{
 "$schema": "https://schema.management.azure.com/schemas/2019-08-01/subscriptionDeploymentTemplate.json#",
 "contentVersion": "1.0.0.0",
 "parameters": {
  "mspOfferName": {
   "type": "string",
   "metadata": {
    "description": "Specify a unique name for your offer"
   },
   "defaultValue": "Red Canary: Microsoft Defender for Cloud integration"
  },
  "mspOfferDescription": {
   "type": "string",
   "metadata": {
    "description": "Name of the Managed Service Provider offering"
   },
   "defaultValue": "Grant permissions to Red Canary to access Defender for Cloud"
  }
 },
 "variables": {
  "mspRegistrationName": "[guid(parameters('mspOfferName'))]",
  "mspAssignmentName": "[guid(parameters('mspOfferName'))]",
  "managedByTenantId": "5b80c45f-0eea-460a-885a-04feba9e8cd7",
  "authorizations": [
   {
    "principalId": "fcc41873-ae50-468c-869c-db5cbb675836",
    "roleDefinitionId": "39bc4728-0917-49c7-9d2c-d95423bc2eb4",
    "principalIdDisplayName": "app-okta-azure-prod-customer-sentinel-readonly"
   },
   {
    "principalId": "fcc41873-ae50-468c-869c-db5cbb675836",
    "roleDefinitionId": "fb1c8493-542b-48eb-b624-b4c8fea62acd",
    "principalIdDisplayName": "app-okta-azure-prod-customer-sentinel-readonly"
   },
   {
    "principalId": "fcc41873-ae50-468c-869c-db5cbb675836",
    "roleDefinitionId": "91c1777a-f3dc-4fae-b103-61d183457e46",
    "principalIdDisplayName": "app-okta-azure-prod-customer-sentinel-readonly"
   }
  ]
 },
 "resources": [
  {
   "type": "Microsoft.ManagedServices/registrationDefinitions",
   "apiVersion": "2020-02-01-preview",
   "name": "[variables('mspRegistrationName')]",
   "properties": {
    "registrationDefinitionName": "[parameters('mspOfferName')]",
    "description": "[parameters('mspOfferDescription')]",
    "managedByTenantId": "[variables('managedByTenantId')]",
    "authorizations": "[variables('authorizations')]"
   }
  },
  {
   "type": "Microsoft.ManagedServices/registrationAssignments",
   "apiVersion": "2020-02-01-preview",
   "name": "[variables('mspAssignmentName')]",
   "dependsOn": [
    "[resourceId('Microsoft.ManagedServices/registrationDefinitions/', variables('mspRegistrationName'))]"
   ],
   "properties": {
    "registrationDefinitionId": "[resourceId('Microsoft.ManagedServices/registrationDefinitions/', variables('mspRegistrationName'))]"
   }
  }
 ],
 "outputs": {
  "mspOfferName": {
   "type": "string",
   "value": "[concat('Managed by', ' ', parameters('mspOfferName'))]"
  },
  "authorizations": {
   "type": "array",
   "value": "[variables('authorizations')]"
  }
 }
}