Merge branch 'main' into afd-bug-fixes-march24

Azure · Apr 5, 2024 · a98fc94 · a98fc94
2 parents ec88890 + 64aefa3
commit a98fc94
Show file tree

Hide file tree

Showing 7 changed files with 16 additions and 21 deletions.
diff --git a/docs/content/services/networking/application-gateway/_index.md b/docs/content/services/networking/application-gateway/_index.md
@@ -21,7 +21,7 @@ The presented resiliency recommendations in this guidance include Application Ga
 | [AGW-5 - Monitor and Log the configurations and traffic](#agw-5---monitor-and-log-the-configurations-and-traffic)                            |    Monitoring     | Medium | Preview |         No          |
 | [AGW-6 - Use Health Probes to detect backend availability](#agw-6---use-health-probes-to-detect-backend-availability)                        |    Monitoring     | Medium | Preview |         Yes         |
 | [AGW-7 - Deploy Application Gateway in a zone-redundant configuration](#agw-7---deploy-application-gateway-in-a-zone-redundant-configuration)|   Availability    |  High  | Preview |         Yes         |
-| [AGW-8 - Plan for backend maintenance by using connection draining](#agw-8---plan-for-backend-maintenance-by-using-connection-draining)      |    Governance     | Medium | Preview |         No          |
+| [AGW-8 - Plan for backend maintenance by using connection draining](#agw-8---plan-for-backend-maintenance-by-using-connection-draining)      |    Governance     | Medium | Preview |         Yes          |
 | [AGW-9 - Ensure Application Gateway Subnet is using a /24 subnet mask](#agw-9---ensure-application-gateway-subnet-is-using-a-24-subnet-mask) |    Networking     |  High  | Preview |         Yes          |
 
 {{< /table >}}

diff --git a/docs/content/services/networking/application-gateway/code/agw-8/agw-8.kql b/docs/content/services/networking/application-gateway/code/agw-8/agw-8.kql
@@ -1 +1,9 @@
-// under-development
+// Azure Resource Graph Query
+// This query will check if connection draining is enabled
+resources
+| where type =~ "microsoft.network/applicationGateways"
+| mv-expand backendHttpSettings = properties.backendHttpSettingsCollection
+| extend connectionDrainingEnabled = backendHttpSettings.properties.connectionDraining.enabled
+| where connectionDrainingEnabled != true
+| extend backendPoolName = backendHttpSettings.name
+| project recommendationId = "agw-8", name, id, tags, param1 = "connectionDraining: Disabled", param2 = strcat("backendSettingsName: ", backendPoolName)
diff --git a/docs/content/services/networking/application-gateway/code/agw-8/agw-8.kql.fix b/docs/content/services/networking/application-gateway/code/agw-8/agw-8.kql.fix
diff --git a/docs/content/services/specialized-workloads/azure-virtual-desktop/_index.md b/docs/content/services/specialized-workloads/azure-virtual-desktop/_index.md
@@ -14,8 +14,8 @@ The presented resiliency recommendations in this guidance include Azure Virtual
 {{< table style="table-striped" >}}
 | Recommendation | Category | Impact | State | ARG Query Available |
 |:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-----------------:|:--------:|:-------:|:-------------------:|
-| [AVD-1 - Use Private link when connecting to File Share or Key Vault](#avd-1---use-private-link-when-connecting-to-file-share-or-key-vault) | Access & Security | Medium | Verified | Yes |
-| [AVD-2 - Monitor Service Health and Resource Health of AVD](#avd-2---monitor-service-health-and-resource-health-of-avd) | Monitoring | High | Verified | Yes |
+| [AVD-1 - Use Private link when connecting to File Share or Key Vault](#avd-1---use-private-link-when-connecting-to-file-share-or-key-vault) | Access & Security | Medium | Verified | No |
+| [AVD-2 - Monitor Service Health and Resource Health of AVD](#avd-2---monitor-service-health-and-resource-health-of-avd) | Monitoring | High | Verified | No |
 | [AVD-4 - Deploy Domain Controllers and DNS Servers in Azure Virtual Network Across Availability Zones](#avd-4---deploy-domain-controllers-and-dns-servers-in-azure-virtual-network-across-availability-zones) | Availability | High | Verified | No |
 | [AVD-5 - Implement RDP Shortpath for Public or Managed Networks](#avd-5---implement-rdp-shortpath-for-public-or-managed-networks) | Networking | Medium | Verified | No |
 | [AVD-6 - Implement a Multi-Region BCDR Plan](#avd-6---implement-a-multi-region-bcdr-plan) | Disaster Recovery | Medium | Verified | No |

diff --git a/docs/content/services/specialized-workloads/azure-virtual-desktop/code/avd-1/avd-1.kql b/docs/content/services/specialized-workloads/azure-virtual-desktop/code/avd-1/avd-1.kql
@@ -1,6 +1 @@
-// Azure Resource Graph Query
-// Provides a list of Host Pools that do not have a Private endpoint associated with them.
-resources
-| where type == "microsoft.desktopvirtualization/hostpools"
-| where properties['privateEndpointConnections'][0]['properties']['provisioningState'] != "Succeeded"
-| project recommendationId = "avd-1", name, id, tags, param1="Private Endpoint: No Endpoint"
+// under-development
diff --git a/docs/content/services/specialized-workloads/azure-virtual-desktop/code/avd-2/avd-2.kql b/docs/content/services/specialized-workloads/azure-virtual-desktop/code/avd-2/avd-2.kql
@@ -1 +1 @@
-// cannot-be-validated-with-arg
+// under-development
diff --git a/docs/content/services/specialized-workloads/azure-vmware-solution/_index.md b/docs/content/services/specialized-workloads/azure-vmware-solution/_index.md
@@ -15,7 +15,7 @@ The presented resiliency recommendations in this guidance include Azure VMware S
 |  Recommendation                                   |      Category         |  Impact         |  State            | ARG Query Available |
 | :------------------------------------------------ | :---------------------------------------------------------------------: | :------:        | :------:          | :------:          |
 |[AVS-1 - Configure Azure Service Health notifications and alerts for Azure VMware Solution](#avs-1---configure-azure-service-health-notifications-and-alerts-for-azure-vmware-solution) | Monitoring | High | Verified | Yes |
-|[AVS-2 - Configure Syslog in Diagnostic Settings for Azure VMware Solution](#avs-2---configure-syslog-in-diagnostic-settings-for-azure-vmware-solution) | Monitoring | Medium | Verified | No |
+|[AVS-2 - Configure Syslog in Diagnostic Settings for Azure VMware Solution](#avs-2---configure-syslog-in-diagnostic-settings-for-azure-vmware-solution) | Monitoring | High | Verified | No |
 |[AVS-3 - Configure Azure Monitor Alert warning thresholds for vSAN datastore utilization](#avs-3---configure-azure-monitor-alert-warning-thresholds-for-vsan-datastore-utilization) | Monitoring | High | Verified | No |
 |[AVS-4 - Enable Stretched Clusters for Multi-AZ Availability of the vSAN Datastore](#avs-4---enable-stretched-clusters-for-multi-az-availability-of-the-vsan-datastore) | Availability | Low | Verified | Yes |
 |[AVS-5 - Monitor CPU Utilization to ensure sufficient resources for workloads](#avs-5---monitor-cpu-utilization-to-ensure-sufficient-resources-for-workloads) | Monitoring | Medium | Verified | Yes |
@@ -79,7 +79,7 @@ Azure Service Health is the mechanism used to inform customers of any service or
 
 **Category: Monitoring**
 
-**Impact: Medium**
+**Impact: High**
 
 **Recommendation/Guidance**