Release 1.5.0 (#7)

* Release 1.5.0 * Release 1.5.0 * Release 1.5.0 --------- Co-authored-by: Microsoft Open Source <microsoftopensource@users.noreply.github.com>
Azure · Jul 16, 2024 · e72866e · e72866e
1 parent 022562f
commit e72866e
Show file tree

Hide file tree

Showing 6 changed files with 2,933 additions and 5 deletions.
diff --git a/PolicyInitiatives/ISM/ISM_mapping.xlsx b/PolicyInitiatives/ISM/ISM_mapping.xlsx
diff --git a/PolicyInitiatives/ISM/NZISM-ISM Document-V.-3.7-February-2024.pdf b/PolicyInitiatives/ISM/NZISM-ISM Document-V.-3.7-February-2024.pdf
diff --git a/PolicyInitiatives/ISM/NewZealandISM.json b/PolicyInitiatives/ISM/NewZealandISM.json
diff --git a/PolicyInitiatives/ISM/README.md b/PolicyInitiatives/ISM/README.md
@@ -0,0 +1,14 @@
+# New Zealand Information Security Manual (ISM) Policy Initiative
+ The New Zealand ISM Policy Initiative aids in meeting the New Zealand Information Security Manual (ISM) Policy control objectives. The policy initiatives and files contained in this repository are intended to serve as a starting point. Please note that these files are not intended to be final or comprehensive solutions, but rather a helpful resource to jumpstart your efforts.
+
+**Important** Organizations are wholly responsible for ensuring their own compliance with all applicable laws and regulations. The information provided in this document does not constitute legal advice, and organizations should consult their legal advisors for any questions regarding regulatory compliance.
+
+The evidence against each security measure and its corresponding security controls shall be assessed to determine whether it meets the security requirements. If the security requirements are not fulfilled, the outstanding risks shall be identified. The SAA and/or NCSP shall identify any additional security measures and controls needed to attain an acceptable residual risk, which would be implemented by the NCSP and/or CSP.
+
+The contents of this ISM Policy Initiative are:
+ 1. New Zealand ISM Policy documentation. Reference to the New Zealand ISM official documentation which walks through the control objectives. This publication offers a comprehensive collection of controls for cloud service consumers to protect organizational operations from a diverse set of threats and risks. The controls are flexible and customizable and implemented as part of an organization-wide process to manage risk.
+
+ 2. Mapping File. A file that maps the ISM Control Objectives to Azure Policies. The mapping file enables the user to identify what Azure Policies are being used to meet ISM control objectives. Each Control ID in the mapping files contains the Control Domain, Control Title, Control Description, Azure Policy Name, Azure Policy Reference ID, and Azure Policy Definition ID. An explanation of each Control can be found in the ISM Policy documentation.
+
+ ### Contributions
+ Changes can not be made to the policy initiative directly in this repo. If you find an issue, feel free to open a PR with the proposed fix.
diff --git a/scripts/New-PolicySets.ps1 b/scripts/New-PolicySets.ps1
@@ -59,8 +59,7 @@ function New-InstallPolicySets {
                         -Metadata $varPolicyMetadata `
                         -Parameter $varPolicyParameters `
                         -GroupDefinition $varPolicyDefinitionGroups `
-                        -ManagementGroupName $parManagementGroupId `
-                        -ApiVersion "2023-04-01"
+                        -ManagementGroupName $parManagementGroupId
 
                 }
                 else {
@@ -71,8 +70,7 @@ function New-InstallPolicySets {
                         -PolicyDefinition $varPolicyDefinitions `
                         -Metadata $varPolicyMetadata `
                         -Parameter $varPolicyParameters `
-                        -ManagementGroupName $parManagementGroupId `
-                        -ApiVersion "2023-04-01"
+                        -ManagementGroupName $parManagementGroupId
 
                 }
 
@@ -85,7 +83,15 @@ function New-InstallPolicySets {
                 }
             }
             catch {
+                $varError = "{0} : {1}`n{2}`n" + `
+                    "    + CategoryInfo          : {3}`n" + `
+                    "    + FullyQualifiedErrorId : {4}`n"
+                $varErrorProperties = $_.InvocationInfo.MyCommand.Name, $_.ErrorDetails.Message, `
+                    $_.InvocationInfo.PositionMessage, $_.CategoryInfo.ToString(), `
+                    $_.FullyQualifiedErrorId
+                $varFormattedError = $varError -f $varErrorProperties
                 $varLoopCounter++
+                Write-Host -Foreground Red -Background Black $varFormattedError
                 if ($varLoopCounter -lt $varMaxRetryAttemptTransientErrorRetry) {
                     Write-Information ">>> Retrying policy deployment after waiting for $varRetryWaitTimeTransientErrorRetry secs" -InformationAction Continue
                     Start-Sleep -Seconds $varRetryWaitTimeTransientErrorRetry

diff --git a/scripts/README.md b/scripts/README.md
@@ -1,9 +1,22 @@
 # Overview
 
-This is a PowerShell script to help users deploy our policy sets files to deployed Sovereign Landing Zones (SLZ).
+This is a PowerShell script to help users deploy our policy sets files to a deployed Sovereign Landing Zone (SLZ).
 
 # Setup and run
 
 1. Install PowerShell 7.
 1. Open PowerShell 7 and navigate to this directory.
 1. Then type `.\New-PolicySets.ps1` and  follow the prompts to provide the inputs needed to install the policy sets.
+
+# FAQ
+
+## How can I authenticate when MFA is enabled?
+Examples scenarios of how to use Connect-AzAccount when multi-factor authentication is enabled: https://learn.microsoft.com/en-us/powershell/module/az.accounts/connect-azaccount
+
+# Still facing issues with authentication?
+Ensure you are running the script in PowerShell 7. Try to clear all local account context, some examples of commands to run for clearing the context include:
+```ps
+Clear-AzContext
+az logout
+az login
+```