Automate Resource Deployment for TIC 3.0 Compliance – Log Reporting

Posted by

This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Community Hub.


The purpose of this article is to show how you can automate the process of deploying the resources to setup log reporting to the CISA TALON, which is part of the TIC 3.0 Compliance requirements.  There are many published resources on TIC 3.0 Compliance, which will be listed below, but this particular article will be focused on automating the deployment of the resources needed to setup the required log reporting to the CISA TALON.



Working level knowledge of Azure Event Hub, Entra, and Azure automated deployments.


Deployment Steps

This solution utilizes Azure PowerShell, Azure CLI, and Azure Bicep to deploy the required resources to setup the log reporting to the CISA TALON.  The code described is published on GitHub HERE


Here is a list of the actions taken by the code as described:


  • Setup Deployment Environment (PowerShell, Bicep, CLI, etc)
  • Logging of Activities/Errors
  • Validate Resource Group
  • Validate/Create Entra Service Principal
  • Validate/Upload Certificate to Entra Service Principal
  • Execute Bicep Deployment
  • Validate/Create Azure Event Hub
  • Validate/Create Azure Event Hub Namespace
  • Create Required RBAC Role Assignment


Executing the Code

NotePowershell modules Az.Accounts & Az.Resources, Az CLI, and Bicep must be installed with current version prior to executing the script. The script assumes all files are stored in the same directory.


You will need to launch the PowerShell script ".ps1" to execute the build.  The PowerShell script will do some validation, some creation, and then it will call the Bicep template to complete the build.  When launching the PowerShell script, be sure to read the help section at the top of the script or by using the "Get-Help TIC3-Talon-Build-Launcher.ps1" command.  When launching the PowerShell script, you must set your appropriate values in the "Param" section of the PowerShell script OR specify them as command-line arguments.  As documented in the PowerShell help in the script, the input parameters are as follows:



.PARAMETER AADAppName This parameter is for the Azure AD Application Name. The name must be unique. Default value is "My-Talon-Test-App". .PARAMETER AADTenatID This parameter is for the Azure AD Tenant ID where the app will be installed. .PARAMETER CertPath This parameter is for the path to the certificate to install in the AAD App. Cert must be ".cer" format. .PARAMETER EvtHubName This parameter is for the Event Hub name. .PARAMETER RGName This parameter is for the Resource Group name. .PARAMETER Bicep This parameter is for the path to the Bicep Template. .PARAMETER AzureEnvironment This parameter is for the Azure Environment. Default is AzureCloud (Commercial). For Azure USGov, use AzureUSGovernment. .PARAMETER AzureSubID This parameter is for the Azure Subscription ID. .PARAMETER OutputFile This parameter is for the output log for this script. The default value is "./CDS-Log-Forwarding-CSSP.log".



An example of a command-line launch of the script would be:



.EXAMPLE .\TIC3-Talon-Build-Launcher.ps1 -AADAppName "My-Talon-Test-App" -AzureSubID "My-Subscription-ID" -AADTenantID "My-AAD-Tenant-ID"



Once the code execution is complete, you should validate the build by reviewing the output log from the script and by checking your Azure resources to see if they are present as expected.


Note:  This code was created based on instructions to configure log reporting for TIC 3.0 compliance.  If there are any changes to this process, they may not be reflected in this code as this code was created based on a specific version of the configuration.



Implement TIC 3.0 compliance - Azure Architecture Center | Microsoft Learn

Trusted Internet Connections guidance - Azure Government | Microsoft Learn

Monitor Zero Trust (TIC 3.0) security architectures with Microsoft Sentinel | Microsoft Learn

Federal-App-Innovation-Community/topics/infrastructure at main · microsoft/Federal-App-Innovation-Community (


Special Thanks to @Laura Hutchcroft  for the assist.


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.