Merge branch 'main' into sesivan_databricks

docs/content/services/database/db-for-mysql/_index.md

@@ -14,8 +14,8 @@ The presented resiliency recommendations in this guidance include DB for MySQL a
 {{< table style="table-striped" >}}
 | Recommendation                                    |                                Category                                 |     Impact      |      State       | ARG Query Available |
 |:--------------------------------------------------|:-----------------------------------------------------------------------:|:---------------:|:----------------:|:-------------------:|
-| [MYSQL-1 - Enable HA with zone redundancy](#mysql-1---enable-ha-with-zone-redundancy) | Availability | High | Preview |         Yes         |
-| [MYSQL-2 - Enable custom maintenance schedule](#mysql-2---enable-custom-maintenance-schedule) |     System Efficiency      | High | Preview |         Yes          |
+| [MYSQL-1 - Enable HA with zone redundancy](#mysql-1---enable-ha-with-zone-redundancy) | Availability | High | Verified |         Yes         |
+| [MYSQL-2 - Enable custom maintenance schedule](#mysql-2---enable-custom-maintenance-schedule) |     System Efficiency      | High | Verified |         Yes          |
 {{< /table >}}
 
 {{< alert style="info" >}}

docs/content/services/database/db-for-postgresql/_index.md

@@ -14,8 +14,8 @@ The presented resiliency recommendations in this guidance include Database for P
 {{< table style="table-striped" >}}
 | Recommendation                                    |  Category                                                               |  Impact         |  State            | ARG Query Available |
 | :------------------------------------------------ | :---------------------------------------------------------------------: | :------:        | :------:          | :-----------------: |
-| [PSQL-1 - Enable HA with zone redundancy](#psql-1---enable-ha-with-zone-redundancy) | Availability | High | Preview  |         Yes         |
-| [PSQL-2 - Enable custom maintenance schedule](#psql-1---enable-ha-with-zone-redundancy) | System Efficiency | High | Preview  |         Yes         |
+| [PSQL-1 - Enable HA with zone redundancy](#psql-1---enable-ha-with-zone-redundancy) | Availability | High | Verified  |         Yes         |
+| [PSQL-2 - Enable custom maintenance schedule](#psql-1---enable-ha-with-zone-redundancy) | System Efficiency | High | Verified  |         Yes         |
 {{< /table >}}
 
 {{< alert style="info" >}}

docs/content/services/security/key-vault/code/kv-5/kv-5.kql

@@ -1 +1,31 @@
-// under-development
+// Azure Resource Graph Query
+// This resource graph query will return all Key Vaults that does not have Diagnostic logs enabled
+
+policyresources
+| where type == 'microsoft.policyinsights/policystates'
+| where properties.complianceState == 'NonCompliant'
+| extend policyDefinitionId = tostring(tolower(properties.policyDefinitionId)),resourceId = tostring(tolower(properties.resourceId)), PolicyAssignmentName = properties.policyAssignmentName, policySetDefinitionId = tostring(tolower(properties.policySetDefinitionId))
+| project resourceId,policySetDefinitionId,policyDefinitionId
+| join kind=inner(
+    policyresources
+    | where type == 'microsoft.authorization/policydefinitions'
+    | extend displayName = tostring(properties.displayName)
+    | where displayName contains "Resource logs in Key Vault should be enabled"
+    | project policyDefinitionId=tostring(tolower(id)),displayName
+) on policyDefinitionId
+| project resourceId,policySetDefinitionId,policyDefinitionId
+| join kind=inner(
+    policyresources
+    | where type == 'microsoft.authorization/policysetdefinitions'
+    | extend displayName = tostring(properties.displayName)
+    | where displayName contains "Microsoft cloud security benchmark"
+    | project policySetDefinitionId=tostring(tolower(id)),displayName
+) on policySetDefinitionId
+| join kind=inner(
+  resources
+  | where type == 'microsoft.keyvault/vaults'
+  | project resourceId = tostring(tolower(id)),name,tags
+)on resourceId
+| project-away resourceId1,policySetDefinitionId1,policySetDefinitionId,policyDefinitionId,displayName
+| project recommendationID = "kv-5",id=resourceId,name,tags
+

docs/content/services/specialized-workloads/azure-virtual-desktop/_index.md

@@ -57,7 +57,6 @@ The presented resiliency recommendations in this guidance include Azure Virtual
 | [ERC-1 - Connect your on-premises network to critical workloads in Azure through two or more ExpressRoute circuits in different peering locations](https://azure.github.io/Azure-Proactive-Resiliency-Library/services/networking/expressroute-circuits/#erc-1---connect-your-on-premises-network-to-critical-workloads-in-azure-through-two-or-more-expressroute-circuits-in-different-peering-locations) | Availability | High | Verified | No |
 | [ERC-2 - Ensure the two physical links of your ExpressRoute circuit are connected to two distinct edge devices in your network](https://azure.github.io/Azure-Proactive-Resiliency-Library/services/networking/expressroute-circuits/#erc-2---ensure-the-two-physical-links-of-your-expressroute-circuit-are-connected-to-two-distinct-edge-devices-in-your-network) | Availability | High | Verified | No |
 | [VPNG-1 - Choose a Zone-redundant gateway](https://azure.github.io/Azure-Proactive-Resiliency-Library/services/networking/vpn-gateway/#vpng-1---choose-a-zone-redundant-gateway) | Availability | High | Verified | Yes |
-| [VPNG-3 - Plan for Site-to-Site VPN and Azure ExpressRoute coexisting connection](https://azure.github.io/Azure-Proactive-Resiliency-Library/services/networking/vpn-gateway/#vpng-3---plan-for-site-to-site-vpn-and-azure-expressroute-coexisting-connection) | Disaster Recovery | High | Verified | No |
 | [NSG-4 - Configure NSG Flow Logs](https://azure.github.io/Azure-Proactive-Resiliency-Library/services/networking/network-security-group/#nsg-4---configure-nsg-flow-logs) | Monitoring | Medium | Preview | Yes |
 | [ST-1 - Ensure that Storage Account configuration is at least Zone redundant](https://azure.github.io/Azure-Proactive-Resiliency-Library/services/storage/storage-account/#st-1---ensure-that-storage-account-configuration-is-at-least-zone-redundant) | Storage | High | Verified | Yes |
 | [WADS-3 - Ensure that all fault-points and fault-modes are understood and operationalized](https://azure.github.io/Azure-Proactive-Resiliency-Library/well-architected/2-design/#wads-3---ensure-that-all-fault-points-and-fault-modes-are-understood-and-operationalized) | Availability | High | Verified | No |

docs/content/services/storage/azure-netapp-files/code/anf-3/anf-3.kql

@@ -1,5 +1,6 @@
+// Azure Resource Graph Query
 // This Resource Graph query will return all Azure NetApp Files volumes without an availability zone defined.
-resources
-| where type =~ "microsoft.netapp/netappaccounts/capacitypools/volumes"
-| where zones == "[]"
-| project recommendationId = "ANF-3", name, id, tags
+Resources
+| where type =~ "Microsoft.NetApp/netAppAccounts/capacityPools/volumes"
+| where array_length(zones) == 0 or isnull(zones)
+| project recommendationId = "anf-3", name, id, tags

docs/content/services/storage/storage-Account/code/st-1/st-1.kql

@@ -1,6 +1,6 @@
 // Azure Resource Graph Query
 // This query will return all storage accounts that are not using Zone or Region replication
 Resources
-| where type =~'microsoft.storage/storageaccounts'
-| where sku.name =~'Standard_LRS'
-| project recommendationId = 'st-1', name, id, tags, param1=sku.name
+| where type =~ "Microsoft.Storage/storageAccounts"
+| where sku.name in~ ("Standard_LRS", "Premium_LRS")
+| project recommendationId = "st-1", name, id, tags, param1 = strcat("sku: ", sku.name)