upd json, mofs, scripts to support scale dplymnts

stig/linux/createUiDefinition.json

@@ -367,7 +367,7 @@
                             "addressPrefixSize": "/16"
                         },
                         "constraints": {
-                            "minAddressPrefixSize": "/16"
+                            "minAddressPrefixSize": "/29"
                         },
                         "options": {
                             "hideExisting": false
@@ -380,9 +380,9 @@
                                     "addressPrefixSize": "/24"
                                 },
                                 "constraints": {
-                                    "minAddressPrefixSize": "/24",
-                                    "minAddressCount": 12,
-                                    "requireContiguousAddresses": true
+                                    "minAddressPrefixSize": "/29",
+                                    "minAddressCount": 6,
+                                    "requireContiguousAddresses": false
                                 }
                             }
                         },

stig/linux/mainTemplate.json

@@ -648,7 +648,7 @@
             "properties": {
                 "publisher": "Microsoft.EnterpriseCloud.Monitoring",
                 "type": "OmsAgentForLinux",
-                "typeHandlerVersion": "1.13",
+                "typeHandlerVersion": "1.12",
                 "autoUpgradeMinorVersion": true,
                 "settings": {
                     "workspaceId": "[if(equals(parameters('logAnalyticsWorkspaceId'), ''), json('null'), reference(parameters('logAnalyticsWorkspaceId'),'2015-03-20').customerId)]"

stig/linux/mof/localhost.mof

@@ -1,37 +1,47 @@
-/*
-@TargetNode='localhost'
-@GeneratedBy=Microsoft
-@GenerationDate=02/11/2021 13:43:35
-@GenerationHost=Microsoft
-*/
-
-instance of MSFT_nxScriptResource as $MSFT_nxScriptResource1ref
-{
-ResourceID = "[nxScript]EmptyDsc";
- GetScript = "#!/bin/bash\necho emptyGet";
- TestScript = "#!/bin/bash\nexit 0";
- SourceInfo = "C:\\dev\\project-chairlift\\linux-dsc\\build-linux-config.ps1::99::9::nxScript";
- SetScript = "#!/bin/bash\necho emptySet";
- ModuleName = "nx";
- ModuleVersion = "1.0";
- ConfigurationName = "LinuxBaseLine";
-};
-instance of OMI_ConfigurationDocument
-
-                    {
- Version="2.0.0";
- 
-                        MinimumCompatibleVersion = "1.0.0";
- 
-                        CompatibleVersionAdditionalProperties= {"Omi_BaseResource:ConfigurationName"};
- 
-                        Author="Microsoft";
- 
-                        GenerationDate="02/11/2021 13:43:35";
- 
-                        GenerationHost="Microsoft";
- 
-                        Name="LinuxBaseLine";
-
-                    };
-
+/*
+@TargetNode='localhost'
+@GeneratedBy=Microsoft
+@GenerationDate=06/03/2021 13:17:08
+@GenerationHost=Microsoft
+*/
+
+instance of MSFT_nxScriptResource as $MSFT_nxScriptResource1ref
+{
+ResourceID = "[nxScript]EmptyDsc";
+ GetScript = "#!/bin/bash\necho emptyGet";
+ TestScript = "#!/bin/bash\nexit 0";
+ SourceInfo = "C:\\dev\\linux\\build-linux-config.ps1::105::9::nxScript";
+ SetScript = "#!/bin/bash\necho emptySet";
+ ModuleName = "nx";
+ ModuleVersion = "1.0";
+
+ ConfigurationName = "LinuxBaseLine";
+
+};
+instance of OMI_ConfigurationDocument
+
+
+                    {
+ Version="2.0.0";
+
+
+                        MinimumCompatibleVersion = "1.0.0";
+
+
+                        CompatibleVersionAdditionalProperties= {"Omi_BaseResource:ConfigurationName"};
+
+
+                        Author="Microsoft";
+
+
+                        GenerationDate="06/03/2021 13:17:08";
+
+
+                        GenerationHost="Microsoft";
+
+
+                        Name="LinuxBaseLine";
+
+
+                    };
+

stig/tools/kick-start-scaled-deployment.ps1

@@ -50,9 +50,9 @@ param
     [string]
     $ContainerName = 'artifacts',
 
-    [Parameter(Mandatory = $true)]
+    [Parameter(Mandatory = $false)]
     [string]
-    $Environment,
+    $Environment = 'AzureUSGovernment',
 
     [Parameter(Mandatory = $true)]
     [ValidateScript({Test-Path -Path $_})]

stig/tools/scale-deployment.ps1

@@ -98,6 +98,9 @@
     .PARAMETER EnableHybridBenefitServerLicense
         Enable Azure Hybrid Benefit to use your on-premises Windows Server licenses and reduce cost.
 
+    .PARAMETER EnableMultisessionClientLicense
+        Windows10 Enterprise Multisession
+
     .PARAMETER AutoInstallDependencies
         Boolean value to indicate an online or offline environment.
 
@@ -298,6 +301,10 @@ Param
     [switch]
     $EnableHybridBenefitServerLicense,
 
+    [Parameter(Mandatory = $false, ParameterSetName = 'Default')]
+    [switch]
+    $EnableMultisessionClientLicense,
+
     [Parameter(Mandatory = $false, ParameterSetName = 'Default')]
     [switch]
     $AutoInstallDependencies,
@@ -430,6 +437,7 @@ if ($PSCmdlet.ParameterSetName -eq 'Default')
         {
             [void] $newAzResourceGroupDeploymentParams.Remove('AutoInstallDependencies')
             [void] $newAzResourceGroupDeploymentParams.Remove('EnableHybridBenefitServerLicense')
+            [void] $newAzResourceGroupDeploymentParams.Remove('EnableMultisessionClientLicense')
         }
 
         $jobInfo = New-AzResourceGroupDeployment @newAzResourceGroupDeploymentParams

stig/windows/InstallModules.ps1

@@ -1,9 +1,20 @@
 Param(
-    [string] 
+    [string]
     [Parameter(Mandatory = $false)]
     $autoInstallDependencies = $false
 )
 
+$osVersion = (Get-WmiObject Win32_OperatingSystem).Caption
+
+if ($osVersion -Match "Windows 10")
+{
+    winrm quickconfig -quiet
+
+    # winrm settings require NIC to be not Public
+    $networkName = (Get-NetConnectionProfile)[0].Name
+    Set-NetConnectionProfile -Name $networkName -NetworkCategory Private
+}
+
 if ($autoInstallDependencies -eq $true) {
     . "$PSScriptRoot\RequiredModules.ps1"
 

stig/windows/RequiredModules.ps1

@@ -14,6 +14,6 @@ function Get-RequiredModules {
         @{ModuleName = 'WindowsDefenderDsc'; ModuleVersion = '2.1.0' },
         @{ModuleName = 'xDnsServer'; ModuleVersion = '1.16.0.0' },
         @{ModuleName = 'xWebAdministration'; ModuleVersion = '3.2.0' },
-        @{ModuleName = 'PowerSTIG'; ModuleVersion = '4.8.0' }
+        @{ModuleName = 'PowerSTIG'; ModuleVersion = '4.9.0' }
     )
 }

stig/windows/createUiDefinition.json

@@ -125,7 +125,11 @@
                                 },
                                 {
                                     "value": "19h2-ent",
-                                    "label": "Windows-10"
+                                    "label": "Windows-10-Enterprise"
+                                },
+                                {
+                                    "value": "19h2-evd",
+                                    "label": "Windows-10-Enterprise-Multisession"
                                 }
                             ],
                             "required": true
@@ -203,6 +207,16 @@
                         },
                         "visible": "[or(equals(steps('instance').osVersion, '2019-Datacenter'), equals(steps('instance').osVersion, '2016-Datacenter'))]",
                         "toolTip": "If you own Windows licenses with active Software Assurance (SA) or have an active Windows Server subscription, use Azure Hybrid Benefit to save compute cost."
+                    },
+                    {
+                        "name": "enableMultisession",
+                        "type": "Microsoft.Common.CheckBox",
+                        "label": "I confirm I have an eligible Windows 10 license with multi-tenant hosting rights.",
+                        "constraints": {
+                            "required": false
+                        },
+                        "visible": "[equals(steps('instance').osVersion, '19h2-evd')]" ,
+                        "toolTip": "Review multi-tenant hosting rights for Windows 10 compliance."
                     }
                 ]
             },
@@ -323,7 +337,7 @@
                             "addressPrefixSize": "/16"
                         },
                         "constraints": {
-                            "minAddressPrefixSize": "/16"
+                            "minAddressPrefixSize": "/29"
                         },
                         "options": {
                             "hideExisting": false
@@ -336,9 +350,9 @@
                                     "addressPrefixSize": "/24"
                                 },
                                 "constraints": {
-                                    "minAddressPrefixSize": "/24",
-                                    "minAddressCount": 12,
-                                    "requireContiguousAddresses": true
+                                    "minAddressPrefixSize": "/29",
+                                    "minAddressCount": 6,
+                                    "requireContiguousAddresses": false
                                 }
                             }
                         },
@@ -415,6 +429,7 @@
             "adminUsername": "[steps('instance').adminUsername]",
             "adminPassword": "[steps('instance').adminCredentials.password]",
             "enableHybridBenefitServerLicense": "[steps('instance').enableHybridBenefit]",
+            "enableMultisessionClientLicense": "[steps('instance').enableMultisession]",
             "osDiskStorageType": "[steps('disk').osDiskStorageType]",
             "osDiskEncryptionSetResourceId": "[steps('disk').osDiskEncryptionSet.id]",
             "vmVirtualNetwork": "[steps('networking').vmVirtualNetwork.name]",

stig/windows/mainTemplate.json

@@ -42,7 +42,8 @@
             "allowedValues": [
                 "2019-Datacenter",
                 "2016-Datacenter",
-                "19h2-ent"
+                "19h2-ent",
+                "19h2-evd"
             ],
             "metadata": {
                 "description": "The Windows version for the VM. This will pick a fully patched image of this given Windows version."
@@ -207,6 +208,13 @@
             "metadata": {
                 "description": "(Optional) Enable Azure Hybrid Benefit to use your on-premises Windows Server licenses and reduce cost. See https://docs.microsoft.com/en-us/azure/virtual-machines/windows/hybrid-use-benefit-licensing for more information."
             }
+        },
+        "enableMultisessionClientLicense": {
+            "type": "bool",
+            "defaultValue": false,
+            "metadata": {
+                "description": "Windows10 Enterprise Multisession"
+            }
         }
     },
     "variables": {
@@ -264,6 +272,14 @@
                     "sku": "19h2-ent",
                     "version": "latest"
                 }
+            },
+            "19h2-evd": {
+                "reference": {
+                    "publisher": "MicrosoftWindowsDesktop",
+                    "offer": "Windows-10",
+                    "sku": "19h2-evd",
+                    "version": "latest"
+                }
             }
         }
     },
@@ -419,7 +435,7 @@
                         "storageUri": "[if(not(equals(parameters('diagnosticStorageResourceId'), '')), reference(parameters('diagnosticStorageResourceId'), variables('storageApiVersion')).primaryEndpoints.blob, json('null'))]"
                     }
                 },
-                "licenseType": "[if(equals(parameters('enableHybridBenefitServerLicense'), true()), 'Windows_Server', json('null'))]"
+                "licenseType": "[if(equals(parameters('enableHybridBenefitServerLicense'), true()), 'Windows_Server', if(equals(parameters('enableMultisessionClientLicense'), true()), 'Windows_Client', json('null')))]"
             },
             "resources": [
             ]