diff --git a/workload/arm/deploy-baseline.json b/workload/arm/deploy-baseline.json
index d430d1457..8218bfdd3 100644
--- a/workload/arm/deploy-baseline.json
+++ b/workload/arm/deploy-baseline.json
@@ -5,7 +5,7 @@
"_generator": {
"name": "bicep",
"version": "0.23.1.45101",
- "templateHash": "6617389939059997782"
+ "templateHash": "1436168266025388543"
},
"name": "AVD Accelerator - Baseline Deployment",
"description": "AVD Accelerator - Deployment Baseline"
@@ -86,8 +86,8 @@
"defaultValue": "ADDS",
"allowedValues": [
"ADDS",
- "AADDS",
- "AAD"
+ "EntraDS",
+ "EntraID"
],
"metadata": {
"description": "Required, The service providing domain services for Azure Virtual Desktop. (Default: ADDS)"
@@ -1489,7 +1489,7 @@
"varStorageToDomainScriptUri": "[format('{0}scripts/Manual-DSC-Storage-Scripts.ps1', variables('varBaseScriptUri'))]",
"varStorageToDomainScript": "./Manual-DSC-Storage-Scripts.ps1",
"varOuStgPath": "[if(not(empty(parameters('storageOuPath'))), format('\"{0}\"', parameters('storageOuPath')), format('\"{0}\"', variables('varDefaultStorageOuPath')))]",
- "varDefaultStorageOuPath": "[if(equals(parameters('avdIdentityServiceProvider'), 'AADDS'), 'AADDC Computers', 'Computers')]",
+ "varDefaultStorageOuPath": "[if(equals(parameters('avdIdentityServiceProvider'), 'EntraDS'), 'AADDC Computers', 'Computers')]",
"varStorageCustomOuPath": "[if(not(empty(parameters('storageOuPath'))), 'true', 'false')]",
"varAllDnsServers": "[format('{0},168.63.129.16', parameters('customDnsIps'))]",
"varDnsServers": "[if(empty(parameters('customDnsIps')), createArray(), split(variables('varAllDnsServers'), ','))]",
@@ -11871,7 +11871,7 @@
"_generator": {
"name": "bicep",
"version": "0.23.1.45101",
- "templateHash": "7326746777556089250"
+ "templateHash": "4804750058584801750"
}
},
"parameters": {
@@ -12072,7 +12072,7 @@
"applicationGroupType": "[if(equals(parameters('preferredAppGroupType'), 'Desktop'), 'Desktop', 'RemoteApp')]"
}
],
- "varHostPoolRdpPropertiesDomainServiceCheck": "[if(equals(parameters('identityServiceProvider'), 'AAD'), format('{0};targetisaadjoined:i:1;enablerdsaadauth:i:1', parameters('hostPoolRdpProperties')), parameters('hostPoolRdpProperties'))]",
+ "varHostPoolRdpPropertiesDomainServiceCheck": "[if(equals(parameters('identityServiceProvider'), 'EntraID'), format('{0};targetisaadjoined:i:1;enablerdsaadauth:i:1', parameters('hostPoolRdpProperties')), parameters('hostPoolRdpProperties'))]",
"varRAppApplicationGroupsStandardApps": "[if(equals(parameters('preferredAppGroupType'), 'RailApplications'), createArray(createObject('name', 'Task Manager', 'description', 'Task Manager', 'friendlyName', 'Task Manager', 'showInPortal', true(), 'filePath', 'C:\\Windows\\system32\\taskmgr.exe'), createObject('name', 'WordPad', 'description', 'WordPad', 'friendlyName', 'WordPad', 'showInPortal', true(), 'filePath', 'C:\\Program Files\\Windows NT\\Accessories\\wordpad.exe'), createObject('name', 'Microsoft Edge', 'description', 'Microsoft Edge', 'friendlyName', 'Edge', 'showInPortal', true(), 'filePath', 'C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe'), createObject('name', 'Remote Desktop Connection', 'description', 'Remote Desktop Connection', 'friendlyName', 'Remote Desktop', 'showInPortal', true(), 'filePath', 'C:\\WINDOWS\\system32\\mtsc.exe')), createArray())]",
"varRAppApplicationGroupsOfficeApps": "[if(equals(parameters('preferredAppGroupType'), 'RailApplications'), createArray(createObject('name', 'Microsoft Excel', 'description', 'Microsoft Excel', 'friendlyName', 'Excel', 'showInPortal', true(), 'filePath', 'C:\\Program Files\\Microsoft Office\\root\\Office16\\EXCEL.EXE'), createObject('name', 'Microsoft PowerPoint', 'description', 'Microsoft PowerPoint', 'friendlyName', 'PowerPoint', 'showInPortal', true(), 'filePath', 'C:\\Program Files\\Microsoft Office\\root\\Office16\\POWERPNT.EXE'), createObject('name', 'Microsoft Word', 'description', 'Microsoft Word', 'friendlyName', 'Outlook', 'showInPortal', true(), 'filePath', 'C:\\Program Files\\Microsoft Office\\root\\Office16\\WINWORD.EXE'), createObject('name', 'Microsoft Outlook', 'description', 'Microsoft Word', 'friendlyName', 'Word', 'showInPortal', true(), 'filePath', 'C:\\Program Files\\Microsoft Office\\root\\Office16\\OUTLOOK.EXE')), createArray())]",
"varRAppApplicationGroupsApps": "[if(equals(parameters('preferredAppGroupType'), 'RailApplications'), if(contains(parameters('osImage'), 'office'), union(variables('varRAppApplicationGroupsStandardApps'), variables('varRAppApplicationGroupsOfficeApps')), variables('varRAppApplicationGroupsStandardApps')), createArray())]",
@@ -14345,7 +14345,7 @@
"_generator": {
"name": "bicep",
"version": "0.23.1.45101",
- "templateHash": "12068153438455870485"
+ "templateHash": "17207869172967484978"
}
},
"parameters": {
@@ -17118,7 +17118,7 @@
"name": "aadIdentityLoginRoleAssign",
"count": "[length(parameters('securityPrincipalIds'))]"
},
- "condition": "[and(equals(parameters('identityServiceProvider'), 'AAD'), not(empty(parameters('securityPrincipalIds'))))]",
+ "condition": "[and(equals(parameters('identityServiceProvider'), 'EntraID'), not(empty(parameters('securityPrincipalIds'))))]",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2022-09-01",
"name": "[format('VM-Login-Comp-{0}-{1}', take(format('{0}', parameters('securityPrincipalIds')[copyIndex()]), 6), parameters('time'))]",
@@ -17698,7 +17698,7 @@
"name": "aadIdentityLoginAccessServiceObjects",
"count": "[length(parameters('securityPrincipalIds'))]"
},
- "condition": "[and(equals(parameters('identityServiceProvider'), 'AAD'), not(empty(parameters('securityPrincipalIds'))))]",
+ "condition": "[and(equals(parameters('identityServiceProvider'), 'EntraID'), not(empty(parameters('securityPrincipalIds'))))]",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2022-09-01",
"name": "[format('VM-Login-Serv-{0}-{1}', take(format('{0}', parameters('securityPrincipalIds')[copyIndex()]), 6), parameters('time'))]",
@@ -24794,7 +24794,7 @@
"privateEndpoints": "[if(parameters('deployPrivateEndpointKeyvaultStorage'), createObject('value', createArray(createObject('name', variables('varWrklKvPrivateEndpointName'), 'subnetResourceId', if(parameters('createAvdVnet'), format('{0}/subnets/{1}', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Networking-{0}', parameters('time'))), '2022-09-01').outputs.virtualNetworkResourceId.value, variables('varVnetPrivateEndpointSubnetName')), parameters('existingVnetPrivateEndpointSubnetResourceId')), 'customNetworkInterfaceName', format('nic-01-{0}', variables('varWrklKvPrivateEndpointName')), 'service', 'vault', 'privateDnsZoneGroup', createObject('privateDNSResourceIds', createArray(if(parameters('createPrivateDnsZones'), reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Networking-{0}', parameters('time'))), '2022-09-01').outputs.KeyVaultDnsZoneResourceId.value, parameters('avdVnetPrivateDnsZoneKeyvaultId'))))))), createObject('value', createArray()))]",
"secrets": {
"value": {
- "secureList": "[if(not(equals(parameters('avdIdentityServiceProvider'), 'AAD')), createArray(createObject('name', 'vmLocalUserPassword', 'value', parameters('avdVmLocalUserPassword'), 'contentType', 'Session host local user credentials'), createObject('name', 'vmLocalUserName', 'value', parameters('avdVmLocalUserName'), 'contentType', 'Session host local user credentials'), createObject('name', 'domainJoinUserName', 'value', parameters('avdDomainJoinUserName'), 'contentType', 'Domain join credentials'), createObject('name', 'domainJoinUserPassword', 'value', parameters('avdDomainJoinUserPassword'), 'contentType', 'Domain join credentials')), createArray(createObject('name', 'vmLocalUserPassword', 'value', parameters('avdVmLocalUserPassword'), 'contentType', 'Session host local user credentials'), createObject('name', 'vmLocalUserName', 'value', parameters('avdVmLocalUserName'), 'contentType', 'Session host local user credentials'), createObject('name', 'domainJoinUserName', 'value', 'NoUsername', 'contentType', 'Domain join credentials'), createObject('name', 'domainJoinUserPassword', 'value', 'NoPassword', 'contentType', 'Domain join credentials')))]"
+ "secureList": "[if(not(equals(parameters('avdIdentityServiceProvider'), 'EntraID')), createArray(createObject('name', 'vmLocalUserPassword', 'value', parameters('avdVmLocalUserPassword'), 'contentType', 'Session host local user credentials'), createObject('name', 'vmLocalUserName', 'value', parameters('avdVmLocalUserName'), 'contentType', 'Session host local user credentials'), createObject('name', 'domainJoinUserName', 'value', parameters('avdDomainJoinUserName'), 'contentType', 'Domain join credentials'), createObject('name', 'domainJoinUserPassword', 'value', parameters('avdDomainJoinUserPassword'), 'contentType', 'Domain join credentials')), createArray(createObject('name', 'vmLocalUserPassword', 'value', parameters('avdVmLocalUserPassword'), 'contentType', 'Session host local user credentials'), createObject('name', 'vmLocalUserName', 'value', parameters('avdVmLocalUserName'), 'contentType', 'Session host local user credentials'), createObject('name', 'domainJoinUserName', 'value', 'NoUsername', 'contentType', 'Domain join credentials'), createObject('name', 'domainJoinUserPassword', 'value', 'NoPassword', 'contentType', 'Domain join credentials')))]"
}
},
"tags": "[if(parameters('createResourceTags'), createObject('value', union(variables('varCustomResourceTags'), variables('varAvdDefaultTags'), variables('varWorkloadKeyvaultTag'))), createObject('value', union(variables('varAvdDefaultTags'), variables('varWorkloadKeyvaultTag'))))]"
@@ -26824,7 +26824,7 @@
"_generator": {
"name": "bicep",
"version": "0.23.1.45101",
- "templateHash": "16306650625703107232"
+ "templateHash": "15817715667928545822"
}
},
"parameters": {
@@ -27079,7 +27079,7 @@
},
"extensionDomainJoinConfig": {
"value": {
- "enabled": "[if(equals(parameters('identityServiceProvider'), 'AAD'), false(), true())]",
+ "enabled": "[if(equals(parameters('identityServiceProvider'), 'EntraID'), false(), true())]",
"settings": {
"name": "[parameters('identityDomainName')]",
"ouPath": "[if(not(empty(parameters('ouPath'))), parameters('ouPath'), null())]",
@@ -27091,7 +27091,7 @@
},
"extensionAadJoinConfig": {
"value": {
- "enabled": "[if(equals(parameters('identityServiceProvider'), 'AAD'), true(), false())]"
+ "enabled": "[if(equals(parameters('identityServiceProvider'), 'EntraID'), true(), false())]"
}
},
"tags": {
@@ -27105,7 +27105,7 @@
"_generator": {
"name": "bicep",
"version": "0.23.1.45101",
- "templateHash": "3205620537307637582"
+ "templateHash": "15426531948771861029"
}
},
"parameters": {
@@ -27439,7 +27439,7 @@
"enabled": false
},
"metadata": {
- "description": "Optional. The configuration for the [AAD Join] extension. Must at least contain the [\"enabled\": true] property to be executed."
+ "description": "Optional. The configuration for the [EntraID Join] extension. Must at least contain the [\"enabled\": true] property to be executed."
}
},
"extensionAntiMalwareConfig": {
@@ -31435,7 +31435,7 @@
"_generator": {
"name": "bicep",
"version": "0.23.1.45101",
- "templateHash": "13591692348976261694"
+ "templateHash": "2146358988195070063"
}
},
"parameters": {
@@ -31636,9 +31636,9 @@
"Transaction"
],
"varWrklStoragePrivateEndpointName": "[format('pe-{0}-file', parameters('storageAccountName'))]",
- "varDirectoryServiceOptions": "[if(equals(parameters('identityServiceProvider'), 'AADDS'), 'AADDS', if(equals(parameters('identityServiceProvider'), 'AAD'), 'AADKERB', 'None'))]",
+ "varDirectoryServiceOptions": "[if(equals(parameters('identityServiceProvider'), 'EntraDS'), 'EntraDS', if(equals(parameters('identityServiceProvider'), 'EntraID'), 'AADKERB', 'None'))]",
"varSecurityPrincipalName": "[if(not(empty(parameters('securityPrincipalName'))), parameters('securityPrincipalName'), 'none')]",
- "varAdminUserName": "[if(equals(parameters('identityServiceProvider'), 'AAD'), parameters('vmLocalUserName'), parameters('domainJoinUserName'))]",
+ "varAdminUserName": "[if(equals(parameters('identityServiceProvider'), 'EntraID'), parameters('vmLocalUserName'), parameters('domainJoinUserName'))]",
"varStorageToDomainScriptArgs": "[format('-DscPath {0} -StorageAccountName {1} -StorageAccountRG {2} -StoragePurpose {3} -DomainName {4} -IdentityServiceProvider {5} -AzureCloudEnvironment {6} -SubscriptionId {7} -AdminUserName {8} -CustomOuPath {9} -OUName {10} -ShareName {11} -ClientId {12} -SecurityPrincipalName \"{13}\" -StorageAccountFqdn {14} ', parameters('dscAgentPackageLocation'), parameters('storageAccountName'), parameters('storageObjectsRgName'), parameters('storagePurpose'), parameters('identityDomainName'), parameters('identityServiceProvider'), variables('varAzureCloudName'), parameters('workloadSubsId'), variables('varAdminUserName'), parameters('storageCustomOuPath'), parameters('ouStgPath'), parameters('fileShareName'), parameters('managedIdentityClientId'), variables('varSecurityPrincipalName'), parameters('storageAccountFqdn'))]"
},
"resources": [
@@ -31672,7 +31672,7 @@
"azureFilesIdentityBasedAuthentication": {
"value": {
"directoryServiceOptions": "[variables('varDirectoryServiceOptions')]",
- "activeDirectoryProperties": "[if(equals(parameters('identityServiceProvider'), 'AAD'), createObject('domainGuid', parameters('identityDomainGuid'), 'domainName', parameters('identityDomainName')), createObject())]"
+ "activeDirectoryProperties": "[if(equals(parameters('identityServiceProvider'), 'EntraID'), createObject('domainGuid', parameters('identityDomainGuid'), 'domainName', parameters('identityDomainName')), createObject())]"
}
},
"accessTier": {
@@ -31708,7 +31708,7 @@
"_generator": {
"name": "bicep",
"version": "0.23.1.45101",
- "templateHash": "14398504551168498076"
+ "templateHash": "4472154948223917662"
}
},
"parameters": {
@@ -31854,7 +31854,7 @@
"type": "bool",
"defaultValue": true,
"metadata": {
- "description": "Optional. Allow or disallow cross AAD tenant object replication."
+ "description": "Optional. Allow or disallow cross Microsoft Entra tenant object replication."
}
},
"customDomainName": {
@@ -32028,7 +32028,7 @@
"PrivateLink"
],
"metadata": {
- "description": "Optional. Restrict copy to and from Storage Accounts within an AAD tenant or with Private Links to the same VNet."
+ "description": "Optional. Restrict copy to and from Azure Storage accounts within a Microsoft Entra tenant or with Private Links to the same virtual network."
}
},
"publicNetworkAccess": {
@@ -35460,7 +35460,7 @@
"scriptArguments": {
"value": "[variables('varStorageToDomainScriptArgs')]"
},
- "adminUserPassword": "[if(equals(parameters('identityServiceProvider'), 'AAD'), createObject('reference', createObject('keyVault', createObject('id', extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('serviceObjectsRgName'))), 'Microsoft.KeyVault/vaults', parameters('wrklKvName'))), 'secretName', 'vmLocalUserPassword')), createObject('reference', createObject('keyVault', createObject('id', extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('serviceObjectsRgName'))), 'Microsoft.KeyVault/vaults', parameters('wrklKvName'))), 'secretName', 'domainJoinUserPassword')))]",
+ "adminUserPassword": "[if(equals(parameters('identityServiceProvider'), 'EntraID'), createObject('reference', createObject('keyVault', createObject('id', extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('serviceObjectsRgName'))), 'Microsoft.KeyVault/vaults', parameters('wrklKvName'))), 'secretName', 'vmLocalUserPassword')), createObject('reference', createObject('keyVault', createObject('id', extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('serviceObjectsRgName'))), 'Microsoft.KeyVault/vaults', parameters('wrklKvName'))), 'secretName', 'domainJoinUserPassword')))]",
"baseScriptUri": {
"value": "[parameters('storageToDomainScriptUri')]"
}
@@ -35643,7 +35643,7 @@
"_generator": {
"name": "bicep",
"version": "0.23.1.45101",
- "templateHash": "13591692348976261694"
+ "templateHash": "2146358988195070063"
}
},
"parameters": {
@@ -35844,9 +35844,9 @@
"Transaction"
],
"varWrklStoragePrivateEndpointName": "[format('pe-{0}-file', parameters('storageAccountName'))]",
- "varDirectoryServiceOptions": "[if(equals(parameters('identityServiceProvider'), 'AADDS'), 'AADDS', if(equals(parameters('identityServiceProvider'), 'AAD'), 'AADKERB', 'None'))]",
+ "varDirectoryServiceOptions": "[if(equals(parameters('identityServiceProvider'), 'EntraDS'), 'EntraDS', if(equals(parameters('identityServiceProvider'), 'EntraID'), 'AADKERB', 'None'))]",
"varSecurityPrincipalName": "[if(not(empty(parameters('securityPrincipalName'))), parameters('securityPrincipalName'), 'none')]",
- "varAdminUserName": "[if(equals(parameters('identityServiceProvider'), 'AAD'), parameters('vmLocalUserName'), parameters('domainJoinUserName'))]",
+ "varAdminUserName": "[if(equals(parameters('identityServiceProvider'), 'EntraID'), parameters('vmLocalUserName'), parameters('domainJoinUserName'))]",
"varStorageToDomainScriptArgs": "[format('-DscPath {0} -StorageAccountName {1} -StorageAccountRG {2} -StoragePurpose {3} -DomainName {4} -IdentityServiceProvider {5} -AzureCloudEnvironment {6} -SubscriptionId {7} -AdminUserName {8} -CustomOuPath {9} -OUName {10} -ShareName {11} -ClientId {12} -SecurityPrincipalName \"{13}\" -StorageAccountFqdn {14} ', parameters('dscAgentPackageLocation'), parameters('storageAccountName'), parameters('storageObjectsRgName'), parameters('storagePurpose'), parameters('identityDomainName'), parameters('identityServiceProvider'), variables('varAzureCloudName'), parameters('workloadSubsId'), variables('varAdminUserName'), parameters('storageCustomOuPath'), parameters('ouStgPath'), parameters('fileShareName'), parameters('managedIdentityClientId'), variables('varSecurityPrincipalName'), parameters('storageAccountFqdn'))]"
},
"resources": [
@@ -35880,7 +35880,7 @@
"azureFilesIdentityBasedAuthentication": {
"value": {
"directoryServiceOptions": "[variables('varDirectoryServiceOptions')]",
- "activeDirectoryProperties": "[if(equals(parameters('identityServiceProvider'), 'AAD'), createObject('domainGuid', parameters('identityDomainGuid'), 'domainName', parameters('identityDomainName')), createObject())]"
+ "activeDirectoryProperties": "[if(equals(parameters('identityServiceProvider'), 'EntraID'), createObject('domainGuid', parameters('identityDomainGuid'), 'domainName', parameters('identityDomainName')), createObject())]"
}
},
"accessTier": {
@@ -35916,7 +35916,7 @@
"_generator": {
"name": "bicep",
"version": "0.23.1.45101",
- "templateHash": "14398504551168498076"
+ "templateHash": "4472154948223917662"
}
},
"parameters": {
@@ -36062,7 +36062,7 @@
"type": "bool",
"defaultValue": true,
"metadata": {
- "description": "Optional. Allow or disallow cross AAD tenant object replication."
+ "description": "Optional. Allow or disallow cross Microsoft Entra tenant object replication."
}
},
"customDomainName": {
@@ -36236,7 +36236,7 @@
"PrivateLink"
],
"metadata": {
- "description": "Optional. Restrict copy to and from Storage Accounts within an AAD tenant or with Private Links to the same VNet."
+ "description": "Optional. Restrict copy to and from Azure Storage accounts within a Microsoft Entra tenant or with Private Links to the same virtual network."
}
},
"publicNetworkAccess": {
@@ -39668,7 +39668,7 @@
"scriptArguments": {
"value": "[variables('varStorageToDomainScriptArgs')]"
},
- "adminUserPassword": "[if(equals(parameters('identityServiceProvider'), 'AAD'), createObject('reference', createObject('keyVault', createObject('id', extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('serviceObjectsRgName'))), 'Microsoft.KeyVault/vaults', parameters('wrklKvName'))), 'secretName', 'vmLocalUserPassword')), createObject('reference', createObject('keyVault', createObject('id', extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('serviceObjectsRgName'))), 'Microsoft.KeyVault/vaults', parameters('wrklKvName'))), 'secretName', 'domainJoinUserPassword')))]",
+ "adminUserPassword": "[if(equals(parameters('identityServiceProvider'), 'EntraID'), createObject('reference', createObject('keyVault', createObject('id', extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('serviceObjectsRgName'))), 'Microsoft.KeyVault/vaults', parameters('wrklKvName'))), 'secretName', 'vmLocalUserPassword')), createObject('reference', createObject('keyVault', createObject('id', extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('serviceObjectsRgName'))), 'Microsoft.KeyVault/vaults', parameters('wrklKvName'))), 'secretName', 'domainJoinUserPassword')))]",
"baseScriptUri": {
"value": "[parameters('storageToDomainScriptUri')]"
}
@@ -40341,7 +40341,7 @@
"_generator": {
"name": "bicep",
"version": "0.23.1.45101",
- "templateHash": "14294076350463870661"
+ "templateHash": "10614954706578729621"
}
},
"parameters": {
@@ -40638,7 +40638,7 @@
"timeZone": {
"value": "[parameters('timeZone')]"
},
- "systemAssignedIdentity": "[if(equals(parameters('identityServiceProvider'), 'AAD'), createObject('value', true()), createObject('value', false()))]",
+ "systemAssignedIdentity": "[if(equals(parameters('identityServiceProvider'), 'EntraID'), createObject('value', true()), createObject('value', false()))]",
"availabilityZone": "[if(parameters('useAvailabilityZones'), createObject('value', take(skip(variables('varAllAvailabilityZones'), mod(range(1, parameters('count'))[copyIndex()], length(variables('varAllAvailabilityZones')))), 1)), createObject('value', createArray()))]",
"encryptionAtHost": {
"value": "[parameters('encryptionAtHost')]"
@@ -40702,7 +40702,7 @@
},
"extensionDomainJoinConfig": {
"value": {
- "enabled": "[if(or(equals(parameters('identityServiceProvider'), 'AADDS'), equals(parameters('identityServiceProvider'), 'ADDS')), true(), false())]",
+ "enabled": "[if(or(equals(parameters('identityServiceProvider'), 'EntraDS'), equals(parameters('identityServiceProvider'), 'ADDS')), true(), false())]",
"settings": {
"name": "[parameters('identityDomainName')]",
"ouPath": "[if(not(empty(parameters('sessionHostOuPath'))), parameters('sessionHostOuPath'), null())]",
@@ -40714,7 +40714,7 @@
},
"extensionAadJoinConfig": {
"value": {
- "enabled": "[if(equals(parameters('identityServiceProvider'), 'AAD'), true(), false())]",
+ "enabled": "[if(equals(parameters('identityServiceProvider'), 'EntraID'), true(), false())]",
"settings": "[if(parameters('createIntuneEnrollment'), createObject('mdmId', '0000000a-0000-0000-c000-000000000000'), createObject())]"
}
},
@@ -40731,7 +40731,7 @@
"_generator": {
"name": "bicep",
"version": "0.23.1.45101",
- "templateHash": "3205620537307637582"
+ "templateHash": "15426531948771861029"
}
},
"parameters": {
@@ -41065,7 +41065,7 @@
"enabled": false
},
"metadata": {
- "description": "Optional. The configuration for the [AAD Join] extension. Must at least contain the [\"enabled\": true] property to be executed."
+ "description": "Optional. The configuration for the [EntraID Join] extension. Must at least contain the [\"enabled\": true] property to be executed."
}
},
"extensionAntiMalwareConfig": {
diff --git a/workload/portal-ui/portal-ui-baseline.json b/workload/portal-ui/portal-ui-baseline.json
index a41729a54..37d9d6720 100644
--- a/workload/portal-ui/portal-ui-baseline.json
+++ b/workload/portal-ui/portal-ui-baseline.json
@@ -134,13 +134,13 @@
"visible": true,
"label": "Identity service provider",
"defaultValue": "Active Directory (AD DS)",
- "toolTip": "Identity service provider (ADDS or AADDS) that already exist and will be used for Azure Virtual Desktop.",
+ "toolTip": "Identity service provider (ADDS or EntraDS) that already exist and will be used for Azure Virtual Desktop.",
"constraints": {
"required": true,
"allowedValues": [
{
"label": "Microsoft Entra ID",
- "value": "AAD"
+ "value": "EntraID"
},
{
"label": "Active Directory (AD DS)",
@@ -148,7 +148,7 @@
},
{
"label": "Microsoft Entra Domain Services",
- "value": "AADDS"
+ "value": "EntraDS"
}
]
}
@@ -156,7 +156,7 @@
{
"name": "identityServiceProviderIntuneEnrollment",
"type": "Microsoft.Common.CheckBox",
- "visible": "[equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD')]",
+ "visible": "[equals(steps('identity').identityDomainInformation.identityServiceProvider, 'EntraID')]",
"label": "Intune enrollment",
"defaultValue": false,
"toolTip": "If Intune is configured in your Microsoft Entra ID tenant, you can choose to have the VM automatically enrolled during the deployment by selecting this box."
@@ -164,7 +164,7 @@
{
"name": "identityServiceProviderInfo",
"type": "Microsoft.Common.InfoBox",
- "visible": "[not(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD'))]",
+ "visible": "[not(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'EntraID'))]",
"options": {
"text": "Identity service provider must already exist, as it is a prerequisite for the Azure Virtual Desktop LZA deployment.",
"uri": "https://github.com/Azure/avdaccelerator/blob/main/workload/docs/getting-started.md",
@@ -175,8 +175,8 @@
"name": "identityDomainName",
"type": "Microsoft.Common.TextBox",
"label": "AD Domain name",
- "visible": "[or(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'ADDS'), equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AADDS'))]",
- "toolTip": "The full qualified domain name of the ADDS or AADDS domain, this information is used for VMs and storage accounts domain join. It is additionally used to set NTFS permissions when deploying/configuring FSLogix",
+ "visible": "[or(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'ADDS'), equals(steps('identity').identityDomainInformation.identityServiceProvider, 'EntraDS'))]",
+ "toolTip": "The full qualified domain name of the ADDS or EntraDS domain, this information is used for VMs and storage accounts domain join. It is additionally used to set NTFS permissions when deploying/configuring FSLogix",
"placeholder": "Example: contoso.com",
"constraints": {
"required": true
@@ -240,7 +240,7 @@
{
"name": "identityDomainCredentials",
"type": "Microsoft.Common.Section",
- "visible": "[not(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD'))]",
+ "visible": "[not(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'EntraID'))]",
"label": "Domain join credentials",
"elements": [
{
@@ -581,7 +581,7 @@
{
"name": "identityDomainOuPath",
"type": "Microsoft.Common.TextBox",
- "visible": "[not(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD'))]",
+ "visible": "[not(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'EntraID'))]",
"label": "Custom OU path (Optional)",
"toolTip": "Provide OU where to locate session hosts, if not provided session hosts will be placed on the default (computers) OU.",
"placeholder": "Example: OU=session-hosts,OU=avd,DC=contoso,DC=com",
@@ -884,7 +884,7 @@
{
"name": "identityDomainOuPathStorageExisting",
"type": "Microsoft.Common.TextBox",
- "visible": "[not(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD'))]",
+ "visible": "[not(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'EntraID'))]",
"label": "Custom OU path (Optional)",
"toolTip": "Provide OU where to locate storage account file share. If not provided, file share will be placed on the default (computers) OU.",
"placeholder": "Example: OU=storage,OU=avd,DC=contoso,DC=com",
@@ -952,9 +952,9 @@
}
},
{
- "name": "StorageDeploymentDisabledAad",
+ "name": "StorageDeploymentDisabledEntraId1",
"type": "Microsoft.Common.InfoBox",
- "visible": "[equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD')]",
+ "visible": "[equals(steps('identity').identityDomainInformation.identityServiceProvider, 'EntraID')]",
"options": {
"text": "Granting admin consent to the storage account service principal (your-storage-account-name.file.core.windows.net) is a requirememt, the link in this box contains the steps to grant the consent.",
"uri": "https://learn.microsoft.com/azure/storage/files/storage-files-identity-auth-azure-active-directory-enable?tabs=azure-portal#grant-admin-consent-to-the-new-service-principal",
@@ -1018,9 +1018,9 @@
]
},
{
- "name": "StorageDeploymentDisabledAad",
+ "name": "StorageDeploymentDisabledEntraId2",
"type": "Microsoft.Common.InfoBox",
- "visible": "[equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD')]",
+ "visible": "[equals(steps('identity').identityDomainInformation.identityServiceProvider, 'EntraID')]",
"options": {
"text": "FSLogix storage for Microsoft Entra ID joined session hosts is currently only available for hybrid identities.",
"uri": "https://learn.microsoft.com/azure/virtual-desktop/create-profile-container-azure-ad",
@@ -1038,9 +1038,9 @@
{
"name": "virtualNetworklInfoBox",
"type": "Microsoft.Common.InfoBox",
- "visible": "[not(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD'))]",
+ "visible": "[not(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'EntraID'))]",
"options": {
- "text": "Azure Virtual Desktop LZA requires connectivity to identity services (ADDS, AADDS or AAD).",
+ "text": "Azure Virtual Desktop LZA requires connectivity to identity services (ADDS, EntraDS or EntraID).",
"uri": "https://docs.microsoft.com/azure/virtual-desktop/authentication",
"style": "info"
}
@@ -1379,7 +1379,7 @@
{
"name": "virtualNetworkPeeringInfoBox1",
"type": "Microsoft.Common.InfoBox",
- "visible": "[and(equals(steps('network').createAvdVirtualNetwork, true),not(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD')))]",
+ "visible": "[and(equals(steps('network').createAvdVirtualNetwork, true),not(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'EntraID')))]",
"options": {
"text": "vNet peering will be created to existing vNet hub with access to identity and DNS services .",
"uri": "https://docs.microsoft.com/azure/architecture/example-scenario/wvd/windows-virtual-desktop?context=/azure/virtual-desktop/context/context",
@@ -1389,7 +1389,7 @@
{
"name": "hubVirtualNetworkPeeringInfoBox2",
"type": "Microsoft.Common.InfoBox",
- "visible": "[equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD')]",
+ "visible": "[equals(steps('identity').identityDomainInformation.identityServiceProvider, 'EntraID')]",
"options": {
"text": "vNet peering to identity services is not required when Microsoft Entra ID as identity service provider .",
"uri": "https://learn.microsoft.com/azure/architecture/example-scenario/wvd/azure-virtual-desktop-azure-active-directory-join",
@@ -1407,7 +1407,7 @@
{
"name": "hubVirtualNetworkSub",
"type": "Microsoft.Common.DropDown",
- "visible": "[not(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD'))]",
+ "visible": "[not(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'EntraID'))]",
"label": "Hub vNet Subscription",
"toolTip": "",
"multiselect": false,
@@ -1431,7 +1431,7 @@
{
"name": "existingHubVirtualNetwork",
"type": "Microsoft.Common.DropDown",
- "visible": "[not(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD'))]",
+ "visible": "[not(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'EntraID'))]",
"label": "Hub vNet",
"toolTip": "",
"multiselect": false,
@@ -1447,7 +1447,7 @@
{
"name": "hubVirtualNetworkGateway",
"type": "Microsoft.Common.CheckBox",
- "visible": "[not(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD'))]",
+ "visible": "[not(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'EntraID'))]",
"label": "Gateway on hub",
"defaultValue": false,
"toolTip": "This information will be used to set remote gateway settings on vNet peering."
@@ -2089,7 +2089,7 @@
"name": "resourceTaggingParentCostInfo",
"type": "Microsoft.Common.InfoBox",
"options": {
- "text": "By default, the following tags will be created:
- Parent resource cost management tag (cm-resource-parent): reports all resources cost to the host pool (ResourceID).
- Environment (Environment): environment selected during deployment (Dev/Test/prod).
- Service Workload (ServiceWorkload): defaults to Azure Virtual Desktop.
- Creation time (CreationTimeUTC): deployment time in UTC.
- Domain Name (DomainName): identity service domain name (applied only to compute and storage).
- Identity service provider (IdentityServiceProvider): identity provider selected (ADDS/AADDS/AAD).",
+ "text": "By default, the following tags will be created:
- Parent resource cost management tag (cm-resource-parent): reports all resources cost to the host pool (ResourceID).
- Environment (Environment): environment selected during deployment (Dev/Test/prod).
- Service Workload (ServiceWorkload): defaults to Azure Virtual Desktop.
- Creation time (CreationTimeUTC): deployment time in UTC.
- Domain Name (DomainName): identity service domain name (applied only to compute and storage).
- Identity service provider (IdentityServiceProvider): identity provider selected (ADDS/EntraDS/EntraID).",
"uri": "https://learn.microsoft.com/azure/virtual-desktop/tag-virtual-desktop-resources#use-the-cm-resource-parent-tag-to-automatically-group-costs-by-host-pool",
"style": "Info"
}
@@ -2322,11 +2322,11 @@
"hostPoolMaxSessions": "[if(equals(steps('managementPlane').managementPlaneHostPoolSettings.hostPoolType, 'Pooled'), steps('managementPlane').managementPlaneHostPoolSettings.maxSessions, 1)]",
"avdPersonalAssignType": "[if(equals(steps('managementPlane').managementPlaneHostPoolSettings.hostPoolType, 'Personal'), steps('managementPlane').managementPlaneHostPoolSettings.assignmentType, 'Automatic')]",
"avdIdentityServiceProvider": "[steps('identity').identityDomainInformation.identityServiceProvider]",
- "createIntuneEnrollment": "[if(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD'), steps('identity').identityDomainInformation.identityServiceProviderIntuneEnrollment, false)]",
- "identityDomainName": "[if(or(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'ADDS'), equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AADDS')), steps('identity').identityDomainInformation.identityDomainName, 'none')]",
- "avdOuPath": "[if(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD'), 'no', steps('sessionHosts').sessionHostsComputeStorageSection.identityDomainOuPath)]",
- "avdDomainJoinUserName": "[if(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD'), 'no', steps('identity').identityDomainCredentials.identityDomainJoinUserName)]",
- "avdDomainJoinUserPassword": "[if(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD'), 'no', steps('identity').identityDomainCredentials.identityDomainJoinUserPassword)]",
+ "createIntuneEnrollment": "[if(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'EntraID'), steps('identity').identityDomainInformation.identityServiceProviderIntuneEnrollment, false)]",
+ "identityDomainName": "[if(or(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'ADDS'), equals(steps('identity').identityDomainInformation.identityServiceProvider, 'EntraDS')), steps('identity').identityDomainInformation.identityDomainName, 'none')]",
+ "avdOuPath": "[if(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'EntraID'), 'no', steps('sessionHosts').sessionHostsComputeStorageSection.identityDomainOuPath)]",
+ "avdDomainJoinUserName": "[if(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'EntraID'), 'no', steps('identity').identityDomainCredentials.identityDomainJoinUserName)]",
+ "avdDomainJoinUserPassword": "[if(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'EntraID'), 'no', steps('identity').identityDomainCredentials.identityDomainJoinUserPassword)]",
"avdVmLocalUserName": "[steps('identity').identityLocalCredentials.identityLocalUserName]",
"avdVmLocalUserPassword": "[steps('identity').identityLocalCredentials.identityLocalUserPassword.password]",
"createAvdVnet": "[steps('network').createAvdVirtualNetwork]",