Merge pull request #338 from KenMAG/master

Revised Bicep template & updated lab 08 instructions
MicrosoftLearning · Jan 8, 2025 · 1e10595 · 1e10595
2 parents 420048e + fdd0f01
commit 1e10595
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 5 deletions.
diff --git a/Allfiles/Bicep/Sentinel.bicep b/Allfiles/Bicep/Sentinel.bicep
@@ -97,6 +97,7 @@ resource pauseScript 'Microsoft.Resources/deploymentScripts@2023-08-01' = {
   ]
 }
 
+/*
 //Assign the Sentinel Contributor rights on the Resource Group to the User Identity that was just created
 resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
   name: guid(resourceGroup().name, roleDefinitionId)
@@ -108,6 +109,20 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
     pauseScript
   ]
 }
+*/
+
+resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+  name: guid(subscription().id, resourceGroup().id, scriptIdentity.name, roleDefinitionId)
+  scope: resourceGroup()
+  properties: {
+    roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', roleDefinitionId)
+    principalId: scriptIdentity.properties.principalId
+    principalType: 'ServicePrincipal'
+  }
+  dependsOn: [
+    pauseScript
+  ]
+}
 
 //  Call the external PowerShell script to deploy the solutions and rules
 resource deploymentScript 'Microsoft.Resources/deploymentScripts@2023-08-01' = {

diff --git a/Instructions/Labs/LAB_AK_08_Lab1_Ex02_Connect_Windows.md b/Instructions/Labs/LAB_AK_08_Lab1_Ex02_Connect_Windows.md
@@ -130,17 +130,17 @@ In this task, you install Azure Arc on an on-premises server to make onboarding
 
 In this task, you'll connect an Azure Windows virtual machine to Microsoft Sentinel.
 
+>**Note:** Microsoft Sentinel has been predeployed in your Azure subscription with the name **defenderWorkspace**, and the *Content Hub* has been prepopulated with the necessary solutions.
+
 1. In the Search bar of the Azure portal, type *Sentinel*, then select **Microsoft Sentinel**.
 
-1. Select your Microsoft Sentinel Workspace you created earlier.
+1. Select the Microsoft Sentinel **defenderWorkspace**.
 
-1. 1. In the Microsoft Sentinel left menus, scroll down to the *Content management* section and select **Content Hub**.
+1. 1. In the Microsoft Sentinel left navigation menu, scroll down to the *Content management* section and select **Content Hub**.
 
 1. In the *Content hub*, search for the **Windows Security Events** solution and select it from the list.
 
-1. On the *Windows Security Events* solution page select **Install**.
-
-1. When the installation completes select **Manage**
+1. On the *Windows Security Events* solution page select **Manage**.
 
     >**Note:** The *Windows Security Events* solution installs both the *Windows Security Events via AMA* and the *Security Events via Legacy Agent* Data connectors. Plus 2 Workbooks, 20 Analytic Rules, and 43 Hunting Queries.