.

Azure · Dec 10, 2024 · 8e580b1 · 8e580b1
1 parent ef3d961
commit 8e580b1
Showing 1 changed file with 9 additions and 10 deletions.
diff --git a/eslzArm/subscriptionTemplates/avnmPolicy.json b/eslzArm/subscriptionTemplates/avnmPolicy.json
@@ -31,7 +31,7 @@
         {
             "type": "Microsoft.Authorization/policyDefinitions",
             "apiVersion": "2023-04-01",
-            "name": "AVNM-dynamic-group-membership",
+            "name": "[uniqueString(variables('networkGroupId'))]",
             "properties": {
                 "description": "AVNM dynamic group membership Policy",
                 "displayName": "AVNM dynamic group membership Policy",
@@ -60,15 +60,15 @@
         {
             "type": "Microsoft.Authorization/policyAssignments",
             "apiVersion": "2023-04-01",
-            "name": "Configure-AVNM-dynamic-group-membership",
+            "name": "[guid(concat(parameters('topLevelManagementGroupPrefix'), 'Configure-AVNM-dynamic-group-membership'))]",
             "properties": {
                 "description": "AVNM dynamic group membership Policy",
                 "displayName": "AVNM dynamic group membership Policy",
                 "enforcementMode": "Default",
-                "policyDefinitionId": "[managementGroupResourceId('Microsoft.Authorization/policyDefinitions', 'AVNM-dynamic-group-membership')]"
+                "policyDefinitionId": "[managementGroupResourceId('Microsoft.Authorization/policyDefinitions', uniqueString(variables('networkGroupId')))]"
             },
             "dependsOn": [
-                "[format('Microsoft.Authorization/policyDefinitions/{0}', 'AVNM-dynamic-group-membership')]"
+                "[format('Microsoft.Authorization/policyDefinitions/{0}', uniqueString(variables('networkGroupId')))]"
             ],
             "metadata": {
                 "description": "Assigns above policy for dynamic group membership"
@@ -77,18 +77,17 @@
         {
             "type": "Microsoft.Authorization/roleAssignments",
             "apiVersion": "2023-04-01",
-            "name": "[guid(concat(parameters('topLevelManagementGroupPrefix'), 'Configure-AVNM-dynamic-group-membership'))]",
+            "name": "[guid(concat(parameters('topLevelManagementGroupPrefix'), 'Configure-AVNM-role'))]",
             "dependsOn": [
-                "Configure-AVNM-dynamic-group-membership",
-                "[format('Microsoft.Authorization/policyDefinitions/{0}', 'AVNM-dynamic-group-membership')]"
+                "[format('Microsoft.Authorization/policyDefinitions/{0}', uniqueString(variables('networkGroupId')))]",
+                "[guid(concat(parameters('topLevelManagementGroupPrefix'), 'Configure-AVNM-dynamic-group-membership'))]"
             ],
             "properties": {
                 "principalType": "ServicePrincipal",
                 "roleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7",
-                "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', uniqueString(variables('networkGroupId'))), '2019-09-01', 'Full' ).identity.principalId)]"
+                "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', guid(concat(parameters('topLevelManagementGroupPrefix'), 'Configure-AVNM-dynamic-group-membership'))), '2019-09-01', 'Full' ).identity.principalId)]"
             }
-        }
-
+        } 
     ],
     "outputs": {}
 }