Azure · oZakari · Oct 5, 2023 · Oct 5, 2023 · Oct 5, 2023 · Oct 5, 2023
diff --git a/infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md b/infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md
@@ -26,6 +26,7 @@ parAzFirewallEnabled | No       | Switch to enable/disable Azure Firewall deploy
 parAzFirewallName | No       | Azure Firewall Name.
 parAzFirewallPoliciesName | No       | Azure Firewall Policies Name.
 parAzFirewallTier | No       | Azure Firewall Tier associated with the Firewall to deploy.
+parAzFirewallIntelMode | No       | The Azure Firewall Threat Intelligence Mode. If not set, the default value is Alert.
 parAzFirewallAvailabilityZones | No       | Availability Zones to deploy the Azure Firewall across. Region must support Availability Zones to use. If it does not then leave empty.
 parAzErGatewayAvailabilityZones | No       | Availability Zones to deploy the VPN/ER PIP across. Region must support Availability Zones to use. If it does not then leave empty. Ensure that you select a zonal SKU for the ER/VPN Gateway if using Availability Zones for the PIP.
 parAzVpnGatewayAvailabilityZones | No       | Availability Zones to deploy the VPN/ER PIP across. Region must support Availability Zones to use. If it does not then leave empty. Ensure that you select a zonal SKU for the ER/VPN Gateway if using Availability Zones for the PIP.
@@ -206,6 +207,16 @@ Azure Firewall Tier associated with the Firewall to deploy.
 
 - Allowed values: `Basic`, `Standard`, `Premium`
 
+### parAzFirewallIntelMode
+
+![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
+
+The Azure Firewall Threat Intelligence Mode. If not set, the default value is Alert.
+
+- Default value: `Alert`
+
+- Allowed values: `Alert`, `Deny`, `Off`
+
 ### parAzFirewallAvailabilityZones
 
 ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
@@ -451,6 +462,9 @@ outHubVirtualNetworkId | string |
         "parAzFirewallTier": {
             "value": "Standard"
         },
+        "parAzFirewallIntelMode": {
+            "value": "Alert"
+        },
         "parAzFirewallAvailabilityZones": {
             "value": []
         },

diff --git a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep
@@ -99,6 +99,14 @@ param parAzFirewallPoliciesName string = '${parCompanyPrefix}-azfwpolicy-${parLo
 ])
 param parAzFirewallTier string = 'Standard'
 
+@sys.description('The Azure Firewall Threat Intelligence Mode. If not set, the default value is Alert.')
+@allowed([
+  'Alert'
+  'Deny'
+  'Off'
+])
+param parAzFirewallIntelMode string = 'Alert'
+
 @allowed([
   '1'
   '2'
@@ -677,6 +685,7 @@ resource resFirewallPolicies 'Microsoft.Network/firewallPolicies@2023-02-01' = i
     sku: {
       tier: parAzFirewallTier
     }
+    threatIntelMode: 'Alert'
   } : {
     dnsSettings: {
       enableProxy: parAzFirewallDnsProxyEnabled
@@ -685,6 +694,7 @@ resource resFirewallPolicies 'Microsoft.Network/firewallPolicies@2023-02-01' = i
     sku: {
       tier: parAzFirewallTier
     }
+    threatIntelMode: parAzFirewallIntelMode
   }
 }
 

diff --git a/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.all.json b/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.all.json
@@ -87,6 +87,9 @@
     "parAzFirewallTier": {
       "value": "Standard"
     },
+    "parAzFirewallIntelMode": {
+      "value": "Alert"
+    },
     "parAzFirewallAvailabilityZones": {
       "value": []
     },

diff --git a/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.min.json b/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.min.json
@@ -54,6 +54,9 @@
     "parAzFirewallTier": {
       "value": "Standard"
     },
+    "parAzFirewallIntelMode": {
+      "value": "Alert"
+    },
     "parAzFirewallAvailabilityZones": {
       "value": []
     },

diff --git a/infra-as-code/bicep/modules/hubNetworking/parameters/mc-hubNetworking.parameters.all.json b/infra-as-code/bicep/modules/hubNetworking/parameters/mc-hubNetworking.parameters.all.json
@@ -87,6 +87,9 @@
     "parAzFirewallTier": {
       "value": "Standard"
     },
+    "parAzFirewallIntelMode": {
+      "value": "Alert"
+    },
     "parAzFirewallAvailabilityZones": {
       "value": []
     },

diff --git a/infra-as-code/bicep/modules/hubNetworking/parameters/mc-hubNetworking.parameters.min.json b/infra-as-code/bicep/modules/hubNetworking/parameters/mc-hubNetworking.parameters.min.json
@@ -57,6 +57,9 @@
     "parAzFirewallTier": {
       "value": "Standard"
     },
+    "parAzFirewallIntelMode": {
+      "value": "Alert"
+    },
     "parAzFirewallAvailabilityZones": {
       "value": []
     },

diff --git a/...-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md b/...-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md
@@ -9,6 +9,7 @@ Parameter name | Required | Description
 parLocation    | No       | Region in which the resource group was created.
 parCompanyPrefix | No       | Prefix value which will be prepended to all resource names.
 parAzFirewallTier | No       | Azure Firewall Tier associated with the Firewall to deploy.
+parAzFirewallIntelMode | No       | The Azure Firewall Threat Intelligence Mode. If not set, the default value is Alert.
 parVirtualHubEnabled | No       | Switch to enable/disable Virtual Hub deployment.
 parAzFirewallDnsProxyEnabled | No       | Switch to enable/disable Azure Firewall DNS Proxy.
 parAzFirewallDnsServers | No       | Array of custom DNS servers used by Azure Firewall
@@ -59,6 +60,16 @@ Azure Firewall Tier associated with the Firewall to deploy.
 
 - Allowed values: `Basic`, `Standard`, `Premium`
 
+### parAzFirewallIntelMode
+
+![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
+
+The Azure Firewall Threat Intelligence Mode. If not set, the default value is Alert.
+
+- Default value: `Alert`
+
+- Allowed values: `Alert`, `Deny`, `Off`
+
 ### parVirtualHubEnabled
 
 ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
@@ -278,6 +289,9 @@ outAzFwPrivateIps | array |
         "parAzFirewallTier": {
             "value": "Standard"
         },
+        "parAzFirewallIntelMode": {
+            "value": "Alert"
+        },
         "parVirtualHubEnabled": {
             "value": true
         },

diff --git a/...as-code/bicep/modules/vwanConnectivity/parameters/mc-vwanConnectivity.parameters.all.json b/...as-code/bicep/modules/vwanConnectivity/parameters/mc-vwanConnectivity.parameters.all.json
@@ -11,6 +11,9 @@
     "parAzFirewallTier": {
       "value": "Standard"
     },
+    "parAzFirewallIntelMode": {
+      "value": "Alert"
+    },
     "parVirtualHubEnabled": {
       "value": true
     },

diff --git a/...as-code/bicep/modules/vwanConnectivity/parameters/mc-vwanConnectivity.parameters.min.json b/...as-code/bicep/modules/vwanConnectivity/parameters/mc-vwanConnectivity.parameters.min.json
@@ -11,6 +11,9 @@
     "parAzFirewallTier": {
       "value": "Standard"
     },
+    "parAzFirewallIntelMode": {
+      "value": "Alert"
+    },
     "parVirtualHubEnabled": {
       "value": true
     },

diff --git a/infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.all.json b/infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.all.json
@@ -11,6 +11,9 @@
     "parAzFirewallTier": {
       "value": "Standard"
     },
+    "parAzFirewallIntelMode": {
+      "value": "Alert"
+    },
     "parVirtualHubEnabled": {
       "value": true
     },

diff --git a/infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.min.json b/infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.min.json
@@ -8,6 +8,9 @@
     "parAzFirewallTier": {
       "value": "Standard"
     },
+    "parAzFirewallIntelMode": {
+      "value": "Alert"
+    },
     "parVirtualHubEnabled": {
       "value": true
     },

diff --git a/infra-as-code/bicep/modules/vwanConnectivity/samples/baseline.sample.bicep b/infra-as-code/bicep/modules/vwanConnectivity/samples/baseline.sample.bicep
@@ -21,6 +21,7 @@ module minimum_vwan_conn '../vwanConnectivity.bicep' = {
   params: {
     parLocation: parLocation
     parAzFirewallTier: 'Standard'
+    parAzFirewallIntelMode: 'Alert'
     parVirtualHubEnabled: true
     parVirtualWanHubs: [ {
         parVpnGatewayEnabled: true

diff --git a/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep b/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep
@@ -15,6 +15,14 @@ param parCompanyPrefix string = 'alz'
 ])
 param parAzFirewallTier string = 'Standard'
 
+@sys.description('The Azure Firewall Threat Intelligence Mode. If not set, the default value is Alert.')
+@allowed([
+  'Alert'
+  'Deny'
+  'Off'
+])
+param parAzFirewallIntelMode string = 'Alert'
+
 @sys.description('Switch to enable/disable Virtual Hub deployment.')
 param parVirtualHubEnabled bool = true
 
@@ -296,6 +304,7 @@ resource resFirewallPolicies 'Microsoft.Network/firewallPolicies@2023-02-01' = i
     sku: {
       tier: parAzFirewallTier
     }
+    threatIntelMode: 'Alert'
   } : {
     dnsSettings: {
       enableProxy: parAzFirewallDnsProxyEnabled
@@ -304,6 +313,7 @@ resource resFirewallPolicies 'Microsoft.Network/firewallPolicies@2023-02-01' = i
     sku: {
       tier: parAzFirewallTier
     }
+    threatIntelMode: parAzFirewallIntelMode
   }
 }