Azure Sentinel: Logic App Playbook Code Migration to Another Tenant
I would like to migrate a logic app from one tenant into another tenant.
For example here is an arm template from the Sentinel GitHub - this is what i want to achieve. How would you migrate a logic app in your environment to another environment.
I understand you can copy paste the code view, however, the connections and default paths are all linked to the environment. How do you overcome this and what is best practice to do this?
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"metadata": {
"title": "Change Incident Severity",
"description": "This playbook will change Incident Severity based on specific username that is part of the Incident user entity.",
"prerequisites": "After deployment, update condition action with user names to check for",
"lastUpdateTime": "2021-06-03T00:00:00.000Z",
"entities": ["Account"],
"tags": ["Triage"],
"support": {
"tier": "community"
},
"author": {
"name": "Yaniv Shasha"
}
},
"parameters": {
"PlaybookName": {
"defaultValue": "Change-Incident-Severity",
"type": "string"
}
},
"variables": {
"AzureSentinelConnectionName": "[concat('azuresentinel-', parameters('PlaybookName'))]"
},
"resources": [
{
"type": "Microsoft.Web/connections",
"apiVersion": "2016-06-01",
"name": "[variables('AzureSentinelConnectionName')]",
"location": "[resourceGroup().location]",
"kind": "V1",
"properties": {
"displayName": "[parameters('PlaybookName')]",
"customParameterValues": {},
"parameterValueType": "Alternative",
"api": {
"id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/azuresentinel')]"
}
}
},
{
"type": "Microsoft.Logic/workflows",
"apiVersion": "2017-07-01",
"name": "[parameters('PlaybookName')]",
"location": "[resourceGroup().location]",
"tags": {
"LogicAppsCategory": "security"
},
"identity": {
"type": "SystemAssigned"
},
"dependsOn": [
"[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]"
],
"properties": {
"state": "Enabled",
"definition": {
"$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
"actions": {
"Entities_-_Get_Accounts": {
"inputs": {
"body": "@triggerBody()?['object']?['properties']?['relatedEntities']",
"host": {
"connection": {
"name": "@parameters('$connections')['azuresentinel']['connectionId']"
}
},
"method": "post",
"path": "/entities/account"
},
"runAfter": {},
"type": "ApiConnection"
},
"For_each": {
"actions": {
"Condition": {
"actions": {
"Update_incident": {
"inputs": {
"body": {
"incidentArmId": "@triggerBody()?['object']?['id']",
"severity": "High"
},
"host": {
"connection": {
"name": "@parameters('$connections')['azuresentinel']['connectionId']"
}
},
"method": "put",
"path": "/Incidents"
},
"runAfter": {},
"type": "ApiConnection"
}
},
"expression": {
"or": [
{
"contains": [
"@items('For_each')?['Name']",
"admin"
]
}
]
},
"runAfter": {},
"type": "If"
}
},
"foreach": "@body('Entities_-_Get_Accounts')?['Accounts']",
"runAfter": {
"Entities_-_Get_Accounts": [
"Succeeded"
]
},
"type": "Foreach"
}
},
"contentVersion": "1.0.0.0",
"outputs": {},
"parameters": {
"$connections": {
"defaultValue": {},
"type": "Object"
}
},
"triggers": {
"Microsoft_Sentinel_incident": {
"inputs": {
"body": {
"callback_url": "@{listCallbackUrl()}"
},
"host": {
"connection": {
"name": "@parameters('$connections')['azuresentinel']['connectionId']"
}
},
"path": "/incident-creation"
},
"type": "ApiConnectionWebhook"
}
}
},
"parameters": {
"$connections": {
"value": {
"azuresentinel": {
"connectionId": "[resourceId('Microsoft.Web/connections', variables('AzureSentinelConnectionName'))]",
"connectionName": "[variables('AzureSentinelConnectionName')]",
"id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/azuresentinel')]",
"connectionProperties": {
"authentication": {
"type": "ManagedServiceIdentity"
}
}
}
}
}
}
}
}
]
}
Solution
After exploring on your requirement, I found that there is no direct way to move all the dependencies of an Azure resource (e.g. Logic App) during migration.
Refer Q&A to check the similar information.
There are few approaches to achieve your requirement which are listed below.
- You can create a new ARM template in the target tenant with all the dependent configurations like Api connections etc. to make the job easier.
Or
- After deploying the provided template using ARM, I've exported it to my existing code directory using PowerShell. This allows to deploy the code directly to the target tenant without the need for any further adding or modifications.
Resource deployed:
Export-AzResourceGroup PowerShell
$res1 = Get-AzResource -ResourceGroupName xxxx -ResourceName Change-Incident-Severity -ResourceType Microsoft.Logic/workflows
$res2 = Get-AzResource -ResourceGroupName xxxx -ResourceName azuresentinel-Change-Incident-Severity -ResourceType Microsoft.Web/connections
Export-AzResourceGroup -ResourceGroupName xxxx -Resource @($res1.ResourceId, $res2.ResourceId)
Now you can deploy it using corresponding az deployment commands with the required tenant scope.
3.
Export and download the entire ARM code from the existing tenant displayed below, which has all the connections and configurations, then proceed to deploy it within the new tenant.
Reference: Check this Blog for the relevant information.
- Logic Apps: How to use create a new watchlist with data (raw content) module
- Add extra attribute to object Logic app
- How to change font size of a table in a Teams Message
- Azure Logic App Authorization Policy set via Bicep
- Azure Event Grid Graph API SharePoint Event info useful?
- Azure Logic App Function call for non json body
- Publish Failure Reporting Add or Build Definition File
- Azure Logic App returns metadata instead of SQL query results when invoked via HTTP trigger
- Azure Logic App is only inserting 100 rows into SQL Server table
- Unable to open the workflow in designer using vs code
- How to Pass SAS Token as Header in Azure Logic App HTTP Trigger?
- Azure Logic Apps with Form Recognizer - Get Array definition in optional settings entry
- logic app ( power automate) extract checklist items from a task from a planner plan
- Power Automate Get Filename if Contains Special Character
- Task AzureAppServiceSetting@1: Application Settings object is not a valid JSON while deploying with YAML file from Azure Devops
- unable to delete or move first step from logic app?
- Azure Logic App HTTP Request Authentication Scope
- Enabling minimum apiVersion to 2021-08-01 in Azure API Management causing saving issues or deployment errors for existing logic apps
- Azure Logic Apps: Set condition to False when SQL query returns no rows of data
- Send alert/Logic apps if Azure ML pipeline Completed with Azure ML Pipeline Outputs attached to email
- How to output URL of Azure Logic Apps with Terraform?
- Trouble Passing Boolean Values in Azure Data Factory JSON Template
- Azure Logic App - For Each Key/Value Pair (Answered!)
- how to create new json object using compose connector in logic app without change in order?
- Azure Logic App Error The 'FUNCTIONS_WORKER_RUNTIME' setting is required
- How can I add items from my parsed JSON into an existing array variable in Logic Apps
- Logic apps support of Hierarchical partition keys in Azure Cosmos DB
- How can you obtain the full URL of a HTTP triggered Logic App in the Azure Portal, if you can't use the designer?
- Automating Daily File Transfer and Storage Using Azure Logic Apps for Daimler Project
- logic apps, refresh a dataset of power bi