diff --git a/azure-resources/Network/networkWatchers/kql/e28bbc1-1eb7-486f-8d7f-93943f40219.kql b/azure-resources/Network/networkWatchers/kql/e28bbc1-1eb7-486f-8d7f-93943f40219.kql new file mode 100644 index 000000000..614a7f9ca --- /dev/null +++ b/azure-resources/Network/networkWatchers/kql/e28bbc1-1eb7-486f-8d7f-93943f40219.kql @@ -0,0 +1 @@ +// under-development diff --git a/azure-resources/Network/networkWatchers/recommendations.yaml b/azure-resources/Network/networkWatchers/recommendations.yaml index 9c4e10a38..2db3ce1e7 100644 --- a/azure-resources/Network/networkWatchers/recommendations.yaml +++ b/azure-resources/Network/networkWatchers/recommendations.yaml @@ -35,3 +35,22 @@ learnMoreLink: - name: Manage NSG flow logs using the Azure portal url: "https://learn.microsoft.com/azure/network-watcher/nsg-flow-logging" + +- description: Configure Network Watcher Connection monitor + aprlGuid: 1e28bbc1-1eb7-486f-8d7f-93943f40219c + recommendationTypeId: null + recommendationControl: Monitoring and Alerting + recommendationImpact: High + recommendationResourceType: Microsoft.Network/networkWatchers + recommendationMetadataState: Active + longDescription: | + Improves monitoring for Azure and Hybrid connectivity + potentialBenefits: Improves monitoring for Azure and Hybrid connectivity + pgVerified: true + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: arg + tags: null + learnMoreLink: + - name: Connection monitor overview + url: "https://learn.microsoft.com/en-us/azure/network-watcher/connection-monitor-overview" diff --git a/azure-resources/NetworkFunction/azureTrafficCollectors/recommendations.yaml b/azure-resources/NetworkFunction/azureTrafficCollectors/recommendations.yaml index a2737d114..2ae754a48 100644 --- a/azure-resources/NetworkFunction/azureTrafficCollectors/recommendations.yaml +++ b/azure-resources/NetworkFunction/azureTrafficCollectors/recommendations.yaml @@ -1,4 +1,4 @@ -- description: Ensure ExpressRoute Traffic Collector is enabled and configured for ExpressRoute Direct circuits +- description: Ensure ExpressRoute Traffic Collector is enabled and configured for Direct or Provider circuits aprlGuid: 1ceea4b5-1d8b-4be0-9bbe-9594557be51a recommendationTypeId: null recommendationControl: Monitoring and Alerting @@ -6,7 +6,7 @@ recommendationResourceType: Microsoft.NetworkFunction/azureTrafficCollectors recommendationMetadataState: Active longDescription: | - ExpressRoute Traffic Collector samples network flows over ExpressRoute Direct circuits, sending flow logs to a Log Analytics workspace for analysis or export to visualization tools/SIEM. + ExpressRoute Traffic Collector samples network flows over ExpressRoute Direct or Service-Provider based circuits, sending flow logs to a Log Analytics workspace for analysis or export to visualization tools/SIEM. potentialBenefits: Enhanced network flow analysis and DR readiness pgVerified: true publishedToLearn: false diff --git a/docs/content/tools/script-overviews/_index.md b/docs/content/tools/script-overviews/_index.md index 3a3a7b42f..4619b16ec 100644 --- a/docs/content/tools/script-overviews/_index.md +++ b/docs/content/tools/script-overviews/_index.md @@ -100,7 +100,7 @@ The Collector PowerShell script is the first script to be run in the Azure Proac - **ResourceGroups**: *Optional if subscription(s) are provided or a ConfigFile is used* ; specifies Resource Group(s) to be included in the analysis: "/subscriptions/YYYYYYYY-YYYY-YYYY-YYYY-YYYYYYYYYYYY/resourceGroups/ResourceGroup1","/subscriptions/YYYYYYYY-YYYY-YYYY-YYYY-YYYYYYYYYYYY/resourceGroups/ResourceGroup2". - **Tags**: *Optional* ; specifies tags to be used for filtering the resources: "TagName1==TagValue1","TagName2==TagValue2" - **ConfigFile**: *Optional* ; specifies a file for advanced filtering, including: subscription, resourceGroup, resourceId, Tags. - - See ConfigFile.Example [here](../../../../tools/configfile.example) + - See ConfigFile.Example [here](https://github.com/Azure/Azure-Proactive-Resiliency-Library-v2/blob/main/tools/configfile.example) - **AzureEnvironment**: *Optional* ; specifies the Azure Environment to used for the analysis: AzureCloud, AzureUSGovernment. - **SAP**: *Optional* ; used for specialized workload analysis. - **AVD**: *Optional* ; used for specialized workload analysis. @@ -220,3 +220,30 @@ The Reports Generator PowerShell script serves as the final step in the Azure Pr {{< hint type=important >}} Updates will need to be made prior to presenting to any audience. {{< /hint >}} + +## Frequently asked questions + +### 3_wara_reports_generator.ps1 + +#### The specified Excel file may be encrypted. If a sensitivity label is applied to the file, please change the sensitivity label to the label without encryption temporarily + +The specified Excel file may be has a sensitivity label (encrypted). The 3_wara_reports_generator.ps1 script does not support encrypted Excel file currently. To avoid this issue, you need to change the sensitivity label to the label without encryption temporarily. For example, **Confidential/Any User (No Protection)** sensitivity. After completing the script running, you can re-apply the original sensitivity label (recommended). + +You can change the sensitivity label on the file by **Excel** or **Information Protection File Labeler**. + +- Option 1: Excel + + 1. Select a sensitivity label that you want from the sensitivity bar at the top of the Excel window. + 2. Save the Excel file. + + Learn more about the [Sensitivity bar in Microsoft 365](https://support.microsoft.com/office/2f96e7cd-d5a4-403b-8bd7-4cc636bae0f9). + +- Option 2: Information Protection File Labeler + + 1. Install the [Microsoft Purview Information Protection client](https://www.microsoft.com/en-us/download/details.aspx?id=53018) + 2. Right click the Excel file in the File Explorer then select **Show more options**. + 3. Select **Apply sensitivity label with Microsoft Purview** + 4. Select a sensitivity label that you want. + 5. Click the **Apply** button. + + Learn more about the [detailed usage of the Information Protection File Labeler](https://support.microsoft.com/topic/67829155-2d0e-4122-9677-7c53c8cba18a). diff --git a/tools/3_wara_reports_generator.ps1 b/tools/3_wara_reports_generator.ps1 index f27a22a26..d7fe1f981 100644 --- a/tools/3_wara_reports_generator.ps1 +++ b/tools/3_wara_reports_generator.ps1 @@ -112,6 +112,12 @@ $Global:Runtime = Measure-Command -Expression { function Excel { if ($Debugging.IsPresent) { ('FunctExcel - ' + (get-date -Format 'yyyy-MM-dd HH:mm:ss') + ' - Info - Processing Excel variables..') | Out-File -FilePath $LogFile -Append } + + if (-not (Test-Path -PathType Leaf -Path $ExcelFile)) + { + Write-Error ('The specified Excel file "{0}" was not found.' -f $ExcelFile) + Exit + } $ExcelFile = get-item -Path $ExcelFile if ($Global:Heavy) {Start-Sleep -Milliseconds 100} $ExcelFile = $ExcelFile.FullName @@ -127,7 +133,14 @@ $Global:Runtime = Measure-Command -Expression { $ErrorStack = $_.ScriptStackTrace if ($CoreDebugging) { ('OfficeApps - ' + (get-date -Format 'yyyy-MM-dd HH:mm:ss') + ' - Error - ' + $errorMessage) | Out-File -FilePath $LogFile -Append } if ($CoreDebugging) { ('OfficeApps - ' + (get-date -Format 'yyyy-MM-dd HH:mm:ss') + ' - Error - ' + $ErrorStack) | Out-File -FilePath $LogFile -Append } - Write-Error "Excel File not found, or it is encrypted." + if (($_.Exception -is [System.Management.Automation.MethodInvocationException]) -and ($_.Exception.Message -like '*encrypted*')) + { + Write-Error ('The specified Excel file "{0}" may be encrypted. If a sensitivity label is applied to the file, please change the sensitivity label to the label without encryption temporarily. Learn more: https://aka.ms/aprl/tools/faq' -f $ExcelFile) + } + else + { + Write-Error $errorMessage + } Exit }