Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AVNM #1803

Open
wants to merge 203 commits into
base: policy-refresh-q2fy25
Choose a base branch
from
Open

AVNM #1803

Changes from all commits
Commits
Show all changes
203 commits
Select commit Hold shift + click to select a range
1f707ad
Add checkbox for deploying Azure Virtual Network Manager
Springstone Oct 3, 2024
4d488e0
Update Azure Virtual Network Manager deployment checkbox label
Springstone Oct 3, 2024
913230a
Update Azure Virtual Network Manager deployment checkbox label and vi…
Springstone Oct 3, 2024
39eab3f
Update Azure Virtual Network Manager deployment checkbox label and vi…
Springstone Oct 4, 2024
d05e143
Update Azure Virtual Network Manager deployment to include VNet Conne…
Springstone Oct 4, 2024
4f2578f
.
Springstone Oct 4, 2024
3eb19c3
.
Springstone Oct 4, 2024
7758a7e
.
Springstone Oct 4, 2024
fc9e01a
.
Springstone Oct 4, 2024
d5ac3cd
.
Springstone Oct 4, 2024
f054bde
.
Springstone Oct 4, 2024
03335bd
.
Springstone Oct 7, 2024
d10fdbd
.
Springstone Oct 7, 2024
9d22509
.
Springstone Oct 7, 2024
589ea76
.
Springstone Oct 7, 2024
0e27b0b
.
Springstone Oct 7, 2024
38abcd6
.
Springstone Oct 7, 2024
34d5987
.
Springstone Oct 7, 2024
2144f00
.
Springstone Oct 7, 2024
bd77582
.
Springstone Oct 7, 2024
96fbf79
.
Springstone Oct 7, 2024
dc42eef
.
Springstone Oct 7, 2024
d7de66a
Refactor connectivitySubscriptionId format in avnmConfiguration.json
Springstone Oct 7, 2024
80f5e9e
Refactor connectivitySubscriptionId format in avnmConfiguration.json
Springstone Oct 7, 2024
9fae88d
.
Springstone Oct 8, 2024
9ebab5c
.
Springstone Oct 8, 2024
07f88b2
.
Springstone Oct 8, 2024
151767c
.
Springstone Oct 8, 2024
326446a
.
Springstone Oct 8, 2024
6d0802d
.
Springstone Oct 8, 2024
a1cc2c5
.
Springstone Oct 9, 2024
c98b4b2
Breaking changes
Springstone Oct 14, 2024
e9935eb
Merge branch 'main' of https://github.com/Azure/Enterprise-Scale into…
Springstone Oct 14, 2024
22809ed
.
Springstone Oct 14, 2024
6f73943
.
Springstone Oct 14, 2024
14f5b0f
.
Springstone Oct 14, 2024
dae3cc1
.
Springstone Oct 14, 2024
c015958
.
Springstone Oct 14, 2024
326a53a
.
Springstone Oct 14, 2024
2845314
.
Springstone Oct 14, 2024
60175db
.
Springstone Oct 15, 2024
6688a88
.
Springstone Oct 15, 2024
7d4f9b0
.
Springstone Oct 15, 2024
a143271
.
Springstone Oct 15, 2024
9063b81
.
Springstone Oct 15, 2024
9dc501c
.
Springstone Oct 15, 2024
235349f
Dropping apiVersion
Springstone Oct 15, 2024
c035262
.
Springstone Oct 15, 2024
7495803
.
Springstone Oct 16, 2024
7928989
.
Springstone Oct 16, 2024
fc72d1b
.
Springstone Oct 16, 2024
934df7f
.
Springstone Oct 16, 2024
cff9ccd
.
Springstone Oct 16, 2024
ff854a4
.
Springstone Oct 16, 2024
9f88db3
.
Springstone Oct 17, 2024
c68c1d5
.
Springstone Oct 17, 2024
a762b52
. NOT WORKING
Springstone Oct 17, 2024
acfb38c
Stripping all UAI bits
Springstone Oct 17, 2024
daff2f3
.
Springstone Oct 17, 2024
a7ba767
.
Springstone Nov 5, 2024
bb02449
.
Springstone Nov 13, 2024
b402ffe
.
Springstone Nov 13, 2024
143240e
Oops
Springstone Nov 13, 2024
70eb937
.
Springstone Nov 13, 2024
29b6a78
.
Springstone Nov 14, 2024
e0cd962
.
Springstone Nov 14, 2024
1622f8e
.
Springstone Nov 14, 2024
3f48096
Fix to rule name in AVNM
Springstone Nov 14, 2024
6db5db5
.
Springstone Nov 14, 2024
ec047c3
Increasing sleep
Springstone Nov 14, 2024
a155d77
Deleting unneeded files
Springstone Nov 14, 2024
3fa87c2
Nesting AVNM resources
Springstone Nov 14, 2024
5c94d68
Updating API versions for AVNM
Springstone Nov 14, 2024
12777d1
Refactor AVNM configuration: remove unused policy, update dependencie…
Springstone Nov 14, 2024
d18c59b
Enhance AVNM configuration: add memberType for network groups and str…
Springstone Nov 15, 2024
93c0c1f
Changing to subscription scope AVNM deployment
Springstone Nov 15, 2024
9f59349
Remove obsolete avnmConfiguration1.json and update reference to avnmC…
Springstone Nov 15, 2024
39541bf
Add managementGroupScope parameter to AVNM configuration
Springstone Nov 15, 2024
bf22332
Remove unused ds-prereqs.ps1 script, clean up deployPrerequisites.jso…
Springstone Nov 15, 2024
05d3531
Another cleanup
Springstone Nov 15, 2024
e9651cf
Delaying the MG RP registration
Springstone Nov 15, 2024
478b468
AMBA deployment dependency on wait (prereqs)
Springstone Nov 15, 2024
7f3de4f
Eish 30 minutes
Springstone Nov 15, 2024
f68ce5f
Merge branch 'policy-refresh-q2fy25' of https://github.com/Azure/Ente…
Springstone Nov 18, 2024
ccdffbd
Doc updates
Springstone Nov 18, 2024
2722f2c
Adding additional default rules
Springstone Nov 18, 2024
8f9842a
.
Springstone Nov 18, 2024
5745ec8
.
Springstone Nov 18, 2024
91366ed
Fix typos and improve descriptions in deployPrerequisites.json
Springstone Nov 21, 2024
f4359bb
.
Springstone Nov 21, 2024
414002b
Add connectivitySubscriptionId parameter to ARM templates
Springstone Nov 21, 2024
b601769
.
Springstone Nov 21, 2024
556252c
.
Springstone Nov 22, 2024
b48cb44
Rename deployment identity and update references in deployPrerequisit…
Springstone Nov 22, 2024
056a370
.
Springstone Nov 22, 2024
eaf0d04
.
Springstone Nov 22, 2024
c1cf9e6
.
Springstone Nov 25, 2024
e65668e
.
Springstone Nov 25, 2024
bfdc344
.
Springstone Nov 25, 2024
6456612
.
Springstone Nov 25, 2024
f41cc3c
.
Springstone Nov 25, 2024
f909d3d
.
Springstone Nov 25, 2024
b66a425
.
Springstone Nov 25, 2024
ff6c2c3
.
Springstone Nov 25, 2024
e6ec5af
.
Springstone Nov 25, 2024
7a26f64
.
Springstone Nov 26, 2024
a6af993
.
Springstone Nov 26, 2024
fbbfb7e
.
Springstone Nov 26, 2024
867f693
.
Springstone Nov 26, 2024
9a862c1
.
Springstone Nov 26, 2024
8baee6f
.
Springstone Nov 26, 2024
8d3d949
.
Springstone Nov 26, 2024
72c0422
.
Springstone Nov 26, 2024
ee9e3b4
.
Springstone Nov 26, 2024
393fb73
.
Springstone Nov 26, 2024
1af27a6
.
Springstone Nov 26, 2024
9630af8
.
Springstone Nov 26, 2024
7aaf59b
.
Springstone Nov 26, 2024
f5319dd
.
Springstone Nov 26, 2024
fe5b429
.
Springstone Nov 26, 2024
d430268
.
Springstone Nov 26, 2024
be802bb
.
Springstone Nov 27, 2024
5fb09f4
temp
Springstone Nov 27, 2024
b5ba9f5
.
Springstone Nov 27, 2024
09f2a9f
.
Springstone Nov 27, 2024
d4d4747
.
Springstone Nov 27, 2024
b340fac
.
Springstone Nov 27, 2024
28f7595
.
Springstone Nov 27, 2024
e286875
.
Springstone Nov 27, 2024
140b38e
.
Springstone Nov 27, 2024
27de017
.
Springstone Nov 27, 2024
6faf58c
.
Springstone Nov 29, 2024
1141eb3
Merge branch 'policy-refresh-q2fy25' into AVNM
Springstone Nov 29, 2024
b6f8118
.
Springstone Nov 29, 2024
732837b
Registering resource providers
Springstone Dec 6, 2024
23188fb
.
Springstone Dec 6, 2024
9201629
.
Springstone Dec 6, 2024
3f36e8a
.
Springstone Dec 6, 2024
48f6112
.
Springstone Dec 8, 2024
eae349d
.
Springstone Dec 8, 2024
c6e89e0
.
Springstone Dec 8, 2024
007be8a
.
Springstone Dec 8, 2024
9a8bbc1
.
Springstone Dec 8, 2024
2f5f016
.
Springstone Dec 8, 2024
f77ecff
.
Springstone Dec 9, 2024
060b25d
.
Springstone Dec 9, 2024
33f0dae
.
Springstone Dec 9, 2024
c49661c
.
Springstone Dec 9, 2024
b81f3f1
.
Springstone Dec 9, 2024
899c1e7
.
Springstone Dec 9, 2024
b6986ca
.
Springstone Dec 9, 2024
6237af3
.
Springstone Dec 9, 2024
e3a4d71
.
Springstone Dec 9, 2024
5b3de38
.
Springstone Dec 9, 2024
e6f522c
.
Springstone Dec 9, 2024
fad8646
.
Springstone Dec 9, 2024
5fa3ad2
.
Springstone Dec 9, 2024
17b9d21
.
Springstone Dec 9, 2024
9e7aeee
.
Springstone Dec 9, 2024
8ca5dfa
.
Springstone Dec 9, 2024
1fc7bad
.
Springstone Dec 9, 2024
b38b5b5
.
Springstone Dec 9, 2024
617cd6e
.
Springstone Dec 9, 2024
a65e24c
.
Springstone Dec 9, 2024
5c9c058
.
Springstone Dec 9, 2024
d1f66da
.
Springstone Dec 9, 2024
876bfb4
.
Springstone Dec 9, 2024
20b8bba
.
Springstone Dec 9, 2024
8ad18ad
.
Springstone Dec 9, 2024
edd19bc
.
Springstone Dec 9, 2024
9ed7f9d
.
Springstone Dec 9, 2024
752d2d2
.
Springstone Dec 9, 2024
b5f7d6e
.
Springstone Dec 9, 2024
e2b7ef7
.
Springstone Dec 9, 2024
f7a4cc1
.
Springstone Dec 9, 2024
288a2e0
.
Springstone Dec 9, 2024
76d2a07
.
Springstone Dec 9, 2024
69c3a30
.
Springstone Dec 9, 2024
0a09810
hacked to pieces
Springstone Dec 9, 2024
157d91a
.
Springstone Dec 9, 2024
3e65358
test
Springstone Dec 9, 2024
5bd9cd9
.
Springstone Dec 10, 2024
a5828a1
.
Springstone Dec 10, 2024
238e3f5
.
Springstone Dec 10, 2024
ef3d961
.
Springstone Dec 10, 2024
8e580b1
.
Springstone Dec 10, 2024
e7f4f63
Fix?
Springstone Dec 11, 2024
27c8a27
.
Springstone Dec 11, 2024
82ea37a
.
Springstone Dec 11, 2024
6a54480
.
Springstone Dec 11, 2024
f3d38f4
.
Springstone Dec 11, 2024
1044a14
.
Springstone Dec 11, 2024
d689b93
.
Springstone Dec 11, 2024
4a67b2b
.
Springstone Dec 11, 2024
9e06d9c
Before Cleanup
Springstone Dec 11, 2024
007d8e0
.
Springstone Dec 11, 2024
221dfa0
.
Springstone Dec 11, 2024
22f91bc
.
Springstone Dec 11, 2024
df3ed28
.
Springstone Dec 11, 2024
c480e78
.
Springstone Dec 11, 2024
99d1a4b
Update Whats-new.md with AVNM deployment script details and ARM perfo…
Springstone Dec 13, 2024
0f3de4a
Cleanup and removing AVNM locations
Springstone Dec 13, 2024
a2e6e21
.
Springstone Dec 13, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions docs/wiki/Whats-new.md
Original file line number Diff line number Diff line change
@@ -52,6 +52,10 @@ Here's what's changed in Enterprise Scale/Azure Landing Zones:

### 🔃 Policy Refresh Q2 FY25

- [PREVIEW] Added ability to deploy Virtual Network Manager through the portal accelerator with support for Security Admin feature, including default rules blocking high-risk ports [read more](https://learn.microsoft.com/en-us/azure/virtual-network-manager/concept-security-admins).
- [Important] To support the configuration of AVNM, we've had to included a deployment script to configure the Microsoft.Network resource provider on the intermediate root management group. This deployment script and required User-Assigned Managed Identity are created in a resource group in the Management subscription. Please remove the user assigned identity in the resource group hosting the AVNM instance.
- [Important] Due to performance improvements of ARM, we've also had to change the "wait" process in the portal accelerator (waiting for Management Groups to be registered so we can do policy assignments). We are now using the same deployment script with a "Start-Sleep" PowerShell command which is far more reliable. In the management subscription, you will find a resource group `rg-alz-prereqs` that you should remove (with contents) as the identity has Contributor rights on the Intermediate Management Group.
- [Important] A deployment script and User-Assigned Managed Identity is needed in the `rg-alz-avnm` resource group in the Connectivity subscription to register the Security Admin configuration with selected deployment regions. You should delete this identity after deployment.
- *Policy Versioning Support* - all initiatives and assignments have been pinned to the current major version of built-in policies or initiatives deployed by ALZ. This ensures that all ALZ deployments will successfully deploy using the currently validated versions of ALZ built-in policies and initiatives. As these get updated the team will validate changes and impact before incrementing the recommended version.
- Fixed a Portal Accelerator bug that results in failed deployment when choosing not to deploy policies to the Identity management group.
- Updated the display name of the many `Effect` parameters to clearly identify the policy it applies to in the initiative [Enforce recommended guardrails for Azure Key Vault](https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Enforce-Guardrails-KeyVault.html).
8 changes: 8 additions & 0 deletions eslzArm/eslz-portal.json
Original file line number Diff line number Diff line change
@@ -1438,6 +1438,13 @@
},
"visible": true
},
{
"name": "deployAVNM",
"type": "Microsoft.Common.CheckBox",
"label": "Deploy Azure Virtual Network Manager - PREVIEW",
"toolTip": "If selected, Azure Virtual Network Manager will be deployed to manage your virtual networks. Currently, ALZ will only enable Security Admin Rules role by default",
"visible": "[or(equals(steps('connectivity').enableHub, 'vhub'), equals(steps('connectivity').enableHub, 'nva'))]"
},
{
"name": "esNwNVANote",
"type": "Microsoft.Common.InfoBox",
@@ -9499,6 +9506,7 @@
"erRegionalOrAz": "[steps('connectivity').erRegionalOrAz]",
"expressRouteScaleUnit": "[steps('connectivity').expressRouteScaleUnit]",
"enableHub": "[steps('connectivity').enableHub]",
"deployAVNM": "[steps('connectivity').deployAVNM]",
"enableAzFw": "[steps('connectivity').enableAzFw]",
"enableAzFwDnsProxy": "[if(equals(steps('connectivity').firewallSku, 'Basic'), 'No', steps('connectivity').enableAzFwDnsProxy)]",
"firewallSku": "[steps('connectivity').firewallSku]",
Loading