* Update policies.json
fixes deny subnet without nsg & udr policies when used in ARM deployment: https://github.com/Azure/Enterprise-Scale/issues/407
* policy fixes, version updates, arm escaping and formatting
* update mooncake
* update Fairfax
* Update NSG & UDR in policy table
* update whats new
* update udr policy description
* update udr policy description
* updated descriptions
* updated descriptions
* updated descriptions and version no.
Co-authored-by: Jack Tracey <41163455+jtracey93@users.noreply.github.com>
Co-authored-by: Matt White <matt.white@microsoft.com>
* removed MS Defender for Cloud built-in policies not available in Mooncake
* ms defender
* updated DIY instructions to deploying ESLZ to Mooncake
* updated whats new
* reworded explanation as to why the policy def/set def deployment may fail and need to rerun
Co-authored-by: Kristian Nese <kristiannese@live.com>
* Replaced 'Deploy-Default-Udr' policy with 'Deploy-Custom-Route-Table'
* Added "deploy-policy-driven-routing.md"
* Fixed typos in "deploy-policy-driven-routing.md"
* fixed typos in "deploy-policy-driven-routing-md"
* Added link to AdventureWorks reference implementation
* Added documentation for parameter "disableBgpPropagation"
* Fixed typos
* Fixed typos
* Updated Wiki
* Added link to new doc for policy "Deploy a route table with specific user defined routes"
* Fta/deployment guide (#818)
* fix community call nav item (#817)
* new deployment guide prototype and navigation tree
* Updating articles structure and navigation
* Create Deploying-Enterprise-Scale-Contoso.md
* Update Deploying-Enterprise-Scale-Contoso.md
* Update Deploying-Enterprise-Scale-Contoso.md
* temporary backup
* TR docs updated. Ready for first internal review cycle
* Updates as per FTA review
* updated trey research related info in readme.md
updated trey research related information
* Update Deploying-Enterprise-Scale-BasicSetup.md
* Updates to VWAN scenario
* Minor updates to hub and spoke guidance
* Create deploying-enterprise-scale-foundation.md
* Update and rename deploying-enterprise-scale-foundation.md to Deploying-Enterprise-Scale-Foundation.md
* Update Deploying-Enterprise-Scale-Foundation.md
* Updates to Foundation scenario
* Updates to reflect Wingtip architecture
* updated Trey Research RI description title as per comments in PR #11
* updated deployment guide as per comments in PR #10
* Align formating across RIs
Co-authored-by: Jack Tracey <41163455+jtracey93@users.noreply.github.com>
Co-authored-by: victorar <victorar@microsoft.com>
Co-authored-by: mbilalamjad <79409563+mbilalamjad@users.noreply.github.com>
Co-authored-by: MICHAEL FRANK <michael.frank@outlook.com>
* Updates to Whats new section
Co-authored-by: Juan Carlos Zamora <jzamora@microsoft.com>
Co-authored-by: Jack Tracey <41163455+jtracey93@users.noreply.github.com>
Co-authored-by: mbilalamjad <79409563+mbilalamjad@users.noreply.github.com>
Co-authored-by: MICHAEL FRANK <michael.frank@outlook.com>
Co-authored-by: Johan Dahlbom <johan@dahlbom.eu>
* changes/updates to FAQ to align with planned CAF FAQ
* minor name update
* remove old faq
* changes from KN review
* Update docs/wiki/FAQ.md
Co-authored-by: Johan Dahlbom <johan@dahlbom.eu>
* DA review changes
Co-authored-by: Johan Dahlbom <johan@dahlbom.eu>
* Added Stream Analytics Custom Policies
* update to be consistent with eslz
* synch with azure main
* Added reference to Enterprise-Scale Analytics
* updated whats new
* Update workloads/data/README.md
Co-authored-by: Jack Tracey <41163455+jtracey93@users.noreply.github.com>
Co-authored-by: Jack Tracey <41163455+jtracey93@users.noreply.github.com>
* Added Stream Analytics Custom Policies
* update to be consistent with eslz
* synch with azure main
* Added AML Policy to Disable Public Network Access
* added whats new
* Fix naming for lzsManagementGroup variable
Fix value for sqlEncryptionPolicyAssignment variable
* Update name and description
* Replace invalid whitespace character
* Revert Policy Assignment names
* updates for 613
* update policy histroy comment
* first run of adding built in
* fix table
* further updates
* updates
* add eslz policies note
* add azops 1.3.0
* how to deploy ref implementations updates
* updates to steps required
* updates to AdvWorks
* Minor updates to Contoso RI
* Updates to Wingtip RI
* identity sub updates
* Update portal-es-lite.json
UI Changes (UI definition to declarative extension)
* Update portal-es-lite.json
UI changes
* Update README.md
"Deploy to Azure" URI update to UIformDefinition
* UI changes
* Create portal-es-lite.json
* Update README.md
update the Deploy to Azure button reference to the new UI file 'es-portal'
Co-authored-by: Kristian Nese <kristiannese@live.com>
* Update portal-es-lite.json
Added the new azure policies, enabled DDos option, vpn gateway zonal and regional skus.
* updated the new policies, ddos, email contact for ASC
Added new parameters and policies inline with Adventureworks RI.
* Update portal-es-lite.json
ASC email contact correction
* Update portal-es-lite.json
* updates to connectivity sub ddos, az firewall and other policies
* Update lz.json
updates to the Ddos
* Update policies.json
update to the policies referencing the other implementations.
* Updates to Policies
referencing the other RIs
* Update diagnosticsAndSecurity.json
updates to azure policies definition.
* Update diagnosticsAndSecurity.json
correction to the policies definition
* Update portal-es-lite.json
Updates to pricing page for DDoS and visible condition for Security Contact emails
* Update diagnosticsAndSecurity.json
inserted parameters referencing to policy rules
* Update diagnosticsAndSecurity.json
* Update diagnosticsAndSecurity.json
* Adding subscriptionSecurityConfig file
And reference the config in the diagnostic and security
* Update diagnosticsAndSecurity.json
corrected the log analytics workspace name variable
* Update diagnosticsAndSecurity.json
* azfw zones variable updates
fixing the Az fw zone deployment, and ASC for Azure SQL.
* Update portal-es-lite.json
disabled the aks specific policies
* removed the PaaS public endpoint deny policy
* updated Readme with the new changes
* Update portal-es-lite.json
* updates sqlonVM policy
* Update diagnosticsAndSecurity.json
Correction to the policy error in online and Corp subscription
* Update portal-es-lite.json
* Update portal-es-lite.json
* Update portal-es-lite.json
Added Deny public endpoint policy for PaaS service
* Update README.md
Added information about ASC (pricing tier details)
* Update Policies.json
Updates from wingtip reference
* Defender documentation
Co-authored-by: Hansjoerg Scherer <hjscherer@users.noreply.github.com>
* H&S pt.1
* H&S pt.2
* complete H7S networking docs update
* changes based on feedback
* add line
* further updates
* proposed updates hub and spoke
Your updates looks great! Here are my proposed updates to the hub and spoke section.
Co-authored-by: uday31in <14359777+uday31in@users.noreply.github.com>
Co-authored-by: victorar <victorar@microsoft.com>
* adding policy index
* updating index
* added index for initiatives and built-in assingmen
* Update ESLZ-Policies.md
correcting minor typos
* Update ESLZ-Policies.md
Co-authored-by: Johan Dahlbom <johan@dahlbom.eu>
Added the command to login using az login #might prompt the user using webbrowser.
Added the command to login using az login -username -password
No need to ask the end-user who they are logged into as. To avoid human error, we just call the user who is logged in.
Co-authored-by: Hansjoerg Scherer <hjscherer@users.noreply.github.com>
* Modify Deploy-VNET-HubSpoke to configure DNS server IP.
* Updated Deploys-vnet-peer-to-hub policy
* Supports the situation when no DNS server ips are provided to policy Deploy-VNET-HubSpoke.
Co-authored-by: Kristian Nese <kristiannese@live.com>
The policy name and the parameter file name are seemed incorrect in the Assign the diagnostics policy using GitHub actions section. Different with current name in the repository.
Co-authored-by: Hansjoerg Scherer <hjscherer@users.noreply.github.com>
Clarified how to use AzureAD Module and added some error handling.
Didn't understand the "Replace-Me" for the ServicePrincipal, because by default it is AZOps, unless the end-user changes this. Allow the end-user to change or keep it default.
#verify if AzureAD module is installed and running a minimum version, if not install with the latest version.
#sign in to Azure from Powershell, this will redirect you to a web browser for authentication, if required
#If ServicePrincipal is not AZOps or end-user name, then break the code.
Co-authored-by: uday31in <14359777+uday31in@users.noreply.github.com>
Co-authored-by: Kristian Nese <kristiannese@live.com>
* first draft
* second draft
* png
* Updates to WingTip RI deployment instructions
Updates to WingTip RI deployment instructions
Co-authored-by: victorar <victorar@microsoft.com>
Removed the subscription section - as this is not required to create a role assignment.
Based on how the user logs in to Connect-AzAccount will define who the $user is, thus no need for manual typing to get the Id.
* Update README.md
Fixed typo - WigTips -> WingTipes
* Update README.md
Co-authored-by: Kristian Nese <kristiannese@live.com>
Co-authored-by: Kristian Nese <kristian.nese@microsoft.com>
* Reformatted with process state images
* First pass on changes done
* typo
* Incorporated feedback from PR and added 8th step
* Added next steps section
* Scoped role assignment
* Clarified the use of root scope with ref implementations
* final PR review changes
Co-authored-by: Gordon Byers <gobyers@microsoft.com>
Co-authored-by: Hansjoerg Scherer <hjscherer@users.noreply.github.com>
* UI changes to be validated
* fixed connectivity UI: subscription and vpngw type
* added deployment of ASC using built-in policy
* fixed deployment resource api version on es-lite.json
* ASC is always visible no matter a LA workspace is not deployed
* fixed connectivity subscription parameter and landing zone management groups
* fixed asc deployment order
* fixed asc deployment dependencies
* fixed connectivitysub parameter
* fixed asc deployment name
* fixed connectivity subscription parameter
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Add files via upload
* Update README.md
* Delete TR Enterprise-scale architecture.jpg
* Add files via upload
* Update README.md
* Create test
* Update README.md
* Create test.md
* Delete TR-ES-architecture.png
* Add files via upload
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Add files via upload
* Delete ES-TR-architecture.png
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* refactoring code to include custom policies
* added new version of the README file for Trey Research
* Add files via upload
* Code built out. Ready for inner testing
* fixed user interface and lz deployment call
* fixed lz ui
* fixed lz mg parameter
* fixed lz mg parameter
* fixed lz mg parameter
* fixed lz subscription id parameter
* fixed platformSubscriptionId input parameter collection from the UI
* fixed deployment of diagnostics and security template
* converged with ESLZ codebase
* testing fix for empty platformMgs in Management Groups template
* testing fix for empty platformMgs in Management Groups template
* fix es-lite to properly call diag template
* fix es-lite to properly call diag template
* fix es-lite to properly call diag template
* fix es-lite to properly call diag template
* refactored mgmtGroups templated
* fixed UI: LZ policies input parameters not being read
* fixed UI: LZ policies input parameters not being read
* fixed UI: LZ policies input parameters not being read
* fixed UI: Connectivity Subscription is not required if connectivity is not required
* fixed UI: Connectivity Subscription is not required if connectivity is not required
* fixed UI: Connectivity Subscription is not required if connectivity is not required
* fixed UI: Connectivity Subscription is not required if connectivity is not required
* fixed deployment of LZ template
* cleaning up Trey Reasearch folders
* moved VM Monitoring and Arc policies to the Landing Zone template
* fixed targetManagementGroup input parameter in es-lite.json
* deleted copy of policies template
* rolled back changes to adventureworks
* Add files via upload
* Update README.md
* Delete TR-ES.png
* minor typos
* Add files via upload
* Add files via upload
* Add files via upload
* Delete 20210113-TR01.png
* Add files via upload
* Update README.md
* fixed comments from PR #394
* New Visio file
* Update Visio image link
* aligned readme with other RI and update Trey Research design visuals
* aligned readme with other RI and update Trey Research design visuals
* aligned readme with other RI and update Trey Research design visuals
* fixed review comments from PR #394
Co-authored-by: anbengts <andersbe@microsoft.com>
Co-authored-by: Fletcher Kelly <fletcher_kelly@outlook.com>
Co-authored-by: Fletcher Kelly <flkelly@microsoft.com>
Co-authored-by: rjfmachado <rjfmachado@users.noreply.github.com>
Co-authored-by: anbengts <12196484+anbengts@users.noreply.github.com>
Co-authored-by: Kristian Nese <kristiannese@live.com>
* provided link for configuring azure permissions.
* removed the backslash to allow navigation
* content fixes
* spelling correction
* corrected url for some broken links
* added a new article on azure policies in eslz
* removed the specific azure policy names and made them generic
* removed the tables.
* removed the public ip services table
Co-authored-by: uday31in <14359777+uday31in@users.noreply.github.com>
Co-authored-by: Kristian Nese <kristiannese@live.com>
Co-authored-by: Hansjoerg Scherer <hjscherer@users.noreply.github.com>
* EA account permission for spn
* Update naviagation and BYOT guide
* Update naviagation and BYOT
Co-authored-by: Kristian Nese <kristiannese@live.com>
* subscription examples
* correcting parameter
* adding more text
* updating known issues and removing sub create gap
* correcting relative path + removing old examples
* adding policy sample
* major update
* correcting duplicate param in advw
* consistent condition across all RIs for ASC
* correcting parameter
* modifying the dependency graph
* provided link for configuring azure permissions.
* removed the backslash to allow navigation
* content fixes
* spelling correction
* corrected url for some broken links
Co-authored-by: uday31in <14359777+uday31in@users.noreply.github.com>
Co-authored-by: Kristian Nese <kristiannese@live.com>
* provided link for configuring azure permissions.
* removed the backslash to allow navigation
* content fixes
Co-authored-by: uday31in <14359777+uday31in@users.noreply.github.com>
Co-authored-by: Hansjoerg Scherer <hjscherer@users.noreply.github.com>
Co-authored-by: Lyon Till <158992+ljtill@users.noreply.github.com>
Co-authored-by: Kristian Nese <kristiannese@live.com>
* provided link for configuring azure permissions.
* removed the backslash to allow navigation
Co-authored-by: uday31in <14359777+uday31in@users.noreply.github.com>
advanced user probably don't think about it, but as i was going through documentation I found reference only to powershell modules Az.Resource and Az.Accounts. No details how to sign in/authenticate/select subscription. I think it should be referenced in some pages.
Added info about following commandlets Connect-AzAccount, Get-AzSubscription, Select-AzSubscription
* AZURE_CREDENTIALS JSON Output
example should look like below instead of the PowerShell format in the current document.
{
"clientId": "xxxx-xxxx-xxxx-xxxx-xxxxx",
"displayName": "es-xxxx",
"name": "http://es-xxxx",
"clientSecret": "xxxxxx-xxxx-xxxx-xxxx-xxxxxx",
"tenantId": "xxxxxx-xxxx-xxxx-xxxx-xxxxxx",
"subscriptionId": "xxxxxx-xxxx-xxxx-xxxx-xxxxxx"
}
* Update setup-git-cicd.md
* Update setup-git-cicd.md
Jack Tracey
iflach
Paul Johnston
withstu
Chris King
Fai Lai
Jan Faurskov
Federico Guerrini
Kevin Rowlandson
Aman Tur
Jesper Fajers
victorar
Kristian Nese
Marvin Buss
Johan Dahlbom
JefferyMitchell
Hansjoerg Scherer
Balazs Vizi
synapp
Arunraj Selvaraj
Jose Moreno
Jonathan Moons
Simona Tarantola
Mike Boswell
sblair01
Zach
Jonas
Steve Burkett
Lyon Till
Sahana Prabhakar
Takeshi Katano
uday31in
Eric Jadi
Gordon Byers
Juan Carlos Zamora
Rob
Mahesh Kshirsagar
Kyle Burns
Stefan Stranger
Jonjin86
skiddder
Lars Åkerlund
Openslava
Friedrich Weinmann
martindz
Marco Weber
YRollHid
aschabus
Russell Bradford
Paul Grimley
Emmanuel Auffray
Nirmal Thewarathanthri
Edward Douse
Stuart Eggerton