* Update policies.json
fixes deny subnet without nsg & udr policies when used in ARM deployment: https://github.com/Azure/Enterprise-Scale/issues/407
* policy fixes, version updates, arm escaping and formatting
* update mooncake
* update Fairfax
* Update NSG & UDR in policy table
* update whats new
* update udr policy description
* update udr policy description
* updated descriptions
* updated descriptions
* updated descriptions and version no.
Co-authored-by: Jack Tracey <41163455+jtracey93@users.noreply.github.com>
Co-authored-by: Matt White <matt.white@microsoft.com>
* removed MS Defender for Cloud built-in policies not available in Mooncake
* ms defender
* updated DIY instructions to deploying ESLZ to Mooncake
* updated whats new
* reworded explanation as to why the policy def/set def deployment may fail and need to rerun
Co-authored-by: Kristian Nese <kristiannese@live.com>
* MS Defender update
* dependency graph
* Naming update
* Naming update for China
* Update eslzArm.json
Adding condition for environment()
* priv DNS condition for public vs gov
* Update README.md
wrong parameter in the section to Assign Azure Policy to enforce VM Backup on VMs on the landing zones management group.
* Update README.md
Differentiate between Az Vm Backup policy assignment for identity management group, and landing zone management group in the DIY guidance
Co-authored-by: Kristian Nese <kristian.nese@microsoft.com>
Co-authored-by: Kristian Nese <kristiannese@live.com>
* reverted missing built-in policies to custom policies
* modified deployment templates so that it works in Azure China regions
* lighter implementation for mooncake deployment
* remove mooncake policy definition and a misedit in DINE-PrivateDNSZonesPolicySetDefinition.json
Co-authored-by: Fai Lai <hoongfai@microsoft.com>
Co-authored-by: Kristian Nese <kristiannese@live.com>
* Added Stream Analytics Custom Policies
* update to be consistent with eslz
* synch with azure main
* Added AML Policy to Disable Public Network Access
* added whats new
* Adding databrics policy def to ESLZ
* removing dupe
* adding ux element for databricks in lz
* pivot to consolidated data policy json
* adding optional policyAssignments for data
* Wiring up the ARM template for data policies
* correcting parameter to nested deployment
* updated description
* fixing typo
* updated casing
* Added Stream Analytics Custom Policies
* update to be consistent with eslz
* synch with azure main
* Simplify Visibility Condition
* updated checks for other locations
* Added Stream Analytics Custom Policies
* update to be consistent with eslz
* synch with azure main
* Updated Validation of CIDR
* updated regex to capture missing subnet mask
* Updated AZ fw subnet mask checks
If you do not have authorization to perform action 'Microsoft.Resources/deployments/validate/action', the script deployment error appear.
So follow the link to configure Azure permissions for ARM tenant deployments.
* corrected -subscriptionId parameter for online connected landing zone subscription to $OnlineLandingZoneSubscriptionId
* updated comment line as well to online management group
* split-1
* split-2
* split-3
* split-4
* fix azfw vwan
* update params
* update nested template references
* revert eslzArm to current in main
* revert hubspoke-connectivity to main
* revert nvahubspoke-connectivity to main
* revert vwan-connectivity to main apart from address space default value
* remvoe whitespace
* fix for addressSpace DRY'er
Co-authored-by: Kristian Nese <kristiannese@live.com>
* Fix naming for lzsManagementGroup variable
Fix value for sqlEncryptionPolicyAssignment variable
* Update name and description
* Replace invalid whitespace character
* Revert Policy Assignment names
* adding modules
* defined contract
* update #3
* added enforcementMode param
* adding param
* UX and contract changes
* conditional firewall for hub vs vwan
* support for single vs N platform subs
* updated UX for single vs dedicated platform subscriptions
* updating built-in policy
* correcting parameter
* navigating policies for identity
* adding vwan and nva for networking
* removing peering
* adding scaleUnit for vpnGateway and ER for vwan
* fixing parameter
* adding disclaimer for sub selection
* adding private dns zones and moving to built-in policies
* adding policySet for DINE Private DNS Zones
* Added policyset for public paas
* removed custom references
* Update Deny-PublicEndpointsPolicySetDefinition.json
* policy updates
* adding policies and UX enhancements
* removing option for private dns zones when vwan is selected
* adding UX for vnet peering of dedicated ID sub
* adding peering for identity sub
* adding vnet peering for corp lz
* corp lz move and peering
* sequencing corp lz move vs peering
* updated description and displayName
* updating rg location for nw
* adding condition for AzFw as DNS proxy vs not
* adding peering support for identity to vwan hub
* updating displayName
Co-authored-by: Johan Dahlbom <johan@dahlbom.eu>
Jack Tracey
Johan Dahlbom
withstu
Kristian Nese
Fai Lai
Kevin Rowlandson
Federico Guerrini
Chris King
Simona Tarantola
Osterberg
Marvin Buss
Hansjoerg Scherer
huqianghui