
Copilot AI reviewed Feb 28, 2025
View reviewed changes

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.
@oZakari oZakari requested a review from Copilot February 28, 2025 22:42
@oZakari
Copy link
Contributor Author

oZakari commented Feb 28, 2025

/azp run validateazcloud

Copilot
Copilot AI reviewed Feb 28, 2025
View reviewed changes

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR Overview

This pull request updates Azure policy assignments and corresponding documentation to remove the default security contact email and update the TLS policy definition. Key changes include:

  • Updating the definitionId for the Enforce-EncryptTransit policy.
  • Removing the default value for the parMsDefenderForCloudEmailSecurityContact parameter.
  • Adjusting documentation to reflect that a security contact email is now required.

Reviewed Changes

File Description
infra-as-code/bicep/modules/policy/assignments/alzDefaults/generateddocs/alzDefaultPolicyAssignments.bicep.md Removed the placeholder default email value and updated the documentation to align with the new required parameter state

Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.

Comments suppressed due to low confidence (1)

infra-as-code/bicep/modules/policy/assignments/alzDefaults/generateddocs/alzDefaultPolicyAssignments.bicep.md:303

  • [nitpick] The generated documentation does not explicitly indicate that the parMsDefenderForCloudEmailSecurityContact parameter is now required. Consider adding a note in the parameter description to clarify that a valid email must be provided.
"parMsDefenderForCloudEmailSecurityContact": {
@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines could not run because the pipeline triggers exclude this branch/path.

@oZakari oZakari changed the base branch from patch-policy-library to main March 3, 2025 02:50
@oZakari oZakari requested a deployment to BicepUpdateDocumentation March 3, 2025 02:50 — with GitHub Actions Waiting
@oZakari oZakari closed this Mar 3, 2025
@oZakari oZakari reopened this Mar 3, 2025
@oZakari oZakari deployed to BicepUpdateDocumentation March 3, 2025 02:51 — with GitHub Actions Active
@oZakari
Copy link
Contributor Author

oZakari commented Mar 3, 2025

/azp run valideazcloud

@azure-pipelines Azure Pipelines
Copy link

No pipelines are associated with this pull request.

@oZakari
Copy link
Contributor Author

oZakari commented Mar 3, 2025

/azp run validateazcloud

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@jtracey93 jtracey93 Awaiting requested review from jtracey93

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
Area: Policy 📝 Issues / PR's related to Policy Type: Bug 🪲 Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Enforce-TLS-SSL-H224 points to outdated/depricated policy set
1 participant
@oZakari