Merge branch 'main' into improve-excel-recommendation-sheet

Azure · Jul 19, 2024 · 7ccebff · 7ccebff
2 parents 8409be7 + 95246b3
commit 7ccebff
Show file tree

Hide file tree

Showing 5 changed files with 64 additions and 4 deletions.
diff --git a/azure-resources/Network/networkWatchers/kql/e28bbc1-1eb7-486f-8d7f-93943f40219.kql b/azure-resources/Network/networkWatchers/kql/e28bbc1-1eb7-486f-8d7f-93943f40219.kql
@@ -0,0 +1 @@
+// under-development
diff --git a/azure-resources/Network/networkWatchers/recommendations.yaml b/azure-resources/Network/networkWatchers/recommendations.yaml
@@ -35,3 +35,22 @@
   learnMoreLink:
     - name: Manage NSG flow logs using the Azure portal
       url: "https://learn.microsoft.com/azure/network-watcher/nsg-flow-logging"
+
+- description: Configure Network Watcher Connection monitor
+  aprlGuid: 1e28bbc1-1eb7-486f-8d7f-93943f40219c
+  recommendationTypeId: null
+  recommendationControl: Monitoring and Alerting
+  recommendationImpact: High
+  recommendationResourceType: Microsoft.Network/networkWatchers
+  recommendationMetadataState: Active
+  longDescription: |
+    Improves monitoring for Azure and Hybrid connectivity
+  potentialBenefits: Improves monitoring for Azure and Hybrid connectivity
+  pgVerified: true
+  publishedToLearn: false
+  publishedToAdvisor: false
+  automationAvailable: arg
+  tags: null
+  learnMoreLink:
+    - name: Connection monitor overview
+      url: "https://learn.microsoft.com/en-us/azure/network-watcher/connection-monitor-overview"
diff --git a/azure-resources/NetworkFunction/azureTrafficCollectors/recommendations.yaml b/azure-resources/NetworkFunction/azureTrafficCollectors/recommendations.yaml
@@ -1,12 +1,12 @@
-- description: Ensure ExpressRoute Traffic Collector is enabled and configured for ExpressRoute Direct circuits
+- description: Ensure ExpressRoute Traffic Collector is enabled and configured for Direct or Provider circuits
   aprlGuid: 1ceea4b5-1d8b-4be0-9bbe-9594557be51a
   recommendationTypeId: null
   recommendationControl: Monitoring and Alerting
   recommendationImpact: Medium
   recommendationResourceType: Microsoft.NetworkFunction/azureTrafficCollectors
   recommendationMetadataState: Active
   longDescription: |
-    ExpressRoute Traffic Collector samples network flows over ExpressRoute Direct circuits, sending flow logs to a Log Analytics workspace for analysis or export to visualization tools/SIEM.
+    ExpressRoute Traffic Collector samples network flows over ExpressRoute Direct or Service-Provider based circuits, sending flow logs to a Log Analytics workspace for analysis or export to visualization tools/SIEM.
   potentialBenefits: Enhanced network flow analysis and DR readiness
   pgVerified: true
   publishedToLearn: false

diff --git a/docs/content/tools/script-overviews/_index.md b/docs/content/tools/script-overviews/_index.md
@@ -100,7 +100,7 @@ The Collector PowerShell script is the first script to be run in the Azure Proac
         - **ResourceGroups**:  *Optional if subscription(s) are provided or a ConfigFile is used* ; specifies Resource Group(s) to be included in the analysis: "/subscriptions/YYYYYYYY-YYYY-YYYY-YYYY-YYYYYYYYYYYY/resourceGroups/ResourceGroup1","/subscriptions/YYYYYYYY-YYYY-YYYY-YYYY-YYYYYYYYYYYY/resourceGroups/ResourceGroup2".
         - **Tags**:  *Optional* ; specifies tags to be used for filtering the resources: "TagName1==TagValue1","TagName2==TagValue2"
         - **ConfigFile**:  *Optional* ; specifies a file for advanced filtering, including: subscription, resourceGroup, resourceId, Tags.
-          - See ConfigFile.Example [here](../../../../tools/configfile.example)
+          - See ConfigFile.Example [here](https://github.com/Azure/Azure-Proactive-Resiliency-Library-v2/blob/main/tools/configfile.example)
         - **AzureEnvironment**:  *Optional* ; specifies the Azure Environment to used for the analysis: AzureCloud, AzureUSGovernment.
         - **SAP**:  *Optional* ; used for specialized workload analysis.
         - **AVD**:  *Optional* ; used for specialized workload analysis.
@@ -220,3 +220,30 @@ The Reports Generator PowerShell script serves as the final step in the Azure Pr
 {{< hint type=important >}}
 Updates will need to be made prior to presenting to any audience.
 {{< /hint >}}
+
+## Frequently asked questions
+
+### 3_wara_reports_generator.ps1
+
+#### The specified Excel file may be encrypted. If a sensitivity label is applied to the file, please change the sensitivity label to the label without encryption temporarily
+
+The specified Excel file may be has a sensitivity label (encrypted). The 3_wara_reports_generator.ps1 script does not support encrypted Excel file currently. To avoid this issue, you need to change the sensitivity label to the label without encryption temporarily. For example, **Confidential/Any User (No Protection)** sensitivity. After completing the script running, you can re-apply the original sensitivity label (recommended).
+
+You can change the sensitivity label on the file by **Excel** or **Information Protection File Labeler**.
+
+- Option 1: Excel
+
+    1. Select a sensitivity label that you want from the sensitivity bar at the top of the Excel window.
+    2. Save the Excel file.
+
+    Learn more about the [Sensitivity bar in Microsoft 365](https://support.microsoft.com/office/2f96e7cd-d5a4-403b-8bd7-4cc636bae0f9).
+
+- Option 2: Information Protection File Labeler
+
+    1. Install the [Microsoft Purview Information Protection client](https://www.microsoft.com/en-us/download/details.aspx?id=53018)
+    2. Right click the Excel file in the File Explorer then select **Show more options**.
+    3. Select **Apply sensitivity label with Microsoft Purview**
+    4. Select a sensitivity label that you want.
+    5. Click the **Apply** button.
+
+    Learn more about the [detailed usage of the Information Protection File Labeler](https://support.microsoft.com/topic/67829155-2d0e-4122-9677-7c53c8cba18a).
diff --git a/tools/3_wara_reports_generator.ps1 b/tools/3_wara_reports_generator.ps1
@@ -112,6 +112,12 @@ $Global:Runtime = Measure-Command -Expression {
   function Excel {
 
     if ($Debugging.IsPresent) { ('FunctExcel - ' + (get-date -Format 'yyyy-MM-dd HH:mm:ss') + ' - Info - Processing Excel variables..') | Out-File -FilePath $LogFile -Append }
+
+    if (-not (Test-Path -PathType Leaf -Path $ExcelFile))
+      {
+        Write-Error ('The specified Excel file "{0}" was not found.' -f $ExcelFile)
+        Exit
+      }
     $ExcelFile = get-item -Path $ExcelFile
     if ($Global:Heavy) {Start-Sleep -Milliseconds 100}
     $ExcelFile = $ExcelFile.FullName
@@ -127,7 +133,14 @@ $Global:Runtime = Measure-Command -Expression {
         $ErrorStack = $_.ScriptStackTrace
         if ($CoreDebugging) { ('OfficeApps - ' + (get-date -Format 'yyyy-MM-dd HH:mm:ss') + ' - Error - ' + $errorMessage) | Out-File -FilePath $LogFile -Append }
         if ($CoreDebugging) { ('OfficeApps - ' + (get-date -Format 'yyyy-MM-dd HH:mm:ss') + ' - Error - ' + $ErrorStack) | Out-File -FilePath $LogFile -Append }
-        Write-Error "Excel File not found, or it is encrypted."
+        if (($_.Exception -is [System.Management.Automation.MethodInvocationException]) -and ($_.Exception.Message -like '*encrypted*'))
+          {
+            Write-Error ('The specified Excel file "{0}" may be encrypted. If a sensitivity label is applied to the file, please change the sensitivity label to the label without encryption temporarily. Learn more: https://aka.ms/aprl/tools/faq' -f $ExcelFile)
+          }
+        else
+          {
+            Write-Error $errorMessage
+          }
         Exit
       }