Merge pull request Azure#12810 from camilo86/camilo/entra-assets

Entra ID Assets

Author: v-atulyadav

Logos/AADCloudSync.svg

@@ -0,0 +1,60 @@
+{
+    "id": "EntraIDAssets",
+    "title": "Microsoft Enta ID Assets",
+    "publisher": "Microsoft",
+    "logo": "AADCloudSync.svg",
+    "descriptionMarkdown": "Entra ID assets data connector gives richer insights into activity data by supplementing details with asset information. Data from this connector is used to build data risk graphs in Purview. If you have enabled those graphs, deactivating this Connector will prevent the graphs from being built. [Learn about the data risk graph.](https://go.microsoft.com/fwlink/?linkid=2320023)",
+    "graphQueries": [],
+    "sampleQueries": [],
+    "dataTypes": [],
+    "connectivityCriterias": [
+        {
+            "type": "EntraIDAssets"
+        }
+    ],
+    "permissions": {
+        "tenant": [
+            "GlobalAdmin",
+            "SecurityAdmin"
+        ]
+    },
+    "availability": {
+        "status": 2
+    },
+    "instructionSteps": [
+        {
+            "instructions": [
+                {
+                    "parameters": {
+                        "type": "EntraIDAssets",
+                        "description": "1. Connect Microsoft Entra ID assets to ingest into Sentinel Lake.",
+                        "items": [
+                            {
+                                "label": "Applications"
+                            },
+                            {
+                                "label": "Group Memberships"
+                            },
+                            {
+                                "label": "Groups"
+                            },
+                            {
+                                "label": "Members"
+                            },
+                            {
+                                "label": "Organizations"
+                            },
+                            {
+                                "label": "Service Principals"
+                            },
+                            {
+                                "label": "Users"
+                            }
+                        ]
+                    },
+                    "type": "MSG"
+                }
+            ]
+        }
+    ]
+}

Solutions/Microsoft Entra ID Assets/Data Connectors/EntraIDAssets_DataConnectorDefinition.json

@@ -0,0 +1,13 @@
+{
+	"Name": "Microsoft Entra ID Assets",
+	"Author": "Microsoft",
+	"Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/refs/heads/master/Logos/AADCloudSync.svg\" width=\"75px\" height=\"75px\">",
+	"Description": "Entra ID assets data connector gives richer insights into activity data by supplementing details with asset information. Data from this connector is used to build data risk graphs in Purview. If you have enabled those graphs, deactivating this Connector will prevent the graphs from being built. [Learn about the data risk graph.](https://go.microsoft.com/fwlink/?linkid=2320023)",
+	"Data Connectors": [
+		"Data Connectors/EntraIDAssets_DataConnectorDefinition.json"
+	],
+	"BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Microsoft Entra ID Assets",
+  	"Version": "3.0.0",
+	"Metadata": "SolutionMetadata.json",
+	"TemplateSpec": true
+}

Solutions/Microsoft Entra ID Assets/Data/Solution_MicrosoftEntraAssets.json

@@ -0,0 +1,85 @@
+{
+  "$schema": "https://schema.management.azure.com/schemas/0.1.2-preview/CreateUIDefinition.MultiVm.json#",
+  "handler": "Microsoft.Azure.CreateUIDef",
+  "version": "0.1.2-preview",
+  "parameters": {
+    "config": {
+      "isWizard": false,
+      "basics": {
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/refs/heads/master/Logos/AADCloudSync.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Microsoft%20Entra%20ID%20Assets/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nEntra ID assets data connector gives richer insights into activity data by supplementing details with asset information. Data from this connector is used to build data risk graphs in Purview. If you have enabled those graphs, deactivating this Connector will prevent the graphs from being built. [Learn about the data risk graph.](https://go.microsoft.com/fwlink/?linkid=2320023)\n\n**Data Connectors:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "subscription": {
+          "resourceProviders": [
+            "Microsoft.OperationsManagement/solutions",
+            "Microsoft.OperationalInsights/workspaces/providers/alertRules",
+            "Microsoft.Insights/workbooks",
+            "Microsoft.Logic/workflows"
+          ]
+        },
+        "location": {
+          "metadata": {
+            "hidden": "Hiding location, we get it from the log analytics workspace"
+          },
+          "visible": false
+        },
+        "resourceGroup": {
+          "allowExisting": true
+        }
+      }
+    },
+    "basics": [
+      {
+        "name": "getLAWorkspace",
+        "type": "Microsoft.Solutions.ArmApiControl",
+        "toolTip": "This filters by workspaces that exist in the Resource Group selected",
+        "condition": "[greater(length(resourceGroup().name),0)]",
+        "request": {
+          "method": "GET",
+          "path": "[concat(subscription().id,'/providers/Microsoft.OperationalInsights/workspaces?api-version=2020-08-01')]"
+        }
+      },
+      {
+        "name": "workspace",
+        "type": "Microsoft.Common.DropDown",
+        "label": "Workspace",
+        "placeholder": "Select a workspace",
+        "toolTip": "This dropdown will list only workspace that exists in the Resource Group selected",
+        "constraints": {
+          "allowedValues": "[map(filter(basics('getLAWorkspace').value, (filter) => contains(toLower(filter.id), toLower(resourceGroup().name))), (item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.name, '\"}')))]",
+          "required": true
+        },
+        "visible": true
+      }
+    ],
+    "steps": [
+      {
+        "name": "dataconnectors",
+        "label": "Data Connectors",
+        "bladeTitle": "Data Connectors",
+        "elements": [
+          {
+            "name": "dataconnectors1-text",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "text": "This Solution installs the data connector for Microsoft Entra ID Assets. You can get Microsoft Entra ID Assets custom log data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
+            }
+          },
+          {
+            "name": "dataconnectors-link1",
+            "type": "Microsoft.Common.TextBlock",
+            "options": {
+              "link": {
+                "label": "Learn more about connecting data sources",
+                "uri": "https://docs.microsoft.com/azure/sentinel/connect-data-sources"
+              }
+            }
+          }
+        ]
+      }
+    ],
+    "outputs": {
+      "workspace-location": "[first(map(filter(basics('getLAWorkspace').value, (filter) => and(contains(toLower(filter.id), toLower(resourceGroup().name)),equals(filter.name,basics('workspace')))), (item) => item.location))]",
+      "location": "[location()]",
+      "workspace": "[basics('workspace')]"
+    }
+  }
+}