Enable Azure Firewall Intrusion Detection policy by default

[glennmusa]

Benefit/Result/Outcome

To get closer to SCCA compliance, the Azure Firewall Premium SKU has Intrusion Detection that we can turn on by default.

Description

Update the firewall policy resource to turn on Intrusion Detection defaulted to Alert:

missionlz/src/bicep/modules/firewall.bicep

Lines 24 to 34 in 9a3529b

	resource firewallPolicy 'Microsoft.Network/firewallPolicies@2021-02-01' = {
	name: firewallPolicyName
	location: location
	tags: tags
	properties: {
	threatIntelMode: threatIntelMode
	sku: {
	tier: skuTier
	}
	}
	}

This can be enabled by defining a firewallPolicyIntrusionDetection property on the Azure Firewall Policy resource:

https://docs.microsoft.com/en-us/azure/templates/microsoft.network/firewallpolicies?tabs=bicep#firewallpolicyintrusiondetection

Here's a reference implementation (that has collections defined for signatureOverrides and bypassTrafficSettings that I presume we can leave empty for now):

https://github.com/Azure/azure-quickstart-templates/blob/c4e7342e0046ea4fe120749514b54f37daf05dce/quickstarts/microsoft.network/azurefirewall-premium/azuredeploy.json#L333-L361

Acceptance Criteria

• Azure Firewall Intrusion Detection is turned on by default and set to Alert
• Need more detail before committing to this: what are the correct settings for FirewallPolicyIntrusionDetectionConfiguration

[glennmusa]

@shawngib has a working implementation to just turn it on, but we need more detail before committing to this:

For MLZ, what are the correct settings for FirewallPolicyIntrusionDetectionConfiguration?

[shawngib]

Just wanted to add that there is also currently a bug in the FFX portal preventing users from manually doing this in the portal. So currently only option is set at deployment or script afterwards.