diff --git a/README.md b/README.md index af8adba71..6e8e27b84 100644 --- a/README.md +++ b/README.md @@ -34,7 +34,7 @@ Our intent is to enable IT Admins to use this software to: ## Mission Landing Zone Add-ons - [ESRI ArcGIS Pro & Enterprise with AVD](./docs/esri.md) -- [AVD (Azure Virtual Desktop)](./src/bicep/add-ons/azureVirtualDesktop/README.md) +- [AVD (Azure Virtual Desktop)](./src/bicep/add-ons/azure-virtual-desktop/README.md) - [Zero Trust Imaging](./src/bicep/add-ons/imaging/README.md) ## What is a Landing Zone? diff --git a/docs/esri.md b/docs/esri.md index 924d7ccf1..3cad8c60f 100644 --- a/docs/esri.md +++ b/docs/esri.md @@ -46,14 +46,14 @@ If you already have an Azure Landing Zone, you can skip this step. For more on w :arrow_forward: The third step is to deploy the Azure Virtual Desktop (AVD) solution. This solution provides a fully operational [stamp](https://learn.microsoft.com/azure/architecture/patterns/deployment-stamp) in an Azure subscription adhering to the [Zero Trust principles](https://learn.microsoft.com/security/zero-trust/azure-infrastructure-avd). -This template represents the strategic design path and target technical state for Azure Virtual Desktop deployment. Many of the [common features](https://github.com/Azure/missionlz/tree/main/src/bicep/add-ons/azureVirtualDesktop/docs/features) used with AVD have been automated in this solution for your convenience. +This template represents the strategic design path and target technical state for Azure Virtual Desktop deployment. Many of the [common features](https://github.com/Azure/missionlz/tree/main/src/bicep/add-ons/azure-virtual-desktop/docs/features) used with AVD have been automated in this solution for your convenience. -Be sure to complete the necessary [prerequisites](https://github.com/Azure/missionlz/blob/main/src/bicep/add-ons/azureVirtualDesktop/docs/prerequisites.md) and to review the parameter descriptions to the understand the consequences of your selections. Also, please review Esri's guidance on [VDI and ArcGIS Pro](https://architecture.arcgis.com/en/framework/architecture-practices/architectural-foundations/deployment-concepts/vdi-and-arcgis-pro.html). +Be sure to complete the necessary [prerequisites](https://github.com/Azure/missionlz/blob/main/src/bicep/add-ons/azure-virtual-desktop/docs/prerequisites.md) and to review the parameter descriptions to the understand the consequences of your selections. Also, please review Esri's guidance on [VDI and ArcGIS Pro](https://architecture.arcgis.com/en/framework/architecture-practices/architectural-foundations/deployment-concepts/vdi-and-arcgis-pro.html). This Azure Virtual Desktop Accelerator only deploys the specific Azure Virtual Desktop resources, shown in the architectural diagram above. It is assumed that an appropriate landing zone foundation is already setup. This means that policies and governance should already be in place. > [!WARNING] -> Failure to complete the [prerequisites](https://github.com/Azure/missionlz/blob/main/src/bicep/add-ons/azureVirtualDesktop/docs/prerequisites.md) will result in an unsuccessful deployment. +> Failure to complete the [prerequisites](https://github.com/Azure/missionlz/blob/main/src/bicep/add-ons/azure-virtual-desktop/docs/prerequisites.md) will result in an unsuccessful deployment. ## Step 4 @@ -112,14 +112,14 @@ This [Azure Zero Trust Imaging](https://github.com/Azure/missionlz/blob/main/src ## The Azure Virtual Desktop (AVD) solution -The [Azure Virtual Desktop (AVD) solution](https://github.com/Azure/missionlz/tree/main/src/bicep/add-ons/azureVirtualDesktop#readme) provides an architectural approach and reference implementation to prepare landing zone subscriptions for a scalable Azure Virtual Desktop deployment. Be sure to complete the necessary [prerequisites](https://github.com/Azure/missionlz/blob/main/src/bicep/add-ons/azureVirtualDesktop/docs/prerequisites.md) +The [Azure Virtual Desktop (AVD) solution](https://github.com/Azure/missionlz/tree/main/src/bicep/add-ons/azure-virtual-desktop#readme) provides an architectural approach and reference implementation to prepare landing zone subscriptions for a scalable Azure Virtual Desktop deployment. Be sure to complete the necessary [prerequisites](https://github.com/Azure/missionlz/blob/main/src/bicep/add-ons/azure-virtual-desktop/docs/prerequisites.md) 1. Deploy The Azure Virtual Desktop (AVD) solution into `AzureCloud` or `AzureUsGovernment` from the Azure Portal: | Azure Commercial | Azure Government | | :--- | :--- | - |[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#blade/Microsoft_Azure_CreateUIDef/CustomDeploymentBlade/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fmissionlz%2Fmain%2Fsrc%2Fbicep%2Fadd-ons%2FazureVirtualDesktop%2Fsolution.json/uiFormDefinitionUri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fmissionlz%2Fmain%2Fsrc%2Fbicep%2Fadd-ons%2FazureVirtualDesktop%2FuiDefinition.json) | [![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.us/#blade/Microsoft_Azure_CreateUIDef/CustomDeploymentBlade/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fmissionlz%2Fmain%2Fsrc%2Fbicep%2Fadd-ons%2FazureVirtualDesktop%2Fsolution.json/uiFormDefinitionUri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fmissionlz%2Fmain%2Fsrc%2Fbicep%2Fadd-ons%2FazureVirtualDesktop%2FuiDefinition.json) | + |[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#blade/Microsoft_Azure_CreateUIDef/CustomDeploymentBlade/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fmissionlz%2Fmain%2Fsrc%2Fbicep%2Fadd-ons%2Fazure-virtual-desktop%2Fsolution.json/uiFormDefinitionUri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fmissionlz%2Fmain%2Fsrc%2Fbicep%2Fadd-ons%2Fazure-virtual-desktop%2FuiDefinition.json) | [![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.us/#blade/Microsoft_Azure_CreateUIDef/CustomDeploymentBlade/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fmissionlz%2Fmain%2Fsrc%2Fbicep%2Fadd-ons%2Fazure-virtual-desktop%2Fsolution.json/uiFormDefinitionUri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fmissionlz%2Fmain%2Fsrc%2Fbicep%2Fadd-ons%2Fazure-virtual-desktop%2FuiDefinition.json) | ## ArcGIS on Azure diff --git a/src/bicep/add-ons/azureVirtualDesktop/LICENSE b/src/bicep/add-ons/azure-virtual-desktop/LICENSE similarity index 100% rename from src/bicep/add-ons/azureVirtualDesktop/LICENSE rename to src/bicep/add-ons/azure-virtual-desktop/LICENSE diff --git a/src/bicep/add-ons/azureVirtualDesktop/README.md b/src/bicep/add-ons/azure-virtual-desktop/README.md similarity index 76% rename from src/bicep/add-ons/azureVirtualDesktop/README.md rename to src/bicep/add-ons/azure-virtual-desktop/README.md index 7e36d715b..dc8a4a3a4 100644 --- a/src/bicep/add-ons/azureVirtualDesktop/README.md +++ b/src/bicep/add-ons/azure-virtual-desktop/README.md @@ -13,8 +13,8 @@ This solution will deploy a fully operational Azure Virtual Desktop (AVD) [stamp This option opens the deployment UI for the solution in the Azure Portal. Be sure to select the button for the correct cloud. If your desired cloud is not listed, please use the template spec option below. -[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#blade/Microsoft_Azure_CreateUIDef/CustomDeploymentBlade/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fmissionlz%2Fmain%2Fsrc%2Fbicep%2Fadd-ons%2FazureVirtualDesktop%2Fsolution.json/uiFormDefinitionUri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fmissionlz%2Fmain%2Fsrc%2Fbicep%2Fadd-ons%2FazureVirtualDesktop%2FuiDefinition.json) -[![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.us/#blade/Microsoft_Azure_CreateUIDef/CustomDeploymentBlade/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fmissionlz%2Fmain%2Fsrc%2Fbicep%2Fadd-ons%2FazureVirtualDesktop%2Fsolution.json/uiFormDefinitionUri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fmissionlz%2Fmain%2Fsrc%2Fbicep%2Fadd-ons%2FazureVirtualDesktop%2FuiDefinition.json) +[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#blade/Microsoft_Azure_CreateUIDef/CustomDeploymentBlade/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fmissionlz%2Fmain%2Fsrc%2Fbicep%2Fadd-ons%2Fazure-virtual-desktop%2Fsolution.json/uiFormDefinitionUri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fmissionlz%2Fmain%2Fsrc%2Fbicep%2Fadd-ons%2Fazure-virtual-desktop%2FuiDefinition.json) +[![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.us/#blade/Microsoft_Azure_CreateUIDef/CustomDeploymentBlade/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fmissionlz%2Fmain%2Fsrc%2Fbicep%2Fadd-ons%2Fazure-virtual-desktop%2Fsolution.json/uiFormDefinitionUri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fmissionlz%2Fmain%2Fsrc%2Fbicep%2Fadd-ons%2Fazure-virtual-desktop%2FuiDefinition.json) ### Template Spec @@ -35,7 +35,7 @@ New-AzTemplateSpec ` -Name $TemplateSpecName ` -Version 1.0 ` -Location $Location ` - -TemplateFile '.\src\bicep\add-ons\azureVirtualDesktop\solution.json' ` - -UIFormDefinitionFile '.\src\bicep\add-ons\azureVirtualDesktop\uiDefinition.json' ` + -TemplateFile '.\src\bicep\add-ons\azure-virtual-desktop\solution.json' ` + -UIFormDefinitionFile '.\src\bicep\add-ons\azure-virtual-desktop\uiDefinition.json' ` -Force ```` diff --git a/src/bicep/add-ons/azureVirtualDesktop/artifacts/Get-Validations.ps1 b/src/bicep/add-ons/azure-virtual-desktop/artifacts/Get-Validations.ps1 similarity index 100% rename from src/bicep/add-ons/azureVirtualDesktop/artifacts/Get-Validations.ps1 rename to src/bicep/add-ons/azure-virtual-desktop/artifacts/Get-Validations.ps1 diff --git a/src/bicep/add-ons/azureVirtualDesktop/artifacts/Install-AzurePowerShellAzModule.ps1 b/src/bicep/add-ons/azure-virtual-desktop/artifacts/Install-AzurePowerShellAzModule.ps1 similarity index 100% rename from src/bicep/add-ons/azureVirtualDesktop/artifacts/Install-AzurePowerShellAzModule.ps1 rename to src/bicep/add-ons/azure-virtual-desktop/artifacts/Install-AzurePowerShellAzModule.ps1 diff --git a/src/bicep/add-ons/azureVirtualDesktop/artifacts/Set-AutomationRunbook.ps1 b/src/bicep/add-ons/azure-virtual-desktop/artifacts/Set-AutomationRunbook.ps1 similarity index 100% rename from src/bicep/add-ons/azureVirtualDesktop/artifacts/Set-AutomationRunbook.ps1 rename to src/bicep/add-ons/azure-virtual-desktop/artifacts/Set-AutomationRunbook.ps1 diff --git a/src/bicep/add-ons/azureVirtualDesktop/artifacts/Set-AvdDrainMode.ps1 b/src/bicep/add-ons/azure-virtual-desktop/artifacts/Set-AvdDrainMode.ps1 similarity index 100% rename from src/bicep/add-ons/azureVirtualDesktop/artifacts/Set-AvdDrainMode.ps1 rename to src/bicep/add-ons/azure-virtual-desktop/artifacts/Set-AvdDrainMode.ps1 diff --git a/src/bicep/add-ons/azureVirtualDesktop/artifacts/Set-FileShareScaling.ps1 b/src/bicep/add-ons/azure-virtual-desktop/artifacts/Set-FileShareScaling.ps1 similarity index 100% rename from src/bicep/add-ons/azureVirtualDesktop/artifacts/Set-FileShareScaling.ps1 rename to src/bicep/add-ons/azure-virtual-desktop/artifacts/Set-FileShareScaling.ps1 diff --git a/src/bicep/add-ons/azureVirtualDesktop/artifacts/Set-HostPoolScaling.ps1 b/src/bicep/add-ons/azure-virtual-desktop/artifacts/Set-HostPoolScaling.ps1 similarity index 100% rename from src/bicep/add-ons/azureVirtualDesktop/artifacts/Set-HostPoolScaling.ps1 rename to src/bicep/add-ons/azure-virtual-desktop/artifacts/Set-HostPoolScaling.ps1 diff --git a/src/bicep/add-ons/azureVirtualDesktop/artifacts/Set-NtfsPermissions.ps1 b/src/bicep/add-ons/azure-virtual-desktop/artifacts/Set-NtfsPermissions.ps1 similarity index 98% rename from src/bicep/add-ons/azureVirtualDesktop/artifacts/Set-NtfsPermissions.ps1 rename to src/bicep/add-ons/azure-virtual-desktop/artifacts/Set-NtfsPermissions.ps1 index 01c9ba3a5..4a790c854 100644 --- a/src/bicep/add-ons/azureVirtualDesktop/artifacts/Set-NtfsPermissions.ps1 +++ b/src/bicep/add-ons/azure-virtual-desktop/artifacts/Set-NtfsPermissions.ps1 @@ -57,6 +57,10 @@ param [Parameter(Mandatory=$false)] [String]$TenantId, + [parameter(Mandatory)] + [string] + $UniqueToken, + [Parameter(Mandatory=$false)] [String]$UserAssignedIdentityClientId ) @@ -159,7 +163,7 @@ try $FileServer = '\\' + $SmbServerName + '.' + $Domain.DNSRoot } 'AzureFiles' { - $StorageAccountName = $StorageAccountPrefix + ($i + $StorageIndex).ToString().PadLeft(2,'0') + $StorageAccountName = $($StorageAccountPrefix + ($i + $StorageIndex).ToString().PadLeft(2,'0') + $UniqueToken).Substring(0,24) $FileServer = '\\' + $StorageAccountName + $FilesSuffix # Connects to Azure using a User Assigned Managed Identity diff --git a/src/bicep/add-ons/azureVirtualDesktop/artifacts/Set-SessionHostConfiguration.ps1 b/src/bicep/add-ons/azure-virtual-desktop/artifacts/Set-SessionHostConfiguration.ps1 similarity index 93% rename from src/bicep/add-ons/azureVirtualDesktop/artifacts/Set-SessionHostConfiguration.ps1 rename to src/bicep/add-ons/azure-virtual-desktop/artifacts/Set-SessionHostConfiguration.ps1 index d57c16fe6..55adda759 100644 --- a/src/bicep/add-ons/azureVirtualDesktop/artifacts/Set-SessionHostConfiguration.ps1 +++ b/src/bicep/add-ons/azure-virtual-desktop/artifacts/Set-SessionHostConfiguration.ps1 @@ -56,18 +56,6 @@ Param( [string] $PooledHostPool, - [parameter(Mandatory)] - [string] - $SecurityMonitoring, - - [parameter(Mandatory)] - [string] - $SecurityWorkspaceId, - - [parameter(Mandatory)] - [string] - $SecurityWorkspaceKey, - [parameter(Mandatory)] [string] $StorageAccountPrefix, @@ -86,7 +74,11 @@ Param( [parameter(Mandatory)] [string] - $StorageSuffix + $StorageSuffix, + + [parameter(Mandatory)] + [string] + $UniqueToken ) @@ -216,10 +208,10 @@ try 'AzureFiles' { for($i = $StorageIndex; $i -lt $($StorageIndex + $StorageCount); $i++) { - $CloudCacheOfficeContainers += 'type=smb,connectionString=\\' + $StorageAccountPrefix + $i.ToString().PadLeft(2,'0') + $FilesSuffix + '\office-containers;' - $CloudCacheProfileContainers += 'type=smb,connectionString=\\' + $StorageAccountPrefix + $i.ToString().PadLeft(2,'0') + $FilesSuffix + '\profile-containers;' - $OfficeContainers += '\\' + $StorageAccountPrefix + $i.ToString().PadLeft(2,'0') + $FilesSuffix + '\office-containers' - $ProfileContainers += '\\' + $StorageAccountPrefix + $i.ToString().PadLeft(2,'0') + $FilesSuffix + '\profile-containers' + $CloudCacheOfficeContainers += 'type=smb,connectionString=\\' + $($StorageAccountPrefix + $i.ToString().PadLeft(2,'0') + $UniqueToken).Substring(0,24) + $FilesSuffix + '\office-containers;' + $CloudCacheProfileContainers += 'type=smb,connectionString=\\' + $($StorageAccountPrefix + $i.ToString().PadLeft(2,'0') + $UniqueToken).Substring(0,24) + $FilesSuffix + '\profile-containers;' + $OfficeContainers += '\\' + $($StorageAccountPrefix + $i.ToString().PadLeft(2,'0') + $UniqueToken).Substring(0,24) + $FilesSuffix + '\office-containers' + $ProfileContainers += '\\' + $($StorageAccountPrefix + $i.ToString().PadLeft(2,'0') + $UniqueToken).Substring(0,24) + $FilesSuffix + '\profile-containers' } } 'AzureNetAppFiles' { @@ -495,25 +487,6 @@ try Start-Sleep -Seconds 5 | Out-Null - ############################################################## - # Dual-home Microsoft Monitoring Agent for Azure Sentinel or Defender for Cloud - ############################################################## - if($SecurityMonitoring -eq 'true') - { - $AzureEnvironment = switch($Environment) - { - AzureCloud {0} - AzureUSGovernment {1} - AzureChina {2} - USNat {3} - USSec {4} - } - - $mma = New-Object -ComObject 'AgentConfigManager.MgmtSvcCfg' - $mma.AddCloudWorkspace($SecurityWorkspaceId, $SecurityWorkspaceKey, $AzureEnvironment) - $mma.ReloadConfiguration() | Out-Null - } - ############################################################## # Restart VM ############################################################## diff --git a/src/bicep/add-ons/azureVirtualDesktop/artifacts/Update-AvdDesktop.ps1 b/src/bicep/add-ons/azure-virtual-desktop/artifacts/Update-AvdDesktop.ps1 similarity index 100% rename from src/bicep/add-ons/azureVirtualDesktop/artifacts/Update-AvdDesktop.ps1 rename to src/bicep/add-ons/azure-virtual-desktop/artifacts/Update-AvdDesktop.ps1 diff --git a/src/bicep/add-ons/azureVirtualDesktop/artifacts/Update-AvdWorkspace.ps1 b/src/bicep/add-ons/azure-virtual-desktop/artifacts/Update-AvdWorkspace.ps1 similarity index 100% rename from src/bicep/add-ons/azureVirtualDesktop/artifacts/Update-AvdWorkspace.ps1 rename to src/bicep/add-ons/azure-virtual-desktop/artifacts/Update-AvdWorkspace.ps1 diff --git a/src/bicep/add-ons/azureVirtualDesktop/docs/design.md b/src/bicep/add-ons/azure-virtual-desktop/docs/design.md similarity index 100% rename from src/bicep/add-ons/azureVirtualDesktop/docs/design.md rename to src/bicep/add-ons/azure-virtual-desktop/docs/design.md diff --git a/src/bicep/add-ons/azureVirtualDesktop/docs/design/naming.md b/src/bicep/add-ons/azure-virtual-desktop/docs/design/naming.md similarity index 100% rename from src/bicep/add-ons/azureVirtualDesktop/docs/design/naming.md rename to src/bicep/add-ons/azure-virtual-desktop/docs/design/naming.md diff --git a/src/bicep/add-ons/azureVirtualDesktop/docs/features.md b/src/bicep/add-ons/azure-virtual-desktop/docs/features.md similarity index 100% rename from src/bicep/add-ons/azureVirtualDesktop/docs/features.md rename to src/bicep/add-ons/azure-virtual-desktop/docs/features.md diff --git a/src/bicep/add-ons/azureVirtualDesktop/docs/features/autoIncreasePremiumFileShareQuota.md b/src/bicep/add-ons/azure-virtual-desktop/docs/features/autoIncreasePremiumFileShareQuota.md similarity index 100% rename from src/bicep/add-ons/azureVirtualDesktop/docs/features/autoIncreasePremiumFileShareQuota.md rename to src/bicep/add-ons/azure-virtual-desktop/docs/features/autoIncreasePremiumFileShareQuota.md diff --git a/src/bicep/add-ons/azureVirtualDesktop/docs/features/backups.md b/src/bicep/add-ons/azure-virtual-desktop/docs/features/backups.md similarity index 100% rename from src/bicep/add-ons/azureVirtualDesktop/docs/features/backups.md rename to src/bicep/add-ons/azure-virtual-desktop/docs/features/backups.md diff --git a/src/bicep/add-ons/azureVirtualDesktop/docs/features/drainMode.md b/src/bicep/add-ons/azure-virtual-desktop/docs/features/drainMode.md similarity index 100% rename from src/bicep/add-ons/azureVirtualDesktop/docs/features/drainMode.md rename to src/bicep/add-ons/azure-virtual-desktop/docs/features/drainMode.md diff --git a/src/bicep/add-ons/azureVirtualDesktop/docs/features/fslogix.md b/src/bicep/add-ons/azure-virtual-desktop/docs/features/fslogix.md similarity index 100% rename from src/bicep/add-ons/azureVirtualDesktop/docs/features/fslogix.md rename to src/bicep/add-ons/azure-virtual-desktop/docs/features/fslogix.md diff --git a/src/bicep/add-ons/azureVirtualDesktop/docs/features/gpu.md b/src/bicep/add-ons/azure-virtual-desktop/docs/features/gpu.md similarity index 100% rename from src/bicep/add-ons/azureVirtualDesktop/docs/features/gpu.md rename to src/bicep/add-ons/azure-virtual-desktop/docs/features/gpu.md diff --git a/src/bicep/add-ons/azureVirtualDesktop/docs/features/highAvailability.md b/src/bicep/add-ons/azure-virtual-desktop/docs/features/highAvailability.md similarity index 100% rename from src/bicep/add-ons/azureVirtualDesktop/docs/features/highAvailability.md rename to src/bicep/add-ons/azure-virtual-desktop/docs/features/highAvailability.md diff --git a/src/bicep/add-ons/azureVirtualDesktop/docs/features/monitoring.md b/src/bicep/add-ons/azure-virtual-desktop/docs/features/monitoring.md similarity index 100% rename from src/bicep/add-ons/azureVirtualDesktop/docs/features/monitoring.md rename to src/bicep/add-ons/azure-virtual-desktop/docs/features/monitoring.md diff --git a/src/bicep/add-ons/azureVirtualDesktop/docs/features/scalingTool.md b/src/bicep/add-ons/azure-virtual-desktop/docs/features/scalingTool.md similarity index 100% rename from src/bicep/add-ons/azureVirtualDesktop/docs/features/scalingTool.md rename to src/bicep/add-ons/azure-virtual-desktop/docs/features/scalingTool.md diff --git a/src/bicep/add-ons/azureVirtualDesktop/docs/features/serverSideEncryption.md b/src/bicep/add-ons/azure-virtual-desktop/docs/features/serverSideEncryption.md similarity index 100% rename from src/bicep/add-ons/azureVirtualDesktop/docs/features/serverSideEncryption.md rename to src/bicep/add-ons/azure-virtual-desktop/docs/features/serverSideEncryption.md diff --git a/src/bicep/add-ons/azureVirtualDesktop/docs/features/smbMultiChannel.md b/src/bicep/add-ons/azure-virtual-desktop/docs/features/smbMultiChannel.md similarity index 100% rename from src/bicep/add-ons/azureVirtualDesktop/docs/features/smbMultiChannel.md rename to src/bicep/add-ons/azure-virtual-desktop/docs/features/smbMultiChannel.md diff --git a/src/bicep/add-ons/azureVirtualDesktop/docs/features/startVmOnConnect.md b/src/bicep/add-ons/azure-virtual-desktop/docs/features/startVmOnConnect.md similarity index 100% rename from src/bicep/add-ons/azureVirtualDesktop/docs/features/startVmOnConnect.md rename to src/bicep/add-ons/azure-virtual-desktop/docs/features/startVmOnConnect.md diff --git a/src/bicep/add-ons/azureVirtualDesktop/docs/features/trustedLaunch.md b/src/bicep/add-ons/azure-virtual-desktop/docs/features/trustedLaunch.md similarity index 100% rename from src/bicep/add-ons/azureVirtualDesktop/docs/features/trustedLaunch.md rename to src/bicep/add-ons/azure-virtual-desktop/docs/features/trustedLaunch.md diff --git a/src/bicep/add-ons/azureVirtualDesktop/docs/features/validation.md b/src/bicep/add-ons/azure-virtual-desktop/docs/features/validation.md similarity index 100% rename from src/bicep/add-ons/azureVirtualDesktop/docs/features/validation.md rename to src/bicep/add-ons/azure-virtual-desktop/docs/features/validation.md diff --git a/src/bicep/add-ons/azureVirtualDesktop/docs/prerequisites.md b/src/bicep/add-ons/azure-virtual-desktop/docs/prerequisites.md similarity index 100% rename from src/bicep/add-ons/azureVirtualDesktop/docs/prerequisites.md rename to src/bicep/add-ons/azure-virtual-desktop/docs/prerequisites.md diff --git a/src/bicep/add-ons/azureVirtualDesktop/docs/troubleshooting.md b/src/bicep/add-ons/azure-virtual-desktop/docs/troubleshooting.md similarity index 100% rename from src/bicep/add-ons/azureVirtualDesktop/docs/troubleshooting.md rename to src/bicep/add-ons/azure-virtual-desktop/docs/troubleshooting.md diff --git a/src/bicep/add-ons/azureVirtualDesktop/images/identifiers.png b/src/bicep/add-ons/azure-virtual-desktop/images/identifiers.png similarity index 100% rename from src/bicep/add-ons/azureVirtualDesktop/images/identifiers.png rename to src/bicep/add-ons/azure-virtual-desktop/images/identifiers.png diff --git a/src/bicep/add-ons/azureVirtualDesktop/images/identifiers.vsdx b/src/bicep/add-ons/azure-virtual-desktop/images/identifiers.vsdx similarity index 100% rename from src/bicep/add-ons/azureVirtualDesktop/images/identifiers.vsdx rename to src/bicep/add-ons/azure-virtual-desktop/images/identifiers.vsdx diff --git a/src/bicep/add-ons/azureVirtualDesktop/images/resources.png b/src/bicep/add-ons/azure-virtual-desktop/images/resources.png similarity index 100% rename from src/bicep/add-ons/azureVirtualDesktop/images/resources.png rename to src/bicep/add-ons/azure-virtual-desktop/images/resources.png diff --git a/src/bicep/add-ons/azureVirtualDesktop/images/resources.vsdx b/src/bicep/add-ons/azure-virtual-desktop/images/resources.vsdx similarity index 100% rename from src/bicep/add-ons/azureVirtualDesktop/images/resources.vsdx rename to src/bicep/add-ons/azure-virtual-desktop/images/resources.vsdx diff --git a/src/bicep/add-ons/azureVirtualDesktop/images/stamps.png b/src/bicep/add-ons/azure-virtual-desktop/images/stamps.png similarity index 100% rename from src/bicep/add-ons/azureVirtualDesktop/images/stamps.png rename to src/bicep/add-ons/azure-virtual-desktop/images/stamps.png diff --git a/src/bicep/add-ons/azureVirtualDesktop/images/stamps.vsdx b/src/bicep/add-ons/azure-virtual-desktop/images/stamps.vsdx similarity index 100% rename from src/bicep/add-ons/azureVirtualDesktop/images/stamps.vsdx rename to src/bicep/add-ons/azure-virtual-desktop/images/stamps.vsdx diff --git a/src/bicep/add-ons/azureVirtualDesktop/modules/cleanUp/cleanUp.bicep b/src/bicep/add-ons/azure-virtual-desktop/modules/cleanUp/cleanUp.bicep similarity index 87% rename from src/bicep/add-ons/azureVirtualDesktop/modules/cleanUp/cleanUp.bicep rename to src/bicep/add-ons/azure-virtual-desktop/modules/cleanUp/cleanUp.bicep index 3c25401ec..68b9d80cb 100644 --- a/src/bicep/add-ons/azureVirtualDesktop/modules/cleanUp/cleanUp.bicep +++ b/src/bicep/add-ons/azure-virtual-desktop/modules/cleanUp/cleanUp.bicep @@ -1,16 +1,16 @@ targetScope = 'subscription' +param deploymentNameSuffix string param fslogixStorageService string param location string param resourceGroupManagement string param scalingTool bool -param timestamp string param userAssignedIdentityClientId string param virtualMachineName string module removeManagementVirtualMachine 'removeVirtualMachine.bicep' = if (!scalingTool && !(fslogixStorageService == 'AzureFiles Premium')) { scope: resourceGroup(resourceGroupManagement) - name: 'RemoveManagementVirtualMachine_${timestamp}' + name: 'remove-mgmt-vm-${deploymentNameSuffix}' params: { Location: location UserAssignedIdentityClientId: userAssignedIdentityClientId diff --git a/src/bicep/add-ons/azureVirtualDesktop/modules/cleanUp/removeVirtualMachine.bicep b/src/bicep/add-ons/azure-virtual-desktop/modules/cleanUp/removeVirtualMachine.bicep similarity index 100% rename from src/bicep/add-ons/azureVirtualDesktop/modules/cleanUp/removeVirtualMachine.bicep rename to src/bicep/add-ons/azure-virtual-desktop/modules/cleanUp/removeVirtualMachine.bicep diff --git a/src/bicep/add-ons/azureVirtualDesktop/modules/common/customScriptExtensions.bicep b/src/bicep/add-ons/azure-virtual-desktop/modules/common/customScriptExtensions.bicep similarity index 100% rename from src/bicep/add-ons/azureVirtualDesktop/modules/common/customScriptExtensions.bicep rename to src/bicep/add-ons/azure-virtual-desktop/modules/common/customScriptExtensions.bicep diff --git a/src/bicep/add-ons/azure-virtual-desktop/modules/common/roleAssignment.bicep b/src/bicep/add-ons/azure-virtual-desktop/modules/common/roleAssignment.bicep new file mode 100644 index 000000000..8ce4cf9f4 --- /dev/null +++ b/src/bicep/add-ons/azure-virtual-desktop/modules/common/roleAssignment.bicep @@ -0,0 +1,12 @@ +param principalId string +param principalType string +param roleDefinitionId string + +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = { + name: guid(principalId, roleDefinitionId, resourceGroup().id) + properties: { + roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions', roleDefinitionId) + principalId: principalId + principalType: principalType + } +} diff --git a/src/bicep/add-ons/azureVirtualDesktop/modules/controlPlane/applicationGroup.bicep b/src/bicep/add-ons/azure-virtual-desktop/modules/controlPlane/applicationGroup.bicep similarity index 92% rename from src/bicep/add-ons/azureVirtualDesktop/modules/controlPlane/applicationGroup.bicep rename to src/bicep/add-ons/azure-virtual-desktop/modules/controlPlane/applicationGroup.bicep index ecaa30b7f..0e4e67ed8 100644 --- a/src/bicep/add-ons/azureVirtualDesktop/modules/controlPlane/applicationGroup.bicep +++ b/src/bicep/add-ons/azure-virtual-desktop/modules/controlPlane/applicationGroup.bicep @@ -1,15 +1,16 @@ param artifactsUri string +param deploymentNameSuffix string param deploymentUserAssignedIdentityClientId string param desktopApplicationGroupName string param desktopFriendlyName string param hostPoolResourceId string param locationControlPlane string param locationVirtualMachines string +param mlzTags object param resourceGroupManagement string param roleDefinitions object param securityPrincipalObjectIds array param tags object -param timestamp string param virtualMachineName string resource applicationGroup 'Microsoft.DesktopVirtualization/applicationGroups@2021-03-09-preview' = { @@ -17,7 +18,7 @@ resource applicationGroup 'Microsoft.DesktopVirtualization/applicationGroups@202 location: locationControlPlane tags: union({ 'cm-resource-parent': hostPoolResourceId - }, contains(tags, 'Microsoft.DesktopVirtualization/applicationGroups') ? tags['Microsoft.DesktopVirtualization/applicationGroups'] : {}) + }, contains(tags, 'Microsoft.DesktopVirtualization/applicationGroups') ? tags['Microsoft.DesktopVirtualization/applicationGroups'] : {}, mlzTags) properties: { hostPoolArmPath: hostPoolResourceId applicationGroupType: 'Desktop' @@ -27,7 +28,7 @@ resource applicationGroup 'Microsoft.DesktopVirtualization/applicationGroups@202 // Adds a friendly name to the SessionDesktop application for the desktop application group module applicationFriendlyName '../common/customScriptExtensions.bicep' = if (!empty(desktopFriendlyName)) { scope: resourceGroup(resourceGroupManagement) - name: 'ApplicationFriendlyName_${timestamp}' + name: 'deploy-vdapp-friendly-name-${deploymentNameSuffix}' params : { fileUris: [ '${artifactsUri}Update-AvdDesktop.ps1' @@ -37,7 +38,7 @@ module applicationFriendlyName '../common/customScriptExtensions.bicep' = if (!e scriptFileName: 'Update-AvdDesktop.ps1' tags: union({ 'cm-resource-parent': hostPoolResourceId - }, contains(tags, 'Microsoft.Compute/virtualMachines') ? tags['Microsoft.Compute/virtualMachines'] : {}) + }, contains(tags, 'Microsoft.Compute/virtualMachines') ? tags['Microsoft.Compute/virtualMachines'] : {}, mlzTags) userAssignedIdentityClientId: deploymentUserAssignedIdentityClientId virtualMachineName: virtualMachineName } diff --git a/src/bicep/add-ons/azure-virtual-desktop/modules/controlPlane/controlPlane.bicep b/src/bicep/add-ons/azure-virtual-desktop/modules/controlPlane/controlPlane.bicep new file mode 100644 index 000000000..90fdfb350 --- /dev/null +++ b/src/bicep/add-ons/azure-virtual-desktop/modules/controlPlane/controlPlane.bicep @@ -0,0 +1,131 @@ +targetScope = 'subscription' + +param activeDirectorySolution string +param artifactsUri string +param avdPrivateDnsZoneResourceId string +param customImageId string +param customRdpProperty string +param deploymentNameSuffix string +param deploymentUserAssignedIdentityClientId string +param desktopFriendlyName string +param diskSku string +param domainName string +param existingFeedWorkspace bool +param hostPoolPublicNetworkAccess string +param hostPoolType string +param imageOffer string +param imagePublisher string +param imageSku string +param imageVersionResourceId string +param locationControlPlane string +param locationVirtualMachines string +param logAnalyticsWorkspaceResourceId string +param managementVirtualMachineName string +param maxSessionLimit int +param mlzTags object +param monitoring bool +param namingConvention object +param resourceGroups array +param roleDefinitions object +param securityPrincipalObjectIds array +param serviceToken string +param sessionHostNamePrefix string +param subnetResourceId string +param tags object +param validationEnvironment bool +param virtualMachineSize string +param workspaceFriendlyName string +param workspacePublicNetworkAccess string + +var galleryImageOffer = empty(imageVersionResourceId) ? '"${imageOffer}"' : 'null' +var galleryImagePublisher = empty(imageVersionResourceId) ? '"${imagePublisher}"' : 'null' +var galleryImageSku = empty(imageVersionResourceId) ? '"${imageSku}"' : 'null' +var galleryItemId = empty(imageVersionResourceId) ? '"${imagePublisher}.${imageOffer}${imageSku}"' : 'null' +var hostPoolName = namingConvention.hostPool +var imageType = empty(imageVersionResourceId) ? '"Gallery"' : '"CustomImage"' + +module hostPool 'hostPool.bicep' = { + name: 'deploy-vdpool-${deploymentNameSuffix}' + scope: resourceGroup(resourceGroups[0]) + params: { + activeDirectorySolution: activeDirectorySolution + avdPrivateDnsZoneResourceId: avdPrivateDnsZoneResourceId + customImageId: customImageId + customRdpProperty: customRdpProperty + diskSku: diskSku + domainName: domainName + galleryImageOffer: galleryImageOffer + galleryImagePublisher: galleryImagePublisher + galleryImageSku: galleryImageSku + galleryItemId: galleryItemId + hostPoolDiagnosticSettingName: namingConvention.hostPoolDiagnosticSetting + hostPoolName: hostPoolName + hostPoolNetworkInterfaceName: namingConvention.hostPoolNetworkInterface + hostPoolPrivateEndpointName: namingConvention.hostPoolPrivateEndpoint + hostPoolPublicNetworkAccess: hostPoolPublicNetworkAccess + hostPoolType: hostPoolType + imageType: imageType + location: locationControlPlane + logAnalyticsWorkspaceResourceId: logAnalyticsWorkspaceResourceId + maxSessionLimit: maxSessionLimit + mlzTags: mlzTags + monitoring: monitoring + sessionHostNamePrefix: sessionHostNamePrefix + subnetResourceId: subnetResourceId + tags: tags + validationEnvironment: validationEnvironment + virtualMachineSize: virtualMachineSize + } +} + +module applicationGroup 'applicationGroup.bicep' = { + name: 'deploy-vdag-${deploymentNameSuffix}' + scope: resourceGroup(resourceGroups[0]) + params: { + artifactsUri: artifactsUri + deploymentNameSuffix: deploymentNameSuffix + deploymentUserAssignedIdentityClientId: deploymentUserAssignedIdentityClientId + desktopApplicationGroupName: replace(namingConvention.applicationGroup, serviceToken, 'desktop') + hostPoolResourceId: hostPool.outputs.resourceId + locationControlPlane: locationControlPlane + locationVirtualMachines: locationVirtualMachines + mlzTags: mlzTags + resourceGroupManagement: resourceGroups[3] + roleDefinitions: roleDefinitions + securityPrincipalObjectIds: securityPrincipalObjectIds + desktopFriendlyName: desktopFriendlyName + tags: tags + virtualMachineName: managementVirtualMachineName + } +} + +module workspace 'workspace.bicep' = { + name: 'deploy-vdws-feed-${deploymentNameSuffix}' + scope: resourceGroup(resourceGroups[1]) + params: { + applicationGroupReferences: applicationGroup.outputs.applicationGroupReference + artifactsUri: artifactsUri + avdPrivateDnsZoneResourceId: avdPrivateDnsZoneResourceId + deploymentNameSuffix: deploymentNameSuffix + deploymentUserAssignedIdentityClientId: deploymentUserAssignedIdentityClientId + existing: existingFeedWorkspace + hostPoolName: hostPoolName + locationControlPlane: locationControlPlane + locationVirtualMachines: locationVirtualMachines + logAnalyticsWorkspaceResourceId: logAnalyticsWorkspaceResourceId + mlzTags: mlzTags + monitoring: monitoring + resourceGroupManagement: resourceGroups[3] + subnetResourceId: subnetResourceId + tags: tags + virtualMachineName: managementVirtualMachineName + workspaceFeedDiagnoticSettingName: replace(namingConvention.workspaceFeedDiagnosticSetting, serviceToken, 'feed') + workspaceFeedName: replace(namingConvention.workspaceFeed, serviceToken, 'feed') + workspaceFeedNetworkInterfaceName: replace(namingConvention.workspaceFeedNetworkInterface, serviceToken, 'feed') + workspaceFeedPrivateEndpointName: replace(namingConvention.workspaceFeedPrivateEndpoint, serviceToken, 'feed') + workspaceFriendlyName: empty(workspaceFriendlyName) ? replace(namingConvention.workspaceFeed, serviceToken, '') : '${workspaceFriendlyName} (${locationControlPlane})' + workspacePublicNetworkAccess: workspacePublicNetworkAccess + } +} + +output hostPoolName string = hostPool.outputs.name diff --git a/src/bicep/add-ons/azureVirtualDesktop/modules/controlPlane/hostPool.bicep b/src/bicep/add-ons/azure-virtual-desktop/modules/controlPlane/hostPool.bicep similarity index 74% rename from src/bicep/add-ons/azureVirtualDesktop/modules/controlPlane/hostPool.bicep rename to src/bicep/add-ons/azure-virtual-desktop/modules/controlPlane/hostPool.bicep index 1e7fc9fd7..fa5800290 100644 --- a/src/bicep/add-ons/azureVirtualDesktop/modules/controlPlane/hostPool.bicep +++ b/src/bicep/add-ons/azure-virtual-desktop/modules/controlPlane/hostPool.bicep @@ -1,21 +1,31 @@ param activeDirectorySolution string param avdPrivateDnsZoneResourceId string +param customImageId string param customRdpProperty string +param diskSku string +param domainName string +param galleryImageOffer string +param galleryImagePublisher string +param galleryImageSku string +param galleryItemId string param hostPoolDiagnosticSettingName string param hostPoolName string param hostPoolNetworkInterfaceName string param hostPoolPrivateEndpointName string param hostPoolPublicNetworkAccess string param hostPoolType string +param imageType string param location string param logAnalyticsWorkspaceResourceId string param maxSessionLimit int +param mlzTags object param monitoring bool +param sessionHostNamePrefix string param subnetResourceId string param tags object param time string = utcNow('u') param validationEnvironment bool -param vmTemplate string +param virtualMachineSize string var customRdpProperty_Complete = contains(activeDirectorySolution, 'MicrosoftEntraId') ? '${customRdpProperty}targetisaadjoined:i:1;enablerdsaadauth:i:1;' : customRdpProperty var hostPoolLogs = [ @@ -50,7 +60,7 @@ resource hostPool 'Microsoft.DesktopVirtualization/hostPools@2023-09-05' = { location: location tags: union({ 'cm-resource-parent': '${subscription().id}}/resourceGroups/${resourceGroup().name}/providers/Microsoft.DesktopVirtualization/hostpools/${hostPoolName}' - }, contains(tags, 'Microsoft.DesktopVirtualization/hostPools') ? tags['Microsoft.DesktopVirtualization/hostPools'] : {}) + }, contains(tags, 'Microsoft.DesktopVirtualization/hostPools') ? tags['Microsoft.DesktopVirtualization/hostPools'] : {}, mlzTags) properties: { customRdpProperty: customRdpProperty_Complete hostPoolType: split(hostPoolType, ' ')[0] @@ -65,7 +75,7 @@ resource hostPool 'Microsoft.DesktopVirtualization/hostPools@2023-09-05' = { } startVMOnConnect: true validationEnvironment: validationEnvironment - vmTemplate: vmTemplate + vmTemplate: '{"domain":"${domainName}","galleryImageOffer":${galleryImageOffer},"galleryImagePublisher":${galleryImagePublisher},"galleryImageSKU":${galleryImageSku},"imageType":${imageType},"customImageId":${customImageId},"namePrefix":"${sessionHostNamePrefix}","osDiskType":"${diskSku}","vmSize":{"id":"${virtualMachineSize}","cores":null,"ram":null,"rdmaEnabled": false,"supportsMemoryPreservingMaintenance": true},"galleryItemId":${galleryItemId},"hibernate":false,"diskSizeGB":0,"securityType":"TrustedLaunch","secureBoot":true,"vTPM":true,"vmInfrastructureType":"Cloud","virtualProcessorCount":null,"memoryGB":null,"maximumMemoryGB":null,"minimumMemoryGB":null,"dynamicMemoryConfig":false}' } } @@ -75,7 +85,7 @@ resource privateEndpoint 'Microsoft.Network/privateEndpoints@2023-04-01' = { location: location tags: union({ 'cm-resource-parent': '${subscription().id}}/resourceGroups/${resourceGroup().name}/providers/Microsoft.DesktopVirtualization/hostpools/${hostPoolName}' - }, contains(tags, 'Microsoft.Network/privateEndpoints') ? tags['Microsoft.Network/privateEndpoints'] : {}) + }, contains(tags, 'Microsoft.Network/privateEndpoints') ? tags['Microsoft.Network/privateEndpoints'] : {}, mlzTags) properties: { customNetworkInterfaceName: hostPoolNetworkInterfaceName privateLinkServiceConnections: [ @@ -119,4 +129,5 @@ resource diagnosticSetting 'Microsoft.Insights/diagnosticSettings@2021-05-01-pre } } -output ResourceId string = hostPool.id +output name string = hostPool.name +output resourceId string = hostPool.id diff --git a/src/bicep/add-ons/azureVirtualDesktop/modules/controlPlane/workspace.bicep b/src/bicep/add-ons/azure-virtual-desktop/modules/controlPlane/workspace.bicep similarity index 94% rename from src/bicep/add-ons/azureVirtualDesktop/modules/controlPlane/workspace.bicep rename to src/bicep/add-ons/azure-virtual-desktop/modules/controlPlane/workspace.bicep index a8b3510bf..49fe2a741 100644 --- a/src/bicep/add-ons/azureVirtualDesktop/modules/controlPlane/workspace.bicep +++ b/src/bicep/add-ons/azure-virtual-desktop/modules/controlPlane/workspace.bicep @@ -1,17 +1,18 @@ param applicationGroupReferences array param artifactsUri string param avdPrivateDnsZoneResourceId string +param deploymentNameSuffix string param deploymentUserAssignedIdentityClientId string param existing bool param hostPoolName string param locationControlPlane string param locationVirtualMachines string param logAnalyticsWorkspaceResourceId string +param mlzTags object param monitoring bool param resourceGroupManagement string param subnetResourceId string param tags object -param timestamp string param virtualMachineName string param workspaceFeedDiagnoticSettingName string param workspaceFeedName string @@ -22,7 +23,7 @@ param workspacePublicNetworkAccess string module addApplicationGroups '../common/customScriptExtensions.bicep' = if (existing) { scope: resourceGroup(resourceGroupManagement) - name: 'AddApplicationGroupReferences_${timestamp}' + name: 'add-vdag-references-${deploymentNameSuffix}' params: { fileUris: [ '${artifactsUri}Update-AvdWorkspace.ps1' @@ -32,7 +33,7 @@ module addApplicationGroups '../common/customScriptExtensions.bicep' = if (exist scriptFileName: 'Update-AvdWorkspace.ps1' tags: union({ 'cm-resource-parent': '${subscription().id}}/resourceGroups/${resourceGroup().name}/providers/Microsoft.DesktopVirtualization/hostpools/${hostPoolName}' - }, contains(tags, 'Microsoft.Compute/virtualMachines') ? tags['Microsoft.Compute/virtualMachines'] : {}) + }, contains(tags, 'Microsoft.Compute/virtualMachines') ? tags['Microsoft.Compute/virtualMachines'] : {}, mlzTags) userAssignedIdentityClientId: deploymentUserAssignedIdentityClientId virtualMachineName: virtualMachineName } @@ -41,7 +42,7 @@ module addApplicationGroups '../common/customScriptExtensions.bicep' = if (exist resource workspace 'Microsoft.DesktopVirtualization/workspaces@2023-09-05' = if (!existing) { name: workspaceFeedName location: locationControlPlane - tags: {} + tags: mlzTags properties: { applicationGroupReferences: applicationGroupReferences friendlyName: workspaceFriendlyName @@ -52,7 +53,7 @@ resource workspace 'Microsoft.DesktopVirtualization/workspaces@2023-09-05' = if resource privateEndpoint 'Microsoft.Network/privateEndpoints@2023-04-01' = if (!existing) { name: workspaceFeedPrivateEndpointName location: locationControlPlane - tags: {} + tags: mlzTags properties: { customNetworkInterfaceName: workspaceFeedNetworkInterfaceName privateLinkServiceConnections: [ diff --git a/src/bicep/add-ons/azureVirtualDesktop/modules/fslogix/azureFiles/azureFiles.bicep b/src/bicep/add-ons/azure-virtual-desktop/modules/fslogix/azureFiles/azureFiles.bicep similarity index 91% rename from src/bicep/add-ons/azureVirtualDesktop/modules/fslogix/azureFiles/azureFiles.bicep rename to src/bicep/add-ons/azure-virtual-desktop/modules/fslogix/azureFiles/azureFiles.bicep index de97dc6b2..abe745271 100644 --- a/src/bicep/add-ons/azureVirtualDesktop/modules/fslogix/azureFiles/azureFiles.bicep +++ b/src/bicep/add-ons/azure-virtual-desktop/modules/fslogix/azureFiles/azureFiles.bicep @@ -1,19 +1,22 @@ +param activeDirectorySolution string param artifactsUri string param automationAccountName string param availability string param azureFilesPrivateDnsZoneResourceId string +param deploymentNameSuffix string param deploymentUserAssignedIdentityClientId string @secure() param domainJoinPassword string param domainJoinUserPrincipalName string param enableRecoveryServices bool param encryptionUserAssignedIdentityResourceId string -param activeDirectorySolution string +param environmentAbbreviation string param fileShares array param fslogixShareSizeInGB int param fslogixContainerType string param fslogixStorageService string param hostPoolType string +param identifier string param keyVaultUri string param location string param managementVirtualMachineName string @@ -34,16 +37,13 @@ param storageEncryptionKeyName string param storageIndex int param storageSku string param storageService string -param subnet string +param subnetResourceId string param tagsAutomationAccounts object param tagsPrivateEndpoints object param tagsRecoveryServicesVault object param tagsStorageAccounts object param tagsVirtualMachines object -param timestamp string param timeZone string -param virtualNetwork string -param virtualNetworkResourceGroup string var roleDefinitionId = '0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb' // Storage File Data SMB Share Contributor var smbMultiChannel = { @@ -58,10 +58,10 @@ var smbSettings = { channelEncryption: 'AES-128-GCM;AES-256-GCM;' } var storageRedundancy = availability == 'availabilityZones' ? '_ZRS' : '_LRS' -var subnetId = resourceId(virtualNetworkResourceGroup, 'Microsoft.Network/virtualNetworks/subnets', virtualNetwork, subnet) +var uniqueToken = uniqueString(identifier, environmentAbbreviation, subscription().subscriptionId) resource storageAccounts 'Microsoft.Storage/storageAccounts@2022-09-01' = [for i in range(0, storageCount): { - name: '${storageAccountNamePrefix}${padLeft(i + storageIndex, 2, '0')}' + name: take('${storageAccountNamePrefix}${padLeft(i + storageIndex, 2, '0')}${uniqueToken}', 24) location: location tags: tagsStorageAccounts sku: { @@ -156,7 +156,7 @@ resource fileServices 'Microsoft.Storage/storageAccounts/fileServices@2022-09-01 }] module shares 'shares.bicep' = [for i in range(0, storageCount): { - name: 'fileShares_${i}_${timestamp}' + name: 'deploy-file-shares-${i}-${deploymentNameSuffix}' params: { fileShares: fileShares fslogixShareSizeInGB: fslogixShareSizeInGB @@ -186,7 +186,7 @@ resource privateEndpoints 'Microsoft.Network/privateEndpoints@2023-04-01' = [for } ] subnet: { - id: subnetId + id: subnetResourceId } } }] @@ -210,14 +210,14 @@ resource privateDnsZoneGroups 'Microsoft.Network/privateEndpoints/privateDnsZone }] module ntfsPermissions '../../common/customScriptExtensions.bicep' = if (contains(activeDirectorySolution, 'DomainServices')) { - name: 'FslogixNtfsPermissions_${timestamp}' + name: 'deploy-fslogix-ntfs-permissions-${deploymentNameSuffix}' scope: resourceGroup(resourceGroupManagement) params: { fileUris: [ '${artifactsUri}Set-NtfsPermissions.ps1' ] location: location - parameters: '-domainJoinPassword "${domainJoinPassword}" -domainJoinUserPrincipalName ${domainJoinUserPrincipalName} -activeDirectorySolution ${activeDirectorySolution} -Environment ${environment().name} -fslogixContainerType ${fslogixContainerType} -netbios ${netbios} -organizationalUnitPath "${organizationalUnitPath}" -securityPrincipalNames "${securityPrincipalNames}" -StorageAccountPrefix ${storageAccountNamePrefix} -StorageAccountResourceGroupName ${resourceGroupStorage} -storageCount ${storageCount} -storageIndex ${storageIndex} -storageService ${storageService} -StorageSuffix ${environment().suffixes.storage} -SubscriptionId ${subscription().subscriptionId} -TenantId ${subscription().tenantId} -UserAssignedIdentityClientId ${deploymentUserAssignedIdentityClientId}' + parameters: '-domainJoinPassword "${domainJoinPassword}" -domainJoinUserPrincipalName ${domainJoinUserPrincipalName} -activeDirectorySolution ${activeDirectorySolution} -Environment ${environment().name} -fslogixContainerType ${fslogixContainerType} -netbios ${netbios} -organizationalUnitPath "${organizationalUnitPath}" -securityPrincipalNames "${securityPrincipalNames}" -StorageAccountPrefix ${storageAccountNamePrefix} -StorageAccountResourceGroupName ${resourceGroupStorage} -storageCount ${storageCount} -storageIndex ${storageIndex} -storageService ${storageService} -StorageSuffix ${environment().suffixes.storage} -SubscriptionId ${subscription().subscriptionId} -TenantId ${subscription().tenantId} -UniqueToken ${uniqueToken} -UserAssignedIdentityClientId ${deploymentUserAssignedIdentityClientId}' scriptFileName: 'Set-NtfsPermissions.ps1' tags: tagsVirtualMachines userAssignedIdentityClientId: deploymentUserAssignedIdentityClientId @@ -231,9 +231,10 @@ module ntfsPermissions '../../common/customScriptExtensions.bicep' = if (contain } module recoveryServices 'recoveryServices.bicep' = if (enableRecoveryServices && contains(hostPoolType, 'Pooled')) { - name: 'recoveryServices_AzureFiles_${timestamp}' + name: 'deploy-backup-azure-files-${deploymentNameSuffix}' scope: resourceGroup(resourceGroupManagement) params: { + deploymentNameSuffix: deploymentNameSuffix fileShares: fileShares location: location recoveryServicesVaultName: recoveryServicesVaultName @@ -242,7 +243,6 @@ module recoveryServices 'recoveryServices.bicep' = if (enableRecoveryServices && storageCount: storageCount storageIndex: storageIndex tagsRecoveryServicesVault: tagsRecoveryServicesVault - timestamp: timestamp } dependsOn: [ shares @@ -250,11 +250,12 @@ module recoveryServices 'recoveryServices.bicep' = if (enableRecoveryServices && } module autoIncreasePremiumFileShareQuota '../../management/autoIncreasePremiumFileShareQuota.bicep' = if (fslogixStorageService == 'AzureFiles Premium' && storageCount > 0) { - name: 'AutoIncreasePremiumFileShareQuota_${timestamp}' + name: 'deploy-file-share-scaling-${deploymentNameSuffix}' scope: resourceGroup(resourceGroupManagement) params: { artifactsUri: artifactsUri automationAccountName: automationAccountName + deploymentNameSuffix: deploymentNameSuffix deploymentUserAssignedIdentityClientId: deploymentUserAssignedIdentityClientId fslogixContainerType: fslogixContainerType location: location @@ -264,7 +265,6 @@ module autoIncreasePremiumFileShareQuota '../../management/autoIncreasePremiumFi storageIndex: storageIndex storageResourceGroupName: resourceGroupStorage tags: tagsAutomationAccounts - timestamp: timestamp timeZone: timeZone } dependsOn: [ diff --git a/src/bicep/add-ons/azureVirtualDesktop/modules/fslogix/azureFiles/protectedItems.bicep b/src/bicep/add-ons/azure-virtual-desktop/modules/fslogix/azureFiles/protectedItems.bicep similarity index 100% rename from src/bicep/add-ons/azureVirtualDesktop/modules/fslogix/azureFiles/protectedItems.bicep rename to src/bicep/add-ons/azure-virtual-desktop/modules/fslogix/azureFiles/protectedItems.bicep diff --git a/src/bicep/add-ons/azureVirtualDesktop/modules/fslogix/azureFiles/recoveryServices.bicep b/src/bicep/add-ons/azure-virtual-desktop/modules/fslogix/azureFiles/recoveryServices.bicep similarity index 93% rename from src/bicep/add-ons/azureVirtualDesktop/modules/fslogix/azureFiles/recoveryServices.bicep rename to src/bicep/add-ons/azure-virtual-desktop/modules/fslogix/azureFiles/recoveryServices.bicep index e53f61ee5..c724acc93 100644 --- a/src/bicep/add-ons/azureVirtualDesktop/modules/fslogix/azureFiles/recoveryServices.bicep +++ b/src/bicep/add-ons/azure-virtual-desktop/modules/fslogix/azureFiles/recoveryServices.bicep @@ -1,3 +1,4 @@ +param deploymentNameSuffix string param fileShares array param location string param recoveryServicesVaultName string @@ -6,7 +7,6 @@ param storageAccountNamePrefix string param storageCount int param storageIndex int param tagsRecoveryServicesVault object -param timestamp string resource vault 'Microsoft.RecoveryServices/vaults@2022-03-01' existing = { name: recoveryServicesVaultName @@ -28,7 +28,7 @@ resource backupPolicy_Storage 'Microsoft.RecoveryServices/vaults/backupPolicies@ } module protectedItems_fileShares 'protectedItems.bicep' = [for i in range(0, storageCount): { - name: 'BackupProtectedItems_fileShares_${i + storageIndex}_${timestamp}' + name: 'backup-file-shares-${i + storageIndex}-${deploymentNameSuffix}' params: { fileShares: fileShares location: location diff --git a/src/bicep/add-ons/azureVirtualDesktop/modules/fslogix/azureFiles/shares.bicep b/src/bicep/add-ons/azure-virtual-desktop/modules/fslogix/azureFiles/shares.bicep similarity index 100% rename from src/bicep/add-ons/azureVirtualDesktop/modules/fslogix/azureFiles/shares.bicep rename to src/bicep/add-ons/azure-virtual-desktop/modules/fslogix/azureFiles/shares.bicep diff --git a/src/bicep/add-ons/azureVirtualDesktop/modules/fslogix/azureNetAppFiles.bicep b/src/bicep/add-ons/azure-virtual-desktop/modules/fslogix/azureNetAppFiles.bicep similarity index 97% rename from src/bicep/add-ons/azureVirtualDesktop/modules/fslogix/azureNetAppFiles.bicep rename to src/bicep/add-ons/azure-virtual-desktop/modules/fslogix/azureNetAppFiles.bicep index a1fc52562..0a65caee3 100644 --- a/src/bicep/add-ons/azureVirtualDesktop/modules/fslogix/azureNetAppFiles.bicep +++ b/src/bicep/add-ons/azure-virtual-desktop/modules/fslogix/azureNetAppFiles.bicep @@ -1,6 +1,7 @@ param artifactsUri string param activeDirectoryConnection string param delegatedSubnetId string +param deploymentNameSuffix string param deploymentUserAssignedIdentityClientId string param dnsServers string @secure() @@ -21,7 +22,6 @@ param storageSku string param storageService string param tagsNetAppAccount object param tagsVirtualMachines object -param timestamp string resource netAppAccount 'Microsoft.NetApp/netAppAccounts@2021-06-01' = { name: netAppAccountName @@ -131,7 +131,7 @@ resource volumes 'Microsoft.NetApp/netAppAccounts/capacityPools/volumes@2021-06- }] module ntfsPermissions '../common/customScriptExtensions.bicep' = { - name: 'FslogixNtfsPermissions_${timestamp}' + name: 'deploy-fslogix-ntfs-permissions-${deploymentNameSuffix}' scope: resourceGroup(resourceGroupManagement) params: { fileUris: [ diff --git a/src/bicep/add-ons/azureVirtualDesktop/modules/fslogix/fslogix.bicep b/src/bicep/add-ons/azure-virtual-desktop/modules/fslogix/fslogix.bicep similarity index 80% rename from src/bicep/add-ons/azureVirtualDesktop/modules/fslogix/fslogix.bicep rename to src/bicep/add-ons/azure-virtual-desktop/modules/fslogix/fslogix.bicep index e0ba442c8..dd4e5eedd 100644 --- a/src/bicep/add-ons/azureVirtualDesktop/modules/fslogix/fslogix.bicep +++ b/src/bicep/add-ons/azure-virtual-desktop/modules/fslogix/fslogix.bicep @@ -3,10 +3,10 @@ targetScope = 'subscription' param artifactsUri string param activeDirectoryConnection string param activeDirectorySolution string -param automationAccountName string param availability string param azureFilesPrivateDnsZoneResourceId string param delegatedSubnetId string +param deploymentNameSuffix string param deploymentUserAssignedIdentityClientId string param dnsServers string @secure() @@ -14,58 +14,56 @@ param domainJoinPassword string param domainJoinUserPrincipalName string param domainName string param encryptionUserAssignedIdentityResourceId string +param environmentAbbreviation string param fileShares array param fslogixShareSizeInGB int param fslogixContainerType string param fslogixStorageService string -param hostPoolName string param hostPoolType string +param identifier string param keyVaultUri string param location string param managementVirtualMachineName string -param netAppAccountName string -param netAppCapacityPoolName string +param mlzTags object +param namingConvention object param netbios string param organizationalUnitPath string param recoveryServices bool -param recoveryServicesVaultName string param resourceGroupControlPlane string param resourceGroupManagement string param resourceGroupStorage string param securityPrincipalObjectIds array param securityPrincipalNames array -param serviceName string +param serviceToken string param smbServerLocation string -param storageAccountNamePrefix string -param storageAccountNetworkInterfaceNamePrefix string -param storageAccountPrivateEndpointNamePrefix string param storageCount int param storageEncryptionKeyName string param storageIndex int param storageSku string param storageService string -param subnet string +param subnetResourceId string param tags object -param timestamp string param timeZone string -param virtualNetwork string -param virtualNetworkResourceGroup string -var tagsAutomationAccounts = union({'cm-resource-parent': '${subscription().id}}/resourceGroups/${resourceGroupControlPlane}/providers/Microsoft.DesktopVirtualization/hostpools/${hostPoolName}'}, contains(tags, 'Microsoft.Automation/automationAccounts') ? tags['Microsoft.Automation/automationAccounts'] : {}) -var tagsNetAppAccount = union({'cm-resource-parent': '${subscription().id}}/resourceGroups/${resourceGroupControlPlane}/providers/Microsoft.DesktopVirtualization/hostpools/${hostPoolName}'}, contains(tags, 'Microsoft.NetApp/netAppAccounts') ? tags['Microsoft.NetApp/netAppAccounts'] : {}) -var tagsPrivateEndpoints = union({'cm-resource-parent': '${subscription().id}}/resourceGroups/${resourceGroupControlPlane}/providers/Microsoft.DesktopVirtualization/hostpools/${hostPoolName}'}, contains(tags, 'Microsoft.Network/privateEndpoints') ? tags['Microsoft.Network/privateEndpoints'] : {}) -var tagsStorageAccounts = union({'cm-resource-parent': '${subscription().id}}/resourceGroups/${resourceGroupControlPlane}/providers/Microsoft.DesktopVirtualization/hostpools/${hostPoolName}'}, contains(tags, 'Microsoft.Storage/storageAccounts') ? tags['Microsoft.Storage/storageAccounts'] : {}) -var tagsRecoveryServicesVault = union({'cm-resource-parent': '${subscription().id}}/resourceGroups/${resourceGroupControlPlane}/providers/Microsoft.DesktopVirtualization/hostpools/${hostPoolName}'}, contains(tags, 'Microsoft.recoveryServices/vaults') ? tags['Microsoft.recoveryServices/vaults'] : {}) -var tagsVirtualMachines = union({'cm-resource-parent': '${subscription().id}}/resourceGroups/${resourceGroupControlPlane}/providers/Microsoft.DesktopVirtualization/hostpools/${hostPoolName}'}, contains(tags, 'Microsoft.Compute/virtualMachines') ? tags['Microsoft.Compute/virtualMachines'] : {}) +var hostPoolName = namingConvention.hostPool + +var tagsAutomationAccounts = union({'cm-resource-parent': '${subscription().id}}/resourceGroups/${resourceGroupControlPlane}/providers/Microsoft.DesktopVirtualization/hostpools/${hostPoolName}'}, contains(tags, 'Microsoft.Automation/automationAccounts') ? tags['Microsoft.Automation/automationAccounts'] : {}, mlzTags) +var tagsNetAppAccount = union({'cm-resource-parent': '${subscription().id}}/resourceGroups/${resourceGroupControlPlane}/providers/Microsoft.DesktopVirtualization/hostpools/${hostPoolName}'}, contains(tags, 'Microsoft.NetApp/netAppAccounts') ? tags['Microsoft.NetApp/netAppAccounts'] : {}, mlzTags) +var tagsPrivateEndpoints = union({'cm-resource-parent': '${subscription().id}}/resourceGroups/${resourceGroupControlPlane}/providers/Microsoft.DesktopVirtualization/hostpools/${hostPoolName}'}, contains(tags, 'Microsoft.Network/privateEndpoints') ? tags['Microsoft.Network/privateEndpoints'] : {}, mlzTags) +var tagsStorageAccounts = union({'cm-resource-parent': '${subscription().id}}/resourceGroups/${resourceGroupControlPlane}/providers/Microsoft.DesktopVirtualization/hostpools/${hostPoolName}'}, contains(tags, 'Microsoft.Storage/storageAccounts') ? tags['Microsoft.Storage/storageAccounts'] : {}, mlzTags) +var tagsRecoveryServicesVault = union({'cm-resource-parent': '${subscription().id}}/resourceGroups/${resourceGroupControlPlane}/providers/Microsoft.DesktopVirtualization/hostpools/${hostPoolName}'}, contains(tags, 'Microsoft.recoveryServices/vaults') ? tags['Microsoft.recoveryServices/vaults'] : {}, mlzTags) +var tagsVirtualMachines = union({'cm-resource-parent': '${subscription().id}}/resourceGroups/${resourceGroupControlPlane}/providers/Microsoft.DesktopVirtualization/hostpools/${hostPoolName}'}, contains(tags, 'Microsoft.Compute/virtualMachines') ? tags['Microsoft.Compute/virtualMachines'] : {}, mlzTags) // Azure NetApp Files for Fslogix module azureNetAppFiles 'azureNetAppFiles.bicep' = if (storageService == 'AzureNetAppFiles' && contains(activeDirectorySolution, 'DomainServices')) { - name: 'AzureNetAppFiles_${timestamp}' + name: 'deploy-anf-${deploymentNameSuffix}' scope: resourceGroup(resourceGroupStorage) params: { - artifactsUri: artifactsUri activeDirectoryConnection: activeDirectoryConnection + artifactsUri: artifactsUri delegatedSubnetId: delegatedSubnetId + deploymentNameSuffix: deploymentNameSuffix + deploymentUserAssignedIdentityClientId: deploymentUserAssignedIdentityClientId dnsServers: dnsServers domainJoinPassword: domainJoinPassword domainJoinUserPrincipalName: domainJoinUserPrincipalName @@ -74,70 +72,68 @@ module azureNetAppFiles 'azureNetAppFiles.bicep' = if (storageService == 'AzureN fslogixContainerType: fslogixContainerType location: location managementVirtualMachineName: managementVirtualMachineName - netAppAccountName: netAppAccountName - netAppCapacityPoolName: netAppCapacityPoolName + netAppAccountName: namingConvention.netAppAccount + netAppCapacityPoolName: namingConvention.netAppAccountCapacityPool organizationalUnitPath: organizationalUnitPath resourceGroupManagement: resourceGroupManagement securityPrincipalNames: securityPrincipalNames smbServerLocation: smbServerLocation - storageSku: storageSku storageService: storageService + storageSku: storageSku tagsNetAppAccount: tagsNetAppAccount tagsVirtualMachines: tagsVirtualMachines - timestamp: timestamp - deploymentUserAssignedIdentityClientId: deploymentUserAssignedIdentityClientId } } // Azure Files for FSLogix module azureFiles 'azureFiles/azureFiles.bicep' = if (storageService == 'AzureFiles' && contains(activeDirectorySolution, 'DomainServices')) { - name: 'AzureFiles_${timestamp}' + name: 'deploy-azure-files-${deploymentNameSuffix}' scope: resourceGroup(resourceGroupStorage) params: { activeDirectorySolution: activeDirectorySolution artifactsUri: artifactsUri - automationAccountName: automationAccountName + automationAccountName: namingConvention.automationAccount availability: availability azureFilesPrivateDnsZoneResourceId: azureFilesPrivateDnsZoneResourceId + deploymentNameSuffix: deploymentNameSuffix deploymentUserAssignedIdentityClientId: deploymentUserAssignedIdentityClientId domainJoinPassword: domainJoinPassword domainJoinUserPrincipalName: domainJoinUserPrincipalName enableRecoveryServices: recoveryServices encryptionUserAssignedIdentityResourceId: encryptionUserAssignedIdentityResourceId + environmentAbbreviation: environmentAbbreviation fileShares: fileShares fslogixContainerType: fslogixContainerType fslogixShareSizeInGB: fslogixShareSizeInGB fslogixStorageService: fslogixStorageService hostPoolType: hostPoolType + identifier: identifier keyVaultUri: keyVaultUri location: location managementVirtualMachineName: managementVirtualMachineName netbios: netbios organizationalUnitPath: organizationalUnitPath - recoveryServicesVaultName: recoveryServicesVaultName + recoveryServicesVaultName: namingConvention.recoveryServicesVault resourceGroupManagement: resourceGroupManagement resourceGroupStorage: resourceGroupStorage securityPrincipalNames: securityPrincipalNames securityPrincipalObjectIds: securityPrincipalObjectIds - serviceName: serviceName - storageAccountNamePrefix: storageAccountNamePrefix - storageAccountNetworkInterfaceNamePrefix: storageAccountNetworkInterfaceNamePrefix - storageAccountPrivateEndpointNamePrefix: storageAccountPrivateEndpointNamePrefix + serviceName: serviceToken + storageAccountNamePrefix: namingConvention.storageAccount + storageAccountNetworkInterfaceNamePrefix: namingConvention.storageAccountNetworkInterface + storageAccountPrivateEndpointNamePrefix: namingConvention.storageAccountPrivateEndpoint storageCount: storageCount storageEncryptionKeyName: storageEncryptionKeyName storageIndex: storageIndex storageService: storageService storageSku: storageSku - subnet: subnet + subnetResourceId: subnetResourceId tagsAutomationAccounts: tagsAutomationAccounts tagsPrivateEndpoints: tagsPrivateEndpoints tagsRecoveryServicesVault: tagsRecoveryServicesVault tagsStorageAccounts: tagsStorageAccounts tagsVirtualMachines: tagsVirtualMachines - timestamp: timestamp timeZone: timeZone - virtualNetwork: virtualNetwork - virtualNetworkResourceGroup: virtualNetworkResourceGroup } } diff --git a/src/bicep/add-ons/azureVirtualDesktop/modules/logic.bicep b/src/bicep/add-ons/azure-virtual-desktop/modules/logic.bicep similarity index 100% rename from src/bicep/add-ons/azureVirtualDesktop/modules/logic.bicep rename to src/bicep/add-ons/azure-virtual-desktop/modules/logic.bicep diff --git a/src/bicep/add-ons/azureVirtualDesktop/modules/management/artifacts.bicep b/src/bicep/add-ons/azure-virtual-desktop/modules/management/artifacts.bicep similarity index 62% rename from src/bicep/add-ons/azureVirtualDesktop/modules/management/artifacts.bicep rename to src/bicep/add-ons/azure-virtual-desktop/modules/management/artifacts.bicep index 1fa4100d6..904c65ff7 100644 --- a/src/bicep/add-ons/azureVirtualDesktop/modules/management/artifacts.bicep +++ b/src/bicep/add-ons/azure-virtual-desktop/modules/management/artifacts.bicep @@ -1,13 +1,14 @@ +param deploymentNameSuffix string +param hostPoolName string param location string +param mlzTags object +param resourceGroupControlPlane string param resourceGroupManagement string -param serviceName string param storageAccountName string param subscriptionId string param tags object -param timestamp string -param userAssignedIdentityNamePrefix string +param userAssignedIdentityName string -var name = replace(userAssignedIdentityNamePrefix, serviceName, 'artifacts') var roleDefinitionId = '2a2b9908-6ea1-4ae2-8e65-a410df84e7d1' // Storage Blob Data Reader resource storageAccount 'Microsoft.Storage/storageAccounts@2023-01-01' existing = { @@ -16,17 +17,19 @@ resource storageAccount 'Microsoft.Storage/storageAccounts@2023-01-01' existing module userAssignedIdentity 'userAssignedIdentity.bicep' = { scope: resourceGroup(subscriptionId, resourceGroupManagement) - name: 'UAI_Artifacts_${timestamp}' + name: 'deploy-id-artifacts-${deploymentNameSuffix}' params: { location: location - name: name - tags: contains(tags, 'Microsoft.ManagedIdentity/userAssignedIdentities') ? tags['Microsoft.ManagedIdentity/userAssignedIdentities'] : {} + name: userAssignedIdentityName + tags: union({ + 'cm-resource-parent': '${subscription().id}}/resourceGroups/${resourceGroupControlPlane}/providers/Microsoft.DesktopVirtualization/hostpools/${hostPoolName}' + }, contains(tags, 'Microsoft.ManagedIdentity/userAssignedIdentities') ? tags['Microsoft.ManagedIdentity/userAssignedIdentities'] : {}, mlzTags) } } resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = { scope: storageAccount - name: guid(name, roleDefinitionId, resourceGroup().id) + name: guid(userAssignedIdentityName, roleDefinitionId, resourceGroup().id) properties: { roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions', roleDefinitionId) principalId: userAssignedIdentity.outputs.principalId diff --git a/src/bicep/add-ons/azureVirtualDesktop/modules/management/autoIncreasePremiumFileShareQuota.bicep b/src/bicep/add-ons/azure-virtual-desktop/modules/management/autoIncreasePremiumFileShareQuota.bicep similarity index 82% rename from src/bicep/add-ons/azureVirtualDesktop/modules/management/autoIncreasePremiumFileShareQuota.bicep rename to src/bicep/add-ons/azure-virtual-desktop/modules/management/autoIncreasePremiumFileShareQuota.bicep index a1e576adc..d21b3faa3 100644 --- a/src/bicep/add-ons/azureVirtualDesktop/modules/management/autoIncreasePremiumFileShareQuota.bicep +++ b/src/bicep/add-ons/azure-virtual-desktop/modules/management/autoIncreasePremiumFileShareQuota.bicep @@ -1,5 +1,6 @@ param artifactsUri string param automationAccountName string +param deploymentNameSuffix string param deploymentUserAssignedIdentityClientId string param fslogixContainerType string param location string @@ -9,7 +10,6 @@ param storageCount int param storageIndex int param storageResourceGroupName string param tags object -param timestamp string param timeZone string var runbookFileName = 'Set-FileShareScaling.ps1' @@ -21,7 +21,7 @@ resource automationAccount 'Microsoft.Automation/automationAccounts@2022-08-08' } module runbook '../common/customScriptExtensions.bicep' = { - name: 'Runbook_QuotaScaling_${timestamp}' + name: 'deploy-runbook-${deploymentNameSuffix}' params: { fileUris: [ '${artifactsUri}${runbookFileName}' @@ -30,14 +30,14 @@ module runbook '../common/customScriptExtensions.bicep' = { location: location parameters: '-AutomationAccountName ${automationAccountName} -Environment ${environment().name} -ResourceGroupName ${resourceGroup().name} -RunbookFileName ${runbookFileName} -SubscriptionId ${subscription().subscriptionId} -TenantId ${tenant().tenantId} -UserAssignedIdentityClientId ${deploymentUserAssignedIdentityClientId}' scriptFileName: scriptFileName - tags: contains(tags, 'Microsoft.Compute/virtualMachines') ? tags['Microsoft.Compute/virtualMachines'] : {} + tags: tags userAssignedIdentityClientId: deploymentUserAssignedIdentityClientId virtualMachineName: managementVirtualMachineName } } module schedules 'schedules.bicep' = [for i in range(storageIndex, storageCount): { - name: 'Schedules_${i}_${timestamp}' + name: 'deploy-schedules-${i}-${deploymentNameSuffix}' params: { automationAccountName: automationAccount.name fslogixContainerType: fslogixContainerType @@ -47,7 +47,7 @@ module schedules 'schedules.bicep' = [for i in range(storageIndex, storageCount) }] module jobSchedules 'jobSchedules.bicep' = [for i in range(storageIndex, storageCount): { - name: 'JobSchedules_${i}_${timestamp}' + name: 'deploy-job-schedules-${i}-${deploymentNameSuffix}' params: { automationAccountName: automationAccount.name environment: environment().name @@ -56,7 +56,6 @@ module jobSchedules 'jobSchedules.bicep' = [for i in range(storageIndex, storage resourceGroupName: storageResourceGroupName storageAccountName: '${storageAccountNamePrefix}${padLeft(i, 2, '0')}' subscriptionId: subscriptionId - timestamp: timestamp } dependsOn: [ runbook @@ -65,11 +64,11 @@ module jobSchedules 'jobSchedules.bicep' = [for i in range(storageIndex, storage }] module roleAssignment '../common/roleAssignment.bicep' = { - name: 'RoleAssignment_Storage_${timestamp}' + name: 'deploy-role-assignment-storage-${deploymentNameSuffix}' scope: resourceGroup(storageResourceGroupName) params: { - PrincipalId: automationAccount.identity.principalId - PrincipalType: 'ServicePrincipal' - RoleDefinitionId: '17d1049b-9a84-46fb-8f53-869881c3d3ab' // Storage Account Contributor + principalId: automationAccount.identity.principalId + principalType: 'ServicePrincipal' + roleDefinitionId: '17d1049b-9a84-46fb-8f53-869881c3d3ab' // Storage Account Contributor } } diff --git a/src/bicep/add-ons/azureVirtualDesktop/modules/management/automationAccount.bicep b/src/bicep/add-ons/azure-virtual-desktop/modules/management/automationAccount.bicep similarity index 76% rename from src/bicep/add-ons/azureVirtualDesktop/modules/management/automationAccount.bicep rename to src/bicep/add-ons/azure-virtual-desktop/modules/management/automationAccount.bicep index 1abe18de2..927ad90c3 100644 --- a/src/bicep/add-ons/azureVirtualDesktop/modules/management/automationAccount.bicep +++ b/src/bicep/add-ons/azure-virtual-desktop/modules/management/automationAccount.bicep @@ -3,9 +3,12 @@ param automationAccountName string param automationAccountNetworkInterfaceName string param automationAccountPrivateDnsZoneResourceId string param automationAccountPrivateEndpointName string +param hostPoolName string param location string param logAnalyticsWorkspaceResourceId string +param mlzTags object param monitoring bool +param resourceGroupControlPlane string param subnetResourceId string param tags object param virtualMachineName string @@ -17,7 +20,7 @@ resource virtualMachine 'Microsoft.Compute/virtualMachines@2023-07-01' existing resource automationAccount 'Microsoft.Automation/automationAccounts@2021-06-22' = { name: automationAccountName location: location - tags: contains(tags, 'Microsoft.Automation/automationAccounts') ? tags['Microsoft.Automation/automationAccounts'] : {} + tags: union({'cm-resource-parent': '${subscription().id}}/resourceGroups/${resourceGroupControlPlane}/providers/Microsoft.DesktopVirtualization/hostpools/${hostPoolName}'}, contains(tags, 'Microsoft.Automation/automationAccounts') ? tags['Microsoft.Automation/automationAccounts'] : {}, mlzTags) identity: { type: 'SystemAssigned' } @@ -31,7 +34,7 @@ resource automationAccount 'Microsoft.Automation/automationAccounts@2021-06-22' resource privateEndpoint 'Microsoft.Network/privateEndpoints@2023-04-01' = { name: automationAccountPrivateEndpointName location: location - tags: contains(tags, 'Microsoft.Network/privateEndpoints') ? tags['Microsoft.Network/privateEndpoints'] : {} + tags: union({'cm-resource-parent': '${subscription().id}}/resourceGroups/${resourceGroupControlPlane}/providers/Microsoft.DesktopVirtualization/hostpools/${hostPoolName}'}, contains(tags, 'Microsoft.Network/privateEndpoints') ? tags['Microsoft.Network/privateEndpoints'] : {}, mlzTags) properties: { customNetworkInterfaceName: automationAccountNetworkInterfaceName privateLinkServiceConnections: [ @@ -83,7 +86,7 @@ resource extension_HybridWorker 'Microsoft.Compute/virtualMachines/extensions@20 parent: virtualMachine name: 'HybridWorkerForWindows' location: location - tags: contains(tags, 'Microsoft.Compute/virtualMachines') ? tags['Microsoft.Compute/virtualMachines'] : {} + tags: union({'cm-resource-parent': '${subscription().id}}/resourceGroups/${resourceGroupControlPlane}/providers/Microsoft.DesktopVirtualization/hostpools/${hostPoolName}'}, contains(tags, 'Microsoft.Compute/virtualMachines') ? tags['Microsoft.Compute/virtualMachines'] : {}, mlzTags) properties: { publisher: 'Microsoft.Azure.Automation.HybridWorker' type: 'HybridWorkerForWindows' @@ -119,4 +122,5 @@ resource diagnosticSetting 'Microsoft.Insights/diagnosticsettings@2017-05-01-pre } } +output name string = automationAccount.name output hybridRunbookWorkerGroupName string = hybridRunbookWorkerGroup.name diff --git a/src/bicep/add-ons/azureVirtualDesktop/modules/management/diskAccess.bicep b/src/bicep/add-ons/azure-virtual-desktop/modules/management/diskAccess.bicep similarity index 53% rename from src/bicep/add-ons/azureVirtualDesktop/modules/management/diskAccess.bicep rename to src/bicep/add-ons/azure-virtual-desktop/modules/management/diskAccess.bicep index 3247304f0..c6bfeb527 100644 --- a/src/bicep/add-ons/azureVirtualDesktop/modules/management/diskAccess.bicep +++ b/src/bicep/add-ons/azure-virtual-desktop/modules/management/diskAccess.bicep @@ -1,19 +1,26 @@ param diskAccessName string +param hostPoolName string param location string +param mlzTags object +param resourceGroupControlPlane string param subnetResourceId string param tags object resource diskAccess 'Microsoft.Compute/diskAccesses@2021-04-01' = { name: diskAccessName location: location - tags: contains(tags, 'Microsoft.Compute/diskAccesses') ? tags['Microsoft.Compute/diskAccesses'] : {} + tags: union({ + 'cm-resource-parent': '${subscription().id}}/resourceGroups/${resourceGroupControlPlane}/providers/Microsoft.DesktopVirtualization/hostpools/${hostPoolName}' + }, contains(tags, 'Microsoft.Compute/diskAccesses') ? tags['Microsoft.Compute/diskAccesses'] : {}, mlzTags) properties: {} } resource privateEndpoint 'Microsoft.Network/privateEndpoints@2023-04-01' = { name: 'pe-${diskAccessName}' location: location - tags: contains(tags, 'Microsoft.Network/privateEndpoints') ? tags['Microsoft.Network/privateEndpoints'] : {} + tags: union({ + 'cm-resource-parent': '${subscription().id}}/resourceGroups/${resourceGroupControlPlane}/providers/Microsoft.DesktopVirtualization/hostpools/${hostPoolName}' + }, contains(tags, 'Microsoft.Network/privateEndpoints') ? tags['Microsoft.Network/privateEndpoints'] : {}, mlzTags) properties: { customNetworkInterfaceName: 'nic-${diskAccessName}' privateLinkServiceConnections: [ diff --git a/src/bicep/add-ons/azureVirtualDesktop/modules/management/jobSchedules.bicep b/src/bicep/add-ons/azure-virtual-desktop/modules/management/jobSchedules.bicep similarity index 91% rename from src/bicep/add-ons/azureVirtualDesktop/modules/management/jobSchedules.bicep rename to src/bicep/add-ons/azure-virtual-desktop/modules/management/jobSchedules.bicep index 0a73a09dc..0e5efb72e 100644 --- a/src/bicep/add-ons/azureVirtualDesktop/modules/management/jobSchedules.bicep +++ b/src/bicep/add-ons/azure-virtual-desktop/modules/management/jobSchedules.bicep @@ -5,7 +5,7 @@ param resourceGroupName string param runbookName string param storageAccountName string param subscriptionId string -param timestamp string +param timestamp string = utcNow('yyyyMMddHHmmss') resource automationAccount 'Microsoft.Automation/automationAccounts@2022-08-08' existing = { name: automationAccountName @@ -13,6 +13,7 @@ resource automationAccount 'Microsoft.Automation/automationAccounts@2022-08-08' resource jobSchedules_ProfileContainers 'Microsoft.Automation/automationAccounts/jobSchedules@2022-08-08' = [for i in range(0, 4): { parent: automationAccount + #disable-next-line use-stable-resource-identifiers name: guid(timestamp, runbookName, storageAccountName, 'ProfileContainers', string(i)) properties: { parameters: { @@ -34,6 +35,7 @@ resource jobSchedules_ProfileContainers 'Microsoft.Automation/automationAccounts resource jobSchedules_OfficeContainers 'Microsoft.Automation/automationAccounts/jobSchedules@2022-08-08' = [for i in range(0, 4): if (contains(fslogixContainerType, 'Office')) { parent: automationAccount + #disable-next-line use-stable-resource-identifiers name: guid(timestamp, runbookName, storageAccountName, 'OfficeContainers', string(i)) properties: { parameters: { diff --git a/src/bicep/add-ons/azureVirtualDesktop/modules/management/management.bicep b/src/bicep/add-ons/azure-virtual-desktop/modules/management/management.bicep similarity index 64% rename from src/bicep/add-ons/azureVirtualDesktop/modules/management/management.bicep rename to src/bicep/add-ons/azure-virtual-desktop/modules/management/management.bicep index 884e69666..828081cf8 100644 --- a/src/bicep/add-ons/azureVirtualDesktop/modules/management/management.bicep +++ b/src/bicep/add-ons/azure-virtual-desktop/modules/management/management.bicep @@ -3,48 +3,31 @@ targetScope = 'subscription' param activeDirectorySolution string param artifactsUri string param artifactsStorageAccountResourceId string -param automationAccountDiagnosticSettingName string -param automationAccountName string -param automationAccountNetworkInterfaceName string -param automationAccountPrivateDnsZoneResourceId string -param automationAccountPrivateEndpointName string param availability string param avdObjectId string -param azureBlobsPrivateDnsZoneResourceId string param azurePowerShellModuleMsiName string -param azureQueueStoragePrivateDnsZoneResourceId string -param dataCollectionRuleName string -//param diskAccessName string -param diskNamePrefix string -param diskEncryptionSetName string +param deploymentNameSuffix string param diskSku string @secure() param domainJoinPassword string param domainJoinUserPrincipalName string param domainName string param enableMonitoring bool -param environmentAbbreviation string -param fslogix bool +param deployFslogix bool +param diskEncryptionSetResourceId string param fslogixStorageService string -param hostPoolName string param hostPoolType string param imageVersionResourceId string -param keyVaultName string -param keyVaultNetworkInterfaceName string -param keyVaultPrivateDnsZoneResourceId string -param keyVaultPrivateEndpointName string param locationVirtualMachines string -param logAnalyticsWorkspaceName string param logAnalyticsWorkspaceRetention int param logAnalyticsWorkspaceSku string -param networkInterfaceNamePrefix string -param networkName string +param mlzTags object +param namingConvention object param organizationalUnitPath string +param privateDnsZoneResourceIdPrefix string +param privateDnsZones array param recoveryServices bool -param recoveryServicesPrivateDnsZoneResourceId string -param recoveryServicesVaultName string -param recoveryServicesVaultNetworkInterfaceName string -param recoveryServicesVaultPrivateEndpointName string +param recoveryServicesGeo string param resourceGroupControlPlane string param resourceGroupFeedWorkspace string param resourceGroupHosts string @@ -52,27 +35,24 @@ param resourceGroupManagement string param resourceGroupStorage string param roleDefinitions object param scalingTool bool -param securityLogAnalyticsWorkspaceResourceId string -param serviceName string +param serviceToken string param sessionHostCount int param storageService string param subnetResourceId string param tags object -param timestamp string param timeZone string -param userAssignedIdentityNamePrefix string param virtualMachineMonitoringAgent string -param virtualMachineNamePrefix string @secure() param virtualMachinePassword string param virtualMachineUsername string param virtualMachineSize string -param workspaceFeedName string + +var hostPoolName = namingConvention.hostPool +var userAssignedIdentityNamePrefix = namingConvention.userAssignedIdentity var CpuCountMax = contains(hostPoolType, 'Pooled') ? 32 : 128 var CpuCountMin = contains(hostPoolType, 'Pooled') ? 4 : 2 -var roleAssignments = union(roleAssignmentsCommon, roleAssignmentStorage) -var roleAssignmentsCommon = [ +var roleAssignments = union([ { roleDefinitionId: 'f353d9bd-d4a6-484e-a77a-8050b599b867' // Automation Contributor (Purpose: adds runbook to automation account) resourceGroup: resourceGroupManagement @@ -103,14 +83,13 @@ var roleAssignmentsCommon = [ resourceGroup: split(artifactsStorageAccountResourceId, '/')[4] subscription: split(artifactsStorageAccountResourceId, '/')[2] } -] -var roleAssignmentStorage = fslogix ? [ +], deployFslogix ? [ { roleDefinitionId: '17d1049b-9a84-46fb-8f53-869881c3d3ab' // Storage Account Contributor (Purpose: domain join storage account & set NTFS permissions on the file share) resourceGroup: resourceGroupStorage subscription: subscription().subscriptionId } -] : [] +] : []) var VirtualNetworkName = split(subnetResourceId, '/')[8] var VirtualNetworkResourceGroupName = split(subnetResourceId, '/')[4] @@ -119,8 +98,11 @@ var VirtualNetworkResourceGroupName = split(subnetResourceId, '/')[4] scope: resourceGroup(resourceGroupManagement) name: 'DiskAccess_${timestamp}' params: { - diskAccessName: diskAccessName + diskAccessName: namingConvention.diskAccess + hostPoolName: hostPoolName location: locationVirtualMachines + mlzTags: mlzTags + resourceGroupControlPlane: resourceGroupControlPlane subnetResourceId: subnetResourceId tags: tags } @@ -129,7 +111,7 @@ var VirtualNetworkResourceGroupName = split(subnetResourceId, '/')[4] // Sets an Azure policy to disable public network access to managed disks // Once Enhanced Policies in Recovery Services support managed disks with private link, remove the "if" condition module policy 'policy.bicep' = if (contains(hostPoolType, 'Pooled') && recoveryServices) { - name: 'Policy_${timestamp}' + name: 'deploy-policy-disks-${deploymentNameSuffix}' params: { // Disabling the param below until Enhanced Policies in Recovery Services support managed disks with private link //diskAccessResourceId: diskAccess.outputs.resourceId @@ -140,28 +122,30 @@ module policy 'policy.bicep' = if (contains(hostPoolType, 'Pooled') && recoveryS module deploymentUserAssignedIdentity 'userAssignedIdentity.bicep' = { scope: resourceGroup(resourceGroupManagement) - name: 'UserAssignedIdentity_${timestamp}' + name: 'deploy-id-deployment-${deploymentNameSuffix}' params: { location: locationVirtualMachines - name: replace(userAssignedIdentityNamePrefix, serviceName, 'deployment') - tags: contains(tags, 'Microsoft.ManagedIdentity/userAssignedIdentities') ? tags['Microsoft.ManagedIdentity/userAssignedIdentities'] : {} + name: replace(userAssignedIdentityNamePrefix, serviceToken, 'deployment') + tags: union({ + 'cm-resource-parent': '${subscription().id}}/resourceGroups/${resourceGroupControlPlane}/providers/Microsoft.DesktopVirtualization/hostpools/${hostPoolName}' + }, contains(tags, 'Microsoft.ManagedIdentity/userAssignedIdentities') ? tags['Microsoft.ManagedIdentity/userAssignedIdentities'] : {}, mlzTags) } } module roleAssignments_deployment '../common/roleAssignment.bicep' = [for i in range(0, length(roleAssignments)): { scope: resourceGroup(roleAssignments[i].subscription, roleAssignments[i].resourceGroup) - name: 'RoleAssignment_${i}_${timestamp}' + name: 'deploy-role-assignment-${i}-${deploymentNameSuffix}' params: { - PrincipalId: deploymentUserAssignedIdentity.outputs.principalId - PrincipalType: 'ServicePrincipal' - RoleDefinitionId: roleAssignments[i].roleDefinitionId + principalId: deploymentUserAssignedIdentity.outputs.principalId + principalType: 'ServicePrincipal' + roleDefinitionId: roleAssignments[i].roleDefinitionId } }] // Role Assignment for Validation // This role assignment is required to collect validation information resource roleAssignment_validation 'Microsoft.Authorization/roleAssignments@2022-04-01' = { - name: guid('${userAssignedIdentityNamePrefix}-deployment', roleDefinitions.Reader, subscription().id) + name: guid(replace(userAssignedIdentityNamePrefix, serviceToken, 'deployment'), roleDefinitions.Reader, subscription().id) properties: { roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions', roleDefinitions.Reader) principalId: deploymentUserAssignedIdentity.outputs.principalId @@ -171,78 +155,46 @@ resource roleAssignment_validation 'Microsoft.Authorization/roleAssignments@2022 module artifacts 'artifacts.bicep' = { scope: resourceGroup(split(artifactsStorageAccountResourceId, '/')[2], split(artifactsStorageAccountResourceId, '/')[4]) - name: 'Artifacts_${timestamp}' + name: 'deploy-artifacts-${deploymentNameSuffix}' params: { + deploymentNameSuffix: deploymentNameSuffix + hostPoolName: hostPoolName location: locationVirtualMachines + mlzTags: mlzTags + resourceGroupControlPlane: resourceGroupControlPlane resourceGroupManagement: resourceGroupManagement - serviceName: serviceName storageAccountName: split(artifactsStorageAccountResourceId, '/')[8] subscriptionId: subscription().subscriptionId tags: tags - timestamp: timestamp - userAssignedIdentityNamePrefix: userAssignedIdentityNamePrefix - } -} - -// Deploys the prerequisites to enable customer managed keys on storage accounts and managed disks -module customerManagedKeys 'customerManagedKeys.bicep' = { - name: 'CustomerManagedKeys_${timestamp}' - scope: resourceGroup(resourceGroupManagement) - params: { - environment: environmentAbbreviation - keyVaultName: keyVaultName - keyVaultNetworkInterfaceName: keyVaultNetworkInterfaceName - keyVaultPrivateDnsZoneResourceId: keyVaultPrivateDnsZoneResourceId - keyVaultPrivateEndpointName: keyVaultPrivateEndpointName - location: locationVirtualMachines - serviceName: serviceName - subnetResourceId: subnetResourceId - tags: tags - timestamp: timestamp - userAssignedIdentityNamePrefix: userAssignedIdentityNamePrefix - } -} - -module diskEncryptionSet 'diskEncryptionSet.bicep' = { - name: 'DiskEncryptionSet_${timestamp}' - scope: resourceGroup(resourceGroupManagement) - params: { - diskEncryptionSetName: diskEncryptionSetName - keyUrl: customerManagedKeys.outputs.keyUriWithVersion - keyVaultResourceId: customerManagedKeys.outputs.keyVaultResourceId - location: locationVirtualMachines - tags: contains(tags, 'Microsoft.Compute/diskEncryptionSets') ? tags['Microsoft.Compute/diskEncryptionSets'] : {} - timestamp: timestamp + userAssignedIdentityName: replace(userAssignedIdentityNamePrefix, serviceToken, 'artifacts') } } // Management VM // The management VM is required to validate the deployment and configure FSLogix storage. module virtualMachine 'virtualMachine.bicep' = { - name: 'ManagementVirtualMachine_${timestamp}' + name: 'deploy-mgmt-vm-${deploymentNameSuffix}' scope: resourceGroup(resourceGroupManagement) params: { artifactsUri: artifactsUri azurePowerShellModuleMsiName: azurePowerShellModuleMsiName deploymentUserAssignedIdentityClientId: deploymentUserAssignedIdentity.outputs.clientId deploymentUserAssignedIdentityResourceId: deploymentUserAssignedIdentity.outputs.resourceId - diskEncryptionSetResourceId: diskEncryptionSet.outputs.resourceId - diskNamePrefix: diskNamePrefix + diskEncryptionSetResourceId: diskEncryptionSetResourceId + diskName: replace(namingConvention.virtualMachineDisk, serviceToken, 'mgt') diskSku: diskSku domainJoinPassword: domainJoinPassword domainJoinUserPrincipalName: domainJoinUserPrincipalName domainName: domainName + hostPoolName: hostPoolName location: locationVirtualMachines - networkInterfaceNamePrefix: networkInterfaceNamePrefix - networkName: networkName + mlzTags: mlzTags + networkInterfaceName: replace(namingConvention.virtualMachineNetworkInterface, serviceToken, 'mgt') organizationalUnitPath: organizationalUnitPath - securityLogAnalyticsWorkspaceResourceId: securityLogAnalyticsWorkspaceResourceId - serviceName: serviceName + resourceGroupControlPlane: resourceGroupControlPlane subnet: split(subnetResourceId, '/')[10] - tagsNetworkInterfaces: contains(tags, 'Microsoft.Network/networkInterfaces') ? tags['Microsoft.Network/networkInterfaces'] : {} - tagsVirtualMachines: contains(tags, 'Microsoft.Compute/virtualMachines') ? tags['Microsoft.Compute/virtualMachines'] : {} - virtualMachineMonitoringAgent: virtualMachineMonitoringAgent - virtualMachineNamePrefix: virtualMachineNamePrefix + tags: tags + virtualMachineName: replace(namingConvention.virtualMachine, serviceToken, 'mgt') virtualMachinePassword: virtualMachinePassword virtualMachineUsername: virtualMachineUsername virtualNetwork: VirtualNetworkName @@ -254,15 +206,17 @@ module virtualMachine 'virtualMachine.bicep' = { // This module validates the selected parameter values and collects required data module validations '../common/customScriptExtensions.bicep' = { scope: resourceGroup(resourceGroupManagement) - name: 'Validations_${timestamp}' + name: 'validate-deployment-${deploymentNameSuffix}' params: { fileUris: [ '${artifactsUri}Get-Validations.ps1' ] location: locationVirtualMachines - parameters: '-ActiveDirectorySolution ${activeDirectorySolution} -CpuCountMax ${CpuCountMax} -CpuCountMin ${CpuCountMin} -DomainName ${empty(domainName) ? 'NotApplicable' : domainName} -Environment ${environment().name} -imageVersionResourceId ${empty(imageVersionResourceId) ? 'NotApplicable' : imageVersionResourceId} -Location ${locationVirtualMachines} -SessionHostCount ${sessionHostCount} -StorageService ${storageService} -SubscriptionId ${subscription().subscriptionId} -TenantId ${tenant().tenantId} -UserAssignedIdentityClientId ${deploymentUserAssignedIdentity.outputs.clientId} -VirtualMachineSize ${virtualMachineSize} -VirtualNetworkName ${VirtualNetworkName} -VirtualNetworkResourceGroupName ${VirtualNetworkResourceGroupName} -WorkspaceFeedName ${workspaceFeedName} -WorkspaceResourceGroupName ${resourceGroupFeedWorkspace}' + parameters: '-ActiveDirectorySolution ${activeDirectorySolution} -CpuCountMax ${CpuCountMax} -CpuCountMin ${CpuCountMin} -DomainName ${empty(domainName) ? 'NotApplicable' : domainName} -Environment ${environment().name} -imageVersionResourceId ${empty(imageVersionResourceId) ? 'NotApplicable' : imageVersionResourceId} -Location ${locationVirtualMachines} -SessionHostCount ${sessionHostCount} -StorageService ${storageService} -SubscriptionId ${subscription().subscriptionId} -TenantId ${tenant().tenantId} -UserAssignedIdentityClientId ${deploymentUserAssignedIdentity.outputs.clientId} -VirtualMachineSize ${virtualMachineSize} -VirtualNetworkName ${VirtualNetworkName} -VirtualNetworkResourceGroupName ${VirtualNetworkResourceGroupName} -WorkspaceFeedName ${namingConvention.workspaceFeed} -WorkspaceResourceGroupName ${resourceGroupFeedWorkspace}' scriptFileName: 'Get-Validations.ps1' - tags: contains(tags, 'Microsoft.Compute/virtualMachines') ? tags['Microsoft.Compute/virtualMachines'] : {} + tags: union({ + 'cm-resource-parent': '${subscription().id}}/resourceGroups/${resourceGroupControlPlane}/providers/Microsoft.DesktopVirtualization/hostpools/${hostPoolName}' + }, contains(tags, 'Microsoft.Compute/virtualMachines') ? tags['Microsoft.Compute/virtualMachines'] : {}, mlzTags) userAssignedIdentityClientId: deploymentUserAssignedIdentity.outputs.clientId virtualMachineName: virtualMachine.outputs.Name } @@ -280,15 +234,16 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = { // Monitoring Resources for AVD Insights // This module deploys a Log Analytics Workspace with either Windows Events & Windows Performance Counters or a Data Collection Rule module monitoring 'monitoring.bicep' = if (enableMonitoring) { - name: 'Monitoring_${timestamp}' + name: 'deploy-monitoring-${deploymentNameSuffix}' scope: resourceGroup(resourceGroupManagement) params: { - dataCollectionRuleName: dataCollectionRuleName + dataCollectionRuleName: namingConvention.dataCollectionRule hostPoolName: hostPoolName location: locationVirtualMachines - logAnalyticsWorkspaceName: logAnalyticsWorkspaceName + logAnalyticsWorkspaceName: namingConvention.logAnalyticsWorkspace logAnalyticsWorkspaceRetention: logAnalyticsWorkspaceRetention logAnalyticsWorkspaceSku: logAnalyticsWorkspaceSku + mlzTags: mlzTags resourceGroupControlPlane: resourceGroupControlPlane tags: tags virtualMachineMonitoringAgent: virtualMachineMonitoringAgent @@ -297,35 +252,41 @@ module monitoring 'monitoring.bicep' = if (enableMonitoring) { // Automation Account required for the AVD Scaling Tool and the Auto Increase Premium File Share Quota solution module automationAccount 'automationAccount.bicep' = if (scalingTool || fslogixStorageService == 'AzureFiles Premium') { - name: 'AutomationAccount_${timestamp}' + name: 'deploy-aa-${deploymentNameSuffix}' scope: resourceGroup(resourceGroupManagement) params: { - automationAccountDiagnosticSettingName: automationAccountDiagnosticSettingName - automationAccountName: automationAccountName - automationAccountNetworkInterfaceName: automationAccountNetworkInterfaceName - automationAccountPrivateDnsZoneResourceId: automationAccountPrivateDnsZoneResourceId - automationAccountPrivateEndpointName: automationAccountPrivateEndpointName + automationAccountDiagnosticSettingName: namingConvention.automationAccountDiagnosticSetting + automationAccountName: namingConvention.automationAccount + automationAccountNetworkInterfaceName: namingConvention.automationAccountNetworkInterface + automationAccountPrivateDnsZoneResourceId: '${privateDnsZoneResourceIdPrefix}${filter(privateDnsZones, name => startsWith(name, 'privatelink.azure-automation'))[0]}' + automationAccountPrivateEndpointName: namingConvention.automationAccountPrivateEndpoint + hostPoolName: hostPoolName location: locationVirtualMachines logAnalyticsWorkspaceResourceId: enableMonitoring ? monitoring.outputs.logAnalyticsWorkspaceResourceId : '' + mlzTags: mlzTags monitoring: enableMonitoring + resourceGroupControlPlane: resourceGroupControlPlane subnetResourceId: subnetResourceId - tags: contains(tags, 'Microsoft.Automation/automationAccounts') ? tags['Microsoft.Automation/automationAccounts'] : {} + tags: tags virtualMachineName: virtualMachine.outputs.Name } } module recoveryServicesVault 'recoveryServicesVault.bicep' = if (recoveryServices && ((contains(activeDirectorySolution, 'DomainServices') && contains(hostPoolType, 'Pooled') && contains(fslogixStorageService, 'AzureFiles')) || contains(hostPoolType, 'Personal'))) { - name: 'RecoveryServicesVault_${timestamp}' + name: 'deploy-rsv-${deploymentNameSuffix}' scope: resourceGroup(resourceGroupManagement) params: { - azureBlobsPrivateDnsZoneResourceId: azureBlobsPrivateDnsZoneResourceId - fslogix: fslogix + azureBlobsPrivateDnsZoneResourceId: '${privateDnsZoneResourceIdPrefix}${filter(privateDnsZones, name => contains(name, 'blob'))[0]}' + azureQueueStoragePrivateDnsZoneResourceId: '${privateDnsZoneResourceIdPrefix}${filter(privateDnsZones, name => contains(name, 'queue'))[0]}' + deployFslogix: deployFslogix + hostPoolName: hostPoolName location: locationVirtualMachines - azureQueueStoragePrivateDnsZoneResourceId: azureQueueStoragePrivateDnsZoneResourceId - recoveryServicesPrivateDnsZoneResourceId: recoveryServicesPrivateDnsZoneResourceId - recoveryServicesVaultName: recoveryServicesVaultName - recoveryServicesVaultNetworkInterfaceName: recoveryServicesVaultNetworkInterfaceName - recoveryServicesVaultPrivateEndpointName: recoveryServicesVaultPrivateEndpointName + mlzTags: mlzTags + recoveryServicesPrivateDnsZoneResourceId: '${privateDnsZoneResourceIdPrefix}${filter(privateDnsZones, name => startsWith(name, 'privatelink.${recoveryServicesGeo}.backup.windowsazure'))[0]}' + recoveryServicesVaultName: namingConvention.recoveryServicesVault + recoveryServicesVaultNetworkInterfaceName: namingConvention.recoveryServicesVaultNetworkInterface + recoveryServicesVaultPrivateEndpointName: namingConvention.recoveryServicesVaultPrivateEndpoint + resourceGroupControlPlane: resourceGroupControlPlane storageService: storageService subnetId: subnetResourceId tags: tags @@ -336,19 +297,16 @@ module recoveryServicesVault 'recoveryServicesVault.bicep' = if (recoveryService output artifactsUserAssignedIdentityClientId string = artifacts.outputs.userAssignedIdentityClientId output artifactsUserAssignedIdentityPrincipalId string = artifacts.outputs.userAssignedIdentityPrincipalId output artifactsUserAssignedIdentityResourceId string = artifacts.outputs.userAssignedIdentityResourceId +output automationAccountName string = automationAccount.outputs.name output dataCollectionRuleResourceId string = enableMonitoring ? monitoring.outputs.dataCollectionRuleResourceId : '' output deploymentUserAssignedIdentityClientId string = deploymentUserAssignedIdentity.outputs.clientId output deploymentUserAssignedIdentityPrincipalId string = deploymentUserAssignedIdentity.outputs.principalId output deploymentUserAssignedIdentityResourceId string = deploymentUserAssignedIdentity.outputs.resourceId -output diskEncryptionSetResourceId string = diskEncryptionSet.outputs.resourceId -output encryptionUserAssignedIdentityClientId string = customerManagedKeys.outputs.encryptionUserAssignedIdentityClientId -output encryptionUserAssignedIdentityPrincipalId string = customerManagedKeys.outputs.encryptionUserAssignedIdentityPrincipalId -output encryptionUserAssignedIdentityResourceId string = customerManagedKeys.outputs.encryptionUserAssignedIdentityResourceId output existingFeedWorkspace bool = validations.outputs.value.existingWorkspace == 'true' ? true : false output hybridRunbookWorkerGroupName string = scalingTool || fslogixStorageService == 'AzureFiles Premium' ? automationAccount.outputs.hybridRunbookWorkerGroupName : '' -output keyVaultUri string = customerManagedKeys.outputs.keyVaultUri +output logAnalyticsWorkspaceName string = enableMonitoring ? monitoring.outputs.logAnalyticsWorkspaceName : '' output logAnalyticsWorkspaceResourceId string = enableMonitoring ? monitoring.outputs.logAnalyticsWorkspaceResourceId : '' -output storageEncryptionKeyName string = customerManagedKeys.outputs.storageKeyName +output recoveryServicesVaultName string = recoveryServices && ((contains(activeDirectorySolution, 'DomainServices') && contains(hostPoolType, 'Pooled') && contains(fslogixStorageService, 'AzureFiles')) || contains(hostPoolType, 'Personal')) ? recoveryServicesVault.outputs.name : '' output validateAcceleratedNetworking string = validations.outputs.value.acceleratedNetworking output validateANFDnsServers string = validations.outputs.value.anfDnsServers output validateANFfActiveDirectory string = validations.outputs.value.anfActiveDirectory diff --git a/src/bicep/add-ons/azureVirtualDesktop/modules/management/monitoring.bicep b/src/bicep/add-ons/azure-virtual-desktop/modules/management/monitoring.bicep similarity index 97% rename from src/bicep/add-ons/azureVirtualDesktop/modules/management/monitoring.bicep rename to src/bicep/add-ons/azure-virtual-desktop/modules/management/monitoring.bicep index 4badbbfd1..12cf57b7e 100644 --- a/src/bicep/add-ons/azureVirtualDesktop/modules/management/monitoring.bicep +++ b/src/bicep/add-ons/azure-virtual-desktop/modules/management/monitoring.bicep @@ -4,6 +4,7 @@ param location string param logAnalyticsWorkspaceName string param logAnalyticsWorkspaceRetention int param logAnalyticsWorkspaceSku string +param mlzTags object param resourceGroupControlPlane string param tags object param virtualMachineMonitoringAgent string @@ -396,7 +397,7 @@ resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2021-06 location: location tags: union({ 'cm-resource-parent': '${subscription().id}}/resourceGroups/${resourceGroupControlPlane}/providers/Microsoft.DesktopVirtualization/hostpools/${hostPoolName}' - }, contains(tags, 'Microsoft.OperationalInsights/workspaces') ? tags['Microsoft.OperationalInsights/workspaces'] : {}) + }, contains(tags, 'Microsoft.OperationalInsights/workspaces') ? tags['Microsoft.OperationalInsights/workspaces'] : {}, mlzTags) properties: { sku: { name: logAnalyticsWorkspaceSku @@ -416,7 +417,7 @@ resource windowsEvents 'Microsoft.OperationalInsights/workspaces/dataSources@202 name: 'WindowsEvent${i}' tags: union({ 'cm-resource-parent': '${subscription().id}}/resourceGroups/${resourceGroupControlPlane}/providers/Microsoft.DesktopVirtualization/hostpools/${hostPoolName}' - }, contains(tags, 'Microsoft.OperationalInsights/workspaces') ? tags['Microsoft.OperationalInsights/workspaces'] : {}) + }, contains(tags, 'Microsoft.OperationalInsights/workspaces') ? tags['Microsoft.OperationalInsights/workspaces'] : {}, mlzTags) kind: 'WindowsEvent' properties: { eventLogName: item.name @@ -430,7 +431,7 @@ resource windowsPerformanceCounters 'Microsoft.OperationalInsights/workspaces/da name: 'WindowsPerformanceCounter${i}' tags: union({ 'cm-resource-parent': '${subscription().id}}/resourceGroups/${resourceGroupControlPlane}/providers/Microsoft.DesktopVirtualization/hostpools/${hostPoolName}' - }, contains(tags, 'Microsoft.OperationalInsights/workspaces') ? tags['Microsoft.OperationalInsights/workspaces'] : {}) + }, contains(tags, 'Microsoft.OperationalInsights/workspaces') ? tags['Microsoft.OperationalInsights/workspaces'] : {}, mlzTags) kind: 'WindowsPerformanceCounter' properties: { objectName: item.objectName @@ -448,7 +449,7 @@ resource dataCollectionRule 'Microsoft.Insights/dataCollectionRules@2022-06-01' location: location tags: union({ 'cm-resource-parent': '${subscription().id}}/resourceGroups/${resourceGroupControlPlane}/providers/Microsoft.DesktopVirtualization/hostpools/${hostPoolName}' - }, contains(tags, 'Microsoft.Insights/dataCollectionRules') ? tags['Microsoft.Insights/dataCollectionRules'] : {}) + }, contains(tags, 'Microsoft.Insights/dataCollectionRules') ? tags['Microsoft.Insights/dataCollectionRules'] : {}, mlzTags) kind: 'Windows' properties: { dataSources: { @@ -531,6 +532,7 @@ resource dataCollectionRule 'Microsoft.Insights/dataCollectionRules@2022-06-01' } } +output logAnalyticsWorkspaceName string = logAnalyticsWorkspace.name output logAnalyticsWorkspaceResourceId string = logAnalyticsWorkspace.id output dataCollectionRuleResourceId string = virtualMachineMonitoringAgent == 'AzureMonitorAgent' ? dataCollectionRule.id : '' diff --git a/src/bicep/add-ons/azureVirtualDesktop/modules/management/policy.bicep b/src/bicep/add-ons/azure-virtual-desktop/modules/management/policy.bicep similarity index 100% rename from src/bicep/add-ons/azureVirtualDesktop/modules/management/policy.bicep rename to src/bicep/add-ons/azure-virtual-desktop/modules/management/policy.bicep diff --git a/src/bicep/add-ons/azureVirtualDesktop/modules/management/policyAssignment.bicep b/src/bicep/add-ons/azure-virtual-desktop/modules/management/policyAssignment.bicep similarity index 100% rename from src/bicep/add-ons/azureVirtualDesktop/modules/management/policyAssignment.bicep rename to src/bicep/add-ons/azure-virtual-desktop/modules/management/policyAssignment.bicep diff --git a/src/bicep/add-ons/azureVirtualDesktop/modules/management/recoveryServicesVault.bicep b/src/bicep/add-ons/azure-virtual-desktop/modules/management/recoveryServicesVault.bicep similarity index 69% rename from src/bicep/add-ons/azureVirtualDesktop/modules/management/recoveryServicesVault.bicep rename to src/bicep/add-ons/azure-virtual-desktop/modules/management/recoveryServicesVault.bicep index 141c3911b..07545a3fd 100644 --- a/src/bicep/add-ons/azureVirtualDesktop/modules/management/recoveryServicesVault.bicep +++ b/src/bicep/add-ons/azure-virtual-desktop/modules/management/recoveryServicesVault.bicep @@ -1,11 +1,14 @@ param azureBlobsPrivateDnsZoneResourceId string param azureQueueStoragePrivateDnsZoneResourceId string -param fslogix bool +param deployFslogix bool +param hostPoolName string param location string +param mlzTags object param recoveryServicesPrivateDnsZoneResourceId string param recoveryServicesVaultName string param recoveryServicesVaultNetworkInterfaceName string param recoveryServicesVaultPrivateEndpointName string +param resourceGroupControlPlane string param storageService string param subnetId string param tags object @@ -14,7 +17,9 @@ param timeZone string resource vault 'Microsoft.RecoveryServices/vaults@2022-03-01' = { name: recoveryServicesVaultName location: location - tags: contains(tags, 'Microsoft.RecoveryServices/vaults') ? tags['Microsoft.RecoveryServices/vaults'] : {} + tags: union({ + 'cm-resource-parent': '${subscription().id}}/resourceGroups/${resourceGroupControlPlane}/providers/Microsoft.DesktopVirtualization/hostpools/${hostPoolName}' + }, contains(tags, 'Microsoft.RecoveryServices/vaults') ? tags['Microsoft.RecoveryServices/vaults'] : {}, mlzTags) sku: { name: 'RS0' tier: 'Standard' @@ -22,11 +27,13 @@ resource vault 'Microsoft.RecoveryServices/vaults@2022-03-01' = { properties: {} } -resource backupPolicy_Storage 'Microsoft.RecoveryServices/vaults/backupPolicies@2022-03-01' = if (fslogix && storageService == 'AzureFiles') { +resource backupPolicy_Storage 'Microsoft.RecoveryServices/vaults/backupPolicies@2022-03-01' = if (deployFslogix && storageService == 'AzureFiles') { parent: vault name: 'AvdPolicyStorage' location: location - tags: contains(tags, 'Microsoft.RecoveryServices/vaults') ? tags['Microsoft.RecoveryServices/vaults'] : {} + tags: union({ + 'cm-resource-parent': '${subscription().id}}/resourceGroups/${resourceGroupControlPlane}/providers/Microsoft.DesktopVirtualization/hostpools/${hostPoolName}' + }, contains(tags, 'Microsoft.RecoveryServices/vaults') ? tags['Microsoft.RecoveryServices/vaults'] : {}, mlzTags) properties: { backupManagementType: 'AzureStorage' schedulePolicy: { @@ -53,11 +60,13 @@ resource backupPolicy_Storage 'Microsoft.RecoveryServices/vaults/backupPolicies@ } } -resource backupPolicy_Vm 'Microsoft.RecoveryServices/vaults/backupPolicies@2022-03-01' = if (!fslogix) { +resource backupPolicy_Vm 'Microsoft.RecoveryServices/vaults/backupPolicies@2022-03-01' = if (!deployFslogix) { parent: vault name: 'AvdPolicyVm' location: location - tags: contains(tags, 'Microsoft.RecoveryServices/vaults') ? tags['Microsoft.RecoveryServices/vaults'] : {} + tags: union({ + 'cm-resource-parent': '${subscription().id}}/resourceGroups/${resourceGroupControlPlane}/providers/Microsoft.DesktopVirtualization/hostpools/${hostPoolName}' + }, contains(tags, 'Microsoft.RecoveryServices/vaults') ? tags['Microsoft.RecoveryServices/vaults'] : {}, mlzTags) properties: { backupManagementType: 'AzureIaasVM' instantRpRetentionRangeInDays: 2 @@ -90,7 +99,9 @@ resource backupPolicy_Vm 'Microsoft.RecoveryServices/vaults/backupPolicies@2022- resource privateEndpoint 'Microsoft.Network/privateEndpoints@2023-04-01' = { name: recoveryServicesVaultPrivateEndpointName location: location - tags: contains(tags, 'Microsoft.Network/privateEndpoints') ? tags['Microsoft.Network/privateEndpoints'] : {} + tags: union({ + 'cm-resource-parent': '${subscription().id}}/resourceGroups/${resourceGroupControlPlane}/providers/Microsoft.DesktopVirtualization/hostpools/${hostPoolName}' + }, contains(tags, 'Microsoft.Network/privateEndpoints') ? tags['Microsoft.Network/privateEndpoints'] : {}, mlzTags) properties: { customNetworkInterfaceName: recoveryServicesVaultNetworkInterfaceName privateLinkServiceConnections: [ @@ -139,3 +150,5 @@ resource privateDnsZoneGroups 'Microsoft.Network/privateEndpoints/privateDnsZone vault ] } + +output name string = vault.name diff --git a/src/bicep/add-ons/azureVirtualDesktop/modules/management/scalingTool.bicep b/src/bicep/add-ons/azure-virtual-desktop/modules/management/scalingTool.bicep similarity index 90% rename from src/bicep/add-ons/azureVirtualDesktop/modules/management/scalingTool.bicep rename to src/bicep/add-ons/azure-virtual-desktop/modules/management/scalingTool.bicep index 259afb159..f83a3587f 100644 --- a/src/bicep/add-ons/azureVirtualDesktop/modules/management/scalingTool.bicep +++ b/src/bicep/add-ons/azure-virtual-desktop/modules/management/scalingTool.bicep @@ -1,6 +1,7 @@ param artifactsUri string param automationAccountName string param beginPeakTime string +param deploymentNameSuffix string param endPeakTime string param hostPoolName string param hostPoolResourceGroupName string @@ -13,9 +14,8 @@ param resourceGroupControlPlane string param resourceGroupHosts string param sessionThresholdPerCPU string param tags object -param timeDifference string param time string = utcNow('u') -param timestamp string +param timeDifference string param timeZone string param userAssignedIdentityClientId string @@ -31,7 +31,7 @@ resource automationAccount 'Microsoft.Automation/automationAccounts@2022-08-08' } module runbook '../common/customScriptExtensions.bicep' = { - name: 'Runbook_${timestamp}' + name: 'deploy-runboook-${deploymentNameSuffix}' params: { fileUris: [ '${artifactsUri}${runbookFileName}' @@ -40,7 +40,7 @@ module runbook '../common/customScriptExtensions.bicep' = { location: location parameters: '-AutomationAccountName ${automationAccountName} -Environment ${environment().name} -ResourceGroupName ${resourceGroup().name} -RunbookFileName ${runbookFileName} -SubscriptionId ${subscription().subscriptionId} -TenantId ${tenant().tenantId} -UserAssignedIdentityClientId ${userAssignedIdentityClientId}' scriptFileName: scriptFileName - tags: contains(tags, 'Microsoft.Compute/virtualMachines') ? tags['Microsoft.Compute/virtualMachines'] : {} + tags: tags userAssignedIdentityClientId: userAssignedIdentityClientId virtualMachineName: managementVirtualMachineName } @@ -96,11 +96,11 @@ resource jobSchedules 'Microsoft.Automation/automationAccounts/jobSchedules@2022 // Gives the Automation Account the "Desktop Virtualization Power On Off Contributor" role on the resource groups containing the hosts and host pool module roleAssignment '../common/roleAssignment.bicep' = [for i in range(0, length(roleAssignments)): { - name: 'RoleAssignment_${i}_${roleAssignments[i]}' + name: 'deploy-role-assignment-${i}-${deploymentNameSuffix}' scope: resourceGroup(roleAssignments[i]) params: { - PrincipalId: automationAccount.identity.principalId - PrincipalType: 'ServicePrincipal' - RoleDefinitionId: '40c5ff49-9181-41f8-ae61-143b0e78555e' // Desktop Virtualization Power On Off Contributor + principalId: automationAccount.identity.principalId + principalType: 'ServicePrincipal' + roleDefinitionId: '40c5ff49-9181-41f8-ae61-143b0e78555e' // Desktop Virtualization Power On Off Contributor } }] diff --git a/src/bicep/add-ons/azureVirtualDesktop/modules/management/schedules.bicep b/src/bicep/add-ons/azure-virtual-desktop/modules/management/schedules.bicep similarity index 100% rename from src/bicep/add-ons/azureVirtualDesktop/modules/management/schedules.bicep rename to src/bicep/add-ons/azure-virtual-desktop/modules/management/schedules.bicep diff --git a/src/bicep/add-ons/azureVirtualDesktop/modules/management/userAssignedIdentity.bicep b/src/bicep/add-ons/azure-virtual-desktop/modules/management/userAssignedIdentity.bicep similarity index 100% rename from src/bicep/add-ons/azureVirtualDesktop/modules/management/userAssignedIdentity.bicep rename to src/bicep/add-ons/azure-virtual-desktop/modules/management/userAssignedIdentity.bicep diff --git a/src/bicep/add-ons/azureVirtualDesktop/modules/management/virtualMachine.bicep b/src/bicep/add-ons/azure-virtual-desktop/modules/management/virtualMachine.bicep similarity index 72% rename from src/bicep/add-ons/azureVirtualDesktop/modules/management/virtualMachine.bicep rename to src/bicep/add-ons/azure-virtual-desktop/modules/management/virtualMachine.bicep index 2834b549a..aace75c8f 100644 --- a/src/bicep/add-ons/azureVirtualDesktop/modules/management/virtualMachine.bicep +++ b/src/bicep/add-ons/azure-virtual-desktop/modules/management/virtualMachine.bicep @@ -3,46 +3,38 @@ param azurePowerShellModuleMsiName string param deploymentUserAssignedIdentityClientId string param deploymentUserAssignedIdentityResourceId string param diskEncryptionSetResourceId string -param diskNamePrefix string +param diskName string param diskSku string @secure() param domainJoinPassword string param domainJoinUserPrincipalName string param domainName string +param hostPoolName string param location string -param networkInterfaceNamePrefix string -param networkName string +param mlzTags object +param networkInterfaceName string param organizationalUnitPath string -param securityLogAnalyticsWorkspaceResourceId string -param serviceName string +param resourceGroupControlPlane string param subnet string -param tagsNetworkInterfaces object -param tagsVirtualMachines object +param tags object param timestamp string = utcNow('yyyyMMddhhmmss') param virtualNetwork string param virtualNetworkResourceGroup string -param virtualMachineMonitoringAgent string -param virtualMachineNamePrefix string +param virtualMachineName string @secure() param virtualMachinePassword string param virtualMachineUsername string -var networkInterfaceName = replace(networkInterfaceNamePrefix, serviceName, 'mgt-vm') -var securitylogAnalyticsWorkspaceName = securityMonitoring ? split(securityLogAnalyticsWorkspaceResourceId, '/')[8] : '' -var securityLogAnalyticsWorkspaceResourceGroupName = securityMonitoring ? split(securityLogAnalyticsWorkspaceResourceId, '/')[4] : resourceGroup().name -var securityLogAnalyticsWorkspaceSubscriptionId = securityMonitoring ? split(securityLogAnalyticsWorkspaceResourceId, '/')[2] : subscription().subscriptionId -var securityMonitoring = empty(securityLogAnalyticsWorkspaceResourceId) ? false : true -var virtualMachineName = replace(replace(virtualMachineNamePrefix, serviceName, 'mgt'), networkName, '') - -resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2022-10-01' existing = if (securityMonitoring) { - scope: resourceGroup(securityLogAnalyticsWorkspaceSubscriptionId, securityLogAnalyticsWorkspaceResourceGroupName) - name: securitylogAnalyticsWorkspaceName -} +var tagsVirtualMachines = union({ + 'cm-resource-parent': '${subscription().id}}/resourceGroups/${resourceGroupControlPlane}/providers/Microsoft.DesktopVirtualization/hostpools/${hostPoolName}' +}, contains(tags, 'Microsoft.Compute/virtualMachines') ? tags['Microsoft.Compute/virtualMachines'] : {}, mlzTags) resource networkInterface 'Microsoft.Network/networkInterfaces@2020-05-01' = { name: networkInterfaceName location: location - tags: tagsNetworkInterfaces + tags: union({ + 'cm-resource-parent': '${subscription().id}}/resourceGroups/${resourceGroupControlPlane}/providers/Microsoft.DesktopVirtualization/hostpools/${hostPoolName}' + }, contains(tags, 'Microsoft.Network/networkInterfaces') ? tags['Microsoft.Network/networkInterfaces'] : {}, mlzTags) properties: { ipConfigurations: [ { @@ -88,7 +80,7 @@ resource virtualMachine 'Microsoft.Compute/virtualMachines@2021-11-01' = { } storageAccountType: diskSku } - name: replace(diskNamePrefix, serviceName, 'mgt-vm') + name: diskName } dataDisks: [] } @@ -187,28 +179,6 @@ resource extension_GuestAttestation 'Microsoft.Compute/virtualMachines/extension } } -resource extension_MicrosoftMonitoringAgent 'Microsoft.Compute/virtualMachines/extensions@2021-03-01' = if (securityMonitoring && virtualMachineMonitoringAgent == 'LogAnalyticsAgent') { - parent: virtualMachine - name: 'MicrosoftmonitoringAgent' - location: location - tags: tagsVirtualMachines - properties: { - publisher: 'Microsoft.EnterpriseCloud.monitoring' - type: 'MicrosoftmonitoringAgent' - typeHandlerVersion: '1.0' - autoUpgradeMinorVersion: true - settings: { - workspaceId: securityMonitoring ? logAnalyticsWorkspace.properties.customerId : null - } - protectedSettings: { - workspaceKey: securityMonitoring ? listKeys(securityLogAnalyticsWorkspaceResourceId, '2021-06-01').primarySharedKey : null - } - } - dependsOn: [ - extension_IaasAntimalware - ] -} - module extension_CustomScriptExtension '../common/customScriptExtensions.bicep' = { name: 'CSE_InstallAzurePowerShellAzModule_${timestamp}' params: { @@ -224,7 +194,7 @@ module extension_CustomScriptExtension '../common/customScriptExtensions.bicep' userAssignedIdentityClientId: deploymentUserAssignedIdentityClientId } dependsOn: [ - extension_MicrosoftMonitoringAgent + extension_IaasAntimalware ] } diff --git a/src/bicep/add-ons/azureVirtualDesktop/modules/resourceGroup.bicep b/src/bicep/add-ons/azure-virtual-desktop/modules/resourceGroup.bicep similarity index 100% rename from src/bicep/add-ons/azureVirtualDesktop/modules/resourceGroup.bicep rename to src/bicep/add-ons/azure-virtual-desktop/modules/resourceGroup.bicep diff --git a/src/bicep/add-ons/azureVirtualDesktop/modules/resourceNames.bicep b/src/bicep/add-ons/azure-virtual-desktop/modules/resourceNames.bicep similarity index 97% rename from src/bicep/add-ons/azureVirtualDesktop/modules/resourceNames.bicep rename to src/bicep/add-ons/azure-virtual-desktop/modules/resourceNames.bicep index d2761ad9d..4c7fe1ffc 100644 --- a/src/bicep/add-ons/azureVirtualDesktop/modules/resourceNames.bicep +++ b/src/bicep/add-ons/azure-virtual-desktop/modules/resourceNames.bicep @@ -58,22 +58,6 @@ var resources = { diskEncryptionSetName: replace(replace(replace(namingConvention, resourceAbbreviation, resourceAbbreviations.diskEncryptionSets), '-${serviceName}', ''), locationAbbreviation, locations[locationVirtualMachines].abbreviation) diskNamePrefix: replace(replace(namingConvention, resourceAbbreviation, resourceAbbreviations.disks), locationAbbreviation, locations[locationVirtualMachines].abbreviation) filePrivateDnsZoneName: 'privatelink.file.${environment().suffixes.storage}' - fileShareNames: { - CloudCacheProfileContainer: [ - 'profile-containers' - ] - CloudCacheProfileOfficeContainer: [ - 'office-containers' - 'profile-containers' - ] - ProfileContainer: [ - 'profile-containers' - ] - ProfileOfficeContainer: [ - 'office-containers' - 'profile-containers' - ] - } hostPoolDiagnosticSettingName: replace(replace(replace(namingConvention, resourceAbbreviation, resourceAbbreviations.diagnosticSettings), serviceName, resourceAbbreviations.hostPools), locationAbbreviation, locations[locationControlPlane].abbreviation) hostPoolName: replace(replace(replace(namingConvention, resourceAbbreviation, resourceAbbreviations.hostPools), '-${serviceName}', ''), locationAbbreviation, locations[locationControlPlane].abbreviation) hostPoolNetworkInterfaceName: replace(replace(replace(namingConvention, resourceAbbreviation, resourceAbbreviations.networkInterfaces), serviceName, resourceAbbreviations.hostPools), locationAbbreviation, locations[locationControlPlane].abbreviation) diff --git a/src/bicep/add-ons/azureVirtualDesktop/modules/sessionHosts/availabilitySets.bicep b/src/bicep/add-ons/azure-virtual-desktop/modules/sessionHosts/availabilitySets.bicep similarity index 100% rename from src/bicep/add-ons/azureVirtualDesktop/modules/sessionHosts/availabilitySets.bicep rename to src/bicep/add-ons/azure-virtual-desktop/modules/sessionHosts/availabilitySets.bicep diff --git a/src/bicep/add-ons/azureVirtualDesktop/modules/sessionHosts/protectedItems.bicep b/src/bicep/add-ons/azure-virtual-desktop/modules/sessionHosts/protectedItems.bicep similarity index 100% rename from src/bicep/add-ons/azureVirtualDesktop/modules/sessionHosts/protectedItems.bicep rename to src/bicep/add-ons/azure-virtual-desktop/modules/sessionHosts/protectedItems.bicep diff --git a/src/bicep/add-ons/azureVirtualDesktop/modules/sessionHosts/recoveryServices.bicep b/src/bicep/add-ons/azure-virtual-desktop/modules/sessionHosts/recoveryServices.bicep similarity index 87% rename from src/bicep/add-ons/azureVirtualDesktop/modules/sessionHosts/recoveryServices.bicep rename to src/bicep/add-ons/azure-virtual-desktop/modules/sessionHosts/recoveryServices.bicep index b4dd9fa80..14bccc3d6 100644 --- a/src/bicep/add-ons/azureVirtualDesktop/modules/sessionHosts/recoveryServices.bicep +++ b/src/bicep/add-ons/azure-virtual-desktop/modules/sessionHosts/recoveryServices.bicep @@ -1,5 +1,6 @@ +param deployFslogix bool +param deploymentNameSuffix string param divisionRemainderValue int -param fslogix bool param location string param maxResourcesPerTemplateDeployment int param recoveryServicesVaultName string @@ -8,7 +9,6 @@ param resourceGroupManagement string param sessionHostBatchCount int param sessionHostIndex int param tagsRecoveryServicesVault object -param timestamp string param virtualMachineNamePrefix string resource vault 'Microsoft.RecoveryServices/vaults@2022-03-01' existing = { @@ -21,8 +21,8 @@ resource backupPolicy_Vm 'Microsoft.RecoveryServices/vaults/backupPolicies@2022- name: 'AvdPolicyVm' } -module protectedItems_Vm 'protectedItems.bicep' = [for i in range(1, sessionHostBatchCount): if (!fslogix) { - name: 'BackupProtectedItems_VirtualMachines_${i - 1}_${timestamp}' +module protectedItems_Vm 'protectedItems.bicep' = [for i in range(1, sessionHostBatchCount): if (!deployFslogix) { + name: 'deploy-backup-protected-items-${i - 1}-${deploymentNameSuffix}' scope: resourceGroup(resourceGroupManagement) // Management Resource Group params: { location: location diff --git a/src/bicep/add-ons/azureVirtualDesktop/modules/sessionHosts/sessionHosts.bicep b/src/bicep/add-ons/azure-virtual-desktop/modules/sessionHosts/sessionHosts.bicep similarity index 82% rename from src/bicep/add-ons/azureVirtualDesktop/modules/sessionHosts/sessionHosts.bicep rename to src/bicep/add-ons/azure-virtual-desktop/modules/sessionHosts/sessionHosts.bicep index dc549bd6b..bcb5140bb 100644 --- a/src/bicep/add-ons/azureVirtualDesktop/modules/sessionHosts/sessionHosts.bicep +++ b/src/bicep/add-ons/azure-virtual-desktop/modules/sessionHosts/sessionHosts.bicep @@ -7,17 +7,16 @@ param artifactsUserAssignedIdentityClientId string param artifactsUserAssignedIdentityResourceId string param automationAccountName string param availability string -param availabilitySetNamePrefix string param availabilitySetsCount int param availabilitySetsIndex int param availabilityZones array param avdAgentBootLoaderMsiName string param avdAgentMsiName string -param dataCollectionRuleAssociationName string param dataCollectionRuleResourceId string +param deployFslogix bool +param deploymentNameSuffix string param deploymentUserAssignedIdentityClientId string param diskEncryptionSetResourceId string -param diskNamePrefix string param diskSku string param divisionRemainderValue int @secure() @@ -25,11 +24,12 @@ param domainJoinPassword string param domainJoinUserPrincipalName string param domainName string param drainMode bool -param fslogix bool +param environmentAbbreviation string param fslogixContainerType string param hostPoolName string param hostPoolType string param hybridRunbookWorkerGroupName string +param identifier string param imageOffer string param imagePublisher string param imageSku string @@ -38,10 +38,10 @@ param location string param logAnalyticsWorkspaceName string param managementVirtualMachineName string param maxResourcesPerTemplateDeployment int +param mlzTags object param monitoring bool +param namingConvention object param netAppFileShares array -param networkInterfaceNamePrefix string -param networkName string param organizationalUnitPath string param pooledHostPool bool param enableRecoveryServices bool @@ -57,37 +57,34 @@ param scalingLimitSecondsToForceLogOffUser string param scalingMinimumNumberOfRdsh string param scalingSessionThresholdPerCPU string param securityPrincipalObjectIds array -param securityLogAnalyticsWorkspaceResourceId string -param serviceName string +param serviceToken string param sessionHostBatchCount int param sessionHostIndex int -param storageAccountPrefix string param storageCount int param storageIndex int param storageService string param storageSuffix string -param subnet string +param subnetResourceId string param tags object param timeDifference string -param timestamp string param timeZone string param virtualMachineMonitoringAgent string -param virtualMachineNamePrefix string @secure() param virtualMachinePassword string param virtualMachineSize string param virtualMachineUsername string -param virtualNetwork string -param virtualNetworkResourceGroup string -var tagsAutomationAccounts = union({'cm-resource-parent': '${subscription().id}}/resourceGroups/${resourceGroupManagement}/providers/Microsoft.DesktopVirtualization/hostpools/${hostPoolName}'}, contains(tags, 'Microsoft.Automation/automationAccounts') ? tags['Microsoft.Automation/automationAccounts'] : {}) -var tagsAvailabilitySets = union({'cm-resource-parent': '${subscription().id}}/resourceGroups/${resourceGroupManagement}/providers/Microsoft.DesktopVirtualization/hostpools/${hostPoolName}'}, contains(tags, 'Microsoft.Compute/availabilitySets') ? tags['Microsoft.Compute/availabilitySets'] : {}) -var tagsNetworkInterfaces = union({'cm-resource-parent': '${subscription().id}}/resourceGroups/${resourceGroupManagement}/providers/Microsoft.DesktopVirtualization/hostpools/${hostPoolName}'}, contains(tags, 'Microsoft.Network/networkInterfaces') ? tags['Microsoft.Network/networkInterfaces'] : {}) -var tagsRecoveryServicesVault = union({'cm-resource-parent': '${subscription().id}}/resourceGroups/${resourceGroupManagement}/providers/Microsoft.DesktopVirtualization/hostpools/${hostPoolName}'}, contains(tags, 'Microsoft.recoveryServices/vaults') ? tags['Microsoft.recoveryServices/vaults'] : {}) -var tagsVirtualMachines = union({'cm-resource-parent': '${subscription().id}}/resourceGroups/${resourceGroupManagement}/providers/Microsoft.DesktopVirtualization/hostpools/${hostPoolName}'}, contains(tags, 'Microsoft.Compute/virtualMachines') ? tags['Microsoft.Compute/virtualMachines'] : {}) +var availabilitySetNamePrefix = namingConvention.availabilitySet +var tagsAutomationAccounts = union({'cm-resource-parent': '${subscription().id}}/resourceGroups/${resourceGroupManagement}/providers/Microsoft.DesktopVirtualization/hostpools/${hostPoolName}'}, contains(tags, 'Microsoft.Automation/automationAccounts') ? tags['Microsoft.Automation/automationAccounts'] : {}, mlzTags) +var tagsAvailabilitySets = union({'cm-resource-parent': '${subscription().id}}/resourceGroups/${resourceGroupManagement}/providers/Microsoft.DesktopVirtualization/hostpools/${hostPoolName}'}, contains(tags, 'Microsoft.Compute/availabilitySets') ? tags['Microsoft.Compute/availabilitySets'] : {}, mlzTags) +var tagsNetworkInterfaces = union({'cm-resource-parent': '${subscription().id}}/resourceGroups/${resourceGroupManagement}/providers/Microsoft.DesktopVirtualization/hostpools/${hostPoolName}'}, contains(tags, 'Microsoft.Network/networkInterfaces') ? tags['Microsoft.Network/networkInterfaces'] : {}, mlzTags) +var tagsRecoveryServicesVault = union({'cm-resource-parent': '${subscription().id}}/resourceGroups/${resourceGroupManagement}/providers/Microsoft.DesktopVirtualization/hostpools/${hostPoolName}'}, contains(tags, 'Microsoft.recoveryServices/vaults') ? tags['Microsoft.recoveryServices/vaults'] : {}, mlzTags) +var tagsVirtualMachines = union({'cm-resource-parent': '${subscription().id}}/resourceGroups/${resourceGroupManagement}/providers/Microsoft.DesktopVirtualization/hostpools/${hostPoolName}'}, contains(tags, 'Microsoft.Compute/virtualMachines') ? tags['Microsoft.Compute/virtualMachines'] : {}, mlzTags) +var uniqueToken = uniqueString(identifier, environmentAbbreviation, subscription().subscriptionId) +var virtualMachineNamePrefix = replace(namingConvention.virtualMachine, serviceToken, '') module availabilitySets 'availabilitySets.bicep' = if (pooledHostPool && availability == 'availabilitySets') { - name: 'availabilitySets_${timestamp}' + name: 'deploy-avail-${deploymentNameSuffix}' scope: resourceGroup(resourceGroupHosts) params: { availabilitySetNamePrefix: availabilitySetNamePrefix @@ -101,18 +98,18 @@ module availabilitySets 'availabilitySets.bicep' = if (pooledHostPool && availab // Role Assignment for Virtual Machine Login User // This module deploys the role assignments to login to Azure AD joined session hosts module roleAssignments '../common/roleAssignment.bicep' = [for i in range(0, length(securityPrincipalObjectIds)): if (!contains(activeDirectorySolution, 'DomainServices')) { - name: 'RoleAssignments_${i}_${timestamp}' + name: 'deploy-role-assignments-${i}-${deploymentNameSuffix}' scope: resourceGroup(resourceGroupHosts) params: { - PrincipalId: securityPrincipalObjectIds[i] - PrincipalType: 'Group' - RoleDefinitionId: roleDefinitions.VirtualMachineUserLogin + principalId: securityPrincipalObjectIds[i] + principalType: 'Group' + roleDefinitionId: roleDefinitions.VirtualMachineUserLogin } }] @batchSize(1) module virtualMachines 'virtualMachines.bicep' = [for i in range(1, sessionHostBatchCount): { - name: 'VirtualMachines_${i - 1}_${timestamp}' + name: 'deploy-vms-${i - 1}-${deploymentNameSuffix}' scope: resourceGroup(resourceGroupHosts) params: { acceleratedNetworking: acceleratedNetworking @@ -126,17 +123,18 @@ module virtualMachines 'virtualMachines.bicep' = [for i in range(1, sessionHostB avdAgentBootLoaderMsiName: avdAgentBootLoaderMsiName avdAgentMsiName: avdAgentMsiName batchCount: i - dataCollectionRuleAssociationName: dataCollectionRuleAssociationName + dataCollectionRuleAssociationName: namingConvention.dataCollectionRuleAssociation dataCollectionRuleResourceId: dataCollectionRuleResourceId + deployFslogix: deployFslogix + deploymentNameSuffix: deploymentNameSuffix deploymentUserAssignedidentityClientId: deploymentUserAssignedIdentityClientId diskEncryptionSetResourceId: diskEncryptionSetResourceId - diskNamePrefix: diskNamePrefix + diskNamePrefix: namingConvention.virtualMachineDisk diskSku: diskSku domainJoinPassword: domainJoinPassword domainJoinUserPrincipalName: domainJoinUserPrincipalName domainName: domainName enableDrainMode: drainMode - fslogix: fslogix fslogixContainerType: fslogixContainerType hostPoolName: hostPoolName hostPoolType: hostPoolType @@ -149,31 +147,27 @@ module virtualMachines 'virtualMachines.bicep' = [for i in range(1, sessionHostB managementVirtualMachineName: managementVirtualMachineName monitoring: monitoring netAppFileShares: netAppFileShares - networkInterfaceNamePrefix: networkInterfaceNamePrefix - networkName: networkName + networkInterfaceNamePrefix: namingConvention.virtualMachineNetworkInterface organizationalUnitPath: organizationalUnitPath resourceGroupControlPlane: resourceGroupControlPlane resourceGroupManagement: resourceGroupManagement - securityLogAnalyticsWorkspaceResourceId: securityLogAnalyticsWorkspaceResourceId - serviceName: serviceName + serviceToken: serviceToken sessionHostCount: i == sessionHostBatchCount && divisionRemainderValue > 0 ? divisionRemainderValue : maxResourcesPerTemplateDeployment sessionHostIndex: i == 1 ? sessionHostIndex : ((i - 1) * maxResourcesPerTemplateDeployment) + sessionHostIndex - storageAccountPrefix: storageAccountPrefix + storageAccountPrefix: namingConvention.storageAccount storageCount: storageCount storageIndex: storageIndex storageService: storageService storageSuffix: storageSuffix - subnet: subnet + subnetResourceId: subnetResourceId tagsNetworkInterfaces: tagsNetworkInterfaces tagsVirtualMachines: tagsVirtualMachines - timestamp: timestamp + uniqueToken: uniqueToken virtualMachineMonitoringAgent: virtualMachineMonitoringAgent virtualMachineNamePrefix: virtualMachineNamePrefix virtualMachinePassword: virtualMachinePassword virtualMachineSize: virtualMachineSize virtualMachineUsername: virtualMachineUsername - virtualNetwork: virtualNetwork - virtualNetworkResourceGroup: virtualNetworkResourceGroup } dependsOn: [ availabilitySets @@ -181,11 +175,12 @@ module virtualMachines 'virtualMachines.bicep' = [for i in range(1, sessionHostB }] module recoveryServices 'recoveryServices.bicep' = if (enableRecoveryServices && contains(hostPoolType, 'Personal')) { - name: 'RecoveryServices_VirtualMachines_${timestamp}' + name: 'deploy-recovery-services-${deploymentNameSuffix}' scope: resourceGroup(resourceGroupManagement) params: { + deployFslogix: deployFslogix + deploymentNameSuffix: deploymentNameSuffix divisionRemainderValue: divisionRemainderValue - fslogix: fslogix location: location maxResourcesPerTemplateDeployment: maxResourcesPerTemplateDeployment recoveryServicesVaultName: recoveryServicesVaultName @@ -194,7 +189,6 @@ module recoveryServices 'recoveryServices.bicep' = if (enableRecoveryServices && sessionHostBatchCount: sessionHostBatchCount sessionHostIndex: sessionHostIndex tagsRecoveryServicesVault: tagsRecoveryServicesVault - timestamp: timestamp virtualMachineNamePrefix: virtualMachineNamePrefix } dependsOn: [ @@ -203,12 +197,13 @@ module recoveryServices 'recoveryServices.bicep' = if (enableRecoveryServices && } module scalingTool '../management/scalingTool.bicep' = if (enableScalingTool && pooledHostPool) { - name: 'ScalingTool_${timestamp}' + name: 'deploy-scaling-tool-${deploymentNameSuffix}' scope: resourceGroup(resourceGroupManagement) params: { artifactsUri: artifactsUri automationAccountName: automationAccountName beginPeakTime: scalingBeginPeakTime + deploymentNameSuffix: deploymentNameSuffix endPeakTime: scalingEndPeakTime hostPoolName: hostPoolName hostPoolResourceGroupName: resourceGroupControlPlane @@ -222,7 +217,6 @@ module scalingTool '../management/scalingTool.bicep' = if (enableScalingTool && sessionThresholdPerCPU: scalingSessionThresholdPerCPU tags: tagsAutomationAccounts timeDifference: timeDifference - timestamp: timestamp timeZone: timeZone userAssignedIdentityClientId: deploymentUserAssignedIdentityClientId } diff --git a/src/bicep/add-ons/azureVirtualDesktop/modules/sessionHosts/virtualMachines.bicep b/src/bicep/add-ons/azure-virtual-desktop/modules/sessionHosts/virtualMachines.bicep similarity index 83% rename from src/bicep/add-ons/azureVirtualDesktop/modules/sessionHosts/virtualMachines.bicep rename to src/bicep/add-ons/azure-virtual-desktop/modules/sessionHosts/virtualMachines.bicep index 1533260b9..e08cb5833 100644 --- a/src/bicep/add-ons/azureVirtualDesktop/modules/sessionHosts/virtualMachines.bicep +++ b/src/bicep/add-ons/azure-virtual-desktop/modules/sessionHosts/virtualMachines.bicep @@ -11,6 +11,8 @@ param avdAgentMsiName string param batchCount int param dataCollectionRuleAssociationName string param dataCollectionRuleResourceId string +param deployFslogix bool +param deploymentNameSuffix string param deploymentUserAssignedidentityClientId string param diskEncryptionSetResourceId string param diskNamePrefix string @@ -20,7 +22,6 @@ param domainJoinPassword string param domainJoinUserPrincipalName string param domainName string param enableDrainMode bool -param fslogix bool param fslogixContainerType string param hostPoolName string param hostPoolType string @@ -34,12 +35,10 @@ param managementVirtualMachineName string param monitoring bool param netAppFileShares array param networkInterfaceNamePrefix string -param networkName string param organizationalUnitPath string param resourceGroupControlPlane string param resourceGroupManagement string -param securityLogAnalyticsWorkspaceResourceId string -param serviceName string +param serviceToken string param sessionHostCount int param sessionHostIndex int param storageAccountPrefix string @@ -47,18 +46,17 @@ param storageCount int param storageIndex int param storageService string param storageSuffix string -param subnet string +param subnetResourceId string param tagsNetworkInterfaces object param tagsVirtualMachines object -param timestamp string +param timestamp string = utcNow('yyyyMMddhhmmss') +param uniqueToken string param virtualMachineMonitoringAgent string param virtualMachineNamePrefix string @secure() param virtualMachinePassword string param virtualMachineSize string param virtualMachineUsername string -param virtualNetwork string -param virtualNetworkResourceGroup string var amdVmSize = contains(amdVmSizes, virtualMachineSize) var amdVmSizes = [ @@ -71,8 +69,8 @@ var fslogixExclusions = '"%TEMP%\\*\\*.VHDX";"%Windir%\\TEMP\\*\\*.VHDX"${fslogi var fslogixExclusionsCloudCache = contains(fslogixContainerType, 'CloudCache') ? ';"%ProgramData%\\fslogix\\Cache\\*";"%ProgramData%\\fslogix\\Proxy\\*"' : '' var fslogixExclusionsOfficeContainers = contains(fslogixContainerType, 'Office') ? ';"${fslogixOfficeShare}";"${fslogixOfficeShare}.lock";"${fslogixOfficeShare}.meta";"${fslogixOfficeShare}.metadata"' : '' var fslogixExclusionsProfileContainers = ';"${fslogixProfileShare}";"${fslogixProfileShare}.lock";"${fslogixProfileShare}.meta";"${fslogixProfileShare}.metadata"' -var fslogixOfficeShare = '\\\\${storageAccountPrefix}??.file.${storageSuffix}\\office-containers\\*\\*.VHDX' -var fslogixProfileShare = '\\\\${storageAccountPrefix}??.file.${storageSuffix}\\profile-containers\\*\\*.VHDX' +var fslogixOfficeShare = '\\\\${storageAccountToken}.file.${storageSuffix}\\office-containers\\*\\*.VHDX' +var fslogixProfileShare = '\\\\${storageAccountToken}.file.${storageSuffix}\\profile-containers\\*\\*.VHDX' var imageReference = empty(imageVersionResourceId) ? { publisher: imagePublisher offer: imageOffer @@ -102,20 +100,11 @@ var nvidiaVmSizes = [ 'Standard_NV72ads_A10_v5' ] var pooledHostPool = (split(hostPoolType, ' ')[0] == 'Pooled') -var securitylogAnalyticsWorkspaceName = securityMonitoring ? split(securityLogAnalyticsWorkspaceResourceId, '/')[8] : '' -var securityLogAnalyticsWorkspaceResourceGroupName = securityMonitoring ? split(securityLogAnalyticsWorkspaceResourceId, '/')[4] : resourceGroup().name -var securityLogAnalyticsWorkspaceSubscriptionId = securityMonitoring ? split(securityLogAnalyticsWorkspaceResourceId, '/')[2] : subscription().subscriptionId -var securityMonitoring = empty(securityLogAnalyticsWorkspaceResourceId) ? false : true -var securityWorkspaceKey = securityMonitoring ? listKeys(securityLogAnalyticsWorkspaceResourceId, '2021-06-01').primarySharedKey : 'NotApplicable' -var sessionHostNamePrefix = replace(virtualMachineNamePrefix, '${serviceName}${networkName}', '') - -resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2021-06-01' existing = if (securityMonitoring) { - name: securitylogAnalyticsWorkspaceName - scope: resourceGroup(securityLogAnalyticsWorkspaceSubscriptionId, securityLogAnalyticsWorkspaceResourceGroupName) -} +var sessionHostNamePrefix = replace(virtualMachineNamePrefix, serviceToken, '') +var storageAccountToken = take('${storageAccountPrefix}??${uniqueToken}', 24) resource networkInterface 'Microsoft.Network/networkInterfaces@2020-05-01' = [for i in range(0, sessionHostCount): { - name: '${replace(networkInterfaceNamePrefix, '-${serviceName}', '')}-${padLeft((i + sessionHostIndex), 4, '0')}' + name: '${replace(networkInterfaceNamePrefix, '-${serviceToken}', '')}-${padLeft((i + sessionHostIndex), 4, '0')}' location: location tags: tagsNetworkInterfaces properties: { @@ -125,7 +114,7 @@ resource networkInterface 'Microsoft.Network/networkInterfaces@2020-05-01' = [fo properties: { privateIPAllocationMethod: 'Dynamic' subnet: { - id: resourceId(subscription().subscriptionId, virtualNetworkResourceGroup, 'Microsoft.Network/virtualNetworks/subnets', virtualNetwork, subnet) + id: subnetResourceId } primary: true privateIPAddressVersion: 'IPv4' @@ -160,7 +149,7 @@ resource virtualMachine 'Microsoft.Compute/virtualMachines@2021-03-01' = [for i storageProfile: { imageReference: imageReference osDisk: { - name: '${replace(diskNamePrefix, '-${serviceName}', '')}-${padLeft((i + sessionHostIndex), 4, '0')}' + name: '${replace(diskNamePrefix, '-${serviceToken}', '')}-${padLeft((i + sessionHostIndex), 4, '0')}' osType: 'Windows' createOption: 'FromImage' caching: 'ReadWrite' @@ -235,7 +224,7 @@ resource extension_IaasAntimalware 'Microsoft.Compute/virtualMachines/extensions time: '120' // When to perform the scheduled scan, measured in minutes from midnight (0-1440). For example: 0 = 12AM, 60 = 1AM, 120 = 2AM. scanType: 'Quick' //Indicates whether scheduled scan setting type is set to Quick or Full (default is Quick) } - Exclusions: fslogix ? { + Exclusions: deployFslogix ? { Paths: fslogixExclusions } : {} } @@ -335,7 +324,7 @@ resource extension_CustomScriptExtension 'Microsoft.Compute/virtualMachines/exte timestamp: timestamp } protectedSettings: { - commandToExecute: 'powershell -ExecutionPolicy Unrestricted -File Set-SessionHostConfiguration.ps1 -activeDirectorySolution ${activeDirectorySolution} -amdVmSize ${amdVmSize} -avdAgentBootLoaderMsiName "${avdAgentBootLoaderMsiName}" -avdAgentMsiName "${avdAgentMsiName}" -Environment ${environment().name} -fslogix ${fslogix} -fslogixContainerType ${fslogixContainerType} -hostPoolName ${hostPoolName} -HostPoolRegistrationToken "${reference(resourceId(resourceGroupControlPlane, 'Microsoft.DesktopVirtualization/hostpools', hostPoolName), '2019-12-10-preview').registrationInfo.token}" -imageOffer ${imageOffer} -imagePublisher ${imagePublisher} -netAppFileShares ${netAppFileShares} -nvidiaVmSize ${nvidiaVmSize} -pooledHostPool ${pooledHostPool} -securityMonitoring ${securityMonitoring} -SecurityWorkspaceId ${securityMonitoring ? logAnalyticsWorkspace.properties.customerId : 'NotApplicable'} -securityWorkspaceKey "${securityWorkspaceKey}" -storageAccountPrefix ${storageAccountPrefix} -storageCount ${storageCount} -storageIndex ${storageIndex} -storageService ${storageService} -storageSuffix ${storageSuffix}' + commandToExecute: 'powershell -ExecutionPolicy Unrestricted -File Set-SessionHostConfiguration.ps1 -activeDirectorySolution ${activeDirectorySolution} -amdVmSize ${amdVmSize} -avdAgentBootLoaderMsiName "${avdAgentBootLoaderMsiName}" -avdAgentMsiName "${avdAgentMsiName}" -Environment ${environment().name} -fslogix ${deployFslogix} -fslogixContainerType ${fslogixContainerType} -hostPoolName ${hostPoolName} -HostPoolRegistrationToken "${reference(resourceId(resourceGroupControlPlane, 'Microsoft.DesktopVirtualization/hostpools', hostPoolName), '2019-12-10-preview').registrationInfo.token}" -imageOffer ${imageOffer} -imagePublisher ${imagePublisher} -netAppFileShares ${netAppFileShares} -nvidiaVmSize ${nvidiaVmSize} -pooledHostPool ${pooledHostPool} -storageAccountPrefix ${storageAccountPrefix} -storageCount ${storageCount} -storageIndex ${storageIndex} -storageService ${storageService} -storageSuffix ${storageSuffix} -uniqueToken ${uniqueToken}' managedidentity: { clientId: artifactsUserAssignedIdentityClientId } @@ -349,7 +338,7 @@ resource extension_CustomScriptExtension 'Microsoft.Compute/virtualMachines/exte // Enables drain mode on the session hosts so users cannot login to hosts immediately after the deployment module drainMode '../common/customScriptExtensions.bicep' = if (enableDrainMode) { - name: 'CSE_DrainMode_${batchCount}_${timestamp}' + name: 'deploy-drain-mode-${batchCount}-${deploymentNameSuffix}' scope: resourceGroup(resourceGroupManagement) params: { fileUris: [ diff --git a/src/bicep/add-ons/azureVirtualDesktop/modules/hub/hub.bicep b/src/bicep/add-ons/azure-virtual-desktop/modules/sharedServices/sharedServices.bicep similarity index 60% rename from src/bicep/add-ons/azureVirtualDesktop/modules/hub/hub.bicep rename to src/bicep/add-ons/azure-virtual-desktop/modules/sharedServices/sharedServices.bicep index dfbbc2ca6..c0d1c6699 100644 --- a/src/bicep/add-ons/azureVirtualDesktop/modules/hub/hub.bicep +++ b/src/bicep/add-ons/azure-virtual-desktop/modules/sharedServices/sharedServices.bicep @@ -1,40 +1,43 @@ targetScope = 'subscription' +param deploymentNameSuffix string param existingWorkspace bool param globalWorkspacePrivateDnsZoneResourceId string -param hubSubnetResourceId string +param sharedServicesSubnetResourceId string +param mlzTags object param resourceGroupName string -param timestamp string param workspaceGlobalName string param workspaceGlobalNetworkInterfaceName string param workspaceGlobalPrivateEndpointName string module virtualNetwork 'virtualNetwork.bicep' = if (!existingWorkspace) { - scope: resourceGroup(split(hubSubnetResourceId, '/')[4]) - name: 'SharedServices_VirtualNetwork_${timestamp}' + scope: resourceGroup(split(sharedServicesSubnetResourceId, '/')[4]) + name: 'get-vnet-shared-services-${deploymentNameSuffix}' params: { - name: split(hubSubnetResourceId, '/')[8] + name: split(sharedServicesSubnetResourceId, '/')[8] } } // Resource Group for the global AVD Workspace -module rg_GlobalWorkspace '../resourceGroup.bicep' = if (!existingWorkspace) { - name: 'ResourceGroup_WorkspaceGlobal_${timestamp}' - scope: subscription(split(hubSubnetResourceId, '/')[2]) +module rg_GlobalWorkspace '../../../../modules/resource-group.bicep' = if (!existingWorkspace) { + name: 'deploy-rg-vdws-global-${deploymentNameSuffix}' + scope: subscription(split(sharedServicesSubnetResourceId, '/')[2]) params: { location: !existingWorkspace ? virtualNetwork.outputs.location : '' - resourceGroupName: resourceGroupName + mlzTags: mlzTags + name: resourceGroupName tags: {} } } module workspace 'workspace.bicep' = if (!existingWorkspace) { - name: 'WorkspaceGlobal_${timestamp}' + name: 'deploy-vdws-global-${deploymentNameSuffix}' scope: resourceGroup(resourceGroupName) params: { globalWorkspacePrivateDnsZoneResourceId: globalWorkspacePrivateDnsZoneResourceId location: !existingWorkspace ? virtualNetwork.outputs.location : '' - subnetResourceId: hubSubnetResourceId + subnetResourceId: sharedServicesSubnetResourceId + tags: mlzTags workspaceGlobalName: workspaceGlobalName workspaceGlobalNetworkInterfaceName: workspaceGlobalNetworkInterfaceName workspaceGlobalPrivateEndpointName: workspaceGlobalPrivateEndpointName diff --git a/src/bicep/add-ons/azureVirtualDesktop/modules/hub/virtualNetwork.bicep b/src/bicep/add-ons/azure-virtual-desktop/modules/sharedServices/virtualNetwork.bicep similarity index 100% rename from src/bicep/add-ons/azureVirtualDesktop/modules/hub/virtualNetwork.bicep rename to src/bicep/add-ons/azure-virtual-desktop/modules/sharedServices/virtualNetwork.bicep diff --git a/src/bicep/add-ons/azureVirtualDesktop/modules/hub/workspace.bicep b/src/bicep/add-ons/azure-virtual-desktop/modules/sharedServices/workspace.bicep similarity index 96% rename from src/bicep/add-ons/azureVirtualDesktop/modules/hub/workspace.bicep rename to src/bicep/add-ons/azure-virtual-desktop/modules/sharedServices/workspace.bicep index eaece9869..e597837d4 100644 --- a/src/bicep/add-ons/azureVirtualDesktop/modules/hub/workspace.bicep +++ b/src/bicep/add-ons/azure-virtual-desktop/modules/sharedServices/workspace.bicep @@ -1,6 +1,7 @@ param globalWorkspacePrivateDnsZoneResourceId string param location string param subnetResourceId string +param tags object param workspaceGlobalName string param workspaceGlobalNetworkInterfaceName string param workspaceGlobalPrivateEndpointName string @@ -8,14 +9,14 @@ param workspaceGlobalPrivateEndpointName string resource workspace 'Microsoft.DesktopVirtualization/workspaces@2023-09-05' = { name: workspaceGlobalName location: location - tags: {} + tags: tags properties: {} } resource privateEndpoint 'Microsoft.Network/privateEndpoints@2023-04-01' = { name: workspaceGlobalPrivateEndpointName location: location - tags: {} + tags: tags properties: { customNetworkInterfaceName: workspaceGlobalNetworkInterfaceName privateLinkServiceConnections: [ diff --git a/src/bicep/add-ons/azureVirtualDesktop/parameters.json b/src/bicep/add-ons/azure-virtual-desktop/parameters.json similarity index 100% rename from src/bicep/add-ons/azureVirtualDesktop/parameters.json rename to src/bicep/add-ons/azure-virtual-desktop/parameters.json diff --git a/src/bicep/add-ons/azureVirtualDesktop/solution.bicep b/src/bicep/add-ons/azure-virtual-desktop/solution.bicep similarity index 58% rename from src/bicep/add-ons/azureVirtualDesktop/solution.bicep rename to src/bicep/add-ons/azure-virtual-desktop/solution.bicep index 2cb6fcbb0..6b9d20820 100644 --- a/src/bicep/add-ons/azureVirtualDesktop/solution.bicep +++ b/src/bicep/add-ons/azure-virtual-desktop/solution.bicep @@ -41,12 +41,24 @@ param azurePowerShellModuleMsiName string @description('The RDP properties to add or remove RDP functionality on the AVD host pool. The string must end with a semi-colon. Settings reference: https://learn.microsoft.com/windows-server/remote/remote-desktop-services/clients/rdp-files') param customRdpProperty string = 'audiocapturemode:i:1;camerastoredirect:s:*;use multimon:i:0;drivestoredirect:s:;encode redirected video capture:i:1;redirected video capture encoding quality:i:1;audiomode:i:0;devicestoredirect:s:;redirectclipboard:i:0;redirectcomports:i:0;redirectlocation:i:1;redirectprinters:i:0;redirectsmartcards:i:1;redirectwebauthn:i:1;usbdevicestoredirect:s:;keyboardhook:i:2;' +@description('Choose whether to deploy a diagnostic setting for the Activity Log.') +param deployActivityLogDiagnosticSetting bool + +@description('Choose whether to deploy Defender for Cloud.') +param deployDefender bool + +@description('Choose whether to deploy Network Watcher for the deployment location.') +param deployNetworkWatcher bool + +@description('Choose whether to deploy a policy assignment.') +param deployPolicy bool + +@description('A suffix to use for naming deployments uniquely. It defaults to the Bicep resolution of the "utcNow()" function.') +param deploymentNameSuffix string = utcNow() + @description('The friendly name for the SessionDesktop application in the desktop application group.') param desktopFriendlyName string = '' -@description('Disabling BGP route propagation is a route table configuration that prevents the propagation of on-premises routes to network interfaces in the associated subnets.') -param disableBgpRoutePropagation bool = true - @allowed([ 'Standard_LRS' 'StandardSSD_LRS' @@ -68,6 +80,9 @@ param domainName string = '' @description('The drain mode option enables drain mode for the sessions hosts in this deployment to prevent users from accessing the hosts until they have been validated.') param drainMode bool = false +@description('The email address to use for Defender for Cloud notifications.') +param emailSecurityContact string + @allowed([ 'dev' // Development 'prod' // Production @@ -119,9 +134,6 @@ param hostPoolType string = 'Pooled DepthFirst' @description('The resource ID for the Azure Firewall in the HUB subscription') param hubAzureFirewallResourceId string -@description('The resource ID for the subnet in the Shared Services subscription. This is required for the private endpoint on the AVD Global Workspace.') -param hubSubnetResourceId string - @description('The resource ID for the Azure Virtual Network in the HUB subscription.') param hubVirtualNetworkResourceId string @@ -167,9 +179,15 @@ param logAnalyticsWorkspaceSku string = 'PerGB2018' @description('Deploys the required monitoring resources to enable AVD Insights and monitor features in the automation account.') param monitoring bool = true +@description('The resource ID of the Log Analytics Workspace to use for log storage.') +param operationsLogAnalyticsWorkspaceResourceId string + @description('The distinguished name for the target Organization Unit in Active Directory Domain Services.') param organizationalUnitPath string = '' +@description('The policy to assign to the workload.') +param policy string = 'NISTRev4' + @description('Enable backups to an Azure Recovery Services vault. For a pooled host pool this will enable backups on the Azure file share. For a personal host pool this will enable backups on the AVD sessions hosts.') param recoveryServices bool = false @@ -191,9 +209,6 @@ param scalingSessionThresholdPerCPU string = '1' @description('Deploys the required resources for the Scaling Tool. https://docs.microsoft.com/en-us/azure/virtual-desktop/scaling-automation-logic-apps') param scalingTool bool = false -@description('The resource ID of the log analytics workspace used for Azure Sentinel and / or Defender for Cloud. When using the Microsoft monitoring Agent, this allows you to multihome the agent to reduce unnecessary log collection and reduce cost.') -param securityLogAnalyticsWorkspaceResourceId string = '' - @description('The array of Security Principals with their object IDs and display names to assign to the AVD Application Group and FSLogix Storage.') param securityPrincipals array @@ -207,6 +222,9 @@ param sessionHostCount int = 1 @description('The starting number for the session hosts. This is important when adding virtual machines to ensure an update deployment is not performed on an existing, active session host.') param sessionHostIndex int = 0 +@description('The resource ID for the subnet in the Shared Services subscription. This is required for the private endpoint on the AVD Global Workspace.') +param sharedServicesSubnetResourceId string + @maxValue(9) @minValue(0) @description('The stamp index allows for multiple AVD stamps with the same business unit or project to support different use cases. For example, "0" could be used for an office workers host pool and "1" could be used for a developers host pool within the "finance" business unit.') @@ -232,9 +250,6 @@ param subnetAddressPrefixes array = [ @description('The Key / value pairs of metadata for the Azure resource groups and resources.') param tags object = {} -@description('DO NOT MODIFY THIS VALUE! The timestamp is needed to differentiate deployments for certain Azure resources and must be set using a parameter.') -param timestamp string = utcNow('yyyyMMddhhmmss') - @description('The number of users per core is used to determine the maximum number of users per session host.') param usersPerCore int = 1 @@ -278,186 +293,187 @@ param workspaceFriendlyName string = '' @description('The public network access setting on the AVD workspace either disables public network access or allows both public and private network access.') param workspacePublicNetworkAccess string +// BATCH SESSION HOSTS +// The following variables are used to determine the batches to deploy any number of AVD session hosts. +var maxResourcesPerTemplateDeployment = 88 // This is the max number of session hosts that can be deployed from the sessionHosts.bicep file in each batch / for loop. Math: (800 - ) / +var divisionValue = sessionHostCount / maxResourcesPerTemplateDeployment // This determines if any full batches are required. +var divisionRemainderValue = sessionHostCount % maxResourcesPerTemplateDeployment // This determines if any partial batches are required. +var sessionHostBatchCount = divisionRemainderValue > 0 ? divisionValue + 1 : divisionValue // This determines the total number of batches needed, whether full and / or partial. + +// BATCH AVAILABILITY SETS +// The following variables are used to determine the number of availability sets. +var maxAvSetMembers = 200 // This is the max number of session hosts that can be deployed in an availability set. +var beginAvSetRange = sessionHostIndex / maxAvSetMembers // This determines the availability set to start with. +var endAvSetRange = (sessionHostCount + sessionHostIndex) / maxAvSetMembers // This determines the availability set to end with. +var availabilitySetsCount = length(range(beginAvSetRange, (endAvSetRange - beginAvSetRange) + 1)) + +// OTHER LOGIC & COMPUTED VALUES +var customImageId = empty(imageVersionResourceId) ? 'null' : '"${imageVersionResourceId}"' +var fileShares = fileShareNames[fslogixContainerType] +var deployFslogix = fslogixStorageService == 'None' || !contains(activeDirectorySolution, 'DomainServices') ? false : true +var netbios = split(domainName, '.')[0] +var pooledHostPool = split(hostPoolType, ' ')[0] == 'Pooled' ? true : false +var roleDefinitions = { + DesktopVirtualizationPowerOnContributor: '489581de-a3bd-480d-9518-53dea7416b33' + DesktopVirtualizationUser: '1d18fff3-a72a-46b5-b4a9-0b38a3cd7e63' + Reader: 'acdd72a7-3385-48ef-bd42-f606fba81ae7' + VirtualMachineUserLogin: 'fb879df8-f326-4884-b1cf-06f3ad86be52' +} +var storageSku = fslogixStorageService == 'None' ? 'None' : split(fslogixStorageService, ' ')[1] +var storageService = split(fslogixStorageService, ' ')[0] +var storageSuffix = environment().suffixes.storage + + var artifactsUri = 'https://${artifactsStorageAccountName}.blob.${environment().suffixes.storage}/${artifactsContainerName}/' var artifactsStorageAccountName = split(artifactsStorageAccountResourceId, '/')[8] +var fileShareNames = { + CloudCacheProfileContainer: [ + 'profile-containers' + ] + CloudCacheProfileOfficeContainer: [ + 'office-containers' + 'profile-containers' + ] + ProfileContainer: [ + 'profile-containers' + ] + ProfileOfficeContainer: [ + 'office-containers' + 'profile-containers' + ] +} var privateDnsZoneResourceIdPrefix = '/subscriptions/${split(hubVirtualNetworkResourceId, '/')[2]}/resourceGroups/${split(hubVirtualNetworkResourceId, '/')[4]}/providers/Microsoft.Network/privateDnsZones/' var deploymentLocations = union([ locationControlPlane ], [ locationVirtualMachines ]) -var resourceGroupsCount = 4 + length(deploymentLocations) + (fslogixStorageService == 'None' ? 0 : 1) - -// Resource Names -module names 'modules/resourceNames.bicep' = { - name: 'Names_${timestamp}' +var resourceGroupServices = union([ + 'controlPlane' + 'feedWorkspace' + 'hosts' + 'management' +], deployFslogix ? [ + 'storage' +] : []) + +module tier3_controlPlane '../tier3/solution.bicep' = { + name: 'deploy-tier3-control-plane-${deploymentNameSuffix}' params: { + additionalSubnets: contains(fslogixStorageService, 'AzureNetAppFiles') && !empty(azureNetAppFilesSubnetAddressPrefix) && length(deploymentLocations) == 1 ? [ + { + name: 'AzureNetAppFiles' + addressPrefix: azureNetAppFilesSubnetAddressPrefix + } + ] : [] + deployActivityLogDiagnosticSetting: deployActivityLogDiagnosticSetting + deployDefender: deployDefender + deployNetworkWatcher: deployNetworkWatcher + deployPolicy: deployPolicy + emailSecurityContact: emailSecurityContact environmentAbbreviation: environmentAbbreviation + firewallResourceId: hubAzureFirewallResourceId + hubVirtualNetworkResourceId: hubVirtualNetworkResourceId identifier: identifier - locationControlPlane: locationControlPlane - locationVirtualMachines: locationVirtualMachines - stampIndex: stampIndex + logAnalyticsWorkspaceResourceId: operationsLogAnalyticsWorkspaceResourceId + policy: policy + stampIndex: string(stampIndex) + subnetAddressPrefix: subnetAddressPrefixes[0] + tags: tags + virtualNetworkAddressPrefix: virtualNetworkAddressPrefixes[0] + workloadName: 'avd' + workloadShortName: 'avd' } } -// Logic -module logic 'modules/logic.bicep' = { - name: 'Logic_${timestamp}' +module tier3_hosts '../tier3/solution.bicep' = if (length(deploymentLocations) == 2) { + name: 'deploy-tier3-session-hosts-${deploymentNameSuffix}' params: { - activeDirectorySolution: activeDirectorySolution - deploymentLocations: deploymentLocations - diskSku: diskSku - domainName: domainName - fileShareNames: names.outputs.resources.fileShareNames - fslogixContainerType: fslogixContainerType - fslogixStorageService: fslogixStorageService - hostPoolType: hostPoolType - imageOffer: imageOffer - imagePublisher: imagePublisher - imageSku: imageSku - imageVersionResourceId: imageVersionResourceId - locations: names.outputs.locations - locationVirtualMachines: locationVirtualMachines - networkName: names.outputs.networkName - resourceGroupControlPlane: names.outputs.resources.resourceGroupControlPlane - resourceGroupFeedWorkspace: names.outputs.resources.resourceGroupFeedWorkspace - resourceGroupHosts: names.outputs.resources.resourceGroupHosts - resourceGroupManagement: names.outputs.resources.resourceGroupManagement - resourceGroupsNetwork: names.outputs.resources.resourceGroupsNetwork - resourceGroupStorage: names.outputs.resources.resourceGroupStorage - securityPrincipals: securityPrincipals - serviceName: names.outputs.serviceName - sessionHostCount: sessionHostCount - sessionHostIndex: sessionHostIndex - virtualMachineNamePrefix: names.outputs.resources.virtualMachineNamePrefix - virtualMachineSize: virtualMachineSize + additionalSubnets: contains(fslogixStorageService, 'AzureNetAppFiles') && !empty(azureNetAppFilesSubnetAddressPrefix) && length(deploymentLocations) == 2 ? [ + { + name: 'AzureNetAppFiles' + addressPrefix: azureNetAppFilesSubnetAddressPrefix + } + ] : [] + deployActivityLogDiagnosticSetting: deployActivityLogDiagnosticSetting + deployDefender: deployDefender + deployNetworkWatcher: deployNetworkWatcher + deployPolicy: deployPolicy + emailSecurityContact: emailSecurityContact + environmentAbbreviation: environmentAbbreviation + firewallResourceId: hubAzureFirewallResourceId + hubVirtualNetworkResourceId: hubVirtualNetworkResourceId + identifier: identifier + logAnalyticsWorkspaceResourceId: operationsLogAnalyticsWorkspaceResourceId + policy: policy + stampIndex: string(stampIndex) + subnetAddressPrefix: subnetAddressPrefixes[1] + tags: tags + virtualNetworkAddressPrefix: virtualNetworkAddressPrefixes[1] + workloadName: 'avd' + workloadShortName: 'avd' } } // Resource Groups -module rgs 'modules/resourceGroup.bicep' = [for i in range(0, resourceGroupsCount): { - name: 'ResourceGroup_${i}_${timestamp}' +module rgs '../../modules/resource-group.bicep' = [for service in resourceGroupServices: { + name: 'deploy-rg-${service}-${deploymentNameSuffix}' params: { - location: contains(logic.outputs.resourceGroups[i], 'controlPlane') || contains(logic.outputs.resourceGroups[i], 'feedWorkspace') ? locationControlPlane : locationVirtualMachines - resourceGroupName: logic.outputs.resourceGroups[i] + location: service == 'controlPlane' || service == 'feedWorkspace' ? locationControlPlane : locationVirtualMachines + mlzTags: tier3_controlPlane.outputs.mlzTags + name: length(deploymentLocations) == 2 && (service == 'controlPlane' || service == 'feedWorkspace') ? replace(tier3_hosts.outputs.namingConvention.resourceGroup, tier3_hosts.outputs.tokens.service, service) : service == 'globalWorkspace'? replace(tier3_hosts.outputs.namingConvention.resourceGroup, tier3_hosts.outputs.tokens.service, service) : replace(tier3_controlPlane.outputs.namingConvention.resourceGroup, tier3_controlPlane.outputs.tokens.service, service) tags: tags } }] -module network_controlPlane 'modules/network/networking.bicep' = { - name: 'Network_ControlPlane_${timestamp}' - params: { - azureNetAppFilesSubnetAddressPrefix: !empty(azureNetAppFilesSubnetAddressPrefix) && length(deploymentLocations) == 1 ? azureNetAppFilesSubnetAddressPrefix : '' - disableBgpRoutePropagation: disableBgpRoutePropagation - hubAzureFirewallResourceId: hubAzureFirewallResourceId - hubVirtualNetworkResourceId: hubVirtualNetworkResourceId - index: 0 - location: deploymentLocations[0] - networkSecurityGroupName: names.outputs.resources.networkSecurityGroupNames[0] - resourceGroupNetwork: names.outputs.resources.resourceGroupsNetwork[0] - routeTableName: names.outputs.resources.routeTableNames[0] - subnetAddressPrefixes: subnetAddressPrefixes - timestamp: timestamp - virtualNetworkAddressPrefixes: virtualNetworkAddressPrefixes - virtualNetworkName: names.outputs.resources.virtualNetworkNames[0] - } - dependsOn: [ - rgs - ] -} - -module network_hosts 'modules/network/networking.bicep' = if (length(deploymentLocations) == 2) { - name: 'Network_Hosts_${timestamp}' - params: { - azureNetAppFilesSubnetAddressPrefix: !empty(azureNetAppFilesSubnetAddressPrefix) && length(deploymentLocations) == 2 ? azureNetAppFilesSubnetAddressPrefix : '' - disableBgpRoutePropagation: disableBgpRoutePropagation - hubAzureFirewallResourceId: hubAzureFirewallResourceId - hubVirtualNetworkResourceId: hubVirtualNetworkResourceId - index: 1 - location: deploymentLocations[1] - networkSecurityGroupName: names.outputs.resources.networkSecurityGroupNames[1] - resourceGroupNetwork: length(deploymentLocations) == 1 ? names.outputs.resources.resourceGroupsNetwork[0] : names.outputs.resources.resourceGroupsNetwork[1] - routeTableName: names.outputs.resources.routeTableNames[1] - subnetAddressPrefixes: subnetAddressPrefixes - timestamp: timestamp - virtualNetworkAddressPrefixes: virtualNetworkAddressPrefixes - virtualNetworkName: names.outputs.resources.virtualNetworkNames[1] - } - dependsOn: [ - rgs - ] -} - -// Management Services: Logging, Automation, Keys, Encryption +// Management Services: AVD Insights, File Share Scaling, Scaling Tool module management 'modules/management/management.bicep' = { - name: 'Management_${timestamp}' + name: 'deploy-management-${deploymentNameSuffix}' params: { - //diskAccessName: names.outputs.resources.diskAccessName activeDirectorySolution: activeDirectorySolution artifactsStorageAccountResourceId: artifactsStorageAccountResourceId artifactsUri: artifactsUri - automationAccountDiagnosticSettingName: names.outputs.resources.automationAccountDiagnosticSettingName - automationAccountName: names.outputs.resources.automationAccountName - automationAccountNetworkInterfaceName: names.outputs.resources.automationAccountNetworkInterfaceName - automationAccountPrivateDnsZoneResourceId: '${privateDnsZoneResourceIdPrefix}${names.outputs.resources.azureAutomationPrivateDnsZoneName}' - automationAccountPrivateEndpointName: names.outputs.resources.automationAccountPrivateEndpointName availability: availability avdObjectId: avdObjectId - azureBlobsPrivateDnsZoneResourceId: '${privateDnsZoneResourceIdPrefix}${names.outputs.resources.blobPrivateDnsZoneName}' azurePowerShellModuleMsiName: azurePowerShellModuleMsiName - azureQueueStoragePrivateDnsZoneResourceId: '${privateDnsZoneResourceIdPrefix}${names.outputs.resources.queuePrivateDnsZoneName}' - dataCollectionRuleName: names.outputs.resources.dataCollectionRuleName - diskEncryptionSetName: names.outputs.resources.diskEncryptionSetName - diskNamePrefix: names.outputs.resources.diskNamePrefix + deployFslogix: deployFslogix + deploymentNameSuffix: deploymentNameSuffix + diskEncryptionSetResourceId: length(deploymentLocations) == 2 ? tier3_hosts.outputs.diskEncryptionSetResourceId : tier3_controlPlane.outputs.diskEncryptionSetResourceId diskSku: diskSku domainJoinPassword: domainJoinPassword domainJoinUserPrincipalName: domainJoinUserPrincipalName domainName: domainName enableMonitoring: monitoring - environmentAbbreviation: environmentAbbreviation - fslogix: logic.outputs.fslogix fslogixStorageService: fslogixStorageService - hostPoolName: names.outputs.resources.hostPoolName hostPoolType: hostPoolType imageVersionResourceId: imageVersionResourceId - keyVaultName: names.outputs.resources.keyVaultName - keyVaultNetworkInterfaceName: names.outputs.resources.keyVaultNetworkInterfaceName - keyVaultPrivateDnsZoneResourceId: '${privateDnsZoneResourceIdPrefix}${names.outputs.resources.keyVaultPrivateDnsZoneName}' - keyVaultPrivateEndpointName: names.outputs.resources.keyVaultPrivateEndpointName locationVirtualMachines: locationVirtualMachines - logAnalyticsWorkspaceName: names.outputs.resources.logAnalyticsWorkspaceName logAnalyticsWorkspaceRetention: logAnalyticsWorkspaceRetention logAnalyticsWorkspaceSku: logAnalyticsWorkspaceSku - networkInterfaceNamePrefix: names.outputs.resources.networkInterfaceNamePrefix - networkName: names.outputs.networkName + mlzTags: tier3_controlPlane.outputs.mlzTags + namingConvention: length(deploymentLocations) == 2 ? tier3_hosts.outputs.namingConvention : tier3_controlPlane.outputs.namingConvention organizationalUnitPath: organizationalUnitPath + privateDnsZoneResourceIdPrefix: privateDnsZoneResourceIdPrefix + privateDnsZones: tier3_controlPlane.outputs.privateDnsZones recoveryServices: recoveryServices - recoveryServicesPrivateDnsZoneResourceId: '${privateDnsZoneResourceIdPrefix}${names.outputs.resources.backupPrivateDnsZoneName}' - recoveryServicesVaultName: names.outputs.resources.recoveryServicesVaultName - recoveryServicesVaultNetworkInterfaceName: names.outputs.resources.recoveryServicesVaultNetworkInterfaceName - recoveryServicesVaultPrivateEndpointName: names.outputs.resources.recoveryServicesVaultPrivateEndpointName - resourceGroupControlPlane: names.outputs.resources.resourceGroupControlPlane - resourceGroupFeedWorkspace: names.outputs.resources.resourceGroupFeedWorkspace - resourceGroupHosts: names.outputs.resources.resourceGroupHosts - resourceGroupManagement: names.outputs.resources.resourceGroupManagement - resourceGroupStorage: names.outputs.resources.resourceGroupStorage - roleDefinitions: logic.outputs.roleDefinitions + recoveryServicesGeo: length(deploymentLocations) == 2 ? tier3_hosts.outputs.locatonProperties.recoveryServicesGeo : tier3_controlPlane.outputs.locatonProperties.recoveryServicesGeo + resourceGroupControlPlane: rgs[0].outputs.name + resourceGroupFeedWorkspace: rgs[1].outputs.name + resourceGroupHosts: rgs[2].outputs.name + resourceGroupManagement: rgs[3].outputs.name + resourceGroupStorage: deployFslogix ? rgs[4].outputs.name : '' + roleDefinitions: roleDefinitions scalingTool: scalingTool - securityLogAnalyticsWorkspaceResourceId: securityLogAnalyticsWorkspaceResourceId - serviceName: names.outputs.serviceName + serviceToken: tier3_controlPlane.outputs.tokens.service sessionHostCount: sessionHostCount - storageService: logic.outputs.storageService - subnetResourceId: length(deploymentLocations) == 1 ? network_controlPlane.outputs.subnetResourceId : network_hosts.outputs.subnetResourceId + storageService: storageService + subnetResourceId: length(deploymentLocations) == 2 ? tier3_hosts.outputs.subnetResourceId : tier3_controlPlane.outputs.subnetResourceId tags: tags - timestamp: timestamp - timeZone: logic.outputs.timeZone - userAssignedIdentityNamePrefix: names.outputs.resources.userAssignedIdentityNamePrefix + timeZone: length(deploymentLocations) == 2 ? tier3_hosts.outputs.locatonProperties.timeZone : tier3_controlPlane.outputs.locatonProperties.timeZone virtualMachineMonitoringAgent: virtualMachineMonitoringAgent - virtualMachineNamePrefix: names.outputs.resources.virtualMachineNamePrefix virtualMachinePassword: virtualMachinePassword virtualMachineSize: virtualMachineSize virtualMachineUsername: virtualMachineUsername - workspaceFeedName: names.outputs.resources.workspaceFeedName } dependsOn: [ rgs @@ -466,61 +482,69 @@ module management 'modules/management/management.bicep' = { // Global AVD Worksspace // This module creates the global AVD workspace to support AVD with Private Link -module hub 'modules/hub/hub.bicep' = { - name: 'Hub_${timestamp}' - scope: subscription(split(hubSubnetResourceId, '/')[2]) +module workspace_global 'modules/sharedServices/sharedServices.bicep' = { + name: 'deploy-global-workspace-${deploymentNameSuffix}' + scope: subscription(split(sharedServicesSubnetResourceId, '/')[2]) params: { + deploymentNameSuffix: deploymentNameSuffix existingWorkspace: management.outputs.existingFeedWorkspace - globalWorkspacePrivateDnsZoneResourceId: '${privateDnsZoneResourceIdPrefix}${names.outputs.resources.avdGlobalPrivateDnsZoneName}' - hubSubnetResourceId: hubSubnetResourceId - resourceGroupName: names.outputs.resources.resourceGroupGlobalWorkspace - timestamp: timestamp - workspaceGlobalName: names.outputs.resources.workspaceGlobalName - workspaceGlobalNetworkInterfaceName: names.outputs.resources.workspaceGlobalNetworkInterfaceName - workspaceGlobalPrivateEndpointName: names.outputs.resources.workspaceGlobalPrivateEndpointName + globalWorkspacePrivateDnsZoneResourceId: '${privateDnsZoneResourceIdPrefix}${filter(tier3_controlPlane.outputs.privateDnsZones, name => startsWith(name, 'privatelink-global.wvd'))[0]}' + sharedServicesSubnetResourceId: sharedServicesSubnetResourceId + mlzTags: tier3_controlPlane.outputs.mlzTags + resourceGroupName: replace(tier3_controlPlane.outputs.namingConvention.resourceGroup, tier3_controlPlane.outputs.tokens.service, 'globalWorkspace') + workspaceGlobalName: replace(tier3_controlPlane.outputs.namingConvention.workspaceGlobal, tier3_controlPlane.outputs.tokens.service, 'global') + workspaceGlobalNetworkInterfaceName: replace(tier3_controlPlane.outputs.namingConvention.workspaceGlobalNetworkInterface, tier3_controlPlane.outputs.tokens.service, 'global') + workspaceGlobalPrivateEndpointName: replace(tier3_controlPlane.outputs.namingConvention.workspaceGlobalPrivateEndpoint, tier3_controlPlane.outputs.tokens.service, 'global') } } // AVD Control Plane // This module deploys the host pool and desktop application group module controlPlane 'modules/controlPlane/controlPlane.bicep' = { - name: 'ControlPlane_${timestamp}' + name: 'deploy-control-plane-${deploymentNameSuffix}' params: { activeDirectorySolution: activeDirectorySolution artifactsUri: artifactsUri - avdPrivateDnsZoneResourceId: '${privateDnsZoneResourceIdPrefix}${names.outputs.resources.avdPrivateDnsZoneName}' + avdPrivateDnsZoneResourceId: '${privateDnsZoneResourceIdPrefix}${filter(tier3_controlPlane.outputs.privateDnsZones, name => startsWith(name, 'privatelink.wvd'))[0]}' + customImageId: customImageId customRdpProperty: customRdpProperty + deploymentNameSuffix: deploymentNameSuffix deploymentUserAssignedIdentityClientId: management.outputs.deploymentUserAssignedIdentityClientId - desktopApplicationGroupName: names.outputs.resources.desktopApplicationGroupName desktopFriendlyName: empty(desktopFriendlyName) ? string(stampIndex) : desktopFriendlyName + diskSku: diskSku + domainName: domainName existingFeedWorkspace: management.outputs.existingFeedWorkspace - hostPoolDiagnosticSettingName: names.outputs.resources.hostPoolDiagnosticSettingName - hostPoolName: names.outputs.resources.hostPoolName - hostPoolNetworkInterfaceName: names.outputs.resources.hostPoolNetworkInterfaceName - hostPoolPrivateEndpointName: names.outputs.resources.hostPoolPrivateEndpointName hostPoolPublicNetworkAccess: hostPoolPublicNetworkAccess hostPoolType: hostPoolType + imageOffer: imageOffer + imagePublisher: imagePublisher + imageSku: imageSku + imageVersionResourceId: imageVersionResourceId locationControlPlane: locationControlPlane locationVirtualMachines: locationVirtualMachines logAnalyticsWorkspaceResourceId: monitoring ? management.outputs.logAnalyticsWorkspaceResourceId : '' managementVirtualMachineName: management.outputs.virtualMachineName maxSessionLimit: usersPerCore * virtualMachineVirtualCpuCount + mlzTags: tier3_controlPlane.outputs.mlzTags monitoring: monitoring - resourceGroupControlPlane: names.outputs.resources.resourceGroupControlPlane - resourceGroupFeedWorkspace: names.outputs.resources.resourceGroupFeedWorkspace - resourceGroupManagement: names.outputs.resources.resourceGroupManagement - roleDefinitions: logic.outputs.roleDefinitions + namingConvention: tier3_controlPlane.outputs.namingConvention + resourceGroups: union([ + rgs[0].outputs.name // controlPlane + rgs[1].outputs.name // feedWorkspace + rgs[2].outputs.name // hosts + rgs[3].outputs.name // management + ], deployFslogix ? [ + rgs[4].outputs.name // storage + ] : []) + roleDefinitions: roleDefinitions securityPrincipalObjectIds: map(securityPrincipals, item => item.objectId) - subnetResourceId: network_controlPlane.outputs.subnetResourceId + serviceToken: tier3_controlPlane.outputs.tokens.service + sessionHostNamePrefix: length(deploymentLocations) == 2 ? replace(tier3_hosts.outputs.namingConvention.virtualMachine, tier3_hosts.outputs.tokens.service, '') : replace(tier3_controlPlane.outputs.namingConvention.virtualMachine, tier3_controlPlane.outputs.tokens.service, '') + subnetResourceId: tier3_controlPlane.outputs.subnetResourceId tags: tags - timestamp: timestamp - validationEnvironment: validationEnvironment - vmTemplate: logic.outputs.vmTemplate - workspaceFeedDiagnoticSettingName: names.outputs.resources.workspaceFeedDiagnosticSettingName - workspaceFeedName: names.outputs.resources.workspaceFeedName - workspaceFeedNetworkInterfaceName: names.outputs.resources.workspaceFeedNetworkInterfaceName - workspaceFeedPrivateEndpointName: names.outputs.resources.workspaceFeedPrivateEndpointName - workspaceFriendlyName: empty(workspaceFriendlyName) ? names.outputs.resources.workspaceFriendlyName : '${workspaceFriendlyName} (${locationControlPlane})' + validationEnvironment: validationEnvironment + virtualMachineSize: virtualMachineSize + workspaceFriendlyName: workspaceFriendlyName workspacePublicNetworkAccess: workspacePublicNetworkAccess } dependsOn: [ @@ -529,57 +553,51 @@ module controlPlane 'modules/controlPlane/controlPlane.bicep' = { } module fslogix 'modules/fslogix/fslogix.bicep' = { - name: 'FSLogix_${timestamp}' + name: 'deploy-fslogix-${deploymentNameSuffix}' params: { activeDirectoryConnection: management.outputs.validateANFfActiveDirectory activeDirectorySolution: activeDirectorySolution artifactsUri: artifactsUri - automationAccountName: names.outputs.resources.automationAccountName availability: availability - azureFilesPrivateDnsZoneResourceId: '${privateDnsZoneResourceIdPrefix}${names.outputs.resources.filePrivateDnsZoneName}' + azureFilesPrivateDnsZoneResourceId: '${privateDnsZoneResourceIdPrefix}${filter(tier3_controlPlane.outputs.privateDnsZones, name => contains(name, 'file'))[0]}' delegatedSubnetId: management.outputs.validateANFSubnetId + deploymentNameSuffix: deploymentNameSuffix deploymentUserAssignedIdentityClientId: management.outputs.deploymentUserAssignedIdentityClientId dnsServers: management.outputs.validateANFDnsServers domainJoinPassword: domainJoinPassword domainJoinUserPrincipalName: domainJoinUserPrincipalName domainName: domainName - encryptionUserAssignedIdentityResourceId: management.outputs.encryptionUserAssignedIdentityResourceId - fileShares: logic.outputs.fileShares + encryptionUserAssignedIdentityResourceId: length(deploymentLocations) == 2 ? tier3_hosts.outputs.userAssignedIdentityResourceId : tier3_controlPlane.outputs.userAssignedIdentityResourceId + environmentAbbreviation: environmentAbbreviation + fileShares: fileShares fslogixContainerType: fslogixContainerType fslogixShareSizeInGB: fslogixShareSizeInGB fslogixStorageService: fslogixStorageService - hostPoolName: names.outputs.resources.hostPoolName hostPoolType: hostPoolType - keyVaultUri: management.outputs.keyVaultUri + identifier: identifier + keyVaultUri: length(deploymentLocations) == 2 ? tier3_hosts.outputs.keyVaultUri : tier3_controlPlane.outputs.keyVaultUri location: locationVirtualMachines managementVirtualMachineName: management.outputs.virtualMachineName - netAppAccountName: names.outputs.resources.netAppAccountName - netAppCapacityPoolName: names.outputs.resources.netAppCapacityPoolName - netbios: logic.outputs.netbios + mlzTags: tier3_controlPlane.outputs.mlzTags + namingConvention: length(deploymentLocations) == 2 ? tier3_hosts.outputs.namingConvention : tier3_controlPlane.outputs.namingConvention + netbios: netbios organizationalUnitPath: organizationalUnitPath recoveryServices: recoveryServices - recoveryServicesVaultName: names.outputs.resources.recoveryServicesVaultName - resourceGroupControlPlane: names.outputs.resources.resourceGroupControlPlane - resourceGroupManagement: names.outputs.resources.resourceGroupManagement - resourceGroupStorage: names.outputs.resources.resourceGroupStorage + resourceGroupControlPlane: rgs[0].outputs.name + resourceGroupManagement: rgs[3].outputs.name + resourceGroupStorage: deployFslogix ? rgs[4].outputs.name : '' securityPrincipalNames: map(securityPrincipals, item => item.name) securityPrincipalObjectIds: map(securityPrincipals, item => item.objectId) - serviceName: names.outputs.serviceName - smbServerLocation: logic.outputs.smbServerLocation - storageAccountNamePrefix: names.outputs.resources.storageAccountNamePrefix - storageAccountNetworkInterfaceNamePrefix: names.outputs.resources.storageAccountNetworkInterfaceNamePrefix - storageAccountPrivateEndpointNamePrefix: names.outputs.resources.storageAccountPrivateEndpointNamePrefix + serviceToken: tier3_controlPlane.outputs.tokens.service + smbServerLocation: length(deploymentLocations) == 2 ? tier3_hosts.outputs.locatonProperties.timeZone : tier3_controlPlane.outputs.locatonProperties.timeZone storageCount: storageCount - storageEncryptionKeyName: management.outputs.storageEncryptionKeyName + storageEncryptionKeyName: length(deploymentLocations) == 2 ? tier3_hosts.outputs.storageEncryptionKeyName : tier3_controlPlane.outputs.storageEncryptionKeyName storageIndex: storageIndex - storageService: logic.outputs.storageService - storageSku: logic.outputs.storageSku - subnet: length(deploymentLocations) == 1 ? split(network_controlPlane.outputs.subnetResourceId, '/')[10] : split(network_hosts.outputs.subnetResourceId, '/')[10] + storageService: storageService + storageSku: storageSku + subnetResourceId: length(deploymentLocations) == 2 ? tier3_hosts.outputs.subnetResourceId : tier3_controlPlane.outputs.subnetResourceId tags: tags - timestamp: timestamp - timeZone: logic.outputs.timeZone - virtualNetwork: length(deploymentLocations) == 1 ? split(network_controlPlane.outputs.subnetResourceId, '/')[8] : split(network_hosts.outputs.subnetResourceId, '/')[8] - virtualNetworkResourceGroup: length(deploymentLocations) == 1 ? split(network_controlPlane.outputs.subnetResourceId, '/')[4] : split(network_hosts.outputs.subnetResourceId, '/')[4] + timeZone: length(deploymentLocations) == 2 ? tier3_hosts.outputs.locatonProperties.abbreviation : tier3_controlPlane.outputs.locatonProperties.abbreviation } dependsOn: [ controlPlane @@ -588,87 +606,81 @@ module fslogix 'modules/fslogix/fslogix.bicep' = { } module sessionHosts 'modules/sessionHosts/sessionHosts.bicep' = { - name: 'SessionHosts_${timestamp}' + name: 'deploy-session-hosts-${deploymentNameSuffix}' params: { acceleratedNetworking: management.outputs.validateAcceleratedNetworking activeDirectorySolution: activeDirectorySolution artifactsUri: artifactsUri artifactsUserAssignedIdentityClientId: management.outputs.artifactsUserAssignedIdentityClientId artifactsUserAssignedIdentityResourceId: management.outputs.artifactsUserAssignedIdentityResourceId - automationAccountName: names.outputs.resources.automationAccountName + automationAccountName: management.outputs.automationAccountName availability: availability - availabilitySetNamePrefix: names.outputs.resources.availabilitySetNamePrefix - availabilitySetsCount: logic.outputs.availabilitySetsCount - availabilitySetsIndex: logic.outputs.beginAvSetRange + availabilitySetsCount: availabilitySetsCount + availabilitySetsIndex: beginAvSetRange availabilityZones: management.outputs.validateAvailabilityZones avdAgentBootLoaderMsiName: avdAgentBootLoaderMsiName avdAgentMsiName: avdAgentMsiName - dataCollectionRuleAssociationName: names.outputs.resources.dataCollectionRuleAssociationName dataCollectionRuleResourceId: management.outputs.dataCollectionRuleResourceId + deployFslogix: deployFslogix + deploymentNameSuffix: deploymentNameSuffix deploymentUserAssignedIdentityClientId: management.outputs.deploymentUserAssignedIdentityClientId - diskEncryptionSetResourceId: management.outputs.diskEncryptionSetResourceId - diskNamePrefix: names.outputs.resources.diskNamePrefix + diskEncryptionSetResourceId: length(deploymentLocations) == 2 ? tier3_hosts.outputs.diskEncryptionSetResourceId : tier3_controlPlane.outputs.diskEncryptionSetResourceId diskSku: diskSku - divisionRemainderValue: logic.outputs.divisionRemainderValue + divisionRemainderValue: divisionRemainderValue domainJoinPassword: domainJoinPassword domainJoinUserPrincipalName: domainJoinUserPrincipalName domainName: domainName drainMode: drainMode enableRecoveryServices: recoveryServices enableScalingTool: scalingTool - fslogix: logic.outputs.fslogix + environmentAbbreviation: environmentAbbreviation fslogixContainerType: fslogixContainerType - hostPoolName: names.outputs.resources.hostPoolName + hostPoolName: controlPlane.outputs.hostPoolName hostPoolType: hostPoolType hybridRunbookWorkerGroupName: management.outputs.hybridRunbookWorkerGroupName + identifier: identifier imageOffer: imageOffer imagePublisher: imagePublisher imageSku: imageSku imageVersionResourceId: imageVersionResourceId location: locationVirtualMachines - logAnalyticsWorkspaceName: names.outputs.resources.logAnalyticsWorkspaceName + logAnalyticsWorkspaceName: management.outputs.logAnalyticsWorkspaceName managementVirtualMachineName: management.outputs.virtualMachineName - maxResourcesPerTemplateDeployment: logic.outputs.maxResourcesPerTemplateDeployment + maxResourcesPerTemplateDeployment: maxResourcesPerTemplateDeployment + mlzTags: tier3_controlPlane.outputs.mlzTags monitoring: monitoring - netAppFileShares: logic.outputs.fslogix ? fslogix.outputs.netAppShares : [ + namingConvention: length(deploymentLocations) == 2 ? tier3_hosts.outputs.namingConvention : tier3_controlPlane.outputs.namingConvention + netAppFileShares: deployFslogix ? fslogix.outputs.netAppShares : [ 'None' ] - networkInterfaceNamePrefix: names.outputs.resources.networkInterfaceNamePrefix - networkName: names.outputs.networkName organizationalUnitPath: organizationalUnitPath - pooledHostPool: logic.outputs.pooledHostPool - recoveryServicesVaultName: names.outputs.resources.recoveryServicesVaultName - resourceGroupControlPlane: names.outputs.resources.resourceGroupControlPlane - resourceGroupHosts: names.outputs.resources.resourceGroupHosts - resourceGroupManagement: names.outputs.resources.resourceGroupManagement - roleDefinitions: logic.outputs.roleDefinitions + pooledHostPool: pooledHostPool + recoveryServicesVaultName: management.outputs.recoveryServicesVaultName + resourceGroupControlPlane: rgs[0].outputs.name + resourceGroupHosts: rgs[2].outputs.name + resourceGroupManagement: rgs[3].outputs.name + roleDefinitions: roleDefinitions scalingBeginPeakTime: scalingBeginPeakTime scalingEndPeakTime: scalingEndPeakTime scalingLimitSecondsToForceLogOffUser: scalingLimitSecondsToForceLogOffUser scalingMinimumNumberOfRdsh: scalingMinimumNumberOfRdsh scalingSessionThresholdPerCPU: scalingSessionThresholdPerCPU securityPrincipalObjectIds: map(securityPrincipals, item => item.objectId) - securityLogAnalyticsWorkspaceResourceId: securityLogAnalyticsWorkspaceResourceId - serviceName: names.outputs.serviceName - sessionHostBatchCount: logic.outputs.sessionHostBatchCount + serviceToken: tier3_controlPlane.outputs.tokens.service + sessionHostBatchCount: sessionHostBatchCount sessionHostIndex: sessionHostIndex - storageAccountPrefix: names.outputs.resources.storageAccountNamePrefix storageCount: storageCount storageIndex: storageIndex - storageService: logic.outputs.storageService - storageSuffix: logic.outputs.storageSuffix - subnet: length(deploymentLocations) == 1 ? split(network_controlPlane.outputs.subnetResourceId, '/')[10] : split(network_hosts.outputs.subnetResourceId, '/')[10] + storageService: storageService + storageSuffix: storageSuffix + subnetResourceId: length(deploymentLocations) == 2 ? tier3_hosts.outputs.subnetResourceId : tier3_controlPlane.outputs.subnetResourceId tags: tags - timeDifference: logic.outputs.timeDifference - timestamp: timestamp - timeZone: logic.outputs.timeZone + timeDifference: length(deploymentLocations) == 2 ? tier3_hosts.outputs.locatonProperties.timeDifference : tier3_controlPlane.outputs.locatonProperties.timeDifference + timeZone: length(deploymentLocations) == 2 ? tier3_hosts.outputs.locatonProperties.timeZone : tier3_controlPlane.outputs.locatonProperties.timeZone virtualMachineMonitoringAgent: virtualMachineMonitoringAgent - virtualMachineNamePrefix: names.outputs.resources.virtualMachineNamePrefix virtualMachinePassword: virtualMachinePassword virtualMachineSize: virtualMachineSize virtualMachineUsername: virtualMachineUsername - virtualNetwork: length(deploymentLocations) == 1 ? split(network_controlPlane.outputs.subnetResourceId, '/')[8] : split(network_hosts.outputs.subnetResourceId, '/')[8] - virtualNetworkResourceGroup: length(deploymentLocations) == 1 ? split(network_controlPlane.outputs.subnetResourceId, '/')[4] : split(network_hosts.outputs.subnetResourceId, '/')[4] } dependsOn: [ fslogix @@ -677,13 +689,13 @@ module sessionHosts 'modules/sessionHosts/sessionHosts.bicep' = { } module cleanUp 'modules/cleanUp/cleanUp.bicep' = { - name: 'CleanUp_${timestamp}' + name: 'deploy-clean-up-${deploymentNameSuffix}' params: { + deploymentNameSuffix: deploymentNameSuffix fslogixStorageService: fslogixStorageService location: locationVirtualMachines - resourceGroupManagement: names.outputs.resources.resourceGroupManagement + resourceGroupManagement: rgs[3].outputs.name scalingTool: scalingTool - timestamp: timestamp userAssignedIdentityClientId: management.outputs.deploymentUserAssignedIdentityClientId virtualMachineName: management.outputs.virtualMachineName } diff --git a/src/bicep/add-ons/azure-virtual-desktop/solution.json b/src/bicep/add-ons/azure-virtual-desktop/solution.json new file mode 100644 index 000000000..0f831be22 --- /dev/null +++ b/src/bicep/add-ons/azure-virtual-desktop/solution.json @@ -0,0 +1,17432 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "2560255072359885236" + } + }, + "parameters": { + "activeDirectorySolution": { + "type": "string", + "allowedValues": [ + "ActiveDirectoryDomainServices", + "MicrosoftEntraDomainServices", + "MicrosoftEntraId", + "MicrosoftEntraIdIntuneEnrollment" + ], + "metadata": { + "description": "The service providing domain services for Azure Virtual Desktop. This is needed to properly configure the session hosts and if applicable, the Azure Storage Account." + } + }, + "artifactsContainerName": { + "type": "string", + "metadata": { + "description": "The name of the Azure Blobs container hosting the required artifacts." + } + }, + "artifactsStorageAccountResourceId": { + "type": "string", + "metadata": { + "description": "The resource ID for the storage account hosting the artifacts in Blob storage." + } + }, + "availability": { + "type": "string", + "defaultValue": "AvailabilityZones", + "allowedValues": [ + "AvailabilitySets", + "AvailabilityZones", + "None" + ], + "metadata": { + "description": "The desired availability option when deploying a pooled host pool. The best practice is to deploy to availability zones for the highest resilency and service level agreement." + } + }, + "avdAgentMsiName": { + "type": "string", + "metadata": { + "description": "The blob name of the MSI file for the AVD Agent installer. The file must be hosted in an Azure Blobs container with the other deployment artifacts." + } + }, + "avdAgentBootLoaderMsiName": { + "type": "string", + "metadata": { + "description": "The blob name of the MSI file for the AVD Agent Boot Loader installer. The file must be hosted in an Azure Blobs container with the other deployment artifacts." + } + }, + "avdObjectId": { + "type": "string", + "metadata": { + "description": "The object ID for the Azure Virtual Desktop enterprise application in Microsoft Entra ID. The object ID can found by selecting Microsoft Applications using the Application type filter in the Enterprise Applications blade of Microsoft Entra ID." + } + }, + "azureNetAppFilesSubnetAddressPrefix": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "The subnet address prefix for the Azure NetApp Files delegated subnet." + } + }, + "azurePowerShellModuleMsiName": { + "type": "string", + "metadata": { + "description": "The blob name of the MSI file for the Azure PowerShell Module installer. The file must be hosted in an Azure Blobs container with the other deployment artifacts." + } + }, + "customRdpProperty": { + "type": "string", + "defaultValue": "audiocapturemode:i:1;camerastoredirect:s:*;use multimon:i:0;drivestoredirect:s:;encode redirected video capture:i:1;redirected video capture encoding quality:i:1;audiomode:i:0;devicestoredirect:s:;redirectclipboard:i:0;redirectcomports:i:0;redirectlocation:i:1;redirectprinters:i:0;redirectsmartcards:i:1;redirectwebauthn:i:1;usbdevicestoredirect:s:;keyboardhook:i:2;", + "metadata": { + "description": "The RDP properties to add or remove RDP functionality on the AVD host pool. The string must end with a semi-colon. Settings reference: https://learn.microsoft.com/windows-server/remote/remote-desktop-services/clients/rdp-files" + } + }, + "deployActivityLogDiagnosticSetting": { + "type": "bool", + "metadata": { + "description": "Choose whether to deploy a diagnostic setting for the Activity Log." + } + }, + "deployDefender": { + "type": "bool", + "metadata": { + "description": "Choose whether to deploy Defender for Cloud." + } + }, + "deployNetworkWatcher": { + "type": "bool", + "metadata": { + "description": "Choose whether to deploy Network Watcher for the deployment location." + } + }, + "deployPolicy": { + "type": "bool", + "metadata": { + "description": "Choose whether to deploy a policy assignment." + } + }, + "deploymentNameSuffix": { + "type": "string", + "defaultValue": "[utcNow()]", + "metadata": { + "description": "A suffix to use for naming deployments uniquely. It defaults to the Bicep resolution of the \"utcNow()\" function." + } + }, + "desktopFriendlyName": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "The friendly name for the SessionDesktop application in the desktop application group." + } + }, + "diskSku": { + "type": "string", + "defaultValue": "Premium_LRS", + "allowedValues": [ + "Standard_LRS", + "StandardSSD_LRS", + "Premium_LRS" + ], + "metadata": { + "description": "The storage SKU for the managed disks on the AVD session hosts. Production deployments should use Premium_LRS." + } + }, + "domainJoinPassword": { + "type": "securestring", + "defaultValue": "", + "metadata": { + "description": "The password for the account to domain join the AVD session hosts." + } + }, + "domainJoinUserPrincipalName": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "The user principal name for the account to domain join the AVD session hosts." + } + }, + "domainName": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "The name of the domain that provides ADDS to the AVD session hosts." + } + }, + "drainMode": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "The drain mode option enables drain mode for the sessions hosts in this deployment to prevent users from accessing the hosts until they have been validated." + } + }, + "emailSecurityContact": { + "type": "string", + "metadata": { + "description": "The email address to use for Defender for Cloud notifications." + } + }, + "environmentAbbreviation": { + "type": "string", + "defaultValue": "dev", + "allowedValues": [ + "dev", + "prod", + "test" + ], + "metadata": { + "description": "The abbreviation for the target environment." + } + }, + "fslogixShareSizeInGB": { + "type": "int", + "defaultValue": 100, + "metadata": { + "description": "The file share size(s) in GB for the Fslogix storage solution." + } + }, + "fslogixContainerType": { + "type": "string", + "defaultValue": "ProfileContainer", + "allowedValues": [ + "CloudCacheProfileContainer", + "CloudCacheProfileOfficeContainer", + "ProfileContainer", + "ProfileOfficeContainer" + ], + "metadata": { + "description": "If deploying FSLogix, select the desired type of container for user profiles. https://learn.microsoft.com/en-us/fslogix/concepts-container-types" + } + }, + "fslogixStorageService": { + "type": "string", + "defaultValue": "AzureFiles Standard", + "allowedValues": [ + "AzureNetAppFiles Premium", + "AzureNetAppFiles Standard", + "AzureFiles Premium", + "AzureFiles Standard", + "None" + ], + "metadata": { + "description": "Enable an Fslogix storage option to manage user profiles for the AVD session hosts. The selected service & SKU should provide sufficient IOPS for all of your users. https://docs.microsoft.com/en-us/azure/architecture/example-scenario/wvd/windows-virtual-desktop-fslogix#performance-requirements" + } + }, + "hostPoolPublicNetworkAccess": { + "type": "string", + "allowedValues": [ + "Disabled", + "Enabled", + "EnabledForClientsOnly", + "EnabledForSessionHostsOnly" + ], + "metadata": { + "description": "The type of public network access for the host pool." + } + }, + "hostPoolType": { + "type": "string", + "defaultValue": "Pooled DepthFirst", + "allowedValues": [ + "Pooled DepthFirst", + "Pooled BreadthFirst", + "Personal Automatic", + "Personal Direct" + ], + "metadata": { + "description": "These options specify the host pool type and depending on the type provides the load balancing options and assignment types." + } + }, + "hubAzureFirewallResourceId": { + "type": "string", + "metadata": { + "description": "The resource ID for the Azure Firewall in the HUB subscription" + } + }, + "hubVirtualNetworkResourceId": { + "type": "string", + "metadata": { + "description": "The resource ID for the Azure Virtual Network in the HUB subscription." + } + }, + "identifier": { + "type": "string", + "defaultValue": "avd", + "maxLength": 3, + "metadata": { + "description": "The unique identifier between each business unit or project supporting AVD in your tenant. This is the unique naming component between each AVD stamp." + } + }, + "imageVersionResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "The resource ID for the Compute Gallery Image Version. Do not set this value if using a marketplace image." + } + }, + "imageOffer": { + "type": "string", + "defaultValue": "office-365", + "metadata": { + "description": "Offer for the virtual machine image" + } + }, + "imagePublisher": { + "type": "string", + "defaultValue": "MicrosoftWindowsDesktop", + "metadata": { + "description": "Publisher for the virtual machine image" + } + }, + "imageSku": { + "type": "string", + "defaultValue": "win11-22h2-avd-m365", + "metadata": { + "description": "SKU for the virtual machine image" + } + }, + "locationControlPlane": { + "type": "string", + "defaultValue": "[deployment().location]", + "metadata": { + "description": "The deployment location for the AVD management resources." + } + }, + "locationVirtualMachines": { + "type": "string", + "defaultValue": "[deployment().location]", + "metadata": { + "description": "The deployment location for the AVD sessions hosts." + } + }, + "logAnalyticsWorkspaceRetention": { + "type": "int", + "defaultValue": 30, + "minValue": 30, + "maxValue": 730, + "metadata": { + "description": "The retention for the Log Analytics Workspace to setup the AVD monitoring solution" + } + }, + "logAnalyticsWorkspaceSku": { + "type": "string", + "defaultValue": "PerGB2018", + "allowedValues": [ + "Free", + "Standard", + "Premium", + "PerNode", + "PerGB2018", + "Standalone", + "CapacityReservation" + ], + "metadata": { + "description": "The SKU for the Log Analytics Workspace to setup the AVD monitoring solution" + } + }, + "monitoring": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Deploys the required monitoring resources to enable AVD Insights and monitor features in the automation account." + } + }, + "operationsLogAnalyticsWorkspaceResourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the Log Analytics Workspace to use for log storage." + } + }, + "organizationalUnitPath": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "The distinguished name for the target Organization Unit in Active Directory Domain Services." + } + }, + "policy": { + "type": "string", + "defaultValue": "NISTRev4", + "metadata": { + "description": "The policy to assign to the workload." + } + }, + "recoveryServices": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Enable backups to an Azure Recovery Services vault. For a pooled host pool this will enable backups on the Azure file share. For a personal host pool this will enable backups on the AVD sessions hosts." + } + }, + "scalingBeginPeakTime": { + "type": "string", + "defaultValue": "9:00", + "metadata": { + "description": "The time when session hosts will scale up and continue to stay on to support peak demand; Format 24 hours e.g. 9:00 for 9am" + } + }, + "scalingEndPeakTime": { + "type": "string", + "defaultValue": "17:00", + "metadata": { + "description": "The time when session hosts will scale down and stay off to support low demand; Format 24 hours e.g. 17:00 for 5pm" + } + }, + "scalingLimitSecondsToForceLogOffUser": { + "type": "string", + "defaultValue": "0", + "metadata": { + "description": "The number of seconds to wait before automatically signing out users. If set to 0 any session host that has user sessions will be left untouched" + } + }, + "scalingMinimumNumberOfRdsh": { + "type": "string", + "defaultValue": "0", + "metadata": { + "description": "The minimum number of session host VMs to keep running during off-peak hours. The scaling tool will not work if all virtual machines are turned off and the Start VM On Connect solution is not enabled." + } + }, + "scalingSessionThresholdPerCPU": { + "type": "string", + "defaultValue": "1", + "metadata": { + "description": "The maximum number of sessions per CPU that will be used as a threshold to determine when new session host VMs need to be started during peak hours" + } + }, + "scalingTool": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Deploys the required resources for the Scaling Tool. https://docs.microsoft.com/en-us/azure/virtual-desktop/scaling-automation-logic-apps" + } + }, + "securityPrincipals": { + "type": "array", + "metadata": { + "description": "The array of Security Principals with their object IDs and display names to assign to the AVD Application Group and FSLogix Storage." + } + }, + "sessionHostCount": { + "type": "int", + "defaultValue": 1, + "minValue": 0, + "maxValue": 5000, + "metadata": { + "description": "The number of session hosts to deploy in the host pool. Ensure you have the approved quota to deploy the desired count." + } + }, + "sessionHostIndex": { + "type": "int", + "defaultValue": 0, + "minValue": 0, + "maxValue": 4999, + "metadata": { + "description": "The starting number for the session hosts. This is important when adding virtual machines to ensure an update deployment is not performed on an existing, active session host." + } + }, + "sharedServicesSubnetResourceId": { + "type": "string", + "metadata": { + "description": "The resource ID for the subnet in the Shared Services subscription. This is required for the private endpoint on the AVD Global Workspace." + } + }, + "stampIndex": { + "type": "int", + "defaultValue": 0, + "minValue": 0, + "maxValue": 9, + "metadata": { + "description": "The stamp index allows for multiple AVD stamps with the same business unit or project to support different use cases. For example, \"0\" could be used for an office workers host pool and \"1\" could be used for a developers host pool within the \"finance\" business unit." + } + }, + "storageCount": { + "type": "int", + "defaultValue": 1, + "minValue": 0, + "maxValue": 100, + "metadata": { + "description": "The number of storage accounts to deploy to support sharding across multiple storage accounts. https://docs.microsoft.com/en-us/azure/architecture/patterns/sharding" + } + }, + "storageIndex": { + "type": "int", + "defaultValue": 0, + "minValue": 0, + "maxValue": 99, + "metadata": { + "description": "The starting number for the names of the storage accounts to support sharding across multiple storage accounts. https://docs.microsoft.com/en-us/azure/architecture/patterns/sharding" + } + }, + "subnetAddressPrefixes": { + "type": "array", + "defaultValue": [ + "10.0.140.0/24" + ], + "minLength": 1, + "maxLength": 2, + "metadata": { + "description": "The address prefix(es) for the new subnet(s) that will be created in the spoke virtual network(s). Specify only one address prefix in the array if the session hosts location and the control plan location are the same. If different locations are specified, add a second address prefix for the hosts virtual network." + } + }, + "tags": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "The Key / value pairs of metadata for the Azure resource groups and resources." + } + }, + "usersPerCore": { + "type": "int", + "defaultValue": 1, + "metadata": { + "description": "The number of users per core is used to determine the maximum number of users per session host." + } + }, + "validationEnvironment": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "The validation environment setting on the AVD host pool determines whether the hostpool should receive AVD preview features for testing." + } + }, + "virtualMachineVirtualCpuCount": { + "type": "int", + "metadata": { + "description": "The number of virtual CPUs per virtual machine for the selected virtual machine size." + } + }, + "virtualMachineMonitoringAgent": { + "type": "string", + "defaultValue": "LogAnalyticsAgent", + "allowedValues": [ + "AzureMonitorAgent", + "LogAnalyticsAgent" + ], + "metadata": { + "description": "Input the desired monitoring agent to send events and performance counters to a log analytics workspace." + } + }, + "virtualMachinePassword": { + "type": "securestring", + "metadata": { + "description": "The local administrator password for the AVD session hosts" + } + }, + "virtualMachineSize": { + "type": "string", + "defaultValue": "Standard_D4ads_v5", + "metadata": { + "description": "The virtual machine SKU for the AVD session hosts." + } + }, + "virtualMachineUsername": { + "type": "string", + "metadata": { + "description": "The local administrator username for the AVD session hosts" + } + }, + "virtualNetworkAddressPrefixes": { + "type": "array", + "defaultValue": [ + "10.0.140.0/24" + ], + "minLength": 1, + "maxLength": 2, + "metadata": { + "description": "The address prefix for the new spoke virtual network(s). Specify only one address prefix in the array if the session hosts location and the control plan location are the same. If different locations are specified, add a second address prefix for the hosts virtual network." + } + }, + "workspaceFriendlyName": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "The friendly name for the AVD workspace that is displayed in the end-user client." + } + }, + "workspacePublicNetworkAccess": { + "type": "string", + "allowedValues": [ + "Disabled", + "Enabled" + ], + "metadata": { + "description": "The public network access setting on the AVD workspace either disables public network access or allows both public and private network access." + } + } + }, + "variables": { + "maxResourcesPerTemplateDeployment": 88, + "divisionValue": "[div(parameters('sessionHostCount'), variables('maxResourcesPerTemplateDeployment'))]", + "divisionRemainderValue": "[mod(parameters('sessionHostCount'), variables('maxResourcesPerTemplateDeployment'))]", + "sessionHostBatchCount": "[if(greater(variables('divisionRemainderValue'), 0), add(variables('divisionValue'), 1), variables('divisionValue'))]", + "maxAvSetMembers": 200, + "beginAvSetRange": "[div(parameters('sessionHostIndex'), variables('maxAvSetMembers'))]", + "endAvSetRange": "[div(add(parameters('sessionHostCount'), parameters('sessionHostIndex')), variables('maxAvSetMembers'))]", + "availabilitySetsCount": "[length(range(variables('beginAvSetRange'), add(sub(variables('endAvSetRange'), variables('beginAvSetRange')), 1)))]", + "customImageId": "[if(empty(parameters('imageVersionResourceId')), 'null', format('\"{0}\"', parameters('imageVersionResourceId')))]", + "fileShares": "[variables('fileShareNames')[parameters('fslogixContainerType')]]", + "deployFslogix": "[if(or(equals(parameters('fslogixStorageService'), 'None'), not(contains(parameters('activeDirectorySolution'), 'DomainServices'))), false(), true())]", + "netbios": "[split(parameters('domainName'), '.')[0]]", + "pooledHostPool": "[if(equals(split(parameters('hostPoolType'), ' ')[0], 'Pooled'), true(), false())]", + "roleDefinitions": { + "DesktopVirtualizationPowerOnContributor": "489581de-a3bd-480d-9518-53dea7416b33", + "DesktopVirtualizationUser": "1d18fff3-a72a-46b5-b4a9-0b38a3cd7e63", + "Reader": "acdd72a7-3385-48ef-bd42-f606fba81ae7", + "VirtualMachineUserLogin": "fb879df8-f326-4884-b1cf-06f3ad86be52" + }, + "storageSku": "[if(equals(parameters('fslogixStorageService'), 'None'), 'None', split(parameters('fslogixStorageService'), ' ')[1])]", + "storageService": "[split(parameters('fslogixStorageService'), ' ')[0]]", + "storageSuffix": "[environment().suffixes.storage]", + "artifactsUri": "[format('https://{0}.blob.{1}/{2}/', variables('artifactsStorageAccountName'), environment().suffixes.storage, parameters('artifactsContainerName'))]", + "artifactsStorageAccountName": "[split(parameters('artifactsStorageAccountResourceId'), '/')[8]]", + "fileShareNames": { + "CloudCacheProfileContainer": [ + "profile-containers" + ], + "CloudCacheProfileOfficeContainer": [ + "office-containers", + "profile-containers" + ], + "ProfileContainer": [ + "profile-containers" + ], + "ProfileOfficeContainer": [ + "office-containers", + "profile-containers" + ] + }, + "privateDnsZoneResourceIdPrefix": "[format('/subscriptions/{0}/resourceGroups/{1}/providers/Microsoft.Network/privateDnsZones/', split(parameters('hubVirtualNetworkResourceId'), '/')[2], split(parameters('hubVirtualNetworkResourceId'), '/')[4])]", + "deploymentLocations": "[union(createArray(parameters('locationControlPlane')), createArray(parameters('locationVirtualMachines')))]", + "resourceGroupServices": "[union(createArray('controlPlane', 'feedWorkspace', 'hosts', 'management'), if(variables('deployFslogix'), createArray('storage'), createArray()))]" + }, + "resources": [ + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))]", + "location": "[deployment().location]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "additionalSubnets": "[if(and(and(contains(parameters('fslogixStorageService'), 'AzureNetAppFiles'), not(empty(parameters('azureNetAppFilesSubnetAddressPrefix')))), equals(length(variables('deploymentLocations')), 1)), createObject('value', createArray(createObject('name', 'AzureNetAppFiles', 'addressPrefix', parameters('azureNetAppFilesSubnetAddressPrefix')))), createObject('value', createArray()))]", + "deployActivityLogDiagnosticSetting": { + "value": "[parameters('deployActivityLogDiagnosticSetting')]" + }, + "deployDefender": { + "value": "[parameters('deployDefender')]" + }, + "deployNetworkWatcher": { + "value": "[parameters('deployNetworkWatcher')]" + }, + "deployPolicy": { + "value": "[parameters('deployPolicy')]" + }, + "emailSecurityContact": { + "value": "[parameters('emailSecurityContact')]" + }, + "environmentAbbreviation": { + "value": "[parameters('environmentAbbreviation')]" + }, + "firewallResourceId": { + "value": "[parameters('hubAzureFirewallResourceId')]" + }, + "hubVirtualNetworkResourceId": { + "value": "[parameters('hubVirtualNetworkResourceId')]" + }, + "identifier": { + "value": "[parameters('identifier')]" + }, + "logAnalyticsWorkspaceResourceId": { + "value": "[parameters('operationsLogAnalyticsWorkspaceResourceId')]" + }, + "policy": { + "value": "[parameters('policy')]" + }, + "stampIndex": { + "value": "[string(parameters('stampIndex'))]" + }, + "subnetAddressPrefix": { + "value": "[parameters('subnetAddressPrefixes')[0]]" + }, + "tags": { + "value": "[parameters('tags')]" + }, + "virtualNetworkAddressPrefix": { + "value": "[parameters('virtualNetworkAddressPrefixes')[0]]" + }, + "workloadName": { + "value": "avd" + }, + "workloadShortName": { + "value": "avd" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "5760152189882232532" + } + }, + "parameters": { + "additionalSubnets": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "An array of additional subnets to support the tier3 workload." + } + }, + "deployActivityLogDiagnosticSetting": { + "type": "bool", + "metadata": { + "description": "Choose whether to deploy a diagnostic setting for the Activity Log." + } + }, + "deployDefender": { + "type": "bool", + "metadata": { + "description": "Choose whether to deploy Defender for Cloud." + } + }, + "deploymentNameSuffix": { + "type": "string", + "defaultValue": "[utcNow()]", + "metadata": { + "description": "The suffix to append to the deployment name. It defaults to the current UTC date and time." + } + }, + "deployNetworkWatcher": { + "type": "bool", + "metadata": { + "description": "Choose whether to deploy Network Watcher for the deployment location." + } + }, + "deployPolicy": { + "type": "bool", + "metadata": { + "description": "Choose whether to deploy a policy assignment." + } + }, + "emailSecurityContact": { + "type": "string", + "metadata": { + "description": "The email address to use for Defender for Cloud notifications." + } + }, + "environmentAbbreviation": { + "type": "string", + "defaultValue": "dev", + "allowedValues": [ + "dev", + "prod", + "test" + ], + "metadata": { + "description": "The abbreviation for the environment." + } + }, + "firewallResourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the Azure Firewall in the HUB." + } + }, + "hubVirtualNetworkResourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the HUB Virtual Network." + } + }, + "identifier": { + "type": "string", + "maxLength": 3, + "metadata": { + "description": "The identifier for the resource names. This value should represent the workload, project, or business unit." + } + }, + "keyVaultDiagnosticsLogs": { + "type": "array", + "defaultValue": [ + { + "category": "AuditEvent", + "enabled": true + }, + { + "category": "AzurePolicyEvaluationDetails", + "enabled": true + } + ], + "metadata": { + "description": "An array of Key Vault Diagnostic Logs categories to collect. See \"https://learn.microsoft.com/en-us/azure/key-vault/general/logging?tabs=Vault\" for valid values." + } + }, + "location": { + "type": "string", + "defaultValue": "[deployment().location]", + "metadata": { + "description": "The location for the deployment. It defaults to the location of the deployment." + } + }, + "logAnalyticsWorkspaceResourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the Log Analytics Workspace to use for log storage." + } + }, + "logStorageSkuName": { + "type": "string", + "defaultValue": "Standard_GRS", + "metadata": { + "description": "The Storage Account SKU to use for log storage. It defaults to \"Standard_GRS\". See https://docs.microsoft.com/en-us/rest/api/storagerp/srp_sku_types for valid settings." + } + }, + "networkSecurityGroupDiagnosticsLogs": { + "type": "array", + "defaultValue": [ + { + "category": "NetworkSecurityGroupEvent", + "enabled": true + }, + { + "category": "NetworkSecurityGroupRuleCounter", + "enabled": true + } + ], + "metadata": { + "description": "An array of Network Security Group diagnostic logs to apply to the workload Virtual Network. See https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-nsg-manage-log#log-categories for valid settings." + } + }, + "networkSecurityGroupDiagnosticsMetrics": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "The metrics to monitor for the Network Security Group." + } + }, + "networkSecurityGroupRules": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "The rules to apply to the Network Security Group." + } + }, + "policy": { + "type": "string", + "defaultValue": "NISTRev4", + "metadata": { + "description": "The policy to assign to the workload." + } + }, + "stampIndex": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "The stamp index allows for multiple AVD stamps with the same business unit or project to support different use cases." + } + }, + "subnetAddressPrefix": { + "type": "string", + "metadata": { + "description": "The address prefix for the workload subnet." + } + }, + "tags": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "The tags to apply to the resources." + } + }, + "virtualNetworkAddressPrefix": { + "type": "string", + "metadata": { + "description": "The address prefix for the workload Virtual Network." + } + }, + "virtualNetworkDiagnosticsLogs": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "The diagnostic logs to apply to the workload Virtual Network." + } + }, + "virtualNetworkDiagnosticsMetrics": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "The metrics to monitor for the workload Virtual Network." + } + }, + "workloadName": { + "type": "string", + "defaultValue": "tier3", + "minLength": 1, + "maxLength": 10, + "metadata": { + "description": "The name for the workload." + } + }, + "workloadShortName": { + "type": "string", + "defaultValue": "t3", + "minLength": 1, + "maxLength": 3, + "metadata": { + "description": "The short name for the workload." + } + } + }, + "variables": { + "hubResourceGroupName": "[split(parameters('hubVirtualNetworkResourceId'), '/')[4]]", + "hubSubscriptionId": "[split(parameters('hubVirtualNetworkResourceId'), '/')[2]]", + "subscriptionId": "[subscription().subscriptionId]" + }, + "resources": [ + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))]", + "location": "[deployment().location]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "deploymentNameSuffix": { + "value": "[parameters('deploymentNameSuffix')]" + }, + "environmentAbbreviation": { + "value": "[parameters('environmentAbbreviation')]" + }, + "location": { + "value": "[parameters('location')]" + }, + "networks": { + "value": [ + { + "name": "[parameters('workloadName')]", + "shortName": "[parameters('workloadShortName')]", + "deployUniqueResources": false, + "subscriptionId": "[variables('subscriptionId')]", + "nsgDiagLogs": "[parameters('networkSecurityGroupDiagnosticsLogs')]", + "nsgDiagMetrics": "[parameters('networkSecurityGroupDiagnosticsMetrics')]", + "nsgRules": "[parameters('networkSecurityGroupRules')]", + "vnetAddressPrefix": "[parameters('virtualNetworkAddressPrefix')]", + "vnetDiagLogs": "[parameters('virtualNetworkDiagnosticsLogs')]", + "vnetDiagMetrics": "[parameters('virtualNetworkDiagnosticsMetrics')]", + "subnetAddressPrefix": "[parameters('subnetAddressPrefix')]" + } + ] + }, + "resourcePrefix": { + "value": "[parameters('identifier')]" + }, + "stampIndex": { + "value": "[parameters('stampIndex')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "16881625523433024595" + } + }, + "parameters": { + "deploymentNameSuffix": { + "type": "string" + }, + "environmentAbbreviation": { + "type": "string" + }, + "location": { + "type": "string" + }, + "networks": { + "type": "array" + }, + "resourcePrefix": { + "type": "string" + }, + "stampIndex": { + "type": "string", + "defaultValue": "" + } + }, + "variables": { + "copy": [ + { + "name": "privateDnsZoneNames_Backup", + "count": "[length(items(variables('locations')))]", + "input": "[format('privatelink.{0}.backup.windowsazure.{1}', items(variables('locations'))[copyIndex('privateDnsZoneNames_Backup')].value.recoveryServicesGeo, coalesce(variables('privateDnsZoneSuffixes_Backup')[environment().name], variables('cloudSuffix')))]" + } + ], + "$fxv#0": { + "AzureChina": { + "chinaeast": { + "abbreviation": "cne", + "recoveryServicesGeo": "sha", + "timeDifference": "+8:00", + "timeZone": "China Standard Time" + }, + "chinaeast2": { + "abbreviation": "cne2", + "recoveryServicesGeo": "sha2", + "timeDifference": "+8:00", + "timeZone": "China Standard Time" + }, + "chinanorth": { + "abbreviation": "cnn", + "recoveryServicesGeo": "bjb", + "timeDifference": "+8:00", + "timeZone": "China Standard Time" + }, + "chinanorth2": { + "abbreviation": "cnn2", + "recoveryServicesGeo": "bjb2", + "timeDifference": "+8:00", + "timeZone": "China Standard Time" + } + }, + "AzureCloud": { + "australiacentral": { + "abbreviation": "auc", + "recoveryServicesGeo": "acl", + "timeDifference": "+10:00", + "timeZone": "AUS Eastern Standard Time" + }, + "australiacentral2": { + "abbreviation": "auc2", + "recoveryServicesGeo": "acl2", + "timeDifference": "+10:00", + "timeZone": "AUS Eastern Standard Time" + }, + "australiaeast": { + "abbreviation": "aue", + "recoveryServicesGeo": "ae", + "timeDifference": "+10:00", + "timeZone": "AUS Eastern Standard Time" + }, + "australiasoutheast": { + "abbreviation": "ause", + "recoveryServicesGeo": "ase", + "timeDifference": "+10:00", + "timeZone": "AUS Eastern Standard Time" + }, + "brazilsouth": { + "abbreviation": "brs", + "recoveryServicesGeo": "brs", + "timeDifference": "-3:00", + "timeZone": "E. South America Standard Time" + }, + "brazilsoutheast": { + "abbreviation": "brse", + "recoveryServicesGeo": "bse", + "timeDifference": "-3:00", + "timeZone": "E. South America Standard Time" + }, + "canadacentral": { + "abbreviation": "cac", + "recoveryServicesGeo": "cnc", + "timeDifference": "-5:00", + "timeZone": "Eastern Standard Time" + }, + "canadaeast": { + "abbreviation": "cae", + "recoveryServicesGeo": "cne", + "timeDifference": "-5:00", + "timeZone": "Eastern Standard Time" + }, + "centralindia": { + "abbreviation": "inc", + "recoveryServicesGeo": "inc", + "timeDifference": "+5:30", + "timeZone": "India Standard Time" + }, + "centralus": { + "abbreviation": "usc", + "recoveryServicesGeo": "cus", + "timeDifference": "-6:00", + "timeZone": "Central Standard Time" + }, + "eastasia": { + "abbreviation": "ase", + "recoveryServicesGeo": "ea", + "timeDifference": "+8:00", + "timeZone": "China Standard Time" + }, + "eastus": { + "abbreviation": "use", + "recoveryServicesGeo": "eus", + "timeDifference": "-5:00", + "timeZone": "Eastern Standard Time" + }, + "eastus2": { + "abbreviation": "use2", + "recoveryServicesGeo": "eus2", + "timeDifference": "-5:00", + "timeZone": "Eastern Standard Time" + }, + "francecentral": { + "abbreviation": "frc", + "recoveryServicesGeo": "frc", + "timeDifference": "+1:00", + "timeZone": "Central Europe Standard Time" + }, + "francesouth": { + "abbreviation": "frs", + "recoveryServicesGeo": "frs", + "timeDifference": "+1:00", + "timeZone": "Central Europe Standard Time" + }, + "germanynorth": { + "abbreviation": "den", + "recoveryServicesGeo": "gn", + "timeDifference": "+1:00", + "timeZone": "Central Europe Standard Time" + }, + "germanywestcentral": { + "abbreviation": "dewc", + "recoveryServicesGeo": "gwc", + "timeDifference": "+1:00", + "timeZone": "Central Europe Standard Time" + }, + "israelcentral": { + "abbreviation": "ilc", + "recoveryServicesGeo": "ilc", + "timeDifference": "+2:00", + "timeZone": "Israel Standard Time" + }, + "italynorth": { + "abbreviation": "itn", + "recoveryServicesGeo": "itn", + "timeDifference": "+1:00", + "timeZone": "Central Europe Standard Time" + }, + "japaneast": { + "abbreviation": "jpe", + "recoveryServicesGeo": "jpe", + "timeDifference": "+9:00", + "timeZone": "Tokyo Standard Time" + }, + "japanwest": { + "abbreviation": "jpw", + "recoveryServicesGeo": "jpw", + "timeDifference": "+9:00", + "timeZone": "Tokyo Standard Time" + }, + "jioindiacentral": { + "abbreviation": "injc", + "recoveryServicesGeo": "jic", + "timeDifference": "+5:30", + "timeZone": "India Standard Time" + }, + "jioindiawest": { + "abbreviation": "injw", + "recoveryServicesGeo": "jiw", + "timeDifference": "+5:30", + "timeZone": "India Standard Time" + }, + "koreacentral": { + "abbreviation": "krc", + "recoveryServicesGeo": "krc", + "timeDifference": "+9:00", + "timeZone": "Korea Standard Time" + }, + "koreasouth": { + "abbreviation": "krs", + "recoveryServicesGeo": "krs", + "timeDifference": "+9:00", + "timeZone": "Korea Standard Time" + }, + "northcentralus": { + "abbreviation": "usnc", + "recoveryServicesGeo": "ncus", + "timeDifference": "-6:00", + "timeZone": "Central Standard Time" + }, + "northeurope": { + "abbreviation": "eun", + "recoveryServicesGeo": "ne", + "timeDifference": "0:00", + "timeZone": "GMT Standard Time" + }, + "norwayeast": { + "abbreviation": "noe", + "recoveryServicesGeo": "nwe", + "timeDifference": "+1:00", + "timeZone": "Central Europe Standard Time" + }, + "norwaywest": { + "abbreviation": "now", + "recoveryServicesGeo": "nww", + "timeDifference": "+1:00", + "timeZone": "Central Europe Standard Time" + }, + "polandcentral": { + "abbreviation": "plc", + "recoveryServicesGeo": "plc", + "timeDifference": "+1:00", + "timeZone": "Central Europe Standard Time" + }, + "qatarcentral": { + "abbreviation": "qac", + "recoveryServicesGeo": "qac", + "timeDifference": "+3:00", + "timeZone": "Arabian Standard Time" + }, + "southafricanorth": { + "abbreviation": "zan", + "recoveryServicesGeo": "san", + "timeDifference": "+2:00", + "timeZone": "South Africa Standard Time" + }, + "southafricawest": { + "abbreviation": "zaw", + "recoveryServicesGeo": "saw", + "timeDifference": "+2:00", + "timeZone": "South Africa Standard Time" + }, + "southcentralus": { + "abbreviation": "ussc", + "recoveryServicesGeo": "scus", + "timeDifference": "-6:00", + "timeZone": "Central Standard Time" + }, + "southeastasia": { + "abbreviation": "asse", + "recoveryServicesGeo": "sea", + "timeDifference": "+8:00", + "timeZone": "Singapore Standard Time" + }, + "southindia": { + "abbreviation": "ins", + "recoveryServicesGeo": "ins", + "timeDifference": "+5:30", + "timeZone": "India Standard Time" + }, + "swedencentral": { + "abbreviation": "sec", + "recoveryServicesGeo": "sdc", + "timeDifference": "+1:00", + "timeZone": "Central Europe Standard Time" + }, + "switzerlandnorth": { + "abbreviation": "chn", + "recoveryServicesGeo": "szn", + "timeDifference": "+1:00", + "timeZone": "Central Europe Standard Time" + }, + "switzerlandwest": { + "abbreviation": "chw", + "recoveryServicesGeo": "szw", + "timeDifference": "+1:00", + "timeZone": "Central Europe Standard Time" + }, + "uaecentral": { + "abbreviation": "aec", + "recoveryServicesGeo": "uac", + "timeDifference": "+3:00", + "timeZone": "Arabian Standard Time" + }, + "uaenorth": { + "abbreviation": "aen", + "recoveryServicesGeo": "uan", + "timeDifference": "+3:00", + "timeZone": "Arabian Standard Time" + }, + "uksouth": { + "abbreviation": "uks", + "recoveryServicesGeo": "uks", + "timeDifference": "0:00", + "timeZone": "GMT Standard Time" + }, + "ukwest": { + "abbreviation": "ukw", + "recoveryServicesGeo": "ukw", + "timeDifference": "0:00", + "timeZone": "GMT Standard Time" + }, + "westcentralus": { + "abbreviation": "uswc", + "recoveryServicesGeo": "wcus", + "timeDifference": "-7:00", + "timeZone": "Mountain Standard Time" + }, + "westeurope": { + "abbreviation": "euw", + "recoveryServicesGeo": "we", + "timeDifference": "+1:00", + "timeZone": "Central Europe Standard Time" + }, + "westindia": { + "abbreviation": "inw", + "recoveryServicesGeo": "inw", + "timeDifference": "+5:30", + "timeZone": "India Standard Time" + }, + "westus": { + "abbreviation": "usw", + "recoveryServicesGeo": "wus", + "timeDifference": "-8:00", + "timeZone": "Pacific Standard Time" + }, + "westus2": { + "abbreviation": "usw2", + "recoveryServicesGeo": "wus2", + "timeDifference": "-8:00", + "timeZone": "Pacific Standard Time" + }, + "westus3": { + "abbreviation": "usw3", + "recoveryServicesGeo": "wus3", + "timeDifference": "-7:00", + "timeZone": "Mountain Standard Time" + } + }, + "AzureUSGovernment": { + "usdodcentral": { + "abbreviation": "dodc", + "recoveryServicesGeo": "udc", + "timeDifference": "-6:00", + "timeZone": "Central Standard Time" + }, + "usdodeast": { + "abbreviation": "dode", + "recoveryServicesGeo": "ude", + "timeDifference": "-5:00", + "timeZone": "Eastern Standard Time" + }, + "usgovarizona": { + "abbreviation": "az", + "recoveryServicesGeo": "uga", + "timeDifference": "-7:00", + "timeZone": "Mountain Standard Time" + }, + "usgovtexas": { + "abbreviation": "tx", + "recoveryServicesGeo": "ugt", + "timeDifference": "-6:00", + "timeZone": "Central Standard Time" + }, + "usgovvirginia": { + "abbreviation": "va", + "recoveryServicesGeo": "ugv", + "timeDifference": "-5:00", + "timeZone": "Eastern Standard Time" + } + }, + "USNat": { + "usnateast": { + "abbreviation": "east", + "recoveryServicesGeo": "exe", + "timeDifference": "-5:00", + "timeZone": "Eastern Standard Time" + }, + "usnatwest": { + "abbreviation": "west", + "recoveryServicesGeo": "exw", + "timeDifference": "-8:00", + "timeZone": "Pacific Standard Time" + } + }, + "USSec": { + "usseceast": { + "abbreviation": "east", + "recoveryServicesGeo": "rxe", + "timeDifference": "-5:00", + "timeZone": "Eastern Standard Time" + }, + "ussecwest": { + "abbreviation": "west", + "recoveryServicesGeo": "rxw", + "timeDifference": "-8:00", + "timeZone": "Pacific Standard Time" + } + } + }, + "$fxv#1": "1.0.0", + "$fxv#2": { + "actionGroups": "ag", + "applicationGroups": "vdag", + "automationAccounts": "aa", + "availabilitySets": "avail", + "azureFirewalls": "afw", + "bastionHosts": "bas", + "computeGallieries": "cg", + "dataCollectionRuleAssociations": "dcra", + "dataCollectionRules": "dcr", + "diagnosticSettings": "diag", + "diskAccesses": "da", + "diskEncryptionSets": "des", + "disks": "disk", + "firewallPolicies": "afwp", + "hostPools": "vdpool", + "ipConfigurations": "ipconf", + "keyVaults": "kv", + "logAnalyticsWorkspaces": "log", + "netAppAccounts": "naa", + "netAppCapacityPools": "nacp", + "networkInterfaces": "nic", + "networkSecurityGroups": "nsg", + "networkWatchers": "nw", + "privateEndpoints": "pe", + "privateLinkScopes": "pls", + "publicIPAddresses": "pip", + "recoveryServicesVaults": "rsv", + "remoteApplicationGroups": "vdag", + "resourceGroups": "rg", + "routeTables": "rt", + "storageAccounts": "st", + "subnets": "snet", + "userAssignedIdentities": "id", + "virtualMachines": "vm", + "virtualNetworks": "vnet", + "workspaces": "vdws" + }, + "cloudSuffix": "[replace(replace(environment().resourceManager, 'https://management.', ''), '/', '')]", + "environmentName": { + "dev": "Development", + "prod": "Production", + "test": "Test" + }, + "locations": "[variables('$fxv#0')[environment().name]]", + "mlzTags": { + "environment": "[variables('environmentName')[parameters('environmentAbbreviation')]]", + "landingZoneName": "MissionLandingZone", + "landingZoneVersion": "[variables('$fxv#1')]", + "resourcePrefix": "[parameters('resourcePrefix')]" + }, + "resourceAbbreviations": "[variables('$fxv#2')]", + "tokens": { + "resource": "resource_token", + "service": "service_token" + }, + "privateDnsZoneNames": "[union(createArray(format('privatelink.agentsvc.azure-automation.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureAutomation')[environment().name], variables('cloudSuffix'))), format('privatelink.azure-automation.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureAutomation')[environment().name], variables('cloudSuffix'))), format('privatelink.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureWebSites')[environment().name], format('appservice.{0}', variables('cloudSuffix')))), format('scm.privatelink.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureWebSites')[environment().name], format('appservice.{0}', variables('cloudSuffix')))), format('privatelink.wvd.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureVirtualDesktop')[environment().name], variables('cloudSuffix'))), format('privatelink-global.wvd.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureVirtualDesktop')[environment().name], variables('cloudSuffix'))), format('privatelink.file.{0}', environment().suffixes.storage), format('privatelink.queue.{0}', environment().suffixes.storage), format('privatelink.table.{0}', environment().suffixes.storage), format('privatelink.blob.{0}', environment().suffixes.storage), format('privatelink{0}', replace(environment().suffixes.keyvaultDns, 'vault', 'vaultcore')), format('privatelink.monitor.{0}', coalesce(variables('privateDnsZoneSuffixes_Monitor')[environment().name], variables('cloudSuffix'))), format('privatelink.ods.opinsights.{0}', coalesce(variables('privateDnsZoneSuffixes_Monitor')[environment().name], variables('cloudSuffix'))), format('privatelink.oms.opinsights.{0}', coalesce(variables('privateDnsZoneSuffixes_Monitor')[environment().name], variables('cloudSuffix')))), variables('privateDnsZoneNames_Backup'))]", + "privateDnsZoneSuffixes_AzureAutomation": { + "AzureCloud": "net", + "AzureUSGovernment": "us", + "USNat": null, + "USSec": null + }, + "privateDnsZoneSuffixes_AzureVirtualDesktop": { + "AzureCloud": "microsoft.com", + "AzureUSGovernment": "azure.us", + "USNat": null, + "USSec": null + }, + "privateDnsZoneSuffixes_AzureWebSites": { + "AzureCloud": "azurewebsites.net", + "AzureUSGovernment": "azurewebsites.us", + "USNat": null, + "USSec": null + }, + "privateDnsZoneSuffixes_Backup": { + "AzureCloud": "com", + "AzureUSGovernment": "us", + "USNat": null, + "USSec": null + }, + "privateDnsZoneSuffixes_Monitor": { + "AzureCloud": "azure.com", + "AzureUSGovernment": "azure.us", + "USNat": null, + "USSec": null + } + }, + "resources": [ + { + "copy": { + "name": "namingConventions", + "count": "[length(parameters('networks'))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('naming-convention-{0}-{1}', parameters('networks')[copyIndex()].name, parameters('deploymentNameSuffix'))]", + "location": "[deployment().location]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "locationAbbreviation": { + "value": "[variables('locations')[parameters('location')].abbreviation]" + }, + "environmentAbbreviation": { + "value": "[parameters('environmentAbbreviation')]" + }, + "networkName": { + "value": "[parameters('networks')[copyIndex()].name]" + }, + "networkShortName": { + "value": "[parameters('networks')[copyIndex()].shortName]" + }, + "resourceAbbreviations": { + "value": "[variables('resourceAbbreviations')]" + }, + "resourcePrefix": { + "value": "[parameters('resourcePrefix')]" + }, + "stampIndex": { + "value": "[parameters('stampIndex')]" + }, + "subscriptionId": { + "value": "[parameters('networks')[copyIndex()].subscriptionId]" + }, + "tokens": { + "value": "[variables('tokens')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "2390405762046931912" + } + }, + "parameters": { + "environmentAbbreviation": { + "type": "string" + }, + "locationAbbreviation": { + "type": "string" + }, + "networkName": { + "type": "string" + }, + "networkShortName": { + "type": "string" + }, + "resourceAbbreviations": { + "type": "object" + }, + "resourcePrefix": { + "type": "string" + }, + "stampIndex": { + "type": "string", + "defaultValue": "" + }, + "subscriptionId": { + "type": "string" + }, + "tokens": { + "type": "object" + } + }, + "variables": { + "namingConvention": "[format('{0}-{1}{2}-{3}-{4}-{5}', toLower(parameters('resourcePrefix')), if(empty(parameters('stampIndex')), '', format('{0}-', parameters('stampIndex'))), parameters('tokens').resource, parameters('networkName'), parameters('environmentAbbreviation'), parameters('locationAbbreviation'))]", + "namingConvention_Service": "[format('{0}-{1}{2}-{3}-{4}-{5}-{6}', toLower(parameters('resourcePrefix')), if(empty(parameters('stampIndex')), '', format('{0}-', parameters('stampIndex'))), parameters('tokens').resource, parameters('tokens').service, parameters('networkName'), parameters('environmentAbbreviation'), parameters('locationAbbreviation'))]", + "names": { + "actionGroup": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').actionGroups)]", + "applicationGroup": "[replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').applicationGroups)]", + "automationAccount": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').automationAccounts)]", + "automationAccountDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, parameters('resourceAbbreviations').automationAccounts)]", + "automationAccountNetworkInterface": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, parameters('resourceAbbreviations').automationAccounts)]", + "automationAccountPrivateEndpoint": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').privateEndpoints), parameters('tokens').service, parameters('resourceAbbreviations').automationAccounts)]", + "availabilitySet": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').availabilitySets)]", + "azureFirewall": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').azureFirewalls)]", + "azureFirewallClientPublicIPAddress": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').publicIpAddresses), parameters('tokens').service, format('client-{0}', parameters('resourceAbbreviations').azureFirewalls))]", + "azureFirewallClientPublicIPAddressDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, format('{0}-client-{1}', parameters('resourceAbbreviations').publicIpAddresses, parameters('resourceAbbreviations').azureFirewalls))]", + "azureFirewallDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, parameters('resourceAbbreviations').azureFirewalls)]", + "azureFirewallManagementPublicIPAddress": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').publicIpAddresses), parameters('tokens').service, format('mgmt-{0}', parameters('resourceAbbreviations').azureFirewalls))]", + "azureFirewallManagementPublicIPAddressDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, format('{0}-mgmt-{1}', parameters('resourceAbbreviations').publicIpAddresses, parameters('resourceAbbreviations').azureFirewalls))]", + "azureFirewallPolicy": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').firewallPolicies)]", + "bastionHost": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').bastionHosts)]", + "bastionHostPublicIPAddress": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').publicIpAddresses), parameters('tokens').service, parameters('resourceAbbreviations').bastionHosts)]", + "bastionHostPublicIPAddressDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, format('{0}-{1}', parameters('resourceAbbreviations').publicIpAddresses, parameters('resourceAbbreviations').bastionHosts))]", + "computeGallery": "[replace(replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').computeGallieries), '-', '_')]", + "dataCollectionRuleAssociation": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').dataCollectionRuleAssociations)]", + "dataCollectionRule": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').dataCollectionRules)]", + "diskAccess": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').diskAccesses)]", + "diskEncryptionSet": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').diskEncryptionSets)]", + "hostPool": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').hostPools)]", + "hostPoolDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, parameters('resourceAbbreviations').hostPools)]", + "hostPoolNetworkInterface": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, parameters('resourceAbbreviations').hostPools)]", + "hostPoolPrivateEndpoint": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').privateEndpoints), parameters('tokens').service, parameters('resourceAbbreviations').hostPools)]", + "keyVault": "[format('{0}{1}', replace(replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').keyVaults), '-', ''), parameters('networkName'), parameters('networkShortName')), uniqueString(parameters('resourcePrefix'), parameters('environmentAbbreviation'), parameters('subscriptionId')))]", + "keyVaultDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, format('{0}{1}', parameters('tokens').service, parameters('resourceAbbreviations').keyVaults))]", + "keyVaultNetworkInterface": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, format('{0}{1}', parameters('tokens').service, parameters('resourceAbbreviations').keyVaults))]", + "keyVaultPrivateEndpoint": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').privateEndpoints), parameters('tokens').service, format('{0}{1}', parameters('tokens').service, parameters('resourceAbbreviations').keyVaults))]", + "logAnalyticsWorkspace": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').logAnalyticsWorkspaces)]", + "logAnalyticsWorkspaceDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, parameters('resourceAbbreviations').logAnalyticsWorkspaces)]", + "netAppAccountCapacityPool": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').netAppCapacityPools)]", + "netAppAccount": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').netAppAccounts)]", + "networkSecurityGroup": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').networkSecurityGroups)]", + "networkSecurityGroupDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, parameters('resourceAbbreviations').networkSecurityGroups)]", + "networkWatcher": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').networkWatchers)]", + "privateLinkScope": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').privateLinkScopes)]", + "privateLinkScopeNetworkInterface": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, parameters('resourceAbbreviations').privateLinkScopes)]", + "privateLinkScopePrivateEndpoint": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').privateEndpoints), parameters('tokens').service, parameters('resourceAbbreviations').privateLinkScopes)]", + "recoveryServicesVault": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').recoveryServicesVaults)]", + "recoveryServicesNetworkInterface": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, parameters('resourceAbbreviations').recoveryServicesVaults)]", + "recoveryServicesPrivateEndpoint": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').privateEndpoints), parameters('tokens').service, parameters('resourceAbbreviations').recoveryServicesVaults)]", + "resourceGroup": "[replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').resourceGroups)]", + "routeTable": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').routeTables)]", + "storageAccount": "[toLower(replace(replace(replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').storageAccounts), parameters('networkName'), parameters('networkShortName')), '-', ''))]", + "storageAccountNetworkInterface": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').storageAccounts))]", + "storageAccountPrivateEndpoint": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').privateEndpoints), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').storageAccounts))]", + "subnet": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').subnets)]", + "userAssignedIdentity": "[replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').userAssignedIdentities)]", + "virtualMachine": "[replace(replace(replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').virtualMachines), parameters('environmentAbbreviation'), first(parameters('environmentAbbreviation'))), parameters('networkName'), ''), '-', '')]", + "virtualMachineDisk": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').disks), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').virtualMachines))]", + "virtualMachineNetworkInterface": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').virtualMachines))]", + "virtualNetwork": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').virtualNetworks)]", + "virtualNetworkDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, parameters('resourceAbbreviations').virtualNetworks)]", + "workspaceFeed": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').workspaces), format('-{0}', parameters('stampIndex')), '')]", + "workspaceFeedDiagnosticSetting": "[replace(replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').workspaces)), format('-{0}', parameters('stampIndex')), '')]", + "workspaceFeedNetworkInterface": "[replace(replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').workspaces)), format('-{0}', parameters('stampIndex')), '')]", + "workspaceFeedPrivateEndpoint": "[replace(replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').privateEndpoints), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').workspaces)), format('-{0}', parameters('stampIndex')), '')]", + "workspaceGlobal": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').workspaces), format('-{0}', parameters('stampIndex')), '')]", + "workspaceGlobalDiagnosticSetting": "[replace(replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').workspaces)), format('-{0}', parameters('stampIndex')), '')]", + "workspaceGlobalNetworkInterface": "[replace(replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').workspaces)), format('-{0}', parameters('stampIndex')), '')]", + "workspaceGlobalPrivateEndpoint": "[replace(replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').privateEndpoints), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').workspaces)), format('-{0}', parameters('stampIndex')), '')]" + } + }, + "resources": [], + "outputs": { + "names": { + "type": "object", + "value": "[variables('names')]" + } + } + } + } + } + ], + "outputs": { + "locationProperties": { + "type": "object", + "value": "[variables('locations')[parameters('location')]]" + }, + "mlzTags": { + "type": "object", + "value": "[variables('mlzTags')]" + }, + "privateDnsZones": { + "type": "array", + "value": "[variables('privateDnsZoneNames')]" + }, + "tiers": { + "type": "array", + "copy": { + "count": "[length(parameters('networks'))]", + "input": { + "name": "[parameters('networks')[copyIndex()].name]", + "shortName": "[parameters('networks')[copyIndex()].shortName]", + "deployUniqueResources": "[parameters('networks')[copyIndex()].deployUniqueResources]", + "subscriptionId": "[parameters('networks')[copyIndex()].subscriptionId]", + "nsgDiagLogs": "[parameters('networks')[copyIndex()].nsgDiagLogs]", + "nsgDiagMetrics": "[parameters('networks')[copyIndex()].nsgDiagMetrics]", + "nsgRules": "[parameters('networks')[copyIndex()].nsgRules]", + "vnetAddressPrefix": "[parameters('networks')[copyIndex()].vnetAddressPrefix]", + "vnetDiagLogs": "[parameters('networks')[copyIndex()].vnetDiagLogs]", + "vnetDiagMetrics": "[parameters('networks')[copyIndex()].vnetDiagMetrics]", + "subnetAddressPrefix": "[parameters('networks')[copyIndex()].subnetAddressPrefix]", + "namingConvention": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('naming-convention-{0}-{1}', parameters('networks')[copyIndex()].name, parameters('deploymentNameSuffix'))), '2022-09-01').outputs.names.value]" + } + } + }, + "tokens": { + "type": "object", + "value": "[variables('tokens')]" + } + } + } + } + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-rg-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))]", + "location": "[deployment().location]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "location": { + "value": "[parameters('location')]" + }, + "mlzTags": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.mlzTags.value]" + }, + "name": { + "value": "[replace(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value[0].namingConvention.resourceGroup, reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value.service, 'network')]" + }, + "tags": { + "value": "[parameters('tags')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "11578255285976861685" + } + }, + "parameters": { + "mlzTags": { + "type": "object" + }, + "name": { + "type": "string" + }, + "location": { + "type": "string" + }, + "tags": { + "type": "object", + "defaultValue": {} + } + }, + "resources": [ + { + "type": "Microsoft.Resources/resourceGroups", + "apiVersion": "2019-05-01", + "name": "[parameters('name')]", + "location": "[parameters('location')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Resources/resourceGroups'), parameters('tags')['Microsoft.Resources/resourceGroups'], createObject()), parameters('mlzTags'))]" + } + ], + "outputs": { + "id": { + "type": "string", + "value": "[subscriptionResourceId('Microsoft.Resources/resourceGroups', parameters('name'))]" + }, + "name": { + "type": "string", + "value": "[parameters('name')]" + }, + "location": { + "type": "string", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/resourceGroups', parameters('name')), '2019-05-01', 'full').location]" + }, + "tags": { + "type": "object", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/resourceGroups', parameters('name')), '2019-05-01', 'full').tags]" + } + } + } + }, + "dependsOn": [ + "[subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]" + ] + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-networking-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))]", + "location": "[deployment().location]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "additionalSubnets": { + "value": "[parameters('additionalSubnets')]" + }, + "deploymentNameSuffix": { + "value": "[parameters('deploymentNameSuffix')]" + }, + "deployNetworkWatcher": { + "value": "[parameters('deployNetworkWatcher')]" + }, + "firewallSkuTier": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('firewallResourceId'), '/')[2], split(parameters('firewallResourceId'), '/')[4]), 'Microsoft.Network/azureFirewalls', split(parameters('firewallResourceId'), '/')[8]), '2020-11-01').sku.tier]" + }, + "hubVirtualNetworkResourceId": { + "value": "[parameters('hubVirtualNetworkResourceId')]" + }, + "location": { + "value": "[parameters('location')]" + }, + "mlzTags": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.mlzTags.value]" + }, + "networkSecurityGroupName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value[0].namingConvention.networkSecurityGroup]" + }, + "networkSecurityGroupRules": { + "value": "[parameters('networkSecurityGroupRules')]" + }, + "networkWatcherName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value[0].namingConvention.networkWatcher]" + }, + "resourceGroupName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" + }, + "routeTableName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value[0].namingConvention.routeTable]" + }, + "routeTableRouteNextHopIpAddress": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('firewallResourceId'), '/')[2], split(parameters('firewallResourceId'), '/')[4]), 'Microsoft.Network/azureFirewalls', split(parameters('firewallResourceId'), '/')[8]), '2020-11-01').ipConfigurations[0].properties.privateIPAddress]" + }, + "subnetAddressPrefix": { + "value": "[parameters('subnetAddressPrefix')]" + }, + "subnetName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value[0].namingConvention.subnet]" + }, + "subscriptionId": { + "value": "[variables('subscriptionId')]" + }, + "tags": { + "value": "[parameters('tags')]" + }, + "virtualNetworkAddressPrefix": { + "value": "[parameters('virtualNetworkAddressPrefix')]" + }, + "virtualNetworkName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value[0].namingConvention.virtualNetwork]" + }, + "vNetDnsServers": { + "value": [ + "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('firewallResourceId'), '/')[2], split(parameters('firewallResourceId'), '/')[4]), 'Microsoft.Network/azureFirewalls', split(parameters('firewallResourceId'), '/')[8]), '2020-11-01').ipConfigurations[0].properties.privateIPAddress]" + ] + }, + "workloadName": { + "value": "[toLower(parameters('workloadName'))]" + }, + "workloadShortName": { + "value": "[parameters('workloadShortName')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "3012486009507231873" + } + }, + "parameters": { + "additionalSubnets": { + "type": "array" + }, + "deploymentNameSuffix": { + "type": "string" + }, + "deployNetworkWatcher": { + "type": "bool" + }, + "firewallSkuTier": { + "type": "string" + }, + "hubVirtualNetworkResourceId": { + "type": "string" + }, + "location": { + "type": "string" + }, + "mlzTags": { + "type": "object" + }, + "networkSecurityGroupName": { + "type": "string" + }, + "networkSecurityGroupRules": { + "type": "array" + }, + "networkWatcherName": { + "type": "string" + }, + "resourceGroupName": { + "type": "string" + }, + "routeTableName": { + "type": "string" + }, + "routeTableRouteNextHopIpAddress": { + "type": "string" + }, + "subnetAddressPrefix": { + "type": "string" + }, + "subnetName": { + "type": "string" + }, + "subscriptionId": { + "type": "string" + }, + "tags": { + "type": "object" + }, + "vNetDnsServers": { + "type": "array" + }, + "virtualNetworkAddressPrefix": { + "type": "string" + }, + "virtualNetworkName": { + "type": "string" + }, + "workloadName": { + "type": "string" + }, + "workloadShortName": { + "type": "string" + } + }, + "resources": [ + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "spokeNetwork", + "location": "[deployment().location]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "additionalSubnets": { + "value": "[parameters('additionalSubnets')]" + }, + "deployNetworkWatcher": { + "value": "[parameters('deployNetworkWatcher')]" + }, + "firewallSkuTier": { + "value": "[parameters('firewallSkuTier')]" + }, + "location": { + "value": "[parameters('location')]" + }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, + "networkSecurityGroupName": { + "value": "[parameters('networkSecurityGroupName')]" + }, + "networkSecurityGroupRules": { + "value": "[parameters('networkSecurityGroupRules')]" + }, + "networkWatcherName": { + "value": "[parameters('networkWatcherName')]" + }, + "resourceGroupName": { + "value": "[parameters('resourceGroupName')]" + }, + "routeTableName": { + "value": "[parameters('routeTableName')]" + }, + "routeTableRouteNextHopIpAddress": { + "value": "[parameters('routeTableRouteNextHopIpAddress')]" + }, + "subnetAddressPrefix": { + "value": "[parameters('subnetAddressPrefix')]" + }, + "subnetName": { + "value": "[parameters('subnetName')]" + }, + "subscriptionId": { + "value": "[parameters('subscriptionId')]" + }, + "tags": { + "value": "[parameters('tags')]" + }, + "virtualNetworkAddressPrefix": { + "value": "[parameters('virtualNetworkAddressPrefix')]" + }, + "virtualNetworkName": { + "value": "[parameters('virtualNetworkName')]" + }, + "vNetDnsServers": { + "value": "[parameters('vNetDnsServers')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "4742978871908330688" + } + }, + "parameters": { + "additionalSubnets": { + "type": "array", + "defaultValue": [] + }, + "deployNetworkWatcher": { + "type": "bool" + }, + "firewallSkuTier": { + "type": "string" + }, + "location": { + "type": "string" + }, + "mlzTags": { + "type": "object" + }, + "networkSecurityGroupName": { + "type": "string" + }, + "networkSecurityGroupRules": { + "type": "array" + }, + "networkWatcherName": { + "type": "string" + }, + "resourceGroupName": { + "type": "string" + }, + "routeTableName": { + "type": "string" + }, + "routeTableRouteNextHopIpAddress": { + "type": "string" + }, + "subnetAddressPrefix": { + "type": "string" + }, + "subnetName": { + "type": "string" + }, + "subscriptionId": { + "type": "string" + }, + "tags": { + "type": "object" + }, + "virtualNetworkAddressPrefix": { + "type": "string" + }, + "virtualNetworkName": { + "type": "string" + }, + "vNetDnsServers": { + "type": "array" + } + }, + "variables": { + "delegations": { + "AzureNetAppFiles": [ + { + "name": "Microsoft.Netapp.volumes", + "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets/delegations', parameters('virtualNetworkName'), 'AzureNetAppFiles', 'Microsoft.Netapp.volumes')]", + "properties": { + "serviceName": "Microsoft.Netapp/volumes" + }, + "type": "Microsoft.Network/virtualNetworks/subnets/delegations" + } + ] + }, + "subnets": "[union(createArray(createObject('name', parameters('subnetName'), 'properties', createObject('addressPrefix', parameters('subnetAddressPrefix')))), parameters('additionalSubnets'))]" + }, + "resources": [ + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "networkSecurityGroup", + "subscriptionId": "[parameters('subscriptionId')]", + "resourceGroup": "[parameters('resourceGroupName')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "location": { + "value": "[parameters('location')]" + }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, + "name": { + "value": "[parameters('networkSecurityGroupName')]" + }, + "securityRules": { + "value": "[parameters('networkSecurityGroupRules')]" + }, + "tags": { + "value": "[parameters('tags')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "12935581119437417634" + } + }, + "parameters": { + "location": { + "type": "string" + }, + "mlzTags": { + "type": "object" + }, + "name": { + "type": "string" + }, + "securityRules": { + "type": "array" + }, + "tags": { + "type": "object" + } + }, + "resources": [ + { + "type": "Microsoft.Network/networkSecurityGroups", + "apiVersion": "2021-02-01", + "name": "[parameters('name')]", + "location": "[parameters('location')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Network/networkSecurityGroups'), parameters('tags')['Microsoft.Network/networkSecurityGroups'], createObject()), parameters('mlzTags'))]", + "properties": { + "securityRules": "[parameters('securityRules')]" + } + } + ], + "outputs": { + "id": { + "type": "string", + "value": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('name'))]" + }, + "name": { + "type": "string", + "value": "[parameters('name')]" + } + } + } + } + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "routeTable", + "subscriptionId": "[parameters('subscriptionId')]", + "resourceGroup": "[parameters('resourceGroupName')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "disableBgpRoutePropagation": { + "value": true + }, + "location": { + "value": "[parameters('location')]" + }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, + "name": { + "value": "[parameters('routeTableName')]" + }, + "routeNextHopIpAddress": { + "value": "[parameters('routeTableRouteNextHopIpAddress')]" + }, + "tags": { + "value": "[parameters('tags')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "18262399193161292353" + } + }, + "parameters": { + "disableBgpRoutePropagation": { + "type": "bool" + }, + "location": { + "type": "string" + }, + "mlzTags": { + "type": "object" + }, + "name": { + "type": "string" + }, + "routeAddressPrefix": { + "type": "string", + "defaultValue": "0.0.0.0/0" + }, + "routeName": { + "type": "string", + "defaultValue": "default_route" + }, + "routeNextHopIpAddress": { + "type": "string" + }, + "routeNextHopType": { + "type": "string", + "defaultValue": "VirtualAppliance" + }, + "tags": { + "type": "object" + } + }, + "resources": [ + { + "type": "Microsoft.Network/routeTables", + "apiVersion": "2021-02-01", + "name": "[parameters('name')]", + "location": "[parameters('location')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Network/routeTables'), parameters('tags')['Microsoft.Network/routeTables'], createObject()), parameters('mlzTags'))]", + "properties": { + "disableBgpRoutePropagation": "[parameters('disableBgpRoutePropagation')]", + "routes": [ + { + "name": "[parameters('routeName')]", + "properties": { + "addressPrefix": "[parameters('routeAddressPrefix')]", + "nextHopIpAddress": "[parameters('routeNextHopIpAddress')]", + "nextHopType": "[parameters('routeNextHopType')]" + } + } + ] + } + } + ], + "outputs": { + "id": { + "type": "string", + "value": "[resourceId('Microsoft.Network/routeTables', parameters('name'))]" + }, + "name": { + "type": "string", + "value": "[parameters('name')]" + } + } + } + } + }, + { + "condition": "[parameters('deployNetworkWatcher')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "networkWatcher", + "subscriptionId": "[parameters('subscriptionId')]", + "resourceGroup": "[parameters('resourceGroupName')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "location": { + "value": "[parameters('location')]" + }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, + "name": { + "value": "[parameters('networkWatcherName')]" + }, + "tags": { + "value": "[parameters('tags')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "13830033528097307473" + } + }, + "parameters": { + "location": { + "type": "string" + }, + "mlzTags": { + "type": "object" + }, + "name": { + "type": "string" + }, + "tags": { + "type": "object" + } + }, + "resources": [ + { + "type": "Microsoft.Network/networkWatchers", + "apiVersion": "2021-02-01", + "name": "[parameters('name')]", + "location": "[parameters('location')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Network/networkWatchers'), parameters('tags')['Microsoft.Network/networkWatchers'], createObject()), parameters('mlzTags'))]", + "properties": {} + } + ] + } + } + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "virtualNetwork", + "subscriptionId": "[parameters('subscriptionId')]", + "resourceGroup": "[parameters('resourceGroupName')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "addressPrefix": { + "value": "[parameters('virtualNetworkAddressPrefix')]" + }, + "location": { + "value": "[parameters('location')]" + }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, + "name": { + "value": "[parameters('virtualNetworkName')]" + }, + "subnets": { + "copy": [ + { + "name": "value", + "count": "[length(variables('subnets'))]", + "input": "[createObject('name', variables('subnets')[copyIndex('value')].name, 'properties', createObject('addressPrefix', variables('subnets')[copyIndex('value')].properties.addressPrefix, 'delegations', coalesce(tryGet(variables('delegations'), variables('subnets')[copyIndex('value')].name), createArray()), 'networkSecurityGroup', createObject('id', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'networkSecurityGroup'), '2022-09-01').outputs.id.value), 'routeTable', createObject('id', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'routeTable'), '2022-09-01').outputs.id.value), 'privateEndpointNetworkPolicies', 'Disabled', 'privateLinkServiceNetworkPolicies', 'Disabled'))]" + } + ] + }, + "tags": { + "value": "[parameters('tags')]" + }, + "vNetDnsServers": { + "value": "[parameters('vNetDnsServers')]" + }, + "firewallSkuTier": { + "value": "[parameters('firewallSkuTier')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "4325479931624604061" + } + }, + "parameters": { + "addressPrefix": { + "type": "string" + }, + "location": { + "type": "string" + }, + "mlzTags": { + "type": "object" + }, + "name": { + "type": "string" + }, + "subnets": { + "type": "array" + }, + "tags": { + "type": "object" + }, + "vNetDnsServers": { + "type": "array" + }, + "firewallSkuTier": { + "type": "string" + } + }, + "resources": [ + { + "type": "Microsoft.Network/virtualNetworks", + "apiVersion": "2021-02-01", + "name": "[parameters('name')]", + "location": "[parameters('location')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Network/virtualNetworks'), parameters('tags')['Microsoft.Network/virtualNetworks'], createObject()), parameters('mlzTags'))]", + "properties": { + "addressSpace": { + "addressPrefixes": [ + "[parameters('addressPrefix')]" + ] + }, + "subnets": "[parameters('subnets')]", + "dhcpOptions": "[if(and(not(equals(parameters('vNetDnsServers'), null())), or(equals(parameters('firewallSkuTier'), 'Premium'), equals(parameters('firewallSkuTier'), 'Standard'))), createObject('dnsServers', parameters('vNetDnsServers')), null())]" + } + } + ], + "outputs": { + "name": { + "type": "string", + "value": "[parameters('name')]" + }, + "id": { + "type": "string", + "value": "[resourceId('Microsoft.Network/virtualNetworks', parameters('name'))]" + }, + "subnets": { + "type": "array", + "value": "[reference(resourceId('Microsoft.Network/virtualNetworks', parameters('name')), '2021-02-01').subnets]" + }, + "addressPrefix": { + "type": "string", + "value": "[reference(resourceId('Microsoft.Network/virtualNetworks', parameters('name')), '2021-02-01').addressSpace.addressPrefixes[0]]" + } + } + } + }, + "dependsOn": [ + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'networkSecurityGroup')]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'networkWatcher')]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'routeTable')]" + ] + } + ], + "outputs": { + "virtualNetworkName": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.name.value]" + }, + "virtualNetworkResourceId": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.id.value]" + }, + "virtualNetworkAddressPrefix": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.addressPrefix.value]" + }, + "subnetName": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.subnets.value[0].name]" + }, + "subnetAddressPrefix": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.subnets.value[0].properties.addressPrefix]" + }, + "subnetResourceId": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.subnets.value[0].id]" + }, + "networkSecurityGroupName": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'networkSecurityGroup'), '2022-09-01').outputs.name.value]" + }, + "networkSecurityGroupResourceId": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'networkSecurityGroup'), '2022-09-01').outputs.id.value]" + } + } + } + } + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-vnet-peering-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))]", + "location": "[deployment().location]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "hubVirtualNetworkResourceId": { + "value": "[parameters('hubVirtualNetworkResourceId')]" + }, + "resourceGroupName": { + "value": "[parameters('resourceGroupName')]" + }, + "spokeName": { + "value": "[parameters('workloadName')]" + }, + "spokeVirtualNetworkName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', 'spokeNetwork'), '2022-09-01').outputs.virtualNetworkName.value]" + }, + "subscriptionId": { + "value": "[parameters('subscriptionId')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "1081420821337659529" + } + }, + "parameters": { + "hubVirtualNetworkResourceId": { + "type": "string" + }, + "resourceGroupName": { + "type": "string" + }, + "spokeName": { + "type": "string" + }, + "spokeVirtualNetworkName": { + "type": "string" + }, + "subscriptionId": { + "type": "string" + } + }, + "resources": [ + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-to-hub-vnet-peering', parameters('spokeName'))]", + "subscriptionId": "[parameters('subscriptionId')]", + "resourceGroup": "[parameters('resourceGroupName')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "remoteVirtualNetworkResourceId": { + "value": "[parameters('hubVirtualNetworkResourceId')]" + }, + "virtualNetworkName": { + "value": "[parameters('spokeVirtualNetworkName')]" + }, + "virtualNetworkPeerName": { + "value": "[format('to-{0}', split(parameters('hubVirtualNetworkResourceId'), '/')[8])]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "4225396596043462595" + } + }, + "parameters": { + "remoteVirtualNetworkResourceId": { + "type": "string" + }, + "virtualNetworkName": { + "type": "string" + }, + "virtualNetworkPeerName": { + "type": "string" + } + }, + "resources": [ + { + "type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings", + "apiVersion": "2021-02-01", + "name": "[format('{0}/{1}', parameters('virtualNetworkName'), parameters('virtualNetworkPeerName'))]", + "properties": { + "allowForwardedTraffic": true, + "remoteVirtualNetwork": { + "id": "[parameters('remoteVirtualNetworkResourceId')]" + } + } + } + ] + } + } + } + ] + } + }, + "dependsOn": [ + "[subscriptionResourceId('Microsoft.Resources/deployments', 'spokeNetwork')]" + ] + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-vnet-peering-hub-{0}', parameters('deploymentNameSuffix'))]", + "location": "[deployment().location]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "hubVirtualNetworkName": { + "value": "[split(parameters('hubVirtualNetworkResourceId'), '/')[8]]" + }, + "resourceGroupName": { + "value": "[split(parameters('hubVirtualNetworkResourceId'), '/')[4]]" + }, + "spokeName": { + "value": "[parameters('workloadName')]" + }, + "spokeVirtualNetworkResourceId": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', 'spokeNetwork'), '2022-09-01').outputs.virtualNetworkResourceId.value]" + }, + "subscriptionId": { + "value": "[split(parameters('hubVirtualNetworkResourceId'), '/')[2]]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "16991872399359859910" + } + }, + "parameters": { + "hubVirtualNetworkName": { + "type": "string" + }, + "resourceGroupName": { + "type": "string" + }, + "spokeName": { + "type": "string" + }, + "spokeVirtualNetworkResourceId": { + "type": "string" + }, + "subscriptionId": { + "type": "string" + } + }, + "resources": [ + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('hub-to-{0}-vnet-peering', parameters('spokeName'))]", + "subscriptionId": "[parameters('subscriptionId')]", + "resourceGroup": "[parameters('resourceGroupName')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "remoteVirtualNetworkResourceId": { + "value": "[parameters('spokeVirtualNetworkResourceId')]" + }, + "virtualNetworkName": { + "value": "[parameters('hubVirtualNetworkName')]" + }, + "virtualNetworkPeerName": { + "value": "[format('to-{0}', split(parameters('spokeVirtualNetworkResourceId'), '/')[8])]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "4225396596043462595" + } + }, + "parameters": { + "remoteVirtualNetworkResourceId": { + "type": "string" + }, + "virtualNetworkName": { + "type": "string" + }, + "virtualNetworkPeerName": { + "type": "string" + } + }, + "resources": [ + { + "type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings", + "apiVersion": "2021-02-01", + "name": "[format('{0}/{1}', parameters('virtualNetworkName'), parameters('virtualNetworkPeerName'))]", + "properties": { + "allowForwardedTraffic": true, + "remoteVirtualNetwork": { + "id": "[parameters('remoteVirtualNetworkResourceId')]" + } + } + } + ] + } + } + } + ] + } + }, + "dependsOn": [ + "[subscriptionResourceId('Microsoft.Resources/deployments', 'spokeNetwork')]" + ] + } + ], + "outputs": { + "networkSecurityGroupName": { + "type": "string", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', 'spokeNetwork'), '2022-09-01').outputs.networkSecurityGroupName.value]" + }, + "subnetResourceId": { + "type": "string", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', 'spokeNetwork'), '2022-09-01').outputs.subnetResourceId.value]" + }, + "virtualNetworkName": { + "type": "string", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', 'spokeNetwork'), '2022-09-01').outputs.virtualNetworkName.value]" + } + } + } + }, + "dependsOn": [ + "[subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]" + ] + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-cmk-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))]", + "location": "[deployment().location]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "deploymentNameSuffix": { + "value": "[parameters('deploymentNameSuffix')]" + }, + "keyVaultPrivateDnsZoneResourceId": { + "value": "[resourceId(variables('hubSubscriptionId'), variables('hubResourceGroupName'), 'Microsoft.Network/privateDnsZones', replace(format('privatelink{0}', environment().suffixes.keyvaultDns), 'vault', 'vaultcore'))]" + }, + "location": { + "value": "[parameters('location')]" + }, + "mlzTags": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.mlzTags.value]" + }, + "resourceGroupName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" + }, + "subnetResourceId": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.subnetResourceId.value]" + }, + "tags": { + "value": "[parameters('tags')]" + }, + "tier": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value[0]]" + }, + "tokens": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "7828233421610885078" + } + }, + "parameters": { + "deploymentNameSuffix": { + "type": "string" + }, + "keyVaultPrivateDnsZoneResourceId": { + "type": "string" + }, + "location": { + "type": "string" + }, + "mlzTags": { + "type": "object" + }, + "resourceGroupName": { + "type": "string" + }, + "subnetResourceId": { + "type": "string" + }, + "tags": { + "type": "object" + }, + "tier": { + "type": "object" + }, + "tokens": { + "type": "object" + } + }, + "resources": [ + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))]", + "subscriptionId": "[parameters('tier').subscriptionId]", + "resourceGroup": "[parameters('resourceGroupName')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "keyVaultName": { + "value": "[take(replace(parameters('tier').namingConvention.keyVault, parameters('tokens').service, ''), 24)]" + }, + "keyVaultNetworkInterfaceName": { + "value": "[replace(parameters('tier').namingConvention.keyVaultNetworkInterface, parameters('tokens').service, '')]" + }, + "keyVaultPrivateDnsZoneResourceId": { + "value": "[parameters('keyVaultPrivateDnsZoneResourceId')]" + }, + "keyVaultPrivateEndpointName": { + "value": "[replace(parameters('tier').namingConvention.keyVaultPrivateEndpoint, parameters('tokens').service, '')]" + }, + "location": { + "value": "[parameters('location')]" + }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, + "subnetResourceId": { + "value": "[parameters('subnetResourceId')]" + }, + "tags": { + "value": "[parameters('tags')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "12300580845424356573" + } + }, + "parameters": { + "diskEncryptionKeyExpirationInDays": { + "type": "int", + "defaultValue": 30 + }, + "keyVaultName": { + "type": "string" + }, + "keyVaultNetworkInterfaceName": { + "type": "string" + }, + "keyVaultPrivateDnsZoneResourceId": { + "type": "string" + }, + "keyVaultPrivateEndpointName": { + "type": "string" + }, + "location": { + "type": "string" + }, + "mlzTags": { + "type": "object" + }, + "subnetResourceId": { + "type": "string" + }, + "tags": { + "type": "object" + } + }, + "resources": [ + { + "type": "Microsoft.KeyVault/vaults", + "apiVersion": "2022-07-01", + "name": "[parameters('keyVaultName')]", + "location": "[parameters('location')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.KeyVault/vaults'), parameters('tags')['Microsoft.KeyVault/vaults'], createObject()), parameters('mlzTags'))]", + "properties": { + "enabledForDeployment": false, + "enabledForDiskEncryption": true, + "enabledForTemplateDeployment": false, + "enablePurgeProtection": true, + "enableRbacAuthorization": true, + "enableSoftDelete": true, + "networkAcls": { + "bypass": "AzureServices", + "defaultAction": "Deny", + "ipRules": [], + "virtualNetworkRules": [] + }, + "publicNetworkAccess": "Disabled", + "sku": { + "family": "A", + "name": "standard" + }, + "softDeleteRetentionInDays": 7, + "tenantId": "[subscription().tenantId]" + } + }, + { + "type": "Microsoft.Network/privateEndpoints", + "apiVersion": "2023-04-01", + "name": "[parameters('keyVaultPrivateEndpointName')]", + "location": "[parameters('location')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Network/privateEndpoints'), parameters('tags')['Microsoft.Network/privateEndpoints'], createObject()), parameters('mlzTags'))]", + "properties": { + "customNetworkInterfaceName": "[parameters('keyVaultNetworkInterfaceName')]", + "privateLinkServiceConnections": [ + { + "name": "[parameters('keyVaultPrivateEndpointName')]", + "properties": { + "privateLinkServiceId": "[resourceId('Microsoft.KeyVault/vaults', parameters('keyVaultName'))]", + "groupIds": [ + "vault" + ] + } + } + ], + "subnet": { + "id": "[parameters('subnetResourceId')]" + } + }, + "dependsOn": [ + "[resourceId('Microsoft.KeyVault/vaults', parameters('keyVaultName'))]" + ] + }, + { + "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups", + "apiVersion": "2021-08-01", + "name": "[format('{0}/{1}', parameters('keyVaultPrivateEndpointName'), parameters('keyVaultName'))]", + "properties": { + "privateDnsZoneConfigs": [ + { + "name": "ipconfig1", + "properties": { + "privateDnsZoneId": "[parameters('keyVaultPrivateDnsZoneResourceId')]" + } + } + ] + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/privateEndpoints', parameters('keyVaultPrivateEndpointName'))]" + ] + }, + { + "type": "Microsoft.KeyVault/vaults/keys", + "apiVersion": "2022-07-01", + "name": "[format('{0}/{1}', parameters('keyVaultName'), 'DiskEncryptionKey')]", + "properties": { + "attributes": { + "enabled": true + }, + "keySize": 4096, + "kty": "RSA", + "rotationPolicy": { + "attributes": { + "expiryTime": "[format('P{0}D', string(parameters('diskEncryptionKeyExpirationInDays')))]" + }, + "lifetimeActions": [ + { + "action": { + "type": "Notify" + }, + "trigger": { + "timeBeforeExpiry": "P10D" + } + }, + { + "action": { + "type": "Rotate" + }, + "trigger": { + "timeAfterCreate": "[format('P{0}D', string(sub(parameters('diskEncryptionKeyExpirationInDays'), 7)))]" + } + } + ] + } + }, + "dependsOn": [ + "[resourceId('Microsoft.KeyVault/vaults', parameters('keyVaultName'))]" + ] + }, + { + "type": "Microsoft.KeyVault/vaults/keys", + "apiVersion": "2022-07-01", + "name": "[format('{0}/{1}', parameters('keyVaultName'), 'StorageEncryptionKey')]", + "properties": { + "attributes": { + "enabled": true + }, + "keySize": 4096, + "kty": "RSA", + "rotationPolicy": { + "attributes": { + "expiryTime": "[format('P{0}D', string(parameters('diskEncryptionKeyExpirationInDays')))]" + }, + "lifetimeActions": [ + { + "action": { + "type": "Notify" + }, + "trigger": { + "timeBeforeExpiry": "P10D" + } + }, + { + "action": { + "type": "Rotate" + }, + "trigger": { + "timeAfterCreate": "[format('P{0}D', string(sub(parameters('diskEncryptionKeyExpirationInDays'), 7)))]" + } + } + ] + } + }, + "dependsOn": [ + "[resourceId('Microsoft.KeyVault/vaults', parameters('keyVaultName'))]" + ] + } + ], + "outputs": { + "keyUriWithVersion": { + "type": "string", + "value": "[reference(resourceId('Microsoft.KeyVault/vaults/keys', parameters('keyVaultName'), 'DiskEncryptionKey'), '2022-07-01').keyUriWithVersion]" + }, + "keyVaultResourceId": { + "type": "string", + "value": "[resourceId('Microsoft.KeyVault/vaults', parameters('keyVaultName'))]" + }, + "keyVaultName": { + "type": "string", + "value": "[parameters('keyVaultName')]" + }, + "keyVaultUri": { + "type": "string", + "value": "[reference(resourceId('Microsoft.KeyVault/vaults', parameters('keyVaultName')), '2022-07-01').vaultUri]" + }, + "storageKeyName": { + "type": "string", + "value": "StorageEncryptionKey" + } + } + } + } + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-disk-encryption-set-{0}', parameters('deploymentNameSuffix'))]", + "subscriptionId": "[parameters('tier').subscriptionId]", + "resourceGroup": "[parameters('resourceGroupName')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "deploymentNameSuffix": { + "value": "[parameters('deploymentNameSuffix')]" + }, + "diskEncryptionSetName": { + "value": "[parameters('tier').namingConvention.diskEncryptionSet]" + }, + "keyUrl": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyUriWithVersion.value]" + }, + "keyVaultResourceId": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultResourceId.value]" + }, + "location": { + "value": "[parameters('location')]" + }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, + "tags": "[if(contains(parameters('tags'), 'Microsoft.Compute/diskEncryptionSets'), createObject('value', parameters('tags')['Microsoft.Compute/diskEncryptionSets']), createObject('value', createObject()))]" + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "15986878026863280024" + } + }, + "parameters": { + "deploymentNameSuffix": { + "type": "string" + }, + "diskEncryptionSetName": { + "type": "string" + }, + "keyUrl": { + "type": "string" + }, + "keyVaultResourceId": { + "type": "string" + }, + "location": { + "type": "string" + }, + "mlzTags": { + "type": "object" + }, + "tags": { + "type": "object" + } + }, + "resources": [ + { + "type": "Microsoft.Compute/diskEncryptionSets", + "apiVersion": "2023-04-02", + "name": "[parameters('diskEncryptionSetName')]", + "location": "[parameters('location')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Compute/diskEncryptionSets'), parameters('tags')['Microsoft.Compute/diskEncryptionSets'], createObject()), parameters('mlzTags'))]", + "identity": { + "type": "SystemAssigned" + }, + "properties": { + "activeKey": { + "sourceVault": { + "id": "[parameters('keyVaultResourceId')]" + }, + "keyUrl": "[parameters('keyUrl')]" + }, + "encryptionType": "EncryptionAtRestWithPlatformAndCustomerKeys", + "rotationToLatestKeyVersionEnabled": true + } + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('assign-role-disk-encryption-set-ops-{0}', parameters('deploymentNameSuffix'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "principalId": { + "value": "[reference(resourceId('Microsoft.Compute/diskEncryptionSets', parameters('diskEncryptionSetName')), '2023-04-02', 'full').identity.principalId]" + }, + "principalType": { + "value": "ServicePrincipal" + }, + "roleDefinitionId": { + "value": "[resourceId('Microsoft.Authorization/roleDefinitions', 'e147488a-f6f5-4113-8e2d-b22465e65bf6')]" + }, + "targetResourceId": { + "value": "[resourceGroup().id]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "6383470207031311407" + } + }, + "parameters": { + "targetResourceId": { + "type": "string" + }, + "roleDefinitionId": { + "type": "string" + }, + "principalId": { + "type": "string" + }, + "principalType": { + "type": "string", + "defaultValue": "ServicePrincipal", + "allowedValues": [ + "ForeignGroup", + "Group", + "ServicePrincipal", + "User" + ] + }, + "description": { + "type": "string", + "defaultValue": "" + } + }, + "resources": [ + { + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2020-04-01-preview", + "name": "[guid(parameters('targetResourceId'), parameters('roleDefinitionId'), parameters('principalId'))]", + "properties": { + "principalId": "[parameters('principalId')]", + "principalType": "[parameters('principalType')]", + "roleDefinitionId": "[parameters('roleDefinitionId')]", + "description": "[parameters('description')]" + } + } + ] + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Compute/diskEncryptionSets', parameters('diskEncryptionSetName'))]" + ] + } + ], + "outputs": { + "resourceId": { + "type": "string", + "value": "[resourceId('Microsoft.Compute/diskEncryptionSets', parameters('diskEncryptionSetName'))]" + } + } + } + }, + "dependsOn": [ + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix')))]" + ] + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-user-assigned-identity-{0}', parameters('deploymentNameSuffix'))]", + "subscriptionId": "[parameters('tier').subscriptionId]", + "resourceGroup": "[parameters('resourceGroupName')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "keyVaultName": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultName.value]" + }, + "location": { + "value": "[parameters('location')]" + }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, + "tags": { + "value": "[parameters('tags')]" + }, + "userAssignedIdentityName": { + "value": "[replace(parameters('tier').namingConvention.userAssignedIdentity, format('-{0}', parameters('tokens').service), '')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "6007785905664733866" + } + }, + "parameters": { + "keyVaultName": { + "type": "string" + }, + "location": { + "type": "string" + }, + "mlzTags": { + "type": "object" + }, + "tags": { + "type": "object" + }, + "userAssignedIdentityName": { + "type": "string" + } + }, + "resources": [ + { + "type": "Microsoft.ManagedIdentity/userAssignedIdentities", + "apiVersion": "2018-11-30", + "name": "[parameters('userAssignedIdentityName')]", + "location": "[parameters('location')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.ManagedIdentity/userAssignedIdentities'), parameters('tags')['Microsoft.ManagedIdentity/userAssignedIdentities'], createObject()), parameters('mlzTags'))]" + }, + { + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2020-04-01-preview", + "scope": "[format('Microsoft.KeyVault/vaults/{0}', parameters('keyVaultName'))]", + "name": "[guid(parameters('userAssignedIdentityName'), 'e147488a-f6f5-4113-8e2d-b22465e65bf6', parameters('keyVaultName'))]", + "properties": { + "principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('userAssignedIdentityName')), '2018-11-30').principalId]", + "principalType": "ServicePrincipal", + "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', 'e147488a-f6f5-4113-8e2d-b22465e65bf6')]" + }, + "dependsOn": [ + "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('userAssignedIdentityName'))]" + ] + } + ], + "outputs": { + "resourceId": { + "type": "string", + "value": "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('userAssignedIdentityName'))]" + } + } + } + }, + "dependsOn": [ + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix')))]" + ] + } + ], + "outputs": { + "diskEncryptionSetResourceId": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-disk-encryption-set-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.resourceId.value]" + }, + "keyVaultName": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultName.value]" + }, + "keyVaultUri": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultUri.value]" + }, + "keyVaultResourceId": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultResourceId.value]" + }, + "storageKeyName": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.storageKeyName.value]" + }, + "userAssignedIdentityResourceId": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-user-assigned-identity-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.resourceId.value]" + } + } + } + }, + "dependsOn": [ + "[subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]" + ] + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-storage-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))]", + "location": "[deployment().location]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "blobsPrivateDnsZoneResourceId": { + "value": "[resourceId(variables('hubSubscriptionId'), variables('hubResourceGroupName'), 'Microsoft.Network/privateDnsZones', format('privatelink.blob.{0}', environment().suffixes.storage))]" + }, + "keyVaultUri": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultUri.value]" + }, + "location": { + "value": "[parameters('location')]" + }, + "logStorageSkuName": { + "value": "[parameters('logStorageSkuName')]" + }, + "mlzTags": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.mlzTags.value]" + }, + "network": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value[0]]" + }, + "resourceGroupName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" + }, + "serviceToken": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value.service]" + }, + "storageEncryptionKeyName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.storageKeyName.value]" + }, + "subnetResourceId": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.subnetResourceId.value]" + }, + "tablesPrivateDnsZoneResourceId": { + "value": "[resourceId(variables('hubSubscriptionId'), variables('hubResourceGroupName'), 'Microsoft.Network/privateDnsZones', format('privatelink.table.{0}', environment().suffixes.storage))]" + }, + "tags": { + "value": "[parameters('tags')]" + }, + "userAssignedIdentityResourceId": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.userAssignedIdentityResourceId.value]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "15276628086161283630" + } + }, + "parameters": { + "blobsPrivateDnsZoneResourceId": { + "type": "string" + }, + "keyVaultUri": { + "type": "string" + }, + "logStorageSkuName": { + "type": "string" + }, + "location": { + "type": "string" + }, + "mlzTags": { + "type": "object" + }, + "network": { + "type": "object" + }, + "resourceGroupName": { + "type": "string" + }, + "serviceToken": { + "type": "string" + }, + "storageEncryptionKeyName": { + "type": "string" + }, + "subnetResourceId": { + "type": "string" + }, + "tablesPrivateDnsZoneResourceId": { + "type": "string" + }, + "tags": { + "type": "object" + }, + "userAssignedIdentityResourceId": { + "type": "string" + } + }, + "resources": [ + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "storage", + "subscriptionId": "[parameters('network').subscriptionId]", + "resourceGroup": "[parameters('resourceGroupName')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "blobsPrivateDnsZoneResourceId": { + "value": "[parameters('blobsPrivateDnsZoneResourceId')]" + }, + "keyVaultUri": { + "value": "[parameters('keyVaultUri')]" + }, + "location": { + "value": "[parameters('location')]" + }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, + "serviceToken": { + "value": "[parameters('serviceToken')]" + }, + "skuName": { + "value": "[parameters('logStorageSkuName')]" + }, + "storageAccountName": { + "value": "[parameters('network').namingConvention.storageAccount]" + }, + "storageAccountNetworkInterfaceNamePrefix": { + "value": "[parameters('network').namingConvention.storageAccountNetworkInterface]" + }, + "storageAccountPrivateEndpointNamePrefix": { + "value": "[parameters('network').namingConvention.storageAccountPrivateEndpoint]" + }, + "storageEncryptionKeyName": { + "value": "[parameters('storageEncryptionKeyName')]" + }, + "subnetResourceId": { + "value": "[parameters('subnetResourceId')]" + }, + "tablesPrivateDnsZoneResourceId": { + "value": "[parameters('tablesPrivateDnsZoneResourceId')]" + }, + "tags": { + "value": "[parameters('tags')]" + }, + "userAssignedIdentityResourceId": { + "value": "[parameters('userAssignedIdentityResourceId')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "6116693144339389145" + } + }, + "parameters": { + "blobsPrivateDnsZoneResourceId": { + "type": "string" + }, + "keyVaultUri": { + "type": "string" + }, + "location": { + "type": "string" + }, + "mlzTags": { + "type": "object" + }, + "serviceToken": { + "type": "string" + }, + "skuName": { + "type": "string" + }, + "storageAccountName": { + "type": "string" + }, + "storageAccountNetworkInterfaceNamePrefix": { + "type": "string" + }, + "storageAccountPrivateEndpointNamePrefix": { + "type": "string" + }, + "storageEncryptionKeyName": { + "type": "string" + }, + "subnetResourceId": { + "type": "string" + }, + "tablesPrivateDnsZoneResourceId": { + "type": "string" + }, + "tags": { + "type": "object" + }, + "userAssignedIdentityResourceId": { + "type": "string" + } + }, + "variables": { + "zones": [ + "[parameters('blobsPrivateDnsZoneResourceId')]", + "[parameters('tablesPrivateDnsZoneResourceId')]" + ] + }, + "resources": [ + { + "type": "Microsoft.Storage/storageAccounts", + "apiVersion": "2023-01-01", + "name": "[parameters('storageAccountName')]", + "location": "[parameters('location')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Storage/storageAccounts'), parameters('tags')['Microsoft.Storage/storageAccounts'], createObject()), parameters('mlzTags'))]", + "identity": { + "type": "UserAssigned", + "userAssignedIdentities": { + "[format('{0}', parameters('userAssignedIdentityResourceId'))]": {} + } + }, + "kind": "StorageV2", + "sku": { + "name": "[parameters('skuName')]" + }, + "properties": { + "accessTier": "Hot", + "allowBlobPublicAccess": false, + "allowCrossTenantReplication": false, + "allowedCopyScope": "PrivateLink", + "allowSharedKeyAccess": true, + "defaultToOAuthAuthentication": false, + "dnsEndpointType": "Standard", + "encryption": { + "identity": { + "userAssignedIdentity": "[parameters('userAssignedIdentityResourceId')]" + }, + "keySource": "Microsoft.KeyVault", + "keyvaultproperties": { + "keyvaulturi": "[parameters('keyVaultUri')]", + "keyname": "[parameters('storageEncryptionKeyName')]" + }, + "requireInfrastructureEncryption": true, + "services": { + "blob": { + "keyType": "Account", + "enabled": true + }, + "file": { + "keyType": "Account", + "enabled": true + }, + "queue": { + "keyType": "Account", + "enabled": true + }, + "table": { + "keyType": "Account", + "enabled": true + } + } + }, + "minimumTlsVersion": "TLS1_2", + "networkAcls": { + "bypass": "AzureServices", + "virtualNetworkRules": [], + "ipRules": [], + "defaultAction": "Deny" + }, + "publicNetworkAccess": "Disabled", + "supportsHttpsTrafficOnly": true + } + }, + { + "copy": { + "name": "privateEndpoints", + "count": "[length(variables('zones'))]" + }, + "type": "Microsoft.Network/privateEndpoints", + "apiVersion": "2023-04-01", + "name": "[replace(parameters('storageAccountPrivateEndpointNamePrefix'), parameters('serviceToken'), split(split(variables('zones')[copyIndex()], '/')[8], '.')[1])]", + "location": "[parameters('location')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Network/privateEndpoints'), parameters('tags')['Microsoft.Network/privateEndpoints'], createObject()), parameters('mlzTags'))]", + "properties": { + "customNetworkInterfaceName": "[replace(parameters('storageAccountNetworkInterfaceNamePrefix'), parameters('serviceToken'), split(split(variables('zones')[copyIndex()], '/')[8], '.')[1])]", + "privateLinkServiceConnections": [ + { + "name": "[replace(parameters('storageAccountPrivateEndpointNamePrefix'), parameters('serviceToken'), split(split(variables('zones')[copyIndex()], '/')[8], '.')[1])]", + "properties": { + "privateLinkServiceId": "[resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName'))]", + "groupIds": [ + "[split(split(variables('zones')[copyIndex()], '/')[8], '.')[1]]" + ] + } + } + ], + "subnet": { + "id": "[parameters('subnetResourceId')]" + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName'))]" + ] + }, + { + "copy": { + "name": "privateDnsZoneGroups", + "count": "[length(variables('zones'))]" + }, + "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups", + "apiVersion": "2021-08-01", + "name": "[format('{0}/{1}', replace(parameters('storageAccountPrivateEndpointNamePrefix'), parameters('serviceToken'), split(split(variables('zones')[copyIndex()], '/')[8], '.')[1]), parameters('storageAccountName'))]", + "properties": { + "privateDnsZoneConfigs": [ + { + "name": "ipconfig1", + "properties": { + "privateDnsZoneId": "[variables('zones')[copyIndex()]]" + } + } + ] + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/privateEndpoints', replace(parameters('storageAccountPrivateEndpointNamePrefix'), parameters('serviceToken'), split(split(variables('zones')[copyIndex()], '/')[8], '.')[1]))]" + ] + } + ], + "outputs": { + "id": { + "type": "string", + "value": "[resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName'))]" + } + } + } + } + } + ], + "outputs": { + "storageAccountResourceId": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('network').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'storage'), '2022-09-01').outputs.id.value]" + } + } + } + }, + "dependsOn": [ + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]" + ] + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-diagnostics-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))]", + "location": "[deployment().location]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "deployActivityLogDiagnosticSetting": { + "value": "[parameters('deployActivityLogDiagnosticSetting')]" + }, + "deploymentNameSuffix": { + "value": "[parameters('deploymentNameSuffix')]" + }, + "keyVaultDiagnosticLogs": { + "value": "[parameters('keyVaultDiagnosticsLogs')]" + }, + "keyVaultName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultName.value]" + }, + "logAnalyticsWorkspaceResourceId": { + "value": "[parameters('logAnalyticsWorkspaceResourceId')]" + }, + "networkSecurityGroupDiagnosticsLogs": { + "value": "[parameters('networkSecurityGroupDiagnosticsLogs')]" + }, + "networkSecurityGroupDiagnosticsMetrics": { + "value": "[parameters('networkSecurityGroupDiagnosticsMetrics')]" + }, + "networkSecurityGroupName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.networkSecurityGroupName.value]" + }, + "resourceGroupName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" + }, + "storageAccountResourceId": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-storage-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.storageAccountResourceId.value]" + }, + "tier": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value[0]]" + }, + "virtualNetworkDiagnosticsLogs": { + "value": "[parameters('virtualNetworkDiagnosticsLogs')]" + }, + "virtualNetworkDiagnosticsMetrics": { + "value": "[parameters('virtualNetworkDiagnosticsMetrics')]" + }, + "virtualNetworkName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.virtualNetworkName.value]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "738419494311113164" + } + }, + "parameters": { + "deployActivityLogDiagnosticSetting": { + "type": "bool" + }, + "deploymentNameSuffix": { + "type": "string" + }, + "keyVaultDiagnosticLogs": { + "type": "array" + }, + "keyVaultName": { + "type": "string" + }, + "logAnalyticsWorkspaceResourceId": { + "type": "string" + }, + "networkSecurityGroupDiagnosticsLogs": { + "type": "array" + }, + "networkSecurityGroupDiagnosticsMetrics": { + "type": "array" + }, + "networkSecurityGroupName": { + "type": "string" + }, + "resourceGroupName": { + "type": "string" + }, + "storageAccountResourceId": { + "type": "string" + }, + "tier": { + "type": "object" + }, + "virtualNetworkDiagnosticsLogs": { + "type": "array" + }, + "virtualNetworkDiagnosticsMetrics": { + "type": "array" + }, + "virtualNetworkName": { + "type": "string" + } + }, + "resources": [ + { + "condition": "[parameters('deployActivityLogDiagnosticSetting')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-activity-diags-{0}-{1}', parameters('tier').name, parameters('deploymentNameSuffix'))]", + "subscriptionId": "[parameters('tier').subscriptionId]", + "location": "[deployment().location]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "logAnalyticsWorkspaceId": { + "value": "[parameters('logAnalyticsWorkspaceResourceId')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "11148640012050316356" + } + }, + "parameters": { + "logAnalyticsWorkspaceId": { + "type": "string" + } + }, + "resources": [ + { + "type": "Microsoft.Insights/diagnosticSettings", + "apiVersion": "2017-05-01-preview", + "name": "[format('diag-activity-log-{0}', subscription().subscriptionId)]", + "properties": { + "workspaceId": "[parameters('logAnalyticsWorkspaceId')]", + "logs": [ + { + "category": "Administrative", + "enabled": true + }, + { + "category": "Security", + "enabled": true + }, + { + "category": "ServiceHealth", + "enabled": true + }, + { + "category": "Alert", + "enabled": true + }, + { + "category": "Recommendation", + "enabled": true + }, + { + "category": "Policy", + "enabled": true + }, + { + "category": "Autoscale", + "enabled": true + }, + { + "category": "ResourceHealth", + "enabled": true + } + ] + } + } + ] + } + } + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-kv-diags-{0}', parameters('deploymentNameSuffix'))]", + "subscriptionId": "[parameters('tier').subscriptionId]", + "resourceGroup": "[parameters('resourceGroupName')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "keyVaultDiagnosticSettingName": { + "value": "[parameters('tier').namingConvention.keyVaultDiagnosticSetting]" + }, + "keyVaultName": { + "value": "[parameters('keyVaultName')]" + }, + "keyVaultStorageAccountId": { + "value": "[parameters('storageAccountResourceId')]" + }, + "logAnalyticsWorkspaceResourceId": { + "value": "[parameters('logAnalyticsWorkspaceResourceId')]" + }, + "logs": { + "value": "[parameters('keyVaultDiagnosticLogs')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "11931053519285250235" + } + }, + "parameters": { + "keyVaultDiagnosticSettingName": { + "type": "string" + }, + "keyVaultName": { + "type": "string" + }, + "keyVaultStorageAccountId": { + "type": "string" + }, + "logAnalyticsWorkspaceResourceId": { + "type": "string" + }, + "logs": { + "type": "array" + } + }, + "resources": [ + { + "type": "Microsoft.Insights/diagnosticSettings", + "apiVersion": "2017-05-01-preview", + "scope": "[format('Microsoft.KeyVault/vaults/{0}', parameters('keyVaultName'))]", + "name": "[parameters('keyVaultDiagnosticSettingName')]", + "properties": { + "storageAccountId": "[parameters('keyVaultStorageAccountId')]", + "workspaceId": "[parameters('logAnalyticsWorkspaceResourceId')]", + "logs": "[parameters('logs')]" + } + } + ] + } + } + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-nsg-diags-{0}-{1}', parameters('tier').name, parameters('deploymentNameSuffix'))]", + "subscriptionId": "[parameters('tier').subscriptionId]", + "resourceGroup": "[parameters('resourceGroupName')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "logAnalyticsWorkspaceResourceId": { + "value": "[parameters('logAnalyticsWorkspaceResourceId')]" + }, + "logs": { + "value": "[parameters('networkSecurityGroupDiagnosticsLogs')]" + }, + "logStorageAccountResourceId": { + "value": "[parameters('storageAccountResourceId')]" + }, + "metrics": { + "value": "[parameters('networkSecurityGroupDiagnosticsMetrics')]" + }, + "networkSecurityGroupDiagnosticSettingName": { + "value": "[parameters('tier').namingConvention.networkSecurityGroupDiagnosticSetting]" + }, + "networkSecurityGroupName": { + "value": "[parameters('networkSecurityGroupName')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "12049539018034280966" + } + }, + "parameters": { + "logAnalyticsWorkspaceResourceId": { + "type": "string" + }, + "logs": { + "type": "array" + }, + "logStorageAccountResourceId": { + "type": "string" + }, + "metrics": { + "type": "array" + }, + "networkSecurityGroupDiagnosticSettingName": { + "type": "string" + }, + "networkSecurityGroupName": { + "type": "string" + } + }, + "resources": [ + { + "type": "Microsoft.Insights/diagnosticSettings", + "apiVersion": "2017-05-01-preview", + "scope": "[format('Microsoft.Network/networkSecurityGroups/{0}', parameters('networkSecurityGroupName'))]", + "name": "[parameters('networkSecurityGroupDiagnosticSettingName')]", + "properties": { + "storageAccountId": "[parameters('logStorageAccountResourceId')]", + "workspaceId": "[parameters('logAnalyticsWorkspaceResourceId')]", + "logs": "[parameters('logs')]", + "metrics": "[parameters('metrics')]" + } + } + ] + } + } + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-vnet-diags-{0}-{1}', parameters('tier').name, parameters('deploymentNameSuffix'))]", + "subscriptionId": "[parameters('tier').subscriptionId]", + "resourceGroup": "[parameters('resourceGroupName')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "logAnalyticsWorkspaceResourceId": { + "value": "[parameters('logAnalyticsWorkspaceResourceId')]" + }, + "logs": { + "value": "[parameters('virtualNetworkDiagnosticsLogs')]" + }, + "logStorageAccountResourceId": { + "value": "[parameters('storageAccountResourceId')]" + }, + "metrics": { + "value": "[parameters('virtualNetworkDiagnosticsMetrics')]" + }, + "virtualNetworkDiagnosticSettingName": { + "value": "[parameters('tier').namingConvention.virtualNetworkDiagnosticSetting]" + }, + "virtualNetworkName": { + "value": "[parameters('virtualNetworkName')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "13356625654141484072" + } + }, + "parameters": { + "logAnalyticsWorkspaceResourceId": { + "type": "string" + }, + "logs": { + "type": "array" + }, + "logStorageAccountResourceId": { + "type": "string" + }, + "metrics": { + "type": "array" + }, + "virtualNetworkDiagnosticSettingName": { + "type": "string" + }, + "virtualNetworkName": { + "type": "string" + } + }, + "resources": [ + { + "type": "Microsoft.Insights/diagnosticSettings", + "apiVersion": "2017-05-01-preview", + "scope": "[format('Microsoft.Network/virtualNetworks/{0}', parameters('virtualNetworkName'))]", + "name": "[parameters('virtualNetworkDiagnosticSettingName')]", + "properties": { + "storageAccountId": "[parameters('logStorageAccountResourceId')]", + "workspaceId": "[parameters('logAnalyticsWorkspaceResourceId')]", + "logs": "[parameters('logs')]", + "metrics": "[parameters('metrics')]" + } + } + ] + } + } + } + ] + } + }, + "dependsOn": [ + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-storage-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]" + ] + }, + { + "condition": "[parameters('deployPolicy')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('assign-policy-{0}-{1}', toLower(parameters('workloadName')), parameters('deploymentNameSuffix'))]", + "location": "[deployment().location]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "deploymentNameSuffix": { + "value": "[parameters('deploymentNameSuffix')]" + }, + "location": { + "value": "[parameters('location')]" + }, + "logAnalyticsWorkspaceResourceId": { + "value": "[parameters('logAnalyticsWorkspaceResourceId')]" + }, + "tiers": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value]" + }, + "policy": { + "value": "[parameters('policy')]" + }, + "resourceGroupNames": { + "value": [ + "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" + ] + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "379956182717650153" + } + }, + "parameters": { + "deploymentNameSuffix": { + "type": "string" + }, + "location": { + "type": "string" + }, + "logAnalyticsWorkspaceResourceId": { + "type": "string" + }, + "policy": { + "type": "string" + }, + "resourceGroupNames": { + "type": "array" + }, + "tiers": { + "type": "array" + } + }, + "resources": [ + { + "copy": { + "name": "policyAssignment", + "count": "[length(parameters('tiers'))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('assign-policy-{0}-{1}', parameters('tiers')[copyIndex()].name, parameters('deploymentNameSuffix'))]", + "subscriptionId": "[parameters('tiers')[copyIndex()].subscriptionId]", + "resourceGroup": "[parameters('resourceGroupNames')[copyIndex()]]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "builtInAssignment": { + "value": "[parameters('policy')]" + }, + "logAnalyticsWorkspaceResourceId": { + "value": "[parameters('logAnalyticsWorkspaceResourceId')]" + }, + "location": { + "value": "[parameters('location')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "9464536540108620518" + } + }, + "parameters": { + "builtInAssignment": { + "type": "string", + "defaultValue": "NISTRev4", + "allowedValues": [ + "NISTRev4", + "NISTRev5", + "IL5", + "CMMC" + ], + "metadata": { + "description": "[NISTRev4/NISTRev5/IL5/CMMC] Built-in policy assignments to assign, default is NISTRev4. IL5 is only available for AzureUsGovernment and will switch to NISTRev4 if tried in AzureCloud." + } + }, + "logAnalyticsWorkspaceResourceId": { + "type": "string" + }, + "deployRemediation": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Starts a policy remediation for the VM Agent policies in hub RG. Set to false by default since this is time consuming in deployment." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "The location of this resource" + } + } + }, + "variables": { + "$fxv#0": " {\r\n \"listOfMembersToExcludeFromWindowsVMAdministratorsGroup\": \r\n {\r\n \"value\": \"admin\"\r\n },\r\n \"listOfMembersToIncludeInWindowsVMAdministratorsGroup\": \r\n {\r\n \"value\": \"azureuser\"\r\n },\r\n \"logAnalyticsWorkspaceIdforVMReporting\": \r\n {\r\n \"value\": \"\"\r\n },\r\n \"IncludeArcMachines\": \r\n {\r\n \"value\": \"true\"\r\n },\r\n \"MinimumTLSVersion-5752e6d6-1206-46d8-8ab1-ecc2f71a8112\": \r\n {\r\n \"value\": \"1.2\"\r\n },\r\n \"NotAvailableMachineState-bed48b13-6647-468e-aa2f-1af1d3f4dd40\": \r\n {\r\n \"value\": \"Compliant\"\r\n },\r\n \"requiredRetentionDays\": \r\n {\r\n \"value\": \"365\"\r\n },\r\n \"resourceGroupName-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6\": \r\n {\r\n \"value\": \"NetworkWatcherRG\"\r\n }\r\n }", + "$fxv#1": " {\r\n \"IncludeArcMachines\": \r\n {\r\n \"value\": \"true\"\r\n },\r\n \"MinimumTLSVersion-5752e6d6-1206-46d8-8ab1-ecc2f71a8112\": \r\n {\r\n \"value\": \"1.2\"\r\n },\r\n \"NotAvailableMachineState-bed48b13-6647-468e-aa2f-1af1d3f4dd40\": \r\n {\r\n \"value\": \"Compliant\"\r\n },\r\n \"requiredRetentionDays\": \r\n {\r\n \"value\": \"365\"\r\n },\r\n \"resourceGroupName-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6\": \r\n {\r\n \"value\": \"NetworkWatcherRG\"\r\n }\r\n }", + "$fxv#2": "{\r\n \"IncludeArcMachines\" : { \r\n \"value\" : \"false\"\r\n },\r\n \"NotAvailableMachineState-bed48b13-6647-468e-aa2f-1af1d3f4dd40\" : { \r\n \"value\" : \"Compliant\"\r\n },\r\n \"MinimumTLSVersionForWindowsServers\" : { \r\n \"value\" : \"1.2\"\r\n },\r\n \"requiredRetentionDays\" : { \r\n \"value\" : \"365\"\r\n },\r\n \"effect-febd0533-8e55-448f-b837-bd0e06f16469\" : { \r\n \"value\" : \"audit\"\r\n },\r\n \"allowedContainerImagesRegex-febd0533-8e55-448f-b837-bd0e06f16469\" : { \r\n \"value\" : \"^(.+){0}$\"\r\n },\r\n \"effect-95edb821-ddaf-4404-9732-666045e056b4\" : { \r\n \"value\" : \"audit\"\r\n },\r\n \"effect-440b515e-a580-421e-abeb-b159a61ddcbc\" : { \r\n \"value\" : \"audit\"\r\n },\r\n \"effect-233a2a17-77ca-4fb1-9b6b-69223d272a44\" : { \r\n \"value\" : \"audit\"\r\n },\r\n \"effect-e345eecc-fa47-480f-9e88-67dcc122b164\" : { \r\n \"value\" : \"audit\"\r\n },\r\n \"cpuLimit-e345eecc-fa47-480f-9e88-67dcc122b164\" : { \r\n \"value\" : \"0\"\r\n },\r\n \"memoryLimit-e345eecc-fa47-480f-9e88-67dcc122b164\" : { \r\n \"value\" : \"0\"\r\n },\r\n \"effect-f06ddb64-5fa3-4b77-b166-acb36f7f6042\" : { \r\n \"value\" : \"audit\"\r\n },\r\n \"runAsUserRule-f06ddb64-5fa3-4b77-b166-acb36f7f6042\" : { \r\n \"value\" : \"MustRunAsNonRoot\"\r\n },\r\n \"runAsGroupRule-f06ddb64-5fa3-4b77-b166-acb36f7f6042\" : { \r\n \"value\" : \"RunAsAny\"\r\n },\r\n \"supplementalGroupsRule-f06ddb64-5fa3-4b77-b166-acb36f7f6042\" : { \r\n \"value\" : \"RunAsAny\"\r\n },\r\n \"fsGroupRule-f06ddb64-5fa3-4b77-b166-acb36f7f6042\" : { \r\n \"value\" : \"RunAsAny\"\r\n },\r\n \"effect-1c6e92c9-99f0-4e55-9cf2-0c234dc48f99\" : { \r\n \"value\" : \"audit\"\r\n },\r\n \"effect-47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8\" : { \r\n \"value\" : \"audit\"\r\n },\r\n \"effect-df49d893-a74c-421d-bc95-c663042e5b80\" : { \r\n \"value\" : \"audit\"\r\n },\r\n \"effect-1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\" : { \r\n \"value\" : \"audit\"\r\n },\r\n \"effect-c26596ff-4d70-4e6a-9a30-c2506bd2f80c\" : { \r\n \"value\" : \"audit\"\r\n },\r\n \"effect-511f5417-5d12-434d-ab2e-816901e72a5e\" : { \r\n \"value\" : \"audit\"\r\n },\r\n \"effect-82985f06-dc18-4a48-bc1c-b9f4f0098cfe\" : { \r\n \"value\" : \"audit\"\r\n },\r\n \"effect-098fc59e-46c7-4d99-9b16-64990e543d75\" : { \r\n \"value\" : \"audit\"\r\n },\r\n \"NetworkWatcherResourceGroupName\" : { \r\n \"value\" : \"NetworkWatcherRG\"\r\n },\r\n \"setting-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\" : { \r\n \"value\" : \"enabled\"\r\n },\r\n \"aadAuthenticationInServiceFabricMonitoringEffect\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-71ef260a-8f18-47b7-abcb-62d0673d94dc\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-055aa869-bc98-4af8-bafc-23f1ab6ffe2c\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-d9da03a1-f3c3-412a-9709-947156872263\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-617c02be-7f02-4efd-8836-3180d47b6c68\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-ec068d99-e9c7-401f-8cef-5bdde4e6ccf1\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-c349d81b-9985-44ae-a8da-ff98d108ede8\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-3657f5a0-770e-44a3-b44e-9431ba1e9735\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-b4ac1030-89c5-4697-8e00-28b5ba6a8811\" : { \r\n \"value\" : \"audit\"\r\n },\r\n \"effect-ea0dfaed-95fb-448c-934e-d6e713ce393d\" : { \r\n \"value\" : \"audit\"\r\n },\r\n \"effect-4733ea7b-a883-42fe-8cac-97454c2a9e4a\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-f4b53539-8df9-40e4-86c6-6b607703bd4e\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-41425d9f-d1a5-499a-9932-f8ed8453932c\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-fc4d8e41-e223-45ea-9bf5-eada37891d87\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-86efb160-8de7-451d-bc08-5d475b0aadae\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-4ec52d6d-beb7-40c4-9a9e-fe753254690e\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-64d314f6-6062-4780-a861-c23e8951bee5\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-1fd32ebd-e4c3-4e13-a54a-d7422d4d95f6\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-fa298e57-9444-42ba-bf04-86e8470e32c7\" : { \r\n \"value\" : \"audit\"\r\n },\r\n \"effect-67121cc7-ff39-4ab8-b7e3-95b84dab487d\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-1f905d99-2ab7-462c-a6b0-f709acca6c8f\" : { \r\n \"value\" : \"audit\"\r\n },\r\n \"effect-5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-ba769a63-b8cc-4b2d-abf6-ac33c7204be8\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-81e74cea-30fd-40d5-802f-d72103c2aaaa\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-0aa61e00-0a01-4a3c-9945-e93cffedf0e6\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-47031206-ce96-41f8-861b-6a915f3de284\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-87ba29ef-1ab3-4d82-b763-87fcd4f531f7\" : { \r\n \"value\" : \"audit\"\r\n },\r\n \"effect-51522a96-0869-4791-82f3-981000c2c67f\" : { \r\n \"value\" : \"audit\"\r\n },\r\n \"effect-b5ec538c-daa0-4006-8596-35468b9148e8\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-56a5ee18-2ae6-4810-86f7-18e39ce5629b\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-2e94d99a-8a36-4563-bc77-810d8893b671\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-1fafeaf6-7927-4059-a50a-8eb2a7a6f2b5\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-99e9ccd8-3db9-4592-b0d1-14b1715a4d8a\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-1f68a601-6e6d-4e42-babf-3f643a047ea2\" : { \r\n \"value\" : \"audit\"\r\n },\r\n \"effect-f7d52b2d-e161-4dfa-a82b-55e564167385\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-7d7be79c-23ba-4033-84dd-45e2a5ccdd67\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-ca91455f-eace-4f96-be59-e6e2c35b4816\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-702dd420-7fcc-42c5-afe8-4026edd20fe0\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"diagnosticsLogsInRedisCacheMonitoringEffect\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"secureTransferToStorageAccountMonitoringEffect\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-d0793b48-0edc-4296-a390-4c75d1bdfd71\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-7d092e0a-7acd-40d2-a975-dca21cae48c4\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-2a1a9cdf-e04d-429a-8416-3bfb72a1b26f\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"disableUnrestrictedNetworkToStorageAccountMonitoringEffect\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-55615ac9-af46-4a59-874e-391cc3dfb490\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-1b8ca024-1d5c-4dec-8995-b1a932b41780\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-037eea7a-bd0a-46c5-9a66-03aea78705d3\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-53503636-bcc9-4748-9663-5348217f160f\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-40cec1dd-a100-4920-b15b-3024fe8901ab\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-0725b4dd-7e76-479c-a735-68e7ee23d5ca\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-a049bf77-880b-470f-ba6d-9f21c530cf83\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-ee980b6d-0eca-4501-8d54-f6290fd512c3\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-1d84d5fb-01f6-4d12-ba4f-4a26081d403d\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-37e0d2fe-28a5-43d6-a273-67d37d1f5606\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"identityDesignateMoreThanOneOwnerMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"diskEncryptionMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"emailNotificationToSubscriptionOwnerHighSeverityAlertsEnabledEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"functionAppDisableRemoteDebuggingMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"sqlDbEncryptionMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"vulnerabilityAssessmentOnManagedInstanceMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"ensurePHPVersionLatestForAPIAppEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"aadAuthenticationInSqlServerMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"vmssEndpointProtectionMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"vmssOsVulnerabilitiesMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"adaptiveApplicationControlsMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"geoRedundantBackupShouldBeEnabledForAzureDatabaseForPostgreSQLEffect\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"ensureJavaVersionLatestForWebAppEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"identityDesignateLessThanOwnersMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"securityContactEmailAddressForSubscriptionEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"webAppRestrictCORSAccessMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithWritePermissionsMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithReadPermissionsMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveDeprecatedAccountMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"functionAppEnforceHttpsMonitoringEffect\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"ensurePythonVersionLatestForWebAppEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"ensurePythonVersionLatestForFunctionAppEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"ensurePHPVersionLatestForWebAppEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"ensurePythonVersionLatestForAPIAppEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMySQLEffect\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"systemUpdatesMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"ensureJavaVersionLatestForAPIAppEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"ensureHTTPVersionLatestForWebAppEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"apiAppRequireLatestTlsMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForWritePermissionsMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"ensureHTTPVersionLatestForAPIAppEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"ensureJavaVersionLatestForFunctionAppEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"nextGenerationFirewallMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"useRbacRulesMonitoringEffect\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"webAppEnforceHttpsMonitoringEffect\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"sqlServerAuditingMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"vnetEnableDDoSProtectionMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForOwnerPermissionsMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"sqlServerAdvancedDataSecurityMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"sqlManagedInstanceAdvancedDataSecurityMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"endpointProtectionMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"jitNetworkAccessMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"apiAppEnforceHttpsMonitoringEffect\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"geoRedundantStorageShouldBeEnabledForStorageAccountsEffect\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"vmssSystemUpdatesMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"webAppDisableRemoteDebuggingMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"longtermGeoRedundantBackupEnabledAzureSQLDatabasesEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"systemConfigurationsMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"ensureHTTPVersionLatestForFunctionAppEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForReadPermissionsMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"containerBenchmarkMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"apiAppDisableRemoteDebuggingMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"vulnerabilityAssessmentOnServerMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"webAppRequireLatestTlsMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"functionAppRequireLatestTlsMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"kubernetesServiceVersionUpToDateMonitoringEffect\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"sqlDbVulnerabilityAssesmentMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"membersToIncludeInLocalAdministratorsGroup\" : { \r\n \"value\" : \"\"\r\n },\r\n \"membersToExcludeInLocalAdministratorsGroup\" : { \r\n \"value\" : \"\"\r\n },\r\n \"logAnalyticsWorkspaceIDForVMAgents\" : { \r\n \"value\" : \"\"\r\n },\r\n \"PHPLatestVersionForAppServices\" : { \r\n \"value\" : \"7.4\"\r\n },\r\n \"JavaLatestVersionForAppServices\" : { \r\n \"value\" : \"11\"\r\n },\r\n \"WindowsPythonLatestVersionForAppServices\" : { \r\n \"value\" : \"3.6\"\r\n },\r\n \"LinuxPythonLatestVersionForAppServices\" : { \r\n \"value\" : \"3.9\"\r\n },\r\n \"ensureDotNetFrameworkLatestForFunctionAppEffect\" : { \r\n \"value\" : \"Disabled\"\r\n },\r\n \"sqlManagedInstanceAdvancedDataSecurityEmailsMonitoringEffect\" : { \r\n \"value\" : \"Disabled\"\r\n },\r\n \"vulnerabilityAssessmentMonitoringEffect\" : { \r\n \"value\" : \"Disabled\"\r\n },\r\n \"ensureDotNetFrameworkLatestForWebAppEffect\" : { \r\n \"value\" : \"Disabled\"\r\n },\r\n \"sqlServerAdvancedDataSecurityEmailsMonitoringEffect\" : { \r\n \"value\" : \"Disabled\"\r\n },\r\n \"microsoftIaaSAntimalwareExtensionShouldBeDeployedOnWindowsServersEffect\" : { \r\n \"value\" : \"Disabled\"\r\n },\r\n \"securityCenterStandardPricingTierShouldBeSelectedEffect\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"theLogAnalyticsAgentShouldBeInstalledOnVirtualMachinesEffect\" : { \r\n \"value\" : \"Disabled\"\r\n },\r\n \"ensurePHPVersionLatestForFunctionAppEffect\" : { \r\n \"value\" : \"Disabled\"\r\n },\r\n \"sqlManagedInstanceAdvancedDataSecurityEmailAdminsMonitoringEffect\" : { \r\n \"value\" : \"Disabled\"\r\n },\r\n \"securityContactPhoneNumberShouldBeProvidedForSubscriptionEffect\" : { \r\n \"value\" : \"Disabled\"\r\n },\r\n \"threatDetectionTypesOnManagedInstanceMonitoringEffect\" : { \r\n \"value\" : \"Disabled\"\r\n },\r\n \"ensureDotNetFrameworkLatestForAPIAppEffect\" : { \r\n \"value\" : \"Disabled\"\r\n },\r\n \"sqlServerAdvancedDataSecurityEmailAdminsMonitoringEffect\" : { \r\n \"value\" : \"Disabled\"\r\n },\r\n \"threatDetectionTypesOnServerMonitoringEffect\" : { \r\n \"value\" : \"Disabled\"\r\n },\r\n \"theLogAnalyticsAgentShouldBeInstalledOnVirtualMachineScaleSetsEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n }\r\n}", + "$fxv#3": "{\r\n \"logAnalyticsWorkspaceId-f47b5582-33ec-4c5c-87c0-b010a6b2e917\" : { \r\n \"value\" : \"\"\r\n },\r\n \"effect-09024ccc-0c5f-475e-9457-b7c0d9ed487b\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"MembersToExclude-69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f\" :{\r\n \"value\": \"\"\r\n },\r\n \"MembersToInclude-30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7\": {\r\n \"value\": \"\"\r\n },\r\n \"effect-0961003e-5a0a-4549-abde-af6a37f2724d\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-0b15565f-aa9e-48ba-8619-45960f2c314d\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-0e60b895-3786-45da-8377-9c6b4b6ac5f9\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-17k78e20-9358-41c9-923c-fb736d382a12\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"PHPLatestVersion\" : { \r\n \"value\" : \"7.3\"\r\n },\r\n \"effect-22bee202-a82f-4305-9a2a-6d7f44d4dedb\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-26a828e1-e88f-464e-bbb3-c134a282b9de\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-34c877ad-507e-4c82-993e-3452a6e0ad3c\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-404c3081-a854-4457-ae30-26a93ef643f9\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-47a6b606-51aa-4496-8bb7-64b11cf66adc\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-496223c3-ad65-4ecd-878a-bae78737e9ed\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"JavaLatestVersion\" : { \r\n \"value\" : \"11\"\r\n },\r\n \"effect-4f11b553-d42e-4e3a-89be-32ca364cad4c\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-5c607a2e-c700-4744-8254-d77e7c9eb5e4\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-5f76cf89-fbf2-47fd-a3f4-b891fa780b60\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-6b1cbf55-e8b6-442f-ba4c-7246b6381474\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-7008174a-fd10-4ef0-817e-fc820a951d73\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"LinuxPythonLatestVersion\" : { \r\n \"value\" : \"3.8\"\r\n },\r\n \"effect-7238174a-fd10-4ef0-817e-fc820a951d73\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-7261b898-8a84-4db8-9e04-18527132abb3\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-74c3584d-afae-46f7-a20a-6f8adba71a16\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-86b3d65f-7626-441e-b690-81a8b71cff60\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-88999f4c-376a-45c8-bcb3-4058f713cf39\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-8c122334-9d20-4eb8-89ea-ac9a705b74ae\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-9297c21d-2ed6-4474-b48f-163f75654ce3\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-991310cd-e9f3-47bc-b7b6-f57b557d07db\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-9b597639-28e4-48eb-b506-56b05d366257\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-9daedab3-fb2d-461e-b861-71790eead4f6\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-a4af4a39-4135-47fb-b175-47fbdf85311d\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"setting-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\" : { \r\n \"value\" : \"enabled\"\r\n },\r\n \"effect-a70ca396-0a34-413a-88e1-b956c1e683be\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-aa633080-8b72-40c4-a2d7-d00c03e80bed\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-af6cd1bd-1635-48cb-bde7-5b15693900b9\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"resourceGroupName-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6\" : { \r\n \"value\" : \"NetworkWatcherRG\"\r\n },\r\n \"effect-b7ddfbdc-1260-477d-91fd-98bd9be789a6\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-c3f317a7-a95c-4547-b7e7-11017ebdf2fe\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-cb510bfd-1cba-4d9f-a230-cb0976f4bb71\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-e2c1c086-2d84-4019-bff3-c44ccd95113c\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-e3576e28-8b17-4677-84c3-db2990658d64\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-e8cbc669-f12d-49eb-93e7-9273119e9933\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-ebb62a0c-3560-49e1-89ed-27e074e9f8ad\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-efbde977-ba53-4479-b8e9-10b957924fbf\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-f6de0be7-9a8a-4b8a-b349-43cf02d22f7c\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-f8456c1c-aa66-4dfb-861a-25d127b775c9\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-f9d614c5-c173-4d56-95a7-b4437057d193\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-fb893a29-21bb-418c-a157-e99480ec364c\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-feedbf84-6b99-488c-acc2-71c829aa5ffc\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-3b980d31-7904-4bb7-8575-5665739a8052\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-6e2593d9-add6-4083-9c9b-4b7d2188c899\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-12430be1-6cc8-4527-a9a8-e3d38f250096\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"modeRequirement-12430be1-6cc8-4527-a9a8-e3d38f250096\" : { \r\n \"value\" : \"Detection\"\r\n },\r\n \"effect-425bea59-a659-4cbb-8d31-34499bd030b8\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"modeRequirement-425bea59-a659-4cbb-8d31-34499bd030b8\" : { \r\n \"value\" : \"Detection\"\r\n },\r\n \"effect-564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-055aa869-bc98-4af8-bafc-23f1ab6ffe2c\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-013e242c-8828-4970-87b3-ab247555486d\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-d38fc420-0735-4ef3-ac11-c806f651a570\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-a1181c5f-672a-477a-979a-7d58aa086233\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-308fbb08-4ab8-4e67-9b29-592e93fb94fa\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-4da35fc9-c9e7-4960-aec9-797fe7d9051d\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-523b5cd1-3e23-492f-a539-13118b6d1e3a\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-7fe3b40f-802b-4cdd-8bd4-fd799c948cc2\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-c25d9a16-bc35-4e15-a7e5-9db606bf9ed4\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-b0f33259-77d7-4c9e-aac6-3aabcfae693c\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-037eea7a-bd0a-46c5-9a66-03aea78705d3\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-0725b4dd-7e76-479c-a735-68e7ee23d5ca\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-0820b7b9-23aa-4725-a1ce-ae4558f718e5\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-2c89a2e5-7285-40fe-afe0-ae8654b92fab\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-5744710e-cc2f-4ee8-8809-3b11e89f4bc9\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-ac4a19c2-fa67-49b4-8ae5-0b2e78c49457\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-c9d007d0-c057-4772-b18c-01e546713bcd\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-d0793b48-0edc-4296-a390-4c75d1bdfd71\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-e372f825-a257-4fb8-9175-797a8a8627d6\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-d158790f-bfb0-486c-8631-2dc6b4e8e6af\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-e802a67a-daf5-4436-9ea6-f6d821dd0c5d\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-a451c1ef-c6ca-483d-87ed-f49761e3ffb5\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftSql-servers-firewallRules-delete\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-delete\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftClassicNetwork-networkSecurityGroups-delete\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-securityRules-delete\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftClassicNetwork-networkSecurityGroups-securityRules-delete\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-ae89ebca-1c92-4898-ac2c-9f63decb045c\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-d26f7642-7545-4e18-9b75-8c9bbdee3a9a\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-1a4e592a-6a6e-44a5-9814-e36264ca96e7\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-7796937f-307b-4598-941c-67d3a05ebfe7\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-c5447c04-a4d7-4ba8-a263-c9ee321a6858\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-41388f1c-2db0-4c25-95b2-35d7f5ccbfa9\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-b02aacc0-b073-424e-8298-42b22829ee0a\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-0ec47710-77ff-4a3d-9181-6aa50af424d0\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-48af4db5-9b8b-401c-8e74-076be876a430\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-82339799-d096-41ae-8538-b108becf0970\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-1b7aa243-30e4-4c9e-bca8-d0d3022b634a\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-bb91dfba-c30d-4263-9add-9c2384e659a6\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-e71308d3-144b-4262-b144-efdc3cc90517\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-2bdd0062-9d75-436e-89df-487dd8e4b3c7\" : { \r\n \"value\" : \"Disabled\"\r\n },\r\n \"effect-4733ea7b-a883-42fe-8cac-97454c2a9e4a\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-67121cc7-ff39-4ab8-b7e3-95b84dab487d\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-6fac406b-40ca-413b-bf8e-0bf964659c25\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-81e74cea-30fd-40d5-802f-d72103c2aaaa\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-c349d81b-9985-44ae-a8da-ff98d108ede8\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-f4b53539-8df9-40e4-86c6-6b607703bd4e\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-ec068d99-e9c7-401f-8cef-5bdde4e6ccf1\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-048248b0-55cd-46da-b1ff-39efd52db260\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-0d134df8-db83-46fb-ad72-fe0c9428c8dd\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-2c89a2e5-7285-40fe-afe0-ae8654b92fb2\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-3657f5a0-770e-44a3-b44e-9431ba1e9735\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-617c02be-7f02-4efd-8836-3180d47b6c68\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-7d7be79c-23ba-4033-84dd-45e2a5ccdd67\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-87ba29ef-1ab3-4d82-b763-87fcd4f531f7\" : { \r\n \"value\" : \"audit\"\r\n },\r\n \"effect-f7d52b2d-e161-4dfa-a82b-55e564167385\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-c43e4a30-77cb-48ab-a4dd-93f175c63b57\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-1f314764-cb73-4fc9-b863-8eca98ac36e9\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-123a3936-f020-408a-ba0c-47873faf1534\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n }\r\n}\r\n", + "modifiedAssignment": "[if(and(equals(toLower(environment().name), toLower('AzureCloud')), equals(toLower(parameters('builtInAssignment')), toLower('IL5'))), 'NISTRev4', parameters('builtInAssignment'))]", + "assignmentName": "[format('{0} {1}', variables('modifiedAssignment'), resourceGroup().name)]", + "agentVmssAssignmentName": "[format('Deploy VMSS Agents {0}', resourceGroup().name)]", + "agentVmAssignmentName": "[format('Deploy VM Agents {0}', resourceGroup().name)]", + "contributorRoleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", + "lawsReaderRoleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293')]" + }, + "resources": [ + { + "type": "Microsoft.Authorization/policyAssignments", + "apiVersion": "2020-09-01", + "name": "[variables('assignmentName')]", + "location": "[parameters('location')]", + "properties": { + "policyDefinitionId": "[createObject('NISTRev4', createObject('id', '/providers/Microsoft.Authorization/policySetDefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f', 'parameters', json(replace(variables('$fxv#0'), '', extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('logAnalyticsWorkspaceResourceId'), '/')[2], split(parameters('logAnalyticsWorkspaceResourceId'), '/')[4]), 'Microsoft.OperationalInsights/workspaces', split(parameters('logAnalyticsWorkspaceResourceId'), '/')[8])))), 'NISTRev5', createObject('id', '/providers/Microsoft.Authorization/policySetDefinitions/179d1daa-458f-4e47-8086-2a68d0d6c38f', 'parameters', json(variables('$fxv#1'))), 'IL5', createObject('id', '/providers/Microsoft.Authorization/policySetDefinitions/f9a961fa-3241-4b20-adc4-bbf8ad9d7197', 'parameters', json(replace(variables('$fxv#2'), '', extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('logAnalyticsWorkspaceResourceId'), '/')[2], split(parameters('logAnalyticsWorkspaceResourceId'), '/')[4]), 'Microsoft.OperationalInsights/workspaces', split(parameters('logAnalyticsWorkspaceResourceId'), '/')[8])))), 'CMMC', createObject('id', '/providers/Microsoft.Authorization/policySetDefinitions/b5629c75-5c77-4422-87b9-2509e680f8de', 'parameters', json(replace(variables('$fxv#3'), '', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('logAnalyticsWorkspaceResourceId'), '/')[2], split(parameters('logAnalyticsWorkspaceResourceId'), '/')[4]), 'Microsoft.OperationalInsights/workspaces', split(parameters('logAnalyticsWorkspaceResourceId'), '/')[8]), '2021-06-01').customerId))))[variables('modifiedAssignment')].id]", + "parameters": "[createObject('NISTRev4', createObject('id', '/providers/Microsoft.Authorization/policySetDefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f', 'parameters', json(replace(variables('$fxv#0'), '', extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('logAnalyticsWorkspaceResourceId'), '/')[2], split(parameters('logAnalyticsWorkspaceResourceId'), '/')[4]), 'Microsoft.OperationalInsights/workspaces', split(parameters('logAnalyticsWorkspaceResourceId'), '/')[8])))), 'NISTRev5', createObject('id', '/providers/Microsoft.Authorization/policySetDefinitions/179d1daa-458f-4e47-8086-2a68d0d6c38f', 'parameters', json(variables('$fxv#1'))), 'IL5', createObject('id', '/providers/Microsoft.Authorization/policySetDefinitions/f9a961fa-3241-4b20-adc4-bbf8ad9d7197', 'parameters', json(replace(variables('$fxv#2'), '', extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('logAnalyticsWorkspaceResourceId'), '/')[2], split(parameters('logAnalyticsWorkspaceResourceId'), '/')[4]), 'Microsoft.OperationalInsights/workspaces', split(parameters('logAnalyticsWorkspaceResourceId'), '/')[8])))), 'CMMC', createObject('id', '/providers/Microsoft.Authorization/policySetDefinitions/b5629c75-5c77-4422-87b9-2509e680f8de', 'parameters', json(replace(variables('$fxv#3'), '', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('logAnalyticsWorkspaceResourceId'), '/')[2], split(parameters('logAnalyticsWorkspaceResourceId'), '/')[4]), 'Microsoft.OperationalInsights/workspaces', split(parameters('logAnalyticsWorkspaceResourceId'), '/')[8]), '2021-06-01').customerId))))[variables('modifiedAssignment')].parameters]" + }, + "identity": { + "type": "SystemAssigned" + } + }, + { + "type": "Microsoft.Authorization/policyAssignments", + "apiVersion": "2020-09-01", + "name": "[variables('agentVmssAssignmentName')]", + "location": "[parameters('location')]", + "properties": { + "policyDefinitionId": "[tenantResourceId('Microsoft.Authorization/policySetDefinitions', '75714362-cae7-409e-9b99-a8e5075b7fad')]", + "parameters": { + "logAnalytics_1": { + "value": "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('logAnalyticsWorkspaceResourceId'), '/')[2], split(parameters('logAnalyticsWorkspaceResourceId'), '/')[4]), 'Microsoft.OperationalInsights/workspaces', split(parameters('logAnalyticsWorkspaceResourceId'), '/')[8])]" + } + } + }, + "identity": { + "type": "SystemAssigned" + } + }, + { + "type": "Microsoft.Authorization/policyAssignments", + "apiVersion": "2020-09-01", + "name": "[variables('agentVmAssignmentName')]", + "location": "[parameters('location')]", + "properties": { + "policyDefinitionId": "[tenantResourceId('Microsoft.Authorization/policySetDefinitions', '55f3eceb-5573-4f18-9695-226972c6d74a')]", + "parameters": { + "logAnalytics_1": { + "value": "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('logAnalyticsWorkspaceResourceId'), '/')[2], split(parameters('logAnalyticsWorkspaceResourceId'), '/')[4]), 'Microsoft.OperationalInsights/workspaces', split(parameters('logAnalyticsWorkspaceResourceId'), '/')[8])]" + } + } + }, + "identity": { + "type": "SystemAssigned" + } + }, + { + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2020-04-01-preview", + "name": "[guid(variables('contributorRoleDefinitionId'), variables('assignmentName'))]", + "properties": { + "roleDefinitionId": "[variables('contributorRoleDefinitionId')]", + "principalId": "[if(empty(variables('modifiedAssignment')), '', reference(resourceId('Microsoft.Authorization/policyAssignments', variables('assignmentName')), '2020-09-01', 'full').identity.principalId)]", + "principalType": "ServicePrincipal" + }, + "dependsOn": [ + "[resourceId('Microsoft.Authorization/policyAssignments', variables('assignmentName'))]" + ] + }, + { + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2020-04-01-preview", + "name": "[guid(variables('contributorRoleDefinitionId'), variables('agentVmssAssignmentName'))]", + "properties": { + "roleDefinitionId": "[variables('contributorRoleDefinitionId')]", + "principalId": "[reference(resourceId('Microsoft.Authorization/policyAssignments', variables('agentVmssAssignmentName')), '2020-09-01', 'full').identity.principalId]", + "principalType": "ServicePrincipal" + }, + "dependsOn": [ + "[resourceId('Microsoft.Authorization/policyAssignments', variables('agentVmssAssignmentName'))]" + ] + }, + { + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2020-04-01-preview", + "name": "[guid(variables('contributorRoleDefinitionId'), variables('agentVmAssignmentName'))]", + "properties": { + "roleDefinitionId": "[variables('contributorRoleDefinitionId')]", + "principalId": "[reference(resourceId('Microsoft.Authorization/policyAssignments', variables('agentVmAssignmentName')), '2020-09-01', 'full').identity.principalId]", + "principalType": "ServicePrincipal" + }, + "dependsOn": [ + "[resourceId('Microsoft.Authorization/policyAssignments', variables('agentVmAssignmentName'))]" + ] + }, + { + "condition": "[parameters('deployRemediation')]", + "type": "Microsoft.PolicyInsights/remediations", + "apiVersion": "2019-07-01", + "name": "VM-Agent-Policy-Remediation", + "properties": { + "policyAssignmentId": "[resourceId('Microsoft.Authorization/policyAssignments', variables('agentVmAssignmentName'))]", + "resourceDiscoveryMode": "ReEvaluateCompliance" + }, + "dependsOn": [ + "[resourceId('Microsoft.Authorization/policyAssignments', variables('agentVmAssignmentName'))]" + ] + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('Assign-Laws-Role-Policy-{0}', resourceGroup().name)]", + "subscriptionId": "[split(parameters('logAnalyticsWorkspaceResourceId'), '/')[2]]", + "resourceGroup": "[split(parameters('logAnalyticsWorkspaceResourceId'), '/')[4]]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "targetResourceId": { + "value": "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('logAnalyticsWorkspaceResourceId'), '/')[2], split(parameters('logAnalyticsWorkspaceResourceId'), '/')[4]), 'Microsoft.OperationalInsights/workspaces', split(parameters('logAnalyticsWorkspaceResourceId'), '/')[8])]" + }, + "roleDefinitionId": { + "value": "[variables('lawsReaderRoleDefinitionId')]" + }, + "principalId": { + "value": "[reference(resourceId('Microsoft.Authorization/policyAssignments', variables('agentVmAssignmentName')), '2020-09-01', 'full').identity.principalId]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "6383470207031311407" + } + }, + "parameters": { + "targetResourceId": { + "type": "string" + }, + "roleDefinitionId": { + "type": "string" + }, + "principalId": { + "type": "string" + }, + "principalType": { + "type": "string", + "defaultValue": "ServicePrincipal", + "allowedValues": [ + "ForeignGroup", + "Group", + "ServicePrincipal", + "User" + ] + }, + "description": { + "type": "string", + "defaultValue": "" + } + }, + "resources": [ + { + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2020-04-01-preview", + "name": "[guid(parameters('targetResourceId'), parameters('roleDefinitionId'), parameters('principalId'))]", + "properties": { + "principalId": "[parameters('principalId')]", + "principalType": "[parameters('principalType')]", + "roleDefinitionId": "[parameters('roleDefinitionId')]", + "description": "[parameters('description')]" + } + } + ] + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Authorization/policyAssignments', variables('agentVmAssignmentName'))]" + ] + } + ] + } + } + } + ] + } + }, + "dependsOn": [ + "[subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]" + ] + }, + { + "condition": "[parameters('deployDefender')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('set-{0}-sub-defender', toLower(parameters('workloadName')))]", + "location": "[deployment().location]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "emailSecurityContact": { + "value": "[parameters('emailSecurityContact')]" + }, + "logAnalyticsWorkspaceId": { + "value": "[parameters('logAnalyticsWorkspaceResourceId')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "4615387508967890473" + } + }, + "parameters": { + "defenderPlans": { + "type": "array", + "defaultValue": [ + "VirtualMachines" + ], + "metadata": { + "description": "Defender Paid protection Plans. Even if a customer selects the free sku, at least 1 paid protection plan must be specified." + } + }, + "enableAutoProvisioning": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Turn automatic deployment by Defender of the MMA (OMS VM extension) on or off" + } + }, + "logAnalyticsWorkspaceId": { + "type": "string", + "metadata": { + "description": "Specify the ID of your custom Log Analytics workspace to collect Defender data." + } + }, + "emailSecurityContact": { + "type": "string", + "metadata": { + "description": "Email address of the contact, in the form of john@doe.com" + } + }, + "policySetDescription": { + "type": "string", + "defaultValue": "The Microsoft Cloud Security Benchmark initiative represents the policies and controls implementing security recommendations defined in Microsoft Cloud Security Benchmark v2, see https://aka.ms/azsecbm. This also serves as the Microsoft Defender for Cloud default policy initiative. You can directly assign this initiative, or manage its policies and compliance results within Microsoft Defender.", + "metadata": { + "description": "Policy Initiative description field" + } + }, + "defenderSkuTier": { + "type": "string", + "defaultValue": "Free", + "metadata": { + "description": "[Standard/Free] The SKU for Defender. It defaults to \"Free\"." + } + } + }, + "variables": { + "autoProvisioning": "[if(parameters('enableAutoProvisioning'), 'On', 'Off')]", + "defenderPaidPlanConfig": { + "AzureCloud": { + "Api": { + "subPlan": "P1" + }, + "appServices": {}, + "KeyVaults": { + "subPlan": "PerKeyVault" + }, + "Arm": { + "subPlan": "PerSubscription" + }, + "CloudPosture": { + "extensions": [ + { + "name": "SensitiveDataDiscovery", + "isEnabled": "True" + }, + { + "name": "ContainerRegistriesVulnerabilityAssessments", + "isEnabled": "True" + }, + { + "name": "AgentlessDiscoveryForKubernetes", + "isEnabled": "True" + }, + { + "name": "AgentlessVmScanning", + "isEnabled": "True" + }, + { + "name": "EntraPermissionsManagement", + "isEnabled": "True" + } + ] + }, + "Containers": { + "extensions": [ + { + "name": "ContainerRegistriesVulnerabilityAssessments", + "isEnabled": "True" + }, + { + "name": "AgentlessDiscoveryForKubernetes", + "isEnabled": "True" + } + ] + }, + "CosmosDbs": {}, + "StorageAccounts": { + "subPlan": "DefenderForStorageV2", + "extensions": [ + { + "name": "OnUploadMalwareScanning", + "isEnabled": "True", + "additionalExtensionProperties": { + "CapGBPerMonthPerStorageAccount": "5000" + } + }, + { + "name": "SensitiveDataDiscovery", + "isEnabled": "True" + } + ] + }, + "VirtualMachines": { + "subPlan": "P1" + }, + "SqlServerVirtualMachines": {}, + "SqlServers": {}, + "OpenSourceRelationalDatabases": {} + } + } + }, + "resources": [ + { + "copy": { + "name": "defenderFreeAllClouds", + "count": "[length(parameters('defenderPlans'))]", + "mode": "serial", + "batchSize": 1 + }, + "condition": "[equals(parameters('defenderSkuTier'), 'Free')]", + "type": "Microsoft.Security/pricings", + "apiVersion": "2023-01-01", + "name": "[parameters('defenderPlans')[copyIndex()]]", + "properties": { + "pricingTier": "[parameters('defenderSkuTier')]" + } + }, + { + "copy": { + "name": "defenderStandardNoSubplanNoExtensions", + "count": "[length(parameters('defenderPlans'))]", + "mode": "serial", + "batchSize": 1 + }, + "condition": "[and(equals(parameters('defenderSkuTier'), 'Standard'), not(equals(environment().name, 'AzureCloud')))]", + "type": "Microsoft.Security/pricings", + "apiVersion": "2023-01-01", + "name": "[parameters('defenderPlans')[copyIndex()]]", + "properties": { + "pricingTier": "[parameters('defenderSkuTier')]" + } + }, + { + "copy": { + "name": "defenderStandardSubplanExtensionsAzureCloud", + "count": "[length(parameters('defenderPlans'))]", + "mode": "serial", + "batchSize": 1 + }, + "condition": "[and(equals(parameters('defenderSkuTier'), 'Standard'), equals(environment().name, 'AzureCloud'))]", + "type": "Microsoft.Security/pricings", + "apiVersion": "2023-01-01", + "name": "[parameters('defenderPlans')[copyIndex()]]", + "properties": { + "pricingTier": "[parameters('defenderSkuTier')]", + "subPlan": "[if(contains(variables('defenderPaidPlanConfig')[environment().name][parameters('defenderPlans')[copyIndex()]], 'subPlan'), variables('defenderPaidPlanConfig')[environment().name][parameters('defenderPlans')[copyIndex()]].subPlan, json('null'))]", + "extensions": "[if(contains(variables('defenderPaidPlanConfig')[environment().name][parameters('defenderPlans')[copyIndex()]], 'extensions'), variables('defenderPaidPlanConfig')[environment().name][parameters('defenderPlans')[copyIndex()]].extensions, json('null'))]" + } + }, + { + "type": "Microsoft.Security/autoProvisioningSettings", + "apiVersion": "2019-01-01", + "name": "default", + "properties": { + "autoProvision": "[variables('autoProvisioning')]" + } + }, + { + "type": "Microsoft.Security/workspaceSettings", + "apiVersion": "2019-01-01", + "name": "default", + "properties": { + "workspaceId": "[parameters('logAnalyticsWorkspaceId')]", + "scope": "[subscription().id]" + } + }, + { + "condition": "[not(empty(parameters('emailSecurityContact')))]", + "type": "Microsoft.Security/securityContacts", + "apiVersion": "2020-01-01-preview", + "name": "default", + "properties": { + "notificationsByRole": { + "roles": [ + "AccountAdmin", + "Contributor", + "Owner", + "ServiceAdmin" + ], + "state": "On" + }, + "alertNotifications": { + "state": "On" + }, + "emails": "[parameters('emailSecurityContact')]" + } + }, + { + "type": "Microsoft.Authorization/policyAssignments", + "apiVersion": "2022-06-01", + "name": "Microsoft Cloud Security Benchmark", + "properties": { + "displayName": "Defender Default", + "description": "[parameters('policySetDescription')]", + "enforcementMode": "DoNotEnforce", + "parameters": {}, + "policyDefinitionId": "[tenantResourceId('Microsoft.Authorization/policySetDefinitions', '1f3afdf9-d0c9-4c3d-847f-89da613e70a8')]" + } + } + ] + } + } + } + ], + "outputs": { + "diskEncryptionSetResourceId": { + "type": "string", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.diskEncryptionSetResourceId.value]" + }, + "keyVaultUri": { + "type": "string", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultUri.value]" + }, + "locatonProperties": { + "type": "object", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.locationProperties.value]" + }, + "mlzTags": { + "type": "object", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.mlzTags.value]" + }, + "namingConvention": { + "type": "object", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value[0].namingConvention]" + }, + "privateDnsZones": { + "type": "array", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.privateDnsZones.value]" + }, + "resourcePrefix": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('firewallResourceId'), '/')[2], split(parameters('firewallResourceId'), '/')[4]), 'Microsoft.Network/azureFirewalls', split(parameters('firewallResourceId'), '/')[8]), '2020-11-01', 'full').tags.resourcePrefix]" + }, + "storageEncryptionKeyName": { + "type": "string", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.storageKeyName.value]" + }, + "subnetResourceId": { + "type": "string", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.subnetResourceId.value]" + }, + "tier": { + "type": "object", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value[0]]" + }, + "tokens": { + "type": "object", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value]" + }, + "userAssignedIdentityResourceId": { + "type": "string", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.userAssignedIdentityResourceId.value]" + } + } + } + } + }, + { + "condition": "[equals(length(variables('deploymentLocations')), 2)]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-tier3-session-hosts-{0}', parameters('deploymentNameSuffix'))]", + "location": "[deployment().location]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "additionalSubnets": "[if(and(and(contains(parameters('fslogixStorageService'), 'AzureNetAppFiles'), not(empty(parameters('azureNetAppFilesSubnetAddressPrefix')))), equals(length(variables('deploymentLocations')), 2)), createObject('value', createArray(createObject('name', 'AzureNetAppFiles', 'addressPrefix', parameters('azureNetAppFilesSubnetAddressPrefix')))), createObject('value', createArray()))]", + "deployActivityLogDiagnosticSetting": { + "value": "[parameters('deployActivityLogDiagnosticSetting')]" + }, + "deployDefender": { + "value": "[parameters('deployDefender')]" + }, + "deployNetworkWatcher": { + "value": "[parameters('deployNetworkWatcher')]" + }, + "deployPolicy": { + "value": "[parameters('deployPolicy')]" + }, + "emailSecurityContact": { + "value": "[parameters('emailSecurityContact')]" + }, + "environmentAbbreviation": { + "value": "[parameters('environmentAbbreviation')]" + }, + "firewallResourceId": { + "value": "[parameters('hubAzureFirewallResourceId')]" + }, + "hubVirtualNetworkResourceId": { + "value": "[parameters('hubVirtualNetworkResourceId')]" + }, + "identifier": { + "value": "[parameters('identifier')]" + }, + "logAnalyticsWorkspaceResourceId": { + "value": "[parameters('operationsLogAnalyticsWorkspaceResourceId')]" + }, + "policy": { + "value": "[parameters('policy')]" + }, + "stampIndex": { + "value": "[string(parameters('stampIndex'))]" + }, + "subnetAddressPrefix": { + "value": "[parameters('subnetAddressPrefixes')[1]]" + }, + "tags": { + "value": "[parameters('tags')]" + }, + "virtualNetworkAddressPrefix": { + "value": "[parameters('virtualNetworkAddressPrefixes')[1]]" + }, + "workloadName": { + "value": "avd" + }, + "workloadShortName": { + "value": "avd" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "5760152189882232532" + } + }, + "parameters": { + "additionalSubnets": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "An array of additional subnets to support the tier3 workload." + } + }, + "deployActivityLogDiagnosticSetting": { + "type": "bool", + "metadata": { + "description": "Choose whether to deploy a diagnostic setting for the Activity Log." + } + }, + "deployDefender": { + "type": "bool", + "metadata": { + "description": "Choose whether to deploy Defender for Cloud." + } + }, + "deploymentNameSuffix": { + "type": "string", + "defaultValue": "[utcNow()]", + "metadata": { + "description": "The suffix to append to the deployment name. It defaults to the current UTC date and time." + } + }, + "deployNetworkWatcher": { + "type": "bool", + "metadata": { + "description": "Choose whether to deploy Network Watcher for the deployment location." + } + }, + "deployPolicy": { + "type": "bool", + "metadata": { + "description": "Choose whether to deploy a policy assignment." + } + }, + "emailSecurityContact": { + "type": "string", + "metadata": { + "description": "The email address to use for Defender for Cloud notifications." + } + }, + "environmentAbbreviation": { + "type": "string", + "defaultValue": "dev", + "allowedValues": [ + "dev", + "prod", + "test" + ], + "metadata": { + "description": "The abbreviation for the environment." + } + }, + "firewallResourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the Azure Firewall in the HUB." + } + }, + "hubVirtualNetworkResourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the HUB Virtual Network." + } + }, + "identifier": { + "type": "string", + "maxLength": 3, + "metadata": { + "description": "The identifier for the resource names. This value should represent the workload, project, or business unit." + } + }, + "keyVaultDiagnosticsLogs": { + "type": "array", + "defaultValue": [ + { + "category": "AuditEvent", + "enabled": true + }, + { + "category": "AzurePolicyEvaluationDetails", + "enabled": true + } + ], + "metadata": { + "description": "An array of Key Vault Diagnostic Logs categories to collect. See \"https://learn.microsoft.com/en-us/azure/key-vault/general/logging?tabs=Vault\" for valid values." + } + }, + "location": { + "type": "string", + "defaultValue": "[deployment().location]", + "metadata": { + "description": "The location for the deployment. It defaults to the location of the deployment." + } + }, + "logAnalyticsWorkspaceResourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the Log Analytics Workspace to use for log storage." + } + }, + "logStorageSkuName": { + "type": "string", + "defaultValue": "Standard_GRS", + "metadata": { + "description": "The Storage Account SKU to use for log storage. It defaults to \"Standard_GRS\". See https://docs.microsoft.com/en-us/rest/api/storagerp/srp_sku_types for valid settings." + } + }, + "networkSecurityGroupDiagnosticsLogs": { + "type": "array", + "defaultValue": [ + { + "category": "NetworkSecurityGroupEvent", + "enabled": true + }, + { + "category": "NetworkSecurityGroupRuleCounter", + "enabled": true + } + ], + "metadata": { + "description": "An array of Network Security Group diagnostic logs to apply to the workload Virtual Network. See https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-nsg-manage-log#log-categories for valid settings." + } + }, + "networkSecurityGroupDiagnosticsMetrics": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "The metrics to monitor for the Network Security Group." + } + }, + "networkSecurityGroupRules": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "The rules to apply to the Network Security Group." + } + }, + "policy": { + "type": "string", + "defaultValue": "NISTRev4", + "metadata": { + "description": "The policy to assign to the workload." + } + }, + "stampIndex": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "The stamp index allows for multiple AVD stamps with the same business unit or project to support different use cases." + } + }, + "subnetAddressPrefix": { + "type": "string", + "metadata": { + "description": "The address prefix for the workload subnet." + } + }, + "tags": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "The tags to apply to the resources." + } + }, + "virtualNetworkAddressPrefix": { + "type": "string", + "metadata": { + "description": "The address prefix for the workload Virtual Network." + } + }, + "virtualNetworkDiagnosticsLogs": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "The diagnostic logs to apply to the workload Virtual Network." + } + }, + "virtualNetworkDiagnosticsMetrics": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "The metrics to monitor for the workload Virtual Network." + } + }, + "workloadName": { + "type": "string", + "defaultValue": "tier3", + "minLength": 1, + "maxLength": 10, + "metadata": { + "description": "The name for the workload." + } + }, + "workloadShortName": { + "type": "string", + "defaultValue": "t3", + "minLength": 1, + "maxLength": 3, + "metadata": { + "description": "The short name for the workload." + } + } + }, + "variables": { + "hubResourceGroupName": "[split(parameters('hubVirtualNetworkResourceId'), '/')[4]]", + "hubSubscriptionId": "[split(parameters('hubVirtualNetworkResourceId'), '/')[2]]", + "subscriptionId": "[subscription().subscriptionId]" + }, + "resources": [ + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))]", + "location": "[deployment().location]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "deploymentNameSuffix": { + "value": "[parameters('deploymentNameSuffix')]" + }, + "environmentAbbreviation": { + "value": "[parameters('environmentAbbreviation')]" + }, + "location": { + "value": "[parameters('location')]" + }, + "networks": { + "value": [ + { + "name": "[parameters('workloadName')]", + "shortName": "[parameters('workloadShortName')]", + "deployUniqueResources": false, + "subscriptionId": "[variables('subscriptionId')]", + "nsgDiagLogs": "[parameters('networkSecurityGroupDiagnosticsLogs')]", + "nsgDiagMetrics": "[parameters('networkSecurityGroupDiagnosticsMetrics')]", + "nsgRules": "[parameters('networkSecurityGroupRules')]", + "vnetAddressPrefix": "[parameters('virtualNetworkAddressPrefix')]", + "vnetDiagLogs": "[parameters('virtualNetworkDiagnosticsLogs')]", + "vnetDiagMetrics": "[parameters('virtualNetworkDiagnosticsMetrics')]", + "subnetAddressPrefix": "[parameters('subnetAddressPrefix')]" + } + ] + }, + "resourcePrefix": { + "value": "[parameters('identifier')]" + }, + "stampIndex": { + "value": "[parameters('stampIndex')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "16881625523433024595" + } + }, + "parameters": { + "deploymentNameSuffix": { + "type": "string" + }, + "environmentAbbreviation": { + "type": "string" + }, + "location": { + "type": "string" + }, + "networks": { + "type": "array" + }, + "resourcePrefix": { + "type": "string" + }, + "stampIndex": { + "type": "string", + "defaultValue": "" + } + }, + "variables": { + "copy": [ + { + "name": "privateDnsZoneNames_Backup", + "count": "[length(items(variables('locations')))]", + "input": "[format('privatelink.{0}.backup.windowsazure.{1}', items(variables('locations'))[copyIndex('privateDnsZoneNames_Backup')].value.recoveryServicesGeo, coalesce(variables('privateDnsZoneSuffixes_Backup')[environment().name], variables('cloudSuffix')))]" + } + ], + "$fxv#0": { + "AzureChina": { + "chinaeast": { + "abbreviation": "cne", + "recoveryServicesGeo": "sha", + "timeDifference": "+8:00", + "timeZone": "China Standard Time" + }, + "chinaeast2": { + "abbreviation": "cne2", + "recoveryServicesGeo": "sha2", + "timeDifference": "+8:00", + "timeZone": "China Standard Time" + }, + "chinanorth": { + "abbreviation": "cnn", + "recoveryServicesGeo": "bjb", + "timeDifference": "+8:00", + "timeZone": "China Standard Time" + }, + "chinanorth2": { + "abbreviation": "cnn2", + "recoveryServicesGeo": "bjb2", + "timeDifference": "+8:00", + "timeZone": "China Standard Time" + } + }, + "AzureCloud": { + "australiacentral": { + "abbreviation": "auc", + "recoveryServicesGeo": "acl", + "timeDifference": "+10:00", + "timeZone": "AUS Eastern Standard Time" + }, + "australiacentral2": { + "abbreviation": "auc2", + "recoveryServicesGeo": "acl2", + "timeDifference": "+10:00", + "timeZone": "AUS Eastern Standard Time" + }, + "australiaeast": { + "abbreviation": "aue", + "recoveryServicesGeo": "ae", + "timeDifference": "+10:00", + "timeZone": "AUS Eastern Standard Time" + }, + "australiasoutheast": { + "abbreviation": "ause", + "recoveryServicesGeo": "ase", + "timeDifference": "+10:00", + "timeZone": "AUS Eastern Standard Time" + }, + "brazilsouth": { + "abbreviation": "brs", + "recoveryServicesGeo": "brs", + "timeDifference": "-3:00", + "timeZone": "E. South America Standard Time" + }, + "brazilsoutheast": { + "abbreviation": "brse", + "recoveryServicesGeo": "bse", + "timeDifference": "-3:00", + "timeZone": "E. South America Standard Time" + }, + "canadacentral": { + "abbreviation": "cac", + "recoveryServicesGeo": "cnc", + "timeDifference": "-5:00", + "timeZone": "Eastern Standard Time" + }, + "canadaeast": { + "abbreviation": "cae", + "recoveryServicesGeo": "cne", + "timeDifference": "-5:00", + "timeZone": "Eastern Standard Time" + }, + "centralindia": { + "abbreviation": "inc", + "recoveryServicesGeo": "inc", + "timeDifference": "+5:30", + "timeZone": "India Standard Time" + }, + "centralus": { + "abbreviation": "usc", + "recoveryServicesGeo": "cus", + "timeDifference": "-6:00", + "timeZone": "Central Standard Time" + }, + "eastasia": { + "abbreviation": "ase", + "recoveryServicesGeo": "ea", + "timeDifference": "+8:00", + "timeZone": "China Standard Time" + }, + "eastus": { + "abbreviation": "use", + "recoveryServicesGeo": "eus", + "timeDifference": "-5:00", + "timeZone": "Eastern Standard Time" + }, + "eastus2": { + "abbreviation": "use2", + "recoveryServicesGeo": "eus2", + "timeDifference": "-5:00", + "timeZone": "Eastern Standard Time" + }, + "francecentral": { + "abbreviation": "frc", + "recoveryServicesGeo": "frc", + "timeDifference": "+1:00", + "timeZone": "Central Europe Standard Time" + }, + "francesouth": { + "abbreviation": "frs", + "recoveryServicesGeo": "frs", + "timeDifference": "+1:00", + "timeZone": "Central Europe Standard Time" + }, + "germanynorth": { + "abbreviation": "den", + "recoveryServicesGeo": "gn", + "timeDifference": "+1:00", + "timeZone": "Central Europe Standard Time" + }, + "germanywestcentral": { + "abbreviation": "dewc", + "recoveryServicesGeo": "gwc", + "timeDifference": "+1:00", + "timeZone": "Central Europe Standard Time" + }, + "israelcentral": { + "abbreviation": "ilc", + "recoveryServicesGeo": "ilc", + "timeDifference": "+2:00", + "timeZone": "Israel Standard Time" + }, + "italynorth": { + "abbreviation": "itn", + "recoveryServicesGeo": "itn", + "timeDifference": "+1:00", + "timeZone": "Central Europe Standard Time" + }, + "japaneast": { + "abbreviation": "jpe", + "recoveryServicesGeo": "jpe", + "timeDifference": "+9:00", + "timeZone": "Tokyo Standard Time" + }, + "japanwest": { + "abbreviation": "jpw", + "recoveryServicesGeo": "jpw", + "timeDifference": "+9:00", + "timeZone": "Tokyo Standard Time" + }, + "jioindiacentral": { + "abbreviation": "injc", + "recoveryServicesGeo": "jic", + "timeDifference": "+5:30", + "timeZone": "India Standard Time" + }, + "jioindiawest": { + "abbreviation": "injw", + "recoveryServicesGeo": "jiw", + "timeDifference": "+5:30", + "timeZone": "India Standard Time" + }, + "koreacentral": { + "abbreviation": "krc", + "recoveryServicesGeo": "krc", + "timeDifference": "+9:00", + "timeZone": "Korea Standard Time" + }, + "koreasouth": { + "abbreviation": "krs", + "recoveryServicesGeo": "krs", + "timeDifference": "+9:00", + "timeZone": "Korea Standard Time" + }, + "northcentralus": { + "abbreviation": "usnc", + "recoveryServicesGeo": "ncus", + "timeDifference": "-6:00", + "timeZone": "Central Standard Time" + }, + "northeurope": { + "abbreviation": "eun", + "recoveryServicesGeo": "ne", + "timeDifference": "0:00", + "timeZone": "GMT Standard Time" + }, + "norwayeast": { + "abbreviation": "noe", + "recoveryServicesGeo": "nwe", + "timeDifference": "+1:00", + "timeZone": "Central Europe Standard Time" + }, + "norwaywest": { + "abbreviation": "now", + "recoveryServicesGeo": "nww", + "timeDifference": "+1:00", + "timeZone": "Central Europe Standard Time" + }, + "polandcentral": { + "abbreviation": "plc", + "recoveryServicesGeo": "plc", + "timeDifference": "+1:00", + "timeZone": "Central Europe Standard Time" + }, + "qatarcentral": { + "abbreviation": "qac", + "recoveryServicesGeo": "qac", + "timeDifference": "+3:00", + "timeZone": "Arabian Standard Time" + }, + "southafricanorth": { + "abbreviation": "zan", + "recoveryServicesGeo": "san", + "timeDifference": "+2:00", + "timeZone": "South Africa Standard Time" + }, + "southafricawest": { + "abbreviation": "zaw", + "recoveryServicesGeo": "saw", + "timeDifference": "+2:00", + "timeZone": "South Africa Standard Time" + }, + "southcentralus": { + "abbreviation": "ussc", + "recoveryServicesGeo": "scus", + "timeDifference": "-6:00", + "timeZone": "Central Standard Time" + }, + "southeastasia": { + "abbreviation": "asse", + "recoveryServicesGeo": "sea", + "timeDifference": "+8:00", + "timeZone": "Singapore Standard Time" + }, + "southindia": { + "abbreviation": "ins", + "recoveryServicesGeo": "ins", + "timeDifference": "+5:30", + "timeZone": "India Standard Time" + }, + "swedencentral": { + "abbreviation": "sec", + "recoveryServicesGeo": "sdc", + "timeDifference": "+1:00", + "timeZone": "Central Europe Standard Time" + }, + "switzerlandnorth": { + "abbreviation": "chn", + "recoveryServicesGeo": "szn", + "timeDifference": "+1:00", + "timeZone": "Central Europe Standard Time" + }, + "switzerlandwest": { + "abbreviation": "chw", + "recoveryServicesGeo": "szw", + "timeDifference": "+1:00", + "timeZone": "Central Europe Standard Time" + }, + "uaecentral": { + "abbreviation": "aec", + "recoveryServicesGeo": "uac", + "timeDifference": "+3:00", + "timeZone": "Arabian Standard Time" + }, + "uaenorth": { + "abbreviation": "aen", + "recoveryServicesGeo": "uan", + "timeDifference": "+3:00", + "timeZone": "Arabian Standard Time" + }, + "uksouth": { + "abbreviation": "uks", + "recoveryServicesGeo": "uks", + "timeDifference": "0:00", + "timeZone": "GMT Standard Time" + }, + "ukwest": { + "abbreviation": "ukw", + "recoveryServicesGeo": "ukw", + "timeDifference": "0:00", + "timeZone": "GMT Standard Time" + }, + "westcentralus": { + "abbreviation": "uswc", + "recoveryServicesGeo": "wcus", + "timeDifference": "-7:00", + "timeZone": "Mountain Standard Time" + }, + "westeurope": { + "abbreviation": "euw", + "recoveryServicesGeo": "we", + "timeDifference": "+1:00", + "timeZone": "Central Europe Standard Time" + }, + "westindia": { + "abbreviation": "inw", + "recoveryServicesGeo": "inw", + "timeDifference": "+5:30", + "timeZone": "India Standard Time" + }, + "westus": { + "abbreviation": "usw", + "recoveryServicesGeo": "wus", + "timeDifference": "-8:00", + "timeZone": "Pacific Standard Time" + }, + "westus2": { + "abbreviation": "usw2", + "recoveryServicesGeo": "wus2", + "timeDifference": "-8:00", + "timeZone": "Pacific Standard Time" + }, + "westus3": { + "abbreviation": "usw3", + "recoveryServicesGeo": "wus3", + "timeDifference": "-7:00", + "timeZone": "Mountain Standard Time" + } + }, + "AzureUSGovernment": { + "usdodcentral": { + "abbreviation": "dodc", + "recoveryServicesGeo": "udc", + "timeDifference": "-6:00", + "timeZone": "Central Standard Time" + }, + "usdodeast": { + "abbreviation": "dode", + "recoveryServicesGeo": "ude", + "timeDifference": "-5:00", + "timeZone": "Eastern Standard Time" + }, + "usgovarizona": { + "abbreviation": "az", + "recoveryServicesGeo": "uga", + "timeDifference": "-7:00", + "timeZone": "Mountain Standard Time" + }, + "usgovtexas": { + "abbreviation": "tx", + "recoveryServicesGeo": "ugt", + "timeDifference": "-6:00", + "timeZone": "Central Standard Time" + }, + "usgovvirginia": { + "abbreviation": "va", + "recoveryServicesGeo": "ugv", + "timeDifference": "-5:00", + "timeZone": "Eastern Standard Time" + } + }, + "USNat": { + "usnateast": { + "abbreviation": "east", + "recoveryServicesGeo": "exe", + "timeDifference": "-5:00", + "timeZone": "Eastern Standard Time" + }, + "usnatwest": { + "abbreviation": "west", + "recoveryServicesGeo": "exw", + "timeDifference": "-8:00", + "timeZone": "Pacific Standard Time" + } + }, + "USSec": { + "usseceast": { + "abbreviation": "east", + "recoveryServicesGeo": "rxe", + "timeDifference": "-5:00", + "timeZone": "Eastern Standard Time" + }, + "ussecwest": { + "abbreviation": "west", + "recoveryServicesGeo": "rxw", + "timeDifference": "-8:00", + "timeZone": "Pacific Standard Time" + } + } + }, + "$fxv#1": "1.0.0", + "$fxv#2": { + "actionGroups": "ag", + "applicationGroups": "vdag", + "automationAccounts": "aa", + "availabilitySets": "avail", + "azureFirewalls": "afw", + "bastionHosts": "bas", + "computeGallieries": "cg", + "dataCollectionRuleAssociations": "dcra", + "dataCollectionRules": "dcr", + "diagnosticSettings": "diag", + "diskAccesses": "da", + "diskEncryptionSets": "des", + "disks": "disk", + "firewallPolicies": "afwp", + "hostPools": "vdpool", + "ipConfigurations": "ipconf", + "keyVaults": "kv", + "logAnalyticsWorkspaces": "log", + "netAppAccounts": "naa", + "netAppCapacityPools": "nacp", + "networkInterfaces": "nic", + "networkSecurityGroups": "nsg", + "networkWatchers": "nw", + "privateEndpoints": "pe", + "privateLinkScopes": "pls", + "publicIPAddresses": "pip", + "recoveryServicesVaults": "rsv", + "remoteApplicationGroups": "vdag", + "resourceGroups": "rg", + "routeTables": "rt", + "storageAccounts": "st", + "subnets": "snet", + "userAssignedIdentities": "id", + "virtualMachines": "vm", + "virtualNetworks": "vnet", + "workspaces": "vdws" + }, + "cloudSuffix": "[replace(replace(environment().resourceManager, 'https://management.', ''), '/', '')]", + "environmentName": { + "dev": "Development", + "prod": "Production", + "test": "Test" + }, + "locations": "[variables('$fxv#0')[environment().name]]", + "mlzTags": { + "environment": "[variables('environmentName')[parameters('environmentAbbreviation')]]", + "landingZoneName": "MissionLandingZone", + "landingZoneVersion": "[variables('$fxv#1')]", + "resourcePrefix": "[parameters('resourcePrefix')]" + }, + "resourceAbbreviations": "[variables('$fxv#2')]", + "tokens": { + "resource": "resource_token", + "service": "service_token" + }, + "privateDnsZoneNames": "[union(createArray(format('privatelink.agentsvc.azure-automation.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureAutomation')[environment().name], variables('cloudSuffix'))), format('privatelink.azure-automation.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureAutomation')[environment().name], variables('cloudSuffix'))), format('privatelink.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureWebSites')[environment().name], format('appservice.{0}', variables('cloudSuffix')))), format('scm.privatelink.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureWebSites')[environment().name], format('appservice.{0}', variables('cloudSuffix')))), format('privatelink.wvd.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureVirtualDesktop')[environment().name], variables('cloudSuffix'))), format('privatelink-global.wvd.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureVirtualDesktop')[environment().name], variables('cloudSuffix'))), format('privatelink.file.{0}', environment().suffixes.storage), format('privatelink.queue.{0}', environment().suffixes.storage), format('privatelink.table.{0}', environment().suffixes.storage), format('privatelink.blob.{0}', environment().suffixes.storage), format('privatelink{0}', replace(environment().suffixes.keyvaultDns, 'vault', 'vaultcore')), format('privatelink.monitor.{0}', coalesce(variables('privateDnsZoneSuffixes_Monitor')[environment().name], variables('cloudSuffix'))), format('privatelink.ods.opinsights.{0}', coalesce(variables('privateDnsZoneSuffixes_Monitor')[environment().name], variables('cloudSuffix'))), format('privatelink.oms.opinsights.{0}', coalesce(variables('privateDnsZoneSuffixes_Monitor')[environment().name], variables('cloudSuffix')))), variables('privateDnsZoneNames_Backup'))]", + "privateDnsZoneSuffixes_AzureAutomation": { + "AzureCloud": "net", + "AzureUSGovernment": "us", + "USNat": null, + "USSec": null + }, + "privateDnsZoneSuffixes_AzureVirtualDesktop": { + "AzureCloud": "microsoft.com", + "AzureUSGovernment": "azure.us", + "USNat": null, + "USSec": null + }, + "privateDnsZoneSuffixes_AzureWebSites": { + "AzureCloud": "azurewebsites.net", + "AzureUSGovernment": "azurewebsites.us", + "USNat": null, + "USSec": null + }, + "privateDnsZoneSuffixes_Backup": { + "AzureCloud": "com", + "AzureUSGovernment": "us", + "USNat": null, + "USSec": null + }, + "privateDnsZoneSuffixes_Monitor": { + "AzureCloud": "azure.com", + "AzureUSGovernment": "azure.us", + "USNat": null, + "USSec": null + } + }, + "resources": [ + { + "copy": { + "name": "namingConventions", + "count": "[length(parameters('networks'))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('naming-convention-{0}-{1}', parameters('networks')[copyIndex()].name, parameters('deploymentNameSuffix'))]", + "location": "[deployment().location]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "locationAbbreviation": { + "value": "[variables('locations')[parameters('location')].abbreviation]" + }, + "environmentAbbreviation": { + "value": "[parameters('environmentAbbreviation')]" + }, + "networkName": { + "value": "[parameters('networks')[copyIndex()].name]" + }, + "networkShortName": { + "value": "[parameters('networks')[copyIndex()].shortName]" + }, + "resourceAbbreviations": { + "value": "[variables('resourceAbbreviations')]" + }, + "resourcePrefix": { + "value": "[parameters('resourcePrefix')]" + }, + "stampIndex": { + "value": "[parameters('stampIndex')]" + }, + "subscriptionId": { + "value": "[parameters('networks')[copyIndex()].subscriptionId]" + }, + "tokens": { + "value": "[variables('tokens')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "2390405762046931912" + } + }, + "parameters": { + "environmentAbbreviation": { + "type": "string" + }, + "locationAbbreviation": { + "type": "string" + }, + "networkName": { + "type": "string" + }, + "networkShortName": { + "type": "string" + }, + "resourceAbbreviations": { + "type": "object" + }, + "resourcePrefix": { + "type": "string" + }, + "stampIndex": { + "type": "string", + "defaultValue": "" + }, + "subscriptionId": { + "type": "string" + }, + "tokens": { + "type": "object" + } + }, + "variables": { + "namingConvention": "[format('{0}-{1}{2}-{3}-{4}-{5}', toLower(parameters('resourcePrefix')), if(empty(parameters('stampIndex')), '', format('{0}-', parameters('stampIndex'))), parameters('tokens').resource, parameters('networkName'), parameters('environmentAbbreviation'), parameters('locationAbbreviation'))]", + "namingConvention_Service": "[format('{0}-{1}{2}-{3}-{4}-{5}-{6}', toLower(parameters('resourcePrefix')), if(empty(parameters('stampIndex')), '', format('{0}-', parameters('stampIndex'))), parameters('tokens').resource, parameters('tokens').service, parameters('networkName'), parameters('environmentAbbreviation'), parameters('locationAbbreviation'))]", + "names": { + "actionGroup": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').actionGroups)]", + "applicationGroup": "[replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').applicationGroups)]", + "automationAccount": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').automationAccounts)]", + "automationAccountDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, parameters('resourceAbbreviations').automationAccounts)]", + "automationAccountNetworkInterface": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, parameters('resourceAbbreviations').automationAccounts)]", + "automationAccountPrivateEndpoint": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').privateEndpoints), parameters('tokens').service, parameters('resourceAbbreviations').automationAccounts)]", + "availabilitySet": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').availabilitySets)]", + "azureFirewall": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').azureFirewalls)]", + "azureFirewallClientPublicIPAddress": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').publicIpAddresses), parameters('tokens').service, format('client-{0}', parameters('resourceAbbreviations').azureFirewalls))]", + "azureFirewallClientPublicIPAddressDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, format('{0}-client-{1}', parameters('resourceAbbreviations').publicIpAddresses, parameters('resourceAbbreviations').azureFirewalls))]", + "azureFirewallDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, parameters('resourceAbbreviations').azureFirewalls)]", + "azureFirewallManagementPublicIPAddress": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').publicIpAddresses), parameters('tokens').service, format('mgmt-{0}', parameters('resourceAbbreviations').azureFirewalls))]", + "azureFirewallManagementPublicIPAddressDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, format('{0}-mgmt-{1}', parameters('resourceAbbreviations').publicIpAddresses, parameters('resourceAbbreviations').azureFirewalls))]", + "azureFirewallPolicy": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').firewallPolicies)]", + "bastionHost": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').bastionHosts)]", + "bastionHostPublicIPAddress": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').publicIpAddresses), parameters('tokens').service, parameters('resourceAbbreviations').bastionHosts)]", + "bastionHostPublicIPAddressDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, format('{0}-{1}', parameters('resourceAbbreviations').publicIpAddresses, parameters('resourceAbbreviations').bastionHosts))]", + "computeGallery": "[replace(replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').computeGallieries), '-', '_')]", + "dataCollectionRuleAssociation": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').dataCollectionRuleAssociations)]", + "dataCollectionRule": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').dataCollectionRules)]", + "diskAccess": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').diskAccesses)]", + "diskEncryptionSet": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').diskEncryptionSets)]", + "hostPool": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').hostPools)]", + "hostPoolDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, parameters('resourceAbbreviations').hostPools)]", + "hostPoolNetworkInterface": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, parameters('resourceAbbreviations').hostPools)]", + "hostPoolPrivateEndpoint": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').privateEndpoints), parameters('tokens').service, parameters('resourceAbbreviations').hostPools)]", + "keyVault": "[format('{0}{1}', replace(replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').keyVaults), '-', ''), parameters('networkName'), parameters('networkShortName')), uniqueString(parameters('resourcePrefix'), parameters('environmentAbbreviation'), parameters('subscriptionId')))]", + "keyVaultDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, format('{0}{1}', parameters('tokens').service, parameters('resourceAbbreviations').keyVaults))]", + "keyVaultNetworkInterface": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, format('{0}{1}', parameters('tokens').service, parameters('resourceAbbreviations').keyVaults))]", + "keyVaultPrivateEndpoint": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').privateEndpoints), parameters('tokens').service, format('{0}{1}', parameters('tokens').service, parameters('resourceAbbreviations').keyVaults))]", + "logAnalyticsWorkspace": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').logAnalyticsWorkspaces)]", + "logAnalyticsWorkspaceDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, parameters('resourceAbbreviations').logAnalyticsWorkspaces)]", + "netAppAccountCapacityPool": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').netAppCapacityPools)]", + "netAppAccount": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').netAppAccounts)]", + "networkSecurityGroup": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').networkSecurityGroups)]", + "networkSecurityGroupDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, parameters('resourceAbbreviations').networkSecurityGroups)]", + "networkWatcher": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').networkWatchers)]", + "privateLinkScope": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').privateLinkScopes)]", + "privateLinkScopeNetworkInterface": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, parameters('resourceAbbreviations').privateLinkScopes)]", + "privateLinkScopePrivateEndpoint": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').privateEndpoints), parameters('tokens').service, parameters('resourceAbbreviations').privateLinkScopes)]", + "recoveryServicesVault": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').recoveryServicesVaults)]", + "recoveryServicesNetworkInterface": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, parameters('resourceAbbreviations').recoveryServicesVaults)]", + "recoveryServicesPrivateEndpoint": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').privateEndpoints), parameters('tokens').service, parameters('resourceAbbreviations').recoveryServicesVaults)]", + "resourceGroup": "[replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').resourceGroups)]", + "routeTable": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').routeTables)]", + "storageAccount": "[toLower(replace(replace(replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').storageAccounts), parameters('networkName'), parameters('networkShortName')), '-', ''))]", + "storageAccountNetworkInterface": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').storageAccounts))]", + "storageAccountPrivateEndpoint": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').privateEndpoints), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').storageAccounts))]", + "subnet": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').subnets)]", + "userAssignedIdentity": "[replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').userAssignedIdentities)]", + "virtualMachine": "[replace(replace(replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').virtualMachines), parameters('environmentAbbreviation'), first(parameters('environmentAbbreviation'))), parameters('networkName'), ''), '-', '')]", + "virtualMachineDisk": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').disks), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').virtualMachines))]", + "virtualMachineNetworkInterface": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').virtualMachines))]", + "virtualNetwork": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').virtualNetworks)]", + "virtualNetworkDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, parameters('resourceAbbreviations').virtualNetworks)]", + "workspaceFeed": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').workspaces), format('-{0}', parameters('stampIndex')), '')]", + "workspaceFeedDiagnosticSetting": "[replace(replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').workspaces)), format('-{0}', parameters('stampIndex')), '')]", + "workspaceFeedNetworkInterface": "[replace(replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').workspaces)), format('-{0}', parameters('stampIndex')), '')]", + "workspaceFeedPrivateEndpoint": "[replace(replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').privateEndpoints), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').workspaces)), format('-{0}', parameters('stampIndex')), '')]", + "workspaceGlobal": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').workspaces), format('-{0}', parameters('stampIndex')), '')]", + "workspaceGlobalDiagnosticSetting": "[replace(replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').workspaces)), format('-{0}', parameters('stampIndex')), '')]", + "workspaceGlobalNetworkInterface": "[replace(replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').workspaces)), format('-{0}', parameters('stampIndex')), '')]", + "workspaceGlobalPrivateEndpoint": "[replace(replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').privateEndpoints), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').workspaces)), format('-{0}', parameters('stampIndex')), '')]" + } + }, + "resources": [], + "outputs": { + "names": { + "type": "object", + "value": "[variables('names')]" + } + } + } + } + } + ], + "outputs": { + "locationProperties": { + "type": "object", + "value": "[variables('locations')[parameters('location')]]" + }, + "mlzTags": { + "type": "object", + "value": "[variables('mlzTags')]" + }, + "privateDnsZones": { + "type": "array", + "value": "[variables('privateDnsZoneNames')]" + }, + "tiers": { + "type": "array", + "copy": { + "count": "[length(parameters('networks'))]", + "input": { + "name": "[parameters('networks')[copyIndex()].name]", + "shortName": "[parameters('networks')[copyIndex()].shortName]", + "deployUniqueResources": "[parameters('networks')[copyIndex()].deployUniqueResources]", + "subscriptionId": "[parameters('networks')[copyIndex()].subscriptionId]", + "nsgDiagLogs": "[parameters('networks')[copyIndex()].nsgDiagLogs]", + "nsgDiagMetrics": "[parameters('networks')[copyIndex()].nsgDiagMetrics]", + "nsgRules": "[parameters('networks')[copyIndex()].nsgRules]", + "vnetAddressPrefix": "[parameters('networks')[copyIndex()].vnetAddressPrefix]", + "vnetDiagLogs": "[parameters('networks')[copyIndex()].vnetDiagLogs]", + "vnetDiagMetrics": "[parameters('networks')[copyIndex()].vnetDiagMetrics]", + "subnetAddressPrefix": "[parameters('networks')[copyIndex()].subnetAddressPrefix]", + "namingConvention": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('naming-convention-{0}-{1}', parameters('networks')[copyIndex()].name, parameters('deploymentNameSuffix'))), '2022-09-01').outputs.names.value]" + } + } + }, + "tokens": { + "type": "object", + "value": "[variables('tokens')]" + } + } + } + } + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-rg-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))]", + "location": "[deployment().location]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "location": { + "value": "[parameters('location')]" + }, + "mlzTags": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.mlzTags.value]" + }, + "name": { + "value": "[replace(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value[0].namingConvention.resourceGroup, reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value.service, 'network')]" + }, + "tags": { + "value": "[parameters('tags')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "11578255285976861685" + } + }, + "parameters": { + "mlzTags": { + "type": "object" + }, + "name": { + "type": "string" + }, + "location": { + "type": "string" + }, + "tags": { + "type": "object", + "defaultValue": {} + } + }, + "resources": [ + { + "type": "Microsoft.Resources/resourceGroups", + "apiVersion": "2019-05-01", + "name": "[parameters('name')]", + "location": "[parameters('location')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Resources/resourceGroups'), parameters('tags')['Microsoft.Resources/resourceGroups'], createObject()), parameters('mlzTags'))]" + } + ], + "outputs": { + "id": { + "type": "string", + "value": "[subscriptionResourceId('Microsoft.Resources/resourceGroups', parameters('name'))]" + }, + "name": { + "type": "string", + "value": "[parameters('name')]" + }, + "location": { + "type": "string", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/resourceGroups', parameters('name')), '2019-05-01', 'full').location]" + }, + "tags": { + "type": "object", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/resourceGroups', parameters('name')), '2019-05-01', 'full').tags]" + } + } + } + }, + "dependsOn": [ + "[subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]" + ] + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-networking-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))]", + "location": "[deployment().location]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "additionalSubnets": { + "value": "[parameters('additionalSubnets')]" + }, + "deploymentNameSuffix": { + "value": "[parameters('deploymentNameSuffix')]" + }, + "deployNetworkWatcher": { + "value": "[parameters('deployNetworkWatcher')]" + }, + "firewallSkuTier": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('firewallResourceId'), '/')[2], split(parameters('firewallResourceId'), '/')[4]), 'Microsoft.Network/azureFirewalls', split(parameters('firewallResourceId'), '/')[8]), '2020-11-01').sku.tier]" + }, + "hubVirtualNetworkResourceId": { + "value": "[parameters('hubVirtualNetworkResourceId')]" + }, + "location": { + "value": "[parameters('location')]" + }, + "mlzTags": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.mlzTags.value]" + }, + "networkSecurityGroupName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value[0].namingConvention.networkSecurityGroup]" + }, + "networkSecurityGroupRules": { + "value": "[parameters('networkSecurityGroupRules')]" + }, + "networkWatcherName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value[0].namingConvention.networkWatcher]" + }, + "resourceGroupName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" + }, + "routeTableName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value[0].namingConvention.routeTable]" + }, + "routeTableRouteNextHopIpAddress": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('firewallResourceId'), '/')[2], split(parameters('firewallResourceId'), '/')[4]), 'Microsoft.Network/azureFirewalls', split(parameters('firewallResourceId'), '/')[8]), '2020-11-01').ipConfigurations[0].properties.privateIPAddress]" + }, + "subnetAddressPrefix": { + "value": "[parameters('subnetAddressPrefix')]" + }, + "subnetName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value[0].namingConvention.subnet]" + }, + "subscriptionId": { + "value": "[variables('subscriptionId')]" + }, + "tags": { + "value": "[parameters('tags')]" + }, + "virtualNetworkAddressPrefix": { + "value": "[parameters('virtualNetworkAddressPrefix')]" + }, + "virtualNetworkName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value[0].namingConvention.virtualNetwork]" + }, + "vNetDnsServers": { + "value": [ + "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('firewallResourceId'), '/')[2], split(parameters('firewallResourceId'), '/')[4]), 'Microsoft.Network/azureFirewalls', split(parameters('firewallResourceId'), '/')[8]), '2020-11-01').ipConfigurations[0].properties.privateIPAddress]" + ] + }, + "workloadName": { + "value": "[toLower(parameters('workloadName'))]" + }, + "workloadShortName": { + "value": "[parameters('workloadShortName')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "3012486009507231873" + } + }, + "parameters": { + "additionalSubnets": { + "type": "array" + }, + "deploymentNameSuffix": { + "type": "string" + }, + "deployNetworkWatcher": { + "type": "bool" + }, + "firewallSkuTier": { + "type": "string" + }, + "hubVirtualNetworkResourceId": { + "type": "string" + }, + "location": { + "type": "string" + }, + "mlzTags": { + "type": "object" + }, + "networkSecurityGroupName": { + "type": "string" + }, + "networkSecurityGroupRules": { + "type": "array" + }, + "networkWatcherName": { + "type": "string" + }, + "resourceGroupName": { + "type": "string" + }, + "routeTableName": { + "type": "string" + }, + "routeTableRouteNextHopIpAddress": { + "type": "string" + }, + "subnetAddressPrefix": { + "type": "string" + }, + "subnetName": { + "type": "string" + }, + "subscriptionId": { + "type": "string" + }, + "tags": { + "type": "object" + }, + "vNetDnsServers": { + "type": "array" + }, + "virtualNetworkAddressPrefix": { + "type": "string" + }, + "virtualNetworkName": { + "type": "string" + }, + "workloadName": { + "type": "string" + }, + "workloadShortName": { + "type": "string" + } + }, + "resources": [ + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "spokeNetwork", + "location": "[deployment().location]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "additionalSubnets": { + "value": "[parameters('additionalSubnets')]" + }, + "deployNetworkWatcher": { + "value": "[parameters('deployNetworkWatcher')]" + }, + "firewallSkuTier": { + "value": "[parameters('firewallSkuTier')]" + }, + "location": { + "value": "[parameters('location')]" + }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, + "networkSecurityGroupName": { + "value": "[parameters('networkSecurityGroupName')]" + }, + "networkSecurityGroupRules": { + "value": "[parameters('networkSecurityGroupRules')]" + }, + "networkWatcherName": { + "value": "[parameters('networkWatcherName')]" + }, + "resourceGroupName": { + "value": "[parameters('resourceGroupName')]" + }, + "routeTableName": { + "value": "[parameters('routeTableName')]" + }, + "routeTableRouteNextHopIpAddress": { + "value": "[parameters('routeTableRouteNextHopIpAddress')]" + }, + "subnetAddressPrefix": { + "value": "[parameters('subnetAddressPrefix')]" + }, + "subnetName": { + "value": "[parameters('subnetName')]" + }, + "subscriptionId": { + "value": "[parameters('subscriptionId')]" + }, + "tags": { + "value": "[parameters('tags')]" + }, + "virtualNetworkAddressPrefix": { + "value": "[parameters('virtualNetworkAddressPrefix')]" + }, + "virtualNetworkName": { + "value": "[parameters('virtualNetworkName')]" + }, + "vNetDnsServers": { + "value": "[parameters('vNetDnsServers')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "4742978871908330688" + } + }, + "parameters": { + "additionalSubnets": { + "type": "array", + "defaultValue": [] + }, + "deployNetworkWatcher": { + "type": "bool" + }, + "firewallSkuTier": { + "type": "string" + }, + "location": { + "type": "string" + }, + "mlzTags": { + "type": "object" + }, + "networkSecurityGroupName": { + "type": "string" + }, + "networkSecurityGroupRules": { + "type": "array" + }, + "networkWatcherName": { + "type": "string" + }, + "resourceGroupName": { + "type": "string" + }, + "routeTableName": { + "type": "string" + }, + "routeTableRouteNextHopIpAddress": { + "type": "string" + }, + "subnetAddressPrefix": { + "type": "string" + }, + "subnetName": { + "type": "string" + }, + "subscriptionId": { + "type": "string" + }, + "tags": { + "type": "object" + }, + "virtualNetworkAddressPrefix": { + "type": "string" + }, + "virtualNetworkName": { + "type": "string" + }, + "vNetDnsServers": { + "type": "array" + } + }, + "variables": { + "delegations": { + "AzureNetAppFiles": [ + { + "name": "Microsoft.Netapp.volumes", + "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets/delegations', parameters('virtualNetworkName'), 'AzureNetAppFiles', 'Microsoft.Netapp.volumes')]", + "properties": { + "serviceName": "Microsoft.Netapp/volumes" + }, + "type": "Microsoft.Network/virtualNetworks/subnets/delegations" + } + ] + }, + "subnets": "[union(createArray(createObject('name', parameters('subnetName'), 'properties', createObject('addressPrefix', parameters('subnetAddressPrefix')))), parameters('additionalSubnets'))]" + }, + "resources": [ + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "networkSecurityGroup", + "subscriptionId": "[parameters('subscriptionId')]", + "resourceGroup": "[parameters('resourceGroupName')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "location": { + "value": "[parameters('location')]" + }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, + "name": { + "value": "[parameters('networkSecurityGroupName')]" + }, + "securityRules": { + "value": "[parameters('networkSecurityGroupRules')]" + }, + "tags": { + "value": "[parameters('tags')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "12935581119437417634" + } + }, + "parameters": { + "location": { + "type": "string" + }, + "mlzTags": { + "type": "object" + }, + "name": { + "type": "string" + }, + "securityRules": { + "type": "array" + }, + "tags": { + "type": "object" + } + }, + "resources": [ + { + "type": "Microsoft.Network/networkSecurityGroups", + "apiVersion": "2021-02-01", + "name": "[parameters('name')]", + "location": "[parameters('location')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Network/networkSecurityGroups'), parameters('tags')['Microsoft.Network/networkSecurityGroups'], createObject()), parameters('mlzTags'))]", + "properties": { + "securityRules": "[parameters('securityRules')]" + } + } + ], + "outputs": { + "id": { + "type": "string", + "value": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('name'))]" + }, + "name": { + "type": "string", + "value": "[parameters('name')]" + } + } + } + } + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "routeTable", + "subscriptionId": "[parameters('subscriptionId')]", + "resourceGroup": "[parameters('resourceGroupName')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "disableBgpRoutePropagation": { + "value": true + }, + "location": { + "value": "[parameters('location')]" + }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, + "name": { + "value": "[parameters('routeTableName')]" + }, + "routeNextHopIpAddress": { + "value": "[parameters('routeTableRouteNextHopIpAddress')]" + }, + "tags": { + "value": "[parameters('tags')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "18262399193161292353" + } + }, + "parameters": { + "disableBgpRoutePropagation": { + "type": "bool" + }, + "location": { + "type": "string" + }, + "mlzTags": { + "type": "object" + }, + "name": { + "type": "string" + }, + "routeAddressPrefix": { + "type": "string", + "defaultValue": "0.0.0.0/0" + }, + "routeName": { + "type": "string", + "defaultValue": "default_route" + }, + "routeNextHopIpAddress": { + "type": "string" + }, + "routeNextHopType": { + "type": "string", + "defaultValue": "VirtualAppliance" + }, + "tags": { + "type": "object" + } + }, + "resources": [ + { + "type": "Microsoft.Network/routeTables", + "apiVersion": "2021-02-01", + "name": "[parameters('name')]", + "location": "[parameters('location')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Network/routeTables'), parameters('tags')['Microsoft.Network/routeTables'], createObject()), parameters('mlzTags'))]", + "properties": { + "disableBgpRoutePropagation": "[parameters('disableBgpRoutePropagation')]", + "routes": [ + { + "name": "[parameters('routeName')]", + "properties": { + "addressPrefix": "[parameters('routeAddressPrefix')]", + "nextHopIpAddress": "[parameters('routeNextHopIpAddress')]", + "nextHopType": "[parameters('routeNextHopType')]" + } + } + ] + } + } + ], + "outputs": { + "id": { + "type": "string", + "value": "[resourceId('Microsoft.Network/routeTables', parameters('name'))]" + }, + "name": { + "type": "string", + "value": "[parameters('name')]" + } + } + } + } + }, + { + "condition": "[parameters('deployNetworkWatcher')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "networkWatcher", + "subscriptionId": "[parameters('subscriptionId')]", + "resourceGroup": "[parameters('resourceGroupName')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "location": { + "value": "[parameters('location')]" + }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, + "name": { + "value": "[parameters('networkWatcherName')]" + }, + "tags": { + "value": "[parameters('tags')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "13830033528097307473" + } + }, + "parameters": { + "location": { + "type": "string" + }, + "mlzTags": { + "type": "object" + }, + "name": { + "type": "string" + }, + "tags": { + "type": "object" + } + }, + "resources": [ + { + "type": "Microsoft.Network/networkWatchers", + "apiVersion": "2021-02-01", + "name": "[parameters('name')]", + "location": "[parameters('location')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Network/networkWatchers'), parameters('tags')['Microsoft.Network/networkWatchers'], createObject()), parameters('mlzTags'))]", + "properties": {} + } + ] + } + } + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "virtualNetwork", + "subscriptionId": "[parameters('subscriptionId')]", + "resourceGroup": "[parameters('resourceGroupName')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "addressPrefix": { + "value": "[parameters('virtualNetworkAddressPrefix')]" + }, + "location": { + "value": "[parameters('location')]" + }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, + "name": { + "value": "[parameters('virtualNetworkName')]" + }, + "subnets": { + "copy": [ + { + "name": "value", + "count": "[length(variables('subnets'))]", + "input": "[createObject('name', variables('subnets')[copyIndex('value')].name, 'properties', createObject('addressPrefix', variables('subnets')[copyIndex('value')].properties.addressPrefix, 'delegations', coalesce(tryGet(variables('delegations'), variables('subnets')[copyIndex('value')].name), createArray()), 'networkSecurityGroup', createObject('id', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'networkSecurityGroup'), '2022-09-01').outputs.id.value), 'routeTable', createObject('id', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'routeTable'), '2022-09-01').outputs.id.value), 'privateEndpointNetworkPolicies', 'Disabled', 'privateLinkServiceNetworkPolicies', 'Disabled'))]" + } + ] + }, + "tags": { + "value": "[parameters('tags')]" + }, + "vNetDnsServers": { + "value": "[parameters('vNetDnsServers')]" + }, + "firewallSkuTier": { + "value": "[parameters('firewallSkuTier')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "4325479931624604061" + } + }, + "parameters": { + "addressPrefix": { + "type": "string" + }, + "location": { + "type": "string" + }, + "mlzTags": { + "type": "object" + }, + "name": { + "type": "string" + }, + "subnets": { + "type": "array" + }, + "tags": { + "type": "object" + }, + "vNetDnsServers": { + "type": "array" + }, + "firewallSkuTier": { + "type": "string" + } + }, + "resources": [ + { + "type": "Microsoft.Network/virtualNetworks", + "apiVersion": "2021-02-01", + "name": "[parameters('name')]", + "location": "[parameters('location')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Network/virtualNetworks'), parameters('tags')['Microsoft.Network/virtualNetworks'], createObject()), parameters('mlzTags'))]", + "properties": { + "addressSpace": { + "addressPrefixes": [ + "[parameters('addressPrefix')]" + ] + }, + "subnets": "[parameters('subnets')]", + "dhcpOptions": "[if(and(not(equals(parameters('vNetDnsServers'), null())), or(equals(parameters('firewallSkuTier'), 'Premium'), equals(parameters('firewallSkuTier'), 'Standard'))), createObject('dnsServers', parameters('vNetDnsServers')), null())]" + } + } + ], + "outputs": { + "name": { + "type": "string", + "value": "[parameters('name')]" + }, + "id": { + "type": "string", + "value": "[resourceId('Microsoft.Network/virtualNetworks', parameters('name'))]" + }, + "subnets": { + "type": "array", + "value": "[reference(resourceId('Microsoft.Network/virtualNetworks', parameters('name')), '2021-02-01').subnets]" + }, + "addressPrefix": { + "type": "string", + "value": "[reference(resourceId('Microsoft.Network/virtualNetworks', parameters('name')), '2021-02-01').addressSpace.addressPrefixes[0]]" + } + } + } + }, + "dependsOn": [ + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'networkSecurityGroup')]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'networkWatcher')]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'routeTable')]" + ] + } + ], + "outputs": { + "virtualNetworkName": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.name.value]" + }, + "virtualNetworkResourceId": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.id.value]" + }, + "virtualNetworkAddressPrefix": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.addressPrefix.value]" + }, + "subnetName": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.subnets.value[0].name]" + }, + "subnetAddressPrefix": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.subnets.value[0].properties.addressPrefix]" + }, + "subnetResourceId": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.subnets.value[0].id]" + }, + "networkSecurityGroupName": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'networkSecurityGroup'), '2022-09-01').outputs.name.value]" + }, + "networkSecurityGroupResourceId": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'networkSecurityGroup'), '2022-09-01').outputs.id.value]" + } + } + } + } + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-vnet-peering-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))]", + "location": "[deployment().location]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "hubVirtualNetworkResourceId": { + "value": "[parameters('hubVirtualNetworkResourceId')]" + }, + "resourceGroupName": { + "value": "[parameters('resourceGroupName')]" + }, + "spokeName": { + "value": "[parameters('workloadName')]" + }, + "spokeVirtualNetworkName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', 'spokeNetwork'), '2022-09-01').outputs.virtualNetworkName.value]" + }, + "subscriptionId": { + "value": "[parameters('subscriptionId')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "1081420821337659529" + } + }, + "parameters": { + "hubVirtualNetworkResourceId": { + "type": "string" + }, + "resourceGroupName": { + "type": "string" + }, + "spokeName": { + "type": "string" + }, + "spokeVirtualNetworkName": { + "type": "string" + }, + "subscriptionId": { + "type": "string" + } + }, + "resources": [ + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-to-hub-vnet-peering', parameters('spokeName'))]", + "subscriptionId": "[parameters('subscriptionId')]", + "resourceGroup": "[parameters('resourceGroupName')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "remoteVirtualNetworkResourceId": { + "value": "[parameters('hubVirtualNetworkResourceId')]" + }, + "virtualNetworkName": { + "value": "[parameters('spokeVirtualNetworkName')]" + }, + "virtualNetworkPeerName": { + "value": "[format('to-{0}', split(parameters('hubVirtualNetworkResourceId'), '/')[8])]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "4225396596043462595" + } + }, + "parameters": { + "remoteVirtualNetworkResourceId": { + "type": "string" + }, + "virtualNetworkName": { + "type": "string" + }, + "virtualNetworkPeerName": { + "type": "string" + } + }, + "resources": [ + { + "type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings", + "apiVersion": "2021-02-01", + "name": "[format('{0}/{1}', parameters('virtualNetworkName'), parameters('virtualNetworkPeerName'))]", + "properties": { + "allowForwardedTraffic": true, + "remoteVirtualNetwork": { + "id": "[parameters('remoteVirtualNetworkResourceId')]" + } + } + } + ] + } + } + } + ] + } + }, + "dependsOn": [ + "[subscriptionResourceId('Microsoft.Resources/deployments', 'spokeNetwork')]" + ] + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-vnet-peering-hub-{0}', parameters('deploymentNameSuffix'))]", + "location": "[deployment().location]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "hubVirtualNetworkName": { + "value": "[split(parameters('hubVirtualNetworkResourceId'), '/')[8]]" + }, + "resourceGroupName": { + "value": "[split(parameters('hubVirtualNetworkResourceId'), '/')[4]]" + }, + "spokeName": { + "value": "[parameters('workloadName')]" + }, + "spokeVirtualNetworkResourceId": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', 'spokeNetwork'), '2022-09-01').outputs.virtualNetworkResourceId.value]" + }, + "subscriptionId": { + "value": "[split(parameters('hubVirtualNetworkResourceId'), '/')[2]]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "16991872399359859910" + } + }, + "parameters": { + "hubVirtualNetworkName": { + "type": "string" + }, + "resourceGroupName": { + "type": "string" + }, + "spokeName": { + "type": "string" + }, + "spokeVirtualNetworkResourceId": { + "type": "string" + }, + "subscriptionId": { + "type": "string" + } + }, + "resources": [ + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('hub-to-{0}-vnet-peering', parameters('spokeName'))]", + "subscriptionId": "[parameters('subscriptionId')]", + "resourceGroup": "[parameters('resourceGroupName')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "remoteVirtualNetworkResourceId": { + "value": "[parameters('spokeVirtualNetworkResourceId')]" + }, + "virtualNetworkName": { + "value": "[parameters('hubVirtualNetworkName')]" + }, + "virtualNetworkPeerName": { + "value": "[format('to-{0}', split(parameters('spokeVirtualNetworkResourceId'), '/')[8])]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "4225396596043462595" + } + }, + "parameters": { + "remoteVirtualNetworkResourceId": { + "type": "string" + }, + "virtualNetworkName": { + "type": "string" + }, + "virtualNetworkPeerName": { + "type": "string" + } + }, + "resources": [ + { + "type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings", + "apiVersion": "2021-02-01", + "name": "[format('{0}/{1}', parameters('virtualNetworkName'), parameters('virtualNetworkPeerName'))]", + "properties": { + "allowForwardedTraffic": true, + "remoteVirtualNetwork": { + "id": "[parameters('remoteVirtualNetworkResourceId')]" + } + } + } + ] + } + } + } + ] + } + }, + "dependsOn": [ + "[subscriptionResourceId('Microsoft.Resources/deployments', 'spokeNetwork')]" + ] + } + ], + "outputs": { + "networkSecurityGroupName": { + "type": "string", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', 'spokeNetwork'), '2022-09-01').outputs.networkSecurityGroupName.value]" + }, + "subnetResourceId": { + "type": "string", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', 'spokeNetwork'), '2022-09-01').outputs.subnetResourceId.value]" + }, + "virtualNetworkName": { + "type": "string", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', 'spokeNetwork'), '2022-09-01').outputs.virtualNetworkName.value]" + } + } + } + }, + "dependsOn": [ + "[subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]" + ] + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-cmk-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))]", + "location": "[deployment().location]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "deploymentNameSuffix": { + "value": "[parameters('deploymentNameSuffix')]" + }, + "keyVaultPrivateDnsZoneResourceId": { + "value": "[resourceId(variables('hubSubscriptionId'), variables('hubResourceGroupName'), 'Microsoft.Network/privateDnsZones', replace(format('privatelink{0}', environment().suffixes.keyvaultDns), 'vault', 'vaultcore'))]" + }, + "location": { + "value": "[parameters('location')]" + }, + "mlzTags": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.mlzTags.value]" + }, + "resourceGroupName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" + }, + "subnetResourceId": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.subnetResourceId.value]" + }, + "tags": { + "value": "[parameters('tags')]" + }, + "tier": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value[0]]" + }, + "tokens": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "7828233421610885078" + } + }, + "parameters": { + "deploymentNameSuffix": { + "type": "string" + }, + "keyVaultPrivateDnsZoneResourceId": { + "type": "string" + }, + "location": { + "type": "string" + }, + "mlzTags": { + "type": "object" + }, + "resourceGroupName": { + "type": "string" + }, + "subnetResourceId": { + "type": "string" + }, + "tags": { + "type": "object" + }, + "tier": { + "type": "object" + }, + "tokens": { + "type": "object" + } + }, + "resources": [ + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))]", + "subscriptionId": "[parameters('tier').subscriptionId]", + "resourceGroup": "[parameters('resourceGroupName')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "keyVaultName": { + "value": "[take(replace(parameters('tier').namingConvention.keyVault, parameters('tokens').service, ''), 24)]" + }, + "keyVaultNetworkInterfaceName": { + "value": "[replace(parameters('tier').namingConvention.keyVaultNetworkInterface, parameters('tokens').service, '')]" + }, + "keyVaultPrivateDnsZoneResourceId": { + "value": "[parameters('keyVaultPrivateDnsZoneResourceId')]" + }, + "keyVaultPrivateEndpointName": { + "value": "[replace(parameters('tier').namingConvention.keyVaultPrivateEndpoint, parameters('tokens').service, '')]" + }, + "location": { + "value": "[parameters('location')]" + }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, + "subnetResourceId": { + "value": "[parameters('subnetResourceId')]" + }, + "tags": { + "value": "[parameters('tags')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "12300580845424356573" + } + }, + "parameters": { + "diskEncryptionKeyExpirationInDays": { + "type": "int", + "defaultValue": 30 + }, + "keyVaultName": { + "type": "string" + }, + "keyVaultNetworkInterfaceName": { + "type": "string" + }, + "keyVaultPrivateDnsZoneResourceId": { + "type": "string" + }, + "keyVaultPrivateEndpointName": { + "type": "string" + }, + "location": { + "type": "string" + }, + "mlzTags": { + "type": "object" + }, + "subnetResourceId": { + "type": "string" + }, + "tags": { + "type": "object" + } + }, + "resources": [ + { + "type": "Microsoft.KeyVault/vaults", + "apiVersion": "2022-07-01", + "name": "[parameters('keyVaultName')]", + "location": "[parameters('location')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.KeyVault/vaults'), parameters('tags')['Microsoft.KeyVault/vaults'], createObject()), parameters('mlzTags'))]", + "properties": { + "enabledForDeployment": false, + "enabledForDiskEncryption": true, + "enabledForTemplateDeployment": false, + "enablePurgeProtection": true, + "enableRbacAuthorization": true, + "enableSoftDelete": true, + "networkAcls": { + "bypass": "AzureServices", + "defaultAction": "Deny", + "ipRules": [], + "virtualNetworkRules": [] + }, + "publicNetworkAccess": "Disabled", + "sku": { + "family": "A", + "name": "standard" + }, + "softDeleteRetentionInDays": 7, + "tenantId": "[subscription().tenantId]" + } + }, + { + "type": "Microsoft.Network/privateEndpoints", + "apiVersion": "2023-04-01", + "name": "[parameters('keyVaultPrivateEndpointName')]", + "location": "[parameters('location')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Network/privateEndpoints'), parameters('tags')['Microsoft.Network/privateEndpoints'], createObject()), parameters('mlzTags'))]", + "properties": { + "customNetworkInterfaceName": "[parameters('keyVaultNetworkInterfaceName')]", + "privateLinkServiceConnections": [ + { + "name": "[parameters('keyVaultPrivateEndpointName')]", + "properties": { + "privateLinkServiceId": "[resourceId('Microsoft.KeyVault/vaults', parameters('keyVaultName'))]", + "groupIds": [ + "vault" + ] + } + } + ], + "subnet": { + "id": "[parameters('subnetResourceId')]" + } + }, + "dependsOn": [ + "[resourceId('Microsoft.KeyVault/vaults', parameters('keyVaultName'))]" + ] + }, + { + "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups", + "apiVersion": "2021-08-01", + "name": "[format('{0}/{1}', parameters('keyVaultPrivateEndpointName'), parameters('keyVaultName'))]", + "properties": { + "privateDnsZoneConfigs": [ + { + "name": "ipconfig1", + "properties": { + "privateDnsZoneId": "[parameters('keyVaultPrivateDnsZoneResourceId')]" + } + } + ] + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/privateEndpoints', parameters('keyVaultPrivateEndpointName'))]" + ] + }, + { + "type": "Microsoft.KeyVault/vaults/keys", + "apiVersion": "2022-07-01", + "name": "[format('{0}/{1}', parameters('keyVaultName'), 'DiskEncryptionKey')]", + "properties": { + "attributes": { + "enabled": true + }, + "keySize": 4096, + "kty": "RSA", + "rotationPolicy": { + "attributes": { + "expiryTime": "[format('P{0}D', string(parameters('diskEncryptionKeyExpirationInDays')))]" + }, + "lifetimeActions": [ + { + "action": { + "type": "Notify" + }, + "trigger": { + "timeBeforeExpiry": "P10D" + } + }, + { + "action": { + "type": "Rotate" + }, + "trigger": { + "timeAfterCreate": "[format('P{0}D', string(sub(parameters('diskEncryptionKeyExpirationInDays'), 7)))]" + } + } + ] + } + }, + "dependsOn": [ + "[resourceId('Microsoft.KeyVault/vaults', parameters('keyVaultName'))]" + ] + }, + { + "type": "Microsoft.KeyVault/vaults/keys", + "apiVersion": "2022-07-01", + "name": "[format('{0}/{1}', parameters('keyVaultName'), 'StorageEncryptionKey')]", + "properties": { + "attributes": { + "enabled": true + }, + "keySize": 4096, + "kty": "RSA", + "rotationPolicy": { + "attributes": { + "expiryTime": "[format('P{0}D', string(parameters('diskEncryptionKeyExpirationInDays')))]" + }, + "lifetimeActions": [ + { + "action": { + "type": "Notify" + }, + "trigger": { + "timeBeforeExpiry": "P10D" + } + }, + { + "action": { + "type": "Rotate" + }, + "trigger": { + "timeAfterCreate": "[format('P{0}D', string(sub(parameters('diskEncryptionKeyExpirationInDays'), 7)))]" + } + } + ] + } + }, + "dependsOn": [ + "[resourceId('Microsoft.KeyVault/vaults', parameters('keyVaultName'))]" + ] + } + ], + "outputs": { + "keyUriWithVersion": { + "type": "string", + "value": "[reference(resourceId('Microsoft.KeyVault/vaults/keys', parameters('keyVaultName'), 'DiskEncryptionKey'), '2022-07-01').keyUriWithVersion]" + }, + "keyVaultResourceId": { + "type": "string", + "value": "[resourceId('Microsoft.KeyVault/vaults', parameters('keyVaultName'))]" + }, + "keyVaultName": { + "type": "string", + "value": "[parameters('keyVaultName')]" + }, + "keyVaultUri": { + "type": "string", + "value": "[reference(resourceId('Microsoft.KeyVault/vaults', parameters('keyVaultName')), '2022-07-01').vaultUri]" + }, + "storageKeyName": { + "type": "string", + "value": "StorageEncryptionKey" + } + } + } + } + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-disk-encryption-set-{0}', parameters('deploymentNameSuffix'))]", + "subscriptionId": "[parameters('tier').subscriptionId]", + "resourceGroup": "[parameters('resourceGroupName')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "deploymentNameSuffix": { + "value": "[parameters('deploymentNameSuffix')]" + }, + "diskEncryptionSetName": { + "value": "[parameters('tier').namingConvention.diskEncryptionSet]" + }, + "keyUrl": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyUriWithVersion.value]" + }, + "keyVaultResourceId": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultResourceId.value]" + }, + "location": { + "value": "[parameters('location')]" + }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, + "tags": "[if(contains(parameters('tags'), 'Microsoft.Compute/diskEncryptionSets'), createObject('value', parameters('tags')['Microsoft.Compute/diskEncryptionSets']), createObject('value', createObject()))]" + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "15986878026863280024" + } + }, + "parameters": { + "deploymentNameSuffix": { + "type": "string" + }, + "diskEncryptionSetName": { + "type": "string" + }, + "keyUrl": { + "type": "string" + }, + "keyVaultResourceId": { + "type": "string" + }, + "location": { + "type": "string" + }, + "mlzTags": { + "type": "object" + }, + "tags": { + "type": "object" + } + }, + "resources": [ + { + "type": "Microsoft.Compute/diskEncryptionSets", + "apiVersion": "2023-04-02", + "name": "[parameters('diskEncryptionSetName')]", + "location": "[parameters('location')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Compute/diskEncryptionSets'), parameters('tags')['Microsoft.Compute/diskEncryptionSets'], createObject()), parameters('mlzTags'))]", + "identity": { + "type": "SystemAssigned" + }, + "properties": { + "activeKey": { + "sourceVault": { + "id": "[parameters('keyVaultResourceId')]" + }, + "keyUrl": "[parameters('keyUrl')]" + }, + "encryptionType": "EncryptionAtRestWithPlatformAndCustomerKeys", + "rotationToLatestKeyVersionEnabled": true + } + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('assign-role-disk-encryption-set-ops-{0}', parameters('deploymentNameSuffix'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "principalId": { + "value": "[reference(resourceId('Microsoft.Compute/diskEncryptionSets', parameters('diskEncryptionSetName')), '2023-04-02', 'full').identity.principalId]" + }, + "principalType": { + "value": "ServicePrincipal" + }, + "roleDefinitionId": { + "value": "[resourceId('Microsoft.Authorization/roleDefinitions', 'e147488a-f6f5-4113-8e2d-b22465e65bf6')]" + }, + "targetResourceId": { + "value": "[resourceGroup().id]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "6383470207031311407" + } + }, + "parameters": { + "targetResourceId": { + "type": "string" + }, + "roleDefinitionId": { + "type": "string" + }, + "principalId": { + "type": "string" + }, + "principalType": { + "type": "string", + "defaultValue": "ServicePrincipal", + "allowedValues": [ + "ForeignGroup", + "Group", + "ServicePrincipal", + "User" + ] + }, + "description": { + "type": "string", + "defaultValue": "" + } + }, + "resources": [ + { + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2020-04-01-preview", + "name": "[guid(parameters('targetResourceId'), parameters('roleDefinitionId'), parameters('principalId'))]", + "properties": { + "principalId": "[parameters('principalId')]", + "principalType": "[parameters('principalType')]", + "roleDefinitionId": "[parameters('roleDefinitionId')]", + "description": "[parameters('description')]" + } + } + ] + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Compute/diskEncryptionSets', parameters('diskEncryptionSetName'))]" + ] + } + ], + "outputs": { + "resourceId": { + "type": "string", + "value": "[resourceId('Microsoft.Compute/diskEncryptionSets', parameters('diskEncryptionSetName'))]" + } + } + } + }, + "dependsOn": [ + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix')))]" + ] + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-user-assigned-identity-{0}', parameters('deploymentNameSuffix'))]", + "subscriptionId": "[parameters('tier').subscriptionId]", + "resourceGroup": "[parameters('resourceGroupName')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "keyVaultName": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultName.value]" + }, + "location": { + "value": "[parameters('location')]" + }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, + "tags": { + "value": "[parameters('tags')]" + }, + "userAssignedIdentityName": { + "value": "[replace(parameters('tier').namingConvention.userAssignedIdentity, format('-{0}', parameters('tokens').service), '')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "6007785905664733866" + } + }, + "parameters": { + "keyVaultName": { + "type": "string" + }, + "location": { + "type": "string" + }, + "mlzTags": { + "type": "object" + }, + "tags": { + "type": "object" + }, + "userAssignedIdentityName": { + "type": "string" + } + }, + "resources": [ + { + "type": "Microsoft.ManagedIdentity/userAssignedIdentities", + "apiVersion": "2018-11-30", + "name": "[parameters('userAssignedIdentityName')]", + "location": "[parameters('location')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.ManagedIdentity/userAssignedIdentities'), parameters('tags')['Microsoft.ManagedIdentity/userAssignedIdentities'], createObject()), parameters('mlzTags'))]" + }, + { + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2020-04-01-preview", + "scope": "[format('Microsoft.KeyVault/vaults/{0}', parameters('keyVaultName'))]", + "name": "[guid(parameters('userAssignedIdentityName'), 'e147488a-f6f5-4113-8e2d-b22465e65bf6', parameters('keyVaultName'))]", + "properties": { + "principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('userAssignedIdentityName')), '2018-11-30').principalId]", + "principalType": "ServicePrincipal", + "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', 'e147488a-f6f5-4113-8e2d-b22465e65bf6')]" + }, + "dependsOn": [ + "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('userAssignedIdentityName'))]" + ] + } + ], + "outputs": { + "resourceId": { + "type": "string", + "value": "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('userAssignedIdentityName'))]" + } + } + } + }, + "dependsOn": [ + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix')))]" + ] + } + ], + "outputs": { + "diskEncryptionSetResourceId": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-disk-encryption-set-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.resourceId.value]" + }, + "keyVaultName": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultName.value]" + }, + "keyVaultUri": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultUri.value]" + }, + "keyVaultResourceId": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultResourceId.value]" + }, + "storageKeyName": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.storageKeyName.value]" + }, + "userAssignedIdentityResourceId": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-user-assigned-identity-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.resourceId.value]" + } + } + } + }, + "dependsOn": [ + "[subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]" + ] + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-storage-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))]", + "location": "[deployment().location]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "blobsPrivateDnsZoneResourceId": { + "value": "[resourceId(variables('hubSubscriptionId'), variables('hubResourceGroupName'), 'Microsoft.Network/privateDnsZones', format('privatelink.blob.{0}', environment().suffixes.storage))]" + }, + "keyVaultUri": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultUri.value]" + }, + "location": { + "value": "[parameters('location')]" + }, + "logStorageSkuName": { + "value": "[parameters('logStorageSkuName')]" + }, + "mlzTags": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.mlzTags.value]" + }, + "network": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value[0]]" + }, + "resourceGroupName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" + }, + "serviceToken": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value.service]" + }, + "storageEncryptionKeyName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.storageKeyName.value]" + }, + "subnetResourceId": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.subnetResourceId.value]" + }, + "tablesPrivateDnsZoneResourceId": { + "value": "[resourceId(variables('hubSubscriptionId'), variables('hubResourceGroupName'), 'Microsoft.Network/privateDnsZones', format('privatelink.table.{0}', environment().suffixes.storage))]" + }, + "tags": { + "value": "[parameters('tags')]" + }, + "userAssignedIdentityResourceId": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.userAssignedIdentityResourceId.value]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "15276628086161283630" + } + }, + "parameters": { + "blobsPrivateDnsZoneResourceId": { + "type": "string" + }, + "keyVaultUri": { + "type": "string" + }, + "logStorageSkuName": { + "type": "string" + }, + "location": { + "type": "string" + }, + "mlzTags": { + "type": "object" + }, + "network": { + "type": "object" + }, + "resourceGroupName": { + "type": "string" + }, + "serviceToken": { + "type": "string" + }, + "storageEncryptionKeyName": { + "type": "string" + }, + "subnetResourceId": { + "type": "string" + }, + "tablesPrivateDnsZoneResourceId": { + "type": "string" + }, + "tags": { + "type": "object" + }, + "userAssignedIdentityResourceId": { + "type": "string" + } + }, + "resources": [ + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "storage", + "subscriptionId": "[parameters('network').subscriptionId]", + "resourceGroup": "[parameters('resourceGroupName')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "blobsPrivateDnsZoneResourceId": { + "value": "[parameters('blobsPrivateDnsZoneResourceId')]" + }, + "keyVaultUri": { + "value": "[parameters('keyVaultUri')]" + }, + "location": { + "value": "[parameters('location')]" + }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, + "serviceToken": { + "value": "[parameters('serviceToken')]" + }, + "skuName": { + "value": "[parameters('logStorageSkuName')]" + }, + "storageAccountName": { + "value": "[parameters('network').namingConvention.storageAccount]" + }, + "storageAccountNetworkInterfaceNamePrefix": { + "value": "[parameters('network').namingConvention.storageAccountNetworkInterface]" + }, + "storageAccountPrivateEndpointNamePrefix": { + "value": "[parameters('network').namingConvention.storageAccountPrivateEndpoint]" + }, + "storageEncryptionKeyName": { + "value": "[parameters('storageEncryptionKeyName')]" + }, + "subnetResourceId": { + "value": "[parameters('subnetResourceId')]" + }, + "tablesPrivateDnsZoneResourceId": { + "value": "[parameters('tablesPrivateDnsZoneResourceId')]" + }, + "tags": { + "value": "[parameters('tags')]" + }, + "userAssignedIdentityResourceId": { + "value": "[parameters('userAssignedIdentityResourceId')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "6116693144339389145" + } + }, + "parameters": { + "blobsPrivateDnsZoneResourceId": { + "type": "string" + }, + "keyVaultUri": { + "type": "string" + }, + "location": { + "type": "string" + }, + "mlzTags": { + "type": "object" + }, + "serviceToken": { + "type": "string" + }, + "skuName": { + "type": "string" + }, + "storageAccountName": { + "type": "string" + }, + "storageAccountNetworkInterfaceNamePrefix": { + "type": "string" + }, + "storageAccountPrivateEndpointNamePrefix": { + "type": "string" + }, + "storageEncryptionKeyName": { + "type": "string" + }, + "subnetResourceId": { + "type": "string" + }, + "tablesPrivateDnsZoneResourceId": { + "type": "string" + }, + "tags": { + "type": "object" + }, + "userAssignedIdentityResourceId": { + "type": "string" + } + }, + "variables": { + "zones": [ + "[parameters('blobsPrivateDnsZoneResourceId')]", + "[parameters('tablesPrivateDnsZoneResourceId')]" + ] + }, + "resources": [ + { + "type": "Microsoft.Storage/storageAccounts", + "apiVersion": "2023-01-01", + "name": "[parameters('storageAccountName')]", + "location": "[parameters('location')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Storage/storageAccounts'), parameters('tags')['Microsoft.Storage/storageAccounts'], createObject()), parameters('mlzTags'))]", + "identity": { + "type": "UserAssigned", + "userAssignedIdentities": { + "[format('{0}', parameters('userAssignedIdentityResourceId'))]": {} + } + }, + "kind": "StorageV2", + "sku": { + "name": "[parameters('skuName')]" + }, + "properties": { + "accessTier": "Hot", + "allowBlobPublicAccess": false, + "allowCrossTenantReplication": false, + "allowedCopyScope": "PrivateLink", + "allowSharedKeyAccess": true, + "defaultToOAuthAuthentication": false, + "dnsEndpointType": "Standard", + "encryption": { + "identity": { + "userAssignedIdentity": "[parameters('userAssignedIdentityResourceId')]" + }, + "keySource": "Microsoft.KeyVault", + "keyvaultproperties": { + "keyvaulturi": "[parameters('keyVaultUri')]", + "keyname": "[parameters('storageEncryptionKeyName')]" + }, + "requireInfrastructureEncryption": true, + "services": { + "blob": { + "keyType": "Account", + "enabled": true + }, + "file": { + "keyType": "Account", + "enabled": true + }, + "queue": { + "keyType": "Account", + "enabled": true + }, + "table": { + "keyType": "Account", + "enabled": true + } + } + }, + "minimumTlsVersion": "TLS1_2", + "networkAcls": { + "bypass": "AzureServices", + "virtualNetworkRules": [], + "ipRules": [], + "defaultAction": "Deny" + }, + "publicNetworkAccess": "Disabled", + "supportsHttpsTrafficOnly": true + } + }, + { + "copy": { + "name": "privateEndpoints", + "count": "[length(variables('zones'))]" + }, + "type": "Microsoft.Network/privateEndpoints", + "apiVersion": "2023-04-01", + "name": "[replace(parameters('storageAccountPrivateEndpointNamePrefix'), parameters('serviceToken'), split(split(variables('zones')[copyIndex()], '/')[8], '.')[1])]", + "location": "[parameters('location')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Network/privateEndpoints'), parameters('tags')['Microsoft.Network/privateEndpoints'], createObject()), parameters('mlzTags'))]", + "properties": { + "customNetworkInterfaceName": "[replace(parameters('storageAccountNetworkInterfaceNamePrefix'), parameters('serviceToken'), split(split(variables('zones')[copyIndex()], '/')[8], '.')[1])]", + "privateLinkServiceConnections": [ + { + "name": "[replace(parameters('storageAccountPrivateEndpointNamePrefix'), parameters('serviceToken'), split(split(variables('zones')[copyIndex()], '/')[8], '.')[1])]", + "properties": { + "privateLinkServiceId": "[resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName'))]", + "groupIds": [ + "[split(split(variables('zones')[copyIndex()], '/')[8], '.')[1]]" + ] + } + } + ], + "subnet": { + "id": "[parameters('subnetResourceId')]" + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName'))]" + ] + }, + { + "copy": { + "name": "privateDnsZoneGroups", + "count": "[length(variables('zones'))]" + }, + "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups", + "apiVersion": "2021-08-01", + "name": "[format('{0}/{1}', replace(parameters('storageAccountPrivateEndpointNamePrefix'), parameters('serviceToken'), split(split(variables('zones')[copyIndex()], '/')[8], '.')[1]), parameters('storageAccountName'))]", + "properties": { + "privateDnsZoneConfigs": [ + { + "name": "ipconfig1", + "properties": { + "privateDnsZoneId": "[variables('zones')[copyIndex()]]" + } + } + ] + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/privateEndpoints', replace(parameters('storageAccountPrivateEndpointNamePrefix'), parameters('serviceToken'), split(split(variables('zones')[copyIndex()], '/')[8], '.')[1]))]" + ] + } + ], + "outputs": { + "id": { + "type": "string", + "value": "[resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName'))]" + } + } + } + } + } + ], + "outputs": { + "storageAccountResourceId": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('network').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'storage'), '2022-09-01').outputs.id.value]" + } + } + } + }, + "dependsOn": [ + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]" + ] + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-diagnostics-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))]", + "location": "[deployment().location]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "deployActivityLogDiagnosticSetting": { + "value": "[parameters('deployActivityLogDiagnosticSetting')]" + }, + "deploymentNameSuffix": { + "value": "[parameters('deploymentNameSuffix')]" + }, + "keyVaultDiagnosticLogs": { + "value": "[parameters('keyVaultDiagnosticsLogs')]" + }, + "keyVaultName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultName.value]" + }, + "logAnalyticsWorkspaceResourceId": { + "value": "[parameters('logAnalyticsWorkspaceResourceId')]" + }, + "networkSecurityGroupDiagnosticsLogs": { + "value": "[parameters('networkSecurityGroupDiagnosticsLogs')]" + }, + "networkSecurityGroupDiagnosticsMetrics": { + "value": "[parameters('networkSecurityGroupDiagnosticsMetrics')]" + }, + "networkSecurityGroupName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.networkSecurityGroupName.value]" + }, + "resourceGroupName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" + }, + "storageAccountResourceId": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-storage-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.storageAccountResourceId.value]" + }, + "tier": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value[0]]" + }, + "virtualNetworkDiagnosticsLogs": { + "value": "[parameters('virtualNetworkDiagnosticsLogs')]" + }, + "virtualNetworkDiagnosticsMetrics": { + "value": "[parameters('virtualNetworkDiagnosticsMetrics')]" + }, + "virtualNetworkName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.virtualNetworkName.value]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "738419494311113164" + } + }, + "parameters": { + "deployActivityLogDiagnosticSetting": { + "type": "bool" + }, + "deploymentNameSuffix": { + "type": "string" + }, + "keyVaultDiagnosticLogs": { + "type": "array" + }, + "keyVaultName": { + "type": "string" + }, + "logAnalyticsWorkspaceResourceId": { + "type": "string" + }, + "networkSecurityGroupDiagnosticsLogs": { + "type": "array" + }, + "networkSecurityGroupDiagnosticsMetrics": { + "type": "array" + }, + "networkSecurityGroupName": { + "type": "string" + }, + "resourceGroupName": { + "type": "string" + }, + "storageAccountResourceId": { + "type": "string" + }, + "tier": { + "type": "object" + }, + "virtualNetworkDiagnosticsLogs": { + "type": "array" + }, + "virtualNetworkDiagnosticsMetrics": { + "type": "array" + }, + "virtualNetworkName": { + "type": "string" + } + }, + "resources": [ + { + "condition": "[parameters('deployActivityLogDiagnosticSetting')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-activity-diags-{0}-{1}', parameters('tier').name, parameters('deploymentNameSuffix'))]", + "subscriptionId": "[parameters('tier').subscriptionId]", + "location": "[deployment().location]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "logAnalyticsWorkspaceId": { + "value": "[parameters('logAnalyticsWorkspaceResourceId')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "11148640012050316356" + } + }, + "parameters": { + "logAnalyticsWorkspaceId": { + "type": "string" + } + }, + "resources": [ + { + "type": "Microsoft.Insights/diagnosticSettings", + "apiVersion": "2017-05-01-preview", + "name": "[format('diag-activity-log-{0}', subscription().subscriptionId)]", + "properties": { + "workspaceId": "[parameters('logAnalyticsWorkspaceId')]", + "logs": [ + { + "category": "Administrative", + "enabled": true + }, + { + "category": "Security", + "enabled": true + }, + { + "category": "ServiceHealth", + "enabled": true + }, + { + "category": "Alert", + "enabled": true + }, + { + "category": "Recommendation", + "enabled": true + }, + { + "category": "Policy", + "enabled": true + }, + { + "category": "Autoscale", + "enabled": true + }, + { + "category": "ResourceHealth", + "enabled": true + } + ] + } + } + ] + } + } + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-kv-diags-{0}', parameters('deploymentNameSuffix'))]", + "subscriptionId": "[parameters('tier').subscriptionId]", + "resourceGroup": "[parameters('resourceGroupName')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "keyVaultDiagnosticSettingName": { + "value": "[parameters('tier').namingConvention.keyVaultDiagnosticSetting]" + }, + "keyVaultName": { + "value": "[parameters('keyVaultName')]" + }, + "keyVaultStorageAccountId": { + "value": "[parameters('storageAccountResourceId')]" + }, + "logAnalyticsWorkspaceResourceId": { + "value": "[parameters('logAnalyticsWorkspaceResourceId')]" + }, + "logs": { + "value": "[parameters('keyVaultDiagnosticLogs')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "11931053519285250235" + } + }, + "parameters": { + "keyVaultDiagnosticSettingName": { + "type": "string" + }, + "keyVaultName": { + "type": "string" + }, + "keyVaultStorageAccountId": { + "type": "string" + }, + "logAnalyticsWorkspaceResourceId": { + "type": "string" + }, + "logs": { + "type": "array" + } + }, + "resources": [ + { + "type": "Microsoft.Insights/diagnosticSettings", + "apiVersion": "2017-05-01-preview", + "scope": "[format('Microsoft.KeyVault/vaults/{0}', parameters('keyVaultName'))]", + "name": "[parameters('keyVaultDiagnosticSettingName')]", + "properties": { + "storageAccountId": "[parameters('keyVaultStorageAccountId')]", + "workspaceId": "[parameters('logAnalyticsWorkspaceResourceId')]", + "logs": "[parameters('logs')]" + } + } + ] + } + } + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-nsg-diags-{0}-{1}', parameters('tier').name, parameters('deploymentNameSuffix'))]", + "subscriptionId": "[parameters('tier').subscriptionId]", + "resourceGroup": "[parameters('resourceGroupName')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "logAnalyticsWorkspaceResourceId": { + "value": "[parameters('logAnalyticsWorkspaceResourceId')]" + }, + "logs": { + "value": "[parameters('networkSecurityGroupDiagnosticsLogs')]" + }, + "logStorageAccountResourceId": { + "value": "[parameters('storageAccountResourceId')]" + }, + "metrics": { + "value": "[parameters('networkSecurityGroupDiagnosticsMetrics')]" + }, + "networkSecurityGroupDiagnosticSettingName": { + "value": "[parameters('tier').namingConvention.networkSecurityGroupDiagnosticSetting]" + }, + "networkSecurityGroupName": { + "value": "[parameters('networkSecurityGroupName')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "12049539018034280966" + } + }, + "parameters": { + "logAnalyticsWorkspaceResourceId": { + "type": "string" + }, + "logs": { + "type": "array" + }, + "logStorageAccountResourceId": { + "type": "string" + }, + "metrics": { + "type": "array" + }, + "networkSecurityGroupDiagnosticSettingName": { + "type": "string" + }, + "networkSecurityGroupName": { + "type": "string" + } + }, + "resources": [ + { + "type": "Microsoft.Insights/diagnosticSettings", + "apiVersion": "2017-05-01-preview", + "scope": "[format('Microsoft.Network/networkSecurityGroups/{0}', parameters('networkSecurityGroupName'))]", + "name": "[parameters('networkSecurityGroupDiagnosticSettingName')]", + "properties": { + "storageAccountId": "[parameters('logStorageAccountResourceId')]", + "workspaceId": "[parameters('logAnalyticsWorkspaceResourceId')]", + "logs": "[parameters('logs')]", + "metrics": "[parameters('metrics')]" + } + } + ] + } + } + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-vnet-diags-{0}-{1}', parameters('tier').name, parameters('deploymentNameSuffix'))]", + "subscriptionId": "[parameters('tier').subscriptionId]", + "resourceGroup": "[parameters('resourceGroupName')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "logAnalyticsWorkspaceResourceId": { + "value": "[parameters('logAnalyticsWorkspaceResourceId')]" + }, + "logs": { + "value": "[parameters('virtualNetworkDiagnosticsLogs')]" + }, + "logStorageAccountResourceId": { + "value": "[parameters('storageAccountResourceId')]" + }, + "metrics": { + "value": "[parameters('virtualNetworkDiagnosticsMetrics')]" + }, + "virtualNetworkDiagnosticSettingName": { + "value": "[parameters('tier').namingConvention.virtualNetworkDiagnosticSetting]" + }, + "virtualNetworkName": { + "value": "[parameters('virtualNetworkName')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "13356625654141484072" + } + }, + "parameters": { + "logAnalyticsWorkspaceResourceId": { + "type": "string" + }, + "logs": { + "type": "array" + }, + "logStorageAccountResourceId": { + "type": "string" + }, + "metrics": { + "type": "array" + }, + "virtualNetworkDiagnosticSettingName": { + "type": "string" + }, + "virtualNetworkName": { + "type": "string" + } + }, + "resources": [ + { + "type": "Microsoft.Insights/diagnosticSettings", + "apiVersion": "2017-05-01-preview", + "scope": "[format('Microsoft.Network/virtualNetworks/{0}', parameters('virtualNetworkName'))]", + "name": "[parameters('virtualNetworkDiagnosticSettingName')]", + "properties": { + "storageAccountId": "[parameters('logStorageAccountResourceId')]", + "workspaceId": "[parameters('logAnalyticsWorkspaceResourceId')]", + "logs": "[parameters('logs')]", + "metrics": "[parameters('metrics')]" + } + } + ] + } + } + } + ] + } + }, + "dependsOn": [ + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-storage-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]" + ] + }, + { + "condition": "[parameters('deployPolicy')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('assign-policy-{0}-{1}', toLower(parameters('workloadName')), parameters('deploymentNameSuffix'))]", + "location": "[deployment().location]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "deploymentNameSuffix": { + "value": "[parameters('deploymentNameSuffix')]" + }, + "location": { + "value": "[parameters('location')]" + }, + "logAnalyticsWorkspaceResourceId": { + "value": "[parameters('logAnalyticsWorkspaceResourceId')]" + }, + "tiers": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value]" + }, + "policy": { + "value": "[parameters('policy')]" + }, + "resourceGroupNames": { + "value": [ + "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" + ] + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "379956182717650153" + } + }, + "parameters": { + "deploymentNameSuffix": { + "type": "string" + }, + "location": { + "type": "string" + }, + "logAnalyticsWorkspaceResourceId": { + "type": "string" + }, + "policy": { + "type": "string" + }, + "resourceGroupNames": { + "type": "array" + }, + "tiers": { + "type": "array" + } + }, + "resources": [ + { + "copy": { + "name": "policyAssignment", + "count": "[length(parameters('tiers'))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('assign-policy-{0}-{1}', parameters('tiers')[copyIndex()].name, parameters('deploymentNameSuffix'))]", + "subscriptionId": "[parameters('tiers')[copyIndex()].subscriptionId]", + "resourceGroup": "[parameters('resourceGroupNames')[copyIndex()]]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "builtInAssignment": { + "value": "[parameters('policy')]" + }, + "logAnalyticsWorkspaceResourceId": { + "value": "[parameters('logAnalyticsWorkspaceResourceId')]" + }, + "location": { + "value": "[parameters('location')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "9464536540108620518" + } + }, + "parameters": { + "builtInAssignment": { + "type": "string", + "defaultValue": "NISTRev4", + "allowedValues": [ + "NISTRev4", + "NISTRev5", + "IL5", + "CMMC" + ], + "metadata": { + "description": "[NISTRev4/NISTRev5/IL5/CMMC] Built-in policy assignments to assign, default is NISTRev4. IL5 is only available for AzureUsGovernment and will switch to NISTRev4 if tried in AzureCloud." + } + }, + "logAnalyticsWorkspaceResourceId": { + "type": "string" + }, + "deployRemediation": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Starts a policy remediation for the VM Agent policies in hub RG. Set to false by default since this is time consuming in deployment." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "The location of this resource" + } + } + }, + "variables": { + "$fxv#0": " {\r\n \"listOfMembersToExcludeFromWindowsVMAdministratorsGroup\": \r\n {\r\n \"value\": \"admin\"\r\n },\r\n \"listOfMembersToIncludeInWindowsVMAdministratorsGroup\": \r\n {\r\n \"value\": \"azureuser\"\r\n },\r\n \"logAnalyticsWorkspaceIdforVMReporting\": \r\n {\r\n \"value\": \"\"\r\n },\r\n \"IncludeArcMachines\": \r\n {\r\n \"value\": \"true\"\r\n },\r\n \"MinimumTLSVersion-5752e6d6-1206-46d8-8ab1-ecc2f71a8112\": \r\n {\r\n \"value\": \"1.2\"\r\n },\r\n \"NotAvailableMachineState-bed48b13-6647-468e-aa2f-1af1d3f4dd40\": \r\n {\r\n \"value\": \"Compliant\"\r\n },\r\n \"requiredRetentionDays\": \r\n {\r\n \"value\": \"365\"\r\n },\r\n \"resourceGroupName-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6\": \r\n {\r\n \"value\": \"NetworkWatcherRG\"\r\n }\r\n }", + "$fxv#1": " {\r\n \"IncludeArcMachines\": \r\n {\r\n \"value\": \"true\"\r\n },\r\n \"MinimumTLSVersion-5752e6d6-1206-46d8-8ab1-ecc2f71a8112\": \r\n {\r\n \"value\": \"1.2\"\r\n },\r\n \"NotAvailableMachineState-bed48b13-6647-468e-aa2f-1af1d3f4dd40\": \r\n {\r\n \"value\": \"Compliant\"\r\n },\r\n \"requiredRetentionDays\": \r\n {\r\n \"value\": \"365\"\r\n },\r\n \"resourceGroupName-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6\": \r\n {\r\n \"value\": \"NetworkWatcherRG\"\r\n }\r\n }", + "$fxv#2": "{\r\n \"IncludeArcMachines\" : { \r\n \"value\" : \"false\"\r\n },\r\n \"NotAvailableMachineState-bed48b13-6647-468e-aa2f-1af1d3f4dd40\" : { \r\n \"value\" : \"Compliant\"\r\n },\r\n \"MinimumTLSVersionForWindowsServers\" : { \r\n \"value\" : \"1.2\"\r\n },\r\n \"requiredRetentionDays\" : { \r\n \"value\" : \"365\"\r\n },\r\n \"effect-febd0533-8e55-448f-b837-bd0e06f16469\" : { \r\n \"value\" : \"audit\"\r\n },\r\n \"allowedContainerImagesRegex-febd0533-8e55-448f-b837-bd0e06f16469\" : { \r\n \"value\" : \"^(.+){0}$\"\r\n },\r\n \"effect-95edb821-ddaf-4404-9732-666045e056b4\" : { \r\n \"value\" : \"audit\"\r\n },\r\n \"effect-440b515e-a580-421e-abeb-b159a61ddcbc\" : { \r\n \"value\" : \"audit\"\r\n },\r\n \"effect-233a2a17-77ca-4fb1-9b6b-69223d272a44\" : { \r\n \"value\" : \"audit\"\r\n },\r\n \"effect-e345eecc-fa47-480f-9e88-67dcc122b164\" : { \r\n \"value\" : \"audit\"\r\n },\r\n \"cpuLimit-e345eecc-fa47-480f-9e88-67dcc122b164\" : { \r\n \"value\" : \"0\"\r\n },\r\n \"memoryLimit-e345eecc-fa47-480f-9e88-67dcc122b164\" : { \r\n \"value\" : \"0\"\r\n },\r\n \"effect-f06ddb64-5fa3-4b77-b166-acb36f7f6042\" : { \r\n \"value\" : \"audit\"\r\n },\r\n \"runAsUserRule-f06ddb64-5fa3-4b77-b166-acb36f7f6042\" : { \r\n \"value\" : \"MustRunAsNonRoot\"\r\n },\r\n \"runAsGroupRule-f06ddb64-5fa3-4b77-b166-acb36f7f6042\" : { \r\n \"value\" : \"RunAsAny\"\r\n },\r\n \"supplementalGroupsRule-f06ddb64-5fa3-4b77-b166-acb36f7f6042\" : { \r\n \"value\" : \"RunAsAny\"\r\n },\r\n \"fsGroupRule-f06ddb64-5fa3-4b77-b166-acb36f7f6042\" : { \r\n \"value\" : \"RunAsAny\"\r\n },\r\n \"effect-1c6e92c9-99f0-4e55-9cf2-0c234dc48f99\" : { \r\n \"value\" : \"audit\"\r\n },\r\n \"effect-47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8\" : { \r\n \"value\" : \"audit\"\r\n },\r\n \"effect-df49d893-a74c-421d-bc95-c663042e5b80\" : { \r\n \"value\" : \"audit\"\r\n },\r\n \"effect-1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\" : { \r\n \"value\" : \"audit\"\r\n },\r\n \"effect-c26596ff-4d70-4e6a-9a30-c2506bd2f80c\" : { \r\n \"value\" : \"audit\"\r\n },\r\n \"effect-511f5417-5d12-434d-ab2e-816901e72a5e\" : { \r\n \"value\" : \"audit\"\r\n },\r\n \"effect-82985f06-dc18-4a48-bc1c-b9f4f0098cfe\" : { \r\n \"value\" : \"audit\"\r\n },\r\n \"effect-098fc59e-46c7-4d99-9b16-64990e543d75\" : { \r\n \"value\" : \"audit\"\r\n },\r\n \"NetworkWatcherResourceGroupName\" : { \r\n \"value\" : \"NetworkWatcherRG\"\r\n },\r\n \"setting-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\" : { \r\n \"value\" : \"enabled\"\r\n },\r\n \"aadAuthenticationInServiceFabricMonitoringEffect\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-71ef260a-8f18-47b7-abcb-62d0673d94dc\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-055aa869-bc98-4af8-bafc-23f1ab6ffe2c\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-d9da03a1-f3c3-412a-9709-947156872263\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-617c02be-7f02-4efd-8836-3180d47b6c68\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-ec068d99-e9c7-401f-8cef-5bdde4e6ccf1\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-c349d81b-9985-44ae-a8da-ff98d108ede8\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-3657f5a0-770e-44a3-b44e-9431ba1e9735\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-b4ac1030-89c5-4697-8e00-28b5ba6a8811\" : { \r\n \"value\" : \"audit\"\r\n },\r\n \"effect-ea0dfaed-95fb-448c-934e-d6e713ce393d\" : { \r\n \"value\" : \"audit\"\r\n },\r\n \"effect-4733ea7b-a883-42fe-8cac-97454c2a9e4a\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-f4b53539-8df9-40e4-86c6-6b607703bd4e\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-41425d9f-d1a5-499a-9932-f8ed8453932c\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-fc4d8e41-e223-45ea-9bf5-eada37891d87\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-86efb160-8de7-451d-bc08-5d475b0aadae\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-4ec52d6d-beb7-40c4-9a9e-fe753254690e\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-64d314f6-6062-4780-a861-c23e8951bee5\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-1fd32ebd-e4c3-4e13-a54a-d7422d4d95f6\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-fa298e57-9444-42ba-bf04-86e8470e32c7\" : { \r\n \"value\" : \"audit\"\r\n },\r\n \"effect-67121cc7-ff39-4ab8-b7e3-95b84dab487d\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-1f905d99-2ab7-462c-a6b0-f709acca6c8f\" : { \r\n \"value\" : \"audit\"\r\n },\r\n \"effect-5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-ba769a63-b8cc-4b2d-abf6-ac33c7204be8\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-81e74cea-30fd-40d5-802f-d72103c2aaaa\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-0aa61e00-0a01-4a3c-9945-e93cffedf0e6\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-47031206-ce96-41f8-861b-6a915f3de284\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-87ba29ef-1ab3-4d82-b763-87fcd4f531f7\" : { \r\n \"value\" : \"audit\"\r\n },\r\n \"effect-51522a96-0869-4791-82f3-981000c2c67f\" : { \r\n \"value\" : \"audit\"\r\n },\r\n \"effect-b5ec538c-daa0-4006-8596-35468b9148e8\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-56a5ee18-2ae6-4810-86f7-18e39ce5629b\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-2e94d99a-8a36-4563-bc77-810d8893b671\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-1fafeaf6-7927-4059-a50a-8eb2a7a6f2b5\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-99e9ccd8-3db9-4592-b0d1-14b1715a4d8a\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-1f68a601-6e6d-4e42-babf-3f643a047ea2\" : { \r\n \"value\" : \"audit\"\r\n },\r\n \"effect-f7d52b2d-e161-4dfa-a82b-55e564167385\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-7d7be79c-23ba-4033-84dd-45e2a5ccdd67\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-ca91455f-eace-4f96-be59-e6e2c35b4816\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-702dd420-7fcc-42c5-afe8-4026edd20fe0\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"diagnosticsLogsInRedisCacheMonitoringEffect\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"secureTransferToStorageAccountMonitoringEffect\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-d0793b48-0edc-4296-a390-4c75d1bdfd71\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-7d092e0a-7acd-40d2-a975-dca21cae48c4\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-2a1a9cdf-e04d-429a-8416-3bfb72a1b26f\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"disableUnrestrictedNetworkToStorageAccountMonitoringEffect\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-55615ac9-af46-4a59-874e-391cc3dfb490\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-1b8ca024-1d5c-4dec-8995-b1a932b41780\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-037eea7a-bd0a-46c5-9a66-03aea78705d3\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-53503636-bcc9-4748-9663-5348217f160f\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-40cec1dd-a100-4920-b15b-3024fe8901ab\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-0725b4dd-7e76-479c-a735-68e7ee23d5ca\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-a049bf77-880b-470f-ba6d-9f21c530cf83\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-ee980b6d-0eca-4501-8d54-f6290fd512c3\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-1d84d5fb-01f6-4d12-ba4f-4a26081d403d\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-37e0d2fe-28a5-43d6-a273-67d37d1f5606\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"identityDesignateMoreThanOneOwnerMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"diskEncryptionMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"emailNotificationToSubscriptionOwnerHighSeverityAlertsEnabledEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"functionAppDisableRemoteDebuggingMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"sqlDbEncryptionMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"vulnerabilityAssessmentOnManagedInstanceMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"ensurePHPVersionLatestForAPIAppEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"aadAuthenticationInSqlServerMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"vmssEndpointProtectionMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"vmssOsVulnerabilitiesMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"adaptiveApplicationControlsMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"geoRedundantBackupShouldBeEnabledForAzureDatabaseForPostgreSQLEffect\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"ensureJavaVersionLatestForWebAppEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"identityDesignateLessThanOwnersMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"securityContactEmailAddressForSubscriptionEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"webAppRestrictCORSAccessMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithWritePermissionsMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithReadPermissionsMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveDeprecatedAccountMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"functionAppEnforceHttpsMonitoringEffect\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"ensurePythonVersionLatestForWebAppEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"ensurePythonVersionLatestForFunctionAppEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"ensurePHPVersionLatestForWebAppEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"ensurePythonVersionLatestForAPIAppEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMySQLEffect\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"systemUpdatesMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"ensureJavaVersionLatestForAPIAppEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"ensureHTTPVersionLatestForWebAppEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"apiAppRequireLatestTlsMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForWritePermissionsMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"ensureHTTPVersionLatestForAPIAppEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"ensureJavaVersionLatestForFunctionAppEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"nextGenerationFirewallMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"useRbacRulesMonitoringEffect\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"webAppEnforceHttpsMonitoringEffect\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"sqlServerAuditingMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"vnetEnableDDoSProtectionMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForOwnerPermissionsMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"sqlServerAdvancedDataSecurityMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"sqlManagedInstanceAdvancedDataSecurityMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"endpointProtectionMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"jitNetworkAccessMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"apiAppEnforceHttpsMonitoringEffect\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"geoRedundantStorageShouldBeEnabledForStorageAccountsEffect\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"vmssSystemUpdatesMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"webAppDisableRemoteDebuggingMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"longtermGeoRedundantBackupEnabledAzureSQLDatabasesEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"systemConfigurationsMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"ensureHTTPVersionLatestForFunctionAppEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForReadPermissionsMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"containerBenchmarkMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"apiAppDisableRemoteDebuggingMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"vulnerabilityAssessmentOnServerMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"webAppRequireLatestTlsMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"functionAppRequireLatestTlsMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"kubernetesServiceVersionUpToDateMonitoringEffect\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"sqlDbVulnerabilityAssesmentMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"membersToIncludeInLocalAdministratorsGroup\" : { \r\n \"value\" : \"\"\r\n },\r\n \"membersToExcludeInLocalAdministratorsGroup\" : { \r\n \"value\" : \"\"\r\n },\r\n \"logAnalyticsWorkspaceIDForVMAgents\" : { \r\n \"value\" : \"\"\r\n },\r\n \"PHPLatestVersionForAppServices\" : { \r\n \"value\" : \"7.4\"\r\n },\r\n \"JavaLatestVersionForAppServices\" : { \r\n \"value\" : \"11\"\r\n },\r\n \"WindowsPythonLatestVersionForAppServices\" : { \r\n \"value\" : \"3.6\"\r\n },\r\n \"LinuxPythonLatestVersionForAppServices\" : { \r\n \"value\" : \"3.9\"\r\n },\r\n \"ensureDotNetFrameworkLatestForFunctionAppEffect\" : { \r\n \"value\" : \"Disabled\"\r\n },\r\n \"sqlManagedInstanceAdvancedDataSecurityEmailsMonitoringEffect\" : { \r\n \"value\" : \"Disabled\"\r\n },\r\n \"vulnerabilityAssessmentMonitoringEffect\" : { \r\n \"value\" : \"Disabled\"\r\n },\r\n \"ensureDotNetFrameworkLatestForWebAppEffect\" : { \r\n \"value\" : \"Disabled\"\r\n },\r\n \"sqlServerAdvancedDataSecurityEmailsMonitoringEffect\" : { \r\n \"value\" : \"Disabled\"\r\n },\r\n \"microsoftIaaSAntimalwareExtensionShouldBeDeployedOnWindowsServersEffect\" : { \r\n \"value\" : \"Disabled\"\r\n },\r\n \"securityCenterStandardPricingTierShouldBeSelectedEffect\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"theLogAnalyticsAgentShouldBeInstalledOnVirtualMachinesEffect\" : { \r\n \"value\" : \"Disabled\"\r\n },\r\n \"ensurePHPVersionLatestForFunctionAppEffect\" : { \r\n \"value\" : \"Disabled\"\r\n },\r\n \"sqlManagedInstanceAdvancedDataSecurityEmailAdminsMonitoringEffect\" : { \r\n \"value\" : \"Disabled\"\r\n },\r\n \"securityContactPhoneNumberShouldBeProvidedForSubscriptionEffect\" : { \r\n \"value\" : \"Disabled\"\r\n },\r\n \"threatDetectionTypesOnManagedInstanceMonitoringEffect\" : { \r\n \"value\" : \"Disabled\"\r\n },\r\n \"ensureDotNetFrameworkLatestForAPIAppEffect\" : { \r\n \"value\" : \"Disabled\"\r\n },\r\n \"sqlServerAdvancedDataSecurityEmailAdminsMonitoringEffect\" : { \r\n \"value\" : \"Disabled\"\r\n },\r\n \"threatDetectionTypesOnServerMonitoringEffect\" : { \r\n \"value\" : \"Disabled\"\r\n },\r\n \"theLogAnalyticsAgentShouldBeInstalledOnVirtualMachineScaleSetsEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n }\r\n}", + "$fxv#3": "{\r\n \"logAnalyticsWorkspaceId-f47b5582-33ec-4c5c-87c0-b010a6b2e917\" : { \r\n \"value\" : \"\"\r\n },\r\n \"effect-09024ccc-0c5f-475e-9457-b7c0d9ed487b\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"MembersToExclude-69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f\" :{\r\n \"value\": \"\"\r\n },\r\n \"MembersToInclude-30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7\": {\r\n \"value\": \"\"\r\n },\r\n \"effect-0961003e-5a0a-4549-abde-af6a37f2724d\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-0b15565f-aa9e-48ba-8619-45960f2c314d\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-0e60b895-3786-45da-8377-9c6b4b6ac5f9\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-17k78e20-9358-41c9-923c-fb736d382a12\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"PHPLatestVersion\" : { \r\n \"value\" : \"7.3\"\r\n },\r\n \"effect-22bee202-a82f-4305-9a2a-6d7f44d4dedb\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-26a828e1-e88f-464e-bbb3-c134a282b9de\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-34c877ad-507e-4c82-993e-3452a6e0ad3c\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-404c3081-a854-4457-ae30-26a93ef643f9\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-47a6b606-51aa-4496-8bb7-64b11cf66adc\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-496223c3-ad65-4ecd-878a-bae78737e9ed\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"JavaLatestVersion\" : { \r\n \"value\" : \"11\"\r\n },\r\n \"effect-4f11b553-d42e-4e3a-89be-32ca364cad4c\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-5c607a2e-c700-4744-8254-d77e7c9eb5e4\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-5f76cf89-fbf2-47fd-a3f4-b891fa780b60\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-6b1cbf55-e8b6-442f-ba4c-7246b6381474\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-7008174a-fd10-4ef0-817e-fc820a951d73\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"LinuxPythonLatestVersion\" : { \r\n \"value\" : \"3.8\"\r\n },\r\n \"effect-7238174a-fd10-4ef0-817e-fc820a951d73\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-7261b898-8a84-4db8-9e04-18527132abb3\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-74c3584d-afae-46f7-a20a-6f8adba71a16\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-86b3d65f-7626-441e-b690-81a8b71cff60\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-88999f4c-376a-45c8-bcb3-4058f713cf39\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-8c122334-9d20-4eb8-89ea-ac9a705b74ae\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-9297c21d-2ed6-4474-b48f-163f75654ce3\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-991310cd-e9f3-47bc-b7b6-f57b557d07db\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-9b597639-28e4-48eb-b506-56b05d366257\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-9daedab3-fb2d-461e-b861-71790eead4f6\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-a4af4a39-4135-47fb-b175-47fbdf85311d\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"setting-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\" : { \r\n \"value\" : \"enabled\"\r\n },\r\n \"effect-a70ca396-0a34-413a-88e1-b956c1e683be\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-aa633080-8b72-40c4-a2d7-d00c03e80bed\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-af6cd1bd-1635-48cb-bde7-5b15693900b9\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"resourceGroupName-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6\" : { \r\n \"value\" : \"NetworkWatcherRG\"\r\n },\r\n \"effect-b7ddfbdc-1260-477d-91fd-98bd9be789a6\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-c3f317a7-a95c-4547-b7e7-11017ebdf2fe\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-cb510bfd-1cba-4d9f-a230-cb0976f4bb71\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-e2c1c086-2d84-4019-bff3-c44ccd95113c\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-e3576e28-8b17-4677-84c3-db2990658d64\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-e8cbc669-f12d-49eb-93e7-9273119e9933\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-ebb62a0c-3560-49e1-89ed-27e074e9f8ad\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-efbde977-ba53-4479-b8e9-10b957924fbf\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-f6de0be7-9a8a-4b8a-b349-43cf02d22f7c\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-f8456c1c-aa66-4dfb-861a-25d127b775c9\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-f9d614c5-c173-4d56-95a7-b4437057d193\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-fb893a29-21bb-418c-a157-e99480ec364c\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-feedbf84-6b99-488c-acc2-71c829aa5ffc\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-3b980d31-7904-4bb7-8575-5665739a8052\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-6e2593d9-add6-4083-9c9b-4b7d2188c899\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-12430be1-6cc8-4527-a9a8-e3d38f250096\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"modeRequirement-12430be1-6cc8-4527-a9a8-e3d38f250096\" : { \r\n \"value\" : \"Detection\"\r\n },\r\n \"effect-425bea59-a659-4cbb-8d31-34499bd030b8\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"modeRequirement-425bea59-a659-4cbb-8d31-34499bd030b8\" : { \r\n \"value\" : \"Detection\"\r\n },\r\n \"effect-564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-055aa869-bc98-4af8-bafc-23f1ab6ffe2c\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-013e242c-8828-4970-87b3-ab247555486d\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-d38fc420-0735-4ef3-ac11-c806f651a570\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-a1181c5f-672a-477a-979a-7d58aa086233\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-308fbb08-4ab8-4e67-9b29-592e93fb94fa\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-4da35fc9-c9e7-4960-aec9-797fe7d9051d\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-523b5cd1-3e23-492f-a539-13118b6d1e3a\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-7fe3b40f-802b-4cdd-8bd4-fd799c948cc2\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-c25d9a16-bc35-4e15-a7e5-9db606bf9ed4\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-b0f33259-77d7-4c9e-aac6-3aabcfae693c\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-037eea7a-bd0a-46c5-9a66-03aea78705d3\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-0725b4dd-7e76-479c-a735-68e7ee23d5ca\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-0820b7b9-23aa-4725-a1ce-ae4558f718e5\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-2c89a2e5-7285-40fe-afe0-ae8654b92fab\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-5744710e-cc2f-4ee8-8809-3b11e89f4bc9\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-ac4a19c2-fa67-49b4-8ae5-0b2e78c49457\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-c9d007d0-c057-4772-b18c-01e546713bcd\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-d0793b48-0edc-4296-a390-4c75d1bdfd71\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-e372f825-a257-4fb8-9175-797a8a8627d6\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-d158790f-bfb0-486c-8631-2dc6b4e8e6af\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-e802a67a-daf5-4436-9ea6-f6d821dd0c5d\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-a451c1ef-c6ca-483d-87ed-f49761e3ffb5\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftSql-servers-firewallRules-delete\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-delete\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftClassicNetwork-networkSecurityGroups-delete\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-securityRules-delete\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftClassicNetwork-networkSecurityGroups-securityRules-delete\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-ae89ebca-1c92-4898-ac2c-9f63decb045c\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-d26f7642-7545-4e18-9b75-8c9bbdee3a9a\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-1a4e592a-6a6e-44a5-9814-e36264ca96e7\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-7796937f-307b-4598-941c-67d3a05ebfe7\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-c5447c04-a4d7-4ba8-a263-c9ee321a6858\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-41388f1c-2db0-4c25-95b2-35d7f5ccbfa9\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-b02aacc0-b073-424e-8298-42b22829ee0a\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-0ec47710-77ff-4a3d-9181-6aa50af424d0\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-48af4db5-9b8b-401c-8e74-076be876a430\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-82339799-d096-41ae-8538-b108becf0970\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-1b7aa243-30e4-4c9e-bca8-d0d3022b634a\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-bb91dfba-c30d-4263-9add-9c2384e659a6\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-e71308d3-144b-4262-b144-efdc3cc90517\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-2bdd0062-9d75-436e-89df-487dd8e4b3c7\" : { \r\n \"value\" : \"Disabled\"\r\n },\r\n \"effect-4733ea7b-a883-42fe-8cac-97454c2a9e4a\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-67121cc7-ff39-4ab8-b7e3-95b84dab487d\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-6fac406b-40ca-413b-bf8e-0bf964659c25\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-81e74cea-30fd-40d5-802f-d72103c2aaaa\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-c349d81b-9985-44ae-a8da-ff98d108ede8\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-f4b53539-8df9-40e4-86c6-6b607703bd4e\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-ec068d99-e9c7-401f-8cef-5bdde4e6ccf1\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-048248b0-55cd-46da-b1ff-39efd52db260\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-0d134df8-db83-46fb-ad72-fe0c9428c8dd\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-2c89a2e5-7285-40fe-afe0-ae8654b92fb2\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-3657f5a0-770e-44a3-b44e-9431ba1e9735\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-617c02be-7f02-4efd-8836-3180d47b6c68\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-7d7be79c-23ba-4033-84dd-45e2a5ccdd67\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-87ba29ef-1ab3-4d82-b763-87fcd4f531f7\" : { \r\n \"value\" : \"audit\"\r\n },\r\n \"effect-f7d52b2d-e161-4dfa-a82b-55e564167385\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-c43e4a30-77cb-48ab-a4dd-93f175c63b57\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-1f314764-cb73-4fc9-b863-8eca98ac36e9\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-123a3936-f020-408a-ba0c-47873faf1534\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n }\r\n}\r\n", + "modifiedAssignment": "[if(and(equals(toLower(environment().name), toLower('AzureCloud')), equals(toLower(parameters('builtInAssignment')), toLower('IL5'))), 'NISTRev4', parameters('builtInAssignment'))]", + "assignmentName": "[format('{0} {1}', variables('modifiedAssignment'), resourceGroup().name)]", + "agentVmssAssignmentName": "[format('Deploy VMSS Agents {0}', resourceGroup().name)]", + "agentVmAssignmentName": "[format('Deploy VM Agents {0}', resourceGroup().name)]", + "contributorRoleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", + "lawsReaderRoleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293')]" + }, + "resources": [ + { + "type": "Microsoft.Authorization/policyAssignments", + "apiVersion": "2020-09-01", + "name": "[variables('assignmentName')]", + "location": "[parameters('location')]", + "properties": { + "policyDefinitionId": "[createObject('NISTRev4', createObject('id', '/providers/Microsoft.Authorization/policySetDefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f', 'parameters', json(replace(variables('$fxv#0'), '', extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('logAnalyticsWorkspaceResourceId'), '/')[2], split(parameters('logAnalyticsWorkspaceResourceId'), '/')[4]), 'Microsoft.OperationalInsights/workspaces', split(parameters('logAnalyticsWorkspaceResourceId'), '/')[8])))), 'NISTRev5', createObject('id', '/providers/Microsoft.Authorization/policySetDefinitions/179d1daa-458f-4e47-8086-2a68d0d6c38f', 'parameters', json(variables('$fxv#1'))), 'IL5', createObject('id', '/providers/Microsoft.Authorization/policySetDefinitions/f9a961fa-3241-4b20-adc4-bbf8ad9d7197', 'parameters', json(replace(variables('$fxv#2'), '', extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('logAnalyticsWorkspaceResourceId'), '/')[2], split(parameters('logAnalyticsWorkspaceResourceId'), '/')[4]), 'Microsoft.OperationalInsights/workspaces', split(parameters('logAnalyticsWorkspaceResourceId'), '/')[8])))), 'CMMC', createObject('id', '/providers/Microsoft.Authorization/policySetDefinitions/b5629c75-5c77-4422-87b9-2509e680f8de', 'parameters', json(replace(variables('$fxv#3'), '', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('logAnalyticsWorkspaceResourceId'), '/')[2], split(parameters('logAnalyticsWorkspaceResourceId'), '/')[4]), 'Microsoft.OperationalInsights/workspaces', split(parameters('logAnalyticsWorkspaceResourceId'), '/')[8]), '2021-06-01').customerId))))[variables('modifiedAssignment')].id]", + "parameters": "[createObject('NISTRev4', createObject('id', '/providers/Microsoft.Authorization/policySetDefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f', 'parameters', json(replace(variables('$fxv#0'), '', extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('logAnalyticsWorkspaceResourceId'), '/')[2], split(parameters('logAnalyticsWorkspaceResourceId'), '/')[4]), 'Microsoft.OperationalInsights/workspaces', split(parameters('logAnalyticsWorkspaceResourceId'), '/')[8])))), 'NISTRev5', createObject('id', '/providers/Microsoft.Authorization/policySetDefinitions/179d1daa-458f-4e47-8086-2a68d0d6c38f', 'parameters', json(variables('$fxv#1'))), 'IL5', createObject('id', '/providers/Microsoft.Authorization/policySetDefinitions/f9a961fa-3241-4b20-adc4-bbf8ad9d7197', 'parameters', json(replace(variables('$fxv#2'), '', extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('logAnalyticsWorkspaceResourceId'), '/')[2], split(parameters('logAnalyticsWorkspaceResourceId'), '/')[4]), 'Microsoft.OperationalInsights/workspaces', split(parameters('logAnalyticsWorkspaceResourceId'), '/')[8])))), 'CMMC', createObject('id', '/providers/Microsoft.Authorization/policySetDefinitions/b5629c75-5c77-4422-87b9-2509e680f8de', 'parameters', json(replace(variables('$fxv#3'), '', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('logAnalyticsWorkspaceResourceId'), '/')[2], split(parameters('logAnalyticsWorkspaceResourceId'), '/')[4]), 'Microsoft.OperationalInsights/workspaces', split(parameters('logAnalyticsWorkspaceResourceId'), '/')[8]), '2021-06-01').customerId))))[variables('modifiedAssignment')].parameters]" + }, + "identity": { + "type": "SystemAssigned" + } + }, + { + "type": "Microsoft.Authorization/policyAssignments", + "apiVersion": "2020-09-01", + "name": "[variables('agentVmssAssignmentName')]", + "location": "[parameters('location')]", + "properties": { + "policyDefinitionId": "[tenantResourceId('Microsoft.Authorization/policySetDefinitions', '75714362-cae7-409e-9b99-a8e5075b7fad')]", + "parameters": { + "logAnalytics_1": { + "value": "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('logAnalyticsWorkspaceResourceId'), '/')[2], split(parameters('logAnalyticsWorkspaceResourceId'), '/')[4]), 'Microsoft.OperationalInsights/workspaces', split(parameters('logAnalyticsWorkspaceResourceId'), '/')[8])]" + } + } + }, + "identity": { + "type": "SystemAssigned" + } + }, + { + "type": "Microsoft.Authorization/policyAssignments", + "apiVersion": "2020-09-01", + "name": "[variables('agentVmAssignmentName')]", + "location": "[parameters('location')]", + "properties": { + "policyDefinitionId": "[tenantResourceId('Microsoft.Authorization/policySetDefinitions', '55f3eceb-5573-4f18-9695-226972c6d74a')]", + "parameters": { + "logAnalytics_1": { + "value": "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('logAnalyticsWorkspaceResourceId'), '/')[2], split(parameters('logAnalyticsWorkspaceResourceId'), '/')[4]), 'Microsoft.OperationalInsights/workspaces', split(parameters('logAnalyticsWorkspaceResourceId'), '/')[8])]" + } + } + }, + "identity": { + "type": "SystemAssigned" + } + }, + { + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2020-04-01-preview", + "name": "[guid(variables('contributorRoleDefinitionId'), variables('assignmentName'))]", + "properties": { + "roleDefinitionId": "[variables('contributorRoleDefinitionId')]", + "principalId": "[if(empty(variables('modifiedAssignment')), '', reference(resourceId('Microsoft.Authorization/policyAssignments', variables('assignmentName')), '2020-09-01', 'full').identity.principalId)]", + "principalType": "ServicePrincipal" + }, + "dependsOn": [ + "[resourceId('Microsoft.Authorization/policyAssignments', variables('assignmentName'))]" + ] + }, + { + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2020-04-01-preview", + "name": "[guid(variables('contributorRoleDefinitionId'), variables('agentVmssAssignmentName'))]", + "properties": { + "roleDefinitionId": "[variables('contributorRoleDefinitionId')]", + "principalId": "[reference(resourceId('Microsoft.Authorization/policyAssignments', variables('agentVmssAssignmentName')), '2020-09-01', 'full').identity.principalId]", + "principalType": "ServicePrincipal" + }, + "dependsOn": [ + "[resourceId('Microsoft.Authorization/policyAssignments', variables('agentVmssAssignmentName'))]" + ] + }, + { + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2020-04-01-preview", + "name": "[guid(variables('contributorRoleDefinitionId'), variables('agentVmAssignmentName'))]", + "properties": { + "roleDefinitionId": "[variables('contributorRoleDefinitionId')]", + "principalId": "[reference(resourceId('Microsoft.Authorization/policyAssignments', variables('agentVmAssignmentName')), '2020-09-01', 'full').identity.principalId]", + "principalType": "ServicePrincipal" + }, + "dependsOn": [ + "[resourceId('Microsoft.Authorization/policyAssignments', variables('agentVmAssignmentName'))]" + ] + }, + { + "condition": "[parameters('deployRemediation')]", + "type": "Microsoft.PolicyInsights/remediations", + "apiVersion": "2019-07-01", + "name": "VM-Agent-Policy-Remediation", + "properties": { + "policyAssignmentId": "[resourceId('Microsoft.Authorization/policyAssignments', variables('agentVmAssignmentName'))]", + "resourceDiscoveryMode": "ReEvaluateCompliance" + }, + "dependsOn": [ + "[resourceId('Microsoft.Authorization/policyAssignments', variables('agentVmAssignmentName'))]" + ] + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('Assign-Laws-Role-Policy-{0}', resourceGroup().name)]", + "subscriptionId": "[split(parameters('logAnalyticsWorkspaceResourceId'), '/')[2]]", + "resourceGroup": "[split(parameters('logAnalyticsWorkspaceResourceId'), '/')[4]]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "targetResourceId": { + "value": "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('logAnalyticsWorkspaceResourceId'), '/')[2], split(parameters('logAnalyticsWorkspaceResourceId'), '/')[4]), 'Microsoft.OperationalInsights/workspaces', split(parameters('logAnalyticsWorkspaceResourceId'), '/')[8])]" + }, + "roleDefinitionId": { + "value": "[variables('lawsReaderRoleDefinitionId')]" + }, + "principalId": { + "value": "[reference(resourceId('Microsoft.Authorization/policyAssignments', variables('agentVmAssignmentName')), '2020-09-01', 'full').identity.principalId]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "6383470207031311407" + } + }, + "parameters": { + "targetResourceId": { + "type": "string" + }, + "roleDefinitionId": { + "type": "string" + }, + "principalId": { + "type": "string" + }, + "principalType": { + "type": "string", + "defaultValue": "ServicePrincipal", + "allowedValues": [ + "ForeignGroup", + "Group", + "ServicePrincipal", + "User" + ] + }, + "description": { + "type": "string", + "defaultValue": "" + } + }, + "resources": [ + { + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2020-04-01-preview", + "name": "[guid(parameters('targetResourceId'), parameters('roleDefinitionId'), parameters('principalId'))]", + "properties": { + "principalId": "[parameters('principalId')]", + "principalType": "[parameters('principalType')]", + "roleDefinitionId": "[parameters('roleDefinitionId')]", + "description": "[parameters('description')]" + } + } + ] + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Authorization/policyAssignments', variables('agentVmAssignmentName'))]" + ] + } + ] + } + } + } + ] + } + }, + "dependsOn": [ + "[subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]" + ] + }, + { + "condition": "[parameters('deployDefender')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('set-{0}-sub-defender', toLower(parameters('workloadName')))]", + "location": "[deployment().location]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "emailSecurityContact": { + "value": "[parameters('emailSecurityContact')]" + }, + "logAnalyticsWorkspaceId": { + "value": "[parameters('logAnalyticsWorkspaceResourceId')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "4615387508967890473" + } + }, + "parameters": { + "defenderPlans": { + "type": "array", + "defaultValue": [ + "VirtualMachines" + ], + "metadata": { + "description": "Defender Paid protection Plans. Even if a customer selects the free sku, at least 1 paid protection plan must be specified." + } + }, + "enableAutoProvisioning": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Turn automatic deployment by Defender of the MMA (OMS VM extension) on or off" + } + }, + "logAnalyticsWorkspaceId": { + "type": "string", + "metadata": { + "description": "Specify the ID of your custom Log Analytics workspace to collect Defender data." + } + }, + "emailSecurityContact": { + "type": "string", + "metadata": { + "description": "Email address of the contact, in the form of john@doe.com" + } + }, + "policySetDescription": { + "type": "string", + "defaultValue": "The Microsoft Cloud Security Benchmark initiative represents the policies and controls implementing security recommendations defined in Microsoft Cloud Security Benchmark v2, see https://aka.ms/azsecbm. This also serves as the Microsoft Defender for Cloud default policy initiative. You can directly assign this initiative, or manage its policies and compliance results within Microsoft Defender.", + "metadata": { + "description": "Policy Initiative description field" + } + }, + "defenderSkuTier": { + "type": "string", + "defaultValue": "Free", + "metadata": { + "description": "[Standard/Free] The SKU for Defender. It defaults to \"Free\"." + } + } + }, + "variables": { + "autoProvisioning": "[if(parameters('enableAutoProvisioning'), 'On', 'Off')]", + "defenderPaidPlanConfig": { + "AzureCloud": { + "Api": { + "subPlan": "P1" + }, + "appServices": {}, + "KeyVaults": { + "subPlan": "PerKeyVault" + }, + "Arm": { + "subPlan": "PerSubscription" + }, + "CloudPosture": { + "extensions": [ + { + "name": "SensitiveDataDiscovery", + "isEnabled": "True" + }, + { + "name": "ContainerRegistriesVulnerabilityAssessments", + "isEnabled": "True" + }, + { + "name": "AgentlessDiscoveryForKubernetes", + "isEnabled": "True" + }, + { + "name": "AgentlessVmScanning", + "isEnabled": "True" + }, + { + "name": "EntraPermissionsManagement", + "isEnabled": "True" + } + ] + }, + "Containers": { + "extensions": [ + { + "name": "ContainerRegistriesVulnerabilityAssessments", + "isEnabled": "True" + }, + { + "name": "AgentlessDiscoveryForKubernetes", + "isEnabled": "True" + } + ] + }, + "CosmosDbs": {}, + "StorageAccounts": { + "subPlan": "DefenderForStorageV2", + "extensions": [ + { + "name": "OnUploadMalwareScanning", + "isEnabled": "True", + "additionalExtensionProperties": { + "CapGBPerMonthPerStorageAccount": "5000" + } + }, + { + "name": "SensitiveDataDiscovery", + "isEnabled": "True" + } + ] + }, + "VirtualMachines": { + "subPlan": "P1" + }, + "SqlServerVirtualMachines": {}, + "SqlServers": {}, + "OpenSourceRelationalDatabases": {} + } + } + }, + "resources": [ + { + "copy": { + "name": "defenderFreeAllClouds", + "count": "[length(parameters('defenderPlans'))]", + "mode": "serial", + "batchSize": 1 + }, + "condition": "[equals(parameters('defenderSkuTier'), 'Free')]", + "type": "Microsoft.Security/pricings", + "apiVersion": "2023-01-01", + "name": "[parameters('defenderPlans')[copyIndex()]]", + "properties": { + "pricingTier": "[parameters('defenderSkuTier')]" + } + }, + { + "copy": { + "name": "defenderStandardNoSubplanNoExtensions", + "count": "[length(parameters('defenderPlans'))]", + "mode": "serial", + "batchSize": 1 + }, + "condition": "[and(equals(parameters('defenderSkuTier'), 'Standard'), not(equals(environment().name, 'AzureCloud')))]", + "type": "Microsoft.Security/pricings", + "apiVersion": "2023-01-01", + "name": "[parameters('defenderPlans')[copyIndex()]]", + "properties": { + "pricingTier": "[parameters('defenderSkuTier')]" + } + }, + { + "copy": { + "name": "defenderStandardSubplanExtensionsAzureCloud", + "count": "[length(parameters('defenderPlans'))]", + "mode": "serial", + "batchSize": 1 + }, + "condition": "[and(equals(parameters('defenderSkuTier'), 'Standard'), equals(environment().name, 'AzureCloud'))]", + "type": "Microsoft.Security/pricings", + "apiVersion": "2023-01-01", + "name": "[parameters('defenderPlans')[copyIndex()]]", + "properties": { + "pricingTier": "[parameters('defenderSkuTier')]", + "subPlan": "[if(contains(variables('defenderPaidPlanConfig')[environment().name][parameters('defenderPlans')[copyIndex()]], 'subPlan'), variables('defenderPaidPlanConfig')[environment().name][parameters('defenderPlans')[copyIndex()]].subPlan, json('null'))]", + "extensions": "[if(contains(variables('defenderPaidPlanConfig')[environment().name][parameters('defenderPlans')[copyIndex()]], 'extensions'), variables('defenderPaidPlanConfig')[environment().name][parameters('defenderPlans')[copyIndex()]].extensions, json('null'))]" + } + }, + { + "type": "Microsoft.Security/autoProvisioningSettings", + "apiVersion": "2019-01-01", + "name": "default", + "properties": { + "autoProvision": "[variables('autoProvisioning')]" + } + }, + { + "type": "Microsoft.Security/workspaceSettings", + "apiVersion": "2019-01-01", + "name": "default", + "properties": { + "workspaceId": "[parameters('logAnalyticsWorkspaceId')]", + "scope": "[subscription().id]" + } + }, + { + "condition": "[not(empty(parameters('emailSecurityContact')))]", + "type": "Microsoft.Security/securityContacts", + "apiVersion": "2020-01-01-preview", + "name": "default", + "properties": { + "notificationsByRole": { + "roles": [ + "AccountAdmin", + "Contributor", + "Owner", + "ServiceAdmin" + ], + "state": "On" + }, + "alertNotifications": { + "state": "On" + }, + "emails": "[parameters('emailSecurityContact')]" + } + }, + { + "type": "Microsoft.Authorization/policyAssignments", + "apiVersion": "2022-06-01", + "name": "Microsoft Cloud Security Benchmark", + "properties": { + "displayName": "Defender Default", + "description": "[parameters('policySetDescription')]", + "enforcementMode": "DoNotEnforce", + "parameters": {}, + "policyDefinitionId": "[tenantResourceId('Microsoft.Authorization/policySetDefinitions', '1f3afdf9-d0c9-4c3d-847f-89da613e70a8')]" + } + } + ] + } + } + } + ], + "outputs": { + "diskEncryptionSetResourceId": { + "type": "string", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.diskEncryptionSetResourceId.value]" + }, + "keyVaultUri": { + "type": "string", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultUri.value]" + }, + "locatonProperties": { + "type": "object", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.locationProperties.value]" + }, + "mlzTags": { + "type": "object", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.mlzTags.value]" + }, + "namingConvention": { + "type": "object", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value[0].namingConvention]" + }, + "privateDnsZones": { + "type": "array", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.privateDnsZones.value]" + }, + "resourcePrefix": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('firewallResourceId'), '/')[2], split(parameters('firewallResourceId'), '/')[4]), 'Microsoft.Network/azureFirewalls', split(parameters('firewallResourceId'), '/')[8]), '2020-11-01', 'full').tags.resourcePrefix]" + }, + "storageEncryptionKeyName": { + "type": "string", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.storageKeyName.value]" + }, + "subnetResourceId": { + "type": "string", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.subnetResourceId.value]" + }, + "tier": { + "type": "object", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value[0]]" + }, + "tokens": { + "type": "object", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value]" + }, + "userAssignedIdentityResourceId": { + "type": "string", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.userAssignedIdentityResourceId.value]" + } + } + } + } + }, + { + "copy": { + "name": "rgs", + "count": "[length(variables('resourceGroupServices'))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-rg-{0}-{1}', variables('resourceGroupServices')[copyIndex()], parameters('deploymentNameSuffix'))]", + "location": "[deployment().location]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "location": "[if(or(equals(variables('resourceGroupServices')[copyIndex()], 'controlPlane'), equals(variables('resourceGroupServices')[copyIndex()], 'feedWorkspace')), createObject('value', parameters('locationControlPlane')), createObject('value', parameters('locationVirtualMachines')))]", + "mlzTags": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.mlzTags.value]" + }, + "name": "[if(and(equals(length(variables('deploymentLocations')), 2), or(equals(variables('resourceGroupServices')[copyIndex()], 'controlPlane'), equals(variables('resourceGroupServices')[copyIndex()], 'feedWorkspace'))), createObject('value', replace(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-session-hosts-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.namingConvention.value.resourceGroup, reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-session-hosts-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value.service, variables('resourceGroupServices')[copyIndex()])), if(equals(variables('resourceGroupServices')[copyIndex()], 'globalWorkspace'), createObject('value', replace(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-session-hosts-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.namingConvention.value.resourceGroup, reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-session-hosts-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value.service, variables('resourceGroupServices')[copyIndex()])), createObject('value', replace(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.namingConvention.value.resourceGroup, reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value.service, variables('resourceGroupServices')[copyIndex()]))))]", + "tags": { + "value": "[parameters('tags')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "11578255285976861685" + } + }, + "parameters": { + "mlzTags": { + "type": "object" + }, + "name": { + "type": "string" + }, + "location": { + "type": "string" + }, + "tags": { + "type": "object", + "defaultValue": {} + } + }, + "resources": [ + { + "type": "Microsoft.Resources/resourceGroups", + "apiVersion": "2019-05-01", + "name": "[parameters('name')]", + "location": "[parameters('location')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Resources/resourceGroups'), parameters('tags')['Microsoft.Resources/resourceGroups'], createObject()), parameters('mlzTags'))]" + } + ], + "outputs": { + "id": { + "type": "string", + "value": "[subscriptionResourceId('Microsoft.Resources/resourceGroups', parameters('name'))]" + }, + "name": { + "type": "string", + "value": "[parameters('name')]" + }, + "location": { + "type": "string", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/resourceGroups', parameters('name')), '2019-05-01', 'full').location]" + }, + "tags": { + "type": "object", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/resourceGroups', parameters('name')), '2019-05-01', 'full').tags]" + } + } + } + }, + "dependsOn": [ + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-session-hosts-{0}', parameters('deploymentNameSuffix')))]" + ] + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-management-{0}', parameters('deploymentNameSuffix'))]", + "location": "[deployment().location]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "activeDirectorySolution": { + "value": "[parameters('activeDirectorySolution')]" + }, + "artifactsStorageAccountResourceId": { + "value": "[parameters('artifactsStorageAccountResourceId')]" + }, + "artifactsUri": { + "value": "[variables('artifactsUri')]" + }, + "availability": { + "value": "[parameters('availability')]" + }, + "avdObjectId": { + "value": "[parameters('avdObjectId')]" + }, + "azurePowerShellModuleMsiName": { + "value": "[parameters('azurePowerShellModuleMsiName')]" + }, + "deployFslogix": { + "value": "[variables('deployFslogix')]" + }, + "deploymentNameSuffix": { + "value": "[parameters('deploymentNameSuffix')]" + }, + "diskEncryptionSetResourceId": "[if(equals(length(variables('deploymentLocations')), 2), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-session-hosts-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.diskEncryptionSetResourceId.value), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.diskEncryptionSetResourceId.value))]", + "diskSku": { + "value": "[parameters('diskSku')]" + }, + "domainJoinPassword": { + "value": "[parameters('domainJoinPassword')]" + }, + "domainJoinUserPrincipalName": { + "value": "[parameters('domainJoinUserPrincipalName')]" + }, + "domainName": { + "value": "[parameters('domainName')]" + }, + "enableMonitoring": { + "value": "[parameters('monitoring')]" + }, + "fslogixStorageService": { + "value": "[parameters('fslogixStorageService')]" + }, + "hostPoolType": { + "value": "[parameters('hostPoolType')]" + }, + "imageVersionResourceId": { + "value": "[parameters('imageVersionResourceId')]" + }, + "locationVirtualMachines": { + "value": "[parameters('locationVirtualMachines')]" + }, + "logAnalyticsWorkspaceRetention": { + "value": "[parameters('logAnalyticsWorkspaceRetention')]" + }, + "logAnalyticsWorkspaceSku": { + "value": "[parameters('logAnalyticsWorkspaceSku')]" + }, + "mlzTags": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.mlzTags.value]" + }, + "namingConvention": "[if(equals(length(variables('deploymentLocations')), 2), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-session-hosts-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.namingConvention.value), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.namingConvention.value))]", + "organizationalUnitPath": { + "value": "[parameters('organizationalUnitPath')]" + }, + "privateDnsZoneResourceIdPrefix": { + "value": "[variables('privateDnsZoneResourceIdPrefix')]" + }, + "privateDnsZones": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.privateDnsZones.value]" + }, + "recoveryServices": { + "value": "[parameters('recoveryServices')]" + }, + "recoveryServicesGeo": "[if(equals(length(variables('deploymentLocations')), 2), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-session-hosts-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.locatonProperties.value.recoveryServicesGeo), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.locatonProperties.value.recoveryServicesGeo))]", + "resourceGroupControlPlane": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', variables('resourceGroupServices')[0], parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" + }, + "resourceGroupFeedWorkspace": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', variables('resourceGroupServices')[1], parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" + }, + "resourceGroupHosts": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', variables('resourceGroupServices')[2], parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" + }, + "resourceGroupManagement": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', variables('resourceGroupServices')[3], parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" + }, + "resourceGroupStorage": "[if(variables('deployFslogix'), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', variables('resourceGroupServices')[4], parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value), createObject('value', ''))]", + "roleDefinitions": { + "value": "[variables('roleDefinitions')]" + }, + "scalingTool": { + "value": "[parameters('scalingTool')]" + }, + "serviceToken": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value.service]" + }, + "sessionHostCount": { + "value": "[parameters('sessionHostCount')]" + }, + "storageService": { + "value": "[variables('storageService')]" + }, + "subnetResourceId": "[if(equals(length(variables('deploymentLocations')), 2), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-session-hosts-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.subnetResourceId.value), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.subnetResourceId.value))]", + "tags": { + "value": "[parameters('tags')]" + }, + "timeZone": "[if(equals(length(variables('deploymentLocations')), 2), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-session-hosts-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.locatonProperties.value.timeZone), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.locatonProperties.value.timeZone))]", + "virtualMachineMonitoringAgent": { + "value": "[parameters('virtualMachineMonitoringAgent')]" + }, + "virtualMachinePassword": { + "value": "[parameters('virtualMachinePassword')]" + }, + "virtualMachineSize": { + "value": "[parameters('virtualMachineSize')]" + }, + "virtualMachineUsername": { + "value": "[parameters('virtualMachineUsername')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "16878648559668656577" + } + }, + "parameters": { + "activeDirectorySolution": { + "type": "string" + }, + "artifactsUri": { + "type": "string" + }, + "artifactsStorageAccountResourceId": { + "type": "string" + }, + "availability": { + "type": "string" + }, + "avdObjectId": { + "type": "string" + }, + "azurePowerShellModuleMsiName": { + "type": "string" + }, + "deploymentNameSuffix": { + "type": "string" + }, + "diskSku": { + "type": "string" + }, + "domainJoinPassword": { + "type": "securestring" + }, + "domainJoinUserPrincipalName": { + "type": "string" + }, + "domainName": { + "type": "string" + }, + "enableMonitoring": { + "type": "bool" + }, + "deployFslogix": { + "type": "bool" + }, + "diskEncryptionSetResourceId": { + "type": "string" + }, + "fslogixStorageService": { + "type": "string" + }, + "hostPoolType": { + "type": "string" + }, + "imageVersionResourceId": { + "type": "string" + }, + "locationVirtualMachines": { + "type": "string" + }, + "logAnalyticsWorkspaceRetention": { + "type": "int" + }, + "logAnalyticsWorkspaceSku": { + "type": "string" + }, + "mlzTags": { + "type": "object" + }, + "namingConvention": { + "type": "object" + }, + "organizationalUnitPath": { + "type": "string" + }, + "privateDnsZoneResourceIdPrefix": { + "type": "string" + }, + "privateDnsZones": { + "type": "array" + }, + "recoveryServices": { + "type": "bool" + }, + "recoveryServicesGeo": { + "type": "string" + }, + "resourceGroupControlPlane": { + "type": "string" + }, + "resourceGroupFeedWorkspace": { + "type": "string" + }, + "resourceGroupHosts": { + "type": "string" + }, + "resourceGroupManagement": { + "type": "string" + }, + "resourceGroupStorage": { + "type": "string" + }, + "roleDefinitions": { + "type": "object" + }, + "scalingTool": { + "type": "bool" + }, + "serviceToken": { + "type": "string" + }, + "sessionHostCount": { + "type": "int" + }, + "storageService": { + "type": "string" + }, + "subnetResourceId": { + "type": "string" + }, + "tags": { + "type": "object" + }, + "timeZone": { + "type": "string" + }, + "virtualMachineMonitoringAgent": { + "type": "string" + }, + "virtualMachinePassword": { + "type": "securestring" + }, + "virtualMachineUsername": { + "type": "string" + }, + "virtualMachineSize": { + "type": "string" + } + }, + "variables": { + "hostPoolName": "[parameters('namingConvention').hostPool]", + "userAssignedIdentityNamePrefix": "[parameters('namingConvention').userAssignedIdentity]", + "CpuCountMax": "[if(contains(parameters('hostPoolType'), 'Pooled'), 32, 128)]", + "CpuCountMin": "[if(contains(parameters('hostPoolType'), 'Pooled'), 4, 2)]", + "roleAssignments": "[union(createArray(createObject('roleDefinitionId', 'f353d9bd-d4a6-484e-a77a-8050b599b867', 'resourceGroup', parameters('resourceGroupManagement'), 'subscription', subscription().subscriptionId), createObject('roleDefinitionId', '86240b0e-9422-4c43-887b-b61143f32ba8', 'resourceGroup', parameters('resourceGroupControlPlane'), 'subscription', subscription().subscriptionId), createObject('roleDefinitionId', '2ad6aaab-ead9-4eaa-8ac5-da422f562408', 'resourceGroup', parameters('resourceGroupControlPlane'), 'subscription', subscription().subscriptionId), createObject('roleDefinitionId', 'a959dbd1-f747-45e3-8ba6-dd80f235f97c', 'resourceGroup', parameters('resourceGroupManagement'), 'subscription', subscription().subscriptionId), createObject('roleDefinitionId', '21efdde3-836f-432b-bf3d-3e8e734d4b2b', 'resourceGroup', parameters('resourceGroupFeedWorkspace'), 'subscription', subscription().subscriptionId), createObject('roleDefinitionId', '2a2b9908-6ea1-4ae2-8e65-a410df84e7d1', 'resourceGroup', split(parameters('artifactsStorageAccountResourceId'), '/')[4], 'subscription', split(parameters('artifactsStorageAccountResourceId'), '/')[2])), if(parameters('deployFslogix'), createArray(createObject('roleDefinitionId', '17d1049b-9a84-46fb-8f53-869881c3d3ab', 'resourceGroup', parameters('resourceGroupStorage'), 'subscription', subscription().subscriptionId)), createArray()))]", + "VirtualNetworkName": "[split(parameters('subnetResourceId'), '/')[8]]", + "VirtualNetworkResourceGroupName": "[split(parameters('subnetResourceId'), '/')[4]]" + }, + "resources": [ + { + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2022-04-01", + "name": "[guid(replace(variables('userAssignedIdentityNamePrefix'), parameters('serviceToken'), 'deployment'), parameters('roleDefinitions').Reader, subscription().id)]", + "properties": { + "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', parameters('roleDefinitions').Reader)]", + "principalId": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-id-deployment-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.principalId.value]", + "principalType": "ServicePrincipal" + }, + "dependsOn": [ + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-id-deployment-{0}', parameters('deploymentNameSuffix')))]" + ] + }, + { + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2022-04-01", + "name": "[guid(parameters('avdObjectId'), parameters('roleDefinitions').DesktopVirtualizationPowerOnContributor, subscription().id)]", + "properties": { + "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', parameters('roleDefinitions').DesktopVirtualizationPowerOnContributor)]", + "principalId": "[parameters('avdObjectId')]" + } + }, + { + "condition": "[and(contains(parameters('hostPoolType'), 'Pooled'), parameters('recoveryServices'))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-policy-disks-{0}', parameters('deploymentNameSuffix'))]", + "location": "[deployment().location]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "location": { + "value": "[parameters('locationVirtualMachines')]" + }, + "resourceGroupName": { + "value": "[parameters('resourceGroupHosts')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "17437938337622016202" + } + }, + "parameters": { + "location": { + "type": "string" + }, + "resourceGroupName": { + "type": "string" + } + }, + "resources": [ + { + "type": "Microsoft.Authorization/policyDefinitions", + "apiVersion": "2021-06-01", + "name": "DiskNetworkAccess", + "properties": { + "description": "[format('Disable network access to managed disks in the {0} resource group', parameters('resourceGroupName'))]", + "displayName": "[format('Disable Disk Access ({0})', parameters('resourceGroupName'))]", + "mode": "All", + "parameters": {}, + "policyRule": { + "if": { + "field": "type", + "equals": "Microsoft.Compute/disks" + }, + "then": { + "effect": "modify", + "details": { + "roleDefinitionIds": [ + "/providers/Microsoft.Authorization/roleDefinitions/60fc6e62-5479-42d4-8bf4-67625fcc2840" + ], + "operations": [ + { + "operation": "addOrReplace", + "field": "Microsoft.Compute/disks/networkAccessPolicy", + "value": "DenyAll" + }, + { + "operation": "addOrReplace", + "field": "Microsoft.Compute/disks/publicNetworkAccess", + "value": "Disabled" + } + ] + } + } + }, + "policyType": "Custom" + } + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "DiskNetworkAccess", + "resourceGroup": "[parameters('resourceGroupName')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "location": { + "value": "[parameters('location')]" + }, + "policyDefinitionId": { + "value": "[subscriptionResourceId('Microsoft.Authorization/policyDefinitions', 'DiskNetworkAccess')]" + }, + "policyDisplayName": { + "value": "[reference(subscriptionResourceId('Microsoft.Authorization/policyDefinitions', 'DiskNetworkAccess'), '2021-06-01').displayName]" + }, + "policyName": { + "value": "[reference(subscriptionResourceId('Microsoft.Authorization/policyDefinitions', 'DiskNetworkAccess'), '2021-06-01').displayName]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "9958180890314209726" + } + }, + "parameters": { + "location": { + "type": "string" + }, + "policyDefinitionId": { + "type": "string" + }, + "policyDisplayName": { + "type": "string" + }, + "policyName": { + "type": "string" + } + }, + "resources": [ + { + "type": "Microsoft.Authorization/policyAssignments", + "apiVersion": "2022-06-01", + "name": "[parameters('policyName')]", + "location": "[parameters('location')]", + "identity": { + "type": "SystemAssigned" + }, + "properties": { + "displayName": "[parameters('policyDisplayName')]", + "policyDefinitionId": "[parameters('policyDefinitionId')]" + } + } + ] + } + }, + "dependsOn": [ + "[subscriptionResourceId('Microsoft.Authorization/policyDefinitions', 'DiskNetworkAccess')]" + ] + } + ] + } + } + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-id-deployment-{0}', parameters('deploymentNameSuffix'))]", + "resourceGroup": "[parameters('resourceGroupManagement')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "location": { + "value": "[parameters('locationVirtualMachines')]" + }, + "name": { + "value": "[replace(variables('userAssignedIdentityNamePrefix'), parameters('serviceToken'), 'deployment')]" + }, + "tags": { + "value": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupControlPlane'), variables('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.ManagedIdentity/userAssignedIdentities'), parameters('tags')['Microsoft.ManagedIdentity/userAssignedIdentities'], createObject()), parameters('mlzTags'))]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "17434071438759696167" + } + }, + "parameters": { + "location": { + "type": "string" + }, + "name": { + "type": "string" + }, + "tags": { + "type": "object" + } + }, + "resources": [ + { + "type": "Microsoft.ManagedIdentity/userAssignedIdentities", + "apiVersion": "2018-11-30", + "name": "[parameters('name')]", + "location": "[parameters('location')]", + "tags": "[parameters('tags')]" + } + ], + "outputs": { + "clientId": { + "type": "string", + "value": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name')), '2018-11-30').clientId]" + }, + "resourceId": { + "type": "string", + "value": "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name'))]" + }, + "principalId": { + "type": "string", + "value": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name')), '2018-11-30').principalId]" + } + } + } + } + }, + { + "copy": { + "name": "roleAssignments_deployment", + "count": "[length(range(0, length(variables('roleAssignments'))))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-role-assignment-{0}-{1}', range(0, length(variables('roleAssignments')))[copyIndex()], parameters('deploymentNameSuffix'))]", + "subscriptionId": "[variables('roleAssignments')[range(0, length(variables('roleAssignments')))[copyIndex()]].subscription]", + "resourceGroup": "[variables('roleAssignments')[range(0, length(variables('roleAssignments')))[copyIndex()]].resourceGroup]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "principalId": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-id-deployment-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.principalId.value]" + }, + "principalType": { + "value": "ServicePrincipal" + }, + "roleDefinitionId": { + "value": "[variables('roleAssignments')[range(0, length(variables('roleAssignments')))[copyIndex()]].roleDefinitionId]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "936749082468094105" + } + }, + "parameters": { + "principalId": { + "type": "string" + }, + "principalType": { + "type": "string" + }, + "roleDefinitionId": { + "type": "string" + } + }, + "resources": [ + { + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2022-04-01", + "name": "[guid(parameters('principalId'), parameters('roleDefinitionId'), resourceGroup().id)]", + "properties": { + "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', parameters('roleDefinitionId'))]", + "principalId": "[parameters('principalId')]", + "principalType": "[parameters('principalType')]" + } + } + ] + } + }, + "dependsOn": [ + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-id-deployment-{0}', parameters('deploymentNameSuffix')))]" + ] + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-artifacts-{0}', parameters('deploymentNameSuffix'))]", + "subscriptionId": "[split(parameters('artifactsStorageAccountResourceId'), '/')[2]]", + "resourceGroup": "[split(parameters('artifactsStorageAccountResourceId'), '/')[4]]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "deploymentNameSuffix": { + "value": "[parameters('deploymentNameSuffix')]" + }, + "hostPoolName": { + "value": "[variables('hostPoolName')]" + }, + "location": { + "value": "[parameters('locationVirtualMachines')]" + }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, + "resourceGroupControlPlane": { + "value": "[parameters('resourceGroupControlPlane')]" + }, + "resourceGroupManagement": { + "value": "[parameters('resourceGroupManagement')]" + }, + "storageAccountName": { + "value": "[split(parameters('artifactsStorageAccountResourceId'), '/')[8]]" + }, + "subscriptionId": { + "value": "[subscription().subscriptionId]" + }, + "tags": { + "value": "[parameters('tags')]" + }, + "userAssignedIdentityName": { + "value": "[replace(variables('userAssignedIdentityNamePrefix'), parameters('serviceToken'), 'artifacts')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "13780242225338357869" + } + }, + "parameters": { + "deploymentNameSuffix": { + "type": "string" + }, + "hostPoolName": { + "type": "string" + }, + "location": { + "type": "string" + }, + "mlzTags": { + "type": "object" + }, + "resourceGroupControlPlane": { + "type": "string" + }, + "resourceGroupManagement": { + "type": "string" + }, + "storageAccountName": { + "type": "string" + }, + "subscriptionId": { + "type": "string" + }, + "tags": { + "type": "object" + }, + "userAssignedIdentityName": { + "type": "string" + } + }, + "variables": { + "roleDefinitionId": "2a2b9908-6ea1-4ae2-8e65-a410df84e7d1" + }, + "resources": [ + { + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2022-04-01", + "scope": "[format('Microsoft.Storage/storageAccounts/{0}', parameters('storageAccountName'))]", + "name": "[guid(parameters('userAssignedIdentityName'), variables('roleDefinitionId'), resourceGroup().id)]", + "properties": { + "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', variables('roleDefinitionId'))]", + "principalId": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-id-artifacts-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.principalId.value]", + "principalType": "ServicePrincipal" + }, + "dependsOn": [ + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-id-artifacts-{0}', parameters('deploymentNameSuffix')))]" + ] + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-id-artifacts-{0}', parameters('deploymentNameSuffix'))]", + "subscriptionId": "[parameters('subscriptionId')]", + "resourceGroup": "[parameters('resourceGroupManagement')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "location": { + "value": "[parameters('location')]" + }, + "name": { + "value": "[parameters('userAssignedIdentityName')]" + }, + "tags": { + "value": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupControlPlane'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.ManagedIdentity/userAssignedIdentities'), parameters('tags')['Microsoft.ManagedIdentity/userAssignedIdentities'], createObject()), parameters('mlzTags'))]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "17434071438759696167" + } + }, + "parameters": { + "location": { + "type": "string" + }, + "name": { + "type": "string" + }, + "tags": { + "type": "object" + } + }, + "resources": [ + { + "type": "Microsoft.ManagedIdentity/userAssignedIdentities", + "apiVersion": "2018-11-30", + "name": "[parameters('name')]", + "location": "[parameters('location')]", + "tags": "[parameters('tags')]" + } + ], + "outputs": { + "clientId": { + "type": "string", + "value": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name')), '2018-11-30').clientId]" + }, + "resourceId": { + "type": "string", + "value": "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name'))]" + }, + "principalId": { + "type": "string", + "value": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name')), '2018-11-30').principalId]" + } + } + } + } + } + ], + "outputs": { + "userAssignedIdentityClientId": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-id-artifacts-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.clientId.value]" + }, + "userAssignedIdentityPrincipalId": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-id-artifacts-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.principalId.value]" + }, + "userAssignedIdentityResourceId": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-id-artifacts-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.resourceId.value]" + } + } + } + } + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-mgmt-vm-{0}', parameters('deploymentNameSuffix'))]", + "resourceGroup": "[parameters('resourceGroupManagement')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "artifactsUri": { + "value": "[parameters('artifactsUri')]" + }, + "azurePowerShellModuleMsiName": { + "value": "[parameters('azurePowerShellModuleMsiName')]" + }, + "deploymentUserAssignedIdentityClientId": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-id-deployment-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.clientId.value]" + }, + "deploymentUserAssignedIdentityResourceId": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-id-deployment-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.resourceId.value]" + }, + "diskEncryptionSetResourceId": { + "value": "[parameters('diskEncryptionSetResourceId')]" + }, + "diskName": { + "value": "[replace(parameters('namingConvention').virtualMachineDisk, parameters('serviceToken'), 'mgt')]" + }, + "diskSku": { + "value": "[parameters('diskSku')]" + }, + "domainJoinPassword": { + "value": "[parameters('domainJoinPassword')]" + }, + "domainJoinUserPrincipalName": { + "value": "[parameters('domainJoinUserPrincipalName')]" + }, + "domainName": { + "value": "[parameters('domainName')]" + }, + "hostPoolName": { + "value": "[variables('hostPoolName')]" + }, + "location": { + "value": "[parameters('locationVirtualMachines')]" + }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, + "networkInterfaceName": { + "value": "[replace(parameters('namingConvention').virtualMachineNetworkInterface, parameters('serviceToken'), 'mgt')]" + }, + "organizationalUnitPath": { + "value": "[parameters('organizationalUnitPath')]" + }, + "resourceGroupControlPlane": { + "value": "[parameters('resourceGroupControlPlane')]" + }, + "subnet": { + "value": "[split(parameters('subnetResourceId'), '/')[10]]" + }, + "tags": { + "value": "[parameters('tags')]" + }, + "virtualMachineName": { + "value": "[replace(parameters('namingConvention').virtualMachine, parameters('serviceToken'), 'mgt')]" + }, + "virtualMachinePassword": { + "value": "[parameters('virtualMachinePassword')]" + }, + "virtualMachineUsername": { + "value": "[parameters('virtualMachineUsername')]" + }, + "virtualNetwork": { + "value": "[variables('VirtualNetworkName')]" + }, + "virtualNetworkResourceGroup": { + "value": "[variables('VirtualNetworkResourceGroupName')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "17381147058150003123" + } + }, + "parameters": { + "artifactsUri": { + "type": "string" + }, + "azurePowerShellModuleMsiName": { + "type": "string" + }, + "deploymentUserAssignedIdentityClientId": { + "type": "string" + }, + "deploymentUserAssignedIdentityResourceId": { + "type": "string" + }, + "diskEncryptionSetResourceId": { + "type": "string" + }, + "diskName": { + "type": "string" + }, + "diskSku": { + "type": "string" + }, + "domainJoinPassword": { + "type": "securestring" + }, + "domainJoinUserPrincipalName": { + "type": "string" + }, + "domainName": { + "type": "string" + }, + "hostPoolName": { + "type": "string" + }, + "location": { + "type": "string" + }, + "mlzTags": { + "type": "object" + }, + "networkInterfaceName": { + "type": "string" + }, + "organizationalUnitPath": { + "type": "string" + }, + "resourceGroupControlPlane": { + "type": "string" + }, + "subnet": { + "type": "string" + }, + "tags": { + "type": "object" + }, + "timestamp": { + "type": "string", + "defaultValue": "[utcNow('yyyyMMddhhmmss')]" + }, + "virtualNetwork": { + "type": "string" + }, + "virtualNetworkResourceGroup": { + "type": "string" + }, + "virtualMachineName": { + "type": "string" + }, + "virtualMachinePassword": { + "type": "securestring" + }, + "virtualMachineUsername": { + "type": "string" + } + }, + "variables": { + "tagsVirtualMachines": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupControlPlane'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), parameters('tags')['Microsoft.Compute/virtualMachines'], createObject()), parameters('mlzTags'))]" + }, + "resources": [ + { + "type": "Microsoft.Network/networkInterfaces", + "apiVersion": "2020-05-01", + "name": "[parameters('networkInterfaceName')]", + "location": "[parameters('location')]", + "tags": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupControlPlane'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.Network/networkInterfaces'), parameters('tags')['Microsoft.Network/networkInterfaces'], createObject()), parameters('mlzTags'))]", + "properties": { + "ipConfigurations": [ + { + "name": "ipconfig", + "properties": { + "privateIPAllocationMethod": "Dynamic", + "subnet": { + "id": "[resourceId(parameters('virtualNetworkResourceGroup'), 'Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetwork'), parameters('subnet'))]" + }, + "primary": true, + "privateIPAddressVersion": "IPv4" + } + } + ], + "enableAcceleratedNetworking": false, + "enableIPForwarding": false + } + }, + { + "type": "Microsoft.Compute/virtualMachines", + "apiVersion": "2021-11-01", + "name": "[parameters('virtualMachineName')]", + "location": "[parameters('location')]", + "tags": "[variables('tagsVirtualMachines')]", + "properties": { + "hardwareProfile": { + "vmSize": "Standard_B2s" + }, + "storageProfile": { + "imageReference": { + "publisher": "MicrosoftWindowsServer", + "offer": "WindowsServer", + "sku": "2019-datacenter-core-g2", + "version": "latest" + }, + "osDisk": { + "deleteOption": "Delete", + "osType": "Windows", + "createOption": "FromImage", + "caching": "None", + "managedDisk": { + "diskEncryptionSet": { + "id": "[parameters('diskEncryptionSetResourceId')]" + }, + "storageAccountType": "[parameters('diskSku')]" + }, + "name": "[parameters('diskName')]" + }, + "dataDisks": [] + }, + "osProfile": { + "computerName": "[parameters('virtualMachineName')]", + "adminUsername": "[parameters('virtualMachineUsername')]", + "adminPassword": "[parameters('virtualMachinePassword')]", + "windowsConfiguration": { + "provisionVMAgent": true, + "enableAutomaticUpdates": false + }, + "secrets": [], + "allowExtensionOperations": true + }, + "networkProfile": { + "networkInterfaces": [ + { + "id": "[resourceId('Microsoft.Network/networkInterfaces', parameters('networkInterfaceName'))]", + "properties": { + "deleteOption": "Delete" + } + } + ] + }, + "securityProfile": { + "uefiSettings": { + "secureBootEnabled": true, + "vTpmEnabled": true + }, + "securityType": "TrustedLaunch", + "encryptionAtHost": true + }, + "diagnosticsProfile": { + "bootDiagnostics": { + "enabled": false + } + }, + "licenseType": "Windows_Server" + }, + "identity": { + "type": "SystemAssigned, UserAssigned", + "userAssignedIdentities": { + "[format('{0}', parameters('deploymentUserAssignedIdentityResourceId'))]": {} + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/networkInterfaces', parameters('networkInterfaceName'))]" + ] + }, + { + "type": "Microsoft.Compute/virtualMachines/extensions", + "apiVersion": "2021-03-01", + "name": "[format('{0}/{1}', parameters('virtualMachineName'), 'IaaSAntimalware')]", + "location": "[parameters('location')]", + "tags": "[variables('tagsVirtualMachines')]", + "properties": { + "publisher": "Microsoft.Azure.Security", + "type": "IaaSAntimalware", + "typeHandlerVersion": "1.3", + "autoUpgradeMinorVersion": true, + "enableAutomaticUpgrade": false, + "settings": { + "AntimalwareEnabled": true, + "RealtimeProtectionEnabled": "true", + "ScheduledScanSettings": { + "isEnabled": "true", + "day": "7", + "time": "120", + "scanType": "Quick" + }, + "Exclusions": {} + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines', parameters('virtualMachineName'))]" + ] + }, + { + "type": "Microsoft.Compute/virtualMachines/extensions", + "apiVersion": "2021-03-01", + "name": "[format('{0}/{1}', parameters('virtualMachineName'), 'GuestAttestation')]", + "location": "[parameters('location')]", + "properties": { + "publisher": "Microsoft.Azure.Security.WindowsAttestation", + "type": "GuestAttestation", + "typeHandlerVersion": "1.0", + "autoUpgradeMinorVersion": true, + "settings": { + "AttestationConfig": { + "MaaSettings": { + "maaEndpoint": "", + "maaTenantName": "GuestAttestation" + }, + "AscSettings": { + "ascReportingEndpoint": "", + "ascReportingFrequency": "" + }, + "useCustomToken": "false", + "disableAlerts": "false" + } + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines', parameters('virtualMachineName'))]" + ] + }, + { + "type": "Microsoft.Compute/virtualMachines/extensions", + "apiVersion": "2019-07-01", + "name": "[format('{0}/{1}', parameters('virtualMachineName'), 'JsonADDomainExtension')]", + "location": "[parameters('location')]", + "tags": "[variables('tagsVirtualMachines')]", + "properties": { + "forceUpdateTag": "[parameters('timestamp')]", + "publisher": "Microsoft.Compute", + "type": "JsonADDomainExtension", + "typeHandlerVersion": "1.3", + "autoUpgradeMinorVersion": true, + "settings": { + "Name": "[parameters('domainName')]", + "Options": "3", + "OUPath": "[parameters('organizationalUnitPath')]", + "Restart": "true", + "User": "[parameters('domainJoinUserPrincipalName')]" + }, + "protectedSettings": { + "Password": "[parameters('domainJoinPassword')]" + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Resources/deployments', format('CSE_InstallAzurePowerShellAzModule_{0}', parameters('timestamp')))]", + "[resourceId('Microsoft.Compute/virtualMachines', parameters('virtualMachineName'))]" + ] + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('CSE_InstallAzurePowerShellAzModule_{0}', parameters('timestamp'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "fileUris": { + "value": [ + "[format('{0}{1}', parameters('artifactsUri'), parameters('azurePowerShellModuleMsiName'))]", + "[format('{0}Install-AzurePowerShellAzModule.ps1', parameters('artifactsUri'))]" + ] + }, + "location": { + "value": "[parameters('location')]" + }, + "parameters": { + "value": "[format('-Installer {0}', parameters('azurePowerShellModuleMsiName'))]" + }, + "scriptFileName": { + "value": "Install-AzurePowerShellAzModule.ps1" + }, + "tags": { + "value": "[variables('tagsVirtualMachines')]" + }, + "virtualMachineName": { + "value": "[parameters('virtualMachineName')]" + }, + "userAssignedIdentityClientId": { + "value": "[parameters('deploymentUserAssignedIdentityClientId')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "13331181864693511452" + } + }, + "parameters": { + "fileUris": { + "type": "array" + }, + "location": { + "type": "string" + }, + "parameters": { + "type": "securestring" + }, + "scriptFileName": { + "type": "string" + }, + "tags": { + "type": "object" + }, + "timestamp": { + "type": "string", + "defaultValue": "[utcNow('yyyyMMddhhmmss')]" + }, + "userAssignedIdentityClientId": { + "type": "string" + }, + "virtualMachineName": { + "type": "string" + } + }, + "resources": [ + { + "type": "Microsoft.Compute/virtualMachines/extensions", + "apiVersion": "2021-03-01", + "name": "[format('{0}/{1}', parameters('virtualMachineName'), 'CustomScriptExtension')]", + "location": "[parameters('location')]", + "tags": "[parameters('tags')]", + "properties": { + "publisher": "Microsoft.Compute", + "type": "CustomScriptExtension", + "typeHandlerVersion": "1.10", + "autoUpgradeMinorVersion": true, + "settings": { + "timestamp": "[parameters('timestamp')]" + }, + "protectedSettings": { + "commandToExecute": "[format('powershell -ExecutionPolicy Unrestricted -File {0} {1}', parameters('scriptFileName'), parameters('parameters'))]", + "fileUris": "[parameters('fileUris')]", + "managedIdentity": { + "clientId": "[parameters('userAssignedIdentityClientId')]" + } + } + } + } + ], + "outputs": { + "value": { + "type": "object", + "value": "[json(filter(reference(resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), 'CustomScriptExtension'), '2021-03-01').instanceView.substatuses, lambda('item', equals(lambdaVariables('item').code, 'ComponentStatus/StdOut/succeeded')))[0].message)]" + } + } + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), 'IaaSAntimalware')]", + "[resourceId('Microsoft.Compute/virtualMachines', parameters('virtualMachineName'))]" + ] + } + ], + "outputs": { + "Name": { + "type": "string", + "value": "[parameters('virtualMachineName')]" + } + } + } + }, + "dependsOn": [ + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-id-deployment-{0}', parameters('deploymentNameSuffix')))]" + ] + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('validate-deployment-{0}', parameters('deploymentNameSuffix'))]", + "resourceGroup": "[parameters('resourceGroupManagement')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "fileUris": { + "value": [ + "[format('{0}Get-Validations.ps1', parameters('artifactsUri'))]" + ] + }, + "location": { + "value": "[parameters('locationVirtualMachines')]" + }, + "parameters": { + "value": "[format('-ActiveDirectorySolution {0} -CpuCountMax {1} -CpuCountMin {2} -DomainName {3} -Environment {4} -imageVersionResourceId {5} -Location {6} -SessionHostCount {7} -StorageService {8} -SubscriptionId {9} -TenantId {10} -UserAssignedIdentityClientId {11} -VirtualMachineSize {12} -VirtualNetworkName {13} -VirtualNetworkResourceGroupName {14} -WorkspaceFeedName {15} -WorkspaceResourceGroupName {16}', parameters('activeDirectorySolution'), variables('CpuCountMax'), variables('CpuCountMin'), if(empty(parameters('domainName')), 'NotApplicable', parameters('domainName')), environment().name, if(empty(parameters('imageVersionResourceId')), 'NotApplicable', parameters('imageVersionResourceId')), parameters('locationVirtualMachines'), parameters('sessionHostCount'), parameters('storageService'), subscription().subscriptionId, tenant().tenantId, reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-id-deployment-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.clientId.value, parameters('virtualMachineSize'), variables('VirtualNetworkName'), variables('VirtualNetworkResourceGroupName'), parameters('namingConvention').workspaceFeed, parameters('resourceGroupFeedWorkspace'))]" + }, + "scriptFileName": { + "value": "Get-Validations.ps1" + }, + "tags": { + "value": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupControlPlane'), variables('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), parameters('tags')['Microsoft.Compute/virtualMachines'], createObject()), parameters('mlzTags'))]" + }, + "userAssignedIdentityClientId": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-id-deployment-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.clientId.value]" + }, + "virtualMachineName": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-mgmt-vm-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.Name.value]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "13331181864693511452" + } + }, + "parameters": { + "fileUris": { + "type": "array" + }, + "location": { + "type": "string" + }, + "parameters": { + "type": "securestring" + }, + "scriptFileName": { + "type": "string" + }, + "tags": { + "type": "object" + }, + "timestamp": { + "type": "string", + "defaultValue": "[utcNow('yyyyMMddhhmmss')]" + }, + "userAssignedIdentityClientId": { + "type": "string" + }, + "virtualMachineName": { + "type": "string" + } + }, + "resources": [ + { + "type": "Microsoft.Compute/virtualMachines/extensions", + "apiVersion": "2021-03-01", + "name": "[format('{0}/{1}', parameters('virtualMachineName'), 'CustomScriptExtension')]", + "location": "[parameters('location')]", + "tags": "[parameters('tags')]", + "properties": { + "publisher": "Microsoft.Compute", + "type": "CustomScriptExtension", + "typeHandlerVersion": "1.10", + "autoUpgradeMinorVersion": true, + "settings": { + "timestamp": "[parameters('timestamp')]" + }, + "protectedSettings": { + "commandToExecute": "[format('powershell -ExecutionPolicy Unrestricted -File {0} {1}', parameters('scriptFileName'), parameters('parameters'))]", + "fileUris": "[parameters('fileUris')]", + "managedIdentity": { + "clientId": "[parameters('userAssignedIdentityClientId')]" + } + } + } + } + ], + "outputs": { + "value": { + "type": "object", + "value": "[json(filter(reference(resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), 'CustomScriptExtension'), '2021-03-01').instanceView.substatuses, lambda('item', equals(lambdaVariables('item').code, 'ComponentStatus/StdOut/succeeded')))[0].message)]" + } + } + } + }, + "dependsOn": [ + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-id-deployment-{0}', parameters('deploymentNameSuffix')))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-mgmt-vm-{0}', parameters('deploymentNameSuffix')))]" + ] + }, + { + "condition": "[parameters('enableMonitoring')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-monitoring-{0}', parameters('deploymentNameSuffix'))]", + "resourceGroup": "[parameters('resourceGroupManagement')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "dataCollectionRuleName": { + "value": "[parameters('namingConvention').dataCollectionRule]" + }, + "hostPoolName": { + "value": "[variables('hostPoolName')]" + }, + "location": { + "value": "[parameters('locationVirtualMachines')]" + }, + "logAnalyticsWorkspaceName": { + "value": "[parameters('namingConvention').logAnalyticsWorkspace]" + }, + "logAnalyticsWorkspaceRetention": { + "value": "[parameters('logAnalyticsWorkspaceRetention')]" + }, + "logAnalyticsWorkspaceSku": { + "value": "[parameters('logAnalyticsWorkspaceSku')]" + }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, + "resourceGroupControlPlane": { + "value": "[parameters('resourceGroupControlPlane')]" + }, + "tags": { + "value": "[parameters('tags')]" + }, + "virtualMachineMonitoringAgent": { + "value": "[parameters('virtualMachineMonitoringAgent')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "8046671928115311149" + } + }, + "parameters": { + "dataCollectionRuleName": { + "type": "string" + }, + "hostPoolName": { + "type": "string" + }, + "location": { + "type": "string" + }, + "logAnalyticsWorkspaceName": { + "type": "string" + }, + "logAnalyticsWorkspaceRetention": { + "type": "int" + }, + "logAnalyticsWorkspaceSku": { + "type": "string" + }, + "mlzTags": { + "type": "object" + }, + "resourceGroupControlPlane": { + "type": "string" + }, + "tags": { + "type": "object" + }, + "virtualMachineMonitoringAgent": { + "type": "string" + } + }, + "variables": { + "WindowsEvents": [ + { + "name": "Microsoft-FSLogix-Apps/Operational", + "types": [ + { + "eventType": "Error" + }, + { + "eventType": "Warning" + }, + { + "eventType": "Information" + } + ] + }, + { + "name": "Microsoft-Windows-TerminalServices-LocalSessionManager/Operational", + "types": [ + { + "eventType": "Error" + }, + { + "eventType": "Warning" + }, + { + "eventType": "Information" + } + ] + }, + { + "name": "System", + "types": [ + { + "eventType": "Error" + }, + { + "eventType": "Warning" + } + ] + }, + { + "name": "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Admin", + "types": [ + { + "eventType": "Error" + }, + { + "eventType": "Warning" + }, + { + "eventType": "Information" + } + ] + }, + { + "name": "Microsoft-FSLogix-Apps/Admin", + "types": [ + { + "eventType": "Error" + }, + { + "eventType": "Warning" + }, + { + "eventType": "Information" + } + ] + }, + { + "name": "Application", + "types": [ + { + "eventType": "Error" + }, + { + "eventType": "Warning" + } + ] + } + ], + "WindowsPerformanceCounters": [ + { + "objectName": "LogicalDisk", + "instanceName": "*", + "intervalSeconds": 60, + "counterName": "Disk Transfers/sec" + }, + { + "objectName": "LogicalDisk", + "instanceName": "*", + "intervalSeconds": 60, + "counterName": "Current Disk Queue Length" + }, + { + "objectName": "LogicalDisk", + "instanceName": "*", + "intervalSeconds": 60, + "counterName": "Disk Reads/sec" + }, + { + "objectName": "LogicalDisk", + "instanceName": "*", + "intervalSeconds": 60, + "counterName": "% Free Space" + }, + { + "objectName": "LogicalDisk", + "instanceName": "*", + "intervalSeconds": 60, + "counterName": "Avg. Disk sec/Read" + }, + { + "objectName": "LogicalDisk", + "instanceName": "*", + "intervalSeconds": 60, + "counterName": "Disk Writes/sec" + }, + { + "objectName": "LogicalDisk", + "instanceName": "*", + "intervalSeconds": 60, + "counterName": "Avg. Disk sec/Write" + }, + { + "objectName": "LogicalDisk", + "instanceName": "*", + "intervalSeconds": 60, + "counterName": "Free Megabytes" + }, + { + "objectName": "LogicalDisk", + "instanceName": "C:", + "intervalSeconds": 60, + "counterName": "% Free Space" + }, + { + "objectName": "LogicalDisk", + "instanceName": "C:", + "intervalSeconds": 30, + "counterName": "Avg. Disk Queue Length" + }, + { + "objectName": "LogicalDisk", + "instanceName": "C:", + "intervalSeconds": 60, + "counterName": "Avg. Disk sec/Transfer" + }, + { + "objectName": "LogicalDisk", + "instanceName": "C:", + "intervalSeconds": 30, + "counterName": "Current Disk Queue Length" + }, + { + "objectName": "Memory", + "instanceName": "*", + "intervalSeconds": 60, + "counterName": "% Committed Bytes In Use" + }, + { + "objectName": "Memory", + "instanceName": "*", + "intervalSeconds": 60, + "counterName": "Available MBytes" + }, + { + "objectName": "Memory", + "instanceName": "*", + "intervalSeconds": 30, + "counterName": "Available Mbytes" + }, + { + "objectName": "Memory", + "instanceName": "*", + "intervalSeconds": 30, + "counterName": "Page Faults/sec" + }, + { + "objectName": "Memory", + "instanceName": "*", + "intervalSeconds": 30, + "counterName": "Pages/sec" + }, + { + "objectName": "Network Adapter", + "instanceName": "*", + "intervalSeconds": 60, + "counterName": "Bytes Sent/sec" + }, + { + "objectName": "Network Adapter", + "instanceName": "*", + "intervalSeconds": 60, + "counterName": "Bytes Received/sec" + }, + { + "objectName": "Network Interface", + "instanceName": "*", + "intervalSeconds": 60, + "counterName": "Bytes Total/sec" + }, + { + "objectName": "PhysicalDisk", + "instanceName": "*", + "intervalSeconds": 60, + "counterName": "Avg. Disk Bytes/Transfer" + }, + { + "objectName": "PhysicalDisk", + "instanceName": "*", + "intervalSeconds": 60, + "counterName": "Avg. Disk Bytes/Read" + }, + { + "objectName": "PhysicalDisk", + "instanceName": "*", + "intervalSeconds": 60, + "counterName": "Avg. Disk sec/Write" + }, + { + "objectName": "PhysicalDisk", + "instanceName": "*", + "intervalSeconds": 60, + "counterName": "Avg. Disk sec/Read" + }, + { + "objectName": "PhysicalDisk", + "instanceName": "*", + "intervalSeconds": 60, + "counterName": "Avg. Disk Bytes/Write" + }, + { + "objectName": "PhysicalDisk", + "instanceName": "*", + "intervalSeconds": 60, + "counterName": "Avg. Disk sec/Transfer" + }, + { + "objectName": "PhysicalDisk", + "instanceName": "*", + "intervalSeconds": 30, + "counterName": "Avg. Disk Queue Length" + }, + { + "objectName": "Process", + "instanceName": "*", + "intervalSeconds": 60, + "counterName": "IO Write Operations/sec" + }, + { + "objectName": "Process", + "instanceName": "*", + "intervalSeconds": 60, + "counterName": "IO Read Operations/sec" + }, + { + "objectName": "Process", + "instanceName": "*", + "intervalSeconds": 60, + "counterName": "Thread Count" + }, + { + "objectName": "Process", + "instanceName": "*", + "intervalSeconds": 60, + "counterName": "% User Time" + }, + { + "objectName": "Process", + "instanceName": "*", + "intervalSeconds": 60, + "counterName": "Working Set" + }, + { + "objectName": "Process", + "instanceName": "*", + "intervalSeconds": 60, + "counterName": "% Processor Time" + }, + { + "objectName": "Processor", + "instanceName": "_Total", + "intervalSeconds": 60, + "counterName": "% Processor Time" + }, + { + "objectName": "Processor Information", + "instanceName": "_Total", + "intervalSeconds": 30, + "counterName": "% Processor Time" + }, + { + "objectName": "RemoteFX Graphics", + "instanceName": "*", + "intervalSeconds": 60, + "counterName": "Frames Skipped/Second - Insufficient Server Resources" + }, + { + "objectName": "RemoteFX Graphics", + "instanceName": "*", + "intervalSeconds": 60, + "counterName": "Average Encoding Time" + }, + { + "objectName": "RemoteFX Graphics", + "instanceName": "*", + "intervalSeconds": 60, + "counterName": "Frames Skipped/Second - Insufficient Client Resources" + }, + { + "objectName": "RemoteFX Graphics", + "instanceName": "*", + "intervalSeconds": 60, + "counterName": "Frames Skipped/Second - Insufficient Network Resources" + }, + { + "objectName": "RemoteFX Network", + "instanceName": "*", + "intervalSeconds": 60, + "counterName": "Current UDP Bandwidth" + }, + { + "objectName": "RemoteFX Network", + "instanceName": "*", + "intervalSeconds": 60, + "counterName": "Current TCP Bandwidth" + }, + { + "objectName": "RemoteFX Network", + "instanceName": "*", + "intervalSeconds": 60, + "counterName": "Current TCP RTT" + }, + { + "objectName": "RemoteFX Network", + "instanceName": "*", + "intervalSeconds": 60, + "counterName": "Current UDP RTT" + }, + { + "objectName": "System", + "instanceName": "*", + "intervalSeconds": 60, + "counterName": "Processor Queue Length" + }, + { + "objectName": "Terminal Services", + "instanceName": "*", + "intervalSeconds": 60, + "counterName": "Inactive Sessions" + }, + { + "objectName": "Terminal Services", + "instanceName": "*", + "intervalSeconds": 60, + "counterName": "Total Sessions" + }, + { + "objectName": "Terminal Services", + "instanceName": "*", + "intervalSeconds": 60, + "counterName": "Active Sessions" + }, + { + "objectName": "Terminal Services Session", + "instanceName": "*", + "intervalSeconds": 60, + "counterName": "% Processor Time" + }, + { + "objectName": "User Input Delay per Process", + "instanceName": "*", + "intervalSeconds": 30, + "counterName": "Max Input Delay" + }, + { + "objectName": "User Input Delay per Session", + "instanceName": "*", + "intervalSeconds": 30, + "counterName": "Max Input Delay" + } + ] + }, + "resources": [ + { + "type": "Microsoft.OperationalInsights/workspaces", + "apiVersion": "2021-06-01", + "name": "[parameters('logAnalyticsWorkspaceName')]", + "location": "[parameters('location')]", + "tags": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupControlPlane'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.OperationalInsights/workspaces'), parameters('tags')['Microsoft.OperationalInsights/workspaces'], createObject()), parameters('mlzTags'))]", + "properties": { + "sku": { + "name": "[parameters('logAnalyticsWorkspaceSku')]" + }, + "retentionInDays": "[parameters('logAnalyticsWorkspaceRetention')]", + "workspaceCapping": { + "dailyQuotaGb": -1 + }, + "publicNetworkAccessForIngestion": "Enabled", + "publicNetworkAccessForQuery": "Enabled" + } + }, + { + "copy": { + "name": "windowsEvents", + "count": "[length(variables('WindowsEvents'))]", + "mode": "serial", + "batchSize": 1 + }, + "condition": "[equals(parameters('virtualMachineMonitoringAgent'), 'LogAnalyticsAgent')]", + "type": "Microsoft.OperationalInsights/workspaces/dataSources", + "apiVersion": "2020-08-01", + "name": "[format('{0}/{1}', parameters('logAnalyticsWorkspaceName'), format('WindowsEvent{0}', copyIndex()))]", + "tags": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupControlPlane'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.OperationalInsights/workspaces'), parameters('tags')['Microsoft.OperationalInsights/workspaces'], createObject()), parameters('mlzTags'))]", + "kind": "WindowsEvent", + "properties": { + "eventLogName": "[variables('WindowsEvents')[copyIndex()].name]", + "eventTypes": "[variables('WindowsEvents')[copyIndex()].types]" + }, + "dependsOn": [ + "[resourceId('Microsoft.OperationalInsights/workspaces', parameters('logAnalyticsWorkspaceName'))]" + ] + }, + { + "copy": { + "name": "windowsPerformanceCounters", + "count": "[length(variables('WindowsPerformanceCounters'))]", + "mode": "serial", + "batchSize": 1 + }, + "condition": "[equals(parameters('virtualMachineMonitoringAgent'), 'LogAnalyticsAgent')]", + "type": "Microsoft.OperationalInsights/workspaces/dataSources", + "apiVersion": "2020-08-01", + "name": "[format('{0}/{1}', parameters('logAnalyticsWorkspaceName'), format('WindowsPerformanceCounter{0}', copyIndex()))]", + "tags": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupControlPlane'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.OperationalInsights/workspaces'), parameters('tags')['Microsoft.OperationalInsights/workspaces'], createObject()), parameters('mlzTags'))]", + "kind": "WindowsPerformanceCounter", + "properties": { + "objectName": "[variables('WindowsPerformanceCounters')[copyIndex()].objectName]", + "instanceName": "[variables('WindowsPerformanceCounters')[copyIndex()].instanceName]", + "intervalSeconds": "[variables('WindowsPerformanceCounters')[copyIndex()].intervalSeconds]", + "counterName": "[variables('WindowsPerformanceCounters')[copyIndex()].counterName]" + }, + "dependsOn": [ + "[resourceId('Microsoft.OperationalInsights/workspaces', parameters('logAnalyticsWorkspaceName'))]", + "windowsEvents" + ] + }, + { + "condition": "[equals(parameters('virtualMachineMonitoringAgent'), 'AzureMonitorAgent')]", + "type": "Microsoft.Insights/dataCollectionRules", + "apiVersion": "2022-06-01", + "name": "[parameters('dataCollectionRuleName')]", + "location": "[parameters('location')]", + "tags": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupControlPlane'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.Insights/dataCollectionRules'), parameters('tags')['Microsoft.Insights/dataCollectionRules'], createObject()), parameters('mlzTags'))]", + "kind": "Windows", + "properties": { + "dataSources": { + "performanceCounters": [ + { + "streams": [ + "Microsoft-Perf" + ], + "samplingFrequencyInSeconds": 30, + "counterSpecifiers": [ + "\\LogicalDisk(C:)\\Avg. Disk Queue Length", + "\\LogicalDisk(C:)\\Current Disk Queue Length", + "\\Memory\\Available Mbytes", + "\\Memory\\Page Faults/sec", + "\\Memory\\Pages/sec", + "\\Memory\\% Committed Bytes In Use", + "\\PhysicalDisk(*)\\Avg. Disk Queue Length", + "\\PhysicalDisk(*)\\Avg. Disk sec/Read", + "\\PhysicalDisk(*)\\Avg. Disk sec/Transfer", + "\\PhysicalDisk(*)\\Avg. Disk sec/Write", + "\\Processor Information(_Total)\\% Processor Time", + "\\User Input Delay per Process(*)\\Max Input Delay", + "\\User Input Delay per Session(*)\\Max Input Delay", + "\\RemoteFX Network(*)\\Current TCP RTT", + "\\RemoteFX Network(*)\\Current UDP Bandwidth" + ], + "name": "perfCounterDataSource10" + }, + { + "streams": [ + "Microsoft-Perf" + ], + "samplingFrequencyInSeconds": 60, + "counterSpecifiers": [ + "\\LogicalDisk(C:)\\% Free Space", + "\\LogicalDisk(C:)\\Avg. Disk sec/Transfer", + "\\Terminal Services(*)\\Active Sessions", + "\\Terminal Services(*)\\Inactive Sessions", + "\\Terminal Services(*)\\Total Sessions" + ], + "name": "perfCounterDataSource30" + } + ], + "windowsEventLogs": [ + { + "streams": [ + "Microsoft-Event" + ], + "xPathQueries": [ + "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Admin!*[System[(Level=2 or Level=3 or Level=4 or Level=0)]]", + "Microsoft-Windows-TerminalServices-LocalSessionManager/Operational!*[System[(Level=2 or Level=3 or Level=4 or Level=0)]]", + "System!*", + "Microsoft-FSLogix-Apps/Operational!*[System[(Level=2 or Level=3 or Level=4 or Level=0)]]", + "Application!*[System[(Level=2 or Level=3)]]", + "Microsoft-FSLogix-Apps/Admin!*[System[(Level=2 or Level=3 or Level=4 or Level=0)]]" + ], + "name": "eventLogsDataSource" + } + ] + }, + "destinations": { + "logAnalytics": [ + { + "workspaceResourceId": "[resourceId('Microsoft.OperationalInsights/workspaces', parameters('logAnalyticsWorkspaceName'))]", + "name": "la-workspace" + } + ] + }, + "dataFlows": [ + { + "streams": [ + "Microsoft-Perf", + "Microsoft-Event" + ], + "destinations": [ + "la-workspace" + ] + } + ] + }, + "dependsOn": [ + "[resourceId('Microsoft.OperationalInsights/workspaces', parameters('logAnalyticsWorkspaceName'))]" + ] + } + ], + "outputs": { + "logAnalyticsWorkspaceName": { + "type": "string", + "value": "[parameters('logAnalyticsWorkspaceName')]" + }, + "logAnalyticsWorkspaceResourceId": { + "type": "string", + "value": "[resourceId('Microsoft.OperationalInsights/workspaces', parameters('logAnalyticsWorkspaceName'))]" + }, + "dataCollectionRuleResourceId": { + "type": "string", + "value": "[if(equals(parameters('virtualMachineMonitoringAgent'), 'AzureMonitorAgent'), resourceId('Microsoft.Insights/dataCollectionRules', parameters('dataCollectionRuleName')), '')]" + } + } + } + } + }, + { + "condition": "[or(parameters('scalingTool'), equals(parameters('fslogixStorageService'), 'AzureFiles Premium'))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-aa-{0}', parameters('deploymentNameSuffix'))]", + "resourceGroup": "[parameters('resourceGroupManagement')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "automationAccountDiagnosticSettingName": { + "value": "[parameters('namingConvention').automationAccountDiagnosticSetting]" + }, + "automationAccountName": { + "value": "[parameters('namingConvention').automationAccount]" + }, + "automationAccountNetworkInterfaceName": { + "value": "[parameters('namingConvention').automationAccountNetworkInterface]" + }, + "automationAccountPrivateDnsZoneResourceId": { + "value": "[format('{0}{1}', parameters('privateDnsZoneResourceIdPrefix'), filter(parameters('privateDnsZones'), lambda('name', startsWith(lambdaVariables('name'), 'privatelink.azure-automation')))[0])]" + }, + "automationAccountPrivateEndpointName": { + "value": "[parameters('namingConvention').automationAccountPrivateEndpoint]" + }, + "hostPoolName": { + "value": "[variables('hostPoolName')]" + }, + "location": { + "value": "[parameters('locationVirtualMachines')]" + }, + "logAnalyticsWorkspaceResourceId": "[if(parameters('enableMonitoring'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-monitoring-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.logAnalyticsWorkspaceResourceId.value), createObject('value', ''))]", + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, + "monitoring": { + "value": "[parameters('enableMonitoring')]" + }, + "resourceGroupControlPlane": { + "value": "[parameters('resourceGroupControlPlane')]" + }, + "subnetResourceId": { + "value": "[parameters('subnetResourceId')]" + }, + "tags": { + "value": "[parameters('tags')]" + }, + "virtualMachineName": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-mgmt-vm-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.Name.value]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "3634947269589572762" + } + }, + "parameters": { + "automationAccountDiagnosticSettingName": { + "type": "string" + }, + "automationAccountName": { + "type": "string" + }, + "automationAccountNetworkInterfaceName": { + "type": "string" + }, + "automationAccountPrivateDnsZoneResourceId": { + "type": "string" + }, + "automationAccountPrivateEndpointName": { + "type": "string" + }, + "hostPoolName": { + "type": "string" + }, + "location": { + "type": "string" + }, + "logAnalyticsWorkspaceResourceId": { + "type": "string" + }, + "mlzTags": { + "type": "object" + }, + "monitoring": { + "type": "bool" + }, + "resourceGroupControlPlane": { + "type": "string" + }, + "subnetResourceId": { + "type": "string" + }, + "tags": { + "type": "object" + }, + "virtualMachineName": { + "type": "string" + } + }, + "resources": [ + { + "type": "Microsoft.Automation/automationAccounts", + "apiVersion": "2021-06-22", + "name": "[parameters('automationAccountName')]", + "location": "[parameters('location')]", + "tags": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupControlPlane'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.Automation/automationAccounts'), parameters('tags')['Microsoft.Automation/automationAccounts'], createObject()), parameters('mlzTags'))]", + "identity": { + "type": "SystemAssigned" + }, + "properties": { + "sku": { + "name": "Free" + } + } + }, + { + "type": "Microsoft.Network/privateEndpoints", + "apiVersion": "2023-04-01", + "name": "[parameters('automationAccountPrivateEndpointName')]", + "location": "[parameters('location')]", + "tags": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupControlPlane'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.Network/privateEndpoints'), parameters('tags')['Microsoft.Network/privateEndpoints'], createObject()), parameters('mlzTags'))]", + "properties": { + "customNetworkInterfaceName": "[parameters('automationAccountNetworkInterfaceName')]", + "privateLinkServiceConnections": [ + { + "name": "[parameters('automationAccountPrivateEndpointName')]", + "properties": { + "privateLinkServiceId": "[resourceId('Microsoft.Automation/automationAccounts', parameters('automationAccountName'))]", + "groupIds": [ + "DSCAndHybridWorker" + ] + } + } + ], + "subnet": { + "id": "[parameters('subnetResourceId')]" + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Automation/automationAccounts', parameters('automationAccountName'))]" + ] + }, + { + "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups", + "apiVersion": "2023-05-01", + "name": "[format('{0}/{1}', parameters('automationAccountPrivateEndpointName'), 'default')]", + "properties": { + "privateDnsZoneConfigs": [ + { + "name": "[replace(split(parameters('automationAccountPrivateDnsZoneResourceId'), '/')[8], '.', '-')]", + "properties": { + "privateDnsZoneId": "[parameters('automationAccountPrivateDnsZoneResourceId')]" + } + } + ] + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/privateEndpoints', parameters('automationAccountPrivateEndpointName'))]" + ] + }, + { + "type": "Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups", + "apiVersion": "2022-08-08", + "name": "[format('{0}/{1}', parameters('automationAccountName'), 'Scaling Tool')]", + "dependsOn": [ + "[resourceId('Microsoft.Automation/automationAccounts', parameters('automationAccountName'))]" + ] + }, + { + "type": "Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/hybridRunbookWorkers", + "apiVersion": "2022-08-08", + "name": "[format('{0}/{1}/{2}', parameters('automationAccountName'), 'Scaling Tool', guid(resourceId('Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups', parameters('automationAccountName'), 'Scaling Tool')))]", + "properties": { + "vmResourceId": "[resourceId('Microsoft.Compute/virtualMachines', parameters('virtualMachineName'))]" + }, + "dependsOn": [ + "[resourceId('Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups', parameters('automationAccountName'), 'Scaling Tool')]" + ] + }, + { + "type": "Microsoft.Compute/virtualMachines/extensions", + "apiVersion": "2022-03-01", + "name": "[format('{0}/{1}', parameters('virtualMachineName'), 'HybridWorkerForWindows')]", + "location": "[parameters('location')]", + "tags": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupControlPlane'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), parameters('tags')['Microsoft.Compute/virtualMachines'], createObject()), parameters('mlzTags'))]", + "properties": { + "publisher": "Microsoft.Azure.Automation.HybridWorker", + "type": "HybridWorkerForWindows", + "typeHandlerVersion": "1.1", + "autoUpgradeMinorVersion": true, + "enableAutomaticUpgrade": true, + "settings": { + "AutomationAccountURL": "[reference(resourceId('Microsoft.Automation/automationAccounts', parameters('automationAccountName')), '2021-06-22').automationHybridServiceUrl]" + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Automation/automationAccounts', parameters('automationAccountName'))]" + ] + }, + { + "condition": "[parameters('monitoring')]", + "type": "Microsoft.Insights/diagnosticSettings", + "apiVersion": "2017-05-01-preview", + "scope": "[format('Microsoft.Automation/automationAccounts/{0}', parameters('automationAccountName'))]", + "name": "[parameters('automationAccountDiagnosticSettingName')]", + "properties": { + "logs": [ + { + "category": "DscNodeStatus", + "enabled": true + }, + { + "category": "JobLogs", + "enabled": true + }, + { + "category": "JobStreams", + "enabled": true + } + ], + "workspaceId": "[parameters('logAnalyticsWorkspaceResourceId')]" + }, + "dependsOn": [ + "[resourceId('Microsoft.Automation/automationAccounts', parameters('automationAccountName'))]" + ] + } + ], + "outputs": { + "name": { + "type": "string", + "value": "[parameters('automationAccountName')]" + }, + "hybridRunbookWorkerGroupName": { + "type": "string", + "value": "Scaling Tool" + } + } + } + }, + "dependsOn": [ + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-monitoring-{0}', parameters('deploymentNameSuffix')))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-mgmt-vm-{0}', parameters('deploymentNameSuffix')))]" + ] + }, + { + "condition": "[and(parameters('recoveryServices'), or(and(and(contains(parameters('activeDirectorySolution'), 'DomainServices'), contains(parameters('hostPoolType'), 'Pooled')), contains(parameters('fslogixStorageService'), 'AzureFiles')), contains(parameters('hostPoolType'), 'Personal')))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-rsv-{0}', parameters('deploymentNameSuffix'))]", + "resourceGroup": "[parameters('resourceGroupManagement')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "azureBlobsPrivateDnsZoneResourceId": { + "value": "[format('{0}{1}', parameters('privateDnsZoneResourceIdPrefix'), filter(parameters('privateDnsZones'), lambda('name', contains(lambdaVariables('name'), 'blob')))[0])]" + }, + "azureQueueStoragePrivateDnsZoneResourceId": { + "value": "[format('{0}{1}', parameters('privateDnsZoneResourceIdPrefix'), filter(parameters('privateDnsZones'), lambda('name', contains(lambdaVariables('name'), 'queue')))[0])]" + }, + "deployFslogix": { + "value": "[parameters('deployFslogix')]" + }, + "hostPoolName": { + "value": "[variables('hostPoolName')]" + }, + "location": { + "value": "[parameters('locationVirtualMachines')]" + }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, + "recoveryServicesPrivateDnsZoneResourceId": { + "value": "[format('{0}{1}', parameters('privateDnsZoneResourceIdPrefix'), filter(parameters('privateDnsZones'), lambda('name', startsWith(lambdaVariables('name'), format('privatelink.{0}.backup.windowsazure', parameters('recoveryServicesGeo')))))[0])]" + }, + "recoveryServicesVaultName": { + "value": "[parameters('namingConvention').recoveryServicesVault]" + }, + "recoveryServicesVaultNetworkInterfaceName": { + "value": "[parameters('namingConvention').recoveryServicesVaultNetworkInterface]" + }, + "recoveryServicesVaultPrivateEndpointName": { + "value": "[parameters('namingConvention').recoveryServicesVaultPrivateEndpoint]" + }, + "resourceGroupControlPlane": { + "value": "[parameters('resourceGroupControlPlane')]" + }, + "storageService": { + "value": "[parameters('storageService')]" + }, + "subnetId": { + "value": "[parameters('subnetResourceId')]" + }, + "tags": { + "value": "[parameters('tags')]" + }, + "timeZone": { + "value": "[parameters('timeZone')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "17799245958625687053" + } + }, + "parameters": { + "azureBlobsPrivateDnsZoneResourceId": { + "type": "string" + }, + "azureQueueStoragePrivateDnsZoneResourceId": { + "type": "string" + }, + "deployFslogix": { + "type": "bool" + }, + "hostPoolName": { + "type": "string" + }, + "location": { + "type": "string" + }, + "mlzTags": { + "type": "object" + }, + "recoveryServicesPrivateDnsZoneResourceId": { + "type": "string" + }, + "recoveryServicesVaultName": { + "type": "string" + }, + "recoveryServicesVaultNetworkInterfaceName": { + "type": "string" + }, + "recoveryServicesVaultPrivateEndpointName": { + "type": "string" + }, + "resourceGroupControlPlane": { + "type": "string" + }, + "storageService": { + "type": "string" + }, + "subnetId": { + "type": "string" + }, + "tags": { + "type": "object" + }, + "timeZone": { + "type": "string" + } + }, + "resources": [ + { + "type": "Microsoft.RecoveryServices/vaults", + "apiVersion": "2022-03-01", + "name": "[parameters('recoveryServicesVaultName')]", + "location": "[parameters('location')]", + "tags": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupControlPlane'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.RecoveryServices/vaults'), parameters('tags')['Microsoft.RecoveryServices/vaults'], createObject()), parameters('mlzTags'))]", + "sku": { + "name": "RS0", + "tier": "Standard" + }, + "properties": {} + }, + { + "condition": "[and(parameters('deployFslogix'), equals(parameters('storageService'), 'AzureFiles'))]", + "type": "Microsoft.RecoveryServices/vaults/backupPolicies", + "apiVersion": "2022-03-01", + "name": "[format('{0}/{1}', parameters('recoveryServicesVaultName'), 'AvdPolicyStorage')]", + "location": "[parameters('location')]", + "tags": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupControlPlane'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.RecoveryServices/vaults'), parameters('tags')['Microsoft.RecoveryServices/vaults'], createObject()), parameters('mlzTags'))]", + "properties": { + "backupManagementType": "AzureStorage", + "schedulePolicy": { + "scheduleRunFrequency": "Daily", + "scheduleRunTimes": [ + "23:00" + ], + "schedulePolicyType": "SimpleSchedulePolicy" + }, + "retentionPolicy": { + "retentionPolicyType": "LongTermRetentionPolicy", + "dailySchedule": { + "retentionTimes": [ + "23:00" + ], + "retentionDuration": { + "count": 30, + "durationType": "Days" + } + } + }, + "timeZone": "[parameters('timeZone')]", + "workLoadType": "AzureFileShare" + }, + "dependsOn": [ + "[resourceId('Microsoft.RecoveryServices/vaults', parameters('recoveryServicesVaultName'))]" + ] + }, + { + "condition": "[not(parameters('deployFslogix'))]", + "type": "Microsoft.RecoveryServices/vaults/backupPolicies", + "apiVersion": "2022-03-01", + "name": "[format('{0}/{1}', parameters('recoveryServicesVaultName'), 'AvdPolicyVm')]", + "location": "[parameters('location')]", + "tags": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupControlPlane'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.RecoveryServices/vaults'), parameters('tags')['Microsoft.RecoveryServices/vaults'], createObject()), parameters('mlzTags'))]", + "properties": { + "backupManagementType": "AzureIaasVM", + "instantRpRetentionRangeInDays": 2, + "policyType": "V2", + "retentionPolicy": { + "retentionPolicyType": "LongTermRetentionPolicy", + "dailySchedule": { + "retentionTimes": [ + "23:00" + ], + "retentionDuration": { + "count": 30, + "durationType": "Days" + } + } + }, + "schedulePolicy": { + "schedulePolicyType": "SimpleSchedulePolicyV2", + "scheduleRunFrequency": "Daily", + "dailySchedule": { + "scheduleRunTimes": [ + "23:00" + ] + } + }, + "timeZone": "[parameters('timeZone')]" + }, + "dependsOn": [ + "[resourceId('Microsoft.RecoveryServices/vaults', parameters('recoveryServicesVaultName'))]" + ] + }, + { + "type": "Microsoft.Network/privateEndpoints", + "apiVersion": "2023-04-01", + "name": "[parameters('recoveryServicesVaultPrivateEndpointName')]", + "location": "[parameters('location')]", + "tags": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupControlPlane'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.Network/privateEndpoints'), parameters('tags')['Microsoft.Network/privateEndpoints'], createObject()), parameters('mlzTags'))]", + "properties": { + "customNetworkInterfaceName": "[parameters('recoveryServicesVaultNetworkInterfaceName')]", + "privateLinkServiceConnections": [ + { + "name": "[parameters('recoveryServicesVaultPrivateEndpointName')]", + "properties": { + "privateLinkServiceId": "[resourceId('Microsoft.RecoveryServices/vaults', parameters('recoveryServicesVaultName'))]", + "groupIds": [ + "AzureBackup" + ] + } + } + ], + "subnet": { + "id": "[parameters('subnetId')]" + } + }, + "dependsOn": [ + "[resourceId('Microsoft.RecoveryServices/vaults', parameters('recoveryServicesVaultName'))]" + ] + }, + { + "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups", + "apiVersion": "2021-08-01", + "name": "[format('{0}/{1}', parameters('recoveryServicesVaultPrivateEndpointName'), parameters('recoveryServicesVaultName'))]", + "properties": { + "privateDnsZoneConfigs": [ + { + "name": "[replace(parameters('recoveryServicesPrivateDnsZoneResourceId'), '.', '-')]", + "properties": { + "privateDnsZoneId": "[parameters('recoveryServicesPrivateDnsZoneResourceId')]" + } + }, + { + "name": "[replace(parameters('azureQueueStoragePrivateDnsZoneResourceId'), '.', '-')]", + "properties": { + "privateDnsZoneId": "[parameters('azureQueueStoragePrivateDnsZoneResourceId')]" + } + }, + { + "name": "[replace(parameters('azureBlobsPrivateDnsZoneResourceId'), '.', '-')]", + "properties": { + "privateDnsZoneId": "[parameters('azureBlobsPrivateDnsZoneResourceId')]" + } + } + ] + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/privateEndpoints', parameters('recoveryServicesVaultPrivateEndpointName'))]", + "[resourceId('Microsoft.RecoveryServices/vaults', parameters('recoveryServicesVaultName'))]" + ] + } + ], + "outputs": { + "name": { + "type": "string", + "value": "[parameters('recoveryServicesVaultName')]" + } + } + } + } + } + ], + "outputs": { + "artifactsUserAssignedIdentityClientId": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('artifactsStorageAccountResourceId'), '/')[2], split(parameters('artifactsStorageAccountResourceId'), '/')[4]), 'Microsoft.Resources/deployments', format('deploy-artifacts-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.userAssignedIdentityClientId.value]" + }, + "artifactsUserAssignedIdentityPrincipalId": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('artifactsStorageAccountResourceId'), '/')[2], split(parameters('artifactsStorageAccountResourceId'), '/')[4]), 'Microsoft.Resources/deployments', format('deploy-artifacts-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.userAssignedIdentityPrincipalId.value]" + }, + "artifactsUserAssignedIdentityResourceId": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('artifactsStorageAccountResourceId'), '/')[2], split(parameters('artifactsStorageAccountResourceId'), '/')[4]), 'Microsoft.Resources/deployments', format('deploy-artifacts-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.userAssignedIdentityResourceId.value]" + }, + "automationAccountName": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-aa-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" + }, + "dataCollectionRuleResourceId": { + "type": "string", + "value": "[if(parameters('enableMonitoring'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-monitoring-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.dataCollectionRuleResourceId.value, '')]" + }, + "deploymentUserAssignedIdentityClientId": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-id-deployment-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.clientId.value]" + }, + "deploymentUserAssignedIdentityPrincipalId": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-id-deployment-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.principalId.value]" + }, + "deploymentUserAssignedIdentityResourceId": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-id-deployment-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.resourceId.value]" + }, + "existingFeedWorkspace": { + "type": "bool", + "value": "[if(equals(reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('validate-deployment-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.value.value.existingWorkspace, 'true'), true(), false())]" + }, + "hybridRunbookWorkerGroupName": { + "type": "string", + "value": "[if(or(parameters('scalingTool'), equals(parameters('fslogixStorageService'), 'AzureFiles Premium')), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-aa-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.hybridRunbookWorkerGroupName.value, '')]" + }, + "logAnalyticsWorkspaceName": { + "type": "string", + "value": "[if(parameters('enableMonitoring'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-monitoring-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.logAnalyticsWorkspaceName.value, '')]" + }, + "logAnalyticsWorkspaceResourceId": { + "type": "string", + "value": "[if(parameters('enableMonitoring'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-monitoring-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.logAnalyticsWorkspaceResourceId.value, '')]" + }, + "recoveryServicesVaultName": { + "type": "string", + "value": "[if(and(parameters('recoveryServices'), or(and(and(contains(parameters('activeDirectorySolution'), 'DomainServices'), contains(parameters('hostPoolType'), 'Pooled')), contains(parameters('fslogixStorageService'), 'AzureFiles')), contains(parameters('hostPoolType'), 'Personal'))), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-rsv-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value, '')]" + }, + "validateAcceleratedNetworking": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('validate-deployment-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.value.value.acceleratedNetworking]" + }, + "validateANFDnsServers": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('validate-deployment-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.value.value.anfDnsServers]" + }, + "validateANFfActiveDirectory": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('validate-deployment-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.value.value.anfActiveDirectory]" + }, + "validateANFSubnetId": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('validate-deployment-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.value.value.anfSubnetId]" + }, + "validateAvailabilityZones": { + "type": "array", + "value": "[if(equals(parameters('availability'), 'AvailabilityZones'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('validate-deployment-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.value.value.availabilityZones, createArray('1'))]" + }, + "virtualMachineName": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-mgmt-vm-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.Name.value]" + } + } + } + }, + "dependsOn": [ + "rgs", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-session-hosts-{0}', parameters('deploymentNameSuffix')))]" + ] + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-global-workspace-{0}', parameters('deploymentNameSuffix'))]", + "subscriptionId": "[split(parameters('sharedServicesSubnetResourceId'), '/')[2]]", + "location": "[deployment().location]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "deploymentNameSuffix": { + "value": "[parameters('deploymentNameSuffix')]" + }, + "existingWorkspace": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-management-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.existingFeedWorkspace.value]" + }, + "globalWorkspacePrivateDnsZoneResourceId": { + "value": "[format('{0}{1}', variables('privateDnsZoneResourceIdPrefix'), filter(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.privateDnsZones.value, lambda('name', startsWith(lambdaVariables('name'), 'privatelink-global.wvd')))[0])]" + }, + "sharedServicesSubnetResourceId": { + "value": "[parameters('sharedServicesSubnetResourceId')]" + }, + "mlzTags": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.mlzTags.value]" + }, + "resourceGroupName": { + "value": "[replace(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.namingConvention.value.resourceGroup, reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value.service, 'globalWorkspace')]" + }, + "workspaceGlobalName": { + "value": "[replace(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.namingConvention.value.workspaceGlobal, reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value.service, 'global')]" + }, + "workspaceGlobalNetworkInterfaceName": { + "value": "[replace(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.namingConvention.value.workspaceGlobalNetworkInterface, reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value.service, 'global')]" + }, + "workspaceGlobalPrivateEndpointName": { + "value": "[replace(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.namingConvention.value.workspaceGlobalPrivateEndpoint, reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value.service, 'global')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "14369973629912257305" + } + }, + "parameters": { + "deploymentNameSuffix": { + "type": "string" + }, + "existingWorkspace": { + "type": "bool" + }, + "globalWorkspacePrivateDnsZoneResourceId": { + "type": "string" + }, + "sharedServicesSubnetResourceId": { + "type": "string" + }, + "mlzTags": { + "type": "object" + }, + "resourceGroupName": { + "type": "string" + }, + "workspaceGlobalName": { + "type": "string" + }, + "workspaceGlobalNetworkInterfaceName": { + "type": "string" + }, + "workspaceGlobalPrivateEndpointName": { + "type": "string" + } + }, + "resources": [ + { + "condition": "[not(parameters('existingWorkspace'))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('get-vnet-shared-services-{0}', parameters('deploymentNameSuffix'))]", + "resourceGroup": "[split(parameters('sharedServicesSubnetResourceId'), '/')[4]]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "name": { + "value": "[split(parameters('sharedServicesSubnetResourceId'), '/')[8]]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "17840047049187746135" + } + }, + "parameters": { + "name": { + "type": "string" + } + }, + "resources": [], + "outputs": { + "location": { + "type": "string", + "value": "[reference(resourceId('Microsoft.Network/virtualNetworks', parameters('name')), '2023-06-01', 'full').location]" + } + } + } + } + }, + { + "condition": "[not(parameters('existingWorkspace'))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-rg-vdws-global-{0}', parameters('deploymentNameSuffix'))]", + "subscriptionId": "[split(parameters('sharedServicesSubnetResourceId'), '/')[2]]", + "location": "[deployment().location]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "location": "[if(not(parameters('existingWorkspace')), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, split(parameters('sharedServicesSubnetResourceId'), '/')[4]), 'Microsoft.Resources/deployments', format('get-vnet-shared-services-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.location.value), createObject('value', ''))]", + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, + "name": { + "value": "[parameters('resourceGroupName')]" + }, + "tags": { + "value": {} + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "11578255285976861685" + } + }, + "parameters": { + "mlzTags": { + "type": "object" + }, + "name": { + "type": "string" + }, + "location": { + "type": "string" + }, + "tags": { + "type": "object", + "defaultValue": {} + } + }, + "resources": [ + { + "type": "Microsoft.Resources/resourceGroups", + "apiVersion": "2019-05-01", + "name": "[parameters('name')]", + "location": "[parameters('location')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Resources/resourceGroups'), parameters('tags')['Microsoft.Resources/resourceGroups'], createObject()), parameters('mlzTags'))]" + } + ], + "outputs": { + "id": { + "type": "string", + "value": "[subscriptionResourceId('Microsoft.Resources/resourceGroups', parameters('name'))]" + }, + "name": { + "type": "string", + "value": "[parameters('name')]" + }, + "location": { + "type": "string", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/resourceGroups', parameters('name')), '2019-05-01', 'full').location]" + }, + "tags": { + "type": "object", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/resourceGroups', parameters('name')), '2019-05-01', 'full').tags]" + } + } + } + }, + "dependsOn": [ + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, split(parameters('sharedServicesSubnetResourceId'), '/')[4]), 'Microsoft.Resources/deployments', format('get-vnet-shared-services-{0}', parameters('deploymentNameSuffix')))]" + ] + }, + { + "condition": "[not(parameters('existingWorkspace'))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-vdws-global-{0}', parameters('deploymentNameSuffix'))]", + "resourceGroup": "[parameters('resourceGroupName')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "globalWorkspacePrivateDnsZoneResourceId": { + "value": "[parameters('globalWorkspacePrivateDnsZoneResourceId')]" + }, + "location": "[if(not(parameters('existingWorkspace')), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, split(parameters('sharedServicesSubnetResourceId'), '/')[4]), 'Microsoft.Resources/deployments', format('get-vnet-shared-services-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.location.value), createObject('value', ''))]", + "subnetResourceId": { + "value": "[parameters('sharedServicesSubnetResourceId')]" + }, + "tags": { + "value": "[parameters('mlzTags')]" + }, + "workspaceGlobalName": { + "value": "[parameters('workspaceGlobalName')]" + }, + "workspaceGlobalNetworkInterfaceName": { + "value": "[parameters('workspaceGlobalNetworkInterfaceName')]" + }, + "workspaceGlobalPrivateEndpointName": { + "value": "[parameters('workspaceGlobalPrivateEndpointName')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "13370532288717139142" + } + }, + "parameters": { + "globalWorkspacePrivateDnsZoneResourceId": { + "type": "string" + }, + "location": { + "type": "string" + }, + "subnetResourceId": { + "type": "string" + }, + "tags": { + "type": "object" + }, + "workspaceGlobalName": { + "type": "string" + }, + "workspaceGlobalNetworkInterfaceName": { + "type": "string" + }, + "workspaceGlobalPrivateEndpointName": { + "type": "string" + } + }, + "resources": [ + { + "type": "Microsoft.DesktopVirtualization/workspaces", + "apiVersion": "2023-09-05", + "name": "[parameters('workspaceGlobalName')]", + "location": "[parameters('location')]", + "tags": "[parameters('tags')]", + "properties": {} + }, + { + "type": "Microsoft.Network/privateEndpoints", + "apiVersion": "2023-04-01", + "name": "[parameters('workspaceGlobalPrivateEndpointName')]", + "location": "[parameters('location')]", + "tags": "[parameters('tags')]", + "properties": { + "customNetworkInterfaceName": "[parameters('workspaceGlobalNetworkInterfaceName')]", + "privateLinkServiceConnections": [ + { + "name": "[parameters('workspaceGlobalPrivateEndpointName')]", + "properties": { + "privateLinkServiceId": "[resourceId('Microsoft.DesktopVirtualization/workspaces', parameters('workspaceGlobalName'))]", + "groupIds": [ + "global" + ] + } + } + ], + "subnet": { + "id": "[parameters('subnetResourceId')]" + } + }, + "dependsOn": [ + "[resourceId('Microsoft.DesktopVirtualization/workspaces', parameters('workspaceGlobalName'))]" + ] + }, + { + "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups", + "apiVersion": "2023-05-01", + "name": "[format('{0}/{1}', parameters('workspaceGlobalPrivateEndpointName'), 'default')]", + "properties": { + "privateDnsZoneConfigs": [ + { + "name": "[replace(split(parameters('globalWorkspacePrivateDnsZoneResourceId'), '/')[8], '.', '-')]", + "properties": { + "privateDnsZoneId": "[parameters('globalWorkspacePrivateDnsZoneResourceId')]" + } + } + ] + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/privateEndpoints', parameters('workspaceGlobalPrivateEndpointName'))]" + ] + } + ] + } + }, + "dependsOn": [ + "[subscriptionResourceId(split(parameters('sharedServicesSubnetResourceId'), '/')[2], 'Microsoft.Resources/deployments', format('deploy-rg-vdws-global-{0}', parameters('deploymentNameSuffix')))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, split(parameters('sharedServicesSubnetResourceId'), '/')[4]), 'Microsoft.Resources/deployments', format('get-vnet-shared-services-{0}', parameters('deploymentNameSuffix')))]" + ] + } + ] + } + }, + "dependsOn": [ + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-management-{0}', parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix')))]" + ] + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-control-plane-{0}', parameters('deploymentNameSuffix'))]", + "location": "[deployment().location]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "activeDirectorySolution": { + "value": "[parameters('activeDirectorySolution')]" + }, + "artifactsUri": { + "value": "[variables('artifactsUri')]" + }, + "avdPrivateDnsZoneResourceId": { + "value": "[format('{0}{1}', variables('privateDnsZoneResourceIdPrefix'), filter(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.privateDnsZones.value, lambda('name', startsWith(lambdaVariables('name'), 'privatelink.wvd')))[0])]" + }, + "customImageId": { + "value": "[variables('customImageId')]" + }, + "customRdpProperty": { + "value": "[parameters('customRdpProperty')]" + }, + "deploymentNameSuffix": { + "value": "[parameters('deploymentNameSuffix')]" + }, + "deploymentUserAssignedIdentityClientId": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-management-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.deploymentUserAssignedIdentityClientId.value]" + }, + "desktopFriendlyName": "[if(empty(parameters('desktopFriendlyName')), createObject('value', string(parameters('stampIndex'))), createObject('value', parameters('desktopFriendlyName')))]", + "diskSku": { + "value": "[parameters('diskSku')]" + }, + "domainName": { + "value": "[parameters('domainName')]" + }, + "existingFeedWorkspace": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-management-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.existingFeedWorkspace.value]" + }, + "hostPoolPublicNetworkAccess": { + "value": "[parameters('hostPoolPublicNetworkAccess')]" + }, + "hostPoolType": { + "value": "[parameters('hostPoolType')]" + }, + "imageOffer": { + "value": "[parameters('imageOffer')]" + }, + "imagePublisher": { + "value": "[parameters('imagePublisher')]" + }, + "imageSku": { + "value": "[parameters('imageSku')]" + }, + "imageVersionResourceId": { + "value": "[parameters('imageVersionResourceId')]" + }, + "locationControlPlane": { + "value": "[parameters('locationControlPlane')]" + }, + "locationVirtualMachines": { + "value": "[parameters('locationVirtualMachines')]" + }, + "logAnalyticsWorkspaceResourceId": "[if(parameters('monitoring'), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-management-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.logAnalyticsWorkspaceResourceId.value), createObject('value', ''))]", + "managementVirtualMachineName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-management-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.virtualMachineName.value]" + }, + "maxSessionLimit": { + "value": "[mul(parameters('usersPerCore'), parameters('virtualMachineVirtualCpuCount'))]" + }, + "mlzTags": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.mlzTags.value]" + }, + "monitoring": { + "value": "[parameters('monitoring')]" + }, + "namingConvention": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.namingConvention.value]" + }, + "resourceGroups": { + "value": "[union(createArray(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', variables('resourceGroupServices')[0], parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value, reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', variables('resourceGroupServices')[1], parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value, reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', variables('resourceGroupServices')[2], parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value, reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', variables('resourceGroupServices')[3], parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value), if(variables('deployFslogix'), createArray(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', variables('resourceGroupServices')[4], parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value), createArray()))]" + }, + "roleDefinitions": { + "value": "[variables('roleDefinitions')]" + }, + "securityPrincipalObjectIds": { + "value": "[map(parameters('securityPrincipals'), lambda('item', lambdaVariables('item').objectId))]" + }, + "serviceToken": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value.service]" + }, + "sessionHostNamePrefix": "[if(equals(length(variables('deploymentLocations')), 2), createObject('value', replace(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-session-hosts-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.namingConvention.value.virtualMachine, reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-session-hosts-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value.service, '')), createObject('value', replace(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.namingConvention.value.virtualMachine, reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value.service, '')))]", + "subnetResourceId": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.subnetResourceId.value]" + }, + "tags": { + "value": "[parameters('tags')]" + }, + "validationEnvironment": { + "value": "[parameters('validationEnvironment')]" + }, + "virtualMachineSize": { + "value": "[parameters('virtualMachineSize')]" + }, + "workspaceFriendlyName": { + "value": "[parameters('workspaceFriendlyName')]" + }, + "workspacePublicNetworkAccess": { + "value": "[parameters('workspacePublicNetworkAccess')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "487655146128994347" + } + }, + "parameters": { + "activeDirectorySolution": { + "type": "string" + }, + "artifactsUri": { + "type": "string" + }, + "avdPrivateDnsZoneResourceId": { + "type": "string" + }, + "customImageId": { + "type": "string" + }, + "customRdpProperty": { + "type": "string" + }, + "deploymentNameSuffix": { + "type": "string" + }, + "deploymentUserAssignedIdentityClientId": { + "type": "string" + }, + "desktopFriendlyName": { + "type": "string" + }, + "diskSku": { + "type": "string" + }, + "domainName": { + "type": "string" + }, + "existingFeedWorkspace": { + "type": "bool" + }, + "hostPoolPublicNetworkAccess": { + "type": "string" + }, + "hostPoolType": { + "type": "string" + }, + "imageOffer": { + "type": "string" + }, + "imagePublisher": { + "type": "string" + }, + "imageSku": { + "type": "string" + }, + "imageVersionResourceId": { + "type": "string" + }, + "locationControlPlane": { + "type": "string" + }, + "locationVirtualMachines": { + "type": "string" + }, + "logAnalyticsWorkspaceResourceId": { + "type": "string" + }, + "managementVirtualMachineName": { + "type": "string" + }, + "maxSessionLimit": { + "type": "int" + }, + "mlzTags": { + "type": "object" + }, + "monitoring": { + "type": "bool" + }, + "namingConvention": { + "type": "object" + }, + "resourceGroups": { + "type": "array" + }, + "roleDefinitions": { + "type": "object" + }, + "securityPrincipalObjectIds": { + "type": "array" + }, + "serviceToken": { + "type": "string" + }, + "sessionHostNamePrefix": { + "type": "string" + }, + "subnetResourceId": { + "type": "string" + }, + "tags": { + "type": "object" + }, + "validationEnvironment": { + "type": "bool" + }, + "virtualMachineSize": { + "type": "string" + }, + "workspaceFriendlyName": { + "type": "string" + }, + "workspacePublicNetworkAccess": { + "type": "string" + } + }, + "variables": { + "galleryImageOffer": "[if(empty(parameters('imageVersionResourceId')), format('\"{0}\"', parameters('imageOffer')), 'null')]", + "galleryImagePublisher": "[if(empty(parameters('imageVersionResourceId')), format('\"{0}\"', parameters('imagePublisher')), 'null')]", + "galleryImageSku": "[if(empty(parameters('imageVersionResourceId')), format('\"{0}\"', parameters('imageSku')), 'null')]", + "galleryItemId": "[if(empty(parameters('imageVersionResourceId')), format('\"{0}.{1}{2}\"', parameters('imagePublisher'), parameters('imageOffer'), parameters('imageSku')), 'null')]", + "hostPoolName": "[parameters('namingConvention').hostPool]", + "imageType": "[if(empty(parameters('imageVersionResourceId')), '\"Gallery\"', '\"CustomImage\"')]" + }, + "resources": [ + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-vdpool-{0}', parameters('deploymentNameSuffix'))]", + "resourceGroup": "[parameters('resourceGroups')[0]]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "activeDirectorySolution": { + "value": "[parameters('activeDirectorySolution')]" + }, + "avdPrivateDnsZoneResourceId": { + "value": "[parameters('avdPrivateDnsZoneResourceId')]" + }, + "customImageId": { + "value": "[parameters('customImageId')]" + }, + "customRdpProperty": { + "value": "[parameters('customRdpProperty')]" + }, + "diskSku": { + "value": "[parameters('diskSku')]" + }, + "domainName": { + "value": "[parameters('domainName')]" + }, + "galleryImageOffer": { + "value": "[variables('galleryImageOffer')]" + }, + "galleryImagePublisher": { + "value": "[variables('galleryImagePublisher')]" + }, + "galleryImageSku": { + "value": "[variables('galleryImageSku')]" + }, + "galleryItemId": { + "value": "[variables('galleryItemId')]" + }, + "hostPoolDiagnosticSettingName": { + "value": "[parameters('namingConvention').hostPoolDiagnosticSetting]" + }, + "hostPoolName": { + "value": "[variables('hostPoolName')]" + }, + "hostPoolNetworkInterfaceName": { + "value": "[parameters('namingConvention').hostPoolNetworkInterface]" + }, + "hostPoolPrivateEndpointName": { + "value": "[parameters('namingConvention').hostPoolPrivateEndpoint]" + }, + "hostPoolPublicNetworkAccess": { + "value": "[parameters('hostPoolPublicNetworkAccess')]" + }, + "hostPoolType": { + "value": "[parameters('hostPoolType')]" + }, + "imageType": { + "value": "[variables('imageType')]" + }, + "location": { + "value": "[parameters('locationControlPlane')]" + }, + "logAnalyticsWorkspaceResourceId": { + "value": "[parameters('logAnalyticsWorkspaceResourceId')]" + }, + "maxSessionLimit": { + "value": "[parameters('maxSessionLimit')]" + }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, + "monitoring": { + "value": "[parameters('monitoring')]" + }, + "sessionHostNamePrefix": { + "value": "[parameters('sessionHostNamePrefix')]" + }, + "subnetResourceId": { + "value": "[parameters('subnetResourceId')]" + }, + "tags": { + "value": "[parameters('tags')]" + }, + "validationEnvironment": { + "value": "[parameters('validationEnvironment')]" + }, + "virtualMachineSize": { + "value": "[parameters('virtualMachineSize')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "9791414966080690969" + } + }, + "parameters": { + "activeDirectorySolution": { + "type": "string" + }, + "avdPrivateDnsZoneResourceId": { + "type": "string" + }, + "customImageId": { + "type": "string" + }, + "customRdpProperty": { + "type": "string" + }, + "diskSku": { + "type": "string" + }, + "domainName": { + "type": "string" + }, + "galleryImageOffer": { + "type": "string" + }, + "galleryImagePublisher": { + "type": "string" + }, + "galleryImageSku": { + "type": "string" + }, + "galleryItemId": { + "type": "string" + }, + "hostPoolDiagnosticSettingName": { + "type": "string" + }, + "hostPoolName": { + "type": "string" + }, + "hostPoolNetworkInterfaceName": { + "type": "string" + }, + "hostPoolPrivateEndpointName": { + "type": "string" + }, + "hostPoolPublicNetworkAccess": { + "type": "string" + }, + "hostPoolType": { + "type": "string" + }, + "imageType": { + "type": "string" + }, + "location": { + "type": "string" + }, + "logAnalyticsWorkspaceResourceId": { + "type": "string" + }, + "maxSessionLimit": { + "type": "int" + }, + "mlzTags": { + "type": "object" + }, + "monitoring": { + "type": "bool" + }, + "sessionHostNamePrefix": { + "type": "string" + }, + "subnetResourceId": { + "type": "string" + }, + "tags": { + "type": "object" + }, + "time": { + "type": "string", + "defaultValue": "[utcNow('u')]" + }, + "validationEnvironment": { + "type": "bool" + }, + "virtualMachineSize": { + "type": "string" + } + }, + "variables": { + "customRdpProperty_Complete": "[if(contains(parameters('activeDirectorySolution'), 'MicrosoftEntraId'), format('{0}targetisaadjoined:i:1;enablerdsaadauth:i:1;', parameters('customRdpProperty')), parameters('customRdpProperty'))]", + "hostPoolLogs": [ + { + "category": "Checkpoint", + "enabled": true + }, + { + "category": "Error", + "enabled": true + }, + { + "category": "Management", + "enabled": true + }, + { + "category": "Connection", + "enabled": true + }, + { + "category": "HostRegistration", + "enabled": true + }, + { + "category": "AgentHealthStatus", + "enabled": true + } + ] + }, + "resources": [ + { + "type": "Microsoft.DesktopVirtualization/hostPools", + "apiVersion": "2023-09-05", + "name": "[parameters('hostPoolName')]", + "location": "[parameters('location')]", + "tags": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, resourceGroup().name, parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.DesktopVirtualization/hostPools'), parameters('tags')['Microsoft.DesktopVirtualization/hostPools'], createObject()), parameters('mlzTags'))]", + "properties": { + "customRdpProperty": "[variables('customRdpProperty_Complete')]", + "hostPoolType": "[split(parameters('hostPoolType'), ' ')[0]]", + "loadBalancerType": "[if(contains(parameters('hostPoolType'), 'Pooled'), split(parameters('hostPoolType'), ' ')[1], 'Persistent')]", + "maxSessionLimit": "[parameters('maxSessionLimit')]", + "personalDesktopAssignmentType": "[if(contains(parameters('hostPoolType'), 'Personal'), split(parameters('hostPoolType'), ' ')[1], null())]", + "preferredAppGroupType": "Desktop", + "publicNetworkAccess": "[parameters('hostPoolPublicNetworkAccess')]", + "registrationInfo": { + "expirationTime": "[dateTimeAdd(parameters('time'), 'PT2H')]", + "registrationTokenOperation": "Update" + }, + "startVMOnConnect": true, + "validationEnvironment": "[parameters('validationEnvironment')]", + "vmTemplate": "[format('{{\"domain\":\"{0}\",\"galleryImageOffer\":{1},\"galleryImagePublisher\":{2},\"galleryImageSKU\":{3},\"imageType\":{4},\"customImageId\":{5},\"namePrefix\":\"{6}\",\"osDiskType\":\"{7}\",\"vmSize\":{{\"id\":\"{8}\",\"cores\":null,\"ram\":null,\"rdmaEnabled\": false,\"supportsMemoryPreservingMaintenance\": true}},\"galleryItemId\":{9},\"hibernate\":false,\"diskSizeGB\":0,\"securityType\":\"TrustedLaunch\",\"secureBoot\":true,\"vTPM\":true,\"vmInfrastructureType\":\"Cloud\",\"virtualProcessorCount\":null,\"memoryGB\":null,\"maximumMemoryGB\":null,\"minimumMemoryGB\":null,\"dynamicMemoryConfig\":false}}', parameters('domainName'), parameters('galleryImageOffer'), parameters('galleryImagePublisher'), parameters('galleryImageSku'), parameters('imageType'), parameters('customImageId'), parameters('sessionHostNamePrefix'), parameters('diskSku'), parameters('virtualMachineSize'), parameters('galleryItemId'))]" + } + }, + { + "type": "Microsoft.Network/privateEndpoints", + "apiVersion": "2023-04-01", + "name": "[parameters('hostPoolPrivateEndpointName')]", + "location": "[parameters('location')]", + "tags": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, resourceGroup().name, parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.Network/privateEndpoints'), parameters('tags')['Microsoft.Network/privateEndpoints'], createObject()), parameters('mlzTags'))]", + "properties": { + "customNetworkInterfaceName": "[parameters('hostPoolNetworkInterfaceName')]", + "privateLinkServiceConnections": [ + { + "name": "[parameters('hostPoolPrivateEndpointName')]", + "properties": { + "privateLinkServiceId": "[resourceId('Microsoft.DesktopVirtualization/hostPools', parameters('hostPoolName'))]", + "groupIds": [ + "connection" + ] + } + } + ], + "subnet": { + "id": "[parameters('subnetResourceId')]" + } + }, + "dependsOn": [ + "[resourceId('Microsoft.DesktopVirtualization/hostPools', parameters('hostPoolName'))]" + ] + }, + { + "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups", + "apiVersion": "2023-05-01", + "name": "[format('{0}/{1}', parameters('hostPoolPrivateEndpointName'), 'default')]", + "properties": { + "privateDnsZoneConfigs": [ + { + "name": "[replace(split(parameters('avdPrivateDnsZoneResourceId'), '/')[8], '.', '-')]", + "properties": { + "privateDnsZoneId": "[parameters('avdPrivateDnsZoneResourceId')]" + } + } + ] + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/privateEndpoints', parameters('hostPoolPrivateEndpointName'))]" + ] + }, + { + "condition": "[parameters('monitoring')]", + "type": "Microsoft.Insights/diagnosticSettings", + "apiVersion": "2021-05-01-preview", + "scope": "[format('Microsoft.DesktopVirtualization/hostPools/{0}', parameters('hostPoolName'))]", + "name": "[parameters('hostPoolDiagnosticSettingName')]", + "properties": { + "logs": "[variables('hostPoolLogs')]", + "workspaceId": "[parameters('logAnalyticsWorkspaceResourceId')]" + }, + "dependsOn": [ + "[resourceId('Microsoft.DesktopVirtualization/hostPools', parameters('hostPoolName'))]" + ] + } + ], + "outputs": { + "name": { + "type": "string", + "value": "[parameters('hostPoolName')]" + }, + "resourceId": { + "type": "string", + "value": "[resourceId('Microsoft.DesktopVirtualization/hostPools', parameters('hostPoolName'))]" + } + } + } + } + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-vdag-{0}', parameters('deploymentNameSuffix'))]", + "resourceGroup": "[parameters('resourceGroups')[0]]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "artifactsUri": { + "value": "[parameters('artifactsUri')]" + }, + "deploymentNameSuffix": { + "value": "[parameters('deploymentNameSuffix')]" + }, + "deploymentUserAssignedIdentityClientId": { + "value": "[parameters('deploymentUserAssignedIdentityClientId')]" + }, + "desktopApplicationGroupName": { + "value": "[replace(parameters('namingConvention').applicationGroup, parameters('serviceToken'), 'desktop')]" + }, + "hostPoolResourceId": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroups')[0]), 'Microsoft.Resources/deployments', format('deploy-vdpool-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.resourceId.value]" + }, + "locationControlPlane": { + "value": "[parameters('locationControlPlane')]" + }, + "locationVirtualMachines": { + "value": "[parameters('locationVirtualMachines')]" + }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, + "resourceGroupManagement": { + "value": "[parameters('resourceGroups')[3]]" + }, + "roleDefinitions": { + "value": "[parameters('roleDefinitions')]" + }, + "securityPrincipalObjectIds": { + "value": "[parameters('securityPrincipalObjectIds')]" + }, + "desktopFriendlyName": { + "value": "[parameters('desktopFriendlyName')]" + }, + "tags": { + "value": "[parameters('tags')]" + }, + "virtualMachineName": { + "value": "[parameters('managementVirtualMachineName')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "18353736919023594644" + } + }, + "parameters": { + "artifactsUri": { + "type": "string" + }, + "deploymentNameSuffix": { + "type": "string" + }, + "deploymentUserAssignedIdentityClientId": { + "type": "string" + }, + "desktopApplicationGroupName": { + "type": "string" + }, + "desktopFriendlyName": { + "type": "string" + }, + "hostPoolResourceId": { + "type": "string" + }, + "locationControlPlane": { + "type": "string" + }, + "locationVirtualMachines": { + "type": "string" + }, + "mlzTags": { + "type": "object" + }, + "resourceGroupManagement": { + "type": "string" + }, + "roleDefinitions": { + "type": "object" + }, + "securityPrincipalObjectIds": { + "type": "array" + }, + "tags": { + "type": "object" + }, + "virtualMachineName": { + "type": "string" + } + }, + "resources": [ + { + "type": "Microsoft.DesktopVirtualization/applicationGroups", + "apiVersion": "2021-03-09-preview", + "name": "[parameters('desktopApplicationGroupName')]", + "location": "[parameters('locationControlPlane')]", + "tags": "[union(createObject('cm-resource-parent', parameters('hostPoolResourceId')), if(contains(parameters('tags'), 'Microsoft.DesktopVirtualization/applicationGroups'), parameters('tags')['Microsoft.DesktopVirtualization/applicationGroups'], createObject()), parameters('mlzTags'))]", + "properties": { + "hostPoolArmPath": "[parameters('hostPoolResourceId')]", + "applicationGroupType": "Desktop" + } + }, + { + "copy": { + "name": "roleAssignment", + "count": "[length(range(0, length(parameters('securityPrincipalObjectIds'))))]" + }, + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2022-04-01", + "scope": "[format('Microsoft.DesktopVirtualization/applicationGroups/{0}', parameters('desktopApplicationGroupName'))]", + "name": "[guid(parameters('securityPrincipalObjectIds')[range(0, length(parameters('securityPrincipalObjectIds')))[copyIndex()]], parameters('roleDefinitions').DesktopVirtualizationUser, parameters('desktopApplicationGroupName'))]", + "properties": { + "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', parameters('roleDefinitions').DesktopVirtualizationUser)]", + "principalId": "[parameters('securityPrincipalObjectIds')[range(0, length(parameters('securityPrincipalObjectIds')))[copyIndex()]]]" + }, + "dependsOn": [ + "[resourceId('Microsoft.DesktopVirtualization/applicationGroups', parameters('desktopApplicationGroupName'))]" + ] + }, + { + "condition": "[not(empty(parameters('desktopFriendlyName')))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-vdapp-friendly-name-{0}', parameters('deploymentNameSuffix'))]", + "resourceGroup": "[parameters('resourceGroupManagement')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "fileUris": { + "value": [ + "[format('{0}Update-AvdDesktop.ps1', parameters('artifactsUri'))]" + ] + }, + "location": { + "value": "[parameters('locationVirtualMachines')]" + }, + "parameters": { + "value": "[format('-ApplicationGroupName {0} -Environment {1} -FriendlyName \"{2}\" -ResourceGroupName {3} -SubscriptionId {4} -Tenant {5} -UserAssignedIdentityClientId {6}', parameters('desktopApplicationGroupName'), environment().name, parameters('desktopFriendlyName'), resourceGroup().name, subscription().subscriptionId, tenant().tenantId, parameters('deploymentUserAssignedIdentityClientId'))]" + }, + "scriptFileName": { + "value": "Update-AvdDesktop.ps1" + }, + "tags": { + "value": "[union(createObject('cm-resource-parent', parameters('hostPoolResourceId')), if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), parameters('tags')['Microsoft.Compute/virtualMachines'], createObject()), parameters('mlzTags'))]" + }, + "userAssignedIdentityClientId": { + "value": "[parameters('deploymentUserAssignedIdentityClientId')]" + }, + "virtualMachineName": { + "value": "[parameters('virtualMachineName')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "13331181864693511452" + } + }, + "parameters": { + "fileUris": { + "type": "array" + }, + "location": { + "type": "string" + }, + "parameters": { + "type": "securestring" + }, + "scriptFileName": { + "type": "string" + }, + "tags": { + "type": "object" + }, + "timestamp": { + "type": "string", + "defaultValue": "[utcNow('yyyyMMddhhmmss')]" + }, + "userAssignedIdentityClientId": { + "type": "string" + }, + "virtualMachineName": { + "type": "string" + } + }, + "resources": [ + { + "type": "Microsoft.Compute/virtualMachines/extensions", + "apiVersion": "2021-03-01", + "name": "[format('{0}/{1}', parameters('virtualMachineName'), 'CustomScriptExtension')]", + "location": "[parameters('location')]", + "tags": "[parameters('tags')]", + "properties": { + "publisher": "Microsoft.Compute", + "type": "CustomScriptExtension", + "typeHandlerVersion": "1.10", + "autoUpgradeMinorVersion": true, + "settings": { + "timestamp": "[parameters('timestamp')]" + }, + "protectedSettings": { + "commandToExecute": "[format('powershell -ExecutionPolicy Unrestricted -File {0} {1}', parameters('scriptFileName'), parameters('parameters'))]", + "fileUris": "[parameters('fileUris')]", + "managedIdentity": { + "clientId": "[parameters('userAssignedIdentityClientId')]" + } + } + } + } + ], + "outputs": { + "value": { + "type": "object", + "value": "[json(filter(reference(resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), 'CustomScriptExtension'), '2021-03-01').instanceView.substatuses, lambda('item', equals(lambdaVariables('item').code, 'ComponentStatus/StdOut/succeeded')))[0].message)]" + } + } + } + }, + "dependsOn": [ + "[resourceId('Microsoft.DesktopVirtualization/applicationGroups', parameters('desktopApplicationGroupName'))]" + ] + } + ], + "outputs": { + "applicationGroupReference": { + "type": "array", + "value": [ + "[resourceId('Microsoft.DesktopVirtualization/applicationGroups', parameters('desktopApplicationGroupName'))]" + ] + }, + "resourceId": { + "type": "string", + "value": "[resourceId('Microsoft.DesktopVirtualization/applicationGroups', parameters('desktopApplicationGroupName'))]" + } + } + } + }, + "dependsOn": [ + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroups')[0]), 'Microsoft.Resources/deployments', format('deploy-vdpool-{0}', parameters('deploymentNameSuffix')))]" + ] + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-vdws-feed-{0}', parameters('deploymentNameSuffix'))]", + "resourceGroup": "[parameters('resourceGroups')[1]]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "applicationGroupReferences": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroups')[0]), 'Microsoft.Resources/deployments', format('deploy-vdag-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.applicationGroupReference.value]" + }, + "artifactsUri": { + "value": "[parameters('artifactsUri')]" + }, + "avdPrivateDnsZoneResourceId": { + "value": "[parameters('avdPrivateDnsZoneResourceId')]" + }, + "deploymentNameSuffix": { + "value": "[parameters('deploymentNameSuffix')]" + }, + "deploymentUserAssignedIdentityClientId": { + "value": "[parameters('deploymentUserAssignedIdentityClientId')]" + }, + "existing": { + "value": "[parameters('existingFeedWorkspace')]" + }, + "hostPoolName": { + "value": "[variables('hostPoolName')]" + }, + "locationControlPlane": { + "value": "[parameters('locationControlPlane')]" + }, + "locationVirtualMachines": { + "value": "[parameters('locationVirtualMachines')]" + }, + "logAnalyticsWorkspaceResourceId": { + "value": "[parameters('logAnalyticsWorkspaceResourceId')]" + }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, + "monitoring": { + "value": "[parameters('monitoring')]" + }, + "resourceGroupManagement": { + "value": "[parameters('resourceGroups')[3]]" + }, + "subnetResourceId": { + "value": "[parameters('subnetResourceId')]" + }, + "tags": { + "value": "[parameters('tags')]" + }, + "virtualMachineName": { + "value": "[parameters('managementVirtualMachineName')]" + }, + "workspaceFeedDiagnoticSettingName": { + "value": "[replace(parameters('namingConvention').workspaceFeedDiagnosticSetting, parameters('serviceToken'), 'feed')]" + }, + "workspaceFeedName": { + "value": "[replace(parameters('namingConvention').workspaceFeed, parameters('serviceToken'), 'feed')]" + }, + "workspaceFeedNetworkInterfaceName": { + "value": "[replace(parameters('namingConvention').workspaceFeedNetworkInterface, parameters('serviceToken'), 'feed')]" + }, + "workspaceFeedPrivateEndpointName": { + "value": "[replace(parameters('namingConvention').workspaceFeedPrivateEndpoint, parameters('serviceToken'), 'feed')]" + }, + "workspaceFriendlyName": "[if(empty(parameters('workspaceFriendlyName')), createObject('value', replace(parameters('namingConvention').workspaceFeed, parameters('serviceToken'), '')), createObject('value', format('{0} ({1})', parameters('workspaceFriendlyName'), parameters('locationControlPlane'))))]", + "workspacePublicNetworkAccess": { + "value": "[parameters('workspacePublicNetworkAccess')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "18015592018157852086" + } + }, + "parameters": { + "applicationGroupReferences": { + "type": "array" + }, + "artifactsUri": { + "type": "string" + }, + "avdPrivateDnsZoneResourceId": { + "type": "string" + }, + "deploymentNameSuffix": { + "type": "string" + }, + "deploymentUserAssignedIdentityClientId": { + "type": "string" + }, + "existing": { + "type": "bool" + }, + "hostPoolName": { + "type": "string" + }, + "locationControlPlane": { + "type": "string" + }, + "locationVirtualMachines": { + "type": "string" + }, + "logAnalyticsWorkspaceResourceId": { + "type": "string" + }, + "mlzTags": { + "type": "object" + }, + "monitoring": { + "type": "bool" + }, + "resourceGroupManagement": { + "type": "string" + }, + "subnetResourceId": { + "type": "string" + }, + "tags": { + "type": "object" + }, + "virtualMachineName": { + "type": "string" + }, + "workspaceFeedDiagnoticSettingName": { + "type": "string" + }, + "workspaceFeedName": { + "type": "string" + }, + "workspaceFeedNetworkInterfaceName": { + "type": "string" + }, + "workspaceFeedPrivateEndpointName": { + "type": "string" + }, + "workspaceFriendlyName": { + "type": "string" + }, + "workspacePublicNetworkAccess": { + "type": "string" + } + }, + "resources": [ + { + "condition": "[not(parameters('existing'))]", + "type": "Microsoft.DesktopVirtualization/workspaces", + "apiVersion": "2023-09-05", + "name": "[parameters('workspaceFeedName')]", + "location": "[parameters('locationControlPlane')]", + "tags": "[parameters('mlzTags')]", + "properties": { + "applicationGroupReferences": "[parameters('applicationGroupReferences')]", + "friendlyName": "[parameters('workspaceFriendlyName')]", + "publicNetworkAccess": "[parameters('workspacePublicNetworkAccess')]" + } + }, + { + "condition": "[not(parameters('existing'))]", + "type": "Microsoft.Network/privateEndpoints", + "apiVersion": "2023-04-01", + "name": "[parameters('workspaceFeedPrivateEndpointName')]", + "location": "[parameters('locationControlPlane')]", + "tags": "[parameters('mlzTags')]", + "properties": { + "customNetworkInterfaceName": "[parameters('workspaceFeedNetworkInterfaceName')]", + "privateLinkServiceConnections": [ + { + "name": "[parameters('workspaceFeedPrivateEndpointName')]", + "properties": { + "privateLinkServiceId": "[resourceId('Microsoft.DesktopVirtualization/workspaces', parameters('workspaceFeedName'))]", + "groupIds": [ + "feed" + ] + } + } + ], + "subnet": { + "id": "[parameters('subnetResourceId')]" + } + }, + "dependsOn": [ + "[resourceId('Microsoft.DesktopVirtualization/workspaces', parameters('workspaceFeedName'))]" + ] + }, + { + "condition": "[not(parameters('existing'))]", + "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups", + "apiVersion": "2023-05-01", + "name": "[format('{0}/{1}', parameters('workspaceFeedPrivateEndpointName'), 'default')]", + "properties": { + "privateDnsZoneConfigs": [ + { + "name": "[replace(split(parameters('avdPrivateDnsZoneResourceId'), '/')[8], '.', '-')]", + "properties": { + "privateDnsZoneId": "[parameters('avdPrivateDnsZoneResourceId')]" + } + } + ] + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/privateEndpoints', parameters('workspaceFeedPrivateEndpointName'))]" + ] + }, + { + "condition": "[and(not(parameters('existing')), parameters('monitoring'))]", + "type": "Microsoft.Insights/diagnosticSettings", + "apiVersion": "2021-05-01-preview", + "scope": "[format('Microsoft.DesktopVirtualization/workspaces/{0}', parameters('workspaceFeedName'))]", + "name": "[parameters('workspaceFeedDiagnoticSettingName')]", + "properties": { + "logs": [ + { + "category": "Checkpoint", + "enabled": true + }, + { + "category": "Error", + "enabled": true + }, + { + "category": "Management", + "enabled": true + }, + { + "category": "Feed", + "enabled": true + } + ], + "workspaceId": "[parameters('logAnalyticsWorkspaceResourceId')]" + }, + "dependsOn": [ + "[resourceId('Microsoft.DesktopVirtualization/workspaces', parameters('workspaceFeedName'))]" + ] + }, + { + "condition": "[parameters('existing')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('add-vdag-references-{0}', parameters('deploymentNameSuffix'))]", + "resourceGroup": "[parameters('resourceGroupManagement')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "fileUris": { + "value": [ + "[format('{0}Update-AvdWorkspace.ps1', parameters('artifactsUri'))]" + ] + }, + "location": { + "value": "[parameters('locationVirtualMachines')]" + }, + "parameters": { + "value": "[format('-ApplicationGroupReferences \"{0}\" -Environment {1} -ResourceGroupName {2} -SubscriptionId {3} -TenantId {4} -UserAssignedIdentityClientId {5} -WorkspaceName {6}', parameters('applicationGroupReferences'), environment().name, resourceGroup().name, subscription().subscriptionId, tenant().tenantId, parameters('deploymentUserAssignedIdentityClientId'), parameters('workspaceFeedName'))]" + }, + "scriptFileName": { + "value": "Update-AvdWorkspace.ps1" + }, + "tags": { + "value": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, resourceGroup().name, parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), parameters('tags')['Microsoft.Compute/virtualMachines'], createObject()), parameters('mlzTags'))]" + }, + "userAssignedIdentityClientId": { + "value": "[parameters('deploymentUserAssignedIdentityClientId')]" + }, + "virtualMachineName": { + "value": "[parameters('virtualMachineName')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "13331181864693511452" + } + }, + "parameters": { + "fileUris": { + "type": "array" + }, + "location": { + "type": "string" + }, + "parameters": { + "type": "securestring" + }, + "scriptFileName": { + "type": "string" + }, + "tags": { + "type": "object" + }, + "timestamp": { + "type": "string", + "defaultValue": "[utcNow('yyyyMMddhhmmss')]" + }, + "userAssignedIdentityClientId": { + "type": "string" + }, + "virtualMachineName": { + "type": "string" + } + }, + "resources": [ + { + "type": "Microsoft.Compute/virtualMachines/extensions", + "apiVersion": "2021-03-01", + "name": "[format('{0}/{1}', parameters('virtualMachineName'), 'CustomScriptExtension')]", + "location": "[parameters('location')]", + "tags": "[parameters('tags')]", + "properties": { + "publisher": "Microsoft.Compute", + "type": "CustomScriptExtension", + "typeHandlerVersion": "1.10", + "autoUpgradeMinorVersion": true, + "settings": { + "timestamp": "[parameters('timestamp')]" + }, + "protectedSettings": { + "commandToExecute": "[format('powershell -ExecutionPolicy Unrestricted -File {0} {1}', parameters('scriptFileName'), parameters('parameters'))]", + "fileUris": "[parameters('fileUris')]", + "managedIdentity": { + "clientId": "[parameters('userAssignedIdentityClientId')]" + } + } + } + } + ], + "outputs": { + "value": { + "type": "object", + "value": "[json(filter(reference(resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), 'CustomScriptExtension'), '2021-03-01').instanceView.substatuses, lambda('item', equals(lambdaVariables('item').code, 'ComponentStatus/StdOut/succeeded')))[0].message)]" + } + } + } + } + } + ] + } + }, + "dependsOn": [ + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroups')[0]), 'Microsoft.Resources/deployments', format('deploy-vdag-{0}', parameters('deploymentNameSuffix')))]" + ] + } + ], + "outputs": { + "hostPoolName": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroups')[0]), 'Microsoft.Resources/deployments', format('deploy-vdpool-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" + } + } + } + }, + "dependsOn": [ + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-management-{0}', parameters('deploymentNameSuffix')))]", + "rgs", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-session-hosts-{0}', parameters('deploymentNameSuffix')))]" + ] + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-fslogix-{0}', parameters('deploymentNameSuffix'))]", + "location": "[deployment().location]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "activeDirectoryConnection": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-management-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.validateANFfActiveDirectory.value]" + }, + "activeDirectorySolution": { + "value": "[parameters('activeDirectorySolution')]" + }, + "artifactsUri": { + "value": "[variables('artifactsUri')]" + }, + "availability": { + "value": "[parameters('availability')]" + }, + "azureFilesPrivateDnsZoneResourceId": { + "value": "[format('{0}{1}', variables('privateDnsZoneResourceIdPrefix'), filter(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.privateDnsZones.value, lambda('name', contains(lambdaVariables('name'), 'file')))[0])]" + }, + "delegatedSubnetId": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-management-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.validateANFSubnetId.value]" + }, + "deploymentNameSuffix": { + "value": "[parameters('deploymentNameSuffix')]" + }, + "deploymentUserAssignedIdentityClientId": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-management-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.deploymentUserAssignedIdentityClientId.value]" + }, + "dnsServers": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-management-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.validateANFDnsServers.value]" + }, + "domainJoinPassword": { + "value": "[parameters('domainJoinPassword')]" + }, + "domainJoinUserPrincipalName": { + "value": "[parameters('domainJoinUserPrincipalName')]" + }, + "domainName": { + "value": "[parameters('domainName')]" + }, + "encryptionUserAssignedIdentityResourceId": "[if(equals(length(variables('deploymentLocations')), 2), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-session-hosts-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.userAssignedIdentityResourceId.value), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.userAssignedIdentityResourceId.value))]", + "environmentAbbreviation": { + "value": "[parameters('environmentAbbreviation')]" + }, + "fileShares": { + "value": "[variables('fileShares')]" + }, + "fslogixContainerType": { + "value": "[parameters('fslogixContainerType')]" + }, + "fslogixShareSizeInGB": { + "value": "[parameters('fslogixShareSizeInGB')]" + }, + "fslogixStorageService": { + "value": "[parameters('fslogixStorageService')]" + }, + "hostPoolType": { + "value": "[parameters('hostPoolType')]" + }, + "identifier": { + "value": "[parameters('identifier')]" + }, + "keyVaultUri": "[if(equals(length(variables('deploymentLocations')), 2), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-session-hosts-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultUri.value), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultUri.value))]", + "location": { + "value": "[parameters('locationVirtualMachines')]" + }, + "managementVirtualMachineName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-management-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.virtualMachineName.value]" + }, + "mlzTags": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.mlzTags.value]" + }, + "namingConvention": "[if(equals(length(variables('deploymentLocations')), 2), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-session-hosts-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.namingConvention.value), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.namingConvention.value))]", + "netbios": { + "value": "[variables('netbios')]" + }, + "organizationalUnitPath": { + "value": "[parameters('organizationalUnitPath')]" + }, + "recoveryServices": { + "value": "[parameters('recoveryServices')]" + }, + "resourceGroupControlPlane": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', variables('resourceGroupServices')[0], parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" + }, + "resourceGroupManagement": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', variables('resourceGroupServices')[3], parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" + }, + "resourceGroupStorage": "[if(variables('deployFslogix'), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', variables('resourceGroupServices')[4], parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value), createObject('value', ''))]", + "securityPrincipalNames": { + "value": "[map(parameters('securityPrincipals'), lambda('item', lambdaVariables('item').name))]" + }, + "securityPrincipalObjectIds": { + "value": "[map(parameters('securityPrincipals'), lambda('item', lambdaVariables('item').objectId))]" + }, + "serviceToken": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value.service]" + }, + "smbServerLocation": "[if(equals(length(variables('deploymentLocations')), 2), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-session-hosts-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.locatonProperties.value.timeZone), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.locatonProperties.value.timeZone))]", + "storageCount": { + "value": "[parameters('storageCount')]" + }, + "storageEncryptionKeyName": "[if(equals(length(variables('deploymentLocations')), 2), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-session-hosts-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.storageEncryptionKeyName.value), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.storageEncryptionKeyName.value))]", + "storageIndex": { + "value": "[parameters('storageIndex')]" + }, + "storageService": { + "value": "[variables('storageService')]" + }, + "storageSku": { + "value": "[variables('storageSku')]" + }, + "subnetResourceId": "[if(equals(length(variables('deploymentLocations')), 2), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-session-hosts-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.subnetResourceId.value), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.subnetResourceId.value))]", + "tags": { + "value": "[parameters('tags')]" + }, + "timeZone": "[if(equals(length(variables('deploymentLocations')), 2), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-session-hosts-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.locatonProperties.value.abbreviation), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.locatonProperties.value.abbreviation))]" + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "17896200557274991728" + } + }, + "parameters": { + "artifactsUri": { + "type": "string" + }, + "activeDirectoryConnection": { + "type": "string" + }, + "activeDirectorySolution": { + "type": "string" + }, + "availability": { + "type": "string" + }, + "azureFilesPrivateDnsZoneResourceId": { + "type": "string" + }, + "delegatedSubnetId": { + "type": "string" + }, + "deploymentNameSuffix": { + "type": "string" + }, + "deploymentUserAssignedIdentityClientId": { + "type": "string" + }, + "dnsServers": { + "type": "string" + }, + "domainJoinPassword": { + "type": "securestring" + }, + "domainJoinUserPrincipalName": { + "type": "string" + }, + "domainName": { + "type": "string" + }, + "encryptionUserAssignedIdentityResourceId": { + "type": "string" + }, + "environmentAbbreviation": { + "type": "string" + }, + "fileShares": { + "type": "array" + }, + "fslogixShareSizeInGB": { + "type": "int" + }, + "fslogixContainerType": { + "type": "string" + }, + "fslogixStorageService": { + "type": "string" + }, + "hostPoolType": { + "type": "string" + }, + "identifier": { + "type": "string" + }, + "keyVaultUri": { + "type": "string" + }, + "location": { + "type": "string" + }, + "managementVirtualMachineName": { + "type": "string" + }, + "mlzTags": { + "type": "object" + }, + "namingConvention": { + "type": "object" + }, + "netbios": { + "type": "string" + }, + "organizationalUnitPath": { + "type": "string" + }, + "recoveryServices": { + "type": "bool" + }, + "resourceGroupControlPlane": { + "type": "string" + }, + "resourceGroupManagement": { + "type": "string" + }, + "resourceGroupStorage": { + "type": "string" + }, + "securityPrincipalObjectIds": { + "type": "array" + }, + "securityPrincipalNames": { + "type": "array" + }, + "serviceToken": { + "type": "string" + }, + "smbServerLocation": { + "type": "string" + }, + "storageCount": { + "type": "int" + }, + "storageEncryptionKeyName": { + "type": "string" + }, + "storageIndex": { + "type": "int" + }, + "storageSku": { + "type": "string" + }, + "storageService": { + "type": "string" + }, + "subnetResourceId": { + "type": "string" + }, + "tags": { + "type": "object" + }, + "timeZone": { + "type": "string" + } + }, + "variables": { + "hostPoolName": "[parameters('namingConvention').hostPool]", + "tagsAutomationAccounts": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupControlPlane'), variables('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.Automation/automationAccounts'), parameters('tags')['Microsoft.Automation/automationAccounts'], createObject()), parameters('mlzTags'))]", + "tagsNetAppAccount": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupControlPlane'), variables('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.NetApp/netAppAccounts'), parameters('tags')['Microsoft.NetApp/netAppAccounts'], createObject()), parameters('mlzTags'))]", + "tagsPrivateEndpoints": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupControlPlane'), variables('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.Network/privateEndpoints'), parameters('tags')['Microsoft.Network/privateEndpoints'], createObject()), parameters('mlzTags'))]", + "tagsStorageAccounts": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupControlPlane'), variables('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.Storage/storageAccounts'), parameters('tags')['Microsoft.Storage/storageAccounts'], createObject()), parameters('mlzTags'))]", + "tagsRecoveryServicesVault": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupControlPlane'), variables('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.recoveryServices/vaults'), parameters('tags')['Microsoft.recoveryServices/vaults'], createObject()), parameters('mlzTags'))]", + "tagsVirtualMachines": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupControlPlane'), variables('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), parameters('tags')['Microsoft.Compute/virtualMachines'], createObject()), parameters('mlzTags'))]" + }, + "resources": [ + { + "condition": "[and(equals(parameters('storageService'), 'AzureNetAppFiles'), contains(parameters('activeDirectorySolution'), 'DomainServices'))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-anf-{0}', parameters('deploymentNameSuffix'))]", + "resourceGroup": "[parameters('resourceGroupStorage')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "activeDirectoryConnection": { + "value": "[parameters('activeDirectoryConnection')]" + }, + "artifactsUri": { + "value": "[parameters('artifactsUri')]" + }, + "delegatedSubnetId": { + "value": "[parameters('delegatedSubnetId')]" + }, + "deploymentNameSuffix": { + "value": "[parameters('deploymentNameSuffix')]" + }, + "deploymentUserAssignedIdentityClientId": { + "value": "[parameters('deploymentUserAssignedIdentityClientId')]" + }, + "dnsServers": { + "value": "[parameters('dnsServers')]" + }, + "domainJoinPassword": { + "value": "[parameters('domainJoinPassword')]" + }, + "domainJoinUserPrincipalName": { + "value": "[parameters('domainJoinUserPrincipalName')]" + }, + "domainName": { + "value": "[parameters('domainName')]" + }, + "fileShares": { + "value": "[parameters('fileShares')]" + }, + "fslogixContainerType": { + "value": "[parameters('fslogixContainerType')]" + }, + "location": { + "value": "[parameters('location')]" + }, + "managementVirtualMachineName": { + "value": "[parameters('managementVirtualMachineName')]" + }, + "netAppAccountName": { + "value": "[parameters('namingConvention').netAppAccount]" + }, + "netAppCapacityPoolName": { + "value": "[parameters('namingConvention').netAppAccountCapacityPool]" + }, + "organizationalUnitPath": { + "value": "[parameters('organizationalUnitPath')]" + }, + "resourceGroupManagement": { + "value": "[parameters('resourceGroupManagement')]" + }, + "securityPrincipalNames": { + "value": "[parameters('securityPrincipalNames')]" + }, + "smbServerLocation": { + "value": "[parameters('smbServerLocation')]" + }, + "storageService": { + "value": "[parameters('storageService')]" + }, + "storageSku": { + "value": "[parameters('storageSku')]" + }, + "tagsNetAppAccount": { + "value": "[variables('tagsNetAppAccount')]" + }, + "tagsVirtualMachines": { + "value": "[variables('tagsVirtualMachines')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "17473524969724205665" + } + }, + "parameters": { + "artifactsUri": { + "type": "string" + }, + "activeDirectoryConnection": { + "type": "string" + }, + "delegatedSubnetId": { + "type": "string" + }, + "deploymentNameSuffix": { + "type": "string" + }, + "deploymentUserAssignedIdentityClientId": { + "type": "string" + }, + "dnsServers": { + "type": "string" + }, + "domainJoinPassword": { + "type": "securestring" + }, + "domainJoinUserPrincipalName": { + "type": "string" + }, + "domainName": { + "type": "string" + }, + "fileShares": { + "type": "array" + }, + "fslogixContainerType": { + "type": "string" + }, + "location": { + "type": "string" + }, + "managementVirtualMachineName": { + "type": "string" + }, + "netAppAccountName": { + "type": "string" + }, + "netAppCapacityPoolName": { + "type": "string" + }, + "organizationalUnitPath": { + "type": "string" + }, + "resourceGroupManagement": { + "type": "string" + }, + "securityPrincipalNames": { + "type": "array" + }, + "smbServerLocation": { + "type": "string" + }, + "storageSku": { + "type": "string" + }, + "storageService": { + "type": "string" + }, + "tagsNetAppAccount": { + "type": "object" + }, + "tagsVirtualMachines": { + "type": "object" + } + }, + "resources": [ + { + "type": "Microsoft.NetApp/netAppAccounts", + "apiVersion": "2021-06-01", + "name": "[parameters('netAppAccountName')]", + "location": "[parameters('location')]", + "tags": "[parameters('tagsNetAppAccount')]", + "properties": { + "activeDirectories": "[if(equals(parameters('activeDirectoryConnection'), 'false'), null(), createArray(createObject('aesEncryption', true(), 'domain', parameters('domainName'), 'dns', parameters('dnsServers'), 'organizationalUnit', parameters('organizationalUnitPath'), 'password', parameters('domainJoinPassword'), 'smbServerName', format('anf-{0}', parameters('smbServerLocation')), 'username', split(parameters('domainJoinUserPrincipalName'), '@')[0])))]", + "encryption": { + "keySource": "Microsoft.NetApp" + } + } + }, + { + "type": "Microsoft.NetApp/netAppAccounts/capacityPools", + "apiVersion": "2021-06-01", + "name": "[format('{0}/{1}', parameters('netAppAccountName'), parameters('netAppCapacityPoolName'))]", + "location": "[parameters('location')]", + "tags": "[parameters('tagsNetAppAccount')]", + "properties": { + "coolAccess": false, + "encryptionType": "Single", + "qosType": "Auto", + "serviceLevel": "[parameters('storageSku')]", + "size": 4398046511104 + }, + "dependsOn": [ + "[resourceId('Microsoft.NetApp/netAppAccounts', parameters('netAppAccountName'))]" + ] + }, + { + "copy": { + "name": "volumes", + "count": "[length(range(0, length(parameters('fileShares'))))]" + }, + "type": "Microsoft.NetApp/netAppAccounts/capacityPools/volumes", + "apiVersion": "2021-06-01", + "name": "[format('{0}/{1}/{2}', parameters('netAppAccountName'), parameters('netAppCapacityPoolName'), parameters('fileShares')[range(0, length(parameters('fileShares')))[copyIndex()]])]", + "location": "[parameters('location')]", + "tags": "[parameters('tagsNetAppAccount')]", + "properties": { + "avsDataStore": "Disabled", + "coolAccess": false, + "creationToken": "[parameters('fileShares')[range(0, length(parameters('fileShares')))[copyIndex()]]]", + "defaultGroupQuotaInKiBs": 0, + "defaultUserQuotaInKiBs": 0, + "encryptionKeySource": "Microsoft.NetApp", + "isDefaultQuotaEnabled": false, + "kerberosEnabled": false, + "ldapEnabled": false, + "networkFeatures": "Standard", + "protocolTypes": [ + "CIFS" + ], + "securityStyle": "ntfs", + "serviceLevel": "[parameters('storageSku')]", + "smbContinuouslyAvailable": true, + "smbEncryption": true, + "snapshotDirectoryVisible": true, + "subnetId": "[parameters('delegatedSubnetId')]", + "usageThreshold": 107374182400 + }, + "dependsOn": [ + "[resourceId('Microsoft.NetApp/netAppAccounts/capacityPools', parameters('netAppAccountName'), parameters('netAppCapacityPoolName'))]" + ] + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-fslogix-ntfs-permissions-{0}', parameters('deploymentNameSuffix'))]", + "resourceGroup": "[parameters('resourceGroupManagement')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "fileUris": { + "value": [ + "[format('{0}Set-NtfsPermissions.ps1', parameters('artifactsUri'))]" + ] + }, + "location": { + "value": "[parameters('location')]" + }, + "parameters": { + "value": "[format('-domainJoinPassword \"{0}\" -domainJoinUserPrincipalName {1} -fslogixContainerType {2} -securityPrincipalNames \"{3}\" -smbServerLocation {4} -storageService {5}', parameters('domainJoinPassword'), parameters('domainJoinUserPrincipalName'), parameters('fslogixContainerType'), parameters('securityPrincipalNames'), parameters('smbServerLocation'), parameters('storageService'))]" + }, + "scriptFileName": { + "value": "Set-NtfsPermissions.ps1" + }, + "tags": { + "value": "[parameters('tagsVirtualMachines')]" + }, + "userAssignedIdentityClientId": { + "value": "[parameters('deploymentUserAssignedIdentityClientId')]" + }, + "virtualMachineName": { + "value": "[parameters('managementVirtualMachineName')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "13331181864693511452" + } + }, + "parameters": { + "fileUris": { + "type": "array" + }, + "location": { + "type": "string" + }, + "parameters": { + "type": "securestring" + }, + "scriptFileName": { + "type": "string" + }, + "tags": { + "type": "object" + }, + "timestamp": { + "type": "string", + "defaultValue": "[utcNow('yyyyMMddhhmmss')]" + }, + "userAssignedIdentityClientId": { + "type": "string" + }, + "virtualMachineName": { + "type": "string" + } + }, + "resources": [ + { + "type": "Microsoft.Compute/virtualMachines/extensions", + "apiVersion": "2021-03-01", + "name": "[format('{0}/{1}', parameters('virtualMachineName'), 'CustomScriptExtension')]", + "location": "[parameters('location')]", + "tags": "[parameters('tags')]", + "properties": { + "publisher": "Microsoft.Compute", + "type": "CustomScriptExtension", + "typeHandlerVersion": "1.10", + "autoUpgradeMinorVersion": true, + "settings": { + "timestamp": "[parameters('timestamp')]" + }, + "protectedSettings": { + "commandToExecute": "[format('powershell -ExecutionPolicy Unrestricted -File {0} {1}', parameters('scriptFileName'), parameters('parameters'))]", + "fileUris": "[parameters('fileUris')]", + "managedIdentity": { + "clientId": "[parameters('userAssignedIdentityClientId')]" + } + } + } + } + ], + "outputs": { + "value": { + "type": "object", + "value": "[json(filter(reference(resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), 'CustomScriptExtension'), '2021-03-01').instanceView.substatuses, lambda('item', equals(lambdaVariables('item').code, 'ComponentStatus/StdOut/succeeded')))[0].message)]" + } + } + } + }, + "dependsOn": [ + "volumes" + ] + } + ], + "outputs": { + "fileShares": { + "type": "array", + "value": "[if(contains(parameters('fslogixContainerType'), 'Office'), createArray(reference(resourceId('Microsoft.NetApp/netAppAccounts/capacityPools/volumes', parameters('netAppAccountName'), parameters('netAppCapacityPoolName'), parameters('fileShares')[range(0, length(parameters('fileShares')))[0]]), '2021-06-01').mountTargets[0].smbServerFqdn, reference(resourceId('Microsoft.NetApp/netAppAccounts/capacityPools/volumes', parameters('netAppAccountName'), parameters('netAppCapacityPoolName'), parameters('fileShares')[range(0, length(parameters('fileShares')))[1]]), '2021-06-01').mountTargets[0].smbServerFqdn), createArray(reference(resourceId('Microsoft.NetApp/netAppAccounts/capacityPools/volumes', parameters('netAppAccountName'), parameters('netAppCapacityPoolName'), parameters('fileShares')[range(0, length(parameters('fileShares')))[0]]), '2021-06-01').mountTargets[0].smbServerFqdn))]" + } + } + } + } + }, + { + "condition": "[and(equals(parameters('storageService'), 'AzureFiles'), contains(parameters('activeDirectorySolution'), 'DomainServices'))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-azure-files-{0}', parameters('deploymentNameSuffix'))]", + "resourceGroup": "[parameters('resourceGroupStorage')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "activeDirectorySolution": { + "value": "[parameters('activeDirectorySolution')]" + }, + "artifactsUri": { + "value": "[parameters('artifactsUri')]" + }, + "automationAccountName": { + "value": "[parameters('namingConvention').automationAccount]" + }, + "availability": { + "value": "[parameters('availability')]" + }, + "azureFilesPrivateDnsZoneResourceId": { + "value": "[parameters('azureFilesPrivateDnsZoneResourceId')]" + }, + "deploymentNameSuffix": { + "value": "[parameters('deploymentNameSuffix')]" + }, + "deploymentUserAssignedIdentityClientId": { + "value": "[parameters('deploymentUserAssignedIdentityClientId')]" + }, + "domainJoinPassword": { + "value": "[parameters('domainJoinPassword')]" + }, + "domainJoinUserPrincipalName": { + "value": "[parameters('domainJoinUserPrincipalName')]" + }, + "enableRecoveryServices": { + "value": "[parameters('recoveryServices')]" + }, + "encryptionUserAssignedIdentityResourceId": { + "value": "[parameters('encryptionUserAssignedIdentityResourceId')]" + }, + "environmentAbbreviation": { + "value": "[parameters('environmentAbbreviation')]" + }, + "fileShares": { + "value": "[parameters('fileShares')]" + }, + "fslogixContainerType": { + "value": "[parameters('fslogixContainerType')]" + }, + "fslogixShareSizeInGB": { + "value": "[parameters('fslogixShareSizeInGB')]" + }, + "fslogixStorageService": { + "value": "[parameters('fslogixStorageService')]" + }, + "hostPoolType": { + "value": "[parameters('hostPoolType')]" + }, + "identifier": { + "value": "[parameters('identifier')]" + }, + "keyVaultUri": { + "value": "[parameters('keyVaultUri')]" + }, + "location": { + "value": "[parameters('location')]" + }, + "managementVirtualMachineName": { + "value": "[parameters('managementVirtualMachineName')]" + }, + "netbios": { + "value": "[parameters('netbios')]" + }, + "organizationalUnitPath": { + "value": "[parameters('organizationalUnitPath')]" + }, + "recoveryServicesVaultName": { + "value": "[parameters('namingConvention').recoveryServicesVault]" + }, + "resourceGroupManagement": { + "value": "[parameters('resourceGroupManagement')]" + }, + "resourceGroupStorage": { + "value": "[parameters('resourceGroupStorage')]" + }, + "securityPrincipalNames": { + "value": "[parameters('securityPrincipalNames')]" + }, + "securityPrincipalObjectIds": { + "value": "[parameters('securityPrincipalObjectIds')]" + }, + "serviceName": { + "value": "[parameters('serviceToken')]" + }, + "storageAccountNamePrefix": { + "value": "[parameters('namingConvention').storageAccount]" + }, + "storageAccountNetworkInterfaceNamePrefix": { + "value": "[parameters('namingConvention').storageAccountNetworkInterface]" + }, + "storageAccountPrivateEndpointNamePrefix": { + "value": "[parameters('namingConvention').storageAccountPrivateEndpoint]" + }, + "storageCount": { + "value": "[parameters('storageCount')]" + }, + "storageEncryptionKeyName": { + "value": "[parameters('storageEncryptionKeyName')]" + }, + "storageIndex": { + "value": "[parameters('storageIndex')]" + }, + "storageService": { + "value": "[parameters('storageService')]" + }, + "storageSku": { + "value": "[parameters('storageSku')]" + }, + "subnetResourceId": { + "value": "[parameters('subnetResourceId')]" + }, + "tagsAutomationAccounts": { + "value": "[variables('tagsAutomationAccounts')]" + }, + "tagsPrivateEndpoints": { + "value": "[variables('tagsPrivateEndpoints')]" + }, + "tagsRecoveryServicesVault": { + "value": "[variables('tagsRecoveryServicesVault')]" + }, + "tagsStorageAccounts": { + "value": "[variables('tagsStorageAccounts')]" + }, + "tagsVirtualMachines": { + "value": "[variables('tagsVirtualMachines')]" + }, + "timeZone": { + "value": "[parameters('timeZone')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "17444791728090574025" + } + }, + "parameters": { + "activeDirectorySolution": { + "type": "string" + }, + "artifactsUri": { + "type": "string" + }, + "automationAccountName": { + "type": "string" + }, + "availability": { + "type": "string" + }, + "azureFilesPrivateDnsZoneResourceId": { + "type": "string" + }, + "deploymentNameSuffix": { + "type": "string" + }, + "deploymentUserAssignedIdentityClientId": { + "type": "string" + }, + "domainJoinPassword": { + "type": "securestring" + }, + "domainJoinUserPrincipalName": { + "type": "string" + }, + "enableRecoveryServices": { + "type": "bool" + }, + "encryptionUserAssignedIdentityResourceId": { + "type": "string" + }, + "environmentAbbreviation": { + "type": "string" + }, + "fileShares": { + "type": "array" + }, + "fslogixShareSizeInGB": { + "type": "int" + }, + "fslogixContainerType": { + "type": "string" + }, + "fslogixStorageService": { + "type": "string" + }, + "hostPoolType": { + "type": "string" + }, + "identifier": { + "type": "string" + }, + "keyVaultUri": { + "type": "string" + }, + "location": { + "type": "string" + }, + "managementVirtualMachineName": { + "type": "string" + }, + "netbios": { + "type": "string" + }, + "organizationalUnitPath": { + "type": "string" + }, + "recoveryServicesVaultName": { + "type": "string" + }, + "resourceGroupManagement": { + "type": "string" + }, + "resourceGroupStorage": { + "type": "string" + }, + "securityPrincipalObjectIds": { + "type": "array" + }, + "securityPrincipalNames": { + "type": "array" + }, + "serviceName": { + "type": "string" + }, + "storageAccountNamePrefix": { + "type": "string", + "minLength": 3 + }, + "storageAccountNetworkInterfaceNamePrefix": { + "type": "string" + }, + "storageAccountPrivateEndpointNamePrefix": { + "type": "string" + }, + "storageCount": { + "type": "int" + }, + "storageEncryptionKeyName": { + "type": "string" + }, + "storageIndex": { + "type": "int" + }, + "storageSku": { + "type": "string" + }, + "storageService": { + "type": "string" + }, + "subnetResourceId": { + "type": "string" + }, + "tagsAutomationAccounts": { + "type": "object" + }, + "tagsPrivateEndpoints": { + "type": "object" + }, + "tagsRecoveryServicesVault": { + "type": "object" + }, + "tagsStorageAccounts": { + "type": "object" + }, + "tagsVirtualMachines": { + "type": "object" + }, + "timeZone": { + "type": "string" + } + }, + "variables": { + "roleDefinitionId": "0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb", + "smbMultiChannel": { + "multichannel": { + "enabled": true + } + }, + "smbSettings": { + "versions": "SMB3.1.1;", + "authenticationMethods": "NTLMv2;Kerberos;", + "kerberosTicketEncryption": "AES-256;", + "channelEncryption": "AES-128-GCM;AES-256-GCM;" + }, + "storageRedundancy": "[if(equals(parameters('availability'), 'availabilityZones'), '_ZRS', '_LRS')]", + "uniqueToken": "[uniqueString(parameters('identifier'), parameters('environmentAbbreviation'), subscription().subscriptionId)]" + }, + "resources": [ + { + "copy": { + "name": "storageAccounts", + "count": "[length(range(0, parameters('storageCount')))]" + }, + "type": "Microsoft.Storage/storageAccounts", + "apiVersion": "2022-09-01", + "name": "[take(format('{0}{1}{2}', parameters('storageAccountNamePrefix'), padLeft(add(range(0, parameters('storageCount'))[copyIndex()], parameters('storageIndex')), 2, '0'), variables('uniqueToken')), 24)]", + "location": "[parameters('location')]", + "tags": "[parameters('tagsStorageAccounts')]", + "sku": { + "name": "[format('{0}{1}', parameters('storageSku'), variables('storageRedundancy'))]" + }, + "kind": "[if(equals(parameters('storageSku'), 'Standard'), 'StorageV2', 'FileStorage')]", + "identity": { + "type": "UserAssigned", + "userAssignedIdentities": { + "[format('{0}', parameters('encryptionUserAssignedIdentityResourceId'))]": {} + } + }, + "properties": { + "accessTier": "Hot", + "allowBlobPublicAccess": false, + "allowCrossTenantReplication": false, + "allowedCopyScope": "PrivateLink", + "allowSharedKeyAccess": true, + "azureFilesIdentityBasedAuthentication": { + "directoryServiceOptions": "[if(equals(parameters('activeDirectorySolution'), 'MicrosoftEntraDomainServices'), 'AADDS', 'None')]" + }, + "defaultToOAuthAuthentication": false, + "dnsEndpointType": "Standard", + "encryption": { + "identity": { + "userAssignedIdentity": "[parameters('encryptionUserAssignedIdentityResourceId')]" + }, + "requireInfrastructureEncryption": true, + "keyvaultproperties": { + "keyvaulturi": "[parameters('keyVaultUri')]", + "keyname": "[parameters('storageEncryptionKeyName')]" + }, + "services": "[if(equals(parameters('storageSku'), 'Standard'), createObject('file', createObject('keyType', 'Account', 'enabled', true()), 'table', createObject('keyType', 'Account', 'enabled', true()), 'queue', createObject('keyType', 'Account', 'enabled', true()), 'blob', createObject('keyType', 'Account', 'enabled', true())), createObject('file', createObject('keyType', 'Account', 'enabled', true())))]", + "keySource": "Microsoft.KeyVault" + }, + "largeFileSharesState": "[if(equals(parameters('storageSku'), 'Standard'), 'Enabled', null())]", + "minimumTlsVersion": "TLS1_2", + "networkAcls": { + "bypass": "AzureServices", + "virtualNetworkRules": [], + "ipRules": [], + "defaultAction": "Deny" + }, + "publicNetworkAccess": "Disabled", + "supportsHttpsTrafficOnly": true + } + }, + { + "copy": { + "name": "roleAssignment", + "count": "[length(range(0, parameters('storageCount')))]" + }, + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2022-04-01", + "scope": "[format('Microsoft.Storage/storageAccounts/{0}', take(format('{0}{1}{2}', parameters('storageAccountNamePrefix'), padLeft(add(range(0, parameters('storageCount'))[range(0, parameters('storageCount'))[copyIndex()]], parameters('storageIndex')), 2, '0'), variables('uniqueToken')), 24))]", + "name": "[guid(parameters('securityPrincipalObjectIds')[range(0, parameters('storageCount'))[copyIndex()]], variables('roleDefinitionId'), resourceId('Microsoft.Storage/storageAccounts', take(format('{0}{1}{2}', parameters('storageAccountNamePrefix'), padLeft(add(range(0, parameters('storageCount'))[range(0, parameters('storageCount'))[copyIndex()]], parameters('storageIndex')), 2, '0'), variables('uniqueToken')), 24)))]", + "properties": { + "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', variables('roleDefinitionId'))]", + "principalId": "[parameters('securityPrincipalObjectIds')[range(0, parameters('storageCount'))[copyIndex()]]]" + }, + "dependsOn": [ + "[resourceId('Microsoft.Storage/storageAccounts', take(format('{0}{1}{2}', parameters('storageAccountNamePrefix'), padLeft(add(range(0, parameters('storageCount'))[range(0, parameters('storageCount'))[copyIndex()]], parameters('storageIndex')), 2, '0'), variables('uniqueToken')), 24))]", + "[resourceId('Microsoft.Storage/storageAccounts', take(format('{0}{1}{2}', parameters('storageAccountNamePrefix'), padLeft(add(range(0, parameters('storageCount'))[range(0, parameters('storageCount'))[copyIndex()]], parameters('storageIndex')), 2, '0'), variables('uniqueToken')), 24))]" + ] + }, + { + "copy": { + "name": "fileServices", + "count": "[length(range(0, parameters('storageCount')))]" + }, + "type": "Microsoft.Storage/storageAccounts/fileServices", + "apiVersion": "2022-09-01", + "name": "[format('{0}/{1}', take(format('{0}{1}{2}', parameters('storageAccountNamePrefix'), padLeft(add(range(0, parameters('storageCount'))[range(0, parameters('storageCount'))[copyIndex()]], parameters('storageIndex')), 2, '0'), variables('uniqueToken')), 24), 'default')]", + "properties": { + "protocolSettings": { + "smb": "[if(equals(parameters('storageSku'), 'Standard'), variables('smbSettings'), union(variables('smbSettings'), variables('smbMultiChannel')))]" + }, + "shareDeleteRetentionPolicy": { + "enabled": false + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Storage/storageAccounts', take(format('{0}{1}{2}', parameters('storageAccountNamePrefix'), padLeft(add(range(0, parameters('storageCount'))[range(0, parameters('storageCount'))[copyIndex()]], parameters('storageIndex')), 2, '0'), variables('uniqueToken')), 24))]" + ] + }, + { + "copy": { + "name": "privateEndpoints", + "count": "[length(range(0, parameters('storageCount')))]" + }, + "type": "Microsoft.Network/privateEndpoints", + "apiVersion": "2023-04-01", + "name": "[format('{0}-{1}', replace(parameters('storageAccountPrivateEndpointNamePrefix'), parameters('serviceName'), 'file'), padLeft(add(range(0, parameters('storageCount'))[copyIndex()], parameters('storageIndex')), 2, '0'))]", + "location": "[parameters('location')]", + "tags": "[parameters('tagsPrivateEndpoints')]", + "properties": { + "customNetworkInterfaceName": "[format('{0}-{1}', replace(parameters('storageAccountNetworkInterfaceNamePrefix'), parameters('serviceName'), 'file'), padLeft(add(range(0, parameters('storageCount'))[copyIndex()], parameters('storageIndex')), 2, '0'))]", + "privateLinkServiceConnections": [ + { + "name": "[format('{0}-{1}', replace(parameters('storageAccountPrivateEndpointNamePrefix'), parameters('serviceName'), 'file'), padLeft(add(range(0, parameters('storageCount'))[copyIndex()], parameters('storageIndex')), 2, '0'))]", + "properties": { + "privateLinkServiceId": "[resourceId('Microsoft.Storage/storageAccounts', take(format('{0}{1}{2}', parameters('storageAccountNamePrefix'), padLeft(add(range(0, parameters('storageCount'))[range(0, parameters('storageCount'))[copyIndex()]], parameters('storageIndex')), 2, '0'), variables('uniqueToken')), 24))]", + "groupIds": [ + "file" + ] + } + } + ], + "subnet": { + "id": "[parameters('subnetResourceId')]" + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Storage/storageAccounts', take(format('{0}{1}{2}', parameters('storageAccountNamePrefix'), padLeft(add(range(0, parameters('storageCount'))[range(0, parameters('storageCount'))[copyIndex()]], parameters('storageIndex')), 2, '0'), variables('uniqueToken')), 24))]" + ] + }, + { + "copy": { + "name": "privateDnsZoneGroups", + "count": "[length(range(0, parameters('storageCount')))]" + }, + "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups", + "apiVersion": "2021-08-01", + "name": "[format('{0}/{1}', format('{0}-{1}', replace(parameters('storageAccountPrivateEndpointNamePrefix'), parameters('serviceName'), 'file'), padLeft(add(range(0, parameters('storageCount'))[range(0, parameters('storageCount'))[copyIndex()]], parameters('storageIndex')), 2, '0')), format('{0}-{1}', parameters('storageAccountNamePrefix'), padLeft(add(range(0, parameters('storageCount'))[copyIndex()], parameters('storageIndex')), 2, '0')))]", + "properties": { + "privateDnsZoneConfigs": [ + { + "name": "ipconfig1", + "properties": { + "privateDnsZoneId": "[parameters('azureFilesPrivateDnsZoneResourceId')]" + } + } + ] + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/privateEndpoints', format('{0}-{1}', replace(parameters('storageAccountPrivateEndpointNamePrefix'), parameters('serviceName'), 'file'), padLeft(add(range(0, parameters('storageCount'))[range(0, parameters('storageCount'))[copyIndex()]], parameters('storageIndex')), 2, '0')))]", + "storageAccounts" + ] + }, + { + "copy": { + "name": "shares", + "count": "[length(range(0, parameters('storageCount')))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-file-shares-{0}-{1}', range(0, parameters('storageCount'))[copyIndex()], parameters('deploymentNameSuffix'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "fileShares": { + "value": "[parameters('fileShares')]" + }, + "fslogixShareSizeInGB": { + "value": "[parameters('fslogixShareSizeInGB')]" + }, + "storageAccountName": { + "value": "[take(format('{0}{1}{2}', parameters('storageAccountNamePrefix'), padLeft(add(range(0, parameters('storageCount'))[range(0, parameters('storageCount'))[copyIndex()]], parameters('storageIndex')), 2, '0'), variables('uniqueToken')), 24)]" + }, + "storageSku": { + "value": "[parameters('storageSku')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "15601002555507359086" + } + }, + "parameters": { + "fileShares": { + "type": "array" + }, + "fslogixShareSizeInGB": { + "type": "int" + }, + "storageAccountName": { + "type": "string" + }, + "storageSku": { + "type": "string" + } + }, + "resources": [ + { + "copy": { + "name": "shares", + "count": "[length(range(0, length(parameters('fileShares'))))]" + }, + "type": "Microsoft.Storage/storageAccounts/fileServices/shares", + "apiVersion": "2022-09-01", + "name": "[format('{0}/default/{1}', parameters('storageAccountName'), parameters('fileShares')[range(0, length(parameters('fileShares')))[copyIndex()]])]", + "properties": { + "accessTier": "[if(equals(parameters('storageSku'), 'Premium'), 'Premium', 'TransactionOptimized')]", + "shareQuota": "[parameters('fslogixShareSizeInGB')]", + "enabledProtocols": "SMB" + } + } + ] + } + }, + "dependsOn": [ + "roleAssignment", + "[resourceId('Microsoft.Storage/storageAccounts', take(format('{0}{1}{2}', parameters('storageAccountNamePrefix'), padLeft(add(range(0, parameters('storageCount'))[range(0, parameters('storageCount'))[copyIndex()]], parameters('storageIndex')), 2, '0'), variables('uniqueToken')), 24))]" + ] + }, + { + "condition": "[contains(parameters('activeDirectorySolution'), 'DomainServices')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-fslogix-ntfs-permissions-{0}', parameters('deploymentNameSuffix'))]", + "resourceGroup": "[parameters('resourceGroupManagement')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "fileUris": { + "value": [ + "[format('{0}Set-NtfsPermissions.ps1', parameters('artifactsUri'))]" + ] + }, + "location": { + "value": "[parameters('location')]" + }, + "parameters": { + "value": "[format('-domainJoinPassword \"{0}\" -domainJoinUserPrincipalName {1} -activeDirectorySolution {2} -Environment {3} -fslogixContainerType {4} -netbios {5} -organizationalUnitPath \"{6}\" -securityPrincipalNames \"{7}\" -StorageAccountPrefix {8} -StorageAccountResourceGroupName {9} -storageCount {10} -storageIndex {11} -storageService {12} -StorageSuffix {13} -SubscriptionId {14} -TenantId {15} -uniqueToken {16} -UserAssignedIdentityClientId {17}', parameters('domainJoinPassword'), parameters('domainJoinUserPrincipalName'), parameters('activeDirectorySolution'), environment().name, parameters('fslogixContainerType'), parameters('netbios'), parameters('organizationalUnitPath'), parameters('securityPrincipalNames'), parameters('storageAccountNamePrefix'), parameters('resourceGroupStorage'), parameters('storageCount'), parameters('storageIndex'), parameters('storageService'), environment().suffixes.storage, subscription().subscriptionId, subscription().tenantId, variables('uniqueToken'), parameters('deploymentUserAssignedIdentityClientId'))]" + }, + "scriptFileName": { + "value": "Set-NtfsPermissions.ps1" + }, + "tags": { + "value": "[parameters('tagsVirtualMachines')]" + }, + "userAssignedIdentityClientId": { + "value": "[parameters('deploymentUserAssignedIdentityClientId')]" + }, + "virtualMachineName": { + "value": "[parameters('managementVirtualMachineName')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "13331181864693511452" + } + }, + "parameters": { + "fileUris": { + "type": "array" + }, + "location": { + "type": "string" + }, + "parameters": { + "type": "securestring" + }, + "scriptFileName": { + "type": "string" + }, + "tags": { + "type": "object" + }, + "timestamp": { + "type": "string", + "defaultValue": "[utcNow('yyyyMMddhhmmss')]" + }, + "userAssignedIdentityClientId": { + "type": "string" + }, + "virtualMachineName": { + "type": "string" + } + }, + "resources": [ + { + "type": "Microsoft.Compute/virtualMachines/extensions", + "apiVersion": "2021-03-01", + "name": "[format('{0}/{1}', parameters('virtualMachineName'), 'CustomScriptExtension')]", + "location": "[parameters('location')]", + "tags": "[parameters('tags')]", + "properties": { + "publisher": "Microsoft.Compute", + "type": "CustomScriptExtension", + "typeHandlerVersion": "1.10", + "autoUpgradeMinorVersion": true, + "settings": { + "timestamp": "[parameters('timestamp')]" + }, + "protectedSettings": { + "commandToExecute": "[format('powershell -ExecutionPolicy Unrestricted -File {0} {1}', parameters('scriptFileName'), parameters('parameters'))]", + "fileUris": "[parameters('fileUris')]", + "managedIdentity": { + "clientId": "[parameters('userAssignedIdentityClientId')]" + } + } + } + } + ], + "outputs": { + "value": { + "type": "object", + "value": "[json(filter(reference(resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), 'CustomScriptExtension'), '2021-03-01').instanceView.substatuses, lambda('item', equals(lambdaVariables('item').code, 'ComponentStatus/StdOut/succeeded')))[0].message)]" + } + } + } + }, + "dependsOn": [ + "privateDnsZoneGroups", + "privateEndpoints", + "shares" + ] + }, + { + "condition": "[and(parameters('enableRecoveryServices'), contains(parameters('hostPoolType'), 'Pooled'))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-backup-azure-files-{0}', parameters('deploymentNameSuffix'))]", + "resourceGroup": "[parameters('resourceGroupManagement')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "deploymentNameSuffix": { + "value": "[parameters('deploymentNameSuffix')]" + }, + "fileShares": { + "value": "[parameters('fileShares')]" + }, + "location": { + "value": "[parameters('location')]" + }, + "recoveryServicesVaultName": { + "value": "[parameters('recoveryServicesVaultName')]" + }, + "resourceGroupStorage": { + "value": "[parameters('resourceGroupStorage')]" + }, + "storageAccountNamePrefix": { + "value": "[parameters('storageAccountNamePrefix')]" + }, + "storageCount": { + "value": "[parameters('storageCount')]" + }, + "storageIndex": { + "value": "[parameters('storageIndex')]" + }, + "tagsRecoveryServicesVault": { + "value": "[parameters('tagsRecoveryServicesVault')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "6750501552554271907" + } + }, + "parameters": { + "deploymentNameSuffix": { + "type": "string" + }, + "fileShares": { + "type": "array" + }, + "location": { + "type": "string" + }, + "recoveryServicesVaultName": { + "type": "string" + }, + "resourceGroupStorage": { + "type": "string" + }, + "storageAccountNamePrefix": { + "type": "string" + }, + "storageCount": { + "type": "int" + }, + "storageIndex": { + "type": "int" + }, + "tagsRecoveryServicesVault": { + "type": "object" + } + }, + "resources": [ + { + "copy": { + "name": "protectionContainers", + "count": "[length(range(0, parameters('storageCount')))]" + }, + "type": "Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers", + "apiVersion": "2022-03-01", + "name": "[format('{0}/Azure/storagecontainer;Storage;{1};{2}{3}', parameters('recoveryServicesVaultName'), parameters('resourceGroupStorage'), parameters('storageAccountNamePrefix'), padLeft(add(range(0, parameters('storageCount'))[copyIndex()], parameters('storageIndex')), 2, '0'))]", + "properties": { + "backupManagementType": "AzureStorage", + "containerType": "StorageContainer", + "sourceResourceId": "[resourceId(parameters('resourceGroupStorage'), 'Microsoft.Storage/storageAccounts', format('{0}{1}', parameters('storageAccountNamePrefix'), padLeft(add(range(0, parameters('storageCount'))[copyIndex()], parameters('storageIndex')), 2, '0')))]" + } + }, + { + "copy": { + "name": "protectedItems_fileShares", + "count": "[length(range(0, parameters('storageCount')))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('backup-file-shares-{0}-{1}', add(range(0, parameters('storageCount'))[copyIndex()], parameters('storageIndex')), parameters('deploymentNameSuffix'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "fileShares": { + "value": "[parameters('fileShares')]" + }, + "location": { + "value": "[parameters('location')]" + }, + "protectionContainerName": { + "value": "[format('{0}/Azure/storagecontainer;Storage;{1};{2}{3}', parameters('recoveryServicesVaultName'), parameters('resourceGroupStorage'), parameters('storageAccountNamePrefix'), padLeft(add(range(0, parameters('storageCount'))[range(0, parameters('storageCount'))[copyIndex()]], parameters('storageIndex')), 2, '0'))]" + }, + "policyId": { + "value": "[resourceId('Microsoft.RecoveryServices/vaults/backupPolicies', parameters('recoveryServicesVaultName'), 'AvdPolicyStorage')]" + }, + "sourceResourceId": { + "value": "[resourceId(parameters('resourceGroupStorage'), 'Microsoft.Storage/storageAccounts', format('{0}{1}', parameters('storageAccountNamePrefix'), padLeft(add(range(0, parameters('storageCount'))[copyIndex()], parameters('storageIndex')), 2, '0')))]" + }, + "tags": { + "value": "[parameters('tagsRecoveryServicesVault')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "7028790124213185456" + } + }, + "parameters": { + "fileShares": { + "type": "array" + }, + "location": { + "type": "string" + }, + "policyId": { + "type": "string" + }, + "protectionContainerName": { + "type": "string" + }, + "sourceResourceId": { + "type": "string" + }, + "tags": { + "type": "object" + } + }, + "resources": [ + { + "copy": { + "name": "protectedItems_FileShare", + "count": "[length(parameters('fileShares'))]" + }, + "condition": "[contains(parameters('fileShares')[copyIndex()], 'profile')]", + "type": "Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems", + "apiVersion": "2022-03-01", + "name": "[format('{0}/AzureFileShare;{1}', parameters('protectionContainerName'), parameters('fileShares')[copyIndex()])]", + "location": "[parameters('location')]", + "tags": "[parameters('tags')]", + "properties": { + "protectedItemType": "AzureFileShareProtectedItem", + "policyId": "[parameters('policyId')]", + "sourceResourceId": "[parameters('sourceResourceId')]" + } + } + ] + } + }, + "dependsOn": [ + "[resourceId('Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers', split(format('{0}/Azure/storagecontainer;Storage;{1};{2}{3}', parameters('recoveryServicesVaultName'), parameters('resourceGroupStorage'), parameters('storageAccountNamePrefix'), padLeft(add(range(0, parameters('storageCount'))[range(0, parameters('storageCount'))[copyIndex()]], parameters('storageIndex')), 2, '0')), '/')[0], split(format('{0}/Azure/storagecontainer;Storage;{1};{2}{3}', parameters('recoveryServicesVaultName'), parameters('resourceGroupStorage'), parameters('storageAccountNamePrefix'), padLeft(add(range(0, parameters('storageCount'))[range(0, parameters('storageCount'))[copyIndex()]], parameters('storageIndex')), 2, '0')), '/')[1], split(format('{0}/Azure/storagecontainer;Storage;{1};{2}{3}', parameters('recoveryServicesVaultName'), parameters('resourceGroupStorage'), parameters('storageAccountNamePrefix'), padLeft(add(range(0, parameters('storageCount'))[range(0, parameters('storageCount'))[copyIndex()]], parameters('storageIndex')), 2, '0')), '/')[2])]" + ] + } + ] + } + }, + "dependsOn": [ + "shares" + ] + }, + { + "condition": "[and(equals(parameters('fslogixStorageService'), 'AzureFiles Premium'), greater(parameters('storageCount'), 0))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-file-share-scaling-{0}', parameters('deploymentNameSuffix'))]", + "resourceGroup": "[parameters('resourceGroupManagement')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "artifactsUri": { + "value": "[parameters('artifactsUri')]" + }, + "automationAccountName": { + "value": "[parameters('automationAccountName')]" + }, + "deploymentNameSuffix": { + "value": "[parameters('deploymentNameSuffix')]" + }, + "deploymentUserAssignedIdentityClientId": { + "value": "[parameters('deploymentUserAssignedIdentityClientId')]" + }, + "fslogixContainerType": { + "value": "[parameters('fslogixContainerType')]" + }, + "location": { + "value": "[parameters('location')]" + }, + "managementVirtualMachineName": { + "value": "[parameters('managementVirtualMachineName')]" + }, + "storageAccountNamePrefix": { + "value": "[parameters('storageAccountNamePrefix')]" + }, + "storageCount": { + "value": "[parameters('storageCount')]" + }, + "storageIndex": { + "value": "[parameters('storageIndex')]" + }, + "storageResourceGroupName": { + "value": "[parameters('resourceGroupStorage')]" + }, + "tags": { + "value": "[parameters('tagsAutomationAccounts')]" + }, + "timeZone": { + "value": "[parameters('timeZone')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "12325713485520980914" + } + }, + "parameters": { + "artifactsUri": { + "type": "string" + }, + "automationAccountName": { + "type": "string" + }, + "deploymentNameSuffix": { + "type": "string" + }, + "deploymentUserAssignedIdentityClientId": { + "type": "string" + }, + "fslogixContainerType": { + "type": "string" + }, + "location": { + "type": "string" + }, + "managementVirtualMachineName": { + "type": "string" + }, + "storageAccountNamePrefix": { + "type": "string" + }, + "storageCount": { + "type": "int" + }, + "storageIndex": { + "type": "int" + }, + "storageResourceGroupName": { + "type": "string" + }, + "tags": { + "type": "object" + }, + "timeZone": { + "type": "string" + } + }, + "variables": { + "runbookFileName": "Set-FileShareScaling.ps1", + "scriptFileName": "Set-AutomationRunbook.ps1", + "subscriptionId": "[subscription().subscriptionId]" + }, + "resources": [ + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-runbook-{0}', parameters('deploymentNameSuffix'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "fileUris": { + "value": [ + "[format('{0}{1}', parameters('artifactsUri'), variables('runbookFileName'))]", + "[format('{0}{1}', parameters('artifactsUri'), variables('scriptFileName'))]" + ] + }, + "location": { + "value": "[parameters('location')]" + }, + "parameters": { + "value": "[format('-AutomationAccountName {0} -Environment {1} -ResourceGroupName {2} -RunbookFileName {3} -SubscriptionId {4} -TenantId {5} -UserAssignedIdentityClientId {6}', parameters('automationAccountName'), environment().name, resourceGroup().name, variables('runbookFileName'), subscription().subscriptionId, tenant().tenantId, parameters('deploymentUserAssignedIdentityClientId'))]" + }, + "scriptFileName": { + "value": "[variables('scriptFileName')]" + }, + "tags": { + "value": "[parameters('tags')]" + }, + "userAssignedIdentityClientId": { + "value": "[parameters('deploymentUserAssignedIdentityClientId')]" + }, + "virtualMachineName": { + "value": "[parameters('managementVirtualMachineName')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "13331181864693511452" + } + }, + "parameters": { + "fileUris": { + "type": "array" + }, + "location": { + "type": "string" + }, + "parameters": { + "type": "securestring" + }, + "scriptFileName": { + "type": "string" + }, + "tags": { + "type": "object" + }, + "timestamp": { + "type": "string", + "defaultValue": "[utcNow('yyyyMMddhhmmss')]" + }, + "userAssignedIdentityClientId": { + "type": "string" + }, + "virtualMachineName": { + "type": "string" + } + }, + "resources": [ + { + "type": "Microsoft.Compute/virtualMachines/extensions", + "apiVersion": "2021-03-01", + "name": "[format('{0}/{1}', parameters('virtualMachineName'), 'CustomScriptExtension')]", + "location": "[parameters('location')]", + "tags": "[parameters('tags')]", + "properties": { + "publisher": "Microsoft.Compute", + "type": "CustomScriptExtension", + "typeHandlerVersion": "1.10", + "autoUpgradeMinorVersion": true, + "settings": { + "timestamp": "[parameters('timestamp')]" + }, + "protectedSettings": { + "commandToExecute": "[format('powershell -ExecutionPolicy Unrestricted -File {0} {1}', parameters('scriptFileName'), parameters('parameters'))]", + "fileUris": "[parameters('fileUris')]", + "managedIdentity": { + "clientId": "[parameters('userAssignedIdentityClientId')]" + } + } + } + } + ], + "outputs": { + "value": { + "type": "object", + "value": "[json(filter(reference(resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), 'CustomScriptExtension'), '2021-03-01').instanceView.substatuses, lambda('item', equals(lambdaVariables('item').code, 'ComponentStatus/StdOut/succeeded')))[0].message)]" + } + } + } + } + }, + { + "copy": { + "name": "schedules", + "count": "[length(range(parameters('storageIndex'), parameters('storageCount')))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-schedules-{0}-{1}', range(parameters('storageIndex'), parameters('storageCount'))[copyIndex()], parameters('deploymentNameSuffix'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "automationAccountName": { + "value": "[parameters('automationAccountName')]" + }, + "fslogixContainerType": { + "value": "[parameters('fslogixContainerType')]" + }, + "storageAccountName": { + "value": "[format('{0}{1}', parameters('storageAccountNamePrefix'), padLeft(range(parameters('storageIndex'), parameters('storageCount'))[copyIndex()], 2, '0'))]" + }, + "timeZone": { + "value": "[parameters('timeZone')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "17510467420352375307" + } + }, + "parameters": { + "automationAccountName": { + "type": "string" + }, + "fslogixContainerType": { + "type": "string" + }, + "storageAccountName": { + "type": "string" + }, + "time": { + "type": "string", + "defaultValue": "[utcNow()]" + }, + "timeZone": { + "type": "string" + } + }, + "resources": [ + { + "copy": { + "name": "schedules_ProfileContainers", + "count": "[length(range(0, 4))]" + }, + "type": "Microsoft.Automation/automationAccounts/schedules", + "apiVersion": "2022-08-08", + "name": "[format('{0}/{1}', parameters('automationAccountName'), format('{0}_ProfileContainers_{1}min', parameters('storageAccountName'), mul(add(range(0, 4)[copyIndex()], 1), 15)))]", + "properties": { + "advancedSchedule": {}, + "description": null, + "expiryTime": null, + "frequency": "Hour", + "interval": 1, + "startTime": "[dateTimeAdd(parameters('time'), format('PT{0}M', mul(add(range(0, 4)[copyIndex()], 1), 15)))]", + "timeZone": "[parameters('timeZone')]" + } + }, + { + "copy": { + "name": "schedules_OfficeContainers", + "count": "[length(range(0, 4))]" + }, + "condition": "[contains(parameters('fslogixContainerType'), 'Office')]", + "type": "Microsoft.Automation/automationAccounts/schedules", + "apiVersion": "2022-08-08", + "name": "[format('{0}/{1}', parameters('automationAccountName'), format('{0}_OfficeContainers_{1}min', parameters('storageAccountName'), mul(add(range(0, 4)[copyIndex()], 1), 15)))]", + "properties": { + "advancedSchedule": {}, + "description": null, + "expiryTime": null, + "frequency": "Hour", + "interval": 1, + "startTime": "[dateTimeAdd(parameters('time'), format('PT{0}M', mul(add(range(0, 4)[copyIndex()], 1), 15)))]", + "timeZone": "[parameters('timeZone')]" + } + } + ] + } + } + }, + { + "copy": { + "name": "jobSchedules", + "count": "[length(range(parameters('storageIndex'), parameters('storageCount')))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-job-schedules-{0}-{1}', range(parameters('storageIndex'), parameters('storageCount'))[copyIndex()], parameters('deploymentNameSuffix'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "automationAccountName": { + "value": "[parameters('automationAccountName')]" + }, + "environment": { + "value": "[environment().name]" + }, + "fslogixContainerType": { + "value": "[parameters('fslogixContainerType')]" + }, + "runbookName": { + "value": "[replace(variables('runbookFileName'), '.ps1', '')]" + }, + "resourceGroupName": { + "value": "[parameters('storageResourceGroupName')]" + }, + "storageAccountName": { + "value": "[format('{0}{1}', parameters('storageAccountNamePrefix'), padLeft(range(parameters('storageIndex'), parameters('storageCount'))[copyIndex()], 2, '0'))]" + }, + "subscriptionId": { + "value": "[variables('subscriptionId')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "9904782163728788859" + } + }, + "parameters": { + "automationAccountName": { + "type": "string" + }, + "environment": { + "type": "string" + }, + "fslogixContainerType": { + "type": "string" + }, + "resourceGroupName": { + "type": "string" + }, + "runbookName": { + "type": "string" + }, + "storageAccountName": { + "type": "string" + }, + "subscriptionId": { + "type": "string" + }, + "timestamp": { + "type": "string", + "defaultValue": "[utcNow('yyyyMMddHHmmss')]" + } + }, + "resources": [ + { + "copy": { + "name": "jobSchedules_ProfileContainers", + "count": "[length(range(0, 4))]" + }, + "type": "Microsoft.Automation/automationAccounts/jobSchedules", + "apiVersion": "2022-08-08", + "name": "[format('{0}/{1}', parameters('automationAccountName'), guid(parameters('timestamp'), parameters('runbookName'), parameters('storageAccountName'), 'ProfileContainers', string(range(0, 4)[copyIndex()])))]", + "properties": { + "parameters": { + "environment": "[parameters('environment')]", + "FileShareName": "profile-containers", + "resourceGroupName": "[parameters('resourceGroupName')]", + "storageAccountName": "[parameters('storageAccountName')]", + "subscriptionId": "[parameters('subscriptionId')]" + }, + "runbook": { + "name": "[parameters('runbookName')]" + }, + "runOn": null, + "schedule": { + "name": "[format('{0}_ProfileContainers_{1}min', parameters('storageAccountName'), mul(add(range(0, 4)[copyIndex()], 1), 15))]" + } + } + }, + { + "copy": { + "name": "jobSchedules_OfficeContainers", + "count": "[length(range(0, 4))]" + }, + "condition": "[contains(parameters('fslogixContainerType'), 'Office')]", + "type": "Microsoft.Automation/automationAccounts/jobSchedules", + "apiVersion": "2022-08-08", + "name": "[format('{0}/{1}', parameters('automationAccountName'), guid(parameters('timestamp'), parameters('runbookName'), parameters('storageAccountName'), 'OfficeContainers', string(range(0, 4)[copyIndex()])))]", + "properties": { + "parameters": { + "environment": "[parameters('environment')]", + "FileShareName": "office-containers", + "resourceGroupName": "[parameters('resourceGroupName')]", + "storageAccountName": "[parameters('storageAccountName')]", + "subscriptionId": "[parameters('subscriptionId')]" + }, + "runbook": { + "name": "[parameters('runbookName')]" + }, + "runOn": null, + "schedule": { + "name": "[format('{0}_OfficeContainers_{1}min', parameters('storageAccountName'), mul(add(range(0, 4)[copyIndex()], 1), 15))]" + } + } + } + ] + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Resources/deployments', format('deploy-runbook-{0}', parameters('deploymentNameSuffix')))]", + "schedules" + ] + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-role-assignment-storage-{0}', parameters('deploymentNameSuffix'))]", + "resourceGroup": "[parameters('storageResourceGroupName')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "principalId": { + "value": "[reference(resourceId('Microsoft.Automation/automationAccounts', parameters('automationAccountName')), '2022-08-08', 'full').identity.principalId]" + }, + "principalType": { + "value": "ServicePrincipal" + }, + "roleDefinitionId": { + "value": "17d1049b-9a84-46fb-8f53-869881c3d3ab" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "936749082468094105" + } + }, + "parameters": { + "principalId": { + "type": "string" + }, + "principalType": { + "type": "string" + }, + "roleDefinitionId": { + "type": "string" + } + }, + "resources": [ + { + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2022-04-01", + "name": "[guid(parameters('principalId'), parameters('roleDefinitionId'), resourceGroup().id)]", + "properties": { + "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', parameters('roleDefinitionId'))]", + "principalId": "[parameters('principalId')]", + "principalType": "[parameters('principalType')]" + } + } + ] + } + } + } + ] + } + }, + "dependsOn": [ + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-fslogix-ntfs-permissions-{0}', parameters('deploymentNameSuffix')))]" + ] + } + ] + } + } + } + ], + "outputs": { + "netAppShares": { + "type": "array", + "value": "[if(equals(parameters('storageService'), 'AzureNetAppFiles'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupStorage')), 'Microsoft.Resources/deployments', format('deploy-anf-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.fileShares.value, createArray('None'))]" + } + } + } + }, + "dependsOn": [ + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-control-plane-{0}', parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-management-{0}', parameters('deploymentNameSuffix')))]", + "rgs", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-session-hosts-{0}', parameters('deploymentNameSuffix')))]" + ] + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-session-hosts-{0}', parameters('deploymentNameSuffix'))]", + "location": "[deployment().location]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "acceleratedNetworking": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-management-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.validateAcceleratedNetworking.value]" + }, + "activeDirectorySolution": { + "value": "[parameters('activeDirectorySolution')]" + }, + "artifactsUri": { + "value": "[variables('artifactsUri')]" + }, + "artifactsUserAssignedIdentityClientId": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-management-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.artifactsUserAssignedIdentityClientId.value]" + }, + "artifactsUserAssignedIdentityResourceId": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-management-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.artifactsUserAssignedIdentityResourceId.value]" + }, + "automationAccountName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-management-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.automationAccountName.value]" + }, + "availability": { + "value": "[parameters('availability')]" + }, + "availabilitySetsCount": { + "value": "[variables('availabilitySetsCount')]" + }, + "availabilitySetsIndex": { + "value": "[variables('beginAvSetRange')]" + }, + "availabilityZones": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-management-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.validateAvailabilityZones.value]" + }, + "avdAgentBootLoaderMsiName": { + "value": "[parameters('avdAgentBootLoaderMsiName')]" + }, + "avdAgentMsiName": { + "value": "[parameters('avdAgentMsiName')]" + }, + "dataCollectionRuleResourceId": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-management-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.dataCollectionRuleResourceId.value]" + }, + "deployFslogix": { + "value": "[variables('deployFslogix')]" + }, + "deploymentNameSuffix": { + "value": "[parameters('deploymentNameSuffix')]" + }, + "deploymentUserAssignedIdentityClientId": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-management-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.deploymentUserAssignedIdentityClientId.value]" + }, + "diskEncryptionSetResourceId": "[if(equals(length(variables('deploymentLocations')), 2), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-session-hosts-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.diskEncryptionSetResourceId.value), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.diskEncryptionSetResourceId.value))]", + "diskSku": { + "value": "[parameters('diskSku')]" + }, + "divisionRemainderValue": { + "value": "[variables('divisionRemainderValue')]" + }, + "domainJoinPassword": { + "value": "[parameters('domainJoinPassword')]" + }, + "domainJoinUserPrincipalName": { + "value": "[parameters('domainJoinUserPrincipalName')]" + }, + "domainName": { + "value": "[parameters('domainName')]" + }, + "drainMode": { + "value": "[parameters('drainMode')]" + }, + "enableRecoveryServices": { + "value": "[parameters('recoveryServices')]" + }, + "enableScalingTool": { + "value": "[parameters('scalingTool')]" + }, + "environmentAbbreviation": { + "value": "[parameters('environmentAbbreviation')]" + }, + "fslogixContainerType": { + "value": "[parameters('fslogixContainerType')]" + }, + "hostPoolName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.hostPoolName.value]" + }, + "hostPoolType": { + "value": "[parameters('hostPoolType')]" + }, + "hybridRunbookWorkerGroupName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-management-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.hybridRunbookWorkerGroupName.value]" + }, + "identifier": { + "value": "[parameters('identifier')]" + }, + "imageOffer": { + "value": "[parameters('imageOffer')]" + }, + "imagePublisher": { + "value": "[parameters('imagePublisher')]" + }, + "imageSku": { + "value": "[parameters('imageSku')]" + }, + "imageVersionResourceId": { + "value": "[parameters('imageVersionResourceId')]" + }, + "location": { + "value": "[parameters('locationVirtualMachines')]" + }, + "logAnalyticsWorkspaceName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-management-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.logAnalyticsWorkspaceName.value]" + }, + "managementVirtualMachineName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-management-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.virtualMachineName.value]" + }, + "maxResourcesPerTemplateDeployment": { + "value": "[variables('maxResourcesPerTemplateDeployment')]" + }, + "mlzTags": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.mlzTags.value]" + }, + "monitoring": { + "value": "[parameters('monitoring')]" + }, + "namingConvention": "[if(equals(length(variables('deploymentLocations')), 2), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-session-hosts-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.namingConvention.value), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.namingConvention.value))]", + "netAppFileShares": "[if(variables('deployFslogix'), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-fslogix-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.netAppShares.value), createObject('value', createArray('None')))]", + "organizationalUnitPath": { + "value": "[parameters('organizationalUnitPath')]" + }, + "pooledHostPool": { + "value": "[variables('pooledHostPool')]" + }, + "recoveryServicesVaultName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-management-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.recoveryServicesVaultName.value]" + }, + "resourceGroupControlPlane": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', variables('resourceGroupServices')[0], parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" + }, + "resourceGroupHosts": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', variables('resourceGroupServices')[2], parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" + }, + "resourceGroupManagement": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', variables('resourceGroupServices')[3], parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" + }, + "roleDefinitions": { + "value": "[variables('roleDefinitions')]" + }, + "scalingBeginPeakTime": { + "value": "[parameters('scalingBeginPeakTime')]" + }, + "scalingEndPeakTime": { + "value": "[parameters('scalingEndPeakTime')]" + }, + "scalingLimitSecondsToForceLogOffUser": { + "value": "[parameters('scalingLimitSecondsToForceLogOffUser')]" + }, + "scalingMinimumNumberOfRdsh": { + "value": "[parameters('scalingMinimumNumberOfRdsh')]" + }, + "scalingSessionThresholdPerCPU": { + "value": "[parameters('scalingSessionThresholdPerCPU')]" + }, + "securityPrincipalObjectIds": { + "value": "[map(parameters('securityPrincipals'), lambda('item', lambdaVariables('item').objectId))]" + }, + "serviceToken": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value.service]" + }, + "sessionHostBatchCount": { + "value": "[variables('sessionHostBatchCount')]" + }, + "sessionHostIndex": { + "value": "[parameters('sessionHostIndex')]" + }, + "storageCount": { + "value": "[parameters('storageCount')]" + }, + "storageIndex": { + "value": "[parameters('storageIndex')]" + }, + "storageService": { + "value": "[variables('storageService')]" + }, + "storageSuffix": { + "value": "[variables('storageSuffix')]" + }, + "subnetResourceId": "[if(equals(length(variables('deploymentLocations')), 2), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-session-hosts-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.subnetResourceId.value), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.subnetResourceId.value))]", + "tags": { + "value": "[parameters('tags')]" + }, + "timeDifference": "[if(equals(length(variables('deploymentLocations')), 2), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-session-hosts-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.locatonProperties.value.timeDifference), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.locatonProperties.value.timeDifference))]", + "timeZone": "[if(equals(length(variables('deploymentLocations')), 2), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-session-hosts-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.locatonProperties.value.timeZone), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.locatonProperties.value.timeZone))]", + "virtualMachineMonitoringAgent": { + "value": "[parameters('virtualMachineMonitoringAgent')]" + }, + "virtualMachinePassword": { + "value": "[parameters('virtualMachinePassword')]" + }, + "virtualMachineSize": { + "value": "[parameters('virtualMachineSize')]" + }, + "virtualMachineUsername": { + "value": "[parameters('virtualMachineUsername')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "17180714621964508955" + } + }, + "parameters": { + "acceleratedNetworking": { + "type": "string" + }, + "activeDirectorySolution": { + "type": "string" + }, + "artifactsUri": { + "type": "string" + }, + "artifactsUserAssignedIdentityClientId": { + "type": "string" + }, + "artifactsUserAssignedIdentityResourceId": { + "type": "string" + }, + "automationAccountName": { + "type": "string" + }, + "availability": { + "type": "string" + }, + "availabilitySetsCount": { + "type": "int" + }, + "availabilitySetsIndex": { + "type": "int" + }, + "availabilityZones": { + "type": "array" + }, + "avdAgentBootLoaderMsiName": { + "type": "string" + }, + "avdAgentMsiName": { + "type": "string" + }, + "dataCollectionRuleResourceId": { + "type": "string" + }, + "deployFslogix": { + "type": "bool" + }, + "deploymentNameSuffix": { + "type": "string" + }, + "deploymentUserAssignedIdentityClientId": { + "type": "string" + }, + "diskEncryptionSetResourceId": { + "type": "string" + }, + "diskSku": { + "type": "string" + }, + "divisionRemainderValue": { + "type": "int" + }, + "domainJoinPassword": { + "type": "securestring" + }, + "domainJoinUserPrincipalName": { + "type": "string" + }, + "domainName": { + "type": "string" + }, + "drainMode": { + "type": "bool" + }, + "environmentAbbreviation": { + "type": "string" + }, + "fslogixContainerType": { + "type": "string" + }, + "hostPoolName": { + "type": "string" + }, + "hostPoolType": { + "type": "string" + }, + "hybridRunbookWorkerGroupName": { + "type": "string" + }, + "identifier": { + "type": "string" + }, + "imageOffer": { + "type": "string" + }, + "imagePublisher": { + "type": "string" + }, + "imageSku": { + "type": "string" + }, + "imageVersionResourceId": { + "type": "string" + }, + "location": { + "type": "string" + }, + "logAnalyticsWorkspaceName": { + "type": "string" + }, + "managementVirtualMachineName": { + "type": "string" + }, + "maxResourcesPerTemplateDeployment": { + "type": "int" + }, + "mlzTags": { + "type": "object" + }, + "monitoring": { + "type": "bool" + }, + "namingConvention": { + "type": "object" + }, + "netAppFileShares": { + "type": "array" + }, + "organizationalUnitPath": { + "type": "string" + }, + "pooledHostPool": { + "type": "bool" + }, + "enableRecoveryServices": { + "type": "bool" + }, + "enableScalingTool": { + "type": "bool" + }, + "recoveryServicesVaultName": { + "type": "string" + }, + "resourceGroupControlPlane": { + "type": "string" + }, + "resourceGroupHosts": { + "type": "string" + }, + "resourceGroupManagement": { + "type": "string" + }, + "roleDefinitions": { + "type": "object" + }, + "scalingBeginPeakTime": { + "type": "string" + }, + "scalingEndPeakTime": { + "type": "string" + }, + "scalingLimitSecondsToForceLogOffUser": { + "type": "string" + }, + "scalingMinimumNumberOfRdsh": { + "type": "string" + }, + "scalingSessionThresholdPerCPU": { + "type": "string" + }, + "securityPrincipalObjectIds": { + "type": "array" + }, + "serviceToken": { + "type": "string" + }, + "sessionHostBatchCount": { + "type": "int" + }, + "sessionHostIndex": { + "type": "int" + }, + "storageCount": { + "type": "int" + }, + "storageIndex": { + "type": "int" + }, + "storageService": { + "type": "string" + }, + "storageSuffix": { + "type": "string" + }, + "subnetResourceId": { + "type": "string" + }, + "tags": { + "type": "object" + }, + "timeDifference": { + "type": "string" + }, + "timeZone": { + "type": "string" + }, + "virtualMachineMonitoringAgent": { + "type": "string" + }, + "virtualMachinePassword": { + "type": "securestring" + }, + "virtualMachineSize": { + "type": "string" + }, + "virtualMachineUsername": { + "type": "string" + } + }, + "variables": { + "availabilitySetNamePrefix": "[parameters('namingConvention').availabilitySet]", + "tagsAutomationAccounts": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupManagement'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.Automation/automationAccounts'), parameters('tags')['Microsoft.Automation/automationAccounts'], createObject()), parameters('mlzTags'))]", + "tagsAvailabilitySets": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupManagement'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.Compute/availabilitySets'), parameters('tags')['Microsoft.Compute/availabilitySets'], createObject()), parameters('mlzTags'))]", + "tagsNetworkInterfaces": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupManagement'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.Network/networkInterfaces'), parameters('tags')['Microsoft.Network/networkInterfaces'], createObject()), parameters('mlzTags'))]", + "tagsRecoveryServicesVault": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupManagement'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.recoveryServices/vaults'), parameters('tags')['Microsoft.recoveryServices/vaults'], createObject()), parameters('mlzTags'))]", + "tagsVirtualMachines": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupManagement'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), parameters('tags')['Microsoft.Compute/virtualMachines'], createObject()), parameters('mlzTags'))]", + "uniqueToken": "[uniqueString(parameters('identifier'), parameters('environmentAbbreviation'), subscription().subscriptionId)]", + "virtualMachineNamePrefix": "[replace(parameters('namingConvention').virtualMachine, parameters('serviceToken'), '')]" + }, + "resources": [ + { + "condition": "[and(parameters('pooledHostPool'), equals(parameters('availability'), 'availabilitySets'))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-avail-{0}', parameters('deploymentNameSuffix'))]", + "resourceGroup": "[parameters('resourceGroupHosts')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "availabilitySetNamePrefix": { + "value": "[variables('availabilitySetNamePrefix')]" + }, + "availabilitySetsCount": { + "value": "[parameters('availabilitySetsCount')]" + }, + "availabilitySetsIndex": { + "value": "[parameters('availabilitySetsIndex')]" + }, + "location": { + "value": "[parameters('location')]" + }, + "tagsAvailabilitySets": { + "value": "[variables('tagsAvailabilitySets')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "277818289187459275" + } + }, + "parameters": { + "availabilitySetNamePrefix": { + "type": "string" + }, + "availabilitySetsCount": { + "type": "int" + }, + "availabilitySetsIndex": { + "type": "int" + }, + "location": { + "type": "string" + }, + "tagsAvailabilitySets": { + "type": "object" + } + }, + "resources": [ + { + "copy": { + "name": "availabilitySets", + "count": "[length(range(0, parameters('availabilitySetsCount')))]" + }, + "type": "Microsoft.Compute/availabilitySets", + "apiVersion": "2019-07-01", + "name": "[format('{0}{1}', parameters('availabilitySetNamePrefix'), padLeft(add(range(0, parameters('availabilitySetsCount'))[copyIndex()], parameters('availabilitySetsIndex')), 2, '0'))]", + "location": "[parameters('location')]", + "tags": "[parameters('tagsAvailabilitySets')]", + "sku": { + "name": "Aligned" + }, + "properties": { + "platformUpdateDomainCount": 5, + "platformFaultDomainCount": 2 + } + } + ] + } + } + }, + { + "copy": { + "name": "roleAssignments", + "count": "[length(range(0, length(parameters('securityPrincipalObjectIds'))))]" + }, + "condition": "[not(contains(parameters('activeDirectorySolution'), 'DomainServices'))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-role-assignments-{0}-{1}', range(0, length(parameters('securityPrincipalObjectIds')))[copyIndex()], parameters('deploymentNameSuffix'))]", + "resourceGroup": "[parameters('resourceGroupHosts')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "principalId": { + "value": "[parameters('securityPrincipalObjectIds')[range(0, length(parameters('securityPrincipalObjectIds')))[copyIndex()]]]" + }, + "principalType": { + "value": "Group" + }, + "roleDefinitionId": { + "value": "[parameters('roleDefinitions').VirtualMachineUserLogin]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "936749082468094105" + } + }, + "parameters": { + "principalId": { + "type": "string" + }, + "principalType": { + "type": "string" + }, + "roleDefinitionId": { + "type": "string" + } + }, + "resources": [ + { + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2022-04-01", + "name": "[guid(parameters('principalId'), parameters('roleDefinitionId'), resourceGroup().id)]", + "properties": { + "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', parameters('roleDefinitionId'))]", + "principalId": "[parameters('principalId')]", + "principalType": "[parameters('principalType')]" + } + } + ] + } + } + }, + { + "copy": { + "name": "virtualMachines", + "count": "[length(range(1, parameters('sessionHostBatchCount')))]", + "mode": "serial", + "batchSize": 1 + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-vms-{0}-{1}', sub(range(1, parameters('sessionHostBatchCount'))[copyIndex()], 1), parameters('deploymentNameSuffix'))]", + "resourceGroup": "[parameters('resourceGroupHosts')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "acceleratedNetworking": { + "value": "[parameters('acceleratedNetworking')]" + }, + "activeDirectorySolution": { + "value": "[parameters('activeDirectorySolution')]" + }, + "artifactsUri": { + "value": "[parameters('artifactsUri')]" + }, + "artifactsUserAssignedIdentityClientId": { + "value": "[parameters('artifactsUserAssignedIdentityClientId')]" + }, + "artifactsUserAssignedIdentityResourceId": { + "value": "[parameters('artifactsUserAssignedIdentityResourceId')]" + }, + "availability": { + "value": "[parameters('availability')]" + }, + "availabilitySetNamePrefix": { + "value": "[variables('availabilitySetNamePrefix')]" + }, + "availabilityZones": { + "value": "[parameters('availabilityZones')]" + }, + "avdAgentBootLoaderMsiName": { + "value": "[parameters('avdAgentBootLoaderMsiName')]" + }, + "avdAgentMsiName": { + "value": "[parameters('avdAgentMsiName')]" + }, + "batchCount": { + "value": "[range(1, parameters('sessionHostBatchCount'))[copyIndex()]]" + }, + "dataCollectionRuleAssociationName": { + "value": "[parameters('namingConvention').dataCollectionRuleAssociation]" + }, + "dataCollectionRuleResourceId": { + "value": "[parameters('dataCollectionRuleResourceId')]" + }, + "deployFslogix": { + "value": "[parameters('deployFslogix')]" + }, + "deploymentNameSuffix": { + "value": "[parameters('deploymentNameSuffix')]" + }, + "deploymentUserAssignedidentityClientId": { + "value": "[parameters('deploymentUserAssignedIdentityClientId')]" + }, + "diskEncryptionSetResourceId": { + "value": "[parameters('diskEncryptionSetResourceId')]" + }, + "diskNamePrefix": { + "value": "[parameters('namingConvention').virtualMachineDisk]" + }, + "diskSku": { + "value": "[parameters('diskSku')]" + }, + "domainJoinPassword": { + "value": "[parameters('domainJoinPassword')]" + }, + "domainJoinUserPrincipalName": { + "value": "[parameters('domainJoinUserPrincipalName')]" + }, + "domainName": { + "value": "[parameters('domainName')]" + }, + "enableDrainMode": { + "value": "[parameters('drainMode')]" + }, + "fslogixContainerType": { + "value": "[parameters('fslogixContainerType')]" + }, + "hostPoolName": { + "value": "[parameters('hostPoolName')]" + }, + "hostPoolType": { + "value": "[parameters('hostPoolType')]" + }, + "imageVersionResourceId": { + "value": "[parameters('imageVersionResourceId')]" + }, + "imageOffer": { + "value": "[parameters('imageOffer')]" + }, + "imagePublisher": { + "value": "[parameters('imagePublisher')]" + }, + "imageSku": { + "value": "[parameters('imageSku')]" + }, + "location": { + "value": "[parameters('location')]" + }, + "logAnalyticsWorkspaceName": { + "value": "[parameters('logAnalyticsWorkspaceName')]" + }, + "managementVirtualMachineName": { + "value": "[parameters('managementVirtualMachineName')]" + }, + "monitoring": { + "value": "[parameters('monitoring')]" + }, + "netAppFileShares": { + "value": "[parameters('netAppFileShares')]" + }, + "networkInterfaceNamePrefix": { + "value": "[parameters('namingConvention').virtualMachineNetworkInterface]" + }, + "organizationalUnitPath": { + "value": "[parameters('organizationalUnitPath')]" + }, + "resourceGroupControlPlane": { + "value": "[parameters('resourceGroupControlPlane')]" + }, + "resourceGroupManagement": { + "value": "[parameters('resourceGroupManagement')]" + }, + "serviceToken": { + "value": "[parameters('serviceToken')]" + }, + "sessionHostCount": "[if(and(equals(range(1, parameters('sessionHostBatchCount'))[copyIndex()], parameters('sessionHostBatchCount')), greater(parameters('divisionRemainderValue'), 0)), createObject('value', parameters('divisionRemainderValue')), createObject('value', parameters('maxResourcesPerTemplateDeployment')))]", + "sessionHostIndex": "[if(equals(range(1, parameters('sessionHostBatchCount'))[copyIndex()], 1), createObject('value', parameters('sessionHostIndex')), createObject('value', add(mul(sub(range(1, parameters('sessionHostBatchCount'))[copyIndex()], 1), parameters('maxResourcesPerTemplateDeployment')), parameters('sessionHostIndex'))))]", + "storageAccountPrefix": { + "value": "[parameters('namingConvention').storageAccount]" + }, + "storageCount": { + "value": "[parameters('storageCount')]" + }, + "storageIndex": { + "value": "[parameters('storageIndex')]" + }, + "storageService": { + "value": "[parameters('storageService')]" + }, + "storageSuffix": { + "value": "[parameters('storageSuffix')]" + }, + "subnetResourceId": { + "value": "[parameters('subnetResourceId')]" + }, + "tagsNetworkInterfaces": { + "value": "[variables('tagsNetworkInterfaces')]" + }, + "tagsVirtualMachines": { + "value": "[variables('tagsVirtualMachines')]" + }, + "uniqueToken": { + "value": "[variables('uniqueToken')]" + }, + "virtualMachineMonitoringAgent": { + "value": "[parameters('virtualMachineMonitoringAgent')]" + }, + "virtualMachineNamePrefix": { + "value": "[variables('virtualMachineNamePrefix')]" + }, + "virtualMachinePassword": { + "value": "[parameters('virtualMachinePassword')]" + }, + "virtualMachineSize": { + "value": "[parameters('virtualMachineSize')]" + }, + "virtualMachineUsername": { + "value": "[parameters('virtualMachineUsername')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "2295619283331331115" + } + }, + "parameters": { + "artifactsUri": { + "type": "string" + }, + "artifactsUserAssignedIdentityClientId": { + "type": "string" + }, + "artifactsUserAssignedIdentityResourceId": { + "type": "string" + }, + "acceleratedNetworking": { + "type": "string" + }, + "activeDirectorySolution": { + "type": "string" + }, + "availability": { + "type": "string" + }, + "availabilitySetNamePrefix": { + "type": "string" + }, + "availabilityZones": { + "type": "array" + }, + "avdAgentBootLoaderMsiName": { + "type": "string" + }, + "avdAgentMsiName": { + "type": "string" + }, + "batchCount": { + "type": "int" + }, + "dataCollectionRuleAssociationName": { + "type": "string" + }, + "dataCollectionRuleResourceId": { + "type": "string" + }, + "deployFslogix": { + "type": "bool" + }, + "deploymentNameSuffix": { + "type": "string" + }, + "deploymentUserAssignedidentityClientId": { + "type": "string" + }, + "diskEncryptionSetResourceId": { + "type": "string" + }, + "diskNamePrefix": { + "type": "string" + }, + "diskSku": { + "type": "string" + }, + "domainJoinPassword": { + "type": "securestring" + }, + "domainJoinUserPrincipalName": { + "type": "string" + }, + "domainName": { + "type": "string" + }, + "enableDrainMode": { + "type": "bool" + }, + "fslogixContainerType": { + "type": "string" + }, + "hostPoolName": { + "type": "string" + }, + "hostPoolType": { + "type": "string" + }, + "imageOffer": { + "type": "string" + }, + "imagePublisher": { + "type": "string" + }, + "imageSku": { + "type": "string" + }, + "imageVersionResourceId": { + "type": "string" + }, + "location": { + "type": "string" + }, + "logAnalyticsWorkspaceName": { + "type": "string" + }, + "managementVirtualMachineName": { + "type": "string" + }, + "monitoring": { + "type": "bool" + }, + "netAppFileShares": { + "type": "array" + }, + "networkInterfaceNamePrefix": { + "type": "string" + }, + "organizationalUnitPath": { + "type": "string" + }, + "resourceGroupControlPlane": { + "type": "string" + }, + "resourceGroupManagement": { + "type": "string" + }, + "serviceToken": { + "type": "string" + }, + "sessionHostCount": { + "type": "int" + }, + "sessionHostIndex": { + "type": "int" + }, + "storageAccountPrefix": { + "type": "string" + }, + "storageCount": { + "type": "int" + }, + "storageIndex": { + "type": "int" + }, + "storageService": { + "type": "string" + }, + "storageSuffix": { + "type": "string" + }, + "subnetResourceId": { + "type": "string" + }, + "tagsNetworkInterfaces": { + "type": "object" + }, + "tagsVirtualMachines": { + "type": "object" + }, + "timestamp": { + "type": "string", + "defaultValue": "[utcNow('yyyyMMddhhmmss')]" + }, + "uniqueToken": { + "type": "string" + }, + "virtualMachineMonitoringAgent": { + "type": "string" + }, + "virtualMachineNamePrefix": { + "type": "string" + }, + "virtualMachinePassword": { + "type": "securestring" + }, + "virtualMachineSize": { + "type": "string" + }, + "virtualMachineUsername": { + "type": "string" + } + }, + "variables": { + "amdVmSize": "[contains(variables('amdVmSizes'), parameters('virtualMachineSize'))]", + "amdVmSizes": [ + "Standard_NV4as_v4", + "Standard_NV8as_v4", + "Standard_NV16as_v4", + "Standard_NV32as_v4" + ], + "fslogixExclusions": "[format('\"%TEMP%\\*\\*.VHDX\";\"%Windir%\\TEMP\\*\\*.VHDX\"{0}{1}{2}', variables('fslogixExclusionsCloudCache'), variables('fslogixExclusionsProfileContainers'), variables('fslogixExclusionsOfficeContainers'))]", + "fslogixExclusionsCloudCache": "[if(contains(parameters('fslogixContainerType'), 'CloudCache'), ';\"%ProgramData%\\fslogix\\Cache\\*\";\"%ProgramData%\\fslogix\\Proxy\\*\"', '')]", + "fslogixExclusionsOfficeContainers": "[if(contains(parameters('fslogixContainerType'), 'Office'), format(';\"{0}\";\"{1}.lock\";\"{2}.meta\";\"{3}.metadata\"', variables('fslogixOfficeShare'), variables('fslogixOfficeShare'), variables('fslogixOfficeShare'), variables('fslogixOfficeShare')), '')]", + "fslogixExclusionsProfileContainers": "[format(';\"{0}\";\"{1}.lock\";\"{2}.meta\";\"{3}.metadata\"', variables('fslogixProfileShare'), variables('fslogixProfileShare'), variables('fslogixProfileShare'), variables('fslogixProfileShare'))]", + "fslogixOfficeShare": "[format('\\\\{0}.file.{1}\\office-containers\\*\\*.VHDX', variables('storageAccountToken'), parameters('storageSuffix'))]", + "fslogixProfileShare": "[format('\\\\{0}.file.{1}\\profile-containers\\*\\*.VHDX', variables('storageAccountToken'), parameters('storageSuffix'))]", + "imageReference": "[if(empty(parameters('imageVersionResourceId')), createObject('publisher', parameters('imagePublisher'), 'offer', parameters('imageOffer'), 'sku', parameters('imageSku'), 'version', 'latest'), createObject('id', parameters('imageVersionResourceId')))]", + "intune": "[contains(parameters('activeDirectorySolution'), 'intuneEnrollment')]", + "nvidiaVmSize": "[contains(variables('nvidiaVmSizes'), parameters('virtualMachineSize'))]", + "nvidiaVmSizes": [ + "Standard_NV6", + "Standard_NV12", + "Standard_NV24", + "Standard_NV12s_v3", + "Standard_NV24s_v3", + "Standard_NV48s_v3", + "Standard_NC4as_T4_v3", + "Standard_NC8as_T4_v3", + "Standard_NC16as_T4_v3", + "Standard_NC64as_T4_v3", + "Standard_NV6ads_A10_v5", + "Standard_NV12ads_A10_v5", + "Standard_NV18ads_A10_v5", + "Standard_NV36ads_A10_v5", + "Standard_NV36adms_A10_v5", + "Standard_NV72ads_A10_v5" + ], + "pooledHostPool": "[equals(split(parameters('hostPoolType'), ' ')[0], 'Pooled')]", + "sessionHostNamePrefix": "[replace(parameters('virtualMachineNamePrefix'), parameters('serviceToken'), '')]", + "storageAccountToken": "[take(format('{0}??{1}', parameters('storageAccountPrefix'), parameters('uniqueToken')), 24)]" + }, + "resources": [ + { + "copy": { + "name": "networkInterface", + "count": "[length(range(0, parameters('sessionHostCount')))]" + }, + "type": "Microsoft.Network/networkInterfaces", + "apiVersion": "2020-05-01", + "name": "[format('{0}-{1}', replace(parameters('networkInterfaceNamePrefix'), format('-{0}', parameters('serviceToken')), ''), padLeft(add(range(0, parameters('sessionHostCount'))[copyIndex()], parameters('sessionHostIndex')), 4, '0'))]", + "location": "[parameters('location')]", + "tags": "[parameters('tagsNetworkInterfaces')]", + "properties": { + "ipConfigurations": [ + { + "name": "ipconfig", + "properties": { + "privateIPAllocationMethod": "Dynamic", + "subnet": { + "id": "[parameters('subnetResourceId')]" + }, + "primary": true, + "privateIPAddressVersion": "IPv4" + } + } + ], + "enableAcceleratedNetworking": "[if(equals(parameters('acceleratedNetworking'), 'True'), true(), false())]", + "enableIPForwarding": false + } + }, + { + "copy": { + "name": "virtualMachine", + "count": "[length(range(0, parameters('sessionHostCount')))]" + }, + "type": "Microsoft.Compute/virtualMachines", + "apiVersion": "2021-03-01", + "name": "[format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[copyIndex()], parameters('sessionHostIndex')), 4, '0'))]", + "location": "[parameters('location')]", + "tags": "[parameters('tagsVirtualMachines')]", + "zones": "[if(equals(parameters('availability'), 'AvailabilityZones'), createArray(parameters('availabilityZones')[mod(range(0, parameters('sessionHostCount'))[copyIndex()], length(parameters('availabilityZones')))]), null())]", + "identity": { + "type": "UserAssigned", + "userAssignedIdentities": { + "[format('{0}', parameters('artifactsUserAssignedIdentityResourceId'))]": {} + } + }, + "properties": { + "availabilitySet": "[if(equals(parameters('availability'), 'AvailabilitySets'), createObject('id', resourceId('Microsoft.Compute/availabilitySets', format('{0}{1}', parameters('availabilitySetNamePrefix'), padLeft(div(add(range(0, parameters('sessionHostCount'))[copyIndex()], parameters('sessionHostIndex')), 200), 2, '0')))), null())]", + "hardwareProfile": { + "vmSize": "[parameters('virtualMachineSize')]" + }, + "storageProfile": { + "imageReference": "[variables('imageReference')]", + "osDisk": { + "name": "[format('{0}-{1}', replace(parameters('diskNamePrefix'), format('-{0}', parameters('serviceToken')), ''), padLeft(add(range(0, parameters('sessionHostCount'))[copyIndex()], parameters('sessionHostIndex')), 4, '0'))]", + "osType": "Windows", + "createOption": "FromImage", + "caching": "ReadWrite", + "deleteOption": "Delete", + "managedDisk": { + "diskEncryptionSet": { + "id": "[parameters('diskEncryptionSetResourceId')]" + }, + "storageAccountType": "[parameters('diskSku')]" + } + }, + "dataDisks": [] + }, + "osProfile": { + "computerName": "[format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[copyIndex()], parameters('sessionHostIndex')), 4, '0'))]", + "adminUsername": "[parameters('virtualMachineUsername')]", + "adminPassword": "[parameters('virtualMachinePassword')]", + "windowsConfiguration": { + "provisionVMAgent": true, + "enableAutomaticUpdates": false + }, + "secrets": [], + "allowExtensionOperations": true + }, + "networkProfile": { + "networkInterfaces": [ + { + "id": "[resourceId('Microsoft.Network/networkInterfaces', format('{0}-{1}', replace(parameters('networkInterfaceNamePrefix'), format('-{0}', parameters('serviceToken')), ''), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')))]", + "properties": { + "deleteOption": "Delete" + } + } + ] + }, + "securityProfile": { + "uefiSettings": { + "secureBootEnabled": true, + "vTpmEnabled": true + }, + "securityType": "trustedLaunch", + "encryptionAtHost": true + }, + "diagnosticsProfile": { + "bootDiagnostics": { + "enabled": false + } + }, + "licenseType": "[if(equals(parameters('imagePublisher'), 'MicrosoftWindowsDesktop'), 'Windows_Client', 'Windows_Server')]" + }, + "dependsOn": [ + "networkInterface" + ] + }, + { + "copy": { + "name": "extension_IaasAntimalware", + "count": "[length(range(0, parameters('sessionHostCount')))]" + }, + "type": "Microsoft.Compute/virtualMachines/extensions", + "apiVersion": "2021-03-01", + "name": "[format('{0}/{1}', format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')), 'IaaSAntimalware')]", + "location": "[parameters('location')]", + "tags": "[parameters('tagsVirtualMachines')]", + "properties": { + "publisher": "Microsoft.Azure.Security", + "type": "IaaSAntimalware", + "typeHandlerVersion": "1.3", + "autoUpgradeMinorVersion": true, + "enableAutomaticUpgrade": false, + "settings": { + "AntimalwareEnabled": true, + "RealtimeProtectionEnabled": "true", + "ScheduledScanSettings": { + "isEnabled": "true", + "day": "7", + "time": "120", + "scanType": "Quick" + }, + "Exclusions": "[if(parameters('deployFslogix'), createObject('Paths', variables('fslogixExclusions')), createObject())]" + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines', format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')))]" + ] + }, + { + "copy": { + "name": "extension_GuestAttestation", + "count": "[length(range(0, parameters('sessionHostCount')))]" + }, + "type": "Microsoft.Compute/virtualMachines/extensions", + "apiVersion": "2021-03-01", + "name": "[format('{0}/{1}', format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')), 'GuestAttestation')]", + "location": "[parameters('location')]", + "properties": { + "publisher": "Microsoft.Azure.Security.WindowsAttestation", + "type": "GuestAttestation", + "typeHandlerVersion": "1.0", + "autoUpgradeMinorVersion": true, + "settings": { + "AttestationConfig": { + "MaaSettings": { + "maaEndpoint": "", + "maaTenantName": "GuestAttestation" + }, + "AscSettings": { + "ascReportingEndpoint": "", + "ascReportingFrequency": "" + }, + "useCustomToken": "false", + "disableAlerts": "false" + } + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines', format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')))]" + ] + }, + { + "copy": { + "name": "extension_MicrosoftMonitoringAgent", + "count": "[length(range(0, parameters('sessionHostCount')))]" + }, + "condition": "[and(parameters('monitoring'), equals(parameters('virtualMachineMonitoringAgent'), 'LogAnalyticsAgent'))]", + "type": "Microsoft.Compute/virtualMachines/extensions", + "apiVersion": "2021-03-01", + "name": "[format('{0}/{1}', format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')), 'MicrosoftmonitoringAgent')]", + "location": "[parameters('location')]", + "tags": "[parameters('tagsVirtualMachines')]", + "properties": { + "publisher": "Microsoft.EnterpriseCloud.monitoring", + "type": "MicrosoftmonitoringAgent", + "typeHandlerVersion": "1.0", + "autoUpgradeMinorVersion": true, + "settings": { + "workspaceId": "[if(parameters('monitoring'), reference(resourceId(parameters('resourceGroupManagement'), 'Microsoft.OperationalInsights/workspaces', parameters('logAnalyticsWorkspaceName')), '2015-03-20').customerId, null())]" + }, + "protectedSettings": { + "workspaceKey": "[if(parameters('monitoring'), listKeys(resourceId(parameters('resourceGroupManagement'), 'Microsoft.OperationalInsights/workspaces', parameters('logAnalyticsWorkspaceName')), '2015-03-20').primarySharedKey, null())]" + } + }, + "dependsOn": [ + "extension_IaasAntimalware", + "[resourceId('Microsoft.Compute/virtualMachines', format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')))]" + ] + }, + { + "copy": { + "name": "extension_AzureMonitorWindowsAgent", + "count": "[length(range(0, parameters('sessionHostCount')))]" + }, + "condition": "[and(parameters('monitoring'), equals(parameters('virtualMachineMonitoringAgent'), 'AzureMonitorAgent'))]", + "type": "Microsoft.Compute/virtualMachines/extensions", + "apiVersion": "2023-03-01", + "name": "[format('{0}/{1}', format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')), 'AzureMonitorWindowsAgent')]", + "location": "[parameters('location')]", + "tags": "[parameters('tagsVirtualMachines')]", + "properties": { + "publisher": "Microsoft.Azure.Monitor", + "type": "AzureMonitorWindowsAgent", + "typeHandlerVersion": "1.0", + "autoUpgradeMinorVersion": true, + "enableAutomaticUpgrade": true + }, + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines', format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')))]" + ] + }, + { + "copy": { + "name": "dataCollectionRuleAssociation", + "count": "[length(range(0, parameters('sessionHostCount')))]" + }, + "condition": "[and(parameters('monitoring'), equals(parameters('virtualMachineMonitoringAgent'), 'AzureMonitorAgent'))]", + "type": "Microsoft.Insights/dataCollectionRuleAssociations", + "apiVersion": "2022-06-01", + "scope": "[format('Microsoft.Compute/virtualMachines/{0}', format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')))]", + "name": "[parameters('dataCollectionRuleAssociationName')]", + "properties": { + "dataCollectionRuleId": "[parameters('dataCollectionRuleResourceId')]", + "description": "AVD Insights data collection rule association" + }, + "dependsOn": [ + "extension_AzureMonitorWindowsAgent", + "[resourceId('Microsoft.Compute/virtualMachines', format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')))]" + ] + }, + { + "copy": { + "name": "extension_CustomScriptExtension", + "count": "[length(range(0, parameters('sessionHostCount')))]" + }, + "type": "Microsoft.Compute/virtualMachines/extensions", + "apiVersion": "2021-03-01", + "name": "[format('{0}/{1}', format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')), 'CustomScriptExtension')]", + "location": "[parameters('location')]", + "tags": "[parameters('tagsVirtualMachines')]", + "properties": { + "publisher": "Microsoft.Compute", + "type": "CustomScriptExtension", + "typeHandlerVersion": "1.10", + "autoUpgradeMinorVersion": true, + "settings": { + "fileUris": [ + "[format('{0}{1}', parameters('artifactsUri'), parameters('avdAgentBootLoaderMsiName'))]", + "[format('{0}{1}', parameters('artifactsUri'), parameters('avdAgentMsiName'))]", + "[format('{0}Set-SessionHostConfiguration.ps1', parameters('artifactsUri'))]" + ], + "timestamp": "[parameters('timestamp')]" + }, + "protectedSettings": { + "commandToExecute": "[format('powershell -ExecutionPolicy Unrestricted -File Set-SessionHostConfiguration.ps1 -activeDirectorySolution {0} -amdVmSize {1} -avdAgentBootLoaderMsiName \"{2}\" -avdAgentMsiName \"{3}\" -Environment {4} -fslogix {5} -fslogixContainerType {6} -hostPoolName {7} -HostPoolRegistrationToken \"{8}\" -imageOffer {9} -imagePublisher {10} -netAppFileShares {11} -nvidiaVmSize {12} -pooledHostPool {13} -storageAccountPrefix {14} -storageCount {15} -storageIndex {16} -storageService {17} -storageSuffix {18} -uniqueToken {19}', parameters('activeDirectorySolution'), variables('amdVmSize'), parameters('avdAgentBootLoaderMsiName'), parameters('avdAgentMsiName'), environment().name, parameters('deployFslogix'), parameters('fslogixContainerType'), parameters('hostPoolName'), reference(resourceId(parameters('resourceGroupControlPlane'), 'Microsoft.DesktopVirtualization/hostpools', parameters('hostPoolName')), '2019-12-10-preview').registrationInfo.token, parameters('imageOffer'), parameters('imagePublisher'), parameters('netAppFileShares'), variables('nvidiaVmSize'), variables('pooledHostPool'), parameters('storageAccountPrefix'), parameters('storageCount'), parameters('storageIndex'), parameters('storageService'), parameters('storageSuffix'), parameters('uniqueToken'))]", + "managedidentity": { + "clientId": "[parameters('artifactsUserAssignedIdentityClientId')]" + } + } + }, + "dependsOn": [ + "dataCollectionRuleAssociation", + "extension_MicrosoftMonitoringAgent", + "[resourceId('Microsoft.Compute/virtualMachines', format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')))]" + ] + }, + { + "copy": { + "name": "extension_JsonADDomainExtension", + "count": "[length(range(0, parameters('sessionHostCount')))]" + }, + "condition": "[contains(parameters('activeDirectorySolution'), 'DomainServices')]", + "type": "Microsoft.Compute/virtualMachines/extensions", + "apiVersion": "2021-03-01", + "name": "[format('{0}/{1}', format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')), 'JsonADDomainExtension')]", + "location": "[parameters('location')]", + "tags": "[parameters('tagsVirtualMachines')]", + "properties": { + "forceUpdateTag": "[parameters('timestamp')]", + "publisher": "Microsoft.Compute", + "type": "JsonADDomainExtension", + "typeHandlerVersion": "1.3", + "autoUpgradeMinorVersion": true, + "settings": { + "Name": "[parameters('domainName')]", + "Options": "3", + "OUPath": "[parameters('organizationalUnitPath')]", + "Restart": "true", + "User": "[parameters('domainJoinUserPrincipalName')]" + }, + "protectedSettings": { + "Password": "[parameters('domainJoinPassword')]" + } + }, + "dependsOn": [ + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-drain-mode-{0}-{1}', parameters('batchCount'), parameters('deploymentNameSuffix')))]", + "[resourceId('Microsoft.Compute/virtualMachines', format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')))]" + ] + }, + { + "copy": { + "name": "extension_AADLoginForWindows", + "count": "[length(range(0, parameters('sessionHostCount')))]" + }, + "condition": "[not(contains(parameters('activeDirectorySolution'), 'DomainServices'))]", + "type": "Microsoft.Compute/virtualMachines/extensions", + "apiVersion": "2021-03-01", + "name": "[format('{0}/{1}', format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')), 'AADLoginForWindows')]", + "location": "[parameters('location')]", + "tags": "[parameters('tagsVirtualMachines')]", + "properties": { + "publisher": "Microsoft.Azure.ActiveDirectory", + "type": "AADLoginForWindows", + "typeHandlerVersion": "2.0", + "autoUpgradeMinorVersion": true, + "settings": "[if(variables('intune'), createObject('mdmId', '0000000a-0000-0000-c000-000000000000'), null())]" + }, + "dependsOn": [ + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-drain-mode-{0}-{1}', parameters('batchCount'), parameters('deploymentNameSuffix')))]", + "[resourceId('Microsoft.Compute/virtualMachines', format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')))]" + ] + }, + { + "copy": { + "name": "extension_AmdGpuDriverWindows", + "count": "[length(range(0, parameters('sessionHostCount')))]" + }, + "condition": "[variables('amdVmSize')]", + "type": "Microsoft.Compute/virtualMachines/extensions", + "apiVersion": "2021-03-01", + "name": "[format('{0}/{1}', format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')), 'AmdGpuDriverWindows')]", + "location": "[parameters('location')]", + "tags": "[parameters('tagsVirtualMachines')]", + "properties": { + "publisher": "Microsoft.HpcCompute", + "type": "AmdGpuDriverWindows", + "typeHandlerVersion": "1.0", + "autoUpgradeMinorVersion": true, + "settings": {} + }, + "dependsOn": [ + "extension_AADLoginForWindows", + "extension_JsonADDomainExtension", + "[resourceId('Microsoft.Compute/virtualMachines', format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')))]" + ] + }, + { + "copy": { + "name": "extension_NvidiaGpuDriverWindows", + "count": "[length(range(0, parameters('sessionHostCount')))]" + }, + "condition": "[variables('nvidiaVmSize')]", + "type": "Microsoft.Compute/virtualMachines/extensions", + "apiVersion": "2021-03-01", + "name": "[format('{0}/{1}', format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')), 'NvidiaGpuDriverWindows')]", + "location": "[parameters('location')]", + "tags": "[parameters('tagsVirtualMachines')]", + "properties": { + "publisher": "Microsoft.HpcCompute", + "type": "NvidiaGpuDriverWindows", + "typeHandlerVersion": "1.2", + "autoUpgradeMinorVersion": true, + "settings": {} + }, + "dependsOn": [ + "extension_AADLoginForWindows", + "extension_JsonADDomainExtension", + "[resourceId('Microsoft.Compute/virtualMachines', format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')))]" + ] + }, + { + "condition": "[parameters('enableDrainMode')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-drain-mode-{0}-{1}', parameters('batchCount'), parameters('deploymentNameSuffix'))]", + "resourceGroup": "[parameters('resourceGroupManagement')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "fileUris": { + "value": [ + "[format('{0}Set-AvdDrainMode.ps1', parameters('artifactsUri'))]" + ] + }, + "location": { + "value": "[parameters('location')]" + }, + "parameters": { + "value": "[format('-Environment {0} -hostPoolName {1} -HostPoolResourceGroupName {2} -sessionHostCount {3} -sessionHostIndex {4} -SubscriptionId {5} -TenantId {6} -userAssignedidentityClientId {7} -virtualMachineNamePrefix {8}', environment().name, parameters('hostPoolName'), parameters('resourceGroupControlPlane'), parameters('sessionHostCount'), parameters('sessionHostIndex'), subscription().subscriptionId, tenant().tenantId, parameters('deploymentUserAssignedidentityClientId'), variables('sessionHostNamePrefix'))]" + }, + "scriptFileName": { + "value": "Set-AvdDrainMode.ps1" + }, + "tags": { + "value": "[parameters('tagsVirtualMachines')]" + }, + "userAssignedIdentityClientId": { + "value": "[parameters('deploymentUserAssignedidentityClientId')]" + }, + "virtualMachineName": { + "value": "[parameters('managementVirtualMachineName')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "13331181864693511452" + } + }, + "parameters": { + "fileUris": { + "type": "array" + }, + "location": { + "type": "string" + }, + "parameters": { + "type": "securestring" + }, + "scriptFileName": { + "type": "string" + }, + "tags": { + "type": "object" + }, + "timestamp": { + "type": "string", + "defaultValue": "[utcNow('yyyyMMddhhmmss')]" + }, + "userAssignedIdentityClientId": { + "type": "string" + }, + "virtualMachineName": { + "type": "string" + } + }, + "resources": [ + { + "type": "Microsoft.Compute/virtualMachines/extensions", + "apiVersion": "2021-03-01", + "name": "[format('{0}/{1}', parameters('virtualMachineName'), 'CustomScriptExtension')]", + "location": "[parameters('location')]", + "tags": "[parameters('tags')]", + "properties": { + "publisher": "Microsoft.Compute", + "type": "CustomScriptExtension", + "typeHandlerVersion": "1.10", + "autoUpgradeMinorVersion": true, + "settings": { + "timestamp": "[parameters('timestamp')]" + }, + "protectedSettings": { + "commandToExecute": "[format('powershell -ExecutionPolicy Unrestricted -File {0} {1}', parameters('scriptFileName'), parameters('parameters'))]", + "fileUris": "[parameters('fileUris')]", + "managedIdentity": { + "clientId": "[parameters('userAssignedIdentityClientId')]" + } + } + } + } + ], + "outputs": { + "value": { + "type": "object", + "value": "[json(filter(reference(resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), 'CustomScriptExtension'), '2021-03-01').instanceView.substatuses, lambda('item', equals(lambdaVariables('item').code, 'ComponentStatus/StdOut/succeeded')))[0].message)]" + } + } + } + }, + "dependsOn": [ + "extension_CustomScriptExtension" + ] + } + ] + } + }, + "dependsOn": [ + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupHosts')), 'Microsoft.Resources/deployments', format('deploy-avail-{0}', parameters('deploymentNameSuffix')))]" + ] + }, + { + "condition": "[and(parameters('enableRecoveryServices'), contains(parameters('hostPoolType'), 'Personal'))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-recovery-services-{0}', parameters('deploymentNameSuffix'))]", + "resourceGroup": "[parameters('resourceGroupManagement')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "deployFslogix": { + "value": "[parameters('deployFslogix')]" + }, + "deploymentNameSuffix": { + "value": "[parameters('deploymentNameSuffix')]" + }, + "divisionRemainderValue": { + "value": "[parameters('divisionRemainderValue')]" + }, + "location": { + "value": "[parameters('location')]" + }, + "maxResourcesPerTemplateDeployment": { + "value": "[parameters('maxResourcesPerTemplateDeployment')]" + }, + "recoveryServicesVaultName": { + "value": "[parameters('recoveryServicesVaultName')]" + }, + "resourceGroupHosts": { + "value": "[parameters('resourceGroupHosts')]" + }, + "resourceGroupManagement": { + "value": "[parameters('resourceGroupManagement')]" + }, + "sessionHostBatchCount": { + "value": "[parameters('sessionHostBatchCount')]" + }, + "sessionHostIndex": { + "value": "[parameters('sessionHostIndex')]" + }, + "tagsRecoveryServicesVault": { + "value": "[variables('tagsRecoveryServicesVault')]" + }, + "virtualMachineNamePrefix": { + "value": "[variables('virtualMachineNamePrefix')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "17443009019263676585" + } + }, + "parameters": { + "deployFslogix": { + "type": "bool" + }, + "deploymentNameSuffix": { + "type": "string" + }, + "divisionRemainderValue": { + "type": "int" + }, + "location": { + "type": "string" + }, + "maxResourcesPerTemplateDeployment": { + "type": "int" + }, + "recoveryServicesVaultName": { + "type": "string" + }, + "resourceGroupHosts": { + "type": "string" + }, + "resourceGroupManagement": { + "type": "string" + }, + "sessionHostBatchCount": { + "type": "int" + }, + "sessionHostIndex": { + "type": "int" + }, + "tagsRecoveryServicesVault": { + "type": "object" + }, + "virtualMachineNamePrefix": { + "type": "string" + } + }, + "resources": [ + { + "copy": { + "name": "protectedItems_Vm", + "count": "[length(range(1, parameters('sessionHostBatchCount')))]" + }, + "condition": "[not(parameters('deployFslogix'))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-backup-protected-items-{0}-{1}', sub(range(1, parameters('sessionHostBatchCount'))[copyIndex()], 1), parameters('deploymentNameSuffix'))]", + "resourceGroup": "[parameters('resourceGroupManagement')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "location": { + "value": "[parameters('location')]" + }, + "policyId": { + "value": "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.RecoveryServices/vaults/backupPolicies', parameters('recoveryServicesVaultName'), 'AvdPolicyVm')]" + }, + "recoveryServicesVaultName": { + "value": "[parameters('recoveryServicesVaultName')]" + }, + "sessionHostCount": "[if(and(equals(range(1, parameters('sessionHostBatchCount'))[copyIndex()], parameters('sessionHostBatchCount')), greater(parameters('divisionRemainderValue'), 0)), createObject('value', parameters('divisionRemainderValue')), createObject('value', parameters('maxResourcesPerTemplateDeployment')))]", + "sessionHostIndex": "[if(equals(range(1, parameters('sessionHostBatchCount'))[copyIndex()], 1), createObject('value', parameters('sessionHostIndex')), createObject('value', add(mul(sub(range(1, parameters('sessionHostBatchCount'))[copyIndex()], 1), parameters('maxResourcesPerTemplateDeployment')), parameters('sessionHostIndex'))))]", + "tags": { + "value": "[parameters('tagsRecoveryServicesVault')]" + }, + "virtualMachineNamePrefix": { + "value": "[parameters('virtualMachineNamePrefix')]" + }, + "virtualMachineResourceGroupName": { + "value": "[parameters('resourceGroupHosts')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "9717044683271821230" + } + }, + "parameters": { + "location": { + "type": "string" + }, + "policyId": { + "type": "string" + }, + "recoveryServicesVaultName": { + "type": "string" + }, + "sessionHostCount": { + "type": "int" + }, + "sessionHostIndex": { + "type": "int" + }, + "tags": { + "type": "object" + }, + "virtualMachineNamePrefix": { + "type": "string" + }, + "virtualMachineResourceGroupName": { + "type": "string" + } + }, + "variables": { + "v2VmContainer": "iaasvmcontainer;iaasvmcontainerv2;", + "v2Vm": "vm;iaasvmcontainerv2;" + }, + "resources": [ + { + "copy": { + "name": "protectedItems_Vm", + "count": "[length(range(0, parameters('sessionHostCount')))]" + }, + "type": "Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems", + "apiVersion": "2021-08-01", + "name": "[format('{0}/Azure/{1}{2};{3}{4}/{5}{6};{7}{8}', parameters('recoveryServicesVaultName'), variables('v2VmContainer'), parameters('virtualMachineResourceGroupName'), parameters('virtualMachineNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[copyIndex()], parameters('sessionHostIndex')), 4, '0'), variables('v2Vm'), parameters('virtualMachineResourceGroupName'), parameters('virtualMachineNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[copyIndex()], parameters('sessionHostIndex')), 4, '0'))]", + "location": "[parameters('location')]", + "tags": "[parameters('tags')]", + "properties": { + "protectedItemType": "Microsoft.Compute/virtualMachines", + "policyId": "[parameters('policyId')]", + "sourceResourceId": "[resourceId(parameters('virtualMachineResourceGroupName'), 'Microsoft.Compute/virtualMachines', format('{0}{1}', parameters('virtualMachineNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[copyIndex()], parameters('sessionHostIndex')), 4, '0')))]" + } + } + ] + } + } + } + ] + } + }, + "dependsOn": [ + "virtualMachines" + ] + }, + { + "condition": "[and(parameters('enableScalingTool'), parameters('pooledHostPool'))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-scaling-tool-{0}', parameters('deploymentNameSuffix'))]", + "resourceGroup": "[parameters('resourceGroupManagement')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "artifactsUri": { + "value": "[parameters('artifactsUri')]" + }, + "automationAccountName": { + "value": "[parameters('automationAccountName')]" + }, + "beginPeakTime": { + "value": "[parameters('scalingBeginPeakTime')]" + }, + "deploymentNameSuffix": { + "value": "[parameters('deploymentNameSuffix')]" + }, + "endPeakTime": { + "value": "[parameters('scalingEndPeakTime')]" + }, + "hostPoolName": { + "value": "[parameters('hostPoolName')]" + }, + "hostPoolResourceGroupName": { + "value": "[parameters('resourceGroupControlPlane')]" + }, + "hybridRunbookWorkerGroupName": { + "value": "[parameters('hybridRunbookWorkerGroupName')]" + }, + "limitSecondsToForceLogOffUser": { + "value": "[parameters('scalingLimitSecondsToForceLogOffUser')]" + }, + "location": { + "value": "[parameters('location')]" + }, + "managementVirtualMachineName": { + "value": "[parameters('managementVirtualMachineName')]" + }, + "minimumNumberOfRdsh": { + "value": "[parameters('scalingMinimumNumberOfRdsh')]" + }, + "resourceGroupControlPlane": { + "value": "[parameters('resourceGroupControlPlane')]" + }, + "resourceGroupHosts": { + "value": "[parameters('resourceGroupHosts')]" + }, + "sessionThresholdPerCPU": { + "value": "[parameters('scalingSessionThresholdPerCPU')]" + }, + "tags": { + "value": "[variables('tagsAutomationAccounts')]" + }, + "timeDifference": { + "value": "[parameters('timeDifference')]" + }, + "timeZone": { + "value": "[parameters('timeZone')]" + }, + "userAssignedIdentityClientId": { + "value": "[parameters('deploymentUserAssignedIdentityClientId')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "9484865698561891496" + } + }, + "parameters": { + "artifactsUri": { + "type": "string" + }, + "automationAccountName": { + "type": "string" + }, + "beginPeakTime": { + "type": "string" + }, + "deploymentNameSuffix": { + "type": "string" + }, + "endPeakTime": { + "type": "string" + }, + "hostPoolName": { + "type": "string" + }, + "hostPoolResourceGroupName": { + "type": "string" + }, + "hybridRunbookWorkerGroupName": { + "type": "string" + }, + "limitSecondsToForceLogOffUser": { + "type": "string" + }, + "location": { + "type": "string" + }, + "managementVirtualMachineName": { + "type": "string" + }, + "minimumNumberOfRdsh": { + "type": "string" + }, + "resourceGroupControlPlane": { + "type": "string" + }, + "resourceGroupHosts": { + "type": "string" + }, + "sessionThresholdPerCPU": { + "type": "string" + }, + "tags": { + "type": "object" + }, + "time": { + "type": "string", + "defaultValue": "[utcNow('u')]" + }, + "timeDifference": { + "type": "string" + }, + "timeZone": { + "type": "string" + }, + "userAssignedIdentityClientId": { + "type": "string" + } + }, + "variables": { + "roleAssignments": [ + "[parameters('resourceGroupControlPlane')]", + "[parameters('resourceGroupHosts')]" + ], + "runbookFileName": "Set-HostPoolScaling.ps1", + "scriptFileName": "Set-AutomationRunbook.ps1" + }, + "resources": [ + { + "copy": { + "name": "schedules", + "count": "[length(range(0, 4))]" + }, + "type": "Microsoft.Automation/automationAccounts/schedules", + "apiVersion": "2022-08-08", + "name": "[format('{0}/{1}', parameters('automationAccountName'), format('{0}_{1}min', parameters('hostPoolName'), mul(add(range(0, 4)[copyIndex()], 1), 15)))]", + "properties": { + "advancedSchedule": {}, + "description": null, + "expiryTime": null, + "frequency": "Hour", + "interval": 1, + "startTime": "[dateTimeAdd(parameters('time'), format('PT{0}M', mul(add(range(0, 4)[copyIndex()], 1), 15)))]", + "timeZone": "[parameters('timeZone')]" + } + }, + { + "copy": { + "name": "jobSchedules", + "count": "[length(range(0, 4))]" + }, + "type": "Microsoft.Automation/automationAccounts/jobSchedules", + "apiVersion": "2022-08-08", + "name": "[format('{0}/{1}', parameters('automationAccountName'), guid(parameters('time'), variables('runbookFileName'), parameters('hostPoolName'), string(range(0, 4)[copyIndex()])))]", + "properties": { + "parameters": { + "beginPeakTime": "[parameters('beginPeakTime')]", + "endPeakTime": "[parameters('endPeakTime')]", + "EnvironmentName": "[environment().name]", + "hostPoolName": "[parameters('hostPoolName')]", + "limitSecondsToForceLogOffUser": "[parameters('limitSecondsToForceLogOffUser')]", + "LogOffMessageBody": "Your session will be logged off. Please save and close everything.", + "LogOffMessageTitle": "Machine is about to shutdown.", + "MaintenanceTagName": "Maintenance", + "minimumNumberOfRdsh": "[parameters('minimumNumberOfRdsh')]", + "ResourceGroupName": "[parameters('hostPoolResourceGroupName')]", + "sessionThresholdPerCPU": "[parameters('sessionThresholdPerCPU')]", + "SubscriptionId": "[subscription().subscriptionId]", + "TenantId": "[subscription().tenantId]", + "timeDifference": "[parameters('timeDifference')]" + }, + "runbook": { + "name": "[replace(variables('runbookFileName'), '.ps1', '')]" + }, + "runOn": "[parameters('hybridRunbookWorkerGroupName')]", + "schedule": { + "name": "[format('{0}_{1}min', parameters('hostPoolName'), mul(add(range(0, 4)[range(0, 4)[copyIndex()]], 1), 15))]" + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Resources/deployments', format('deploy-runboook-{0}', parameters('deploymentNameSuffix')))]", + "[resourceId('Microsoft.Automation/automationAccounts/schedules', parameters('automationAccountName'), format('{0}_{1}min', parameters('hostPoolName'), mul(add(range(0, 4)[range(0, 4)[copyIndex()]], 1), 15)))]" + ] + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-runboook-{0}', parameters('deploymentNameSuffix'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "fileUris": { + "value": [ + "[format('{0}{1}', parameters('artifactsUri'), variables('runbookFileName'))]", + "[format('{0}{1}', parameters('artifactsUri'), variables('scriptFileName'))]" + ] + }, + "location": { + "value": "[parameters('location')]" + }, + "parameters": { + "value": "[format('-AutomationAccountName {0} -Environment {1} -ResourceGroupName {2} -RunbookFileName {3} -SubscriptionId {4} -TenantId {5} -UserAssignedIdentityClientId {6}', parameters('automationAccountName'), environment().name, resourceGroup().name, variables('runbookFileName'), subscription().subscriptionId, tenant().tenantId, parameters('userAssignedIdentityClientId'))]" + }, + "scriptFileName": { + "value": "[variables('scriptFileName')]" + }, + "tags": { + "value": "[parameters('tags')]" + }, + "userAssignedIdentityClientId": { + "value": "[parameters('userAssignedIdentityClientId')]" + }, + "virtualMachineName": { + "value": "[parameters('managementVirtualMachineName')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "13331181864693511452" + } + }, + "parameters": { + "fileUris": { + "type": "array" + }, + "location": { + "type": "string" + }, + "parameters": { + "type": "securestring" + }, + "scriptFileName": { + "type": "string" + }, + "tags": { + "type": "object" + }, + "timestamp": { + "type": "string", + "defaultValue": "[utcNow('yyyyMMddhhmmss')]" + }, + "userAssignedIdentityClientId": { + "type": "string" + }, + "virtualMachineName": { + "type": "string" + } + }, + "resources": [ + { + "type": "Microsoft.Compute/virtualMachines/extensions", + "apiVersion": "2021-03-01", + "name": "[format('{0}/{1}', parameters('virtualMachineName'), 'CustomScriptExtension')]", + "location": "[parameters('location')]", + "tags": "[parameters('tags')]", + "properties": { + "publisher": "Microsoft.Compute", + "type": "CustomScriptExtension", + "typeHandlerVersion": "1.10", + "autoUpgradeMinorVersion": true, + "settings": { + "timestamp": "[parameters('timestamp')]" + }, + "protectedSettings": { + "commandToExecute": "[format('powershell -ExecutionPolicy Unrestricted -File {0} {1}', parameters('scriptFileName'), parameters('parameters'))]", + "fileUris": "[parameters('fileUris')]", + "managedIdentity": { + "clientId": "[parameters('userAssignedIdentityClientId')]" + } + } + } + } + ], + "outputs": { + "value": { + "type": "object", + "value": "[json(filter(reference(resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), 'CustomScriptExtension'), '2021-03-01').instanceView.substatuses, lambda('item', equals(lambdaVariables('item').code, 'ComponentStatus/StdOut/succeeded')))[0].message)]" + } + } + } + } + }, + { + "copy": { + "name": "roleAssignment", + "count": "[length(range(0, length(variables('roleAssignments'))))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-role-assignment-{0}-{1}', range(0, length(variables('roleAssignments')))[copyIndex()], parameters('deploymentNameSuffix'))]", + "resourceGroup": "[variables('roleAssignments')[range(0, length(variables('roleAssignments')))[copyIndex()]]]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "principalId": { + "value": "[reference(resourceId('Microsoft.Automation/automationAccounts', parameters('automationAccountName')), '2022-08-08', 'full').identity.principalId]" + }, + "principalType": { + "value": "ServicePrincipal" + }, + "roleDefinitionId": { + "value": "40c5ff49-9181-41f8-ae61-143b0e78555e" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "936749082468094105" + } + }, + "parameters": { + "principalId": { + "type": "string" + }, + "principalType": { + "type": "string" + }, + "roleDefinitionId": { + "type": "string" + } + }, + "resources": [ + { + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2022-04-01", + "name": "[guid(parameters('principalId'), parameters('roleDefinitionId'), resourceGroup().id)]", + "properties": { + "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', parameters('roleDefinitionId'))]", + "principalId": "[parameters('principalId')]", + "principalType": "[parameters('principalType')]" + } + } + ] + } + } + } + ] + } + }, + "dependsOn": [ + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-recovery-services-{0}', parameters('deploymentNameSuffix')))]" + ] + } + ] + } + }, + "dependsOn": [ + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-control-plane-{0}', parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-fslogix-{0}', parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-management-{0}', parameters('deploymentNameSuffix')))]", + "rgs", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-session-hosts-{0}', parameters('deploymentNameSuffix')))]" + ] + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-clean-up-{0}', parameters('deploymentNameSuffix'))]", + "location": "[deployment().location]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "deploymentNameSuffix": { + "value": "[parameters('deploymentNameSuffix')]" + }, + "fslogixStorageService": { + "value": "[parameters('fslogixStorageService')]" + }, + "location": { + "value": "[parameters('locationVirtualMachines')]" + }, + "resourceGroupManagement": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', variables('resourceGroupServices')[3], parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" + }, + "scalingTool": { + "value": "[parameters('scalingTool')]" + }, + "userAssignedIdentityClientId": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-management-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.deploymentUserAssignedIdentityClientId.value]" + }, + "virtualMachineName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-management-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.virtualMachineName.value]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "6871302194535997879" + } + }, + "parameters": { + "deploymentNameSuffix": { + "type": "string" + }, + "fslogixStorageService": { + "type": "string" + }, + "location": { + "type": "string" + }, + "resourceGroupManagement": { + "type": "string" + }, + "scalingTool": { + "type": "bool" + }, + "userAssignedIdentityClientId": { + "type": "string" + }, + "virtualMachineName": { + "type": "string" + } + }, + "resources": [ + { + "condition": "[and(not(parameters('scalingTool')), not(equals(parameters('fslogixStorageService'), 'AzureFiles Premium')))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('remove-mgmt-vm-{0}', parameters('deploymentNameSuffix'))]", + "resourceGroup": "[parameters('resourceGroupManagement')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "Location": { + "value": "[parameters('location')]" + }, + "UserAssignedIdentityClientId": { + "value": "[parameters('userAssignedIdentityClientId')]" + }, + "VirtualMachineName": { + "value": "[parameters('virtualMachineName')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "1172456808080141121" + } + }, + "parameters": { + "Location": { + "type": "string" + }, + "UserAssignedIdentityClientId": { + "type": "string" + }, + "VirtualMachineName": { + "type": "string" + } + }, + "resources": [ + { + "type": "Microsoft.Compute/virtualMachines/runCommands", + "apiVersion": "2023-03-01", + "name": "[format('{0}/{1}', parameters('VirtualMachineName'), 'RunCommand')]", + "location": "[parameters('Location')]", + "properties": { + "treatFailureAsDeploymentFailure": true, + "asyncExecution": true, + "parameters": [ + { + "name": "Environment", + "value": "[environment().name]" + }, + { + "name": "ResourceGroupName", + "value": "[resourceGroup().name]" + }, + { + "name": "SubscriptionId", + "value": "[subscription().subscriptionId]" + }, + { + "name": "TenantId", + "value": "[tenant().tenantId]" + }, + { + "name": "UserAssignedIdentityClientId", + "value": "[parameters('UserAssignedIdentityClientId')]" + }, + { + "name": "VirtualMachineName", + "value": "[parameters('VirtualMachineName')]" + } + ], + "source": { + "script": " param(\r\n [string]$Environment,\r\n [string]$ResourceGroupName,\r\n [string]$SubscriptionId,\r\n [string]$TenantId,\r\n [string]$UserAssignedIdentityClientId,\r\n [string]$VirtualMachineName\r\n )\r\n Start-Sleep -Seconds 30\r\n Connect-AzAccount -Environment $Environment -Tenant $TenantId -Subscription $SubscriptionId -Identity -AccountId $UserAssignedIdentityClientId\r\n Remove-AzVM -ResourceGroupName $ResourceGroupName -Name $VirtualMachineName -NoWait -Force\r\n " + } + } + } + ] + } + } + } + ] + } + }, + "dependsOn": [ + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-fslogix-{0}', parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-management-{0}', parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', variables('resourceGroupServices')[3], parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-session-hosts-{0}', parameters('deploymentNameSuffix')))]" + ] + } + ] +} \ No newline at end of file diff --git a/src/bicep/add-ons/azureVirtualDesktop/uiDefinition.json b/src/bicep/add-ons/azure-virtual-desktop/uiDefinition.json similarity index 88% rename from src/bicep/add-ons/azureVirtualDesktop/uiDefinition.json rename to src/bicep/add-ons/azure-virtual-desktop/uiDefinition.json index 1daec4401..3e35dc73d 100644 --- a/src/bicep/add-ons/azureVirtualDesktop/uiDefinition.json +++ b/src/bicep/add-ons/azure-virtual-desktop/uiDefinition.json @@ -15,8 +15,8 @@ "options": { "text": "The Azure Virtual Desktop (AVD) add-on reduces the complexity in deploying AVD with SCCA and zero trust compliance. Click on the link below to learn more about the solution.", "link": { - "label": "https://github.com/Azure/missionlz/blob/main/src/bicep/add-ons/azureVirtualDesktop/README.md", - "uri": "https://github.com/Azure/missionlz/blob/main/src/bicep/add-ons/azureVirtualDesktop/README.md" + "label": "https://github.com/Azure/missionlz/blob/main/src/bicep/add-ons/azure-virtual-desktop/README.md", + "uri": "https://github.com/Azure/missionlz/blob/main/src/bicep/add-ons/azure-virtual-desktop/README.md" } } }, @@ -108,8 +108,8 @@ "options": { "text": "The values selected below will be used as components in your naming convention to name your Azure resource groups and resources. For more information on the naming convention used in this solution, refer to the documentation.", "link": { - "label": "https://github.com/Azure/missionlz/blob/main/src/bicep/add-ons/azureVirtualDesktop/docs/design/naming.md", - "uri": "https://github.com/Azure/missionlz/blob/main/src/bicep/add-ons/azureVirtualDesktop/docs/design/naming.md" + "label": "https://github.com/Azure/missionlz/blob/main/src/bicep/add-ons/azure-virtual-desktop/docs/design/naming.md", + "uri": "https://github.com/Azure/missionlz/blob/main/src/bicep/add-ons/azure-virtual-desktop/docs/design/naming.md" } } }, @@ -208,12 +208,36 @@ ] }, { - "name": "servicePrincipalApi", + "name": "servicePrincipalsApi", "type": "Microsoft.Solutions.GraphApiControl", "request": { "method": "GET", "path": "/v1.0/serviceprincipals?$filter=appId eq '9cdead84-a844-4324-93f2-b2e6bb768d07'" } + }, + { + "name": "networkWatchersApi", + "type": "Microsoft.Solutions.ArmApiControl", + "request": { + "method": "GET", + "path": "[concat(steps('basics').scope.subscription.id, '/providers/Microsoft.Network/networkWatchers?api-version=2023-09-01')]" + } + }, + { + "name": "operationsLogAnalyticsWorkspaceApi", + "type": "Microsoft.Solutions.ArmApiControl", + "request": { + "method": "GET", + "path": "[concat('subscriptions/', first(skip(split(first(map(filter(first(map(filter(steps('basics').hub.virtualNetworksApi.value, (item) => equals(item.id, steps('basics').hub.virtualNetwork)), (item) => item.properties.virtualNetworkPeerings)), (item) => contains(item.properties.remoteVirtualNetwork.id, 'operations')), (item) => item.properties.remoteVirtualNetwork.id)), '/'), 2)), '/resourcegroups/', first(skip(split(first(map(filter(first(map(filter(steps('basics').hub.virtualNetworksApi.value, (item) => equals(item.id, steps('basics').hub.virtualNetwork)), (item) => item.properties.virtualNetworkPeerings)), (item) => contains(item.properties.remoteVirtualNetwork.id, 'operations')), (item) => item.properties.remoteVirtualNetwork.id)), '/'), 4)), '/providers/Microsoft.OperationalInsights/workspaces?api-version=2023-09-01')]" + } + }, + { + "name": "sharedServicesSubnetsApi", + "type": "Microsoft.Solutions.ArmApiControl", + "request": { + "method": "GET", + "path": "[concat(first(map(filter(first(map(filter(steps('basics').hub.virtualNetworksApi.value, (item) => equals(item.id, steps('basics').hub.virtualNetwork)), (item) => item.properties.virtualNetworkPeerings)), (item) => contains(item.properties.remoteVirtualNetwork.id, 'sharedServices')), (item) => item.properties.remoteVirtualNetwork.id)), '/subnets?api-version=2022-05-01')]" + } } ] }, @@ -400,27 +424,6 @@ } ] } - }, - { - "name": "subnetsApi", - "type": "Microsoft.Solutions.ArmApiControl", - "request": { - "method": "GET", - "path": "[concat(steps('basics').hub.virtualNetwork, '/subnets?api-version=2022-05-01')]" - } - }, - { - "name": "subnet", - "type": "Microsoft.Common.DropDown", - "visible": true, - "label": "Hub subnet (global)", - "defaultValue": "[first(map(filter(steps('controlPlane').workspace.subnetsApi.value, (item) => and(and(not(equals(item.name, 'AzureFirewallSubnet')), not(equals(item.name, 'AzureFirewallManagementSubnet'))), not(equals(item.name, 'AzureBastionSubnet')))), (item) => item.name))]", - "filter": true, - "toolTip": "Select the existing Hub subnet for the AVD Global Workspace.", - "constraints": { - "required": true, - "allowedValues": "[map(steps('controlPlane').workspace.subnetsApi.value, (item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.id, '\"}')))]" - } } ] }, @@ -1127,14 +1130,6 @@ } ] } - }, - { - "name": "disableBgpRoutePropagation", - "type": "Microsoft.Common.CheckBox", - "visible": true, - "label": "Disable BGP route propagation", - "defaultValue": true, - "toolTip": "Choose whether to disable BGP route propagation on the route table." } ] }, @@ -1237,7 +1232,7 @@ "name": "startVmOnConnect", "type": "Microsoft.Common.Section", "label": "Start VM On Connect", - "visible": "[empty(steps('basics').servicePrincipalApi)]", + "visible": "[empty(steps('basics').servicePrincipalsApi)]", "elements": [ { "name": "objectId", @@ -1433,23 +1428,6 @@ } ] } - }, - { - "name": "enableSecurity", - "type": "Microsoft.Common.CheckBox", - "visible": "[and(steps('management').monitoring.enable, equals(steps('management').monitoring.agent, 'LogAnalyticsAgent'))]", - "label": "Multi-home agent for security monitoring?", - "defaultValue": false, - "toolTip": "Deploy the required configuration to multi-home the Microsoft Monitoring Agent for security monitoring." - }, - { - "name": "logAnalyticsWorkspace", - "type": "Microsoft.Solutions.ResourceSelector", - "label": "Existing Log Analytics Workspace for Security", - "visible": "[and(and(steps('management').monitoring.enable, equals(steps('management').monitoring.agent, 'LogAnalyticsAgent')),steps('management').monitoring.enableSecurity)]", - "resourceType": "Microsoft.OperationalInsights/workspaces", - "toolTip": "Select the log analytics workspace used for collecting security data for Sentinel or Defender for Cloud. This is required to multihome the Microsoft Monitoring Agent.", - "options": {} } ] } @@ -1586,8 +1564,8 @@ "style": "Warning", "text": "The files listed above are prerequisites for this solution. They must be downloaded and staged in Azure Blob storage. Once staged, ensure the file names listed above match the file names in Azure Blob storage since the names can change over time. Refer to the following link to download the files:", "uri": { - "text": "https://github.com/Azure/missionlz/blob/main/src/bicep/add-ons/azureVirtualDesktop/docs/prerequisites.md#required", - "value": "https://github.com/Azure/missionlz/blob/main/src/bicep/add-ons/azureVirtualDesktop/docs/prerequisites.md#required" + "text": "https://github.com/Azure/missionlz/blob/main/src/bicep/add-ons/azure-virtual-desktop/docs/prerequisites.md#required", + "value": "https://github.com/Azure/missionlz/blob/main/src/bicep/add-ons/azure-virtual-desktop/docs/prerequisites.md#required" } } } @@ -1595,6 +1573,155 @@ } ] }, + { + "name": "compliance", + "label": "Compliance", + "elements": [ + { + "name": "defenderForCloud", + "label": "Defender for Cloud", + "type": "Microsoft.Common.Section", + "elements": [ + { + "name": "workspaceSettingsApi", + "type": "Microsoft.Solutions.ArmApiControl", + "request": { + "method": "GET", + "path": "[concat(steps('basics').scope.subscription.id, '/providers/Microsoft.Security/workspaceSettings?api-version=2017-08-01-preview')]" + } + }, + { + "name": "deployDefender", + "type": "Microsoft.Common.CheckBox", + "label": "Enable Defender for Cloud?", + "toolTip": "Check here to to deploy defender for cloud to the target subscription.", + "constraints": { + "required": false + } + }, + { + "name": "emailSecurityContact", + "type": "Microsoft.Common.TextBox", + "label": "Email Address for Security Notifications", + "defaultValue": "", + "toolTip": "Please enter a valid email address for the security team.", + "constraints": { + "required": true, + "regex": "^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\\.[a-zA-Z0-9-.]+$", + "validationMessage": "Email is not valid. Please re-enter." + }, + "visible": "[steps('compliance').defenderForCloud.deployDefender]" + } + ] + }, + { + "name": "policySection", + "label": "Azure Policy", + "type": "Microsoft.Common.Section", + "elements": [ + { + "name": "policySubsetDetailsTextBlock", + "type": "Microsoft.Common.TextBlock", + "options": { + "text": "Mission Landing Zone comes bundled with a relevant subset of available Azure policies." + } + }, + { + "name": "policyOptionalTextBlock", + "type": "Microsoft.Common.TextBlock", + "options": { + "text": "Enabling policies is optional, but recommended." + } + }, + { + "name": "deployPolicy", + "type": "Microsoft.Common.CheckBox", + "label": "Deploy policy assignments?", + "toolTip": "Check here to create policy assignments for the resources created by Mission Landing Zone.", + "constraints": { + "required": false + } + }, + { + "name": "policy", + "type": "Microsoft.Common.DropDown", + "label": "Policy Assignment", + "placeholder": "", + "defaultValue": "NIST SP 800-53", + "toolTip": "DoD IL5 is only available in AzureUsGovernment and will switch to NISTRev4 if tried in AzureCloud.", + "multiselect": false, + "selectAll": false, + "filter": true, + "filterPlaceholder": "Filter items ...", + "multiLine": true, + "defaultDescription": "Select one of the bundled built-in policy assignments.", + "constraints": { + "allowedValues": [ + { + "label": "NIST SP 800-53 Rev4", + "description": "The US National Institute of Standards and Technology (NIST) publishes a catalog of security and privacy controls, Special Publication (SP) 800-53, for all federal information systems in the United States (except those related to national security).", + "value": "NISTRev4" + }, + { + "label": "NIST SP 800-53 Rev5", + "description": "The US National Institute of Standards and Technology (NIST) publishes a catalog of security and privacy controls, Special Publication (SP) 800-53, for all federal information systems in the United States (except those related to national security).", + "value": "NISTRev5" + }, + { + "label": "DoD IL5", + "description": "The Defense Information Systems Agency (DISA) is an agency of the US Department of Defense (DoD) that is responsible for developing and maintaining the DoD Cloud Computing Security Requirements Guide (SRG). These policies are only available for AzureUsGovernment and will switch to NISTRev4 if tried in AzureCloud.", + "value": "IL5" + }, + { + "label": "CMMC", + "description": "The Cybersecurity Maturity Model Certification (CMMC) is a new framework developed by the US Department of Defense (DoD) that requires formal third-party audits of defense industrial base (DIB) contractor cybersecurity practices.", + "value": "CMMC" + } + ] + }, + "visible": "[steps('compliance').policySection.deployPolicy]" + } + ] + }, + { + "name": "virtualNetworkApi", + "type": "Microsoft.Solutions.ArmApiControl", + "request": { + "method": "GET", + "path": "[concat(steps('basics').hub.virtualNetwork, '?api-version=2023-09-01')]" + } + }, + { + "name": "logAnalyticsWorkspacesApi", + "type": "Microsoft.Solutions.ArmApiControl", + "request": { + "method": "GET", + "path": "[concat('/subscriptions/', first(skip(split(first(map(filter(steps('compliance').virtualNetworkApi.properties.virtualNetworkPeerings, (item) => contains(item.properties.remoteVirtualNetwork.id, 'operations')), (item) => item.properties.remoteVirtualNetwork.id)), '/'), 2)), '/resourcegroups/', first(skip(split(first(map(filter(steps('compliance').virtualNetworkApi.properties.virtualNetworkPeerings, (item) => contains(item.properties.remoteVirtualNetwork.id, 'operations')), (item) => item.properties.remoteVirtualNetwork.id)), '/'), 4)), '/providers/Microsoft.OperationalInsights/workspaces?api-version=2023-09-01')]" + } + }, + { + "name": "logAnalyticsWorkspace", + "type": "Microsoft.Common.DropDown", + "visible": true, + "label": "Existing Log Analytics Workspace for Central Logging", + "defaultValue": "[first(map(steps('compliance').logAnalyticsWorkspacesApi.value, (item) => item.name))]", + "filter": true, + "toolTip": "Select the existing Hub Azure firewall.", + "constraints": { + "required": true, + "allowedValues": "[map(steps('compliance').logAnalyticsWorkspacesApi.value, (item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.id, '\"}')))]" + } + }, + { + "name": "diagnosticSettingsApi", + "type": "Microsoft.Solutions.ArmApiControl", + "request": { + "method": "GET", + "path": "[concat(steps('basics').scope.subscription.id, '/providers/Microsoft.Insights/diagnosticSettings?api-version=2021-05-01-preview')]" + } + } + ] + }, { "name": "tags", "label": "Tags", @@ -1637,17 +1764,21 @@ "availability": "[steps('hosts').virtualMachine.availability]", "avdAgentMsiName": "[steps('artifacts').files.avdAgentMsiName.blobName]", "avdAgentBootLoaderMsiName": "[steps('artifacts').files.avdAgentBootLoaderMsiName.blobName]", - "avdObjectId": "[if(empty(steps('basics').servicePrincipalApi), steps('management').startVmOnConnect.objectId, first(map(steps('basics').servicePrincipalApi.value, (item) => item.id)))]", + "avdObjectId": "[if(empty(steps('basics').servicePrincipalsApi), steps('management').startVmOnConnect.objectId, first(map(steps('basics').servicePrincipalsApi.value, (item) => item.id)))]", "azurePowerShellModuleMsiName": "[steps('artifacts').files.azurePowerShellModuleMsiName.blobName]", "azureNetAppFilesSubnetAddressPrefix": "[if(and(equals(steps('basics').scope.location.name, steps('controlPlane').controlPlane.location), equals(steps('userProfiles').storage.service, 'AzureNetAppFiles')), steps('networking').controlPlane.subnetAddressCidrRangeAnf, steps('networking').hosts.subnetAddressCidrRangeAnf)]", "customRdpProperty": "[steps('controlPlane').hostPool.customRdpProperties]", + "deployActivityLogDiagnosticSetting": "[empty(steps('compliance').diagnosticSettingsApi.value)]", + "deployDefender": "[and(steps('compliance').defenderForCloud.deployDefender, empty(steps('compliance').defenderForCloud.workspaceSettingsApi.value))]", + "deployNetworkWatcher": "[empty(filter(steps('basics').networkWatchersApi.value, (item) => equals(item.location, steps('basics').scope.location.name)))]", + "deployPolicy": "[steps('compliance').policySection.deployPolicy]", "desktopFriendlyName": "[steps('controlPlane').friendlyNames.desktop]", - "disableBgpRoutePropagation": "[steps('networking').controlPlane.disableBgpRoutePropagation]", "diskSku": "[if(equals(steps('basics').scenario.profile, 'arcGisPro'), 'Premium_LRS', steps('hosts').virtualMachine.diskSku)]", "domainJoinPassword": "[steps('hosts').domainJoinCredentials.password]", "domainJoinUserPrincipalName": "[steps('hosts').domainJoinCredentials.userPrincipalName]", "domainName": "[steps('hosts').identity.domainName]", "drainMode": "[steps('management').drainMode.enable]", + "emailSecurityContact": "[if(and(steps('compliance').defenderForCloud.deployDefender, empty(steps('compliance').defenderForCloud.workspaceSettingsApi.value)), steps('compliance').defenderForCloud.emailSecurityContact, '')]", "environmentAbbreviation": "[steps('basics').naming.environment]", "fslogixShareSizeInGB": "[if(equals(steps('userProfiles').profileSolution, 'local'), 100, steps('userProfiles').storage.fileShareSize)]", "fslogixContainerType": "[steps('userProfiles').storage.fslogixContainerType]", @@ -1655,7 +1786,6 @@ "hostPoolPublicNetworkAccess": "[steps('controlPlane').hostPool.publicNetworkAccess]", "hostPoolType": "[if(equals(steps('controlPlane').hostPool.type, 'Pooled'), 'Pooled DepthFirst', 'Personal Automatic')]", "hubAzureFirewallResourceId": "[steps('basics').hub.azureFirewall]", - "hubSubnetResourceId": "[steps('controlPlane').workspace.subnet]", "hubVirtualNetworkResourceId": "[steps('basics').hub.virtualNetwork]", "identifier": "[steps('basics').naming.identifier]", "imageOffer": "[steps('hosts').image.offer]", @@ -1667,7 +1797,9 @@ "logAnalyticsWorkspaceRetention": 30, "logAnalyticsWorkspaceSku": "PerGB2018", "monitoring": "[steps('management').monitoring.enable]", + "operationsLogAnalyticsWorkspaceResourceId": "[first(map(steps('basics').operationsLogAnalyticsWorkspaceApi.value, (item) => item.id))]", "organizationalUnitPath": "[if(equals(steps('hosts').identity.solution, 'MicrosoftEntraId'), '', steps('hosts').identity.ouPath)]", + "policy": "[steps('compliance').policySection.policy]", "recoveryServices": "[steps('management').backup.recoveryServices]", "scalingBeginPeakTime": "[if(steps('management').scaling.enable, steps('management').scaling.beginPeakTime, '9:00')]", "scalingEndPeakTime": "[if(steps('management').scaling.enable, steps('management').scaling.endPeakTime, '17:00')]", @@ -1675,10 +1807,10 @@ "scalingMinimumNumberOfRdsh": "[if(steps('management').scaling.enable, steps('management').scaling.minimumHosts, '0')]", "scalingSessionThresholdPerCPU": "[if(steps('management').scaling.enable, steps('management').scaling.cpuThreshold, '1')]", "scalingTool": "[steps('management').scaling.enable]", - "securityLogAnalyticsWorkspaceResourceId": "[if(steps('management').monitoring.enableSecurity, steps('management').monitoring.logAnalyticsWorkspace.id, '')]", "securityPrincipals": "[if(empty(steps('controlPlane').assignment.groupsApi), steps('controlPlane').assignment.groupsGrid, steps('controlPlane').assignment.groupsDropDown)]", "sessionHostCount": "[steps('hosts').virtualMachine.count]", "sessionHostIndex": 0, + "sharedServicesSubnetResourceId": "[first(map(steps('basics').sharedServicesSubnetsApi.value, (item) => item.id))]", "stampIndex": "[steps('basics').naming.stampIndex]", "storageCount": "[if(equals(steps('userProfiles').profileSolution, 'local'), 0, if(empty(steps('controlPlane').assignment.groupsApi), length(steps('controlPlane').assignment.groupsGrid), length(steps('controlPlane').assignment.groupsDropDown)))]", "storageIndex": 0, diff --git a/src/bicep/add-ons/azureVirtualDesktop/modules/common/roleAssignment.bicep b/src/bicep/add-ons/azureVirtualDesktop/modules/common/roleAssignment.bicep deleted file mode 100644 index 47488388e..000000000 --- a/src/bicep/add-ons/azureVirtualDesktop/modules/common/roleAssignment.bicep +++ /dev/null @@ -1,12 +0,0 @@ -param PrincipalId string -param PrincipalType string -param RoleDefinitionId string - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = { - name: guid(PrincipalId, RoleDefinitionId, resourceGroup().id) - properties: { - roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions', RoleDefinitionId) - principalId: PrincipalId - principalType: PrincipalType - } -} diff --git a/src/bicep/add-ons/azureVirtualDesktop/modules/controlPlane/controlPlane.bicep b/src/bicep/add-ons/azureVirtualDesktop/modules/controlPlane/controlPlane.bicep deleted file mode 100644 index 6872e4140..000000000 --- a/src/bicep/add-ons/azureVirtualDesktop/modules/controlPlane/controlPlane.bicep +++ /dev/null @@ -1,110 +0,0 @@ -targetScope = 'subscription' - -param activeDirectorySolution string -param artifactsUri string -param avdPrivateDnsZoneResourceId string -param customRdpProperty string -param deploymentUserAssignedIdentityClientId string -param desktopApplicationGroupName string -param desktopFriendlyName string -param existingFeedWorkspace bool -param hostPoolDiagnosticSettingName string -param hostPoolName string -param hostPoolNetworkInterfaceName string -param hostPoolPrivateEndpointName string -param hostPoolPublicNetworkAccess string -param hostPoolType string -param locationControlPlane string -param locationVirtualMachines string -param logAnalyticsWorkspaceResourceId string -param managementVirtualMachineName string -param maxSessionLimit int -param monitoring bool -param resourceGroupControlPlane string -param resourceGroupFeedWorkspace string -param resourceGroupManagement string -param roleDefinitions object -param securityPrincipalObjectIds array -param subnetResourceId string -param tags object -param timestamp string -param validationEnvironment bool -param vmTemplate string -param workspaceFeedDiagnoticSettingName string -param workspaceFeedName string -param workspaceFeedNetworkInterfaceName string -param workspaceFeedPrivateEndpointName string -param workspaceFriendlyName string -param workspacePublicNetworkAccess string - -module hostPool 'hostPool.bicep' = { - name: 'HostPool_${timestamp}' - scope: resourceGroup(resourceGroupControlPlane) - params: { - activeDirectorySolution: activeDirectorySolution - avdPrivateDnsZoneResourceId: avdPrivateDnsZoneResourceId - customRdpProperty: customRdpProperty - hostPoolDiagnosticSettingName: hostPoolDiagnosticSettingName - hostPoolName: hostPoolName - hostPoolNetworkInterfaceName: hostPoolNetworkInterfaceName - hostPoolPrivateEndpointName: hostPoolPrivateEndpointName - hostPoolPublicNetworkAccess: hostPoolPublicNetworkAccess - hostPoolType: hostPoolType - location: locationControlPlane - logAnalyticsWorkspaceResourceId: logAnalyticsWorkspaceResourceId - maxSessionLimit: maxSessionLimit - monitoring: monitoring - subnetResourceId: subnetResourceId - tags: tags - validationEnvironment: validationEnvironment - vmTemplate: vmTemplate - } -} - -module applicationGroup 'applicationGroup.bicep' = { - name: 'ApplicationGroup_${timestamp}' - scope: resourceGroup(resourceGroupControlPlane) - params: { - artifactsUri: artifactsUri - deploymentUserAssignedIdentityClientId: deploymentUserAssignedIdentityClientId - desktopApplicationGroupName: desktopApplicationGroupName - hostPoolResourceId: hostPool.outputs.ResourceId - locationControlPlane: locationControlPlane - locationVirtualMachines: locationVirtualMachines - resourceGroupManagement: resourceGroupManagement - roleDefinitions: roleDefinitions - securityPrincipalObjectIds: securityPrincipalObjectIds - desktopFriendlyName: desktopFriendlyName - tags: tags - timestamp: timestamp - virtualMachineName: managementVirtualMachineName - } -} - -module workspace 'workspace.bicep' = { - name: 'WorkspaceFeed_${timestamp}' - scope: resourceGroup(resourceGroupFeedWorkspace) - params: { - applicationGroupReferences: applicationGroup.outputs.applicationGroupReference - artifactsUri: artifactsUri - avdPrivateDnsZoneResourceId: avdPrivateDnsZoneResourceId - deploymentUserAssignedIdentityClientId: deploymentUserAssignedIdentityClientId - existing: existingFeedWorkspace - hostPoolName: hostPoolName - locationControlPlane: locationControlPlane - locationVirtualMachines: locationVirtualMachines - logAnalyticsWorkspaceResourceId: logAnalyticsWorkspaceResourceId - monitoring: monitoring - resourceGroupManagement: resourceGroupManagement - subnetResourceId: subnetResourceId - tags: tags - timestamp: timestamp - virtualMachineName: managementVirtualMachineName - workspaceFeedDiagnoticSettingName: workspaceFeedDiagnoticSettingName - workspaceFeedName: workspaceFeedName - workspaceFeedNetworkInterfaceName: workspaceFeedNetworkInterfaceName - workspaceFeedPrivateEndpointName: workspaceFeedPrivateEndpointName - workspaceFriendlyName: workspaceFriendlyName - workspacePublicNetworkAccess: workspacePublicNetworkAccess - } -} diff --git a/src/bicep/add-ons/azureVirtualDesktop/modules/management/customerManagedKeys.bicep b/src/bicep/add-ons/azureVirtualDesktop/modules/management/customerManagedKeys.bicep deleted file mode 100644 index 65a965b73..000000000 --- a/src/bicep/add-ons/azureVirtualDesktop/modules/management/customerManagedKeys.bicep +++ /dev/null @@ -1,173 +0,0 @@ -param diskEncryptionKeyExpirationInDays int = 30 -param environment string -param keyVaultName string -param keyVaultNetworkInterfaceName string -param keyVaultPrivateEndpointName string -param keyVaultPrivateDnsZoneResourceId string -param location string -param serviceName string -param subnetResourceId string -param tags object -param timestamp string -param userAssignedIdentityNamePrefix string - -resource vault 'Microsoft.KeyVault/vaults@2022-07-01' = { - name: keyVaultName - location: location - tags: contains(tags, 'Microsoft.KeyVault/vaults') ? tags['Microsoft.KeyVault/vaults'] : {} - properties: { - enabledForDeployment: false - enabledForDiskEncryption: true - enabledForTemplateDeployment: false - enablePurgeProtection: true - enableRbacAuthorization: true - enableSoftDelete: true - networkAcls: { - bypass: 'AzureServices' - defaultAction: 'Deny' - ipRules: [] - virtualNetworkRules: [] - } - publicNetworkAccess: 'Disabled' - sku: { - family: 'A' - name: 'standard' - } - softDeleteRetentionInDays: environment == 'dev' || environment == 'test' ? 7 : 90 - tenantId: subscription().tenantId - } -} - -resource privateEndpoint 'Microsoft.Network/privateEndpoints@2023-04-01' = { - name: keyVaultPrivateEndpointName - location: location - tags: contains(tags, 'Microsoft.Network/privateEndpoints') ? tags['Microsoft.Network/privateEndpoints'] : {} - properties: { - customNetworkInterfaceName: keyVaultNetworkInterfaceName - privateLinkServiceConnections: [ - { - name: keyVaultPrivateEndpointName - properties: { - privateLinkServiceId: vault.id - groupIds: [ - 'vault' - ] - } - } - ] - subnet: { - id: subnetResourceId - } - } -} - -resource privateDnsZoneGroups 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2021-08-01' = { - parent: privateEndpoint - name: keyVaultName - properties: { - privateDnsZoneConfigs: [ - { - name: 'ipconfig1' - properties: { - privateDnsZoneId: keyVaultPrivateDnsZoneResourceId - } - } - ] - } -} - -resource key_disks 'Microsoft.KeyVault/vaults/keys@2022-07-01' = { - parent: vault - name: 'DiskEncryptionKey' - properties: { - attributes: { - enabled: true - } - keySize: 4096 - kty: 'RSA' - rotationPolicy: { - attributes: { - expiryTime: 'P${string(diskEncryptionKeyExpirationInDays)}D' - } - lifetimeActions: [ - { - action: { - type: 'Notify' - } - trigger: { - timeBeforeExpiry: 'P10D' - } - } - { - action: { - type: 'Rotate' - } - trigger: { - timeAfterCreate: 'P${string(diskEncryptionKeyExpirationInDays - 7)}D' - } - } - ] - } - } -} - -resource key_storageAccounts 'Microsoft.KeyVault/vaults/keys@2022-07-01' = { - parent: vault - name: 'StorageEncryptionKey' - properties: { - attributes: { - enabled: true - } - keySize: 4096 - kty: 'RSA' - rotationPolicy: { - attributes: { - expiryTime: 'P${string(diskEncryptionKeyExpirationInDays)}D' - } - lifetimeActions: [ - { - action: { - type: 'Notify' - } - trigger: { - timeBeforeExpiry: 'P10D' - } - } - { - action: { - type: 'Rotate' - } - trigger: { - timeAfterCreate: 'P${string(diskEncryptionKeyExpirationInDays - 7)}D' - } - } - ] - } - } -} - -module userAssignedIdentity 'userAssignedIdentity.bicep' = { - name: 'UAI_Encryption_${timestamp}' - params: { - location: location - name: replace(userAssignedIdentityNamePrefix, serviceName, 'encryption') - tags: contains(tags, 'Microsoft.ManagedIdentity/userAssignedIdentities') ? tags['Microsoft.ManagedIdentity/userAssignedIdentities'] : {} - } -} - -module roleAssignment '../common/roleAssignment.bicep' = { - name: 'RoleAssignment_Encryption_${timestamp}' - params: { - PrincipalId: userAssignedIdentity.outputs.principalId - PrincipalType: 'ServicePrincipal' - RoleDefinitionId: 'e147488a-f6f5-4113-8e2d-b22465e65bf6' // Key Vault Crypto Service Encryption User - } -} - -output keyUriWithVersion string = key_disks.properties.keyUriWithVersion -output keyVaultResourceId string = vault.id -output keyVaultUri string = vault.properties.vaultUri -output storageKeyName string = key_storageAccounts.name -output encryptionUserAssignedIdentityClientId string = userAssignedIdentity.outputs.clientId -output encryptionUserAssignedIdentityPrincipalId string = userAssignedIdentity.outputs.principalId -output encryptionUserAssignedIdentityResourceId string = userAssignedIdentity.outputs.resourceId diff --git a/src/bicep/add-ons/azureVirtualDesktop/modules/management/diskEncryptionSet.bicep b/src/bicep/add-ons/azureVirtualDesktop/modules/management/diskEncryptionSet.bicep deleted file mode 100644 index 1803b7990..000000000 --- a/src/bicep/add-ons/azureVirtualDesktop/modules/management/diskEncryptionSet.bicep +++ /dev/null @@ -1,36 +0,0 @@ -param diskEncryptionSetName string -param keyVaultResourceId string -param keyUrl string -param location string -param tags object -param timestamp string - -resource diskEncryptionSet 'Microsoft.Compute/diskEncryptionSets@2023-04-02' = { - name: diskEncryptionSetName - location: location - tags: tags - identity: { - type: 'SystemAssigned' - } - properties: { - activeKey: { - sourceVault: { - id: keyVaultResourceId - } - keyUrl: keyUrl - } - encryptionType: 'EncryptionAtRestWithPlatformAndCustomerKeys' - rotationToLatestKeyVersionEnabled: true - } -} - -module roleAssignment '../common/roleAssignment.bicep' = { - name: 'RoleAssignment_Encryption_${timestamp}' - params: { - PrincipalId: diskEncryptionSet.identity.principalId - PrincipalType: 'ServicePrincipal' - RoleDefinitionId: 'e147488a-f6f5-4113-8e2d-b22465e65bf6' // Key Vault Crypto Service Encryption User - } -} - -output resourceId string = diskEncryptionSet.id diff --git a/src/bicep/add-ons/azureVirtualDesktop/modules/network/networkSecurityGroup.bicep b/src/bicep/add-ons/azureVirtualDesktop/modules/network/networkSecurityGroup.bicep deleted file mode 100644 index 404ef9c63..000000000 --- a/src/bicep/add-ons/azureVirtualDesktop/modules/network/networkSecurityGroup.bicep +++ /dev/null @@ -1,26 +0,0 @@ -param networkSecurityGroupSecurityRules array -param location string = resourceGroup().location -param networkSecurityGroupName string - -resource networksecuritygroup 'Microsoft.Network/networkSecurityGroups@2020-11-01' = { - name: networkSecurityGroupName - location: location - properties: { - securityRules: [for item in networkSecurityGroupSecurityRules: { - name: item.name - properties: { - access: item.properties.access - destinationAddressPrefix: ((item.properties.destinationAddressPrefix == '') ? null : item.properties.destinationAddressPrefix) - destinationAddressPrefixes: ((length(item.properties.destinationAddressPrefixes) == 0) ? null : item.properties.destinationAddressPrefixes) - destinationPortRanges: ((length(item.properties.destinationPortRanges) == 0) ? null : item.properties.destinationPortRanges) - destinationPortRange: ((item.properties.destinationPortRange == '') ? null : item.properties.destinationPortRange) - direction: item.properties.direction - priority: int(item.properties.priority) - protocol: item.properties.protocol - sourceAddressPrefix: ((item.properties.sourceAddressPrefix == '') ? null : item.properties.sourceAddressPrefix) - sourcePortRanges: ((length(item.properties.sourcePortRanges) == 0) ? null : item.properties.sourcePortRanges) - sourcePortRange: item.properties.sourcePortRange - } - }] - } -} diff --git a/src/bicep/add-ons/azureVirtualDesktop/modules/network/networking.bicep b/src/bicep/add-ons/azureVirtualDesktop/modules/network/networking.bicep deleted file mode 100644 index b3626e85a..000000000 --- a/src/bicep/add-ons/azureVirtualDesktop/modules/network/networking.bicep +++ /dev/null @@ -1,125 +0,0 @@ -targetScope = 'subscription' - -param azureNetAppFilesSubnetAddressPrefix string -param disableBgpRoutePropagation bool -param hubAzureFirewallResourceId string -param hubVirtualNetworkResourceId string -param index int -param location string -param networkSecurityGroupName string -param subnetAddressPrefixes array -param resourceGroupNetwork string -param routeTableName string -param timestamp string -param virtualNetworkAddressPrefixes array -param virtualNetworkName string - -var hubSubscriptionId = split(hubVirtualNetworkResourceId, '/')[2] -var hubVirtualNetworkName = split(hubVirtualNetworkResourceId, '/')[8] -var hubVirtualNetworkResourceGroupName = split(hubVirtualNetworkResourceId, '/')[4] -var networkSecurityGroupSecurityRules = [] -var spokeResourceGroup = resourceGroupNetwork -var spokeSubscriptionId = subscription().subscriptionId -var subnets = union(subnetWorkload, subnetAnf) -var subnetAnf = empty(azureNetAppFilesSubnetAddressPrefix) ? [] : [ - { - name: 'AzureNetAppFiles' - addressPrefix: azureNetAppFilesSubnetAddressPrefix - delegations: [ - { - name: 'Microsoft.Netapp.volumes' - id: '${resourceId('Microsoft.Network/virtualNetworks/subnets', virtualNetworkName, 'AzureNetAppFiles')}/delegations/Microsoft.Netapp.volumes' - properties: { - serviceName: 'Microsoft.Netapp/volumes' - } - type: 'Microsoft.Network/virtualNetworks/subnets/delegations' - } - ] - privateEndpointNetworkPolicies: 'Disabled' - privateLinkServiceNetworkPolicies: 'Disabled' - networkSecurityGroupName: networkSecurityGroupName - } -] -var subnetWorkload = [ - { - name: 'AzureVirtualDesktop' - addressPrefix: subnetAddressPrefixes[index] - delegations: [] - privateEndpointNetworkPolicies: 'Disabled' - privateLinkServiceNetworkPolicies: 'Disabled' - networkSecurityGroupName: networkSecurityGroupName - } -] - -resource hubVirtualNetwork 'Microsoft.Network/virtualNetworks@2023-05-01' existing = { - scope: resourceGroup(hubSubscriptionId, hubVirtualNetworkResourceGroupName) - name: hubVirtualNetworkName -} - -resource azureFirewall 'Microsoft.Network/azureFirewalls@2023-05-01' existing = { - scope: resourceGroup(split(hubAzureFirewallResourceId, '/')[2], split(hubAzureFirewallResourceId, '/')[4]) - name: split(hubAzureFirewallResourceId, '/')[8] -} - -module userDefinedRoute 'userDefinedRoute.bicep' = { - name: 'UserDefinedRoute_${index}_${timestamp}' - scope: resourceGroup(spokeSubscriptionId, spokeResourceGroup) - params: { - azureFirewallIpAddress: azureFirewall.properties.ipConfigurations[0].properties.privateIPAddress - disableBgpRoutePropagation: disableBgpRoutePropagation - location: location - udrName: routeTableName - } -} - -module networkSecurityGroup 'networkSecurityGroup.bicep' = { - name: 'NetworkSecurityGroup_${index}_${timestamp}' - scope: resourceGroup(spokeSubscriptionId, spokeResourceGroup) - params: { - location: location - networkSecurityGroupName: networkSecurityGroupName - networkSecurityGroupSecurityRules: networkSecurityGroupSecurityRules - } -} - -module spokeVirtualNetwork 'virtualNetwork.bicep' = { - name: 'VirtualNetwork_${index}_${timestamp}' - scope: resourceGroup(spokeSubscriptionId, spokeResourceGroup) - params: { - dnsServers: contains(hubVirtualNetwork.properties, 'dhcpOptions') ? hubVirtualNetwork.properties.dhcpOptions.dnsServers : [] - location: location - subnets: subnets - udrName: userDefinedRoute.outputs.name - virtualNetworkName: virtualNetworkName - vNetAddressPrefixes: [ - virtualNetworkAddressPrefixes[index] - ] - } -} - -module virtualNetworkPeeringToHub 'virtualNetworkPeering.bicep' = { - name: 'VirtualNetworkPeer_Hub_${index}_${timestamp}' - scope: resourceGroup(spokeSubscriptionId, spokeResourceGroup) - params: { - existingLocalVirtualNetworkName: spokeVirtualNetwork.outputs.virtualNetworkName - existingRemoteVirtualNetworkName: hubVirtualNetwork.name - existingRemoteVirtualNetworkResourceGroupName: hubVirtualNetworkResourceGroupName - existingRemoteVirtualNetworkSubscriptionId: hubSubscriptionId - } -} - -module virtualNetworkPeeringToSpoke 'virtualNetworkPeering.bicep' = { - name: 'VirtualNetworkPeer_Spoke_${index}_${timestamp}' - scope: resourceGroup(hubSubscriptionId, hubVirtualNetworkResourceGroupName) - params: { - existingLocalVirtualNetworkName: hubVirtualNetwork.name - existingRemoteVirtualNetworkName: spokeVirtualNetwork.outputs.virtualNetworkName - existingRemoteVirtualNetworkResourceGroupName: spokeResourceGroup - existingRemoteVirtualNetworkSubscriptionId: spokeSubscriptionId - } - dependsOn: [ - virtualNetworkPeeringToHub - ] -} - -output subnetResourceId string = spokeVirtualNetwork.outputs.subnetResourceId diff --git a/src/bicep/add-ons/azureVirtualDesktop/modules/network/userDefinedRoute.bicep b/src/bicep/add-ons/azureVirtualDesktop/modules/network/userDefinedRoute.bicep deleted file mode 100644 index 35428aae5..000000000 --- a/src/bicep/add-ons/azureVirtualDesktop/modules/network/userDefinedRoute.bicep +++ /dev/null @@ -1,26 +0,0 @@ -param azureFirewallIpAddress string -param disableBgpRoutePropagation bool -param location string -param udrName string - -resource routeTable 'Microsoft.Network/routeTables@2021-05-01' = { - name: udrName - location: location - properties: { - disableBgpRoutePropagation: disableBgpRoutePropagation - routes: [ - { - name: 'default' - properties: { - addressPrefix: '0.0.0.0/0' - hasBgpOverride: false - nextHopIpAddress: azureFirewallIpAddress - nextHopType: 'VirtualAppliance' - } - } - ] - } -} - -output name string = routeTable.name -output id string = routeTable.id diff --git a/src/bicep/add-ons/azureVirtualDesktop/modules/network/virtualNetwork.bicep b/src/bicep/add-ons/azureVirtualDesktop/modules/network/virtualNetwork.bicep deleted file mode 100644 index 125bb4eb9..000000000 --- a/src/bicep/add-ons/azureVirtualDesktop/modules/network/virtualNetwork.bicep +++ /dev/null @@ -1,41 +0,0 @@ -param dnsServers array -param location string = resourceGroup().location -param virtualNetworkName string -param subnets array -param udrName string -param vNetAddressPrefixes array - -resource userDefinedRoute 'Microsoft.Network/routeTables@2021-05-01' existing = { - name: udrName -} - -resource virtualNetwork 'Microsoft.Network/virtualNetworks@2020-11-01' = { - name: virtualNetworkName - location: location - properties: { - addressSpace: { - addressPrefixes: vNetAddressPrefixes - } - dhcpOptions: !empty(dnsServers) ? { - dnsServers: dnsServers - } : null - subnets: [for item in subnets: { - name: item.name - properties: { - addressPrefix: item.addressPrefix - delegations: item.delegations - networkSecurityGroup: (empty(item.networkSecurityGroupName) ? null : json('{"id": "${resourceId('Microsoft.Network/networkSecurityGroups', item.networkSecurityGroupName)}"}')) - privateEndpointNetworkPolicies: item.privateEndpointNetworkPolicies - privateLinkServiceNetworkPolicies: item.privateLinkServiceNetworkPolicies - routeTable: { - id: userDefinedRoute.id - } - - } - }] - } -} - -output virtualNetworkName string = virtualNetwork.name -output virtualNetworkResourceId string = virtualNetwork.id -output subnetResourceId string = virtualNetwork.properties.subnets[0].id diff --git a/src/bicep/add-ons/azureVirtualDesktop/modules/network/virtualNetworkPeering.bicep b/src/bicep/add-ons/azureVirtualDesktop/modules/network/virtualNetworkPeering.bicep deleted file mode 100644 index 344969262..000000000 --- a/src/bicep/add-ons/azureVirtualDesktop/modules/network/virtualNetworkPeering.bicep +++ /dev/null @@ -1,17 +0,0 @@ -param existingLocalVirtualNetworkName string -param existingRemoteVirtualNetworkName string -param existingRemoteVirtualNetworkResourceGroupName string -param existingRemoteVirtualNetworkSubscriptionId string - -resource existingLocalVirtualNetworkName_peering_to_remote_vnet 'Microsoft.Network/virtualNetworks/virtualNetworkPeerings@2021-02-01' = { - name: '${existingLocalVirtualNetworkName}/${existingRemoteVirtualNetworkName}' - properties: { - allowVirtualNetworkAccess: true - allowForwardedTraffic: true - allowGatewayTransit: false - useRemoteGateways: false - remoteVirtualNetwork: { - id: resourceId(existingRemoteVirtualNetworkSubscriptionId, existingRemoteVirtualNetworkResourceGroupName, 'Microsoft.Network/virtualNetworks', existingRemoteVirtualNetworkName) - } - } -} diff --git a/src/bicep/add-ons/azureVirtualDesktop/solution.json b/src/bicep/add-ons/azureVirtualDesktop/solution.json deleted file mode 100644 index e1f9934bf..000000000 --- a/src/bicep/add-ons/azureVirtualDesktop/solution.json +++ /dev/null @@ -1,11709 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "4666217236747957979" - } - }, - "parameters": { - "activeDirectorySolution": { - "type": "string", - "allowedValues": [ - "ActiveDirectoryDomainServices", - "MicrosoftEntraDomainServices", - "MicrosoftEntraId", - "MicrosoftEntraIdIntuneEnrollment" - ], - "metadata": { - "description": "The service providing domain services for Azure Virtual Desktop. This is needed to properly configure the session hosts and if applicable, the Azure Storage Account." - } - }, - "artifactsContainerName": { - "type": "string", - "metadata": { - "description": "The name of the Azure Blobs container hosting the required artifacts." - } - }, - "artifactsStorageAccountResourceId": { - "type": "string", - "metadata": { - "description": "The resource ID for the storage account hosting the artifacts in Blob storage." - } - }, - "availability": { - "type": "string", - "defaultValue": "AvailabilityZones", - "allowedValues": [ - "AvailabilitySets", - "AvailabilityZones", - "None" - ], - "metadata": { - "description": "The desired availability option when deploying a pooled host pool. The best practice is to deploy to availability zones for the highest resilency and service level agreement." - } - }, - "avdAgentMsiName": { - "type": "string", - "metadata": { - "description": "The blob name of the MSI file for the AVD Agent installer. The file must be hosted in an Azure Blobs container with the other deployment artifacts." - } - }, - "avdAgentBootLoaderMsiName": { - "type": "string", - "metadata": { - "description": "The blob name of the MSI file for the AVD Agent Boot Loader installer. The file must be hosted in an Azure Blobs container with the other deployment artifacts." - } - }, - "avdObjectId": { - "type": "string", - "metadata": { - "description": "The object ID for the Azure Virtual Desktop enterprise application in Microsoft Entra ID. The object ID can found by selecting Microsoft Applications using the Application type filter in the Enterprise Applications blade of Microsoft Entra ID." - } - }, - "azureNetAppFilesSubnetAddressPrefix": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "The subnet address prefix for the Azure NetApp Files delegated subnet." - } - }, - "azurePowerShellModuleMsiName": { - "type": "string", - "metadata": { - "description": "The blob name of the MSI file for the Azure PowerShell Module installer. The file must be hosted in an Azure Blobs container with the other deployment artifacts." - } - }, - "customRdpProperty": { - "type": "string", - "defaultValue": "audiocapturemode:i:1;camerastoredirect:s:*;use multimon:i:0;drivestoredirect:s:;encode redirected video capture:i:1;redirected video capture encoding quality:i:1;audiomode:i:0;devicestoredirect:s:;redirectclipboard:i:0;redirectcomports:i:0;redirectlocation:i:1;redirectprinters:i:0;redirectsmartcards:i:1;redirectwebauthn:i:1;usbdevicestoredirect:s:;keyboardhook:i:2;", - "metadata": { - "description": "The RDP properties to add or remove RDP functionality on the AVD host pool. The string must end with a semi-colon. Settings reference: https://learn.microsoft.com/windows-server/remote/remote-desktop-services/clients/rdp-files" - } - }, - "desktopFriendlyName": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "The friendly name for the SessionDesktop application in the desktop application group." - } - }, - "disableBgpRoutePropagation": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Disabling BGP route propagation is a route table configuration that prevents the propagation of on-premises routes to network interfaces in the associated subnets." - } - }, - "diskSku": { - "type": "string", - "defaultValue": "Premium_LRS", - "allowedValues": [ - "Standard_LRS", - "StandardSSD_LRS", - "Premium_LRS" - ], - "metadata": { - "description": "The storage SKU for the managed disks on the AVD session hosts. Production deployments should use Premium_LRS." - } - }, - "domainJoinPassword": { - "type": "securestring", - "defaultValue": "", - "metadata": { - "description": "The password for the account to domain join the AVD session hosts." - } - }, - "domainJoinUserPrincipalName": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "The user principal name for the account to domain join the AVD session hosts." - } - }, - "domainName": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "The name of the domain that provides ADDS to the AVD session hosts." - } - }, - "drainMode": { - "type": "bool", - "defaultValue": false, - "metadata": { - "description": "The drain mode option enables drain mode for the sessions hosts in this deployment to prevent users from accessing the hosts until they have been validated." - } - }, - "environmentAbbreviation": { - "type": "string", - "defaultValue": "dev", - "allowedValues": [ - "dev", - "prod", - "test" - ], - "metadata": { - "description": "The abbreviation for the target environment." - } - }, - "fslogixShareSizeInGB": { - "type": "int", - "defaultValue": 100, - "metadata": { - "description": "The file share size(s) in GB for the Fslogix storage solution." - } - }, - "fslogixContainerType": { - "type": "string", - "defaultValue": "ProfileContainer", - "allowedValues": [ - "CloudCacheProfileContainer", - "CloudCacheProfileOfficeContainer", - "ProfileContainer", - "ProfileOfficeContainer" - ], - "metadata": { - "description": "If deploying FSLogix, select the desired type of container for user profiles. https://learn.microsoft.com/en-us/fslogix/concepts-container-types" - } - }, - "fslogixStorageService": { - "type": "string", - "defaultValue": "AzureFiles Standard", - "allowedValues": [ - "AzureNetAppFiles Premium", - "AzureNetAppFiles Standard", - "AzureFiles Premium", - "AzureFiles Standard", - "None" - ], - "metadata": { - "description": "Enable an Fslogix storage option to manage user profiles for the AVD session hosts. The selected service & SKU should provide sufficient IOPS for all of your users. https://docs.microsoft.com/en-us/azure/architecture/example-scenario/wvd/windows-virtual-desktop-fslogix#performance-requirements" - } - }, - "hostPoolPublicNetworkAccess": { - "type": "string", - "allowedValues": [ - "Disabled", - "Enabled", - "EnabledForClientsOnly", - "EnabledForSessionHostsOnly" - ], - "metadata": { - "description": "The type of public network access for the host pool." - } - }, - "hostPoolType": { - "type": "string", - "defaultValue": "Pooled DepthFirst", - "allowedValues": [ - "Pooled DepthFirst", - "Pooled BreadthFirst", - "Personal Automatic", - "Personal Direct" - ], - "metadata": { - "description": "These options specify the host pool type and depending on the type provides the load balancing options and assignment types." - } - }, - "hubAzureFirewallResourceId": { - "type": "string", - "metadata": { - "description": "The resource ID for the Azure Firewall in the HUB subscription" - } - }, - "hubSubnetResourceId": { - "type": "string", - "metadata": { - "description": "The resource ID for the subnet in the Shared Services subscription. This is required for the private endpoint on the AVD Global Workspace." - } - }, - "hubVirtualNetworkResourceId": { - "type": "string", - "metadata": { - "description": "The resource ID for the Azure Virtual Network in the HUB subscription." - } - }, - "identifier": { - "type": "string", - "defaultValue": "avd", - "maxLength": 3, - "metadata": { - "description": "The unique identifier between each business unit or project supporting AVD in your tenant. This is the unique naming component between each AVD stamp." - } - }, - "imageVersionResourceId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "The resource ID for the Compute Gallery Image Version. Do not set this value if using a marketplace image." - } - }, - "imageOffer": { - "type": "string", - "defaultValue": "office-365", - "metadata": { - "description": "Offer for the virtual machine image" - } - }, - "imagePublisher": { - "type": "string", - "defaultValue": "MicrosoftWindowsDesktop", - "metadata": { - "description": "Publisher for the virtual machine image" - } - }, - "imageSku": { - "type": "string", - "defaultValue": "win11-22h2-avd-m365", - "metadata": { - "description": "SKU for the virtual machine image" - } - }, - "locationControlPlane": { - "type": "string", - "defaultValue": "[deployment().location]", - "metadata": { - "description": "The deployment location for the AVD management resources." - } - }, - "locationVirtualMachines": { - "type": "string", - "defaultValue": "[deployment().location]", - "metadata": { - "description": "The deployment location for the AVD sessions hosts." - } - }, - "logAnalyticsWorkspaceRetention": { - "type": "int", - "defaultValue": 30, - "minValue": 30, - "maxValue": 730, - "metadata": { - "description": "The retention for the Log Analytics Workspace to setup the AVD monitoring solution" - } - }, - "logAnalyticsWorkspaceSku": { - "type": "string", - "defaultValue": "PerGB2018", - "allowedValues": [ - "Free", - "Standard", - "Premium", - "PerNode", - "PerGB2018", - "Standalone", - "CapacityReservation" - ], - "metadata": { - "description": "The SKU for the Log Analytics Workspace to setup the AVD monitoring solution" - } - }, - "monitoring": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Deploys the required monitoring resources to enable AVD Insights and monitor features in the automation account." - } - }, - "organizationalUnitPath": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "The distinguished name for the target Organization Unit in Active Directory Domain Services." - } - }, - "recoveryServices": { - "type": "bool", - "defaultValue": false, - "metadata": { - "description": "Enable backups to an Azure Recovery Services vault. For a pooled host pool this will enable backups on the Azure file share. For a personal host pool this will enable backups on the AVD sessions hosts." - } - }, - "scalingBeginPeakTime": { - "type": "string", - "defaultValue": "9:00", - "metadata": { - "description": "The time when session hosts will scale up and continue to stay on to support peak demand; Format 24 hours e.g. 9:00 for 9am" - } - }, - "scalingEndPeakTime": { - "type": "string", - "defaultValue": "17:00", - "metadata": { - "description": "The time when session hosts will scale down and stay off to support low demand; Format 24 hours e.g. 17:00 for 5pm" - } - }, - "scalingLimitSecondsToForceLogOffUser": { - "type": "string", - "defaultValue": "0", - "metadata": { - "description": "The number of seconds to wait before automatically signing out users. If set to 0 any session host that has user sessions will be left untouched" - } - }, - "scalingMinimumNumberOfRdsh": { - "type": "string", - "defaultValue": "0", - "metadata": { - "description": "The minimum number of session host VMs to keep running during off-peak hours. The scaling tool will not work if all virtual machines are turned off and the Start VM On Connect solution is not enabled." - } - }, - "scalingSessionThresholdPerCPU": { - "type": "string", - "defaultValue": "1", - "metadata": { - "description": "The maximum number of sessions per CPU that will be used as a threshold to determine when new session host VMs need to be started during peak hours" - } - }, - "scalingTool": { - "type": "bool", - "defaultValue": false, - "metadata": { - "description": "Deploys the required resources for the Scaling Tool. https://docs.microsoft.com/en-us/azure/virtual-desktop/scaling-automation-logic-apps" - } - }, - "securityLogAnalyticsWorkspaceResourceId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "The resource ID of the log analytics workspace used for Azure Sentinel and / or Defender for Cloud. When using the Microsoft monitoring Agent, this allows you to multihome the agent to reduce unnecessary log collection and reduce cost." - } - }, - "securityPrincipals": { - "type": "array", - "metadata": { - "description": "The array of Security Principals with their object IDs and display names to assign to the AVD Application Group and FSLogix Storage." - } - }, - "sessionHostCount": { - "type": "int", - "defaultValue": 1, - "minValue": 0, - "maxValue": 5000, - "metadata": { - "description": "The number of session hosts to deploy in the host pool. Ensure you have the approved quota to deploy the desired count." - } - }, - "sessionHostIndex": { - "type": "int", - "defaultValue": 0, - "minValue": 0, - "maxValue": 4999, - "metadata": { - "description": "The starting number for the session hosts. This is important when adding virtual machines to ensure an update deployment is not performed on an existing, active session host." - } - }, - "stampIndex": { - "type": "int", - "defaultValue": 0, - "minValue": 0, - "maxValue": 9, - "metadata": { - "description": "The stamp index allows for multiple AVD stamps with the same business unit or project to support different use cases. For example, \"0\" could be used for an office workers host pool and \"1\" could be used for a developers host pool within the \"finance\" business unit." - } - }, - "storageCount": { - "type": "int", - "defaultValue": 1, - "minValue": 0, - "maxValue": 100, - "metadata": { - "description": "The number of storage accounts to deploy to support sharding across multiple storage accounts. https://docs.microsoft.com/en-us/azure/architecture/patterns/sharding" - } - }, - "storageIndex": { - "type": "int", - "defaultValue": 0, - "minValue": 0, - "maxValue": 99, - "metadata": { - "description": "The starting number for the names of the storage accounts to support sharding across multiple storage accounts. https://docs.microsoft.com/en-us/azure/architecture/patterns/sharding" - } - }, - "subnetAddressPrefixes": { - "type": "array", - "defaultValue": [ - "10.0.140.0/24" - ], - "minLength": 1, - "maxLength": 2, - "metadata": { - "description": "The address prefix(es) for the new subnet(s) that will be created in the spoke virtual network(s). Specify only one address prefix in the array if the session hosts location and the control plan location are the same. If different locations are specified, add a second address prefix for the hosts virtual network." - } - }, - "tags": { - "type": "object", - "defaultValue": {}, - "metadata": { - "description": "The Key / value pairs of metadata for the Azure resource groups and resources." - } - }, - "timestamp": { - "type": "string", - "defaultValue": "[utcNow('yyyyMMddhhmmss')]", - "metadata": { - "description": "DO NOT MODIFY THIS VALUE! The timestamp is needed to differentiate deployments for certain Azure resources and must be set using a parameter." - } - }, - "usersPerCore": { - "type": "int", - "defaultValue": 1, - "metadata": { - "description": "The number of users per core is used to determine the maximum number of users per session host." - } - }, - "validationEnvironment": { - "type": "bool", - "defaultValue": false, - "metadata": { - "description": "The validation environment setting on the AVD host pool determines whether the hostpool should receive AVD preview features for testing." - } - }, - "virtualMachineVirtualCpuCount": { - "type": "int", - "metadata": { - "description": "The number of virtual CPUs per virtual machine for the selected virtual machine size." - } - }, - "virtualMachineMonitoringAgent": { - "type": "string", - "defaultValue": "LogAnalyticsAgent", - "allowedValues": [ - "AzureMonitorAgent", - "LogAnalyticsAgent" - ], - "metadata": { - "description": "Input the desired monitoring agent to send events and performance counters to a log analytics workspace." - } - }, - "virtualMachinePassword": { - "type": "securestring", - "metadata": { - "description": "The local administrator password for the AVD session hosts" - } - }, - "virtualMachineSize": { - "type": "string", - "defaultValue": "Standard_D4ads_v5", - "metadata": { - "description": "The virtual machine SKU for the AVD session hosts." - } - }, - "virtualMachineUsername": { - "type": "string", - "metadata": { - "description": "The local administrator username for the AVD session hosts" - } - }, - "virtualNetworkAddressPrefixes": { - "type": "array", - "defaultValue": [ - "10.0.140.0/24" - ], - "minLength": 1, - "maxLength": 2, - "metadata": { - "description": "The address prefix for the new spoke virtual network(s). Specify only one address prefix in the array if the session hosts location and the control plan location are the same. If different locations are specified, add a second address prefix for the hosts virtual network." - } - }, - "workspaceFriendlyName": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "The friendly name for the AVD workspace that is displayed in the end-user client." - } - }, - "workspacePublicNetworkAccess": { - "type": "string", - "allowedValues": [ - "Disabled", - "Enabled" - ], - "metadata": { - "description": "The public network access setting on the AVD workspace either disables public network access or allows both public and private network access." - } - } - }, - "variables": { - "artifactsUri": "[format('https://{0}.blob.{1}/{2}/', variables('artifactsStorageAccountName'), environment().suffixes.storage, parameters('artifactsContainerName'))]", - "artifactsStorageAccountName": "[split(parameters('artifactsStorageAccountResourceId'), '/')[8]]", - "privateDnsZoneResourceIdPrefix": "[format('/subscriptions/{0}/resourceGroups/{1}/providers/Microsoft.Network/privateDnsZones/', split(parameters('hubVirtualNetworkResourceId'), '/')[2], split(parameters('hubVirtualNetworkResourceId'), '/')[4])]", - "deploymentLocations": "[union(createArray(parameters('locationControlPlane')), createArray(parameters('locationVirtualMachines')))]", - "resourceGroupsCount": "[add(add(4, length(variables('deploymentLocations'))), if(equals(parameters('fslogixStorageService'), 'None'), 0, 1))]" - }, - "resources": [ - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('Names_{0}', parameters('timestamp'))]", - "location": "[deployment().location]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "environmentAbbreviation": { - "value": "[parameters('environmentAbbreviation')]" - }, - "identifier": { - "value": "[parameters('identifier')]" - }, - "locationControlPlane": { - "value": "[parameters('locationControlPlane')]" - }, - "locationVirtualMachines": { - "value": "[parameters('locationVirtualMachines')]" - }, - "stampIndex": { - "value": "[parameters('stampIndex')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "17338807797627585193" - } - }, - "parameters": { - "environmentAbbreviation": { - "type": "string" - }, - "identifier": { - "type": "string" - }, - "locationControlPlane": { - "type": "string" - }, - "locationVirtualMachines": { - "type": "string" - }, - "stampIndex": { - "type": "int" - } - }, - "variables": { - "$fxv#0": { - "AzureChina": { - "chinaeast": { - "abbreviation": "cne", - "recoveryServicesGeo": "sha", - "timeDifference": "+8:00", - "timeZone": "China Standard Time" - }, - "chinaeast2": { - "abbreviation": "cne2", - "recoveryServicesGeo": "sha2", - "timeDifference": "+8:00", - "timeZone": "China Standard Time" - }, - "chinanorth": { - "abbreviation": "cnn", - "recoveryServicesGeo": "bjb", - "timeDifference": "+8:00", - "timeZone": "China Standard Time" - }, - "chinanorth2": { - "abbreviation": "cnn2", - "recoveryServicesGeo": "bjb2", - "timeDifference": "+8:00", - "timeZone": "China Standard Time" - } - }, - "AzureCloud": { - "australiacentral": { - "abbreviation": "auc", - "recoveryServicesGeo": "acl", - "timeDifference": "+10:00", - "timeZone": "AUS Eastern Standard Time" - }, - "australiacentral2": { - "abbreviation": "auc2", - "recoveryServicesGeo": "acl2", - "timeDifference": "+10:00", - "timeZone": "AUS Eastern Standard Time" - }, - "australiaeast": { - "abbreviation": "aue", - "recoveryServicesGeo": "ae", - "timeDifference": "+10:00", - "timeZone": "AUS Eastern Standard Time" - }, - "australiasoutheast": { - "abbreviation": "ause", - "recoveryServicesGeo": "ase", - "timeDifference": "+10:00", - "timeZone": "AUS Eastern Standard Time" - }, - "brazilsouth": { - "abbreviation": "brs", - "recoveryServicesGeo": "brs", - "timeDifference": "-3:00", - "timeZone": "E. South America Standard Time" - }, - "brazilsoutheast": { - "abbreviation": "brse", - "recoveryServicesGeo": "bse", - "timeDifference": "-3:00", - "timeZone": "E. South America Standard Time" - }, - "canadacentral": { - "abbreviation": "cac", - "recoveryServicesGeo": "cnc", - "timeDifference": "-5:00", - "timeZone": "Eastern Standard Time" - }, - "canadaeast": { - "abbreviation": "cae", - "recoveryServicesGeo": "cne", - "timeDifference": "-5:00", - "timeZone": "Eastern Standard Time" - }, - "centralindia": { - "abbreviation": "inc", - "recoveryServicesGeo": "inc", - "timeDifference": "+5:30", - "timeZone": "India Standard Time" - }, - "centralus": { - "abbreviation": "usc", - "recoveryServicesGeo": "cus", - "timeDifference": "-6:00", - "timeZone": "Central Standard Time" - }, - "eastasia": { - "abbreviation": "ase", - "recoveryServicesGeo": "ea", - "timeDifference": "+8:00", - "timeZone": "China Standard Time" - }, - "eastus": { - "abbreviation": "use", - "recoveryServicesGeo": "eus", - "timeDifference": "-5:00", - "timeZone": "Eastern Standard Time" - }, - "eastus2": { - "abbreviation": "use2", - "recoveryServicesGeo": "eus2", - "timeDifference": "-5:00", - "timeZone": "Eastern Standard Time" - }, - "francecentral": { - "abbreviation": "frc", - "recoveryServicesGeo": "frc", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "francesouth": { - "abbreviation": "frs", - "recoveryServicesGeo": "frs", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "germanynorth": { - "abbreviation": "den", - "recoveryServicesGeo": "gn", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "germanywestcentral": { - "abbreviation": "dewc", - "recoveryServicesGeo": "gwc", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "israelcentral": { - "abbreviation": "ilc", - "recoveryServicesGeo": "ilc", - "timeDifference": "+2:00", - "timeZone": "Israel Standard Time" - }, - "italynorth": { - "abbreviation": "itn", - "recoveryServicesGeo": "itn", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "japaneast": { - "abbreviation": "jpe", - "recoveryServicesGeo": "jpe", - "timeDifference": "+9:00", - "timeZone": "Tokyo Standard Time" - }, - "japanwest": { - "abbreviation": "jpw", - "recoveryServicesGeo": "jpw", - "timeDifference": "+9:00", - "timeZone": "Tokyo Standard Time" - }, - "jioindiacentral": { - "abbreviation": "injc", - "recoveryServicesGeo": "jic", - "timeDifference": "+5:30", - "timeZone": "India Standard Time" - }, - "jioindiawest": { - "abbreviation": "injw", - "recoveryServicesGeo": "jiw", - "timeDifference": "+5:30", - "timeZone": "India Standard Time" - }, - "koreacentral": { - "abbreviation": "krc", - "recoveryServicesGeo": "krc", - "timeDifference": "+9:00", - "timeZone": "Korea Standard Time" - }, - "koreasouth": { - "abbreviation": "krs", - "recoveryServicesGeo": "krs", - "timeDifference": "+9:00", - "timeZone": "Korea Standard Time" - }, - "northcentralus": { - "abbreviation": "usnc", - "recoveryServicesGeo": "ncus", - "timeDifference": "-6:00", - "timeZone": "Central Standard Time" - }, - "northeurope": { - "abbreviation": "eun", - "recoveryServicesGeo": "ne", - "timeDifference": "0:00", - "timeZone": "GMT Standard Time" - }, - "norwayeast": { - "abbreviation": "noe", - "recoveryServicesGeo": "nwe", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "norwaywest": { - "abbreviation": "now", - "recoveryServicesGeo": "nww", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "polandcentral": { - "abbreviation": "plc", - "recoveryServicesGeo": "plc", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "qatarcentral": { - "abbreviation": "qac", - "recoveryServicesGeo": "qac", - "timeDifference": "+3:00", - "timeZone": "Arabian Standard Time" - }, - "southafricanorth": { - "abbreviation": "zan", - "recoveryServicesGeo": "san", - "timeDifference": "+2:00", - "timeZone": "South Africa Standard Time" - }, - "southafricawest": { - "abbreviation": "zaw", - "recoveryServicesGeo": "saw", - "timeDifference": "+2:00", - "timeZone": "South Africa Standard Time" - }, - "southcentralus": { - "abbreviation": "ussc", - "recoveryServicesGeo": "scus", - "timeDifference": "-6:00", - "timeZone": "Central Standard Time" - }, - "southeastasia": { - "abbreviation": "asse", - "recoveryServicesGeo": "sea", - "timeDifference": "+8:00", - "timeZone": "Singapore Standard Time" - }, - "southindia": { - "abbreviation": "ins", - "recoveryServicesGeo": "ins", - "timeDifference": "+5:30", - "timeZone": "India Standard Time" - }, - "swedencentral": { - "abbreviation": "sec", - "recoveryServicesGeo": "sdc", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "switzerlandnorth": { - "abbreviation": "chn", - "recoveryServicesGeo": "szn", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "switzerlandwest": { - "abbreviation": "chw", - "recoveryServicesGeo": "szw", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "uaecentral": { - "abbreviation": "aec", - "recoveryServicesGeo": "uac", - "timeDifference": "+3:00", - "timeZone": "Arabian Standard Time" - }, - "uaenorth": { - "abbreviation": "aen", - "recoveryServicesGeo": "uan", - "timeDifference": "+3:00", - "timeZone": "Arabian Standard Time" - }, - "uksouth": { - "abbreviation": "uks", - "recoveryServicesGeo": "uks", - "timeDifference": "0:00", - "timeZone": "GMT Standard Time" - }, - "ukwest": { - "abbreviation": "ukw", - "recoveryServicesGeo": "ukw", - "timeDifference": "0:00", - "timeZone": "GMT Standard Time" - }, - "westcentralus": { - "abbreviation": "uswc", - "recoveryServicesGeo": "wcus", - "timeDifference": "-7:00", - "timeZone": "Mountain Standard Time" - }, - "westeurope": { - "abbreviation": "euw", - "recoveryServicesGeo": "we", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "westindia": { - "abbreviation": "inw", - "recoveryServicesGeo": "inw", - "timeDifference": "+5:30", - "timeZone": "India Standard Time" - }, - "westus": { - "abbreviation": "usw", - "recoveryServicesGeo": "wus", - "timeDifference": "-8:00", - "timeZone": "Pacific Standard Time" - }, - "westus2": { - "abbreviation": "usw2", - "recoveryServicesGeo": "wus2", - "timeDifference": "-8:00", - "timeZone": "Pacific Standard Time" - }, - "westus3": { - "abbreviation": "usw3", - "recoveryServicesGeo": "wus3", - "timeDifference": "-7:00", - "timeZone": "Mountain Standard Time" - } - }, - "AzureUSGovernment": { - "usdodcentral": { - "abbreviation": "dodc", - "recoveryServicesGeo": "udc", - "timeDifference": "-6:00", - "timeZone": "Central Standard Time" - }, - "usdodeast": { - "abbreviation": "dode", - "recoveryServicesGeo": "ude", - "timeDifference": "-5:00", - "timeZone": "Eastern Standard Time" - }, - "usgovarizona": { - "abbreviation": "az", - "recoveryServicesGeo": "uga", - "timeDifference": "-7:00", - "timeZone": "Mountain Standard Time" - }, - "usgovtexas": { - "abbreviation": "tx", - "recoveryServicesGeo": "ugt", - "timeDifference": "-6:00", - "timeZone": "Central Standard Time" - }, - "usgovvirginia": { - "abbreviation": "va", - "recoveryServicesGeo": "ugv", - "timeDifference": "-5:00", - "timeZone": "Eastern Standard Time" - } - }, - "USNat": { - "usnateast": { - "abbreviation": "east", - "recoveryServicesGeo": "exe", - "timeDifference": "-5:00", - "timeZone": "Eastern Standard Time" - }, - "usnatwest": { - "abbreviation": "west", - "recoveryServicesGeo": "exw", - "timeDifference": "-8:00", - "timeZone": "Pacific Standard Time" - } - }, - "USSec": { - "usseceast": { - "abbreviation": "east", - "recoveryServicesGeo": "rxe", - "timeDifference": "-5:00", - "timeZone": "Eastern Standard Time" - }, - "ussecwest": { - "abbreviation": "west", - "recoveryServicesGeo": "rxw", - "timeDifference": "-8:00", - "timeZone": "Pacific Standard Time" - } - } - }, - "$fxv#1": { - "actionGroups": "ag", - "automationAccounts": "aa", - "availabilitySets": "avail", - "azureFirewalls": "afw", - "bastionHosts": "bas", - "computeGallieries": "cg", - "dataCollectionRuleAssociations": "dcra", - "dataCollectionRules": "dcr", - "desktopApplicationGroups": "vdag", - "diagnosticSettings": "diag", - "diskAccesses": "da", - "diskEncryptionSets": "des", - "disks": "disk", - "firewallPolicies": "afwp", - "hostPools": "vdpool", - "ipConfigurations": "ipconf", - "keyVaults": "kv", - "logAnalyticsWorkspaces": "log", - "netAppAccounts": "naa", - "netAppCapacityPools": "nacp", - "networkInterfaces": "nic", - "networkSecurityGroups": "nsg", - "networkWatchers": "nw", - "privateEndpoints": "pe", - "privateLinkScopes": "pls", - "publicIPAddresses": "pip", - "recoveryServicesVaults": "rsv", - "remoteApplicationGroups": "vdag", - "resourceGroups": "rg", - "routeTables": "rt", - "storageAccounts": "st", - "subnets": "snet", - "userAssignedIdentities": "id", - "virtualMachines": "vm", - "virtualNetworks": "vnet", - "workspaces": "vdws" - }, - "resourceAbbreviation": "resourceAbbreviation", - "serviceName": "serviceName", - "networkName": "avd", - "locationAbbreviation": "locationAbbreviation", - "namingConvention": "[format('{0}-{1}-{2}-{3}-{4}-{5}-{6}', parameters('identifier'), parameters('stampIndex'), variables('resourceAbbreviation'), variables('serviceName'), variables('networkName'), parameters('environmentAbbreviation'), variables('locationAbbreviation'))]", - "namingConvention_Global": "[format('{0}-{1}-{2}-{3}-{4}', variables('resourceAbbreviation'), variables('serviceName'), variables('networkName'), parameters('environmentAbbreviation'), variables('locationAbbreviation'))]", - "namingConvention_Shared": "[format('{0}-{1}-{2}-{3}-{4}-{5}', parameters('identifier'), variables('resourceAbbreviation'), variables('serviceName'), variables('networkName'), parameters('environmentAbbreviation'), variables('locationAbbreviation'))]", - "cloudEndpointSuffix": "[replace(replace(environment().resourceManager, 'https://management.', ''), '/', '')]", - "privateDnsZoneSuffixes_AzureAutomation": { - "AzureCloud": "net", - "AzureUSGovernment": "us" - }, - "privateDnsZoneSuffixes_AzureVirtualDesktop": { - "AzureCloud": "microsoft.com", - "AzureUSGovernment": "azure.us" - }, - "privateDnsZoneSuffixes_Backup": { - "AzureCloud": "windowsazure.com", - "AzureUSGovernment": "windowsazure.us" - }, - "privateDnsZoneSuffixes_Monitor": { - "AzureCloud": "azure.com", - "AzureUSGovernment": "azure.us" - }, - "locations": "[variables('$fxv#0')[environment().name]]", - "resourceAbbreviations": "[variables('$fxv#1')]", - "resources": { - "agentSvcPrivateDnsZoneName": "[format('privatelink.agentsvc.azure-automation.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureAutomation')[environment().name], variables('cloudEndpointSuffix')))]", - "automationAccountDiagnosticSettingName": "[replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').diagnosticSettings), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", - "automationAccountName": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').automationAccounts), format('-{0}', variables('serviceName')), ''), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", - "automationAccountNetworkInterfaceName": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').networkInterfaces), variables('serviceName'), format('DSCAndHybridWorker-{0}', variables('resourceAbbreviations').automationAccounts)), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", - "automationAccountPrivateEndpointName": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').privateEndpoints), variables('serviceName'), format('DSCAndHybridWorker-{0}', variables('resourceAbbreviations').automationAccounts)), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", - "availabilitySetNamePrefix": "[format('{0}-', replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').availabilitySets), format('-{0}', variables('serviceName')), ''), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation))]", - "avdGlobalPrivateDnsZoneName": "[format('privatelink-global.wvd.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureVirtualDesktop')[environment().name], variables('cloudEndpointSuffix')))]", - "avdPrivateDnsZoneName": "[format('privatelink.wvd.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureVirtualDesktop')[environment().name], variables('cloudEndpointSuffix')))]", - "azureAutomationPrivateDnsZoneName": "[format('privatelink.azure-automation.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureAutomation')[environment().name], variables('cloudEndpointSuffix')))]", - "backupPrivateDnsZoneName": "[format('privatelink.{0}.backup.{1}', variables('locations')[parameters('locationVirtualMachines')].recoveryServicesGeo, coalesce(variables('privateDnsZoneSuffixes_Backup')[environment().name], variables('cloudEndpointSuffix')))]", - "blobPrivateDnsZoneName": "[format('privatelink.blob.{0}', environment().suffixes.storage)]", - "dataCollectionRuleAssociationName": "[format('{0}-avdi', replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').dataCollectionRuleAssociations), format('-{0}', variables('serviceName')), ''), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation))]", - "dataCollectionRuleName": "[format('microsoft-avdi-{0}', variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", - "desktopApplicationGroupName": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').desktopApplicationGroups), format('-{0}', variables('serviceName')), ''), variables('locationAbbreviation'), variables('locations')[parameters('locationControlPlane')].abbreviation)]", - "diskAccessName": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').diskAccesses), format('-{0}', variables('serviceName')), ''), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", - "diskEncryptionSetName": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').diskEncryptionSets), format('-{0}', variables('serviceName')), ''), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", - "diskNamePrefix": "[replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').disks), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", - "filePrivateDnsZoneName": "[format('privatelink.file.{0}', environment().suffixes.storage)]", - "fileShareNames": { - "CloudCacheProfileContainer": [ - "profile-containers" - ], - "CloudCacheProfileOfficeContainer": [ - "office-containers", - "profile-containers" - ], - "ProfileContainer": [ - "profile-containers" - ], - "ProfileOfficeContainer": [ - "office-containers", - "profile-containers" - ] - }, - "hostPoolDiagnosticSettingName": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').diagnosticSettings), variables('serviceName'), variables('resourceAbbreviations').hostPools), variables('locationAbbreviation'), variables('locations')[parameters('locationControlPlane')].abbreviation)]", - "hostPoolName": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').hostPools), format('-{0}', variables('serviceName')), ''), variables('locationAbbreviation'), variables('locations')[parameters('locationControlPlane')].abbreviation)]", - "hostPoolNetworkInterfaceName": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').networkInterfaces), variables('serviceName'), variables('resourceAbbreviations').hostPools), variables('locationAbbreviation'), variables('locations')[parameters('locationControlPlane')].abbreviation)]", - "hostPoolPrivateEndpointName": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').privateEndpoints), variables('serviceName'), variables('resourceAbbreviations').hostPools), variables('locationAbbreviation'), variables('locations')[parameters('locationControlPlane')].abbreviation)]", - "keyVaultName": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').keyVaults), format('-{0}', variables('serviceName')), ''), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", - "keyVaultNetworkInterfaceName": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').networkInterfaces), variables('serviceName'), variables('resourceAbbreviations').keyVaults), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", - "keyVaultPrivateDnsZoneName": "[replace(format('privatelink{0}', environment().suffixes.keyvaultDns), 'vault', 'vaultcore')]", - "keyVaultPrivateEndpointName": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').privateEndpoints), variables('serviceName'), variables('resourceAbbreviations').keyVaults), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", - "logAnalyticsWorkspaceName": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').logAnalyticsWorkspaces), format('-{0}', variables('serviceName')), ''), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", - "netAppAccountName": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').netAppAccounts), format('-{0}', variables('serviceName')), ''), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", - "netAppCapacityPoolName": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').netAppCapacityPools), format('-{0}', variables('serviceName')), ''), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", - "networkInterfaceNamePrefix": "[replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').networkInterfaces), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", - "networkSecurityGroupNames": [ - "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').networkSecurityGroups), format('-{0}', variables('serviceName')), ''), variables('locationAbbreviation'), variables('locations')[parameters('locationControlPlane')].abbreviation)]", - "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').networkSecurityGroups), format('-{0}', variables('serviceName')), ''), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]" - ], - "monitorPrivateDnsZoneName": "[format('privatelink.monitor.{0}', coalesce(variables('privateDnsZoneSuffixes_Monitor')[environment().name], variables('cloudEndpointSuffix')))]", - "odsOpinsightsPrivateDnsZoneName": "[format('privatelink.ods.opinsights.{0}', coalesce(variables('privateDnsZoneSuffixes_Monitor')[environment().name], variables('cloudEndpointSuffix')))]", - "omsOpinsightsPrivateDnsZoneName": "[format('privatelink.oms.opinsights.{0}', coalesce(variables('privateDnsZoneSuffixes_Monitor')[environment().name], variables('cloudEndpointSuffix')))]", - "queuePrivateDnsZoneName": "[format('privatelink.queue.{0}', environment().suffixes.storage)]", - "recoveryServicesVaultName": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').recoveryServicesVaults), format('-{0}', variables('serviceName')), ''), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", - "recoveryServicesVaultNetworkInterfaceName": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').networkInterfaces), variables('serviceName'), variables('resourceAbbreviations').recoveryServicesVaults), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", - "recoveryServicesVaultPrivateEndpointName": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').privateEndpoints), variables('serviceName'), variables('resourceAbbreviations').recoveryServicesVaults), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", - "resourceGroupControlPlane": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').resourceGroups), variables('serviceName'), 'controlPlane'), variables('locationAbbreviation'), variables('locations')[parameters('locationControlPlane')].abbreviation)]", - "resourceGroupFeedWorkspace": "[replace(replace(replace(variables('namingConvention_Shared'), variables('resourceAbbreviation'), variables('resourceAbbreviations').resourceGroups), variables('serviceName'), 'feedWorkspace'), variables('locationAbbreviation'), variables('locations')[parameters('locationControlPlane')].abbreviation)]", - "resourceGroupGlobalWorkspace": "[replace(replace(replace(variables('namingConvention_Global'), variables('resourceAbbreviation'), variables('resourceAbbreviations').resourceGroups), variables('serviceName'), 'globalWorkspace'), variables('locationAbbreviation'), variables('locations')[parameters('locationControlPlane')].abbreviation)]", - "resourceGroupHosts": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').resourceGroups), variables('serviceName'), 'sessionHosts'), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", - "resourceGroupManagement": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').resourceGroups), variables('serviceName'), 'management'), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", - "resourceGroupsNetwork": [ - "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').resourceGroups), variables('serviceName'), 'network'), variables('locationAbbreviation'), variables('locations')[parameters('locationControlPlane')].abbreviation)]", - "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').resourceGroups), variables('serviceName'), 'network'), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]" - ], - "resourceGroupStorage": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').resourceGroups), variables('serviceName'), 'profileStorage'), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", - "routeTableNames": [ - "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').routeTables), format('-{0}', variables('serviceName')), ''), variables('locationAbbreviation'), variables('locations')[parameters('locationControlPlane')].abbreviation)]", - "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').routeTables), format('-{0}', variables('serviceName')), ''), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]" - ], - "storageAccountNamePrefix": "[replace(replace(replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').storageAccounts), format('-{0}', variables('serviceName')), ''), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation), parameters('environmentAbbreviation'), first(parameters('environmentAbbreviation'))), '-', '')]", - "storageAccountNetworkInterfaceNamePrefix": "[replace(replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').networkInterfaces), variables('serviceName'), variables('resourceAbbreviations').storageAccounts), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation), parameters('environmentAbbreviation'), first(parameters('environmentAbbreviation')))]", - "storageAccountPrivateEndpointNamePrefix": "[replace(replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').privateEndpoints), variables('serviceName'), variables('resourceAbbreviations').storageAccounts), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation), parameters('environmentAbbreviation'), first(parameters('environmentAbbreviation')))]", - "userAssignedIdentityNamePrefix": "[replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').userAssignedIdentities), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", - "virtualMachineNamePrefix": "[replace(replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').virtualMachines), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation), parameters('environmentAbbreviation'), first(parameters('environmentAbbreviation'))), '-', '')]", - "virtualNetworkNames": [ - "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').virtualNetworks), format('-{0}', variables('serviceName')), ''), variables('locationAbbreviation'), variables('locations')[parameters('locationControlPlane')].abbreviation)]", - "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').virtualNetworks), format('-{0}', variables('serviceName')), ''), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]" - ], - "workspaceFeedDiagnosticSettingName": "[replace(replace(replace(variables('namingConvention_Shared'), variables('resourceAbbreviation'), variables('resourceAbbreviations').diagnosticSettings), variables('serviceName'), format('feed-{0}', variables('resourceAbbreviations').workspaces)), variables('locationAbbreviation'), variables('locations')[parameters('locationControlPlane')].abbreviation)]", - "workspaceFeedName": "[replace(replace(replace(variables('namingConvention_Shared'), variables('resourceAbbreviation'), format('feed-{0}', variables('resourceAbbreviations').workspaces)), format('-{0}', variables('serviceName')), ''), variables('locationAbbreviation'), variables('locations')[parameters('locationControlPlane')].abbreviation)]", - "workspaceFeedNetworkInterfaceName": "[replace(replace(replace(variables('namingConvention_Shared'), variables('resourceAbbreviation'), variables('resourceAbbreviations').networkInterfaces), variables('serviceName'), format('feed-{0}', variables('resourceAbbreviations').workspaces)), variables('locationAbbreviation'), variables('locations')[parameters('locationControlPlane')].abbreviation)]", - "workspaceFeedPrivateEndpointName": "[replace(replace(replace(variables('namingConvention_Shared'), variables('resourceAbbreviation'), variables('resourceAbbreviations').privateEndpoints), variables('serviceName'), format('feed-{0}', variables('resourceAbbreviations').workspaces)), variables('locationAbbreviation'), variables('locations')[parameters('locationControlPlane')].abbreviation)]", - "workspaceFriendlyName": "[replace(replace(replace(variables('namingConvention_Shared'), variables('resourceAbbreviation'), variables('resourceAbbreviations').workspaces), format('-{0}', variables('serviceName')), ''), variables('locationAbbreviation'), variables('locations')[parameters('locationControlPlane')].abbreviation)]", - "workspaceGlobalName": "[replace(replace(replace(variables('namingConvention_Global'), variables('resourceAbbreviation'), format('global-{0}', variables('resourceAbbreviations').workspaces)), format('-{0}', variables('serviceName')), ''), variables('locationAbbreviation'), variables('locations')[parameters('locationControlPlane')].abbreviation)]", - "workspaceGlobalNetworkInterfaceName": "[replace(replace(replace(variables('namingConvention_Global'), variables('resourceAbbreviation'), variables('resourceAbbreviations').networkInterfaces), variables('serviceName'), format('global-{0}', variables('resourceAbbreviations').workspaces)), variables('locationAbbreviation'), variables('locations')[parameters('locationControlPlane')].abbreviation)]", - "workspaceGlobalPrivateEndpointName": "[replace(replace(replace(variables('namingConvention_Global'), variables('resourceAbbreviation'), variables('resourceAbbreviations').privateEndpoints), variables('serviceName'), format('global-{0}', variables('resourceAbbreviations').workspaces)), variables('locationAbbreviation'), variables('locations')[parameters('locationControlPlane')].abbreviation)]" - } - }, - "resources": [], - "outputs": { - "locations": { - "type": "object", - "value": "[variables('locations')]" - }, - "networkName": { - "type": "string", - "value": "[variables('networkName')]" - }, - "resources": { - "type": "object", - "value": "[variables('resources')]" - }, - "serviceName": { - "type": "string", - "value": "[variables('serviceName')]" - } - } - } - } - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('Logic_{0}', parameters('timestamp'))]", - "location": "[deployment().location]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "activeDirectorySolution": { - "value": "[parameters('activeDirectorySolution')]" - }, - "deploymentLocations": { - "value": "[variables('deploymentLocations')]" - }, - "diskSku": { - "value": "[parameters('diskSku')]" - }, - "domainName": { - "value": "[parameters('domainName')]" - }, - "fileShareNames": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.fileShareNames]" - }, - "fslogixContainerType": { - "value": "[parameters('fslogixContainerType')]" - }, - "fslogixStorageService": { - "value": "[parameters('fslogixStorageService')]" - }, - "hostPoolType": { - "value": "[parameters('hostPoolType')]" - }, - "imageOffer": { - "value": "[parameters('imageOffer')]" - }, - "imagePublisher": { - "value": "[parameters('imagePublisher')]" - }, - "imageSku": { - "value": "[parameters('imageSku')]" - }, - "imageVersionResourceId": { - "value": "[parameters('imageVersionResourceId')]" - }, - "locations": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.locations.value]" - }, - "locationVirtualMachines": { - "value": "[parameters('locationVirtualMachines')]" - }, - "networkName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.networkName.value]" - }, - "resourceGroupControlPlane": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.resourceGroupControlPlane]" - }, - "resourceGroupFeedWorkspace": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.resourceGroupFeedWorkspace]" - }, - "resourceGroupHosts": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.resourceGroupHosts]" - }, - "resourceGroupManagement": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.resourceGroupManagement]" - }, - "resourceGroupsNetwork": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.resourceGroupsNetwork]" - }, - "resourceGroupStorage": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.resourceGroupStorage]" - }, - "securityPrincipals": { - "value": "[parameters('securityPrincipals')]" - }, - "serviceName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.serviceName.value]" - }, - "sessionHostCount": { - "value": "[parameters('sessionHostCount')]" - }, - "sessionHostIndex": { - "value": "[parameters('sessionHostIndex')]" - }, - "virtualMachineNamePrefix": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.virtualMachineNamePrefix]" - }, - "virtualMachineSize": { - "value": "[parameters('virtualMachineSize')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "8951440847953377008" - } - }, - "parameters": { - "activeDirectorySolution": { - "type": "string" - }, - "deploymentLocations": { - "type": "array" - }, - "diskSku": { - "type": "string" - }, - "domainName": { - "type": "string" - }, - "fileShareNames": { - "type": "object" - }, - "fslogixContainerType": { - "type": "string" - }, - "fslogixStorageService": { - "type": "string" - }, - "hostPoolType": { - "type": "string" - }, - "imageOffer": { - "type": "string" - }, - "imagePublisher": { - "type": "string" - }, - "imageSku": { - "type": "string" - }, - "imageVersionResourceId": { - "type": "string" - }, - "locations": { - "type": "object" - }, - "locationVirtualMachines": { - "type": "string" - }, - "networkName": { - "type": "string" - }, - "resourceGroupControlPlane": { - "type": "string" - }, - "resourceGroupFeedWorkspace": { - "type": "string" - }, - "resourceGroupHosts": { - "type": "string" - }, - "resourceGroupManagement": { - "type": "string" - }, - "resourceGroupsNetwork": { - "type": "array" - }, - "resourceGroupStorage": { - "type": "string" - }, - "securityPrincipals": { - "type": "array" - }, - "serviceName": { - "type": "string" - }, - "sessionHostCount": { - "type": "int" - }, - "sessionHostIndex": { - "type": "int" - }, - "virtualMachineNamePrefix": { - "type": "string" - }, - "virtualMachineSize": { - "type": "string" - } - }, - "variables": { - "maxResourcesPerTemplateDeployment": 88, - "divisionValue": "[div(parameters('sessionHostCount'), variables('maxResourcesPerTemplateDeployment'))]", - "divisionRemainderValue": "[mod(parameters('sessionHostCount'), variables('maxResourcesPerTemplateDeployment'))]", - "sessionHostBatchCount": "[if(greater(variables('divisionRemainderValue'), 0), add(variables('divisionValue'), 1), variables('divisionValue'))]", - "maxAvSetMembers": 200, - "beginAvSetRange": "[div(parameters('sessionHostIndex'), variables('maxAvSetMembers'))]", - "endAvSetRange": "[div(add(parameters('sessionHostCount'), parameters('sessionHostIndex')), variables('maxAvSetMembers'))]", - "availabilitySetsCount": "[length(range(variables('beginAvSetRange'), add(sub(variables('endAvSetRange'), variables('beginAvSetRange')), 1)))]", - "customImageId": "[if(empty(parameters('imageVersionResourceId')), 'null', format('\"{0}\"', parameters('imageVersionResourceId')))]", - "fileShares": "[parameters('fileShareNames')[parameters('fslogixContainerType')]]", - "fslogix": "[if(or(equals(parameters('fslogixStorageService'), 'None'), not(contains(parameters('activeDirectorySolution'), 'DomainServices'))), false(), true())]", - "galleryImageOffer": "[if(empty(parameters('imageVersionResourceId')), format('\"{0}\"', parameters('imageOffer')), 'null')]", - "galleryImagePublisher": "[if(empty(parameters('imageVersionResourceId')), format('\"{0}\"', parameters('imagePublisher')), 'null')]", - "galleryImageSku": "[if(empty(parameters('imageVersionResourceId')), format('\"{0}\"', parameters('imageSku')), 'null')]", - "galleryItemId": "[if(empty(parameters('imageVersionResourceId')), format('\"{0}.{1}{2}\"', parameters('imagePublisher'), parameters('imageOffer'), parameters('imageSku')), 'null')]", - "imageType": "[if(empty(parameters('imageVersionResourceId')), '\"Gallery\"', '\"CustomImage\"')]", - "netbios": "[split(parameters('domainName'), '.')[0]]", - "pooledHostPool": "[if(equals(split(parameters('hostPoolType'), ' ')[0], 'Pooled'), true(), false())]", - "resourceGroups": "[union(variables('resourceGroupsCommon'), variables('resourceGroupsNetworking'), variables('resourceGroupsStorage'))]", - "resourceGroupsCommon": [ - "[parameters('resourceGroupControlPlane')]", - "[parameters('resourceGroupFeedWorkspace')]", - "[parameters('resourceGroupHosts')]", - "[parameters('resourceGroupManagement')]" - ], - "resourceGroupsNetworking": "[if(equals(length(parameters('deploymentLocations')), 2), parameters('resourceGroupsNetwork'), createArray(parameters('resourceGroupsNetwork')[0]))]", - "resourceGroupsStorage": "[if(variables('fslogix'), createArray(parameters('resourceGroupStorage')), createArray())]", - "roleDefinitions": { - "DesktopVirtualizationPowerOnContributor": "489581de-a3bd-480d-9518-53dea7416b33", - "DesktopVirtualizationUser": "1d18fff3-a72a-46b5-b4a9-0b38a3cd7e63", - "Reader": "acdd72a7-3385-48ef-bd42-f606fba81ae7", - "VirtualMachineUserLogin": "fb879df8-f326-4884-b1cf-06f3ad86be52" - }, - "securityPrincipalsCount": "[length(parameters('securityPrincipals'))]", - "sessionHostNamePrefix": "[replace(parameters('virtualMachineNamePrefix'), format('{0}{1}', parameters('serviceName'), parameters('networkName')), '')]", - "smbServerLocation": "[parameters('locations')[parameters('locationVirtualMachines')].abbreviation]", - "storageSku": "[if(equals(parameters('fslogixStorageService'), 'None'), 'None', split(parameters('fslogixStorageService'), ' ')[1])]", - "storageService": "[split(parameters('fslogixStorageService'), ' ')[0]]", - "storageSuffix": "[environment().suffixes.storage]", - "timeDifference": "[parameters('locations')[parameters('locationVirtualMachines')].timeDifference]", - "timeZone": "[parameters('locations')[parameters('locationVirtualMachines')].timeZone]", - "vmTemplate": "[format('{{\"domain\":\"{0}\",\"galleryImageOffer\":{1},\"galleryImagePublisher\":{2},\"galleryImageSKU\":{3},\"imageType\":{4},\"customImageId\":{5},\"namePrefix\":\"{6}\",\"osDiskType\":\"{7}\",\"vmSize\":{{\"id\":\"{8}\",\"cores\":null,\"ram\":null,\"rdmaEnabled\": false,\"supportsMemoryPreservingMaintenance\": true}},\"galleryItemId\":{9},\"hibernate\":false,\"diskSizeGB\":0,\"securityType\":\"TrustedLaunch\",\"secureBoot\":true,\"vTPM\":true,\"vmInfrastructureType\":\"Cloud\",\"virtualProcessorCount\":null,\"memoryGB\":null,\"maximumMemoryGB\":null,\"minimumMemoryGB\":null,\"dynamicMemoryConfig\":false}}', parameters('domainName'), variables('galleryImageOffer'), variables('galleryImagePublisher'), variables('galleryImageSku'), variables('imageType'), variables('customImageId'), variables('sessionHostNamePrefix'), parameters('diskSku'), parameters('virtualMachineSize'), variables('galleryItemId'))]" - }, - "resources": [], - "outputs": { - "availabilitySetsCount": { - "type": "int", - "value": "[variables('availabilitySetsCount')]" - }, - "beginAvSetRange": { - "type": "int", - "value": "[variables('beginAvSetRange')]" - }, - "divisionRemainderValue": { - "type": "int", - "value": "[variables('divisionRemainderValue')]" - }, - "fileShares": { - "type": "array", - "value": "[variables('fileShares')]" - }, - "fslogix": { - "type": "bool", - "value": "[variables('fslogix')]" - }, - "maxResourcesPerTemplateDeployment": { - "type": "int", - "value": "[variables('maxResourcesPerTemplateDeployment')]" - }, - "netbios": { - "type": "string", - "value": "[variables('netbios')]" - }, - "pooledHostPool": { - "type": "bool", - "value": "[variables('pooledHostPool')]" - }, - "resourceGroups": { - "type": "array", - "value": "[variables('resourceGroups')]" - }, - "roleDefinitions": { - "type": "object", - "value": "[variables('roleDefinitions')]" - }, - "sessionHostBatchCount": { - "type": "int", - "value": "[variables('sessionHostBatchCount')]" - }, - "securityPrincipalsCount": { - "type": "int", - "value": "[variables('securityPrincipalsCount')]" - }, - "smbServerLocation": { - "type": "string", - "value": "[variables('smbServerLocation')]" - }, - "storageSku": { - "type": "string", - "value": "[variables('storageSku')]" - }, - "storageService": { - "type": "string", - "value": "[variables('storageService')]" - }, - "storageSuffix": { - "type": "string", - "value": "[variables('storageSuffix')]" - }, - "timeDifference": { - "type": "string", - "value": "[variables('timeDifference')]" - }, - "timeZone": { - "type": "string", - "value": "[variables('timeZone')]" - }, - "vmTemplate": { - "type": "string", - "value": "[variables('vmTemplate')]" - } - } - } - }, - "dependsOn": [ - "[subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp')))]" - ] - }, - { - "copy": { - "name": "rgs", - "count": "[length(range(0, variables('resourceGroupsCount')))]" - }, - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('ResourceGroup_{0}_{1}', range(0, variables('resourceGroupsCount'))[copyIndex()], parameters('timestamp'))]", - "location": "[deployment().location]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "location": "[if(or(contains(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp'))), '2022-09-01').outputs.resourceGroups.value[range(0, variables('resourceGroupsCount'))[copyIndex()]], 'controlPlane'), contains(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp'))), '2022-09-01').outputs.resourceGroups.value[range(0, variables('resourceGroupsCount'))[copyIndex()]], 'feedWorkspace')), createObject('value', parameters('locationControlPlane')), createObject('value', parameters('locationVirtualMachines')))]", - "resourceGroupName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp'))), '2022-09-01').outputs.resourceGroups.value[range(0, variables('resourceGroupsCount'))[copyIndex()]]]" - }, - "tags": { - "value": "[parameters('tags')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "9339883053985547507" - } - }, - "parameters": { - "location": { - "type": "string" - }, - "resourceGroupName": { - "type": "string" - }, - "tags": { - "type": "object" - } - }, - "resources": [ - { - "type": "Microsoft.Resources/resourceGroups", - "apiVersion": "2020-10-01", - "name": "[parameters('resourceGroupName')]", - "location": "[parameters('location')]", - "tags": "[if(contains(parameters('tags'), 'Microsoft.Resources/resourceGroups'), parameters('tags')['Microsoft.Resources/resourceGroups'], createObject())]" - } - ] - } - }, - "dependsOn": [ - "[subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp')))]" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('Network_ControlPlane_{0}', parameters('timestamp'))]", - "location": "[deployment().location]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "azureNetAppFilesSubnetAddressPrefix": "[if(and(not(empty(parameters('azureNetAppFilesSubnetAddressPrefix'))), equals(length(variables('deploymentLocations')), 1)), createObject('value', parameters('azureNetAppFilesSubnetAddressPrefix')), createObject('value', ''))]", - "disableBgpRoutePropagation": { - "value": "[parameters('disableBgpRoutePropagation')]" - }, - "hubAzureFirewallResourceId": { - "value": "[parameters('hubAzureFirewallResourceId')]" - }, - "hubVirtualNetworkResourceId": { - "value": "[parameters('hubVirtualNetworkResourceId')]" - }, - "index": { - "value": 0 - }, - "location": { - "value": "[variables('deploymentLocations')[0]]" - }, - "networkSecurityGroupName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.networkSecurityGroupNames[0]]" - }, - "resourceGroupNetwork": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.resourceGroupsNetwork[0]]" - }, - "routeTableName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.routeTableNames[0]]" - }, - "subnetAddressPrefixes": { - "value": "[parameters('subnetAddressPrefixes')]" - }, - "timestamp": { - "value": "[parameters('timestamp')]" - }, - "virtualNetworkAddressPrefixes": { - "value": "[parameters('virtualNetworkAddressPrefixes')]" - }, - "virtualNetworkName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.virtualNetworkNames[0]]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "4060801276974414995" - } - }, - "parameters": { - "azureNetAppFilesSubnetAddressPrefix": { - "type": "string" - }, - "disableBgpRoutePropagation": { - "type": "bool" - }, - "hubAzureFirewallResourceId": { - "type": "string" - }, - "hubVirtualNetworkResourceId": { - "type": "string" - }, - "index": { - "type": "int" - }, - "location": { - "type": "string" - }, - "networkSecurityGroupName": { - "type": "string" - }, - "subnetAddressPrefixes": { - "type": "array" - }, - "resourceGroupNetwork": { - "type": "string" - }, - "routeTableName": { - "type": "string" - }, - "timestamp": { - "type": "string" - }, - "virtualNetworkAddressPrefixes": { - "type": "array" - }, - "virtualNetworkName": { - "type": "string" - } - }, - "variables": { - "hubSubscriptionId": "[split(parameters('hubVirtualNetworkResourceId'), '/')[2]]", - "hubVirtualNetworkName": "[split(parameters('hubVirtualNetworkResourceId'), '/')[8]]", - "hubVirtualNetworkResourceGroupName": "[split(parameters('hubVirtualNetworkResourceId'), '/')[4]]", - "networkSecurityGroupSecurityRules": [], - "spokeResourceGroup": "[parameters('resourceGroupNetwork')]", - "spokeSubscriptionId": "[subscription().subscriptionId]", - "subnets": "[union(variables('subnetWorkload'), variables('subnetAnf'))]", - "subnetAnf": "[if(empty(parameters('azureNetAppFilesSubnetAddressPrefix')), createArray(), createArray(createObject('name', 'AzureNetAppFiles', 'addressPrefix', parameters('azureNetAppFilesSubnetAddressPrefix'), 'delegations', createArray(createObject('name', 'Microsoft.Netapp.volumes', 'id', format('{0}/delegations/Microsoft.Netapp.volumes', resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), 'AzureNetAppFiles')), 'properties', createObject('serviceName', 'Microsoft.Netapp/volumes'), 'type', 'Microsoft.Network/virtualNetworks/subnets/delegations')), 'privateEndpointNetworkPolicies', 'Disabled', 'privateLinkServiceNetworkPolicies', 'Disabled', 'networkSecurityGroupName', parameters('networkSecurityGroupName'))))]", - "subnetWorkload": [ - { - "name": "AzureVirtualDesktop", - "addressPrefix": "[parameters('subnetAddressPrefixes')[parameters('index')]]", - "delegations": [], - "privateEndpointNetworkPolicies": "Disabled", - "privateLinkServiceNetworkPolicies": "Disabled", - "networkSecurityGroupName": "[parameters('networkSecurityGroupName')]" - } - ] - }, - "resources": [ - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('UserDefinedRoute_{0}_{1}', parameters('index'), parameters('timestamp'))]", - "subscriptionId": "[variables('spokeSubscriptionId')]", - "resourceGroup": "[variables('spokeResourceGroup')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "azureFirewallIpAddress": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('hubAzureFirewallResourceId'), '/')[2], split(parameters('hubAzureFirewallResourceId'), '/')[4]), 'Microsoft.Network/azureFirewalls', split(parameters('hubAzureFirewallResourceId'), '/')[8]), '2023-05-01').ipConfigurations[0].properties.privateIPAddress]" - }, - "disableBgpRoutePropagation": { - "value": "[parameters('disableBgpRoutePropagation')]" - }, - "location": { - "value": "[parameters('location')]" - }, - "udrName": { - "value": "[parameters('routeTableName')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "10479138354370069802" - } - }, - "parameters": { - "azureFirewallIpAddress": { - "type": "string" - }, - "disableBgpRoutePropagation": { - "type": "bool" - }, - "location": { - "type": "string" - }, - "udrName": { - "type": "string" - } - }, - "resources": [ - { - "type": "Microsoft.Network/routeTables", - "apiVersion": "2021-05-01", - "name": "[parameters('udrName')]", - "location": "[parameters('location')]", - "properties": { - "disableBgpRoutePropagation": "[parameters('disableBgpRoutePropagation')]", - "routes": [ - { - "name": "default", - "properties": { - "addressPrefix": "0.0.0.0/0", - "hasBgpOverride": false, - "nextHopIpAddress": "[parameters('azureFirewallIpAddress')]", - "nextHopType": "VirtualAppliance" - } - } - ] - } - } - ], - "outputs": { - "name": { - "type": "string", - "value": "[parameters('udrName')]" - }, - "id": { - "type": "string", - "value": "[resourceId('Microsoft.Network/routeTables', parameters('udrName'))]" - } - } - } - } - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('NetworkSecurityGroup_{0}_{1}', parameters('index'), parameters('timestamp'))]", - "subscriptionId": "[variables('spokeSubscriptionId')]", - "resourceGroup": "[variables('spokeResourceGroup')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "location": { - "value": "[parameters('location')]" - }, - "networkSecurityGroupName": { - "value": "[parameters('networkSecurityGroupName')]" - }, - "networkSecurityGroupSecurityRules": { - "value": "[variables('networkSecurityGroupSecurityRules')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "17551260843588118182" - } - }, - "parameters": { - "networkSecurityGroupSecurityRules": { - "type": "array" - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]" - }, - "networkSecurityGroupName": { - "type": "string" - } - }, - "resources": [ - { - "type": "Microsoft.Network/networkSecurityGroups", - "apiVersion": "2020-11-01", - "name": "[parameters('networkSecurityGroupName')]", - "location": "[parameters('location')]", - "properties": { - "copy": [ - { - "name": "securityRules", - "count": "[length(parameters('networkSecurityGroupSecurityRules'))]", - "input": { - "name": "[parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].name]", - "properties": { - "access": "[parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.access]", - "destinationAddressPrefix": "[if(equals(parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.destinationAddressPrefix, ''), null(), parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.destinationAddressPrefix)]", - "destinationAddressPrefixes": "[if(equals(length(parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.destinationAddressPrefixes), 0), null(), parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.destinationAddressPrefixes)]", - "destinationPortRanges": "[if(equals(length(parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.destinationPortRanges), 0), null(), parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.destinationPortRanges)]", - "destinationPortRange": "[if(equals(parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.destinationPortRange, ''), null(), parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.destinationPortRange)]", - "direction": "[parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.direction]", - "priority": "[int(parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.priority)]", - "protocol": "[parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.protocol]", - "sourceAddressPrefix": "[if(equals(parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.sourceAddressPrefix, ''), null(), parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.sourceAddressPrefix)]", - "sourcePortRanges": "[if(equals(length(parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.sourcePortRanges), 0), null(), parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.sourcePortRanges)]", - "sourcePortRange": "[parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.sourcePortRange]" - } - } - } - ] - } - } - ] - } - } - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('VirtualNetwork_{0}_{1}', parameters('index'), parameters('timestamp'))]", - "subscriptionId": "[variables('spokeSubscriptionId')]", - "resourceGroup": "[variables('spokeResourceGroup')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "dnsServers": "[if(contains(reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hubSubscriptionId'), variables('hubVirtualNetworkResourceGroupName')), 'Microsoft.Network/virtualNetworks', variables('hubVirtualNetworkName')), '2023-05-01'), 'dhcpOptions'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hubSubscriptionId'), variables('hubVirtualNetworkResourceGroupName')), 'Microsoft.Network/virtualNetworks', variables('hubVirtualNetworkName')), '2023-05-01').dhcpOptions.dnsServers), createObject('value', createArray()))]", - "location": { - "value": "[parameters('location')]" - }, - "subnets": { - "value": "[variables('subnets')]" - }, - "udrName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('spokeSubscriptionId'), variables('spokeResourceGroup')), 'Microsoft.Resources/deployments', format('UserDefinedRoute_{0}_{1}', parameters('index'), parameters('timestamp'))), '2022-09-01').outputs.name.value]" - }, - "virtualNetworkName": { - "value": "[parameters('virtualNetworkName')]" - }, - "vNetAddressPrefixes": { - "value": [ - "[parameters('virtualNetworkAddressPrefixes')[parameters('index')]]" - ] - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "14500564446311756749" - } - }, - "parameters": { - "dnsServers": { - "type": "array" - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]" - }, - "virtualNetworkName": { - "type": "string" - }, - "subnets": { - "type": "array" - }, - "udrName": { - "type": "string" - }, - "vNetAddressPrefixes": { - "type": "array" - } - }, - "resources": [ - { - "type": "Microsoft.Network/virtualNetworks", - "apiVersion": "2020-11-01", - "name": "[parameters('virtualNetworkName')]", - "location": "[parameters('location')]", - "properties": { - "copy": [ - { - "name": "subnets", - "count": "[length(parameters('subnets'))]", - "input": { - "name": "[parameters('subnets')[copyIndex('subnets')].name]", - "properties": { - "addressPrefix": "[parameters('subnets')[copyIndex('subnets')].addressPrefix]", - "delegations": "[parameters('subnets')[copyIndex('subnets')].delegations]", - "networkSecurityGroup": "[if(empty(parameters('subnets')[copyIndex('subnets')].networkSecurityGroupName), null(), json(format('{{\"id\": \"{0}\"}}', resourceId('Microsoft.Network/networkSecurityGroups', parameters('subnets')[copyIndex('subnets')].networkSecurityGroupName))))]", - "privateEndpointNetworkPolicies": "[parameters('subnets')[copyIndex('subnets')].privateEndpointNetworkPolicies]", - "privateLinkServiceNetworkPolicies": "[parameters('subnets')[copyIndex('subnets')].privateLinkServiceNetworkPolicies]", - "routeTable": { - "id": "[resourceId('Microsoft.Network/routeTables', parameters('udrName'))]" - } - } - } - } - ], - "addressSpace": { - "addressPrefixes": "[parameters('vNetAddressPrefixes')]" - }, - "dhcpOptions": "[if(not(empty(parameters('dnsServers'))), createObject('dnsServers', parameters('dnsServers')), null())]" - } - } - ], - "outputs": { - "virtualNetworkName": { - "type": "string", - "value": "[parameters('virtualNetworkName')]" - }, - "virtualNetworkResourceId": { - "type": "string", - "value": "[resourceId('Microsoft.Network/virtualNetworks', parameters('virtualNetworkName'))]" - }, - "subnetResourceId": { - "type": "string", - "value": "[reference(resourceId('Microsoft.Network/virtualNetworks', parameters('virtualNetworkName')), '2020-11-01').subnets[0].id]" - } - } - } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('spokeSubscriptionId'), variables('spokeResourceGroup')), 'Microsoft.Resources/deployments', format('UserDefinedRoute_{0}_{1}', parameters('index'), parameters('timestamp')))]" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('VirtualNetworkPeer_Hub_{0}_{1}', parameters('index'), parameters('timestamp'))]", - "subscriptionId": "[variables('spokeSubscriptionId')]", - "resourceGroup": "[variables('spokeResourceGroup')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "existingLocalVirtualNetworkName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('spokeSubscriptionId'), variables('spokeResourceGroup')), 'Microsoft.Resources/deployments', format('VirtualNetwork_{0}_{1}', parameters('index'), parameters('timestamp'))), '2022-09-01').outputs.virtualNetworkName.value]" - }, - "existingRemoteVirtualNetworkName": { - "value": "[variables('hubVirtualNetworkName')]" - }, - "existingRemoteVirtualNetworkResourceGroupName": { - "value": "[variables('hubVirtualNetworkResourceGroupName')]" - }, - "existingRemoteVirtualNetworkSubscriptionId": { - "value": "[variables('hubSubscriptionId')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "17142674102798401634" - } - }, - "parameters": { - "existingLocalVirtualNetworkName": { - "type": "string" - }, - "existingRemoteVirtualNetworkName": { - "type": "string" - }, - "existingRemoteVirtualNetworkResourceGroupName": { - "type": "string" - }, - "existingRemoteVirtualNetworkSubscriptionId": { - "type": "string" - } - }, - "resources": [ - { - "type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings", - "apiVersion": "2021-02-01", - "name": "[format('{0}/{1}', parameters('existingLocalVirtualNetworkName'), parameters('existingRemoteVirtualNetworkName'))]", - "properties": { - "allowVirtualNetworkAccess": true, - "allowForwardedTraffic": true, - "allowGatewayTransit": false, - "useRemoteGateways": false, - "remoteVirtualNetwork": { - "id": "[resourceId(parameters('existingRemoteVirtualNetworkSubscriptionId'), parameters('existingRemoteVirtualNetworkResourceGroupName'), 'Microsoft.Network/virtualNetworks', parameters('existingRemoteVirtualNetworkName'))]" - } - } - } - ] - } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('spokeSubscriptionId'), variables('spokeResourceGroup')), 'Microsoft.Resources/deployments', format('VirtualNetwork_{0}_{1}', parameters('index'), parameters('timestamp')))]" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('VirtualNetworkPeer_Spoke_{0}_{1}', parameters('index'), parameters('timestamp'))]", - "subscriptionId": "[variables('hubSubscriptionId')]", - "resourceGroup": "[variables('hubVirtualNetworkResourceGroupName')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "existingLocalVirtualNetworkName": { - "value": "[variables('hubVirtualNetworkName')]" - }, - "existingRemoteVirtualNetworkName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('spokeSubscriptionId'), variables('spokeResourceGroup')), 'Microsoft.Resources/deployments', format('VirtualNetwork_{0}_{1}', parameters('index'), parameters('timestamp'))), '2022-09-01').outputs.virtualNetworkName.value]" - }, - "existingRemoteVirtualNetworkResourceGroupName": { - "value": "[variables('spokeResourceGroup')]" - }, - "existingRemoteVirtualNetworkSubscriptionId": { - "value": "[variables('spokeSubscriptionId')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "17142674102798401634" - } - }, - "parameters": { - "existingLocalVirtualNetworkName": { - "type": "string" - }, - "existingRemoteVirtualNetworkName": { - "type": "string" - }, - "existingRemoteVirtualNetworkResourceGroupName": { - "type": "string" - }, - "existingRemoteVirtualNetworkSubscriptionId": { - "type": "string" - } - }, - "resources": [ - { - "type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings", - "apiVersion": "2021-02-01", - "name": "[format('{0}/{1}', parameters('existingLocalVirtualNetworkName'), parameters('existingRemoteVirtualNetworkName'))]", - "properties": { - "allowVirtualNetworkAccess": true, - "allowForwardedTraffic": true, - "allowGatewayTransit": false, - "useRemoteGateways": false, - "remoteVirtualNetwork": { - "id": "[resourceId(parameters('existingRemoteVirtualNetworkSubscriptionId'), parameters('existingRemoteVirtualNetworkResourceGroupName'), 'Microsoft.Network/virtualNetworks', parameters('existingRemoteVirtualNetworkName'))]" - } - } - } - ] - } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('spokeSubscriptionId'), variables('spokeResourceGroup')), 'Microsoft.Resources/deployments', format('VirtualNetwork_{0}_{1}', parameters('index'), parameters('timestamp')))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('spokeSubscriptionId'), variables('spokeResourceGroup')), 'Microsoft.Resources/deployments', format('VirtualNetworkPeer_Hub_{0}_{1}', parameters('index'), parameters('timestamp')))]" - ] - } - ], - "outputs": { - "subnetResourceId": { - "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('spokeSubscriptionId'), variables('spokeResourceGroup')), 'Microsoft.Resources/deployments', format('VirtualNetwork_{0}_{1}', parameters('index'), parameters('timestamp'))), '2022-09-01').outputs.subnetResourceId.value]" - } - } - } - }, - "dependsOn": [ - "[subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp')))]", - "rgs" - ] - }, - { - "condition": "[equals(length(variables('deploymentLocations')), 2)]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('Network_Hosts_{0}', parameters('timestamp'))]", - "location": "[deployment().location]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "azureNetAppFilesSubnetAddressPrefix": "[if(and(not(empty(parameters('azureNetAppFilesSubnetAddressPrefix'))), equals(length(variables('deploymentLocations')), 2)), createObject('value', parameters('azureNetAppFilesSubnetAddressPrefix')), createObject('value', ''))]", - "disableBgpRoutePropagation": { - "value": "[parameters('disableBgpRoutePropagation')]" - }, - "hubAzureFirewallResourceId": { - "value": "[parameters('hubAzureFirewallResourceId')]" - }, - "hubVirtualNetworkResourceId": { - "value": "[parameters('hubVirtualNetworkResourceId')]" - }, - "index": { - "value": 1 - }, - "location": { - "value": "[variables('deploymentLocations')[1]]" - }, - "networkSecurityGroupName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.networkSecurityGroupNames[1]]" - }, - "resourceGroupNetwork": "[if(equals(length(variables('deploymentLocations')), 1), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.resourceGroupsNetwork[0]), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.resourceGroupsNetwork[1]))]", - "routeTableName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.routeTableNames[1]]" - }, - "subnetAddressPrefixes": { - "value": "[parameters('subnetAddressPrefixes')]" - }, - "timestamp": { - "value": "[parameters('timestamp')]" - }, - "virtualNetworkAddressPrefixes": { - "value": "[parameters('virtualNetworkAddressPrefixes')]" - }, - "virtualNetworkName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.virtualNetworkNames[1]]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "4060801276974414995" - } - }, - "parameters": { - "azureNetAppFilesSubnetAddressPrefix": { - "type": "string" - }, - "disableBgpRoutePropagation": { - "type": "bool" - }, - "hubAzureFirewallResourceId": { - "type": "string" - }, - "hubVirtualNetworkResourceId": { - "type": "string" - }, - "index": { - "type": "int" - }, - "location": { - "type": "string" - }, - "networkSecurityGroupName": { - "type": "string" - }, - "subnetAddressPrefixes": { - "type": "array" - }, - "resourceGroupNetwork": { - "type": "string" - }, - "routeTableName": { - "type": "string" - }, - "timestamp": { - "type": "string" - }, - "virtualNetworkAddressPrefixes": { - "type": "array" - }, - "virtualNetworkName": { - "type": "string" - } - }, - "variables": { - "hubSubscriptionId": "[split(parameters('hubVirtualNetworkResourceId'), '/')[2]]", - "hubVirtualNetworkName": "[split(parameters('hubVirtualNetworkResourceId'), '/')[8]]", - "hubVirtualNetworkResourceGroupName": "[split(parameters('hubVirtualNetworkResourceId'), '/')[4]]", - "networkSecurityGroupSecurityRules": [], - "spokeResourceGroup": "[parameters('resourceGroupNetwork')]", - "spokeSubscriptionId": "[subscription().subscriptionId]", - "subnets": "[union(variables('subnetWorkload'), variables('subnetAnf'))]", - "subnetAnf": "[if(empty(parameters('azureNetAppFilesSubnetAddressPrefix')), createArray(), createArray(createObject('name', 'AzureNetAppFiles', 'addressPrefix', parameters('azureNetAppFilesSubnetAddressPrefix'), 'delegations', createArray(createObject('name', 'Microsoft.Netapp.volumes', 'id', format('{0}/delegations/Microsoft.Netapp.volumes', resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), 'AzureNetAppFiles')), 'properties', createObject('serviceName', 'Microsoft.Netapp/volumes'), 'type', 'Microsoft.Network/virtualNetworks/subnets/delegations')), 'privateEndpointNetworkPolicies', 'Disabled', 'privateLinkServiceNetworkPolicies', 'Disabled', 'networkSecurityGroupName', parameters('networkSecurityGroupName'))))]", - "subnetWorkload": [ - { - "name": "AzureVirtualDesktop", - "addressPrefix": "[parameters('subnetAddressPrefixes')[parameters('index')]]", - "delegations": [], - "privateEndpointNetworkPolicies": "Disabled", - "privateLinkServiceNetworkPolicies": "Disabled", - "networkSecurityGroupName": "[parameters('networkSecurityGroupName')]" - } - ] - }, - "resources": [ - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('UserDefinedRoute_{0}_{1}', parameters('index'), parameters('timestamp'))]", - "subscriptionId": "[variables('spokeSubscriptionId')]", - "resourceGroup": "[variables('spokeResourceGroup')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "azureFirewallIpAddress": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('hubAzureFirewallResourceId'), '/')[2], split(parameters('hubAzureFirewallResourceId'), '/')[4]), 'Microsoft.Network/azureFirewalls', split(parameters('hubAzureFirewallResourceId'), '/')[8]), '2023-05-01').ipConfigurations[0].properties.privateIPAddress]" - }, - "disableBgpRoutePropagation": { - "value": "[parameters('disableBgpRoutePropagation')]" - }, - "location": { - "value": "[parameters('location')]" - }, - "udrName": { - "value": "[parameters('routeTableName')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "10479138354370069802" - } - }, - "parameters": { - "azureFirewallIpAddress": { - "type": "string" - }, - "disableBgpRoutePropagation": { - "type": "bool" - }, - "location": { - "type": "string" - }, - "udrName": { - "type": "string" - } - }, - "resources": [ - { - "type": "Microsoft.Network/routeTables", - "apiVersion": "2021-05-01", - "name": "[parameters('udrName')]", - "location": "[parameters('location')]", - "properties": { - "disableBgpRoutePropagation": "[parameters('disableBgpRoutePropagation')]", - "routes": [ - { - "name": "default", - "properties": { - "addressPrefix": "0.0.0.0/0", - "hasBgpOverride": false, - "nextHopIpAddress": "[parameters('azureFirewallIpAddress')]", - "nextHopType": "VirtualAppliance" - } - } - ] - } - } - ], - "outputs": { - "name": { - "type": "string", - "value": "[parameters('udrName')]" - }, - "id": { - "type": "string", - "value": "[resourceId('Microsoft.Network/routeTables', parameters('udrName'))]" - } - } - } - } - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('NetworkSecurityGroup_{0}_{1}', parameters('index'), parameters('timestamp'))]", - "subscriptionId": "[variables('spokeSubscriptionId')]", - "resourceGroup": "[variables('spokeResourceGroup')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "location": { - "value": "[parameters('location')]" - }, - "networkSecurityGroupName": { - "value": "[parameters('networkSecurityGroupName')]" - }, - "networkSecurityGroupSecurityRules": { - "value": "[variables('networkSecurityGroupSecurityRules')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "17551260843588118182" - } - }, - "parameters": { - "networkSecurityGroupSecurityRules": { - "type": "array" - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]" - }, - "networkSecurityGroupName": { - "type": "string" - } - }, - "resources": [ - { - "type": "Microsoft.Network/networkSecurityGroups", - "apiVersion": "2020-11-01", - "name": "[parameters('networkSecurityGroupName')]", - "location": "[parameters('location')]", - "properties": { - "copy": [ - { - "name": "securityRules", - "count": "[length(parameters('networkSecurityGroupSecurityRules'))]", - "input": { - "name": "[parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].name]", - "properties": { - "access": "[parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.access]", - "destinationAddressPrefix": "[if(equals(parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.destinationAddressPrefix, ''), null(), parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.destinationAddressPrefix)]", - "destinationAddressPrefixes": "[if(equals(length(parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.destinationAddressPrefixes), 0), null(), parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.destinationAddressPrefixes)]", - "destinationPortRanges": "[if(equals(length(parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.destinationPortRanges), 0), null(), parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.destinationPortRanges)]", - "destinationPortRange": "[if(equals(parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.destinationPortRange, ''), null(), parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.destinationPortRange)]", - "direction": "[parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.direction]", - "priority": "[int(parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.priority)]", - "protocol": "[parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.protocol]", - "sourceAddressPrefix": "[if(equals(parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.sourceAddressPrefix, ''), null(), parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.sourceAddressPrefix)]", - "sourcePortRanges": "[if(equals(length(parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.sourcePortRanges), 0), null(), parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.sourcePortRanges)]", - "sourcePortRange": "[parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.sourcePortRange]" - } - } - } - ] - } - } - ] - } - } - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('VirtualNetwork_{0}_{1}', parameters('index'), parameters('timestamp'))]", - "subscriptionId": "[variables('spokeSubscriptionId')]", - "resourceGroup": "[variables('spokeResourceGroup')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "dnsServers": "[if(contains(reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hubSubscriptionId'), variables('hubVirtualNetworkResourceGroupName')), 'Microsoft.Network/virtualNetworks', variables('hubVirtualNetworkName')), '2023-05-01'), 'dhcpOptions'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hubSubscriptionId'), variables('hubVirtualNetworkResourceGroupName')), 'Microsoft.Network/virtualNetworks', variables('hubVirtualNetworkName')), '2023-05-01').dhcpOptions.dnsServers), createObject('value', createArray()))]", - "location": { - "value": "[parameters('location')]" - }, - "subnets": { - "value": "[variables('subnets')]" - }, - "udrName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('spokeSubscriptionId'), variables('spokeResourceGroup')), 'Microsoft.Resources/deployments', format('UserDefinedRoute_{0}_{1}', parameters('index'), parameters('timestamp'))), '2022-09-01').outputs.name.value]" - }, - "virtualNetworkName": { - "value": "[parameters('virtualNetworkName')]" - }, - "vNetAddressPrefixes": { - "value": [ - "[parameters('virtualNetworkAddressPrefixes')[parameters('index')]]" - ] - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "14500564446311756749" - } - }, - "parameters": { - "dnsServers": { - "type": "array" - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]" - }, - "virtualNetworkName": { - "type": "string" - }, - "subnets": { - "type": "array" - }, - "udrName": { - "type": "string" - }, - "vNetAddressPrefixes": { - "type": "array" - } - }, - "resources": [ - { - "type": "Microsoft.Network/virtualNetworks", - "apiVersion": "2020-11-01", - "name": "[parameters('virtualNetworkName')]", - "location": "[parameters('location')]", - "properties": { - "copy": [ - { - "name": "subnets", - "count": "[length(parameters('subnets'))]", - "input": { - "name": "[parameters('subnets')[copyIndex('subnets')].name]", - "properties": { - "addressPrefix": "[parameters('subnets')[copyIndex('subnets')].addressPrefix]", - "delegations": "[parameters('subnets')[copyIndex('subnets')].delegations]", - "networkSecurityGroup": "[if(empty(parameters('subnets')[copyIndex('subnets')].networkSecurityGroupName), null(), json(format('{{\"id\": \"{0}\"}}', resourceId('Microsoft.Network/networkSecurityGroups', parameters('subnets')[copyIndex('subnets')].networkSecurityGroupName))))]", - "privateEndpointNetworkPolicies": "[parameters('subnets')[copyIndex('subnets')].privateEndpointNetworkPolicies]", - "privateLinkServiceNetworkPolicies": "[parameters('subnets')[copyIndex('subnets')].privateLinkServiceNetworkPolicies]", - "routeTable": { - "id": "[resourceId('Microsoft.Network/routeTables', parameters('udrName'))]" - } - } - } - } - ], - "addressSpace": { - "addressPrefixes": "[parameters('vNetAddressPrefixes')]" - }, - "dhcpOptions": "[if(not(empty(parameters('dnsServers'))), createObject('dnsServers', parameters('dnsServers')), null())]" - } - } - ], - "outputs": { - "virtualNetworkName": { - "type": "string", - "value": "[parameters('virtualNetworkName')]" - }, - "virtualNetworkResourceId": { - "type": "string", - "value": "[resourceId('Microsoft.Network/virtualNetworks', parameters('virtualNetworkName'))]" - }, - "subnetResourceId": { - "type": "string", - "value": "[reference(resourceId('Microsoft.Network/virtualNetworks', parameters('virtualNetworkName')), '2020-11-01').subnets[0].id]" - } - } - } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('spokeSubscriptionId'), variables('spokeResourceGroup')), 'Microsoft.Resources/deployments', format('UserDefinedRoute_{0}_{1}', parameters('index'), parameters('timestamp')))]" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('VirtualNetworkPeer_Hub_{0}_{1}', parameters('index'), parameters('timestamp'))]", - "subscriptionId": "[variables('spokeSubscriptionId')]", - "resourceGroup": "[variables('spokeResourceGroup')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "existingLocalVirtualNetworkName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('spokeSubscriptionId'), variables('spokeResourceGroup')), 'Microsoft.Resources/deployments', format('VirtualNetwork_{0}_{1}', parameters('index'), parameters('timestamp'))), '2022-09-01').outputs.virtualNetworkName.value]" - }, - "existingRemoteVirtualNetworkName": { - "value": "[variables('hubVirtualNetworkName')]" - }, - "existingRemoteVirtualNetworkResourceGroupName": { - "value": "[variables('hubVirtualNetworkResourceGroupName')]" - }, - "existingRemoteVirtualNetworkSubscriptionId": { - "value": "[variables('hubSubscriptionId')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "17142674102798401634" - } - }, - "parameters": { - "existingLocalVirtualNetworkName": { - "type": "string" - }, - "existingRemoteVirtualNetworkName": { - "type": "string" - }, - "existingRemoteVirtualNetworkResourceGroupName": { - "type": "string" - }, - "existingRemoteVirtualNetworkSubscriptionId": { - "type": "string" - } - }, - "resources": [ - { - "type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings", - "apiVersion": "2021-02-01", - "name": "[format('{0}/{1}', parameters('existingLocalVirtualNetworkName'), parameters('existingRemoteVirtualNetworkName'))]", - "properties": { - "allowVirtualNetworkAccess": true, - "allowForwardedTraffic": true, - "allowGatewayTransit": false, - "useRemoteGateways": false, - "remoteVirtualNetwork": { - "id": "[resourceId(parameters('existingRemoteVirtualNetworkSubscriptionId'), parameters('existingRemoteVirtualNetworkResourceGroupName'), 'Microsoft.Network/virtualNetworks', parameters('existingRemoteVirtualNetworkName'))]" - } - } - } - ] - } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('spokeSubscriptionId'), variables('spokeResourceGroup')), 'Microsoft.Resources/deployments', format('VirtualNetwork_{0}_{1}', parameters('index'), parameters('timestamp')))]" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('VirtualNetworkPeer_Spoke_{0}_{1}', parameters('index'), parameters('timestamp'))]", - "subscriptionId": "[variables('hubSubscriptionId')]", - "resourceGroup": "[variables('hubVirtualNetworkResourceGroupName')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "existingLocalVirtualNetworkName": { - "value": "[variables('hubVirtualNetworkName')]" - }, - "existingRemoteVirtualNetworkName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('spokeSubscriptionId'), variables('spokeResourceGroup')), 'Microsoft.Resources/deployments', format('VirtualNetwork_{0}_{1}', parameters('index'), parameters('timestamp'))), '2022-09-01').outputs.virtualNetworkName.value]" - }, - "existingRemoteVirtualNetworkResourceGroupName": { - "value": "[variables('spokeResourceGroup')]" - }, - "existingRemoteVirtualNetworkSubscriptionId": { - "value": "[variables('spokeSubscriptionId')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "17142674102798401634" - } - }, - "parameters": { - "existingLocalVirtualNetworkName": { - "type": "string" - }, - "existingRemoteVirtualNetworkName": { - "type": "string" - }, - "existingRemoteVirtualNetworkResourceGroupName": { - "type": "string" - }, - "existingRemoteVirtualNetworkSubscriptionId": { - "type": "string" - } - }, - "resources": [ - { - "type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings", - "apiVersion": "2021-02-01", - "name": "[format('{0}/{1}', parameters('existingLocalVirtualNetworkName'), parameters('existingRemoteVirtualNetworkName'))]", - "properties": { - "allowVirtualNetworkAccess": true, - "allowForwardedTraffic": true, - "allowGatewayTransit": false, - "useRemoteGateways": false, - "remoteVirtualNetwork": { - "id": "[resourceId(parameters('existingRemoteVirtualNetworkSubscriptionId'), parameters('existingRemoteVirtualNetworkResourceGroupName'), 'Microsoft.Network/virtualNetworks', parameters('existingRemoteVirtualNetworkName'))]" - } - } - } - ] - } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('spokeSubscriptionId'), variables('spokeResourceGroup')), 'Microsoft.Resources/deployments', format('VirtualNetwork_{0}_{1}', parameters('index'), parameters('timestamp')))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('spokeSubscriptionId'), variables('spokeResourceGroup')), 'Microsoft.Resources/deployments', format('VirtualNetworkPeer_Hub_{0}_{1}', parameters('index'), parameters('timestamp')))]" - ] - } - ], - "outputs": { - "subnetResourceId": { - "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('spokeSubscriptionId'), variables('spokeResourceGroup')), 'Microsoft.Resources/deployments', format('VirtualNetwork_{0}_{1}', parameters('index'), parameters('timestamp'))), '2022-09-01').outputs.subnetResourceId.value]" - } - } - } - }, - "dependsOn": [ - "[subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp')))]", - "rgs" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('Management_{0}', parameters('timestamp'))]", - "location": "[deployment().location]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "activeDirectorySolution": { - "value": "[parameters('activeDirectorySolution')]" - }, - "artifactsStorageAccountResourceId": { - "value": "[parameters('artifactsStorageAccountResourceId')]" - }, - "artifactsUri": { - "value": "[variables('artifactsUri')]" - }, - "automationAccountDiagnosticSettingName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.automationAccountDiagnosticSettingName]" - }, - "automationAccountName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.automationAccountName]" - }, - "automationAccountNetworkInterfaceName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.automationAccountNetworkInterfaceName]" - }, - "automationAccountPrivateDnsZoneResourceId": { - "value": "[format('{0}{1}', variables('privateDnsZoneResourceIdPrefix'), reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.azureAutomationPrivateDnsZoneName)]" - }, - "automationAccountPrivateEndpointName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.automationAccountPrivateEndpointName]" - }, - "availability": { - "value": "[parameters('availability')]" - }, - "avdObjectId": { - "value": "[parameters('avdObjectId')]" - }, - "azureBlobsPrivateDnsZoneResourceId": { - "value": "[format('{0}{1}', variables('privateDnsZoneResourceIdPrefix'), reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.blobPrivateDnsZoneName)]" - }, - "azurePowerShellModuleMsiName": { - "value": "[parameters('azurePowerShellModuleMsiName')]" - }, - "azureQueueStoragePrivateDnsZoneResourceId": { - "value": "[format('{0}{1}', variables('privateDnsZoneResourceIdPrefix'), reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.queuePrivateDnsZoneName)]" - }, - "dataCollectionRuleName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.dataCollectionRuleName]" - }, - "diskEncryptionSetName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.diskEncryptionSetName]" - }, - "diskNamePrefix": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.diskNamePrefix]" - }, - "diskSku": { - "value": "[parameters('diskSku')]" - }, - "domainJoinPassword": { - "value": "[parameters('domainJoinPassword')]" - }, - "domainJoinUserPrincipalName": { - "value": "[parameters('domainJoinUserPrincipalName')]" - }, - "domainName": { - "value": "[parameters('domainName')]" - }, - "enableMonitoring": { - "value": "[parameters('monitoring')]" - }, - "environmentAbbreviation": { - "value": "[parameters('environmentAbbreviation')]" - }, - "fslogix": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp'))), '2022-09-01').outputs.fslogix.value]" - }, - "fslogixStorageService": { - "value": "[parameters('fslogixStorageService')]" - }, - "hostPoolName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.hostPoolName]" - }, - "hostPoolType": { - "value": "[parameters('hostPoolType')]" - }, - "imageVersionResourceId": { - "value": "[parameters('imageVersionResourceId')]" - }, - "keyVaultName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.keyVaultName]" - }, - "keyVaultNetworkInterfaceName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.keyVaultNetworkInterfaceName]" - }, - "keyVaultPrivateDnsZoneResourceId": { - "value": "[format('{0}{1}', variables('privateDnsZoneResourceIdPrefix'), reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.keyVaultPrivateDnsZoneName)]" - }, - "keyVaultPrivateEndpointName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.keyVaultPrivateEndpointName]" - }, - "locationVirtualMachines": { - "value": "[parameters('locationVirtualMachines')]" - }, - "logAnalyticsWorkspaceName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.logAnalyticsWorkspaceName]" - }, - "logAnalyticsWorkspaceRetention": { - "value": "[parameters('logAnalyticsWorkspaceRetention')]" - }, - "logAnalyticsWorkspaceSku": { - "value": "[parameters('logAnalyticsWorkspaceSku')]" - }, - "networkInterfaceNamePrefix": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.networkInterfaceNamePrefix]" - }, - "networkName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.networkName.value]" - }, - "organizationalUnitPath": { - "value": "[parameters('organizationalUnitPath')]" - }, - "recoveryServices": { - "value": "[parameters('recoveryServices')]" - }, - "recoveryServicesPrivateDnsZoneResourceId": { - "value": "[format('{0}{1}', variables('privateDnsZoneResourceIdPrefix'), reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.backupPrivateDnsZoneName)]" - }, - "recoveryServicesVaultName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.recoveryServicesVaultName]" - }, - "recoveryServicesVaultNetworkInterfaceName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.recoveryServicesVaultNetworkInterfaceName]" - }, - "recoveryServicesVaultPrivateEndpointName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.recoveryServicesVaultPrivateEndpointName]" - }, - "resourceGroupControlPlane": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.resourceGroupControlPlane]" - }, - "resourceGroupFeedWorkspace": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.resourceGroupFeedWorkspace]" - }, - "resourceGroupHosts": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.resourceGroupHosts]" - }, - "resourceGroupManagement": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.resourceGroupManagement]" - }, - "resourceGroupStorage": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.resourceGroupStorage]" - }, - "roleDefinitions": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp'))), '2022-09-01').outputs.roleDefinitions.value]" - }, - "scalingTool": { - "value": "[parameters('scalingTool')]" - }, - "securityLogAnalyticsWorkspaceResourceId": { - "value": "[parameters('securityLogAnalyticsWorkspaceResourceId')]" - }, - "serviceName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.serviceName.value]" - }, - "sessionHostCount": { - "value": "[parameters('sessionHostCount')]" - }, - "storageService": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp'))), '2022-09-01').outputs.storageService.value]" - }, - "subnetResourceId": "[if(equals(length(variables('deploymentLocations')), 1), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Network_ControlPlane_{0}', parameters('timestamp'))), '2022-09-01').outputs.subnetResourceId.value), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Network_Hosts_{0}', parameters('timestamp'))), '2022-09-01').outputs.subnetResourceId.value))]", - "tags": { - "value": "[parameters('tags')]" - }, - "timestamp": { - "value": "[parameters('timestamp')]" - }, - "timeZone": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp'))), '2022-09-01').outputs.timeZone.value]" - }, - "userAssignedIdentityNamePrefix": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.userAssignedIdentityNamePrefix]" - }, - "virtualMachineMonitoringAgent": { - "value": "[parameters('virtualMachineMonitoringAgent')]" - }, - "virtualMachineNamePrefix": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.virtualMachineNamePrefix]" - }, - "virtualMachinePassword": { - "value": "[parameters('virtualMachinePassword')]" - }, - "virtualMachineSize": { - "value": "[parameters('virtualMachineSize')]" - }, - "virtualMachineUsername": { - "value": "[parameters('virtualMachineUsername')]" - }, - "workspaceFeedName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.workspaceFeedName]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "8497660523804770386" - } - }, - "parameters": { - "activeDirectorySolution": { - "type": "string" - }, - "artifactsUri": { - "type": "string" - }, - "artifactsStorageAccountResourceId": { - "type": "string" - }, - "automationAccountDiagnosticSettingName": { - "type": "string" - }, - "automationAccountName": { - "type": "string" - }, - "automationAccountNetworkInterfaceName": { - "type": "string" - }, - "automationAccountPrivateDnsZoneResourceId": { - "type": "string" - }, - "automationAccountPrivateEndpointName": { - "type": "string" - }, - "availability": { - "type": "string" - }, - "avdObjectId": { - "type": "string" - }, - "azureBlobsPrivateDnsZoneResourceId": { - "type": "string" - }, - "azurePowerShellModuleMsiName": { - "type": "string" - }, - "azureQueueStoragePrivateDnsZoneResourceId": { - "type": "string" - }, - "dataCollectionRuleName": { - "type": "string" - }, - "diskNamePrefix": { - "type": "string" - }, - "diskEncryptionSetName": { - "type": "string" - }, - "diskSku": { - "type": "string" - }, - "domainJoinPassword": { - "type": "securestring" - }, - "domainJoinUserPrincipalName": { - "type": "string" - }, - "domainName": { - "type": "string" - }, - "enableMonitoring": { - "type": "bool" - }, - "environmentAbbreviation": { - "type": "string" - }, - "fslogix": { - "type": "bool" - }, - "fslogixStorageService": { - "type": "string" - }, - "hostPoolName": { - "type": "string" - }, - "hostPoolType": { - "type": "string" - }, - "imageVersionResourceId": { - "type": "string" - }, - "keyVaultName": { - "type": "string" - }, - "keyVaultNetworkInterfaceName": { - "type": "string" - }, - "keyVaultPrivateDnsZoneResourceId": { - "type": "string" - }, - "keyVaultPrivateEndpointName": { - "type": "string" - }, - "locationVirtualMachines": { - "type": "string" - }, - "logAnalyticsWorkspaceName": { - "type": "string" - }, - "logAnalyticsWorkspaceRetention": { - "type": "int" - }, - "logAnalyticsWorkspaceSku": { - "type": "string" - }, - "networkInterfaceNamePrefix": { - "type": "string" - }, - "networkName": { - "type": "string" - }, - "organizationalUnitPath": { - "type": "string" - }, - "recoveryServices": { - "type": "bool" - }, - "recoveryServicesPrivateDnsZoneResourceId": { - "type": "string" - }, - "recoveryServicesVaultName": { - "type": "string" - }, - "recoveryServicesVaultNetworkInterfaceName": { - "type": "string" - }, - "recoveryServicesVaultPrivateEndpointName": { - "type": "string" - }, - "resourceGroupControlPlane": { - "type": "string" - }, - "resourceGroupFeedWorkspace": { - "type": "string" - }, - "resourceGroupHosts": { - "type": "string" - }, - "resourceGroupManagement": { - "type": "string" - }, - "resourceGroupStorage": { - "type": "string" - }, - "roleDefinitions": { - "type": "object" - }, - "scalingTool": { - "type": "bool" - }, - "securityLogAnalyticsWorkspaceResourceId": { - "type": "string" - }, - "serviceName": { - "type": "string" - }, - "sessionHostCount": { - "type": "int" - }, - "storageService": { - "type": "string" - }, - "subnetResourceId": { - "type": "string" - }, - "tags": { - "type": "object" - }, - "timestamp": { - "type": "string" - }, - "timeZone": { - "type": "string" - }, - "userAssignedIdentityNamePrefix": { - "type": "string" - }, - "virtualMachineMonitoringAgent": { - "type": "string" - }, - "virtualMachineNamePrefix": { - "type": "string" - }, - "virtualMachinePassword": { - "type": "securestring" - }, - "virtualMachineUsername": { - "type": "string" - }, - "virtualMachineSize": { - "type": "string" - }, - "workspaceFeedName": { - "type": "string" - } - }, - "variables": { - "CpuCountMax": "[if(contains(parameters('hostPoolType'), 'Pooled'), 32, 128)]", - "CpuCountMin": "[if(contains(parameters('hostPoolType'), 'Pooled'), 4, 2)]", - "roleAssignments": "[union(variables('roleAssignmentsCommon'), variables('roleAssignmentStorage'))]", - "roleAssignmentsCommon": [ - { - "roleDefinitionId": "f353d9bd-d4a6-484e-a77a-8050b599b867", - "resourceGroup": "[parameters('resourceGroupManagement')]", - "subscription": "[subscription().subscriptionId]" - }, - { - "roleDefinitionId": "86240b0e-9422-4c43-887b-b61143f32ba8", - "resourceGroup": "[parameters('resourceGroupControlPlane')]", - "subscription": "[subscription().subscriptionId]" - }, - { - "roleDefinitionId": "2ad6aaab-ead9-4eaa-8ac5-da422f562408", - "resourceGroup": "[parameters('resourceGroupControlPlane')]", - "subscription": "[subscription().subscriptionId]" - }, - { - "roleDefinitionId": "a959dbd1-f747-45e3-8ba6-dd80f235f97c", - "resourceGroup": "[parameters('resourceGroupManagement')]", - "subscription": "[subscription().subscriptionId]" - }, - { - "roleDefinitionId": "21efdde3-836f-432b-bf3d-3e8e734d4b2b", - "resourceGroup": "[parameters('resourceGroupFeedWorkspace')]", - "subscription": "[subscription().subscriptionId]" - }, - { - "roleDefinitionId": "2a2b9908-6ea1-4ae2-8e65-a410df84e7d1", - "resourceGroup": "[split(parameters('artifactsStorageAccountResourceId'), '/')[4]]", - "subscription": "[split(parameters('artifactsStorageAccountResourceId'), '/')[2]]" - } - ], - "roleAssignmentStorage": "[if(parameters('fslogix'), createArray(createObject('roleDefinitionId', '17d1049b-9a84-46fb-8f53-869881c3d3ab', 'resourceGroup', parameters('resourceGroupStorage'), 'subscription', subscription().subscriptionId)), createArray())]", - "VirtualNetworkName": "[split(parameters('subnetResourceId'), '/')[8]]", - "VirtualNetworkResourceGroupName": "[split(parameters('subnetResourceId'), '/')[4]]" - }, - "resources": [ - { - "type": "Microsoft.Authorization/roleAssignments", - "apiVersion": "2022-04-01", - "name": "[guid(format('{0}-deployment', parameters('userAssignedIdentityNamePrefix')), parameters('roleDefinitions').Reader, subscription().id)]", - "properties": { - "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', parameters('roleDefinitions').Reader)]", - "principalId": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('UserAssignedIdentity_{0}', parameters('timestamp'))), '2022-09-01').outputs.principalId.value]", - "principalType": "ServicePrincipal" - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('UserAssignedIdentity_{0}', parameters('timestamp')))]" - ] - }, - { - "type": "Microsoft.Authorization/roleAssignments", - "apiVersion": "2022-04-01", - "name": "[guid(parameters('avdObjectId'), parameters('roleDefinitions').DesktopVirtualizationPowerOnContributor, subscription().id)]", - "properties": { - "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', parameters('roleDefinitions').DesktopVirtualizationPowerOnContributor)]", - "principalId": "[parameters('avdObjectId')]" - } - }, - { - "condition": "[and(contains(parameters('hostPoolType'), 'Pooled'), parameters('recoveryServices'))]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('Policy_{0}', parameters('timestamp'))]", - "location": "[deployment().location]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "location": { - "value": "[parameters('locationVirtualMachines')]" - }, - "resourceGroupName": { - "value": "[parameters('resourceGroupHosts')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "17437938337622016202" - } - }, - "parameters": { - "location": { - "type": "string" - }, - "resourceGroupName": { - "type": "string" - } - }, - "resources": [ - { - "type": "Microsoft.Authorization/policyDefinitions", - "apiVersion": "2021-06-01", - "name": "DiskNetworkAccess", - "properties": { - "description": "[format('Disable network access to managed disks in the {0} resource group', parameters('resourceGroupName'))]", - "displayName": "[format('Disable Disk Access ({0})', parameters('resourceGroupName'))]", - "mode": "All", - "parameters": {}, - "policyRule": { - "if": { - "field": "type", - "equals": "Microsoft.Compute/disks" - }, - "then": { - "effect": "modify", - "details": { - "roleDefinitionIds": [ - "/providers/Microsoft.Authorization/roleDefinitions/60fc6e62-5479-42d4-8bf4-67625fcc2840" - ], - "operations": [ - { - "operation": "addOrReplace", - "field": "Microsoft.Compute/disks/networkAccessPolicy", - "value": "DenyAll" - }, - { - "operation": "addOrReplace", - "field": "Microsoft.Compute/disks/publicNetworkAccess", - "value": "Disabled" - } - ] - } - } - }, - "policyType": "Custom" - } - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "DiskNetworkAccess", - "resourceGroup": "[parameters('resourceGroupName')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "location": { - "value": "[parameters('location')]" - }, - "policyDefinitionId": { - "value": "[subscriptionResourceId('Microsoft.Authorization/policyDefinitions', 'DiskNetworkAccess')]" - }, - "policyDisplayName": { - "value": "[reference(subscriptionResourceId('Microsoft.Authorization/policyDefinitions', 'DiskNetworkAccess'), '2021-06-01').displayName]" - }, - "policyName": { - "value": "[reference(subscriptionResourceId('Microsoft.Authorization/policyDefinitions', 'DiskNetworkAccess'), '2021-06-01').displayName]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "9958180890314209726" - } - }, - "parameters": { - "location": { - "type": "string" - }, - "policyDefinitionId": { - "type": "string" - }, - "policyDisplayName": { - "type": "string" - }, - "policyName": { - "type": "string" - } - }, - "resources": [ - { - "type": "Microsoft.Authorization/policyAssignments", - "apiVersion": "2022-06-01", - "name": "[parameters('policyName')]", - "location": "[parameters('location')]", - "identity": { - "type": "SystemAssigned" - }, - "properties": { - "displayName": "[parameters('policyDisplayName')]", - "policyDefinitionId": "[parameters('policyDefinitionId')]" - } - } - ] - } - }, - "dependsOn": [ - "[subscriptionResourceId('Microsoft.Authorization/policyDefinitions', 'DiskNetworkAccess')]" - ] - } - ] - } - } - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('UserAssignedIdentity_{0}', parameters('timestamp'))]", - "resourceGroup": "[parameters('resourceGroupManagement')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "location": { - "value": "[parameters('locationVirtualMachines')]" - }, - "name": { - "value": "[replace(parameters('userAssignedIdentityNamePrefix'), parameters('serviceName'), 'deployment')]" - }, - "tags": "[if(contains(parameters('tags'), 'Microsoft.ManagedIdentity/userAssignedIdentities'), createObject('value', parameters('tags')['Microsoft.ManagedIdentity/userAssignedIdentities']), createObject('value', createObject()))]" - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "17434071438759696167" - } - }, - "parameters": { - "location": { - "type": "string" - }, - "name": { - "type": "string" - }, - "tags": { - "type": "object" - } - }, - "resources": [ - { - "type": "Microsoft.ManagedIdentity/userAssignedIdentities", - "apiVersion": "2018-11-30", - "name": "[parameters('name')]", - "location": "[parameters('location')]", - "tags": "[parameters('tags')]" - } - ], - "outputs": { - "clientId": { - "type": "string", - "value": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name')), '2018-11-30').clientId]" - }, - "resourceId": { - "type": "string", - "value": "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name'))]" - }, - "principalId": { - "type": "string", - "value": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name')), '2018-11-30').principalId]" - } - } - } - } - }, - { - "copy": { - "name": "roleAssignments_deployment", - "count": "[length(range(0, length(variables('roleAssignments'))))]" - }, - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('RoleAssignment_{0}_{1}', range(0, length(variables('roleAssignments')))[copyIndex()], parameters('timestamp'))]", - "subscriptionId": "[variables('roleAssignments')[range(0, length(variables('roleAssignments')))[copyIndex()]].subscription]", - "resourceGroup": "[variables('roleAssignments')[range(0, length(variables('roleAssignments')))[copyIndex()]].resourceGroup]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "PrincipalId": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('UserAssignedIdentity_{0}', parameters('timestamp'))), '2022-09-01').outputs.principalId.value]" - }, - "PrincipalType": { - "value": "ServicePrincipal" - }, - "RoleDefinitionId": { - "value": "[variables('roleAssignments')[range(0, length(variables('roleAssignments')))[copyIndex()]].roleDefinitionId]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "936749082468094105" - } - }, - "parameters": { - "PrincipalId": { - "type": "string" - }, - "PrincipalType": { - "type": "string" - }, - "RoleDefinitionId": { - "type": "string" - } - }, - "resources": [ - { - "type": "Microsoft.Authorization/roleAssignments", - "apiVersion": "2022-04-01", - "name": "[guid(parameters('PrincipalId'), parameters('RoleDefinitionId'), resourceGroup().id)]", - "properties": { - "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', parameters('RoleDefinitionId'))]", - "principalId": "[parameters('PrincipalId')]", - "principalType": "[parameters('PrincipalType')]" - } - } - ] - } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('UserAssignedIdentity_{0}', parameters('timestamp')))]" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('Artifacts_{0}', parameters('timestamp'))]", - "subscriptionId": "[split(parameters('artifactsStorageAccountResourceId'), '/')[2]]", - "resourceGroup": "[split(parameters('artifactsStorageAccountResourceId'), '/')[4]]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "location": { - "value": "[parameters('locationVirtualMachines')]" - }, - "resourceGroupManagement": { - "value": "[parameters('resourceGroupManagement')]" - }, - "serviceName": { - "value": "[parameters('serviceName')]" - }, - "storageAccountName": { - "value": "[split(parameters('artifactsStorageAccountResourceId'), '/')[8]]" - }, - "subscriptionId": { - "value": "[subscription().subscriptionId]" - }, - "tags": { - "value": "[parameters('tags')]" - }, - "timestamp": { - "value": "[parameters('timestamp')]" - }, - "userAssignedIdentityNamePrefix": { - "value": "[parameters('userAssignedIdentityNamePrefix')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "17647061427994370357" - } - }, - "parameters": { - "location": { - "type": "string" - }, - "resourceGroupManagement": { - "type": "string" - }, - "serviceName": { - "type": "string" - }, - "storageAccountName": { - "type": "string" - }, - "subscriptionId": { - "type": "string" - }, - "tags": { - "type": "object" - }, - "timestamp": { - "type": "string" - }, - "userAssignedIdentityNamePrefix": { - "type": "string" - } - }, - "variables": { - "name": "[replace(parameters('userAssignedIdentityNamePrefix'), parameters('serviceName'), 'artifacts')]", - "roleDefinitionId": "2a2b9908-6ea1-4ae2-8e65-a410df84e7d1" - }, - "resources": [ - { - "type": "Microsoft.Authorization/roleAssignments", - "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.Storage/storageAccounts/{0}', parameters('storageAccountName'))]", - "name": "[guid(variables('name'), variables('roleDefinitionId'), resourceGroup().id)]", - "properties": { - "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', variables('roleDefinitionId'))]", - "principalId": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('UAI_Artifacts_{0}', parameters('timestamp'))), '2022-09-01').outputs.principalId.value]", - "principalType": "ServicePrincipal" - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('UAI_Artifacts_{0}', parameters('timestamp')))]" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('UAI_Artifacts_{0}', parameters('timestamp'))]", - "subscriptionId": "[parameters('subscriptionId')]", - "resourceGroup": "[parameters('resourceGroupManagement')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "location": { - "value": "[parameters('location')]" - }, - "name": { - "value": "[variables('name')]" - }, - "tags": "[if(contains(parameters('tags'), 'Microsoft.ManagedIdentity/userAssignedIdentities'), createObject('value', parameters('tags')['Microsoft.ManagedIdentity/userAssignedIdentities']), createObject('value', createObject()))]" - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "17434071438759696167" - } - }, - "parameters": { - "location": { - "type": "string" - }, - "name": { - "type": "string" - }, - "tags": { - "type": "object" - } - }, - "resources": [ - { - "type": "Microsoft.ManagedIdentity/userAssignedIdentities", - "apiVersion": "2018-11-30", - "name": "[parameters('name')]", - "location": "[parameters('location')]", - "tags": "[parameters('tags')]" - } - ], - "outputs": { - "clientId": { - "type": "string", - "value": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name')), '2018-11-30').clientId]" - }, - "resourceId": { - "type": "string", - "value": "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name'))]" - }, - "principalId": { - "type": "string", - "value": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name')), '2018-11-30').principalId]" - } - } - } - } - } - ], - "outputs": { - "userAssignedIdentityClientId": { - "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('UAI_Artifacts_{0}', parameters('timestamp'))), '2022-09-01').outputs.clientId.value]" - }, - "userAssignedIdentityPrincipalId": { - "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('UAI_Artifacts_{0}', parameters('timestamp'))), '2022-09-01').outputs.principalId.value]" - }, - "userAssignedIdentityResourceId": { - "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('UAI_Artifacts_{0}', parameters('timestamp'))), '2022-09-01').outputs.resourceId.value]" - } - } - } - } - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('CustomerManagedKeys_{0}', parameters('timestamp'))]", - "resourceGroup": "[parameters('resourceGroupManagement')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "environment": { - "value": "[parameters('environmentAbbreviation')]" - }, - "keyVaultName": { - "value": "[parameters('keyVaultName')]" - }, - "keyVaultNetworkInterfaceName": { - "value": "[parameters('keyVaultNetworkInterfaceName')]" - }, - "keyVaultPrivateDnsZoneResourceId": { - "value": "[parameters('keyVaultPrivateDnsZoneResourceId')]" - }, - "keyVaultPrivateEndpointName": { - "value": "[parameters('keyVaultPrivateEndpointName')]" - }, - "location": { - "value": "[parameters('locationVirtualMachines')]" - }, - "serviceName": { - "value": "[parameters('serviceName')]" - }, - "subnetResourceId": { - "value": "[parameters('subnetResourceId')]" - }, - "tags": { - "value": "[parameters('tags')]" - }, - "timestamp": { - "value": "[parameters('timestamp')]" - }, - "userAssignedIdentityNamePrefix": { - "value": "[parameters('userAssignedIdentityNamePrefix')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "4183935201151986506" - } - }, - "parameters": { - "diskEncryptionKeyExpirationInDays": { - "type": "int", - "defaultValue": 30 - }, - "environment": { - "type": "string" - }, - "keyVaultName": { - "type": "string" - }, - "keyVaultNetworkInterfaceName": { - "type": "string" - }, - "keyVaultPrivateEndpointName": { - "type": "string" - }, - "keyVaultPrivateDnsZoneResourceId": { - "type": "string" - }, - "location": { - "type": "string" - }, - "serviceName": { - "type": "string" - }, - "subnetResourceId": { - "type": "string" - }, - "tags": { - "type": "object" - }, - "timestamp": { - "type": "string" - }, - "userAssignedIdentityNamePrefix": { - "type": "string" - } - }, - "resources": [ - { - "type": "Microsoft.KeyVault/vaults", - "apiVersion": "2022-07-01", - "name": "[parameters('keyVaultName')]", - "location": "[parameters('location')]", - "tags": "[if(contains(parameters('tags'), 'Microsoft.KeyVault/vaults'), parameters('tags')['Microsoft.KeyVault/vaults'], createObject())]", - "properties": { - "enabledForDeployment": false, - "enabledForDiskEncryption": true, - "enabledForTemplateDeployment": false, - "enablePurgeProtection": true, - "enableRbacAuthorization": true, - "enableSoftDelete": true, - "networkAcls": { - "bypass": "AzureServices", - "defaultAction": "Deny", - "ipRules": [], - "virtualNetworkRules": [] - }, - "publicNetworkAccess": "Disabled", - "sku": { - "family": "A", - "name": "standard" - }, - "softDeleteRetentionInDays": "[if(or(equals(parameters('environment'), 'dev'), equals(parameters('environment'), 'test')), 7, 90)]", - "tenantId": "[subscription().tenantId]" - } - }, - { - "type": "Microsoft.Network/privateEndpoints", - "apiVersion": "2023-04-01", - "name": "[parameters('keyVaultPrivateEndpointName')]", - "location": "[parameters('location')]", - "tags": "[if(contains(parameters('tags'), 'Microsoft.Network/privateEndpoints'), parameters('tags')['Microsoft.Network/privateEndpoints'], createObject())]", - "properties": { - "customNetworkInterfaceName": "[parameters('keyVaultNetworkInterfaceName')]", - "privateLinkServiceConnections": [ - { - "name": "[parameters('keyVaultPrivateEndpointName')]", - "properties": { - "privateLinkServiceId": "[resourceId('Microsoft.KeyVault/vaults', parameters('keyVaultName'))]", - "groupIds": [ - "vault" - ] - } - } - ], - "subnet": { - "id": "[parameters('subnetResourceId')]" - } - }, - "dependsOn": [ - "[resourceId('Microsoft.KeyVault/vaults', parameters('keyVaultName'))]" - ] - }, - { - "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups", - "apiVersion": "2021-08-01", - "name": "[format('{0}/{1}', parameters('keyVaultPrivateEndpointName'), parameters('keyVaultName'))]", - "properties": { - "privateDnsZoneConfigs": [ - { - "name": "ipconfig1", - "properties": { - "privateDnsZoneId": "[parameters('keyVaultPrivateDnsZoneResourceId')]" - } - } - ] - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/privateEndpoints', parameters('keyVaultPrivateEndpointName'))]" - ] - }, - { - "type": "Microsoft.KeyVault/vaults/keys", - "apiVersion": "2022-07-01", - "name": "[format('{0}/{1}', parameters('keyVaultName'), 'DiskEncryptionKey')]", - "properties": { - "attributes": { - "enabled": true - }, - "keySize": 4096, - "kty": "RSA", - "rotationPolicy": { - "attributes": { - "expiryTime": "[format('P{0}D', string(parameters('diskEncryptionKeyExpirationInDays')))]" - }, - "lifetimeActions": [ - { - "action": { - "type": "Notify" - }, - "trigger": { - "timeBeforeExpiry": "P10D" - } - }, - { - "action": { - "type": "Rotate" - }, - "trigger": { - "timeAfterCreate": "[format('P{0}D', string(sub(parameters('diskEncryptionKeyExpirationInDays'), 7)))]" - } - } - ] - } - }, - "dependsOn": [ - "[resourceId('Microsoft.KeyVault/vaults', parameters('keyVaultName'))]" - ] - }, - { - "type": "Microsoft.KeyVault/vaults/keys", - "apiVersion": "2022-07-01", - "name": "[format('{0}/{1}', parameters('keyVaultName'), 'StorageEncryptionKey')]", - "properties": { - "attributes": { - "enabled": true - }, - "keySize": 4096, - "kty": "RSA", - "rotationPolicy": { - "attributes": { - "expiryTime": "[format('P{0}D', string(parameters('diskEncryptionKeyExpirationInDays')))]" - }, - "lifetimeActions": [ - { - "action": { - "type": "Notify" - }, - "trigger": { - "timeBeforeExpiry": "P10D" - } - }, - { - "action": { - "type": "Rotate" - }, - "trigger": { - "timeAfterCreate": "[format('P{0}D', string(sub(parameters('diskEncryptionKeyExpirationInDays'), 7)))]" - } - } - ] - } - }, - "dependsOn": [ - "[resourceId('Microsoft.KeyVault/vaults', parameters('keyVaultName'))]" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('UAI_Encryption_{0}', parameters('timestamp'))]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "location": { - "value": "[parameters('location')]" - }, - "name": { - "value": "[replace(parameters('userAssignedIdentityNamePrefix'), parameters('serviceName'), 'encryption')]" - }, - "tags": "[if(contains(parameters('tags'), 'Microsoft.ManagedIdentity/userAssignedIdentities'), createObject('value', parameters('tags')['Microsoft.ManagedIdentity/userAssignedIdentities']), createObject('value', createObject()))]" - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "17434071438759696167" - } - }, - "parameters": { - "location": { - "type": "string" - }, - "name": { - "type": "string" - }, - "tags": { - "type": "object" - } - }, - "resources": [ - { - "type": "Microsoft.ManagedIdentity/userAssignedIdentities", - "apiVersion": "2018-11-30", - "name": "[parameters('name')]", - "location": "[parameters('location')]", - "tags": "[parameters('tags')]" - } - ], - "outputs": { - "clientId": { - "type": "string", - "value": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name')), '2018-11-30').clientId]" - }, - "resourceId": { - "type": "string", - "value": "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name'))]" - }, - "principalId": { - "type": "string", - "value": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name')), '2018-11-30').principalId]" - } - } - } - } - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('RoleAssignment_Encryption_{0}', parameters('timestamp'))]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "PrincipalId": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', format('UAI_Encryption_{0}', parameters('timestamp'))), '2022-09-01').outputs.principalId.value]" - }, - "PrincipalType": { - "value": "ServicePrincipal" - }, - "RoleDefinitionId": { - "value": "e147488a-f6f5-4113-8e2d-b22465e65bf6" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "936749082468094105" - } - }, - "parameters": { - "PrincipalId": { - "type": "string" - }, - "PrincipalType": { - "type": "string" - }, - "RoleDefinitionId": { - "type": "string" - } - }, - "resources": [ - { - "type": "Microsoft.Authorization/roleAssignments", - "apiVersion": "2022-04-01", - "name": "[guid(parameters('PrincipalId'), parameters('RoleDefinitionId'), resourceGroup().id)]", - "properties": { - "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', parameters('RoleDefinitionId'))]", - "principalId": "[parameters('PrincipalId')]", - "principalType": "[parameters('PrincipalType')]" - } - } - ] - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Resources/deployments', format('UAI_Encryption_{0}', parameters('timestamp')))]" - ] - } - ], - "outputs": { - "keyUriWithVersion": { - "type": "string", - "value": "[reference(resourceId('Microsoft.KeyVault/vaults/keys', parameters('keyVaultName'), 'DiskEncryptionKey'), '2022-07-01').keyUriWithVersion]" - }, - "keyVaultResourceId": { - "type": "string", - "value": "[resourceId('Microsoft.KeyVault/vaults', parameters('keyVaultName'))]" - }, - "keyVaultUri": { - "type": "string", - "value": "[reference(resourceId('Microsoft.KeyVault/vaults', parameters('keyVaultName')), '2022-07-01').vaultUri]" - }, - "storageKeyName": { - "type": "string", - "value": "StorageEncryptionKey" - }, - "encryptionUserAssignedIdentityClientId": { - "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', format('UAI_Encryption_{0}', parameters('timestamp'))), '2022-09-01').outputs.clientId.value]" - }, - "encryptionUserAssignedIdentityPrincipalId": { - "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', format('UAI_Encryption_{0}', parameters('timestamp'))), '2022-09-01').outputs.principalId.value]" - }, - "encryptionUserAssignedIdentityResourceId": { - "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', format('UAI_Encryption_{0}', parameters('timestamp'))), '2022-09-01').outputs.resourceId.value]" - } - } - } - } - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('DiskEncryptionSet_{0}', parameters('timestamp'))]", - "resourceGroup": "[parameters('resourceGroupManagement')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "diskEncryptionSetName": { - "value": "[parameters('diskEncryptionSetName')]" - }, - "keyUrl": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('CustomerManagedKeys_{0}', parameters('timestamp'))), '2022-09-01').outputs.keyUriWithVersion.value]" - }, - "keyVaultResourceId": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('CustomerManagedKeys_{0}', parameters('timestamp'))), '2022-09-01').outputs.keyVaultResourceId.value]" - }, - "location": { - "value": "[parameters('locationVirtualMachines')]" - }, - "tags": "[if(contains(parameters('tags'), 'Microsoft.Compute/diskEncryptionSets'), createObject('value', parameters('tags')['Microsoft.Compute/diskEncryptionSets']), createObject('value', createObject()))]", - "timestamp": { - "value": "[parameters('timestamp')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "2378577135011463027" - } - }, - "parameters": { - "diskEncryptionSetName": { - "type": "string" - }, - "keyVaultResourceId": { - "type": "string" - }, - "keyUrl": { - "type": "string" - }, - "location": { - "type": "string" - }, - "tags": { - "type": "object" - }, - "timestamp": { - "type": "string" - } - }, - "resources": [ - { - "type": "Microsoft.Compute/diskEncryptionSets", - "apiVersion": "2023-04-02", - "name": "[parameters('diskEncryptionSetName')]", - "location": "[parameters('location')]", - "tags": "[parameters('tags')]", - "identity": { - "type": "SystemAssigned" - }, - "properties": { - "activeKey": { - "sourceVault": { - "id": "[parameters('keyVaultResourceId')]" - }, - "keyUrl": "[parameters('keyUrl')]" - }, - "encryptionType": "EncryptionAtRestWithPlatformAndCustomerKeys", - "rotationToLatestKeyVersionEnabled": true - } - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('RoleAssignment_Encryption_{0}', parameters('timestamp'))]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "PrincipalId": { - "value": "[reference(resourceId('Microsoft.Compute/diskEncryptionSets', parameters('diskEncryptionSetName')), '2023-04-02', 'full').identity.principalId]" - }, - "PrincipalType": { - "value": "ServicePrincipal" - }, - "RoleDefinitionId": { - "value": "e147488a-f6f5-4113-8e2d-b22465e65bf6" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "936749082468094105" - } - }, - "parameters": { - "PrincipalId": { - "type": "string" - }, - "PrincipalType": { - "type": "string" - }, - "RoleDefinitionId": { - "type": "string" - } - }, - "resources": [ - { - "type": "Microsoft.Authorization/roleAssignments", - "apiVersion": "2022-04-01", - "name": "[guid(parameters('PrincipalId'), parameters('RoleDefinitionId'), resourceGroup().id)]", - "properties": { - "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', parameters('RoleDefinitionId'))]", - "principalId": "[parameters('PrincipalId')]", - "principalType": "[parameters('PrincipalType')]" - } - } - ] - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Compute/diskEncryptionSets', parameters('diskEncryptionSetName'))]" - ] - } - ], - "outputs": { - "resourceId": { - "type": "string", - "value": "[resourceId('Microsoft.Compute/diskEncryptionSets', parameters('diskEncryptionSetName'))]" - } - } - } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('CustomerManagedKeys_{0}', parameters('timestamp')))]" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('ManagementVirtualMachine_{0}', parameters('timestamp'))]", - "resourceGroup": "[parameters('resourceGroupManagement')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "artifactsUri": { - "value": "[parameters('artifactsUri')]" - }, - "azurePowerShellModuleMsiName": { - "value": "[parameters('azurePowerShellModuleMsiName')]" - }, - "deploymentUserAssignedIdentityClientId": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('UserAssignedIdentity_{0}', parameters('timestamp'))), '2022-09-01').outputs.clientId.value]" - }, - "deploymentUserAssignedIdentityResourceId": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('UserAssignedIdentity_{0}', parameters('timestamp'))), '2022-09-01').outputs.resourceId.value]" - }, - "diskEncryptionSetResourceId": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('DiskEncryptionSet_{0}', parameters('timestamp'))), '2022-09-01').outputs.resourceId.value]" - }, - "diskNamePrefix": { - "value": "[parameters('diskNamePrefix')]" - }, - "diskSku": { - "value": "[parameters('diskSku')]" - }, - "domainJoinPassword": { - "value": "[parameters('domainJoinPassword')]" - }, - "domainJoinUserPrincipalName": { - "value": "[parameters('domainJoinUserPrincipalName')]" - }, - "domainName": { - "value": "[parameters('domainName')]" - }, - "location": { - "value": "[parameters('locationVirtualMachines')]" - }, - "networkInterfaceNamePrefix": { - "value": "[parameters('networkInterfaceNamePrefix')]" - }, - "networkName": { - "value": "[parameters('networkName')]" - }, - "organizationalUnitPath": { - "value": "[parameters('organizationalUnitPath')]" - }, - "securityLogAnalyticsWorkspaceResourceId": { - "value": "[parameters('securityLogAnalyticsWorkspaceResourceId')]" - }, - "serviceName": { - "value": "[parameters('serviceName')]" - }, - "subnet": { - "value": "[split(parameters('subnetResourceId'), '/')[10]]" - }, - "tagsNetworkInterfaces": "[if(contains(parameters('tags'), 'Microsoft.Network/networkInterfaces'), createObject('value', parameters('tags')['Microsoft.Network/networkInterfaces']), createObject('value', createObject()))]", - "tagsVirtualMachines": "[if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), createObject('value', parameters('tags')['Microsoft.Compute/virtualMachines']), createObject('value', createObject()))]", - "virtualMachineMonitoringAgent": { - "value": "[parameters('virtualMachineMonitoringAgent')]" - }, - "virtualMachineNamePrefix": { - "value": "[parameters('virtualMachineNamePrefix')]" - }, - "virtualMachinePassword": { - "value": "[parameters('virtualMachinePassword')]" - }, - "virtualMachineUsername": { - "value": "[parameters('virtualMachineUsername')]" - }, - "virtualNetwork": { - "value": "[variables('VirtualNetworkName')]" - }, - "virtualNetworkResourceGroup": { - "value": "[variables('VirtualNetworkResourceGroupName')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "1668527529564448151" - } - }, - "parameters": { - "artifactsUri": { - "type": "string" - }, - "azurePowerShellModuleMsiName": { - "type": "string" - }, - "deploymentUserAssignedIdentityClientId": { - "type": "string" - }, - "deploymentUserAssignedIdentityResourceId": { - "type": "string" - }, - "diskEncryptionSetResourceId": { - "type": "string" - }, - "diskNamePrefix": { - "type": "string" - }, - "diskSku": { - "type": "string" - }, - "domainJoinPassword": { - "type": "securestring" - }, - "domainJoinUserPrincipalName": { - "type": "string" - }, - "domainName": { - "type": "string" - }, - "location": { - "type": "string" - }, - "networkInterfaceNamePrefix": { - "type": "string" - }, - "networkName": { - "type": "string" - }, - "organizationalUnitPath": { - "type": "string" - }, - "securityLogAnalyticsWorkspaceResourceId": { - "type": "string" - }, - "serviceName": { - "type": "string" - }, - "subnet": { - "type": "string" - }, - "tagsNetworkInterfaces": { - "type": "object" - }, - "tagsVirtualMachines": { - "type": "object" - }, - "timestamp": { - "type": "string", - "defaultValue": "[utcNow('yyyyMMddhhmmss')]" - }, - "virtualNetwork": { - "type": "string" - }, - "virtualNetworkResourceGroup": { - "type": "string" - }, - "virtualMachineMonitoringAgent": { - "type": "string" - }, - "virtualMachineNamePrefix": { - "type": "string" - }, - "virtualMachinePassword": { - "type": "securestring" - }, - "virtualMachineUsername": { - "type": "string" - } - }, - "variables": { - "networkInterfaceName": "[replace(parameters('networkInterfaceNamePrefix'), parameters('serviceName'), 'mgt-vm')]", - "securitylogAnalyticsWorkspaceName": "[if(variables('securityMonitoring'), split(parameters('securityLogAnalyticsWorkspaceResourceId'), '/')[8], '')]", - "securityLogAnalyticsWorkspaceResourceGroupName": "[if(variables('securityMonitoring'), split(parameters('securityLogAnalyticsWorkspaceResourceId'), '/')[4], resourceGroup().name)]", - "securityLogAnalyticsWorkspaceSubscriptionId": "[if(variables('securityMonitoring'), split(parameters('securityLogAnalyticsWorkspaceResourceId'), '/')[2], subscription().subscriptionId)]", - "securityMonitoring": "[if(empty(parameters('securityLogAnalyticsWorkspaceResourceId')), false(), true())]", - "virtualMachineName": "[replace(replace(parameters('virtualMachineNamePrefix'), parameters('serviceName'), 'mgt'), parameters('networkName'), '')]" - }, - "resources": [ - { - "type": "Microsoft.Network/networkInterfaces", - "apiVersion": "2020-05-01", - "name": "[variables('networkInterfaceName')]", - "location": "[parameters('location')]", - "tags": "[parameters('tagsNetworkInterfaces')]", - "properties": { - "ipConfigurations": [ - { - "name": "ipconfig", - "properties": { - "privateIPAllocationMethod": "Dynamic", - "subnet": { - "id": "[resourceId(parameters('virtualNetworkResourceGroup'), 'Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetwork'), parameters('subnet'))]" - }, - "primary": true, - "privateIPAddressVersion": "IPv4" - } - } - ], - "enableAcceleratedNetworking": false, - "enableIPForwarding": false - } - }, - { - "type": "Microsoft.Compute/virtualMachines", - "apiVersion": "2021-11-01", - "name": "[variables('virtualMachineName')]", - "location": "[parameters('location')]", - "tags": "[parameters('tagsVirtualMachines')]", - "properties": { - "hardwareProfile": { - "vmSize": "Standard_B2s" - }, - "storageProfile": { - "imageReference": { - "publisher": "MicrosoftWindowsServer", - "offer": "WindowsServer", - "sku": "2019-datacenter-core-g2", - "version": "latest" - }, - "osDisk": { - "deleteOption": "Delete", - "osType": "Windows", - "createOption": "FromImage", - "caching": "None", - "managedDisk": { - "diskEncryptionSet": { - "id": "[parameters('diskEncryptionSetResourceId')]" - }, - "storageAccountType": "[parameters('diskSku')]" - }, - "name": "[replace(parameters('diskNamePrefix'), parameters('serviceName'), 'mgt-vm')]" - }, - "dataDisks": [] - }, - "osProfile": { - "computerName": "[variables('virtualMachineName')]", - "adminUsername": "[parameters('virtualMachineUsername')]", - "adminPassword": "[parameters('virtualMachinePassword')]", - "windowsConfiguration": { - "provisionVMAgent": true, - "enableAutomaticUpdates": false - }, - "secrets": [], - "allowExtensionOperations": true - }, - "networkProfile": { - "networkInterfaces": [ - { - "id": "[resourceId('Microsoft.Network/networkInterfaces', variables('networkInterfaceName'))]", - "properties": { - "deleteOption": "Delete" - } - } - ] - }, - "securityProfile": { - "uefiSettings": { - "secureBootEnabled": true, - "vTpmEnabled": true - }, - "securityType": "TrustedLaunch", - "encryptionAtHost": true - }, - "diagnosticsProfile": { - "bootDiagnostics": { - "enabled": false - } - }, - "licenseType": "Windows_Server" - }, - "identity": { - "type": "SystemAssigned, UserAssigned", - "userAssignedIdentities": { - "[format('{0}', parameters('deploymentUserAssignedIdentityResourceId'))]": {} - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/networkInterfaces', variables('networkInterfaceName'))]" - ] - }, - { - "type": "Microsoft.Compute/virtualMachines/extensions", - "apiVersion": "2021-03-01", - "name": "[format('{0}/{1}', variables('virtualMachineName'), 'IaaSAntimalware')]", - "location": "[parameters('location')]", - "tags": "[parameters('tagsVirtualMachines')]", - "properties": { - "publisher": "Microsoft.Azure.Security", - "type": "IaaSAntimalware", - "typeHandlerVersion": "1.3", - "autoUpgradeMinorVersion": true, - "enableAutomaticUpgrade": false, - "settings": { - "AntimalwareEnabled": true, - "RealtimeProtectionEnabled": "true", - "ScheduledScanSettings": { - "isEnabled": "true", - "day": "7", - "time": "120", - "scanType": "Quick" - }, - "Exclusions": {} - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachines', variables('virtualMachineName'))]" - ] - }, - { - "type": "Microsoft.Compute/virtualMachines/extensions", - "apiVersion": "2021-03-01", - "name": "[format('{0}/{1}', variables('virtualMachineName'), 'GuestAttestation')]", - "location": "[parameters('location')]", - "properties": { - "publisher": "Microsoft.Azure.Security.WindowsAttestation", - "type": "GuestAttestation", - "typeHandlerVersion": "1.0", - "autoUpgradeMinorVersion": true, - "settings": { - "AttestationConfig": { - "MaaSettings": { - "maaEndpoint": "", - "maaTenantName": "GuestAttestation" - }, - "AscSettings": { - "ascReportingEndpoint": "", - "ascReportingFrequency": "" - }, - "useCustomToken": "false", - "disableAlerts": "false" - } - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachines', variables('virtualMachineName'))]" - ] - }, - { - "condition": "[and(variables('securityMonitoring'), equals(parameters('virtualMachineMonitoringAgent'), 'LogAnalyticsAgent'))]", - "type": "Microsoft.Compute/virtualMachines/extensions", - "apiVersion": "2021-03-01", - "name": "[format('{0}/{1}', variables('virtualMachineName'), 'MicrosoftmonitoringAgent')]", - "location": "[parameters('location')]", - "tags": "[parameters('tagsVirtualMachines')]", - "properties": { - "publisher": "Microsoft.EnterpriseCloud.monitoring", - "type": "MicrosoftmonitoringAgent", - "typeHandlerVersion": "1.0", - "autoUpgradeMinorVersion": true, - "settings": { - "workspaceId": "[if(variables('securityMonitoring'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('securityLogAnalyticsWorkspaceSubscriptionId'), variables('securityLogAnalyticsWorkspaceResourceGroupName')), 'Microsoft.OperationalInsights/workspaces', variables('securitylogAnalyticsWorkspaceName')), '2022-10-01').customerId, null())]" - }, - "protectedSettings": { - "workspaceKey": "[if(variables('securityMonitoring'), listKeys(parameters('securityLogAnalyticsWorkspaceResourceId'), '2021-06-01').primarySharedKey, null())]" - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachines/extensions', variables('virtualMachineName'), 'IaaSAntimalware')]", - "[resourceId('Microsoft.Compute/virtualMachines', variables('virtualMachineName'))]" - ] - }, - { - "type": "Microsoft.Compute/virtualMachines/extensions", - "apiVersion": "2019-07-01", - "name": "[format('{0}/{1}', variables('virtualMachineName'), 'JsonADDomainExtension')]", - "location": "[parameters('location')]", - "tags": "[parameters('tagsVirtualMachines')]", - "properties": { - "forceUpdateTag": "[parameters('timestamp')]", - "publisher": "Microsoft.Compute", - "type": "JsonADDomainExtension", - "typeHandlerVersion": "1.3", - "autoUpgradeMinorVersion": true, - "settings": { - "Name": "[parameters('domainName')]", - "Options": "3", - "OUPath": "[parameters('organizationalUnitPath')]", - "Restart": "true", - "User": "[parameters('domainJoinUserPrincipalName')]" - }, - "protectedSettings": { - "Password": "[parameters('domainJoinPassword')]" - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Resources/deployments', format('CSE_InstallAzurePowerShellAzModule_{0}', parameters('timestamp')))]", - "[resourceId('Microsoft.Compute/virtualMachines', variables('virtualMachineName'))]" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('CSE_InstallAzurePowerShellAzModule_{0}', parameters('timestamp'))]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "fileUris": { - "value": [ - "[format('{0}{1}', parameters('artifactsUri'), parameters('azurePowerShellModuleMsiName'))]", - "[format('{0}Install-AzurePowerShellAzModule.ps1', parameters('artifactsUri'))]" - ] - }, - "location": { - "value": "[parameters('location')]" - }, - "parameters": { - "value": "[format('-Installer {0}', parameters('azurePowerShellModuleMsiName'))]" - }, - "scriptFileName": { - "value": "Install-AzurePowerShellAzModule.ps1" - }, - "tags": { - "value": "[parameters('tagsVirtualMachines')]" - }, - "virtualMachineName": { - "value": "[variables('virtualMachineName')]" - }, - "userAssignedIdentityClientId": { - "value": "[parameters('deploymentUserAssignedIdentityClientId')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "13331181864693511452" - } - }, - "parameters": { - "fileUris": { - "type": "array" - }, - "location": { - "type": "string" - }, - "parameters": { - "type": "securestring" - }, - "scriptFileName": { - "type": "string" - }, - "tags": { - "type": "object" - }, - "timestamp": { - "type": "string", - "defaultValue": "[utcNow('yyyyMMddhhmmss')]" - }, - "userAssignedIdentityClientId": { - "type": "string" - }, - "virtualMachineName": { - "type": "string" - } - }, - "resources": [ - { - "type": "Microsoft.Compute/virtualMachines/extensions", - "apiVersion": "2021-03-01", - "name": "[format('{0}/{1}', parameters('virtualMachineName'), 'CustomScriptExtension')]", - "location": "[parameters('location')]", - "tags": "[parameters('tags')]", - "properties": { - "publisher": "Microsoft.Compute", - "type": "CustomScriptExtension", - "typeHandlerVersion": "1.10", - "autoUpgradeMinorVersion": true, - "settings": { - "timestamp": "[parameters('timestamp')]" - }, - "protectedSettings": { - "commandToExecute": "[format('powershell -ExecutionPolicy Unrestricted -File {0} {1}', parameters('scriptFileName'), parameters('parameters'))]", - "fileUris": "[parameters('fileUris')]", - "managedIdentity": { - "clientId": "[parameters('userAssignedIdentityClientId')]" - } - } - } - } - ], - "outputs": { - "value": { - "type": "object", - "value": "[json(filter(reference(resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), 'CustomScriptExtension'), '2021-03-01').instanceView.substatuses, lambda('item', equals(lambdaVariables('item').code, 'ComponentStatus/StdOut/succeeded')))[0].message)]" - } - } - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachines/extensions', variables('virtualMachineName'), 'MicrosoftmonitoringAgent')]", - "[resourceId('Microsoft.Compute/virtualMachines', variables('virtualMachineName'))]" - ] - } - ], - "outputs": { - "Name": { - "type": "string", - "value": "[variables('virtualMachineName')]" - } - } - } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('UserAssignedIdentity_{0}', parameters('timestamp')))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('DiskEncryptionSet_{0}', parameters('timestamp')))]" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('Validations_{0}', parameters('timestamp'))]", - "resourceGroup": "[parameters('resourceGroupManagement')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "fileUris": { - "value": [ - "[format('{0}Get-Validations.ps1', parameters('artifactsUri'))]" - ] - }, - "location": { - "value": "[parameters('locationVirtualMachines')]" - }, - "parameters": { - "value": "[format('-ActiveDirectorySolution {0} -CpuCountMax {1} -CpuCountMin {2} -DomainName {3} -Environment {4} -imageVersionResourceId {5} -Location {6} -SessionHostCount {7} -StorageService {8} -SubscriptionId {9} -TenantId {10} -UserAssignedIdentityClientId {11} -VirtualMachineSize {12} -VirtualNetworkName {13} -VirtualNetworkResourceGroupName {14} -WorkspaceFeedName {15} -WorkspaceResourceGroupName {16}', parameters('activeDirectorySolution'), variables('CpuCountMax'), variables('CpuCountMin'), if(empty(parameters('domainName')), 'NotApplicable', parameters('domainName')), environment().name, if(empty(parameters('imageVersionResourceId')), 'NotApplicable', parameters('imageVersionResourceId')), parameters('locationVirtualMachines'), parameters('sessionHostCount'), parameters('storageService'), subscription().subscriptionId, tenant().tenantId, reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('UserAssignedIdentity_{0}', parameters('timestamp'))), '2022-09-01').outputs.clientId.value, parameters('virtualMachineSize'), variables('VirtualNetworkName'), variables('VirtualNetworkResourceGroupName'), parameters('workspaceFeedName'), parameters('resourceGroupFeedWorkspace'))]" - }, - "scriptFileName": { - "value": "Get-Validations.ps1" - }, - "tags": "[if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), createObject('value', parameters('tags')['Microsoft.Compute/virtualMachines']), createObject('value', createObject()))]", - "userAssignedIdentityClientId": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('UserAssignedIdentity_{0}', parameters('timestamp'))), '2022-09-01').outputs.clientId.value]" - }, - "virtualMachineName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('ManagementVirtualMachine_{0}', parameters('timestamp'))), '2022-09-01').outputs.Name.value]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "13331181864693511452" - } - }, - "parameters": { - "fileUris": { - "type": "array" - }, - "location": { - "type": "string" - }, - "parameters": { - "type": "securestring" - }, - "scriptFileName": { - "type": "string" - }, - "tags": { - "type": "object" - }, - "timestamp": { - "type": "string", - "defaultValue": "[utcNow('yyyyMMddhhmmss')]" - }, - "userAssignedIdentityClientId": { - "type": "string" - }, - "virtualMachineName": { - "type": "string" - } - }, - "resources": [ - { - "type": "Microsoft.Compute/virtualMachines/extensions", - "apiVersion": "2021-03-01", - "name": "[format('{0}/{1}', parameters('virtualMachineName'), 'CustomScriptExtension')]", - "location": "[parameters('location')]", - "tags": "[parameters('tags')]", - "properties": { - "publisher": "Microsoft.Compute", - "type": "CustomScriptExtension", - "typeHandlerVersion": "1.10", - "autoUpgradeMinorVersion": true, - "settings": { - "timestamp": "[parameters('timestamp')]" - }, - "protectedSettings": { - "commandToExecute": "[format('powershell -ExecutionPolicy Unrestricted -File {0} {1}', parameters('scriptFileName'), parameters('parameters'))]", - "fileUris": "[parameters('fileUris')]", - "managedIdentity": { - "clientId": "[parameters('userAssignedIdentityClientId')]" - } - } - } - } - ], - "outputs": { - "value": { - "type": "object", - "value": "[json(filter(reference(resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), 'CustomScriptExtension'), '2021-03-01').instanceView.substatuses, lambda('item', equals(lambdaVariables('item').code, 'ComponentStatus/StdOut/succeeded')))[0].message)]" - } - } - } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('UserAssignedIdentity_{0}', parameters('timestamp')))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('ManagementVirtualMachine_{0}', parameters('timestamp')))]" - ] - }, - { - "condition": "[parameters('enableMonitoring')]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('Monitoring_{0}', parameters('timestamp'))]", - "resourceGroup": "[parameters('resourceGroupManagement')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "dataCollectionRuleName": { - "value": "[parameters('dataCollectionRuleName')]" - }, - "hostPoolName": { - "value": "[parameters('hostPoolName')]" - }, - "location": { - "value": "[parameters('locationVirtualMachines')]" - }, - "logAnalyticsWorkspaceName": { - "value": "[parameters('logAnalyticsWorkspaceName')]" - }, - "logAnalyticsWorkspaceRetention": { - "value": "[parameters('logAnalyticsWorkspaceRetention')]" - }, - "logAnalyticsWorkspaceSku": { - "value": "[parameters('logAnalyticsWorkspaceSku')]" - }, - "resourceGroupControlPlane": { - "value": "[parameters('resourceGroupControlPlane')]" - }, - "tags": { - "value": "[parameters('tags')]" - }, - "virtualMachineMonitoringAgent": { - "value": "[parameters('virtualMachineMonitoringAgent')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "6378611324391639039" - } - }, - "parameters": { - "dataCollectionRuleName": { - "type": "string" - }, - "hostPoolName": { - "type": "string" - }, - "location": { - "type": "string" - }, - "logAnalyticsWorkspaceName": { - "type": "string" - }, - "logAnalyticsWorkspaceRetention": { - "type": "int" - }, - "logAnalyticsWorkspaceSku": { - "type": "string" - }, - "resourceGroupControlPlane": { - "type": "string" - }, - "tags": { - "type": "object" - }, - "virtualMachineMonitoringAgent": { - "type": "string" - } - }, - "variables": { - "WindowsEvents": [ - { - "name": "Microsoft-FSLogix-Apps/Operational", - "types": [ - { - "eventType": "Error" - }, - { - "eventType": "Warning" - }, - { - "eventType": "Information" - } - ] - }, - { - "name": "Microsoft-Windows-TerminalServices-LocalSessionManager/Operational", - "types": [ - { - "eventType": "Error" - }, - { - "eventType": "Warning" - }, - { - "eventType": "Information" - } - ] - }, - { - "name": "System", - "types": [ - { - "eventType": "Error" - }, - { - "eventType": "Warning" - } - ] - }, - { - "name": "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Admin", - "types": [ - { - "eventType": "Error" - }, - { - "eventType": "Warning" - }, - { - "eventType": "Information" - } - ] - }, - { - "name": "Microsoft-FSLogix-Apps/Admin", - "types": [ - { - "eventType": "Error" - }, - { - "eventType": "Warning" - }, - { - "eventType": "Information" - } - ] - }, - { - "name": "Application", - "types": [ - { - "eventType": "Error" - }, - { - "eventType": "Warning" - } - ] - } - ], - "WindowsPerformanceCounters": [ - { - "objectName": "LogicalDisk", - "instanceName": "*", - "intervalSeconds": 60, - "counterName": "Disk Transfers/sec" - }, - { - "objectName": "LogicalDisk", - "instanceName": "*", - "intervalSeconds": 60, - "counterName": "Current Disk Queue Length" - }, - { - "objectName": "LogicalDisk", - "instanceName": "*", - "intervalSeconds": 60, - "counterName": "Disk Reads/sec" - }, - { - "objectName": "LogicalDisk", - "instanceName": "*", - "intervalSeconds": 60, - "counterName": "% Free Space" - }, - { - "objectName": "LogicalDisk", - "instanceName": "*", - "intervalSeconds": 60, - "counterName": "Avg. Disk sec/Read" - }, - { - "objectName": "LogicalDisk", - "instanceName": "*", - "intervalSeconds": 60, - "counterName": "Disk Writes/sec" - }, - { - "objectName": "LogicalDisk", - "instanceName": "*", - "intervalSeconds": 60, - "counterName": "Avg. Disk sec/Write" - }, - { - "objectName": "LogicalDisk", - "instanceName": "*", - "intervalSeconds": 60, - "counterName": "Free Megabytes" - }, - { - "objectName": "LogicalDisk", - "instanceName": "C:", - "intervalSeconds": 60, - "counterName": "% Free Space" - }, - { - "objectName": "LogicalDisk", - "instanceName": "C:", - "intervalSeconds": 30, - "counterName": "Avg. Disk Queue Length" - }, - { - "objectName": "LogicalDisk", - "instanceName": "C:", - "intervalSeconds": 60, - "counterName": "Avg. Disk sec/Transfer" - }, - { - "objectName": "LogicalDisk", - "instanceName": "C:", - "intervalSeconds": 30, - "counterName": "Current Disk Queue Length" - }, - { - "objectName": "Memory", - "instanceName": "*", - "intervalSeconds": 60, - "counterName": "% Committed Bytes In Use" - }, - { - "objectName": "Memory", - "instanceName": "*", - "intervalSeconds": 60, - "counterName": "Available MBytes" - }, - { - "objectName": "Memory", - "instanceName": "*", - "intervalSeconds": 30, - "counterName": "Available Mbytes" - }, - { - "objectName": "Memory", - "instanceName": "*", - "intervalSeconds": 30, - "counterName": "Page Faults/sec" - }, - { - "objectName": "Memory", - "instanceName": "*", - "intervalSeconds": 30, - "counterName": "Pages/sec" - }, - { - "objectName": "Network Adapter", - "instanceName": "*", - "intervalSeconds": 60, - "counterName": "Bytes Sent/sec" - }, - { - "objectName": "Network Adapter", - "instanceName": "*", - "intervalSeconds": 60, - "counterName": "Bytes Received/sec" - }, - { - "objectName": "Network Interface", - "instanceName": "*", - "intervalSeconds": 60, - "counterName": "Bytes Total/sec" - }, - { - "objectName": "PhysicalDisk", - "instanceName": "*", - "intervalSeconds": 60, - "counterName": "Avg. Disk Bytes/Transfer" - }, - { - "objectName": "PhysicalDisk", - "instanceName": "*", - "intervalSeconds": 60, - "counterName": "Avg. Disk Bytes/Read" - }, - { - "objectName": "PhysicalDisk", - "instanceName": "*", - "intervalSeconds": 60, - "counterName": "Avg. Disk sec/Write" - }, - { - "objectName": "PhysicalDisk", - "instanceName": "*", - "intervalSeconds": 60, - "counterName": "Avg. Disk sec/Read" - }, - { - "objectName": "PhysicalDisk", - "instanceName": "*", - "intervalSeconds": 60, - "counterName": "Avg. Disk Bytes/Write" - }, - { - "objectName": "PhysicalDisk", - "instanceName": "*", - "intervalSeconds": 60, - "counterName": "Avg. Disk sec/Transfer" - }, - { - "objectName": "PhysicalDisk", - "instanceName": "*", - "intervalSeconds": 30, - "counterName": "Avg. Disk Queue Length" - }, - { - "objectName": "Process", - "instanceName": "*", - "intervalSeconds": 60, - "counterName": "IO Write Operations/sec" - }, - { - "objectName": "Process", - "instanceName": "*", - "intervalSeconds": 60, - "counterName": "IO Read Operations/sec" - }, - { - "objectName": "Process", - "instanceName": "*", - "intervalSeconds": 60, - "counterName": "Thread Count" - }, - { - "objectName": "Process", - "instanceName": "*", - "intervalSeconds": 60, - "counterName": "% User Time" - }, - { - "objectName": "Process", - "instanceName": "*", - "intervalSeconds": 60, - "counterName": "Working Set" - }, - { - "objectName": "Process", - "instanceName": "*", - "intervalSeconds": 60, - "counterName": "% Processor Time" - }, - { - "objectName": "Processor", - "instanceName": "_Total", - "intervalSeconds": 60, - "counterName": "% Processor Time" - }, - { - "objectName": "Processor Information", - "instanceName": "_Total", - "intervalSeconds": 30, - "counterName": "% Processor Time" - }, - { - "objectName": "RemoteFX Graphics", - "instanceName": "*", - "intervalSeconds": 60, - "counterName": "Frames Skipped/Second - Insufficient Server Resources" - }, - { - "objectName": "RemoteFX Graphics", - "instanceName": "*", - "intervalSeconds": 60, - "counterName": "Average Encoding Time" - }, - { - "objectName": "RemoteFX Graphics", - "instanceName": "*", - "intervalSeconds": 60, - "counterName": "Frames Skipped/Second - Insufficient Client Resources" - }, - { - "objectName": "RemoteFX Graphics", - "instanceName": "*", - "intervalSeconds": 60, - "counterName": "Frames Skipped/Second - Insufficient Network Resources" - }, - { - "objectName": "RemoteFX Network", - "instanceName": "*", - "intervalSeconds": 60, - "counterName": "Current UDP Bandwidth" - }, - { - "objectName": "RemoteFX Network", - "instanceName": "*", - "intervalSeconds": 60, - "counterName": "Current TCP Bandwidth" - }, - { - "objectName": "RemoteFX Network", - "instanceName": "*", - "intervalSeconds": 60, - "counterName": "Current TCP RTT" - }, - { - "objectName": "RemoteFX Network", - "instanceName": "*", - "intervalSeconds": 60, - "counterName": "Current UDP RTT" - }, - { - "objectName": "System", - "instanceName": "*", - "intervalSeconds": 60, - "counterName": "Processor Queue Length" - }, - { - "objectName": "Terminal Services", - "instanceName": "*", - "intervalSeconds": 60, - "counterName": "Inactive Sessions" - }, - { - "objectName": "Terminal Services", - "instanceName": "*", - "intervalSeconds": 60, - "counterName": "Total Sessions" - }, - { - "objectName": "Terminal Services", - "instanceName": "*", - "intervalSeconds": 60, - "counterName": "Active Sessions" - }, - { - "objectName": "Terminal Services Session", - "instanceName": "*", - "intervalSeconds": 60, - "counterName": "% Processor Time" - }, - { - "objectName": "User Input Delay per Process", - "instanceName": "*", - "intervalSeconds": 30, - "counterName": "Max Input Delay" - }, - { - "objectName": "User Input Delay per Session", - "instanceName": "*", - "intervalSeconds": 30, - "counterName": "Max Input Delay" - } - ] - }, - "resources": [ - { - "type": "Microsoft.OperationalInsights/workspaces", - "apiVersion": "2021-06-01", - "name": "[parameters('logAnalyticsWorkspaceName')]", - "location": "[parameters('location')]", - "tags": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupControlPlane'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.OperationalInsights/workspaces'), parameters('tags')['Microsoft.OperationalInsights/workspaces'], createObject()))]", - "properties": { - "sku": { - "name": "[parameters('logAnalyticsWorkspaceSku')]" - }, - "retentionInDays": "[parameters('logAnalyticsWorkspaceRetention')]", - "workspaceCapping": { - "dailyQuotaGb": -1 - }, - "publicNetworkAccessForIngestion": "Enabled", - "publicNetworkAccessForQuery": "Enabled" - } - }, - { - "copy": { - "name": "windowsEvents", - "count": "[length(variables('WindowsEvents'))]", - "mode": "serial", - "batchSize": 1 - }, - "condition": "[equals(parameters('virtualMachineMonitoringAgent'), 'LogAnalyticsAgent')]", - "type": "Microsoft.OperationalInsights/workspaces/dataSources", - "apiVersion": "2020-08-01", - "name": "[format('{0}/{1}', parameters('logAnalyticsWorkspaceName'), format('WindowsEvent{0}', copyIndex()))]", - "tags": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupControlPlane'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.OperationalInsights/workspaces'), parameters('tags')['Microsoft.OperationalInsights/workspaces'], createObject()))]", - "kind": "WindowsEvent", - "properties": { - "eventLogName": "[variables('WindowsEvents')[copyIndex()].name]", - "eventTypes": "[variables('WindowsEvents')[copyIndex()].types]" - }, - "dependsOn": [ - "[resourceId('Microsoft.OperationalInsights/workspaces', parameters('logAnalyticsWorkspaceName'))]" - ] - }, - { - "copy": { - "name": "windowsPerformanceCounters", - "count": "[length(variables('WindowsPerformanceCounters'))]", - "mode": "serial", - "batchSize": 1 - }, - "condition": "[equals(parameters('virtualMachineMonitoringAgent'), 'LogAnalyticsAgent')]", - "type": "Microsoft.OperationalInsights/workspaces/dataSources", - "apiVersion": "2020-08-01", - "name": "[format('{0}/{1}', parameters('logAnalyticsWorkspaceName'), format('WindowsPerformanceCounter{0}', copyIndex()))]", - "tags": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupControlPlane'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.OperationalInsights/workspaces'), parameters('tags')['Microsoft.OperationalInsights/workspaces'], createObject()))]", - "kind": "WindowsPerformanceCounter", - "properties": { - "objectName": "[variables('WindowsPerformanceCounters')[copyIndex()].objectName]", - "instanceName": "[variables('WindowsPerformanceCounters')[copyIndex()].instanceName]", - "intervalSeconds": "[variables('WindowsPerformanceCounters')[copyIndex()].intervalSeconds]", - "counterName": "[variables('WindowsPerformanceCounters')[copyIndex()].counterName]" - }, - "dependsOn": [ - "[resourceId('Microsoft.OperationalInsights/workspaces', parameters('logAnalyticsWorkspaceName'))]", - "windowsEvents" - ] - }, - { - "condition": "[equals(parameters('virtualMachineMonitoringAgent'), 'AzureMonitorAgent')]", - "type": "Microsoft.Insights/dataCollectionRules", - "apiVersion": "2022-06-01", - "name": "[parameters('dataCollectionRuleName')]", - "location": "[parameters('location')]", - "tags": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupControlPlane'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.Insights/dataCollectionRules'), parameters('tags')['Microsoft.Insights/dataCollectionRules'], createObject()))]", - "kind": "Windows", - "properties": { - "dataSources": { - "performanceCounters": [ - { - "streams": [ - "Microsoft-Perf" - ], - "samplingFrequencyInSeconds": 30, - "counterSpecifiers": [ - "\\LogicalDisk(C:)\\Avg. Disk Queue Length", - "\\LogicalDisk(C:)\\Current Disk Queue Length", - "\\Memory\\Available Mbytes", - "\\Memory\\Page Faults/sec", - "\\Memory\\Pages/sec", - "\\Memory\\% Committed Bytes In Use", - "\\PhysicalDisk(*)\\Avg. Disk Queue Length", - "\\PhysicalDisk(*)\\Avg. Disk sec/Read", - "\\PhysicalDisk(*)\\Avg. Disk sec/Transfer", - "\\PhysicalDisk(*)\\Avg. Disk sec/Write", - "\\Processor Information(_Total)\\% Processor Time", - "\\User Input Delay per Process(*)\\Max Input Delay", - "\\User Input Delay per Session(*)\\Max Input Delay", - "\\RemoteFX Network(*)\\Current TCP RTT", - "\\RemoteFX Network(*)\\Current UDP Bandwidth" - ], - "name": "perfCounterDataSource10" - }, - { - "streams": [ - "Microsoft-Perf" - ], - "samplingFrequencyInSeconds": 60, - "counterSpecifiers": [ - "\\LogicalDisk(C:)\\% Free Space", - "\\LogicalDisk(C:)\\Avg. Disk sec/Transfer", - "\\Terminal Services(*)\\Active Sessions", - "\\Terminal Services(*)\\Inactive Sessions", - "\\Terminal Services(*)\\Total Sessions" - ], - "name": "perfCounterDataSource30" - } - ], - "windowsEventLogs": [ - { - "streams": [ - "Microsoft-Event" - ], - "xPathQueries": [ - "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Admin!*[System[(Level=2 or Level=3 or Level=4 or Level=0)]]", - "Microsoft-Windows-TerminalServices-LocalSessionManager/Operational!*[System[(Level=2 or Level=3 or Level=4 or Level=0)]]", - "System!*", - "Microsoft-FSLogix-Apps/Operational!*[System[(Level=2 or Level=3 or Level=4 or Level=0)]]", - "Application!*[System[(Level=2 or Level=3)]]", - "Microsoft-FSLogix-Apps/Admin!*[System[(Level=2 or Level=3 or Level=4 or Level=0)]]" - ], - "name": "eventLogsDataSource" - } - ] - }, - "destinations": { - "logAnalytics": [ - { - "workspaceResourceId": "[resourceId('Microsoft.OperationalInsights/workspaces', parameters('logAnalyticsWorkspaceName'))]", - "name": "la-workspace" - } - ] - }, - "dataFlows": [ - { - "streams": [ - "Microsoft-Perf", - "Microsoft-Event" - ], - "destinations": [ - "la-workspace" - ] - } - ] - }, - "dependsOn": [ - "[resourceId('Microsoft.OperationalInsights/workspaces', parameters('logAnalyticsWorkspaceName'))]" - ] - } - ], - "outputs": { - "logAnalyticsWorkspaceResourceId": { - "type": "string", - "value": "[resourceId('Microsoft.OperationalInsights/workspaces', parameters('logAnalyticsWorkspaceName'))]" - }, - "dataCollectionRuleResourceId": { - "type": "string", - "value": "[if(equals(parameters('virtualMachineMonitoringAgent'), 'AzureMonitorAgent'), resourceId('Microsoft.Insights/dataCollectionRules', parameters('dataCollectionRuleName')), '')]" - } - } - } - } - }, - { - "condition": "[or(parameters('scalingTool'), equals(parameters('fslogixStorageService'), 'AzureFiles Premium'))]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('AutomationAccount_{0}', parameters('timestamp'))]", - "resourceGroup": "[parameters('resourceGroupManagement')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "automationAccountDiagnosticSettingName": { - "value": "[parameters('automationAccountDiagnosticSettingName')]" - }, - "automationAccountName": { - "value": "[parameters('automationAccountName')]" - }, - "automationAccountNetworkInterfaceName": { - "value": "[parameters('automationAccountNetworkInterfaceName')]" - }, - "automationAccountPrivateDnsZoneResourceId": { - "value": "[parameters('automationAccountPrivateDnsZoneResourceId')]" - }, - "automationAccountPrivateEndpointName": { - "value": "[parameters('automationAccountPrivateEndpointName')]" - }, - "location": { - "value": "[parameters('locationVirtualMachines')]" - }, - "logAnalyticsWorkspaceResourceId": "[if(parameters('enableMonitoring'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('Monitoring_{0}', parameters('timestamp'))), '2022-09-01').outputs.logAnalyticsWorkspaceResourceId.value), createObject('value', ''))]", - "monitoring": { - "value": "[parameters('enableMonitoring')]" - }, - "subnetResourceId": { - "value": "[parameters('subnetResourceId')]" - }, - "tags": "[if(contains(parameters('tags'), 'Microsoft.Automation/automationAccounts'), createObject('value', parameters('tags')['Microsoft.Automation/automationAccounts']), createObject('value', createObject()))]", - "virtualMachineName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('ManagementVirtualMachine_{0}', parameters('timestamp'))), '2022-09-01').outputs.Name.value]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "16828050586589379450" - } - }, - "parameters": { - "automationAccountDiagnosticSettingName": { - "type": "string" - }, - "automationAccountName": { - "type": "string" - }, - "automationAccountNetworkInterfaceName": { - "type": "string" - }, - "automationAccountPrivateDnsZoneResourceId": { - "type": "string" - }, - "automationAccountPrivateEndpointName": { - "type": "string" - }, - "location": { - "type": "string" - }, - "logAnalyticsWorkspaceResourceId": { - "type": "string" - }, - "monitoring": { - "type": "bool" - }, - "subnetResourceId": { - "type": "string" - }, - "tags": { - "type": "object" - }, - "virtualMachineName": { - "type": "string" - } - }, - "resources": [ - { - "type": "Microsoft.Automation/automationAccounts", - "apiVersion": "2021-06-22", - "name": "[parameters('automationAccountName')]", - "location": "[parameters('location')]", - "tags": "[if(contains(parameters('tags'), 'Microsoft.Automation/automationAccounts'), parameters('tags')['Microsoft.Automation/automationAccounts'], createObject())]", - "identity": { - "type": "SystemAssigned" - }, - "properties": { - "sku": { - "name": "Free" - } - } - }, - { - "type": "Microsoft.Network/privateEndpoints", - "apiVersion": "2023-04-01", - "name": "[parameters('automationAccountPrivateEndpointName')]", - "location": "[parameters('location')]", - "tags": "[if(contains(parameters('tags'), 'Microsoft.Network/privateEndpoints'), parameters('tags')['Microsoft.Network/privateEndpoints'], createObject())]", - "properties": { - "customNetworkInterfaceName": "[parameters('automationAccountNetworkInterfaceName')]", - "privateLinkServiceConnections": [ - { - "name": "[parameters('automationAccountPrivateEndpointName')]", - "properties": { - "privateLinkServiceId": "[resourceId('Microsoft.Automation/automationAccounts', parameters('automationAccountName'))]", - "groupIds": [ - "DSCAndHybridWorker" - ] - } - } - ], - "subnet": { - "id": "[parameters('subnetResourceId')]" - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Automation/automationAccounts', parameters('automationAccountName'))]" - ] - }, - { - "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups", - "apiVersion": "2023-05-01", - "name": "[format('{0}/{1}', parameters('automationAccountPrivateEndpointName'), 'default')]", - "properties": { - "privateDnsZoneConfigs": [ - { - "name": "[replace(split(parameters('automationAccountPrivateDnsZoneResourceId'), '/')[8], '.', '-')]", - "properties": { - "privateDnsZoneId": "[parameters('automationAccountPrivateDnsZoneResourceId')]" - } - } - ] - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/privateEndpoints', parameters('automationAccountPrivateEndpointName'))]" - ] - }, - { - "type": "Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups", - "apiVersion": "2022-08-08", - "name": "[format('{0}/{1}', parameters('automationAccountName'), 'Scaling Tool')]", - "dependsOn": [ - "[resourceId('Microsoft.Automation/automationAccounts', parameters('automationAccountName'))]" - ] - }, - { - "type": "Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/hybridRunbookWorkers", - "apiVersion": "2022-08-08", - "name": "[format('{0}/{1}/{2}', parameters('automationAccountName'), 'Scaling Tool', guid(resourceId('Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups', parameters('automationAccountName'), 'Scaling Tool')))]", - "properties": { - "vmResourceId": "[resourceId('Microsoft.Compute/virtualMachines', parameters('virtualMachineName'))]" - }, - "dependsOn": [ - "[resourceId('Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups', parameters('automationAccountName'), 'Scaling Tool')]" - ] - }, - { - "type": "Microsoft.Compute/virtualMachines/extensions", - "apiVersion": "2022-03-01", - "name": "[format('{0}/{1}', parameters('virtualMachineName'), 'HybridWorkerForWindows')]", - "location": "[parameters('location')]", - "tags": "[if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), parameters('tags')['Microsoft.Compute/virtualMachines'], createObject())]", - "properties": { - "publisher": "Microsoft.Azure.Automation.HybridWorker", - "type": "HybridWorkerForWindows", - "typeHandlerVersion": "1.1", - "autoUpgradeMinorVersion": true, - "enableAutomaticUpgrade": true, - "settings": { - "AutomationAccountURL": "[reference(resourceId('Microsoft.Automation/automationAccounts', parameters('automationAccountName')), '2021-06-22').automationHybridServiceUrl]" - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Automation/automationAccounts', parameters('automationAccountName'))]" - ] - }, - { - "condition": "[parameters('monitoring')]", - "type": "Microsoft.Insights/diagnosticSettings", - "apiVersion": "2017-05-01-preview", - "scope": "[format('Microsoft.Automation/automationAccounts/{0}', parameters('automationAccountName'))]", - "name": "[parameters('automationAccountDiagnosticSettingName')]", - "properties": { - "logs": [ - { - "category": "DscNodeStatus", - "enabled": true - }, - { - "category": "JobLogs", - "enabled": true - }, - { - "category": "JobStreams", - "enabled": true - } - ], - "workspaceId": "[parameters('logAnalyticsWorkspaceResourceId')]" - }, - "dependsOn": [ - "[resourceId('Microsoft.Automation/automationAccounts', parameters('automationAccountName'))]" - ] - } - ], - "outputs": { - "hybridRunbookWorkerGroupName": { - "type": "string", - "value": "Scaling Tool" - } - } - } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('Monitoring_{0}', parameters('timestamp')))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('ManagementVirtualMachine_{0}', parameters('timestamp')))]" - ] - }, - { - "condition": "[and(parameters('recoveryServices'), or(and(and(contains(parameters('activeDirectorySolution'), 'DomainServices'), contains(parameters('hostPoolType'), 'Pooled')), contains(parameters('fslogixStorageService'), 'AzureFiles')), contains(parameters('hostPoolType'), 'Personal')))]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('RecoveryServicesVault_{0}', parameters('timestamp'))]", - "resourceGroup": "[parameters('resourceGroupManagement')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "azureBlobsPrivateDnsZoneResourceId": { - "value": "[parameters('azureBlobsPrivateDnsZoneResourceId')]" - }, - "fslogix": { - "value": "[parameters('fslogix')]" - }, - "location": { - "value": "[parameters('locationVirtualMachines')]" - }, - "azureQueueStoragePrivateDnsZoneResourceId": { - "value": "[parameters('azureQueueStoragePrivateDnsZoneResourceId')]" - }, - "recoveryServicesPrivateDnsZoneResourceId": { - "value": "[parameters('recoveryServicesPrivateDnsZoneResourceId')]" - }, - "recoveryServicesVaultName": { - "value": "[parameters('recoveryServicesVaultName')]" - }, - "recoveryServicesVaultNetworkInterfaceName": { - "value": "[parameters('recoveryServicesVaultNetworkInterfaceName')]" - }, - "recoveryServicesVaultPrivateEndpointName": { - "value": "[parameters('recoveryServicesVaultPrivateEndpointName')]" - }, - "storageService": { - "value": "[parameters('storageService')]" - }, - "subnetId": { - "value": "[parameters('subnetResourceId')]" - }, - "tags": { - "value": "[parameters('tags')]" - }, - "timeZone": { - "value": "[parameters('timeZone')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "11902363560930451851" - } - }, - "parameters": { - "azureBlobsPrivateDnsZoneResourceId": { - "type": "string" - }, - "azureQueueStoragePrivateDnsZoneResourceId": { - "type": "string" - }, - "fslogix": { - "type": "bool" - }, - "location": { - "type": "string" - }, - "recoveryServicesPrivateDnsZoneResourceId": { - "type": "string" - }, - "recoveryServicesVaultName": { - "type": "string" - }, - "recoveryServicesVaultNetworkInterfaceName": { - "type": "string" - }, - "recoveryServicesVaultPrivateEndpointName": { - "type": "string" - }, - "storageService": { - "type": "string" - }, - "subnetId": { - "type": "string" - }, - "tags": { - "type": "object" - }, - "timeZone": { - "type": "string" - } - }, - "resources": [ - { - "type": "Microsoft.RecoveryServices/vaults", - "apiVersion": "2022-03-01", - "name": "[parameters('recoveryServicesVaultName')]", - "location": "[parameters('location')]", - "tags": "[if(contains(parameters('tags'), 'Microsoft.RecoveryServices/vaults'), parameters('tags')['Microsoft.RecoveryServices/vaults'], createObject())]", - "sku": { - "name": "RS0", - "tier": "Standard" - }, - "properties": {} - }, - { - "condition": "[and(parameters('fslogix'), equals(parameters('storageService'), 'AzureFiles'))]", - "type": "Microsoft.RecoveryServices/vaults/backupPolicies", - "apiVersion": "2022-03-01", - "name": "[format('{0}/{1}', parameters('recoveryServicesVaultName'), 'AvdPolicyStorage')]", - "location": "[parameters('location')]", - "tags": "[if(contains(parameters('tags'), 'Microsoft.RecoveryServices/vaults'), parameters('tags')['Microsoft.RecoveryServices/vaults'], createObject())]", - "properties": { - "backupManagementType": "AzureStorage", - "schedulePolicy": { - "scheduleRunFrequency": "Daily", - "scheduleRunTimes": [ - "23:00" - ], - "schedulePolicyType": "SimpleSchedulePolicy" - }, - "retentionPolicy": { - "retentionPolicyType": "LongTermRetentionPolicy", - "dailySchedule": { - "retentionTimes": [ - "23:00" - ], - "retentionDuration": { - "count": 30, - "durationType": "Days" - } - } - }, - "timeZone": "[parameters('timeZone')]", - "workLoadType": "AzureFileShare" - }, - "dependsOn": [ - "[resourceId('Microsoft.RecoveryServices/vaults', parameters('recoveryServicesVaultName'))]" - ] - }, - { - "condition": "[not(parameters('fslogix'))]", - "type": "Microsoft.RecoveryServices/vaults/backupPolicies", - "apiVersion": "2022-03-01", - "name": "[format('{0}/{1}', parameters('recoveryServicesVaultName'), 'AvdPolicyVm')]", - "location": "[parameters('location')]", - "tags": "[if(contains(parameters('tags'), 'Microsoft.RecoveryServices/vaults'), parameters('tags')['Microsoft.RecoveryServices/vaults'], createObject())]", - "properties": { - "backupManagementType": "AzureIaasVM", - "instantRpRetentionRangeInDays": 2, - "policyType": "V2", - "retentionPolicy": { - "retentionPolicyType": "LongTermRetentionPolicy", - "dailySchedule": { - "retentionTimes": [ - "23:00" - ], - "retentionDuration": { - "count": 30, - "durationType": "Days" - } - } - }, - "schedulePolicy": { - "schedulePolicyType": "SimpleSchedulePolicyV2", - "scheduleRunFrequency": "Daily", - "dailySchedule": { - "scheduleRunTimes": [ - "23:00" - ] - } - }, - "timeZone": "[parameters('timeZone')]" - }, - "dependsOn": [ - "[resourceId('Microsoft.RecoveryServices/vaults', parameters('recoveryServicesVaultName'))]" - ] - }, - { - "type": "Microsoft.Network/privateEndpoints", - "apiVersion": "2023-04-01", - "name": "[parameters('recoveryServicesVaultPrivateEndpointName')]", - "location": "[parameters('location')]", - "tags": "[if(contains(parameters('tags'), 'Microsoft.Network/privateEndpoints'), parameters('tags')['Microsoft.Network/privateEndpoints'], createObject())]", - "properties": { - "customNetworkInterfaceName": "[parameters('recoveryServicesVaultNetworkInterfaceName')]", - "privateLinkServiceConnections": [ - { - "name": "[parameters('recoveryServicesVaultPrivateEndpointName')]", - "properties": { - "privateLinkServiceId": "[resourceId('Microsoft.RecoveryServices/vaults', parameters('recoveryServicesVaultName'))]", - "groupIds": [ - "AzureBackup" - ] - } - } - ], - "subnet": { - "id": "[parameters('subnetId')]" - } - }, - "dependsOn": [ - "[resourceId('Microsoft.RecoveryServices/vaults', parameters('recoveryServicesVaultName'))]" - ] - }, - { - "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups", - "apiVersion": "2021-08-01", - "name": "[format('{0}/{1}', parameters('recoveryServicesVaultPrivateEndpointName'), parameters('recoveryServicesVaultName'))]", - "properties": { - "privateDnsZoneConfigs": [ - { - "name": "[replace(parameters('recoveryServicesPrivateDnsZoneResourceId'), '.', '-')]", - "properties": { - "privateDnsZoneId": "[parameters('recoveryServicesPrivateDnsZoneResourceId')]" - } - }, - { - "name": "[replace(parameters('azureQueueStoragePrivateDnsZoneResourceId'), '.', '-')]", - "properties": { - "privateDnsZoneId": "[parameters('azureQueueStoragePrivateDnsZoneResourceId')]" - } - }, - { - "name": "[replace(parameters('azureBlobsPrivateDnsZoneResourceId'), '.', '-')]", - "properties": { - "privateDnsZoneId": "[parameters('azureBlobsPrivateDnsZoneResourceId')]" - } - } - ] - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/privateEndpoints', parameters('recoveryServicesVaultPrivateEndpointName'))]", - "[resourceId('Microsoft.RecoveryServices/vaults', parameters('recoveryServicesVaultName'))]" - ] - } - ] - } - } - } - ], - "outputs": { - "artifactsUserAssignedIdentityClientId": { - "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('artifactsStorageAccountResourceId'), '/')[2], split(parameters('artifactsStorageAccountResourceId'), '/')[4]), 'Microsoft.Resources/deployments', format('Artifacts_{0}', parameters('timestamp'))), '2022-09-01').outputs.userAssignedIdentityClientId.value]" - }, - "artifactsUserAssignedIdentityPrincipalId": { - "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('artifactsStorageAccountResourceId'), '/')[2], split(parameters('artifactsStorageAccountResourceId'), '/')[4]), 'Microsoft.Resources/deployments', format('Artifacts_{0}', parameters('timestamp'))), '2022-09-01').outputs.userAssignedIdentityPrincipalId.value]" - }, - "artifactsUserAssignedIdentityResourceId": { - "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('artifactsStorageAccountResourceId'), '/')[2], split(parameters('artifactsStorageAccountResourceId'), '/')[4]), 'Microsoft.Resources/deployments', format('Artifacts_{0}', parameters('timestamp'))), '2022-09-01').outputs.userAssignedIdentityResourceId.value]" - }, - "dataCollectionRuleResourceId": { - "type": "string", - "value": "[if(parameters('enableMonitoring'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('Monitoring_{0}', parameters('timestamp'))), '2022-09-01').outputs.dataCollectionRuleResourceId.value, '')]" - }, - "deploymentUserAssignedIdentityClientId": { - "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('UserAssignedIdentity_{0}', parameters('timestamp'))), '2022-09-01').outputs.clientId.value]" - }, - "deploymentUserAssignedIdentityPrincipalId": { - "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('UserAssignedIdentity_{0}', parameters('timestamp'))), '2022-09-01').outputs.principalId.value]" - }, - "deploymentUserAssignedIdentityResourceId": { - "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('UserAssignedIdentity_{0}', parameters('timestamp'))), '2022-09-01').outputs.resourceId.value]" - }, - "diskEncryptionSetResourceId": { - "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('DiskEncryptionSet_{0}', parameters('timestamp'))), '2022-09-01').outputs.resourceId.value]" - }, - "encryptionUserAssignedIdentityClientId": { - "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('CustomerManagedKeys_{0}', parameters('timestamp'))), '2022-09-01').outputs.encryptionUserAssignedIdentityClientId.value]" - }, - "encryptionUserAssignedIdentityPrincipalId": { - "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('CustomerManagedKeys_{0}', parameters('timestamp'))), '2022-09-01').outputs.encryptionUserAssignedIdentityPrincipalId.value]" - }, - "encryptionUserAssignedIdentityResourceId": { - "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('CustomerManagedKeys_{0}', parameters('timestamp'))), '2022-09-01').outputs.encryptionUserAssignedIdentityResourceId.value]" - }, - "existingFeedWorkspace": { - "type": "bool", - "value": "[if(equals(reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('Validations_{0}', parameters('timestamp'))), '2022-09-01').outputs.value.value.existingWorkspace, 'true'), true(), false())]" - }, - "hybridRunbookWorkerGroupName": { - "type": "string", - "value": "[if(or(parameters('scalingTool'), equals(parameters('fslogixStorageService'), 'AzureFiles Premium')), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('AutomationAccount_{0}', parameters('timestamp'))), '2022-09-01').outputs.hybridRunbookWorkerGroupName.value, '')]" - }, - "keyVaultUri": { - "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('CustomerManagedKeys_{0}', parameters('timestamp'))), '2022-09-01').outputs.keyVaultUri.value]" - }, - "logAnalyticsWorkspaceResourceId": { - "type": "string", - "value": "[if(parameters('enableMonitoring'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('Monitoring_{0}', parameters('timestamp'))), '2022-09-01').outputs.logAnalyticsWorkspaceResourceId.value, '')]" - }, - "storageEncryptionKeyName": { - "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('CustomerManagedKeys_{0}', parameters('timestamp'))), '2022-09-01').outputs.storageKeyName.value]" - }, - "validateAcceleratedNetworking": { - "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('Validations_{0}', parameters('timestamp'))), '2022-09-01').outputs.value.value.acceleratedNetworking]" - }, - "validateANFDnsServers": { - "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('Validations_{0}', parameters('timestamp'))), '2022-09-01').outputs.value.value.anfDnsServers]" - }, - "validateANFfActiveDirectory": { - "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('Validations_{0}', parameters('timestamp'))), '2022-09-01').outputs.value.value.anfActiveDirectory]" - }, - "validateANFSubnetId": { - "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('Validations_{0}', parameters('timestamp'))), '2022-09-01').outputs.value.value.anfSubnetId]" - }, - "validateAvailabilityZones": { - "type": "array", - "value": "[if(equals(parameters('availability'), 'AvailabilityZones'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('Validations_{0}', parameters('timestamp'))), '2022-09-01').outputs.value.value.availabilityZones, createArray('1'))]" - }, - "virtualMachineName": { - "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('ManagementVirtualMachine_{0}', parameters('timestamp'))), '2022-09-01').outputs.Name.value]" - } - } - } - }, - "dependsOn": [ - "[subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp')))]", - "[subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp')))]", - "[subscriptionResourceId('Microsoft.Resources/deployments', format('Network_ControlPlane_{0}', parameters('timestamp')))]", - "[subscriptionResourceId('Microsoft.Resources/deployments', format('Network_Hosts_{0}', parameters('timestamp')))]", - "rgs" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('Hub_{0}', parameters('timestamp'))]", - "subscriptionId": "[split(parameters('hubSubnetResourceId'), '/')[2]]", - "location": "[deployment().location]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "existingWorkspace": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Management_{0}', parameters('timestamp'))), '2022-09-01').outputs.existingFeedWorkspace.value]" - }, - "globalWorkspacePrivateDnsZoneResourceId": { - "value": "[format('{0}{1}', variables('privateDnsZoneResourceIdPrefix'), reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.avdGlobalPrivateDnsZoneName)]" - }, - "hubSubnetResourceId": { - "value": "[parameters('hubSubnetResourceId')]" - }, - "resourceGroupName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.resourceGroupGlobalWorkspace]" - }, - "timestamp": { - "value": "[parameters('timestamp')]" - }, - "workspaceGlobalName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.workspaceGlobalName]" - }, - "workspaceGlobalNetworkInterfaceName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.workspaceGlobalNetworkInterfaceName]" - }, - "workspaceGlobalPrivateEndpointName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.workspaceGlobalPrivateEndpointName]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "1831916484165547470" - } - }, - "parameters": { - "existingWorkspace": { - "type": "bool" - }, - "globalWorkspacePrivateDnsZoneResourceId": { - "type": "string" - }, - "hubSubnetResourceId": { - "type": "string" - }, - "resourceGroupName": { - "type": "string" - }, - "timestamp": { - "type": "string" - }, - "workspaceGlobalName": { - "type": "string" - }, - "workspaceGlobalNetworkInterfaceName": { - "type": "string" - }, - "workspaceGlobalPrivateEndpointName": { - "type": "string" - } - }, - "resources": [ - { - "condition": "[not(parameters('existingWorkspace'))]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('SharedServices_VirtualNetwork_{0}', parameters('timestamp'))]", - "resourceGroup": "[split(parameters('hubSubnetResourceId'), '/')[4]]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "name": { - "value": "[split(parameters('hubSubnetResourceId'), '/')[8]]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "17840047049187746135" - } - }, - "parameters": { - "name": { - "type": "string" - } - }, - "resources": [], - "outputs": { - "location": { - "type": "string", - "value": "[reference(resourceId('Microsoft.Network/virtualNetworks', parameters('name')), '2023-06-01', 'full').location]" - } - } - } - } - }, - { - "condition": "[not(parameters('existingWorkspace'))]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('ResourceGroup_WorkspaceGlobal_{0}', parameters('timestamp'))]", - "subscriptionId": "[split(parameters('hubSubnetResourceId'), '/')[2]]", - "location": "[deployment().location]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "location": "[if(not(parameters('existingWorkspace')), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, split(parameters('hubSubnetResourceId'), '/')[4]), 'Microsoft.Resources/deployments', format('SharedServices_VirtualNetwork_{0}', parameters('timestamp'))), '2022-09-01').outputs.location.value), createObject('value', ''))]", - "resourceGroupName": { - "value": "[parameters('resourceGroupName')]" - }, - "tags": { - "value": {} - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "9339883053985547507" - } - }, - "parameters": { - "location": { - "type": "string" - }, - "resourceGroupName": { - "type": "string" - }, - "tags": { - "type": "object" - } - }, - "resources": [ - { - "type": "Microsoft.Resources/resourceGroups", - "apiVersion": "2020-10-01", - "name": "[parameters('resourceGroupName')]", - "location": "[parameters('location')]", - "tags": "[if(contains(parameters('tags'), 'Microsoft.Resources/resourceGroups'), parameters('tags')['Microsoft.Resources/resourceGroups'], createObject())]" - } - ] - } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, split(parameters('hubSubnetResourceId'), '/')[4]), 'Microsoft.Resources/deployments', format('SharedServices_VirtualNetwork_{0}', parameters('timestamp')))]" - ] - }, - { - "condition": "[not(parameters('existingWorkspace'))]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('WorkspaceGlobal_{0}', parameters('timestamp'))]", - "resourceGroup": "[parameters('resourceGroupName')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "globalWorkspacePrivateDnsZoneResourceId": { - "value": "[parameters('globalWorkspacePrivateDnsZoneResourceId')]" - }, - "location": "[if(not(parameters('existingWorkspace')), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, split(parameters('hubSubnetResourceId'), '/')[4]), 'Microsoft.Resources/deployments', format('SharedServices_VirtualNetwork_{0}', parameters('timestamp'))), '2022-09-01').outputs.location.value), createObject('value', ''))]", - "subnetResourceId": { - "value": "[parameters('hubSubnetResourceId')]" - }, - "workspaceGlobalName": { - "value": "[parameters('workspaceGlobalName')]" - }, - "workspaceGlobalNetworkInterfaceName": { - "value": "[parameters('workspaceGlobalNetworkInterfaceName')]" - }, - "workspaceGlobalPrivateEndpointName": { - "value": "[parameters('workspaceGlobalPrivateEndpointName')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "3304530629616165690" - } - }, - "parameters": { - "globalWorkspacePrivateDnsZoneResourceId": { - "type": "string" - }, - "location": { - "type": "string" - }, - "subnetResourceId": { - "type": "string" - }, - "workspaceGlobalName": { - "type": "string" - }, - "workspaceGlobalNetworkInterfaceName": { - "type": "string" - }, - "workspaceGlobalPrivateEndpointName": { - "type": "string" - } - }, - "resources": [ - { - "type": "Microsoft.DesktopVirtualization/workspaces", - "apiVersion": "2023-09-05", - "name": "[parameters('workspaceGlobalName')]", - "location": "[parameters('location')]", - "tags": {}, - "properties": {} - }, - { - "type": "Microsoft.Network/privateEndpoints", - "apiVersion": "2023-04-01", - "name": "[parameters('workspaceGlobalPrivateEndpointName')]", - "location": "[parameters('location')]", - "tags": {}, - "properties": { - "customNetworkInterfaceName": "[parameters('workspaceGlobalNetworkInterfaceName')]", - "privateLinkServiceConnections": [ - { - "name": "[parameters('workspaceGlobalPrivateEndpointName')]", - "properties": { - "privateLinkServiceId": "[resourceId('Microsoft.DesktopVirtualization/workspaces', parameters('workspaceGlobalName'))]", - "groupIds": [ - "global" - ] - } - } - ], - "subnet": { - "id": "[parameters('subnetResourceId')]" - } - }, - "dependsOn": [ - "[resourceId('Microsoft.DesktopVirtualization/workspaces', parameters('workspaceGlobalName'))]" - ] - }, - { - "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups", - "apiVersion": "2023-05-01", - "name": "[format('{0}/{1}', parameters('workspaceGlobalPrivateEndpointName'), 'default')]", - "properties": { - "privateDnsZoneConfigs": [ - { - "name": "[replace(split(parameters('globalWorkspacePrivateDnsZoneResourceId'), '/')[8], '.', '-')]", - "properties": { - "privateDnsZoneId": "[parameters('globalWorkspacePrivateDnsZoneResourceId')]" - } - } - ] - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/privateEndpoints', parameters('workspaceGlobalPrivateEndpointName'))]" - ] - } - ] - } - }, - "dependsOn": [ - "[subscriptionResourceId(split(parameters('hubSubnetResourceId'), '/')[2], 'Microsoft.Resources/deployments', format('ResourceGroup_WorkspaceGlobal_{0}', parameters('timestamp')))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, split(parameters('hubSubnetResourceId'), '/')[4]), 'Microsoft.Resources/deployments', format('SharedServices_VirtualNetwork_{0}', parameters('timestamp')))]" - ] - } - ] - } - }, - "dependsOn": [ - "[subscriptionResourceId('Microsoft.Resources/deployments', format('Management_{0}', parameters('timestamp')))]", - "[subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp')))]" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('ControlPlane_{0}', parameters('timestamp'))]", - "location": "[deployment().location]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "activeDirectorySolution": { - "value": "[parameters('activeDirectorySolution')]" - }, - "artifactsUri": { - "value": "[variables('artifactsUri')]" - }, - "avdPrivateDnsZoneResourceId": { - "value": "[format('{0}{1}', variables('privateDnsZoneResourceIdPrefix'), reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.avdPrivateDnsZoneName)]" - }, - "customRdpProperty": { - "value": "[parameters('customRdpProperty')]" - }, - "deploymentUserAssignedIdentityClientId": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Management_{0}', parameters('timestamp'))), '2022-09-01').outputs.deploymentUserAssignedIdentityClientId.value]" - }, - "desktopApplicationGroupName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.desktopApplicationGroupName]" - }, - "desktopFriendlyName": "[if(empty(parameters('desktopFriendlyName')), createObject('value', string(parameters('stampIndex'))), createObject('value', parameters('desktopFriendlyName')))]", - "existingFeedWorkspace": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Management_{0}', parameters('timestamp'))), '2022-09-01').outputs.existingFeedWorkspace.value]" - }, - "hostPoolDiagnosticSettingName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.hostPoolDiagnosticSettingName]" - }, - "hostPoolName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.hostPoolName]" - }, - "hostPoolNetworkInterfaceName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.hostPoolNetworkInterfaceName]" - }, - "hostPoolPrivateEndpointName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.hostPoolPrivateEndpointName]" - }, - "hostPoolPublicNetworkAccess": { - "value": "[parameters('hostPoolPublicNetworkAccess')]" - }, - "hostPoolType": { - "value": "[parameters('hostPoolType')]" - }, - "locationControlPlane": { - "value": "[parameters('locationControlPlane')]" - }, - "locationVirtualMachines": { - "value": "[parameters('locationVirtualMachines')]" - }, - "logAnalyticsWorkspaceResourceId": "[if(parameters('monitoring'), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Management_{0}', parameters('timestamp'))), '2022-09-01').outputs.logAnalyticsWorkspaceResourceId.value), createObject('value', ''))]", - "managementVirtualMachineName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Management_{0}', parameters('timestamp'))), '2022-09-01').outputs.virtualMachineName.value]" - }, - "maxSessionLimit": { - "value": "[mul(parameters('usersPerCore'), parameters('virtualMachineVirtualCpuCount'))]" - }, - "monitoring": { - "value": "[parameters('monitoring')]" - }, - "resourceGroupControlPlane": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.resourceGroupControlPlane]" - }, - "resourceGroupFeedWorkspace": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.resourceGroupFeedWorkspace]" - }, - "resourceGroupManagement": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.resourceGroupManagement]" - }, - "roleDefinitions": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp'))), '2022-09-01').outputs.roleDefinitions.value]" - }, - "securityPrincipalObjectIds": { - "value": "[map(parameters('securityPrincipals'), lambda('item', lambdaVariables('item').objectId))]" - }, - "subnetResourceId": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Network_ControlPlane_{0}', parameters('timestamp'))), '2022-09-01').outputs.subnetResourceId.value]" - }, - "tags": { - "value": "[parameters('tags')]" - }, - "timestamp": { - "value": "[parameters('timestamp')]" - }, - "validationEnvironment": { - "value": "[parameters('validationEnvironment')]" - }, - "vmTemplate": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp'))), '2022-09-01').outputs.vmTemplate.value]" - }, - "workspaceFeedDiagnoticSettingName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.workspaceFeedDiagnosticSettingName]" - }, - "workspaceFeedName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.workspaceFeedName]" - }, - "workspaceFeedNetworkInterfaceName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.workspaceFeedNetworkInterfaceName]" - }, - "workspaceFeedPrivateEndpointName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.workspaceFeedPrivateEndpointName]" - }, - "workspaceFriendlyName": "[if(empty(parameters('workspaceFriendlyName')), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.workspaceFriendlyName), createObject('value', format('{0} ({1})', parameters('workspaceFriendlyName'), parameters('locationControlPlane'))))]", - "workspacePublicNetworkAccess": { - "value": "[parameters('workspacePublicNetworkAccess')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "1483856987008224120" - } - }, - "parameters": { - "activeDirectorySolution": { - "type": "string" - }, - "artifactsUri": { - "type": "string" - }, - "avdPrivateDnsZoneResourceId": { - "type": "string" - }, - "customRdpProperty": { - "type": "string" - }, - "deploymentUserAssignedIdentityClientId": { - "type": "string" - }, - "desktopApplicationGroupName": { - "type": "string" - }, - "desktopFriendlyName": { - "type": "string" - }, - "existingFeedWorkspace": { - "type": "bool" - }, - "hostPoolDiagnosticSettingName": { - "type": "string" - }, - "hostPoolName": { - "type": "string" - }, - "hostPoolNetworkInterfaceName": { - "type": "string" - }, - "hostPoolPrivateEndpointName": { - "type": "string" - }, - "hostPoolPublicNetworkAccess": { - "type": "string" - }, - "hostPoolType": { - "type": "string" - }, - "locationControlPlane": { - "type": "string" - }, - "locationVirtualMachines": { - "type": "string" - }, - "logAnalyticsWorkspaceResourceId": { - "type": "string" - }, - "managementVirtualMachineName": { - "type": "string" - }, - "maxSessionLimit": { - "type": "int" - }, - "monitoring": { - "type": "bool" - }, - "resourceGroupControlPlane": { - "type": "string" - }, - "resourceGroupFeedWorkspace": { - "type": "string" - }, - "resourceGroupManagement": { - "type": "string" - }, - "roleDefinitions": { - "type": "object" - }, - "securityPrincipalObjectIds": { - "type": "array" - }, - "subnetResourceId": { - "type": "string" - }, - "tags": { - "type": "object" - }, - "timestamp": { - "type": "string" - }, - "validationEnvironment": { - "type": "bool" - }, - "vmTemplate": { - "type": "string" - }, - "workspaceFeedDiagnoticSettingName": { - "type": "string" - }, - "workspaceFeedName": { - "type": "string" - }, - "workspaceFeedNetworkInterfaceName": { - "type": "string" - }, - "workspaceFeedPrivateEndpointName": { - "type": "string" - }, - "workspaceFriendlyName": { - "type": "string" - }, - "workspacePublicNetworkAccess": { - "type": "string" - } - }, - "resources": [ - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('HostPool_{0}', parameters('timestamp'))]", - "resourceGroup": "[parameters('resourceGroupControlPlane')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "activeDirectorySolution": { - "value": "[parameters('activeDirectorySolution')]" - }, - "avdPrivateDnsZoneResourceId": { - "value": "[parameters('avdPrivateDnsZoneResourceId')]" - }, - "customRdpProperty": { - "value": "[parameters('customRdpProperty')]" - }, - "hostPoolDiagnosticSettingName": { - "value": "[parameters('hostPoolDiagnosticSettingName')]" - }, - "hostPoolName": { - "value": "[parameters('hostPoolName')]" - }, - "hostPoolNetworkInterfaceName": { - "value": "[parameters('hostPoolNetworkInterfaceName')]" - }, - "hostPoolPrivateEndpointName": { - "value": "[parameters('hostPoolPrivateEndpointName')]" - }, - "hostPoolPublicNetworkAccess": { - "value": "[parameters('hostPoolPublicNetworkAccess')]" - }, - "hostPoolType": { - "value": "[parameters('hostPoolType')]" - }, - "location": { - "value": "[parameters('locationControlPlane')]" - }, - "logAnalyticsWorkspaceResourceId": { - "value": "[parameters('logAnalyticsWorkspaceResourceId')]" - }, - "maxSessionLimit": { - "value": "[parameters('maxSessionLimit')]" - }, - "monitoring": { - "value": "[parameters('monitoring')]" - }, - "subnetResourceId": { - "value": "[parameters('subnetResourceId')]" - }, - "tags": { - "value": "[parameters('tags')]" - }, - "validationEnvironment": { - "value": "[parameters('validationEnvironment')]" - }, - "vmTemplate": { - "value": "[parameters('vmTemplate')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "8220205815865310794" - } - }, - "parameters": { - "activeDirectorySolution": { - "type": "string" - }, - "avdPrivateDnsZoneResourceId": { - "type": "string" - }, - "customRdpProperty": { - "type": "string" - }, - "hostPoolDiagnosticSettingName": { - "type": "string" - }, - "hostPoolName": { - "type": "string" - }, - "hostPoolNetworkInterfaceName": { - "type": "string" - }, - "hostPoolPrivateEndpointName": { - "type": "string" - }, - "hostPoolPublicNetworkAccess": { - "type": "string" - }, - "hostPoolType": { - "type": "string" - }, - "location": { - "type": "string" - }, - "logAnalyticsWorkspaceResourceId": { - "type": "string" - }, - "maxSessionLimit": { - "type": "int" - }, - "monitoring": { - "type": "bool" - }, - "subnetResourceId": { - "type": "string" - }, - "tags": { - "type": "object" - }, - "time": { - "type": "string", - "defaultValue": "[utcNow('u')]" - }, - "validationEnvironment": { - "type": "bool" - }, - "vmTemplate": { - "type": "string" - } - }, - "variables": { - "customRdpProperty_Complete": "[if(contains(parameters('activeDirectorySolution'), 'MicrosoftEntraId'), format('{0}targetisaadjoined:i:1;enablerdsaadauth:i:1;', parameters('customRdpProperty')), parameters('customRdpProperty'))]", - "hostPoolLogs": [ - { - "category": "Checkpoint", - "enabled": true - }, - { - "category": "Error", - "enabled": true - }, - { - "category": "Management", - "enabled": true - }, - { - "category": "Connection", - "enabled": true - }, - { - "category": "HostRegistration", - "enabled": true - }, - { - "category": "AgentHealthStatus", - "enabled": true - } - ] - }, - "resources": [ - { - "type": "Microsoft.DesktopVirtualization/hostPools", - "apiVersion": "2023-09-05", - "name": "[parameters('hostPoolName')]", - "location": "[parameters('location')]", - "tags": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, resourceGroup().name, parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.DesktopVirtualization/hostPools'), parameters('tags')['Microsoft.DesktopVirtualization/hostPools'], createObject()))]", - "properties": { - "customRdpProperty": "[variables('customRdpProperty_Complete')]", - "hostPoolType": "[split(parameters('hostPoolType'), ' ')[0]]", - "loadBalancerType": "[if(contains(parameters('hostPoolType'), 'Pooled'), split(parameters('hostPoolType'), ' ')[1], 'Persistent')]", - "maxSessionLimit": "[parameters('maxSessionLimit')]", - "personalDesktopAssignmentType": "[if(contains(parameters('hostPoolType'), 'Personal'), split(parameters('hostPoolType'), ' ')[1], null())]", - "preferredAppGroupType": "Desktop", - "publicNetworkAccess": "[parameters('hostPoolPublicNetworkAccess')]", - "registrationInfo": { - "expirationTime": "[dateTimeAdd(parameters('time'), 'PT2H')]", - "registrationTokenOperation": "Update" - }, - "startVMOnConnect": true, - "validationEnvironment": "[parameters('validationEnvironment')]", - "vmTemplate": "[parameters('vmTemplate')]" - } - }, - { - "type": "Microsoft.Network/privateEndpoints", - "apiVersion": "2023-04-01", - "name": "[parameters('hostPoolPrivateEndpointName')]", - "location": "[parameters('location')]", - "tags": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, resourceGroup().name, parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.Network/privateEndpoints'), parameters('tags')['Microsoft.Network/privateEndpoints'], createObject()))]", - "properties": { - "customNetworkInterfaceName": "[parameters('hostPoolNetworkInterfaceName')]", - "privateLinkServiceConnections": [ - { - "name": "[parameters('hostPoolPrivateEndpointName')]", - "properties": { - "privateLinkServiceId": "[resourceId('Microsoft.DesktopVirtualization/hostPools', parameters('hostPoolName'))]", - "groupIds": [ - "connection" - ] - } - } - ], - "subnet": { - "id": "[parameters('subnetResourceId')]" - } - }, - "dependsOn": [ - "[resourceId('Microsoft.DesktopVirtualization/hostPools', parameters('hostPoolName'))]" - ] - }, - { - "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups", - "apiVersion": "2023-05-01", - "name": "[format('{0}/{1}', parameters('hostPoolPrivateEndpointName'), 'default')]", - "properties": { - "privateDnsZoneConfigs": [ - { - "name": "[replace(split(parameters('avdPrivateDnsZoneResourceId'), '/')[8], '.', '-')]", - "properties": { - "privateDnsZoneId": "[parameters('avdPrivateDnsZoneResourceId')]" - } - } - ] - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/privateEndpoints', parameters('hostPoolPrivateEndpointName'))]" - ] - }, - { - "condition": "[parameters('monitoring')]", - "type": "Microsoft.Insights/diagnosticSettings", - "apiVersion": "2021-05-01-preview", - "scope": "[format('Microsoft.DesktopVirtualization/hostPools/{0}', parameters('hostPoolName'))]", - "name": "[parameters('hostPoolDiagnosticSettingName')]", - "properties": { - "logs": "[variables('hostPoolLogs')]", - "workspaceId": "[parameters('logAnalyticsWorkspaceResourceId')]" - }, - "dependsOn": [ - "[resourceId('Microsoft.DesktopVirtualization/hostPools', parameters('hostPoolName'))]" - ] - } - ], - "outputs": { - "ResourceId": { - "type": "string", - "value": "[resourceId('Microsoft.DesktopVirtualization/hostPools', parameters('hostPoolName'))]" - } - } - } - } - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('ApplicationGroup_{0}', parameters('timestamp'))]", - "resourceGroup": "[parameters('resourceGroupControlPlane')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "artifactsUri": { - "value": "[parameters('artifactsUri')]" - }, - "deploymentUserAssignedIdentityClientId": { - "value": "[parameters('deploymentUserAssignedIdentityClientId')]" - }, - "desktopApplicationGroupName": { - "value": "[parameters('desktopApplicationGroupName')]" - }, - "hostPoolResourceId": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupControlPlane')), 'Microsoft.Resources/deployments', format('HostPool_{0}', parameters('timestamp'))), '2022-09-01').outputs.ResourceId.value]" - }, - "locationControlPlane": { - "value": "[parameters('locationControlPlane')]" - }, - "locationVirtualMachines": { - "value": "[parameters('locationVirtualMachines')]" - }, - "resourceGroupManagement": { - "value": "[parameters('resourceGroupManagement')]" - }, - "roleDefinitions": { - "value": "[parameters('roleDefinitions')]" - }, - "securityPrincipalObjectIds": { - "value": "[parameters('securityPrincipalObjectIds')]" - }, - "desktopFriendlyName": { - "value": "[parameters('desktopFriendlyName')]" - }, - "tags": { - "value": "[parameters('tags')]" - }, - "timestamp": { - "value": "[parameters('timestamp')]" - }, - "virtualMachineName": { - "value": "[parameters('managementVirtualMachineName')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "9416224740979840209" - } - }, - "parameters": { - "artifactsUri": { - "type": "string" - }, - "deploymentUserAssignedIdentityClientId": { - "type": "string" - }, - "desktopApplicationGroupName": { - "type": "string" - }, - "desktopFriendlyName": { - "type": "string" - }, - "hostPoolResourceId": { - "type": "string" - }, - "locationControlPlane": { - "type": "string" - }, - "locationVirtualMachines": { - "type": "string" - }, - "resourceGroupManagement": { - "type": "string" - }, - "roleDefinitions": { - "type": "object" - }, - "securityPrincipalObjectIds": { - "type": "array" - }, - "tags": { - "type": "object" - }, - "timestamp": { - "type": "string" - }, - "virtualMachineName": { - "type": "string" - } - }, - "resources": [ - { - "type": "Microsoft.DesktopVirtualization/applicationGroups", - "apiVersion": "2021-03-09-preview", - "name": "[parameters('desktopApplicationGroupName')]", - "location": "[parameters('locationControlPlane')]", - "tags": "[union(createObject('cm-resource-parent', parameters('hostPoolResourceId')), if(contains(parameters('tags'), 'Microsoft.DesktopVirtualization/applicationGroups'), parameters('tags')['Microsoft.DesktopVirtualization/applicationGroups'], createObject()))]", - "properties": { - "hostPoolArmPath": "[parameters('hostPoolResourceId')]", - "applicationGroupType": "Desktop" - } - }, - { - "copy": { - "name": "roleAssignment", - "count": "[length(range(0, length(parameters('securityPrincipalObjectIds'))))]" - }, - "type": "Microsoft.Authorization/roleAssignments", - "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.DesktopVirtualization/applicationGroups/{0}', parameters('desktopApplicationGroupName'))]", - "name": "[guid(parameters('securityPrincipalObjectIds')[range(0, length(parameters('securityPrincipalObjectIds')))[copyIndex()]], parameters('roleDefinitions').DesktopVirtualizationUser, parameters('desktopApplicationGroupName'))]", - "properties": { - "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', parameters('roleDefinitions').DesktopVirtualizationUser)]", - "principalId": "[parameters('securityPrincipalObjectIds')[range(0, length(parameters('securityPrincipalObjectIds')))[copyIndex()]]]" - }, - "dependsOn": [ - "[resourceId('Microsoft.DesktopVirtualization/applicationGroups', parameters('desktopApplicationGroupName'))]" - ] - }, - { - "condition": "[not(empty(parameters('desktopFriendlyName')))]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('ApplicationFriendlyName_{0}', parameters('timestamp'))]", - "resourceGroup": "[parameters('resourceGroupManagement')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "fileUris": { - "value": [ - "[format('{0}Update-AvdDesktop.ps1', parameters('artifactsUri'))]" - ] - }, - "location": { - "value": "[parameters('locationVirtualMachines')]" - }, - "parameters": { - "value": "[format('-ApplicationGroupName {0} -Environment {1} -FriendlyName \"{2}\" -ResourceGroupName {3} -SubscriptionId {4} -Tenant {5} -UserAssignedIdentityClientId {6}', parameters('desktopApplicationGroupName'), environment().name, parameters('desktopFriendlyName'), resourceGroup().name, subscription().subscriptionId, tenant().tenantId, parameters('deploymentUserAssignedIdentityClientId'))]" - }, - "scriptFileName": { - "value": "Update-AvdDesktop.ps1" - }, - "tags": { - "value": "[union(createObject('cm-resource-parent', parameters('hostPoolResourceId')), if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), parameters('tags')['Microsoft.Compute/virtualMachines'], createObject()))]" - }, - "userAssignedIdentityClientId": { - "value": "[parameters('deploymentUserAssignedIdentityClientId')]" - }, - "virtualMachineName": { - "value": "[parameters('virtualMachineName')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "13331181864693511452" - } - }, - "parameters": { - "fileUris": { - "type": "array" - }, - "location": { - "type": "string" - }, - "parameters": { - "type": "securestring" - }, - "scriptFileName": { - "type": "string" - }, - "tags": { - "type": "object" - }, - "timestamp": { - "type": "string", - "defaultValue": "[utcNow('yyyyMMddhhmmss')]" - }, - "userAssignedIdentityClientId": { - "type": "string" - }, - "virtualMachineName": { - "type": "string" - } - }, - "resources": [ - { - "type": "Microsoft.Compute/virtualMachines/extensions", - "apiVersion": "2021-03-01", - "name": "[format('{0}/{1}', parameters('virtualMachineName'), 'CustomScriptExtension')]", - "location": "[parameters('location')]", - "tags": "[parameters('tags')]", - "properties": { - "publisher": "Microsoft.Compute", - "type": "CustomScriptExtension", - "typeHandlerVersion": "1.10", - "autoUpgradeMinorVersion": true, - "settings": { - "timestamp": "[parameters('timestamp')]" - }, - "protectedSettings": { - "commandToExecute": "[format('powershell -ExecutionPolicy Unrestricted -File {0} {1}', parameters('scriptFileName'), parameters('parameters'))]", - "fileUris": "[parameters('fileUris')]", - "managedIdentity": { - "clientId": "[parameters('userAssignedIdentityClientId')]" - } - } - } - } - ], - "outputs": { - "value": { - "type": "object", - "value": "[json(filter(reference(resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), 'CustomScriptExtension'), '2021-03-01').instanceView.substatuses, lambda('item', equals(lambdaVariables('item').code, 'ComponentStatus/StdOut/succeeded')))[0].message)]" - } - } - } - }, - "dependsOn": [ - "[resourceId('Microsoft.DesktopVirtualization/applicationGroups', parameters('desktopApplicationGroupName'))]" - ] - } - ], - "outputs": { - "applicationGroupReference": { - "type": "array", - "value": [ - "[resourceId('Microsoft.DesktopVirtualization/applicationGroups', parameters('desktopApplicationGroupName'))]" - ] - }, - "resourceId": { - "type": "string", - "value": "[resourceId('Microsoft.DesktopVirtualization/applicationGroups', parameters('desktopApplicationGroupName'))]" - } - } - } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupControlPlane')), 'Microsoft.Resources/deployments', format('HostPool_{0}', parameters('timestamp')))]" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('WorkspaceFeed_{0}', parameters('timestamp'))]", - "resourceGroup": "[parameters('resourceGroupFeedWorkspace')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "applicationGroupReferences": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupControlPlane')), 'Microsoft.Resources/deployments', format('ApplicationGroup_{0}', parameters('timestamp'))), '2022-09-01').outputs.applicationGroupReference.value]" - }, - "artifactsUri": { - "value": "[parameters('artifactsUri')]" - }, - "avdPrivateDnsZoneResourceId": { - "value": "[parameters('avdPrivateDnsZoneResourceId')]" - }, - "deploymentUserAssignedIdentityClientId": { - "value": "[parameters('deploymentUserAssignedIdentityClientId')]" - }, - "existing": { - "value": "[parameters('existingFeedWorkspace')]" - }, - "hostPoolName": { - "value": "[parameters('hostPoolName')]" - }, - "locationControlPlane": { - "value": "[parameters('locationControlPlane')]" - }, - "locationVirtualMachines": { - "value": "[parameters('locationVirtualMachines')]" - }, - "logAnalyticsWorkspaceResourceId": { - "value": "[parameters('logAnalyticsWorkspaceResourceId')]" - }, - "monitoring": { - "value": "[parameters('monitoring')]" - }, - "resourceGroupManagement": { - "value": "[parameters('resourceGroupManagement')]" - }, - "subnetResourceId": { - "value": "[parameters('subnetResourceId')]" - }, - "tags": { - "value": "[parameters('tags')]" - }, - "timestamp": { - "value": "[parameters('timestamp')]" - }, - "virtualMachineName": { - "value": "[parameters('managementVirtualMachineName')]" - }, - "workspaceFeedDiagnoticSettingName": { - "value": "[parameters('workspaceFeedDiagnoticSettingName')]" - }, - "workspaceFeedName": { - "value": "[parameters('workspaceFeedName')]" - }, - "workspaceFeedNetworkInterfaceName": { - "value": "[parameters('workspaceFeedNetworkInterfaceName')]" - }, - "workspaceFeedPrivateEndpointName": { - "value": "[parameters('workspaceFeedPrivateEndpointName')]" - }, - "workspaceFriendlyName": { - "value": "[parameters('workspaceFriendlyName')]" - }, - "workspacePublicNetworkAccess": { - "value": "[parameters('workspacePublicNetworkAccess')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "1049617894193802448" - } - }, - "parameters": { - "applicationGroupReferences": { - "type": "array" - }, - "artifactsUri": { - "type": "string" - }, - "avdPrivateDnsZoneResourceId": { - "type": "string" - }, - "deploymentUserAssignedIdentityClientId": { - "type": "string" - }, - "existing": { - "type": "bool" - }, - "hostPoolName": { - "type": "string" - }, - "locationControlPlane": { - "type": "string" - }, - "locationVirtualMachines": { - "type": "string" - }, - "logAnalyticsWorkspaceResourceId": { - "type": "string" - }, - "monitoring": { - "type": "bool" - }, - "resourceGroupManagement": { - "type": "string" - }, - "subnetResourceId": { - "type": "string" - }, - "tags": { - "type": "object" - }, - "timestamp": { - "type": "string" - }, - "virtualMachineName": { - "type": "string" - }, - "workspaceFeedDiagnoticSettingName": { - "type": "string" - }, - "workspaceFeedName": { - "type": "string" - }, - "workspaceFeedNetworkInterfaceName": { - "type": "string" - }, - "workspaceFeedPrivateEndpointName": { - "type": "string" - }, - "workspaceFriendlyName": { - "type": "string" - }, - "workspacePublicNetworkAccess": { - "type": "string" - } - }, - "resources": [ - { - "condition": "[not(parameters('existing'))]", - "type": "Microsoft.DesktopVirtualization/workspaces", - "apiVersion": "2023-09-05", - "name": "[parameters('workspaceFeedName')]", - "location": "[parameters('locationControlPlane')]", - "tags": {}, - "properties": { - "applicationGroupReferences": "[parameters('applicationGroupReferences')]", - "friendlyName": "[parameters('workspaceFriendlyName')]", - "publicNetworkAccess": "[parameters('workspacePublicNetworkAccess')]" - } - }, - { - "condition": "[not(parameters('existing'))]", - "type": "Microsoft.Network/privateEndpoints", - "apiVersion": "2023-04-01", - "name": "[parameters('workspaceFeedPrivateEndpointName')]", - "location": "[parameters('locationControlPlane')]", - "tags": {}, - "properties": { - "customNetworkInterfaceName": "[parameters('workspaceFeedNetworkInterfaceName')]", - "privateLinkServiceConnections": [ - { - "name": "[parameters('workspaceFeedPrivateEndpointName')]", - "properties": { - "privateLinkServiceId": "[resourceId('Microsoft.DesktopVirtualization/workspaces', parameters('workspaceFeedName'))]", - "groupIds": [ - "feed" - ] - } - } - ], - "subnet": { - "id": "[parameters('subnetResourceId')]" - } - }, - "dependsOn": [ - "[resourceId('Microsoft.DesktopVirtualization/workspaces', parameters('workspaceFeedName'))]" - ] - }, - { - "condition": "[not(parameters('existing'))]", - "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups", - "apiVersion": "2023-05-01", - "name": "[format('{0}/{1}', parameters('workspaceFeedPrivateEndpointName'), 'default')]", - "properties": { - "privateDnsZoneConfigs": [ - { - "name": "[replace(split(parameters('avdPrivateDnsZoneResourceId'), '/')[8], '.', '-')]", - "properties": { - "privateDnsZoneId": "[parameters('avdPrivateDnsZoneResourceId')]" - } - } - ] - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/privateEndpoints', parameters('workspaceFeedPrivateEndpointName'))]" - ] - }, - { - "condition": "[and(not(parameters('existing')), parameters('monitoring'))]", - "type": "Microsoft.Insights/diagnosticSettings", - "apiVersion": "2021-05-01-preview", - "scope": "[format('Microsoft.DesktopVirtualization/workspaces/{0}', parameters('workspaceFeedName'))]", - "name": "[parameters('workspaceFeedDiagnoticSettingName')]", - "properties": { - "logs": [ - { - "category": "Checkpoint", - "enabled": true - }, - { - "category": "Error", - "enabled": true - }, - { - "category": "Management", - "enabled": true - }, - { - "category": "Feed", - "enabled": true - } - ], - "workspaceId": "[parameters('logAnalyticsWorkspaceResourceId')]" - }, - "dependsOn": [ - "[resourceId('Microsoft.DesktopVirtualization/workspaces', parameters('workspaceFeedName'))]" - ] - }, - { - "condition": "[parameters('existing')]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('AddApplicationGroupReferences_{0}', parameters('timestamp'))]", - "resourceGroup": "[parameters('resourceGroupManagement')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "fileUris": { - "value": [ - "[format('{0}Update-AvdWorkspace.ps1', parameters('artifactsUri'))]" - ] - }, - "location": { - "value": "[parameters('locationVirtualMachines')]" - }, - "parameters": { - "value": "[format('-ApplicationGroupReferences \"{0}\" -Environment {1} -ResourceGroupName {2} -SubscriptionId {3} -TenantId {4} -UserAssignedIdentityClientId {5} -WorkspaceName {6}', parameters('applicationGroupReferences'), environment().name, resourceGroup().name, subscription().subscriptionId, tenant().tenantId, parameters('deploymentUserAssignedIdentityClientId'), parameters('workspaceFeedName'))]" - }, - "scriptFileName": { - "value": "Update-AvdWorkspace.ps1" - }, - "tags": { - "value": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, resourceGroup().name, parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), parameters('tags')['Microsoft.Compute/virtualMachines'], createObject()))]" - }, - "userAssignedIdentityClientId": { - "value": "[parameters('deploymentUserAssignedIdentityClientId')]" - }, - "virtualMachineName": { - "value": "[parameters('virtualMachineName')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "13331181864693511452" - } - }, - "parameters": { - "fileUris": { - "type": "array" - }, - "location": { - "type": "string" - }, - "parameters": { - "type": "securestring" - }, - "scriptFileName": { - "type": "string" - }, - "tags": { - "type": "object" - }, - "timestamp": { - "type": "string", - "defaultValue": "[utcNow('yyyyMMddhhmmss')]" - }, - "userAssignedIdentityClientId": { - "type": "string" - }, - "virtualMachineName": { - "type": "string" - } - }, - "resources": [ - { - "type": "Microsoft.Compute/virtualMachines/extensions", - "apiVersion": "2021-03-01", - "name": "[format('{0}/{1}', parameters('virtualMachineName'), 'CustomScriptExtension')]", - "location": "[parameters('location')]", - "tags": "[parameters('tags')]", - "properties": { - "publisher": "Microsoft.Compute", - "type": "CustomScriptExtension", - "typeHandlerVersion": "1.10", - "autoUpgradeMinorVersion": true, - "settings": { - "timestamp": "[parameters('timestamp')]" - }, - "protectedSettings": { - "commandToExecute": "[format('powershell -ExecutionPolicy Unrestricted -File {0} {1}', parameters('scriptFileName'), parameters('parameters'))]", - "fileUris": "[parameters('fileUris')]", - "managedIdentity": { - "clientId": "[parameters('userAssignedIdentityClientId')]" - } - } - } - } - ], - "outputs": { - "value": { - "type": "object", - "value": "[json(filter(reference(resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), 'CustomScriptExtension'), '2021-03-01').instanceView.substatuses, lambda('item', equals(lambdaVariables('item').code, 'ComponentStatus/StdOut/succeeded')))[0].message)]" - } - } - } - } - } - ] - } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupControlPlane')), 'Microsoft.Resources/deployments', format('ApplicationGroup_{0}', parameters('timestamp')))]" - ] - } - ] - } - }, - "dependsOn": [ - "[subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp')))]", - "[subscriptionResourceId('Microsoft.Resources/deployments', format('Management_{0}', parameters('timestamp')))]", - "[subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp')))]", - "[subscriptionResourceId('Microsoft.Resources/deployments', format('Network_ControlPlane_{0}', parameters('timestamp')))]", - "rgs" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('FSLogix_{0}', parameters('timestamp'))]", - "location": "[deployment().location]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "activeDirectoryConnection": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Management_{0}', parameters('timestamp'))), '2022-09-01').outputs.validateANFfActiveDirectory.value]" - }, - "activeDirectorySolution": { - "value": "[parameters('activeDirectorySolution')]" - }, - "artifactsUri": { - "value": "[variables('artifactsUri')]" - }, - "automationAccountName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.automationAccountName]" - }, - "availability": { - "value": "[parameters('availability')]" - }, - "azureFilesPrivateDnsZoneResourceId": { - "value": "[format('{0}{1}', variables('privateDnsZoneResourceIdPrefix'), reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.filePrivateDnsZoneName)]" - }, - "delegatedSubnetId": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Management_{0}', parameters('timestamp'))), '2022-09-01').outputs.validateANFSubnetId.value]" - }, - "deploymentUserAssignedIdentityClientId": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Management_{0}', parameters('timestamp'))), '2022-09-01').outputs.deploymentUserAssignedIdentityClientId.value]" - }, - "dnsServers": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Management_{0}', parameters('timestamp'))), '2022-09-01').outputs.validateANFDnsServers.value]" - }, - "domainJoinPassword": { - "value": "[parameters('domainJoinPassword')]" - }, - "domainJoinUserPrincipalName": { - "value": "[parameters('domainJoinUserPrincipalName')]" - }, - "domainName": { - "value": "[parameters('domainName')]" - }, - "encryptionUserAssignedIdentityResourceId": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Management_{0}', parameters('timestamp'))), '2022-09-01').outputs.encryptionUserAssignedIdentityResourceId.value]" - }, - "fileShares": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp'))), '2022-09-01').outputs.fileShares.value]" - }, - "fslogixContainerType": { - "value": "[parameters('fslogixContainerType')]" - }, - "fslogixShareSizeInGB": { - "value": "[parameters('fslogixShareSizeInGB')]" - }, - "fslogixStorageService": { - "value": "[parameters('fslogixStorageService')]" - }, - "hostPoolName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.hostPoolName]" - }, - "hostPoolType": { - "value": "[parameters('hostPoolType')]" - }, - "keyVaultUri": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Management_{0}', parameters('timestamp'))), '2022-09-01').outputs.keyVaultUri.value]" - }, - "location": { - "value": "[parameters('locationVirtualMachines')]" - }, - "managementVirtualMachineName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Management_{0}', parameters('timestamp'))), '2022-09-01').outputs.virtualMachineName.value]" - }, - "netAppAccountName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.netAppAccountName]" - }, - "netAppCapacityPoolName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.netAppCapacityPoolName]" - }, - "netbios": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp'))), '2022-09-01').outputs.netbios.value]" - }, - "organizationalUnitPath": { - "value": "[parameters('organizationalUnitPath')]" - }, - "recoveryServices": { - "value": "[parameters('recoveryServices')]" - }, - "recoveryServicesVaultName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.recoveryServicesVaultName]" - }, - "resourceGroupControlPlane": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.resourceGroupControlPlane]" - }, - "resourceGroupManagement": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.resourceGroupManagement]" - }, - "resourceGroupStorage": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.resourceGroupStorage]" - }, - "securityPrincipalNames": { - "value": "[map(parameters('securityPrincipals'), lambda('item', lambdaVariables('item').name))]" - }, - "securityPrincipalObjectIds": { - "value": "[map(parameters('securityPrincipals'), lambda('item', lambdaVariables('item').objectId))]" - }, - "serviceName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.serviceName.value]" - }, - "smbServerLocation": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp'))), '2022-09-01').outputs.smbServerLocation.value]" - }, - "storageAccountNamePrefix": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.storageAccountNamePrefix]" - }, - "storageAccountNetworkInterfaceNamePrefix": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.storageAccountNetworkInterfaceNamePrefix]" - }, - "storageAccountPrivateEndpointNamePrefix": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.storageAccountPrivateEndpointNamePrefix]" - }, - "storageCount": { - "value": "[parameters('storageCount')]" - }, - "storageEncryptionKeyName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Management_{0}', parameters('timestamp'))), '2022-09-01').outputs.storageEncryptionKeyName.value]" - }, - "storageIndex": { - "value": "[parameters('storageIndex')]" - }, - "storageService": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp'))), '2022-09-01').outputs.storageService.value]" - }, - "storageSku": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp'))), '2022-09-01').outputs.storageSku.value]" - }, - "subnet": "[if(equals(length(variables('deploymentLocations')), 1), createObject('value', split(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Network_ControlPlane_{0}', parameters('timestamp'))), '2022-09-01').outputs.subnetResourceId.value, '/')[10]), createObject('value', split(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Network_Hosts_{0}', parameters('timestamp'))), '2022-09-01').outputs.subnetResourceId.value, '/')[10]))]", - "tags": { - "value": "[parameters('tags')]" - }, - "timestamp": { - "value": "[parameters('timestamp')]" - }, - "timeZone": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp'))), '2022-09-01').outputs.timeZone.value]" - }, - "virtualNetwork": "[if(equals(length(variables('deploymentLocations')), 1), createObject('value', split(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Network_ControlPlane_{0}', parameters('timestamp'))), '2022-09-01').outputs.subnetResourceId.value, '/')[8]), createObject('value', split(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Network_Hosts_{0}', parameters('timestamp'))), '2022-09-01').outputs.subnetResourceId.value, '/')[8]))]", - "virtualNetworkResourceGroup": "[if(equals(length(variables('deploymentLocations')), 1), createObject('value', split(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Network_ControlPlane_{0}', parameters('timestamp'))), '2022-09-01').outputs.subnetResourceId.value, '/')[4]), createObject('value', split(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Network_Hosts_{0}', parameters('timestamp'))), '2022-09-01').outputs.subnetResourceId.value, '/')[4]))]" - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "3180693113428458143" - } - }, - "parameters": { - "artifactsUri": { - "type": "string" - }, - "activeDirectoryConnection": { - "type": "string" - }, - "activeDirectorySolution": { - "type": "string" - }, - "automationAccountName": { - "type": "string" - }, - "availability": { - "type": "string" - }, - "azureFilesPrivateDnsZoneResourceId": { - "type": "string" - }, - "delegatedSubnetId": { - "type": "string" - }, - "deploymentUserAssignedIdentityClientId": { - "type": "string" - }, - "dnsServers": { - "type": "string" - }, - "domainJoinPassword": { - "type": "securestring" - }, - "domainJoinUserPrincipalName": { - "type": "string" - }, - "domainName": { - "type": "string" - }, - "encryptionUserAssignedIdentityResourceId": { - "type": "string" - }, - "fileShares": { - "type": "array" - }, - "fslogixShareSizeInGB": { - "type": "int" - }, - "fslogixContainerType": { - "type": "string" - }, - "fslogixStorageService": { - "type": "string" - }, - "hostPoolName": { - "type": "string" - }, - "hostPoolType": { - "type": "string" - }, - "keyVaultUri": { - "type": "string" - }, - "location": { - "type": "string" - }, - "managementVirtualMachineName": { - "type": "string" - }, - "netAppAccountName": { - "type": "string" - }, - "netAppCapacityPoolName": { - "type": "string" - }, - "netbios": { - "type": "string" - }, - "organizationalUnitPath": { - "type": "string" - }, - "recoveryServices": { - "type": "bool" - }, - "recoveryServicesVaultName": { - "type": "string" - }, - "resourceGroupControlPlane": { - "type": "string" - }, - "resourceGroupManagement": { - "type": "string" - }, - "resourceGroupStorage": { - "type": "string" - }, - "securityPrincipalObjectIds": { - "type": "array" - }, - "securityPrincipalNames": { - "type": "array" - }, - "serviceName": { - "type": "string" - }, - "smbServerLocation": { - "type": "string" - }, - "storageAccountNamePrefix": { - "type": "string" - }, - "storageAccountNetworkInterfaceNamePrefix": { - "type": "string" - }, - "storageAccountPrivateEndpointNamePrefix": { - "type": "string" - }, - "storageCount": { - "type": "int" - }, - "storageEncryptionKeyName": { - "type": "string" - }, - "storageIndex": { - "type": "int" - }, - "storageSku": { - "type": "string" - }, - "storageService": { - "type": "string" - }, - "subnet": { - "type": "string" - }, - "tags": { - "type": "object" - }, - "timestamp": { - "type": "string" - }, - "timeZone": { - "type": "string" - }, - "virtualNetwork": { - "type": "string" - }, - "virtualNetworkResourceGroup": { - "type": "string" - } - }, - "variables": { - "tagsAutomationAccounts": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupControlPlane'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.Automation/automationAccounts'), parameters('tags')['Microsoft.Automation/automationAccounts'], createObject()))]", - "tagsNetAppAccount": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupControlPlane'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.NetApp/netAppAccounts'), parameters('tags')['Microsoft.NetApp/netAppAccounts'], createObject()))]", - "tagsPrivateEndpoints": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupControlPlane'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.Network/privateEndpoints'), parameters('tags')['Microsoft.Network/privateEndpoints'], createObject()))]", - "tagsStorageAccounts": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupControlPlane'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.Storage/storageAccounts'), parameters('tags')['Microsoft.Storage/storageAccounts'], createObject()))]", - "tagsRecoveryServicesVault": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupControlPlane'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.recoveryServices/vaults'), parameters('tags')['Microsoft.recoveryServices/vaults'], createObject()))]", - "tagsVirtualMachines": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupControlPlane'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), parameters('tags')['Microsoft.Compute/virtualMachines'], createObject()))]" - }, - "resources": [ - { - "condition": "[and(equals(parameters('storageService'), 'AzureNetAppFiles'), contains(parameters('activeDirectorySolution'), 'DomainServices'))]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('AzureNetAppFiles_{0}', parameters('timestamp'))]", - "resourceGroup": "[parameters('resourceGroupStorage')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "artifactsUri": { - "value": "[parameters('artifactsUri')]" - }, - "activeDirectoryConnection": { - "value": "[parameters('activeDirectoryConnection')]" - }, - "delegatedSubnetId": { - "value": "[parameters('delegatedSubnetId')]" - }, - "dnsServers": { - "value": "[parameters('dnsServers')]" - }, - "domainJoinPassword": { - "value": "[parameters('domainJoinPassword')]" - }, - "domainJoinUserPrincipalName": { - "value": "[parameters('domainJoinUserPrincipalName')]" - }, - "domainName": { - "value": "[parameters('domainName')]" - }, - "fileShares": { - "value": "[parameters('fileShares')]" - }, - "fslogixContainerType": { - "value": "[parameters('fslogixContainerType')]" - }, - "location": { - "value": "[parameters('location')]" - }, - "managementVirtualMachineName": { - "value": "[parameters('managementVirtualMachineName')]" - }, - "netAppAccountName": { - "value": "[parameters('netAppAccountName')]" - }, - "netAppCapacityPoolName": { - "value": "[parameters('netAppCapacityPoolName')]" - }, - "organizationalUnitPath": { - "value": "[parameters('organizationalUnitPath')]" - }, - "resourceGroupManagement": { - "value": "[parameters('resourceGroupManagement')]" - }, - "securityPrincipalNames": { - "value": "[parameters('securityPrincipalNames')]" - }, - "smbServerLocation": { - "value": "[parameters('smbServerLocation')]" - }, - "storageSku": { - "value": "[parameters('storageSku')]" - }, - "storageService": { - "value": "[parameters('storageService')]" - }, - "tagsNetAppAccount": { - "value": "[variables('tagsNetAppAccount')]" - }, - "tagsVirtualMachines": { - "value": "[variables('tagsVirtualMachines')]" - }, - "timestamp": { - "value": "[parameters('timestamp')]" - }, - "deploymentUserAssignedIdentityClientId": { - "value": "[parameters('deploymentUserAssignedIdentityClientId')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "8328491855185775020" - } - }, - "parameters": { - "artifactsUri": { - "type": "string" - }, - "activeDirectoryConnection": { - "type": "string" - }, - "delegatedSubnetId": { - "type": "string" - }, - "deploymentUserAssignedIdentityClientId": { - "type": "string" - }, - "dnsServers": { - "type": "string" - }, - "domainJoinPassword": { - "type": "securestring" - }, - "domainJoinUserPrincipalName": { - "type": "string" - }, - "domainName": { - "type": "string" - }, - "fileShares": { - "type": "array" - }, - "fslogixContainerType": { - "type": "string" - }, - "location": { - "type": "string" - }, - "managementVirtualMachineName": { - "type": "string" - }, - "netAppAccountName": { - "type": "string" - }, - "netAppCapacityPoolName": { - "type": "string" - }, - "organizationalUnitPath": { - "type": "string" - }, - "resourceGroupManagement": { - "type": "string" - }, - "securityPrincipalNames": { - "type": "array" - }, - "smbServerLocation": { - "type": "string" - }, - "storageSku": { - "type": "string" - }, - "storageService": { - "type": "string" - }, - "tagsNetAppAccount": { - "type": "object" - }, - "tagsVirtualMachines": { - "type": "object" - }, - "timestamp": { - "type": "string" - } - }, - "resources": [ - { - "type": "Microsoft.NetApp/netAppAccounts", - "apiVersion": "2021-06-01", - "name": "[parameters('netAppAccountName')]", - "location": "[parameters('location')]", - "tags": "[parameters('tagsNetAppAccount')]", - "properties": { - "activeDirectories": "[if(equals(parameters('activeDirectoryConnection'), 'false'), null(), createArray(createObject('aesEncryption', true(), 'domain', parameters('domainName'), 'dns', parameters('dnsServers'), 'organizationalUnit', parameters('organizationalUnitPath'), 'password', parameters('domainJoinPassword'), 'smbServerName', format('anf-{0}', parameters('smbServerLocation')), 'username', split(parameters('domainJoinUserPrincipalName'), '@')[0])))]", - "encryption": { - "keySource": "Microsoft.NetApp" - } - } - }, - { - "type": "Microsoft.NetApp/netAppAccounts/capacityPools", - "apiVersion": "2021-06-01", - "name": "[format('{0}/{1}', parameters('netAppAccountName'), parameters('netAppCapacityPoolName'))]", - "location": "[parameters('location')]", - "tags": "[parameters('tagsNetAppAccount')]", - "properties": { - "coolAccess": false, - "encryptionType": "Single", - "qosType": "Auto", - "serviceLevel": "[parameters('storageSku')]", - "size": 4398046511104 - }, - "dependsOn": [ - "[resourceId('Microsoft.NetApp/netAppAccounts', parameters('netAppAccountName'))]" - ] - }, - { - "copy": { - "name": "volumes", - "count": "[length(range(0, length(parameters('fileShares'))))]" - }, - "type": "Microsoft.NetApp/netAppAccounts/capacityPools/volumes", - "apiVersion": "2021-06-01", - "name": "[format('{0}/{1}/{2}', parameters('netAppAccountName'), parameters('netAppCapacityPoolName'), parameters('fileShares')[range(0, length(parameters('fileShares')))[copyIndex()]])]", - "location": "[parameters('location')]", - "tags": "[parameters('tagsNetAppAccount')]", - "properties": { - "avsDataStore": "Disabled", - "coolAccess": false, - "creationToken": "[parameters('fileShares')[range(0, length(parameters('fileShares')))[copyIndex()]]]", - "defaultGroupQuotaInKiBs": 0, - "defaultUserQuotaInKiBs": 0, - "encryptionKeySource": "Microsoft.NetApp", - "isDefaultQuotaEnabled": false, - "kerberosEnabled": false, - "ldapEnabled": false, - "networkFeatures": "Standard", - "protocolTypes": [ - "CIFS" - ], - "securityStyle": "ntfs", - "serviceLevel": "[parameters('storageSku')]", - "smbContinuouslyAvailable": true, - "smbEncryption": true, - "snapshotDirectoryVisible": true, - "subnetId": "[parameters('delegatedSubnetId')]", - "usageThreshold": 107374182400 - }, - "dependsOn": [ - "[resourceId('Microsoft.NetApp/netAppAccounts/capacityPools', parameters('netAppAccountName'), parameters('netAppCapacityPoolName'))]" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('FslogixNtfsPermissions_{0}', parameters('timestamp'))]", - "resourceGroup": "[parameters('resourceGroupManagement')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "fileUris": { - "value": [ - "[format('{0}Set-NtfsPermissions.ps1', parameters('artifactsUri'))]" - ] - }, - "location": { - "value": "[parameters('location')]" - }, - "parameters": { - "value": "[format('-domainJoinPassword \"{0}\" -domainJoinUserPrincipalName {1} -fslogixContainerType {2} -securityPrincipalNames \"{3}\" -smbServerLocation {4} -storageService {5}', parameters('domainJoinPassword'), parameters('domainJoinUserPrincipalName'), parameters('fslogixContainerType'), parameters('securityPrincipalNames'), parameters('smbServerLocation'), parameters('storageService'))]" - }, - "scriptFileName": { - "value": "Set-NtfsPermissions.ps1" - }, - "tags": { - "value": "[parameters('tagsVirtualMachines')]" - }, - "userAssignedIdentityClientId": { - "value": "[parameters('deploymentUserAssignedIdentityClientId')]" - }, - "virtualMachineName": { - "value": "[parameters('managementVirtualMachineName')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "13331181864693511452" - } - }, - "parameters": { - "fileUris": { - "type": "array" - }, - "location": { - "type": "string" - }, - "parameters": { - "type": "securestring" - }, - "scriptFileName": { - "type": "string" - }, - "tags": { - "type": "object" - }, - "timestamp": { - "type": "string", - "defaultValue": "[utcNow('yyyyMMddhhmmss')]" - }, - "userAssignedIdentityClientId": { - "type": "string" - }, - "virtualMachineName": { - "type": "string" - } - }, - "resources": [ - { - "type": "Microsoft.Compute/virtualMachines/extensions", - "apiVersion": "2021-03-01", - "name": "[format('{0}/{1}', parameters('virtualMachineName'), 'CustomScriptExtension')]", - "location": "[parameters('location')]", - "tags": "[parameters('tags')]", - "properties": { - "publisher": "Microsoft.Compute", - "type": "CustomScriptExtension", - "typeHandlerVersion": "1.10", - "autoUpgradeMinorVersion": true, - "settings": { - "timestamp": "[parameters('timestamp')]" - }, - "protectedSettings": { - "commandToExecute": "[format('powershell -ExecutionPolicy Unrestricted -File {0} {1}', parameters('scriptFileName'), parameters('parameters'))]", - "fileUris": "[parameters('fileUris')]", - "managedIdentity": { - "clientId": "[parameters('userAssignedIdentityClientId')]" - } - } - } - } - ], - "outputs": { - "value": { - "type": "object", - "value": "[json(filter(reference(resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), 'CustomScriptExtension'), '2021-03-01').instanceView.substatuses, lambda('item', equals(lambdaVariables('item').code, 'ComponentStatus/StdOut/succeeded')))[0].message)]" - } - } - } - }, - "dependsOn": [ - "volumes" - ] - } - ], - "outputs": { - "fileShares": { - "type": "array", - "value": "[if(contains(parameters('fslogixContainerType'), 'Office'), createArray(reference(resourceId('Microsoft.NetApp/netAppAccounts/capacityPools/volumes', parameters('netAppAccountName'), parameters('netAppCapacityPoolName'), parameters('fileShares')[range(0, length(parameters('fileShares')))[0]]), '2021-06-01').mountTargets[0].smbServerFqdn, reference(resourceId('Microsoft.NetApp/netAppAccounts/capacityPools/volumes', parameters('netAppAccountName'), parameters('netAppCapacityPoolName'), parameters('fileShares')[range(0, length(parameters('fileShares')))[1]]), '2021-06-01').mountTargets[0].smbServerFqdn), createArray(reference(resourceId('Microsoft.NetApp/netAppAccounts/capacityPools/volumes', parameters('netAppAccountName'), parameters('netAppCapacityPoolName'), parameters('fileShares')[range(0, length(parameters('fileShares')))[0]]), '2021-06-01').mountTargets[0].smbServerFqdn))]" - } - } - } - } - }, - { - "condition": "[and(equals(parameters('storageService'), 'AzureFiles'), contains(parameters('activeDirectorySolution'), 'DomainServices'))]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('AzureFiles_{0}', parameters('timestamp'))]", - "resourceGroup": "[parameters('resourceGroupStorage')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "activeDirectorySolution": { - "value": "[parameters('activeDirectorySolution')]" - }, - "artifactsUri": { - "value": "[parameters('artifactsUri')]" - }, - "automationAccountName": { - "value": "[parameters('automationAccountName')]" - }, - "availability": { - "value": "[parameters('availability')]" - }, - "azureFilesPrivateDnsZoneResourceId": { - "value": "[parameters('azureFilesPrivateDnsZoneResourceId')]" - }, - "deploymentUserAssignedIdentityClientId": { - "value": "[parameters('deploymentUserAssignedIdentityClientId')]" - }, - "domainJoinPassword": { - "value": "[parameters('domainJoinPassword')]" - }, - "domainJoinUserPrincipalName": { - "value": "[parameters('domainJoinUserPrincipalName')]" - }, - "enableRecoveryServices": { - "value": "[parameters('recoveryServices')]" - }, - "encryptionUserAssignedIdentityResourceId": { - "value": "[parameters('encryptionUserAssignedIdentityResourceId')]" - }, - "fileShares": { - "value": "[parameters('fileShares')]" - }, - "fslogixContainerType": { - "value": "[parameters('fslogixContainerType')]" - }, - "fslogixShareSizeInGB": { - "value": "[parameters('fslogixShareSizeInGB')]" - }, - "fslogixStorageService": { - "value": "[parameters('fslogixStorageService')]" - }, - "hostPoolType": { - "value": "[parameters('hostPoolType')]" - }, - "keyVaultUri": { - "value": "[parameters('keyVaultUri')]" - }, - "location": { - "value": "[parameters('location')]" - }, - "managementVirtualMachineName": { - "value": "[parameters('managementVirtualMachineName')]" - }, - "netbios": { - "value": "[parameters('netbios')]" - }, - "organizationalUnitPath": { - "value": "[parameters('organizationalUnitPath')]" - }, - "recoveryServicesVaultName": { - "value": "[parameters('recoveryServicesVaultName')]" - }, - "resourceGroupManagement": { - "value": "[parameters('resourceGroupManagement')]" - }, - "resourceGroupStorage": { - "value": "[parameters('resourceGroupStorage')]" - }, - "securityPrincipalNames": { - "value": "[parameters('securityPrincipalNames')]" - }, - "securityPrincipalObjectIds": { - "value": "[parameters('securityPrincipalObjectIds')]" - }, - "serviceName": { - "value": "[parameters('serviceName')]" - }, - "storageAccountNamePrefix": { - "value": "[parameters('storageAccountNamePrefix')]" - }, - "storageAccountNetworkInterfaceNamePrefix": { - "value": "[parameters('storageAccountNetworkInterfaceNamePrefix')]" - }, - "storageAccountPrivateEndpointNamePrefix": { - "value": "[parameters('storageAccountPrivateEndpointNamePrefix')]" - }, - "storageCount": { - "value": "[parameters('storageCount')]" - }, - "storageEncryptionKeyName": { - "value": "[parameters('storageEncryptionKeyName')]" - }, - "storageIndex": { - "value": "[parameters('storageIndex')]" - }, - "storageService": { - "value": "[parameters('storageService')]" - }, - "storageSku": { - "value": "[parameters('storageSku')]" - }, - "subnet": { - "value": "[parameters('subnet')]" - }, - "tagsAutomationAccounts": { - "value": "[variables('tagsAutomationAccounts')]" - }, - "tagsPrivateEndpoints": { - "value": "[variables('tagsPrivateEndpoints')]" - }, - "tagsRecoveryServicesVault": { - "value": "[variables('tagsRecoveryServicesVault')]" - }, - "tagsStorageAccounts": { - "value": "[variables('tagsStorageAccounts')]" - }, - "tagsVirtualMachines": { - "value": "[variables('tagsVirtualMachines')]" - }, - "timestamp": { - "value": "[parameters('timestamp')]" - }, - "timeZone": { - "value": "[parameters('timeZone')]" - }, - "virtualNetwork": { - "value": "[parameters('virtualNetwork')]" - }, - "virtualNetworkResourceGroup": { - "value": "[parameters('virtualNetworkResourceGroup')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "3531815561180160711" - } - }, - "parameters": { - "artifactsUri": { - "type": "string" - }, - "automationAccountName": { - "type": "string" - }, - "availability": { - "type": "string" - }, - "azureFilesPrivateDnsZoneResourceId": { - "type": "string" - }, - "deploymentUserAssignedIdentityClientId": { - "type": "string" - }, - "domainJoinPassword": { - "type": "securestring" - }, - "domainJoinUserPrincipalName": { - "type": "string" - }, - "enableRecoveryServices": { - "type": "bool" - }, - "encryptionUserAssignedIdentityResourceId": { - "type": "string" - }, - "activeDirectorySolution": { - "type": "string" - }, - "fileShares": { - "type": "array" - }, - "fslogixShareSizeInGB": { - "type": "int" - }, - "fslogixContainerType": { - "type": "string" - }, - "fslogixStorageService": { - "type": "string" - }, - "hostPoolType": { - "type": "string" - }, - "keyVaultUri": { - "type": "string" - }, - "location": { - "type": "string" - }, - "managementVirtualMachineName": { - "type": "string" - }, - "netbios": { - "type": "string" - }, - "organizationalUnitPath": { - "type": "string" - }, - "recoveryServicesVaultName": { - "type": "string" - }, - "resourceGroupManagement": { - "type": "string" - }, - "resourceGroupStorage": { - "type": "string" - }, - "securityPrincipalObjectIds": { - "type": "array" - }, - "securityPrincipalNames": { - "type": "array" - }, - "serviceName": { - "type": "string" - }, - "storageAccountNamePrefix": { - "type": "string", - "minLength": 3 - }, - "storageAccountNetworkInterfaceNamePrefix": { - "type": "string" - }, - "storageAccountPrivateEndpointNamePrefix": { - "type": "string" - }, - "storageCount": { - "type": "int" - }, - "storageEncryptionKeyName": { - "type": "string" - }, - "storageIndex": { - "type": "int" - }, - "storageSku": { - "type": "string" - }, - "storageService": { - "type": "string" - }, - "subnet": { - "type": "string" - }, - "tagsAutomationAccounts": { - "type": "object" - }, - "tagsPrivateEndpoints": { - "type": "object" - }, - "tagsRecoveryServicesVault": { - "type": "object" - }, - "tagsStorageAccounts": { - "type": "object" - }, - "tagsVirtualMachines": { - "type": "object" - }, - "timestamp": { - "type": "string" - }, - "timeZone": { - "type": "string" - }, - "virtualNetwork": { - "type": "string" - }, - "virtualNetworkResourceGroup": { - "type": "string" - } - }, - "variables": { - "roleDefinitionId": "0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb", - "smbMultiChannel": { - "multichannel": { - "enabled": true - } - }, - "smbSettings": { - "versions": "SMB3.1.1;", - "authenticationMethods": "NTLMv2;Kerberos;", - "kerberosTicketEncryption": "AES-256;", - "channelEncryption": "AES-128-GCM;AES-256-GCM;" - }, - "storageRedundancy": "[if(equals(parameters('availability'), 'availabilityZones'), '_ZRS', '_LRS')]", - "subnetId": "[resourceId(parameters('virtualNetworkResourceGroup'), 'Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetwork'), parameters('subnet'))]" - }, - "resources": [ - { - "copy": { - "name": "storageAccounts", - "count": "[length(range(0, parameters('storageCount')))]" - }, - "type": "Microsoft.Storage/storageAccounts", - "apiVersion": "2022-09-01", - "name": "[format('{0}{1}', parameters('storageAccountNamePrefix'), padLeft(add(range(0, parameters('storageCount'))[copyIndex()], parameters('storageIndex')), 2, '0'))]", - "location": "[parameters('location')]", - "tags": "[parameters('tagsStorageAccounts')]", - "sku": { - "name": "[format('{0}{1}', parameters('storageSku'), variables('storageRedundancy'))]" - }, - "kind": "[if(equals(parameters('storageSku'), 'Standard'), 'StorageV2', 'FileStorage')]", - "identity": { - "type": "UserAssigned", - "userAssignedIdentities": { - "[format('{0}', parameters('encryptionUserAssignedIdentityResourceId'))]": {} - } - }, - "properties": { - "accessTier": "Hot", - "allowBlobPublicAccess": false, - "allowCrossTenantReplication": false, - "allowedCopyScope": "PrivateLink", - "allowSharedKeyAccess": true, - "azureFilesIdentityBasedAuthentication": { - "directoryServiceOptions": "[if(equals(parameters('activeDirectorySolution'), 'MicrosoftEntraDomainServices'), 'AADDS', 'None')]" - }, - "defaultToOAuthAuthentication": false, - "dnsEndpointType": "Standard", - "encryption": { - "identity": { - "userAssignedIdentity": "[parameters('encryptionUserAssignedIdentityResourceId')]" - }, - "requireInfrastructureEncryption": true, - "keyvaultproperties": { - "keyvaulturi": "[parameters('keyVaultUri')]", - "keyname": "[parameters('storageEncryptionKeyName')]" - }, - "services": "[if(equals(parameters('storageSku'), 'Standard'), createObject('file', createObject('keyType', 'Account', 'enabled', true()), 'table', createObject('keyType', 'Account', 'enabled', true()), 'queue', createObject('keyType', 'Account', 'enabled', true()), 'blob', createObject('keyType', 'Account', 'enabled', true())), createObject('file', createObject('keyType', 'Account', 'enabled', true())))]", - "keySource": "Microsoft.KeyVault" - }, - "largeFileSharesState": "[if(equals(parameters('storageSku'), 'Standard'), 'Enabled', null())]", - "minimumTlsVersion": "TLS1_2", - "networkAcls": { - "bypass": "AzureServices", - "virtualNetworkRules": [], - "ipRules": [], - "defaultAction": "Deny" - }, - "publicNetworkAccess": "Disabled", - "supportsHttpsTrafficOnly": true - } - }, - { - "copy": { - "name": "roleAssignment", - "count": "[length(range(0, parameters('storageCount')))]" - }, - "type": "Microsoft.Authorization/roleAssignments", - "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.Storage/storageAccounts/{0}', format('{0}{1}', parameters('storageAccountNamePrefix'), padLeft(add(range(0, parameters('storageCount'))[range(0, parameters('storageCount'))[copyIndex()]], parameters('storageIndex')), 2, '0')))]", - "name": "[guid(parameters('securityPrincipalObjectIds')[range(0, parameters('storageCount'))[copyIndex()]], variables('roleDefinitionId'), resourceId('Microsoft.Storage/storageAccounts', format('{0}{1}', parameters('storageAccountNamePrefix'), padLeft(add(range(0, parameters('storageCount'))[range(0, parameters('storageCount'))[copyIndex()]], parameters('storageIndex')), 2, '0'))))]", - "properties": { - "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', variables('roleDefinitionId'))]", - "principalId": "[parameters('securityPrincipalObjectIds')[range(0, parameters('storageCount'))[copyIndex()]]]" - }, - "dependsOn": [ - "[resourceId('Microsoft.Storage/storageAccounts', format('{0}{1}', parameters('storageAccountNamePrefix'), padLeft(add(range(0, parameters('storageCount'))[range(0, parameters('storageCount'))[copyIndex()]], parameters('storageIndex')), 2, '0')))]", - "[resourceId('Microsoft.Storage/storageAccounts', format('{0}{1}', parameters('storageAccountNamePrefix'), padLeft(add(range(0, parameters('storageCount'))[range(0, parameters('storageCount'))[copyIndex()]], parameters('storageIndex')), 2, '0')))]" - ] - }, - { - "copy": { - "name": "fileServices", - "count": "[length(range(0, parameters('storageCount')))]" - }, - "type": "Microsoft.Storage/storageAccounts/fileServices", - "apiVersion": "2022-09-01", - "name": "[format('{0}/{1}', format('{0}{1}', parameters('storageAccountNamePrefix'), padLeft(add(range(0, parameters('storageCount'))[range(0, parameters('storageCount'))[copyIndex()]], parameters('storageIndex')), 2, '0')), 'default')]", - "properties": { - "protocolSettings": { - "smb": "[if(equals(parameters('storageSku'), 'Standard'), variables('smbSettings'), union(variables('smbSettings'), variables('smbMultiChannel')))]" - }, - "shareDeleteRetentionPolicy": { - "enabled": false - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Storage/storageAccounts', format('{0}{1}', parameters('storageAccountNamePrefix'), padLeft(add(range(0, parameters('storageCount'))[range(0, parameters('storageCount'))[copyIndex()]], parameters('storageIndex')), 2, '0')))]" - ] - }, - { - "copy": { - "name": "privateEndpoints", - "count": "[length(range(0, parameters('storageCount')))]" - }, - "type": "Microsoft.Network/privateEndpoints", - "apiVersion": "2023-04-01", - "name": "[format('{0}-{1}', replace(parameters('storageAccountPrivateEndpointNamePrefix'), parameters('serviceName'), 'file'), padLeft(add(range(0, parameters('storageCount'))[copyIndex()], parameters('storageIndex')), 2, '0'))]", - "location": "[parameters('location')]", - "tags": "[parameters('tagsPrivateEndpoints')]", - "properties": { - "customNetworkInterfaceName": "[format('{0}-{1}', replace(parameters('storageAccountNetworkInterfaceNamePrefix'), parameters('serviceName'), 'file'), padLeft(add(range(0, parameters('storageCount'))[copyIndex()], parameters('storageIndex')), 2, '0'))]", - "privateLinkServiceConnections": [ - { - "name": "[format('{0}-{1}', replace(parameters('storageAccountPrivateEndpointNamePrefix'), parameters('serviceName'), 'file'), padLeft(add(range(0, parameters('storageCount'))[copyIndex()], parameters('storageIndex')), 2, '0'))]", - "properties": { - "privateLinkServiceId": "[resourceId('Microsoft.Storage/storageAccounts', format('{0}{1}', parameters('storageAccountNamePrefix'), padLeft(add(range(0, parameters('storageCount'))[range(0, parameters('storageCount'))[copyIndex()]], parameters('storageIndex')), 2, '0')))]", - "groupIds": [ - "file" - ] - } - } - ], - "subnet": { - "id": "[variables('subnetId')]" - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Storage/storageAccounts', format('{0}{1}', parameters('storageAccountNamePrefix'), padLeft(add(range(0, parameters('storageCount'))[range(0, parameters('storageCount'))[copyIndex()]], parameters('storageIndex')), 2, '0')))]" - ] - }, - { - "copy": { - "name": "privateDnsZoneGroups", - "count": "[length(range(0, parameters('storageCount')))]" - }, - "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups", - "apiVersion": "2021-08-01", - "name": "[format('{0}/{1}', format('{0}-{1}', replace(parameters('storageAccountPrivateEndpointNamePrefix'), parameters('serviceName'), 'file'), padLeft(add(range(0, parameters('storageCount'))[range(0, parameters('storageCount'))[copyIndex()]], parameters('storageIndex')), 2, '0')), format('{0}-{1}', parameters('storageAccountNamePrefix'), padLeft(add(range(0, parameters('storageCount'))[copyIndex()], parameters('storageIndex')), 2, '0')))]", - "properties": { - "privateDnsZoneConfigs": [ - { - "name": "ipconfig1", - "properties": { - "privateDnsZoneId": "[parameters('azureFilesPrivateDnsZoneResourceId')]" - } - } - ] - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/privateEndpoints', format('{0}-{1}', replace(parameters('storageAccountPrivateEndpointNamePrefix'), parameters('serviceName'), 'file'), padLeft(add(range(0, parameters('storageCount'))[range(0, parameters('storageCount'))[copyIndex()]], parameters('storageIndex')), 2, '0')))]", - "storageAccounts" - ] - }, - { - "copy": { - "name": "shares", - "count": "[length(range(0, parameters('storageCount')))]" - }, - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('fileShares_{0}_{1}', range(0, parameters('storageCount'))[copyIndex()], parameters('timestamp'))]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "fileShares": { - "value": "[parameters('fileShares')]" - }, - "fslogixShareSizeInGB": { - "value": "[parameters('fslogixShareSizeInGB')]" - }, - "storageAccountName": { - "value": "[format('{0}{1}', parameters('storageAccountNamePrefix'), padLeft(add(range(0, parameters('storageCount'))[range(0, parameters('storageCount'))[copyIndex()]], parameters('storageIndex')), 2, '0'))]" - }, - "storageSku": { - "value": "[parameters('storageSku')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "15601002555507359086" - } - }, - "parameters": { - "fileShares": { - "type": "array" - }, - "fslogixShareSizeInGB": { - "type": "int" - }, - "storageAccountName": { - "type": "string" - }, - "storageSku": { - "type": "string" - } - }, - "resources": [ - { - "copy": { - "name": "shares", - "count": "[length(range(0, length(parameters('fileShares'))))]" - }, - "type": "Microsoft.Storage/storageAccounts/fileServices/shares", - "apiVersion": "2022-09-01", - "name": "[format('{0}/default/{1}', parameters('storageAccountName'), parameters('fileShares')[range(0, length(parameters('fileShares')))[copyIndex()]])]", - "properties": { - "accessTier": "[if(equals(parameters('storageSku'), 'Premium'), 'Premium', 'TransactionOptimized')]", - "shareQuota": "[parameters('fslogixShareSizeInGB')]", - "enabledProtocols": "SMB" - } - } - ] - } - }, - "dependsOn": [ - "roleAssignment", - "[resourceId('Microsoft.Storage/storageAccounts', format('{0}{1}', parameters('storageAccountNamePrefix'), padLeft(add(range(0, parameters('storageCount'))[range(0, parameters('storageCount'))[copyIndex()]], parameters('storageIndex')), 2, '0')))]" - ] - }, - { - "condition": "[contains(parameters('activeDirectorySolution'), 'DomainServices')]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('FslogixNtfsPermissions_{0}', parameters('timestamp'))]", - "resourceGroup": "[parameters('resourceGroupManagement')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "fileUris": { - "value": [ - "[format('{0}Set-NtfsPermissions.ps1', parameters('artifactsUri'))]" - ] - }, - "location": { - "value": "[parameters('location')]" - }, - "parameters": { - "value": "[format('-domainJoinPassword \"{0}\" -domainJoinUserPrincipalName {1} -activeDirectorySolution {2} -Environment {3} -fslogixContainerType {4} -netbios {5} -organizationalUnitPath \"{6}\" -securityPrincipalNames \"{7}\" -StorageAccountPrefix {8} -StorageAccountResourceGroupName {9} -storageCount {10} -storageIndex {11} -storageService {12} -StorageSuffix {13} -SubscriptionId {14} -TenantId {15} -UserAssignedIdentityClientId {16}', parameters('domainJoinPassword'), parameters('domainJoinUserPrincipalName'), parameters('activeDirectorySolution'), environment().name, parameters('fslogixContainerType'), parameters('netbios'), parameters('organizationalUnitPath'), parameters('securityPrincipalNames'), parameters('storageAccountNamePrefix'), parameters('resourceGroupStorage'), parameters('storageCount'), parameters('storageIndex'), parameters('storageService'), environment().suffixes.storage, subscription().subscriptionId, subscription().tenantId, parameters('deploymentUserAssignedIdentityClientId'))]" - }, - "scriptFileName": { - "value": "Set-NtfsPermissions.ps1" - }, - "tags": { - "value": "[parameters('tagsVirtualMachines')]" - }, - "userAssignedIdentityClientId": { - "value": "[parameters('deploymentUserAssignedIdentityClientId')]" - }, - "virtualMachineName": { - "value": "[parameters('managementVirtualMachineName')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "13331181864693511452" - } - }, - "parameters": { - "fileUris": { - "type": "array" - }, - "location": { - "type": "string" - }, - "parameters": { - "type": "securestring" - }, - "scriptFileName": { - "type": "string" - }, - "tags": { - "type": "object" - }, - "timestamp": { - "type": "string", - "defaultValue": "[utcNow('yyyyMMddhhmmss')]" - }, - "userAssignedIdentityClientId": { - "type": "string" - }, - "virtualMachineName": { - "type": "string" - } - }, - "resources": [ - { - "type": "Microsoft.Compute/virtualMachines/extensions", - "apiVersion": "2021-03-01", - "name": "[format('{0}/{1}', parameters('virtualMachineName'), 'CustomScriptExtension')]", - "location": "[parameters('location')]", - "tags": "[parameters('tags')]", - "properties": { - "publisher": "Microsoft.Compute", - "type": "CustomScriptExtension", - "typeHandlerVersion": "1.10", - "autoUpgradeMinorVersion": true, - "settings": { - "timestamp": "[parameters('timestamp')]" - }, - "protectedSettings": { - "commandToExecute": "[format('powershell -ExecutionPolicy Unrestricted -File {0} {1}', parameters('scriptFileName'), parameters('parameters'))]", - "fileUris": "[parameters('fileUris')]", - "managedIdentity": { - "clientId": "[parameters('userAssignedIdentityClientId')]" - } - } - } - } - ], - "outputs": { - "value": { - "type": "object", - "value": "[json(filter(reference(resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), 'CustomScriptExtension'), '2021-03-01').instanceView.substatuses, lambda('item', equals(lambdaVariables('item').code, 'ComponentStatus/StdOut/succeeded')))[0].message)]" - } - } - } - }, - "dependsOn": [ - "privateDnsZoneGroups", - "privateEndpoints", - "shares" - ] - }, - { - "condition": "[and(parameters('enableRecoveryServices'), contains(parameters('hostPoolType'), 'Pooled'))]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('recoveryServices_AzureFiles_{0}', parameters('timestamp'))]", - "resourceGroup": "[parameters('resourceGroupManagement')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "fileShares": { - "value": "[parameters('fileShares')]" - }, - "location": { - "value": "[parameters('location')]" - }, - "recoveryServicesVaultName": { - "value": "[parameters('recoveryServicesVaultName')]" - }, - "resourceGroupStorage": { - "value": "[parameters('resourceGroupStorage')]" - }, - "storageAccountNamePrefix": { - "value": "[parameters('storageAccountNamePrefix')]" - }, - "storageCount": { - "value": "[parameters('storageCount')]" - }, - "storageIndex": { - "value": "[parameters('storageIndex')]" - }, - "tagsRecoveryServicesVault": { - "value": "[parameters('tagsRecoveryServicesVault')]" - }, - "timestamp": { - "value": "[parameters('timestamp')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "15949756926294425284" - } - }, - "parameters": { - "fileShares": { - "type": "array" - }, - "location": { - "type": "string" - }, - "recoveryServicesVaultName": { - "type": "string" - }, - "resourceGroupStorage": { - "type": "string" - }, - "storageAccountNamePrefix": { - "type": "string" - }, - "storageCount": { - "type": "int" - }, - "storageIndex": { - "type": "int" - }, - "tagsRecoveryServicesVault": { - "type": "object" - }, - "timestamp": { - "type": "string" - } - }, - "resources": [ - { - "copy": { - "name": "protectionContainers", - "count": "[length(range(0, parameters('storageCount')))]" - }, - "type": "Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers", - "apiVersion": "2022-03-01", - "name": "[format('{0}/Azure/storagecontainer;Storage;{1};{2}{3}', parameters('recoveryServicesVaultName'), parameters('resourceGroupStorage'), parameters('storageAccountNamePrefix'), padLeft(add(range(0, parameters('storageCount'))[copyIndex()], parameters('storageIndex')), 2, '0'))]", - "properties": { - "backupManagementType": "AzureStorage", - "containerType": "StorageContainer", - "sourceResourceId": "[resourceId(parameters('resourceGroupStorage'), 'Microsoft.Storage/storageAccounts', format('{0}{1}', parameters('storageAccountNamePrefix'), padLeft(add(range(0, parameters('storageCount'))[copyIndex()], parameters('storageIndex')), 2, '0')))]" - } - }, - { - "copy": { - "name": "protectedItems_fileShares", - "count": "[length(range(0, parameters('storageCount')))]" - }, - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('BackupProtectedItems_fileShares_{0}_{1}', add(range(0, parameters('storageCount'))[copyIndex()], parameters('storageIndex')), parameters('timestamp'))]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "fileShares": { - "value": "[parameters('fileShares')]" - }, - "location": { - "value": "[parameters('location')]" - }, - "protectionContainerName": { - "value": "[format('{0}/Azure/storagecontainer;Storage;{1};{2}{3}', parameters('recoveryServicesVaultName'), parameters('resourceGroupStorage'), parameters('storageAccountNamePrefix'), padLeft(add(range(0, parameters('storageCount'))[range(0, parameters('storageCount'))[copyIndex()]], parameters('storageIndex')), 2, '0'))]" - }, - "policyId": { - "value": "[resourceId('Microsoft.RecoveryServices/vaults/backupPolicies', parameters('recoveryServicesVaultName'), 'AvdPolicyStorage')]" - }, - "sourceResourceId": { - "value": "[resourceId(parameters('resourceGroupStorage'), 'Microsoft.Storage/storageAccounts', format('{0}{1}', parameters('storageAccountNamePrefix'), padLeft(add(range(0, parameters('storageCount'))[copyIndex()], parameters('storageIndex')), 2, '0')))]" - }, - "tags": { - "value": "[parameters('tagsRecoveryServicesVault')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "7028790124213185456" - } - }, - "parameters": { - "fileShares": { - "type": "array" - }, - "location": { - "type": "string" - }, - "policyId": { - "type": "string" - }, - "protectionContainerName": { - "type": "string" - }, - "sourceResourceId": { - "type": "string" - }, - "tags": { - "type": "object" - } - }, - "resources": [ - { - "copy": { - "name": "protectedItems_FileShare", - "count": "[length(parameters('fileShares'))]" - }, - "condition": "[contains(parameters('fileShares')[copyIndex()], 'profile')]", - "type": "Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems", - "apiVersion": "2022-03-01", - "name": "[format('{0}/AzureFileShare;{1}', parameters('protectionContainerName'), parameters('fileShares')[copyIndex()])]", - "location": "[parameters('location')]", - "tags": "[parameters('tags')]", - "properties": { - "protectedItemType": "AzureFileShareProtectedItem", - "policyId": "[parameters('policyId')]", - "sourceResourceId": "[parameters('sourceResourceId')]" - } - } - ] - } - }, - "dependsOn": [ - "[resourceId('Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers', split(format('{0}/Azure/storagecontainer;Storage;{1};{2}{3}', parameters('recoveryServicesVaultName'), parameters('resourceGroupStorage'), parameters('storageAccountNamePrefix'), padLeft(add(range(0, parameters('storageCount'))[range(0, parameters('storageCount'))[copyIndex()]], parameters('storageIndex')), 2, '0')), '/')[0], split(format('{0}/Azure/storagecontainer;Storage;{1};{2}{3}', parameters('recoveryServicesVaultName'), parameters('resourceGroupStorage'), parameters('storageAccountNamePrefix'), padLeft(add(range(0, parameters('storageCount'))[range(0, parameters('storageCount'))[copyIndex()]], parameters('storageIndex')), 2, '0')), '/')[1], split(format('{0}/Azure/storagecontainer;Storage;{1};{2}{3}', parameters('recoveryServicesVaultName'), parameters('resourceGroupStorage'), parameters('storageAccountNamePrefix'), padLeft(add(range(0, parameters('storageCount'))[range(0, parameters('storageCount'))[copyIndex()]], parameters('storageIndex')), 2, '0')), '/')[2])]" - ] - } - ] - } - }, - "dependsOn": [ - "shares" - ] - }, - { - "condition": "[and(equals(parameters('fslogixStorageService'), 'AzureFiles Premium'), greater(parameters('storageCount'), 0))]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('AutoIncreasePremiumFileShareQuota_{0}', parameters('timestamp'))]", - "resourceGroup": "[parameters('resourceGroupManagement')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "artifactsUri": { - "value": "[parameters('artifactsUri')]" - }, - "automationAccountName": { - "value": "[parameters('automationAccountName')]" - }, - "deploymentUserAssignedIdentityClientId": { - "value": "[parameters('deploymentUserAssignedIdentityClientId')]" - }, - "fslogixContainerType": { - "value": "[parameters('fslogixContainerType')]" - }, - "location": { - "value": "[parameters('location')]" - }, - "managementVirtualMachineName": { - "value": "[parameters('managementVirtualMachineName')]" - }, - "storageAccountNamePrefix": { - "value": "[parameters('storageAccountNamePrefix')]" - }, - "storageCount": { - "value": "[parameters('storageCount')]" - }, - "storageIndex": { - "value": "[parameters('storageIndex')]" - }, - "storageResourceGroupName": { - "value": "[parameters('resourceGroupStorage')]" - }, - "tags": { - "value": "[parameters('tagsAutomationAccounts')]" - }, - "timestamp": { - "value": "[parameters('timestamp')]" - }, - "timeZone": { - "value": "[parameters('timeZone')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "3221936225510989251" - } - }, - "parameters": { - "artifactsUri": { - "type": "string" - }, - "automationAccountName": { - "type": "string" - }, - "deploymentUserAssignedIdentityClientId": { - "type": "string" - }, - "fslogixContainerType": { - "type": "string" - }, - "location": { - "type": "string" - }, - "managementVirtualMachineName": { - "type": "string" - }, - "storageAccountNamePrefix": { - "type": "string" - }, - "storageCount": { - "type": "int" - }, - "storageIndex": { - "type": "int" - }, - "storageResourceGroupName": { - "type": "string" - }, - "tags": { - "type": "object" - }, - "timestamp": { - "type": "string" - }, - "timeZone": { - "type": "string" - } - }, - "variables": { - "runbookFileName": "Set-FileShareScaling.ps1", - "scriptFileName": "Set-AutomationRunbook.ps1", - "subscriptionId": "[subscription().subscriptionId]" - }, - "resources": [ - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('Runbook_QuotaScaling_{0}', parameters('timestamp'))]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "fileUris": { - "value": [ - "[format('{0}{1}', parameters('artifactsUri'), variables('runbookFileName'))]", - "[format('{0}{1}', parameters('artifactsUri'), variables('scriptFileName'))]" - ] - }, - "location": { - "value": "[parameters('location')]" - }, - "parameters": { - "value": "[format('-AutomationAccountName {0} -Environment {1} -ResourceGroupName {2} -RunbookFileName {3} -SubscriptionId {4} -TenantId {5} -UserAssignedIdentityClientId {6}', parameters('automationAccountName'), environment().name, resourceGroup().name, variables('runbookFileName'), subscription().subscriptionId, tenant().tenantId, parameters('deploymentUserAssignedIdentityClientId'))]" - }, - "scriptFileName": { - "value": "[variables('scriptFileName')]" - }, - "tags": "[if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), createObject('value', parameters('tags')['Microsoft.Compute/virtualMachines']), createObject('value', createObject()))]", - "userAssignedIdentityClientId": { - "value": "[parameters('deploymentUserAssignedIdentityClientId')]" - }, - "virtualMachineName": { - "value": "[parameters('managementVirtualMachineName')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "13331181864693511452" - } - }, - "parameters": { - "fileUris": { - "type": "array" - }, - "location": { - "type": "string" - }, - "parameters": { - "type": "securestring" - }, - "scriptFileName": { - "type": "string" - }, - "tags": { - "type": "object" - }, - "timestamp": { - "type": "string", - "defaultValue": "[utcNow('yyyyMMddhhmmss')]" - }, - "userAssignedIdentityClientId": { - "type": "string" - }, - "virtualMachineName": { - "type": "string" - } - }, - "resources": [ - { - "type": "Microsoft.Compute/virtualMachines/extensions", - "apiVersion": "2021-03-01", - "name": "[format('{0}/{1}', parameters('virtualMachineName'), 'CustomScriptExtension')]", - "location": "[parameters('location')]", - "tags": "[parameters('tags')]", - "properties": { - "publisher": "Microsoft.Compute", - "type": "CustomScriptExtension", - "typeHandlerVersion": "1.10", - "autoUpgradeMinorVersion": true, - "settings": { - "timestamp": "[parameters('timestamp')]" - }, - "protectedSettings": { - "commandToExecute": "[format('powershell -ExecutionPolicy Unrestricted -File {0} {1}', parameters('scriptFileName'), parameters('parameters'))]", - "fileUris": "[parameters('fileUris')]", - "managedIdentity": { - "clientId": "[parameters('userAssignedIdentityClientId')]" - } - } - } - } - ], - "outputs": { - "value": { - "type": "object", - "value": "[json(filter(reference(resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), 'CustomScriptExtension'), '2021-03-01').instanceView.substatuses, lambda('item', equals(lambdaVariables('item').code, 'ComponentStatus/StdOut/succeeded')))[0].message)]" - } - } - } - } - }, - { - "copy": { - "name": "schedules", - "count": "[length(range(parameters('storageIndex'), parameters('storageCount')))]" - }, - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('Schedules_{0}_{1}', range(parameters('storageIndex'), parameters('storageCount'))[copyIndex()], parameters('timestamp'))]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "automationAccountName": { - "value": "[parameters('automationAccountName')]" - }, - "fslogixContainerType": { - "value": "[parameters('fslogixContainerType')]" - }, - "storageAccountName": { - "value": "[format('{0}{1}', parameters('storageAccountNamePrefix'), padLeft(range(parameters('storageIndex'), parameters('storageCount'))[copyIndex()], 2, '0'))]" - }, - "timeZone": { - "value": "[parameters('timeZone')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "17510467420352375307" - } - }, - "parameters": { - "automationAccountName": { - "type": "string" - }, - "fslogixContainerType": { - "type": "string" - }, - "storageAccountName": { - "type": "string" - }, - "time": { - "type": "string", - "defaultValue": "[utcNow()]" - }, - "timeZone": { - "type": "string" - } - }, - "resources": [ - { - "copy": { - "name": "schedules_ProfileContainers", - "count": "[length(range(0, 4))]" - }, - "type": "Microsoft.Automation/automationAccounts/schedules", - "apiVersion": "2022-08-08", - "name": "[format('{0}/{1}', parameters('automationAccountName'), format('{0}_ProfileContainers_{1}min', parameters('storageAccountName'), mul(add(range(0, 4)[copyIndex()], 1), 15)))]", - "properties": { - "advancedSchedule": {}, - "description": null, - "expiryTime": null, - "frequency": "Hour", - "interval": 1, - "startTime": "[dateTimeAdd(parameters('time'), format('PT{0}M', mul(add(range(0, 4)[copyIndex()], 1), 15)))]", - "timeZone": "[parameters('timeZone')]" - } - }, - { - "copy": { - "name": "schedules_OfficeContainers", - "count": "[length(range(0, 4))]" - }, - "condition": "[contains(parameters('fslogixContainerType'), 'Office')]", - "type": "Microsoft.Automation/automationAccounts/schedules", - "apiVersion": "2022-08-08", - "name": "[format('{0}/{1}', parameters('automationAccountName'), format('{0}_OfficeContainers_{1}min', parameters('storageAccountName'), mul(add(range(0, 4)[copyIndex()], 1), 15)))]", - "properties": { - "advancedSchedule": {}, - "description": null, - "expiryTime": null, - "frequency": "Hour", - "interval": 1, - "startTime": "[dateTimeAdd(parameters('time'), format('PT{0}M', mul(add(range(0, 4)[copyIndex()], 1), 15)))]", - "timeZone": "[parameters('timeZone')]" - } - } - ] - } - } - }, - { - "copy": { - "name": "jobSchedules", - "count": "[length(range(parameters('storageIndex'), parameters('storageCount')))]" - }, - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('JobSchedules_{0}_{1}', range(parameters('storageIndex'), parameters('storageCount'))[copyIndex()], parameters('timestamp'))]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "automationAccountName": { - "value": "[parameters('automationAccountName')]" - }, - "environment": { - "value": "[environment().name]" - }, - "fslogixContainerType": { - "value": "[parameters('fslogixContainerType')]" - }, - "runbookName": { - "value": "[replace(variables('runbookFileName'), '.ps1', '')]" - }, - "resourceGroupName": { - "value": "[parameters('storageResourceGroupName')]" - }, - "storageAccountName": { - "value": "[format('{0}{1}', parameters('storageAccountNamePrefix'), padLeft(range(parameters('storageIndex'), parameters('storageCount'))[copyIndex()], 2, '0'))]" - }, - "subscriptionId": { - "value": "[variables('subscriptionId')]" - }, - "timestamp": { - "value": "[parameters('timestamp')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "1050906504029898006" - } - }, - "parameters": { - "automationAccountName": { - "type": "string" - }, - "environment": { - "type": "string" - }, - "fslogixContainerType": { - "type": "string" - }, - "resourceGroupName": { - "type": "string" - }, - "runbookName": { - "type": "string" - }, - "storageAccountName": { - "type": "string" - }, - "subscriptionId": { - "type": "string" - }, - "timestamp": { - "type": "string" - } - }, - "resources": [ - { - "copy": { - "name": "jobSchedules_ProfileContainers", - "count": "[length(range(0, 4))]" - }, - "type": "Microsoft.Automation/automationAccounts/jobSchedules", - "apiVersion": "2022-08-08", - "name": "[format('{0}/{1}', parameters('automationAccountName'), guid(parameters('timestamp'), parameters('runbookName'), parameters('storageAccountName'), 'ProfileContainers', string(range(0, 4)[copyIndex()])))]", - "properties": { - "parameters": { - "environment": "[parameters('environment')]", - "FileShareName": "profile-containers", - "resourceGroupName": "[parameters('resourceGroupName')]", - "storageAccountName": "[parameters('storageAccountName')]", - "subscriptionId": "[parameters('subscriptionId')]" - }, - "runbook": { - "name": "[parameters('runbookName')]" - }, - "runOn": null, - "schedule": { - "name": "[format('{0}_ProfileContainers_{1}min', parameters('storageAccountName'), mul(add(range(0, 4)[copyIndex()], 1), 15))]" - } - } - }, - { - "copy": { - "name": "jobSchedules_OfficeContainers", - "count": "[length(range(0, 4))]" - }, - "condition": "[contains(parameters('fslogixContainerType'), 'Office')]", - "type": "Microsoft.Automation/automationAccounts/jobSchedules", - "apiVersion": "2022-08-08", - "name": "[format('{0}/{1}', parameters('automationAccountName'), guid(parameters('timestamp'), parameters('runbookName'), parameters('storageAccountName'), 'OfficeContainers', string(range(0, 4)[copyIndex()])))]", - "properties": { - "parameters": { - "environment": "[parameters('environment')]", - "FileShareName": "office-containers", - "resourceGroupName": "[parameters('resourceGroupName')]", - "storageAccountName": "[parameters('storageAccountName')]", - "subscriptionId": "[parameters('subscriptionId')]" - }, - "runbook": { - "name": "[parameters('runbookName')]" - }, - "runOn": null, - "schedule": { - "name": "[format('{0}_OfficeContainers_{1}min', parameters('storageAccountName'), mul(add(range(0, 4)[copyIndex()], 1), 15))]" - } - } - } - ] - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Resources/deployments', format('Runbook_QuotaScaling_{0}', parameters('timestamp')))]", - "schedules" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('RoleAssignment_Storage_{0}', parameters('timestamp'))]", - "resourceGroup": "[parameters('storageResourceGroupName')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "PrincipalId": { - "value": "[reference(resourceId('Microsoft.Automation/automationAccounts', parameters('automationAccountName')), '2022-08-08', 'full').identity.principalId]" - }, - "PrincipalType": { - "value": "ServicePrincipal" - }, - "RoleDefinitionId": { - "value": "17d1049b-9a84-46fb-8f53-869881c3d3ab" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "936749082468094105" - } - }, - "parameters": { - "PrincipalId": { - "type": "string" - }, - "PrincipalType": { - "type": "string" - }, - "RoleDefinitionId": { - "type": "string" - } - }, - "resources": [ - { - "type": "Microsoft.Authorization/roleAssignments", - "apiVersion": "2022-04-01", - "name": "[guid(parameters('PrincipalId'), parameters('RoleDefinitionId'), resourceGroup().id)]", - "properties": { - "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', parameters('RoleDefinitionId'))]", - "principalId": "[parameters('PrincipalId')]", - "principalType": "[parameters('PrincipalType')]" - } - } - ] - } - } - } - ] - } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('FslogixNtfsPermissions_{0}', parameters('timestamp')))]" - ] - } - ] - } - } - } - ], - "outputs": { - "netAppShares": { - "type": "array", - "value": "[if(equals(parameters('storageService'), 'AzureNetAppFiles'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupStorage')), 'Microsoft.Resources/deployments', format('AzureNetAppFiles_{0}', parameters('timestamp'))), '2022-09-01').outputs.fileShares.value, createArray('None'))]" - } - } - } - }, - "dependsOn": [ - "[subscriptionResourceId('Microsoft.Resources/deployments', format('ControlPlane_{0}', parameters('timestamp')))]", - "[subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp')))]", - "[subscriptionResourceId('Microsoft.Resources/deployments', format('Management_{0}', parameters('timestamp')))]", - "[subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp')))]", - "[subscriptionResourceId('Microsoft.Resources/deployments', format('Network_ControlPlane_{0}', parameters('timestamp')))]", - "[subscriptionResourceId('Microsoft.Resources/deployments', format('Network_Hosts_{0}', parameters('timestamp')))]", - "rgs" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('SessionHosts_{0}', parameters('timestamp'))]", - "location": "[deployment().location]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "acceleratedNetworking": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Management_{0}', parameters('timestamp'))), '2022-09-01').outputs.validateAcceleratedNetworking.value]" - }, - "activeDirectorySolution": { - "value": "[parameters('activeDirectorySolution')]" - }, - "artifactsUri": { - "value": "[variables('artifactsUri')]" - }, - "artifactsUserAssignedIdentityClientId": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Management_{0}', parameters('timestamp'))), '2022-09-01').outputs.artifactsUserAssignedIdentityClientId.value]" - }, - "artifactsUserAssignedIdentityResourceId": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Management_{0}', parameters('timestamp'))), '2022-09-01').outputs.artifactsUserAssignedIdentityResourceId.value]" - }, - "automationAccountName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.automationAccountName]" - }, - "availability": { - "value": "[parameters('availability')]" - }, - "availabilitySetNamePrefix": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.availabilitySetNamePrefix]" - }, - "availabilitySetsCount": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp'))), '2022-09-01').outputs.availabilitySetsCount.value]" - }, - "availabilitySetsIndex": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp'))), '2022-09-01').outputs.beginAvSetRange.value]" - }, - "availabilityZones": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Management_{0}', parameters('timestamp'))), '2022-09-01').outputs.validateAvailabilityZones.value]" - }, - "avdAgentBootLoaderMsiName": { - "value": "[parameters('avdAgentBootLoaderMsiName')]" - }, - "avdAgentMsiName": { - "value": "[parameters('avdAgentMsiName')]" - }, - "dataCollectionRuleAssociationName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.dataCollectionRuleAssociationName]" - }, - "dataCollectionRuleResourceId": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Management_{0}', parameters('timestamp'))), '2022-09-01').outputs.dataCollectionRuleResourceId.value]" - }, - "deploymentUserAssignedIdentityClientId": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Management_{0}', parameters('timestamp'))), '2022-09-01').outputs.deploymentUserAssignedIdentityClientId.value]" - }, - "diskEncryptionSetResourceId": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Management_{0}', parameters('timestamp'))), '2022-09-01').outputs.diskEncryptionSetResourceId.value]" - }, - "diskNamePrefix": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.diskNamePrefix]" - }, - "diskSku": { - "value": "[parameters('diskSku')]" - }, - "divisionRemainderValue": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp'))), '2022-09-01').outputs.divisionRemainderValue.value]" - }, - "domainJoinPassword": { - "value": "[parameters('domainJoinPassword')]" - }, - "domainJoinUserPrincipalName": { - "value": "[parameters('domainJoinUserPrincipalName')]" - }, - "domainName": { - "value": "[parameters('domainName')]" - }, - "drainMode": { - "value": "[parameters('drainMode')]" - }, - "enableRecoveryServices": { - "value": "[parameters('recoveryServices')]" - }, - "enableScalingTool": { - "value": "[parameters('scalingTool')]" - }, - "fslogix": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp'))), '2022-09-01').outputs.fslogix.value]" - }, - "fslogixContainerType": { - "value": "[parameters('fslogixContainerType')]" - }, - "hostPoolName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.hostPoolName]" - }, - "hostPoolType": { - "value": "[parameters('hostPoolType')]" - }, - "hybridRunbookWorkerGroupName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Management_{0}', parameters('timestamp'))), '2022-09-01').outputs.hybridRunbookWorkerGroupName.value]" - }, - "imageOffer": { - "value": "[parameters('imageOffer')]" - }, - "imagePublisher": { - "value": "[parameters('imagePublisher')]" - }, - "imageSku": { - "value": "[parameters('imageSku')]" - }, - "imageVersionResourceId": { - "value": "[parameters('imageVersionResourceId')]" - }, - "location": { - "value": "[parameters('locationVirtualMachines')]" - }, - "logAnalyticsWorkspaceName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.logAnalyticsWorkspaceName]" - }, - "managementVirtualMachineName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Management_{0}', parameters('timestamp'))), '2022-09-01').outputs.virtualMachineName.value]" - }, - "maxResourcesPerTemplateDeployment": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp'))), '2022-09-01').outputs.maxResourcesPerTemplateDeployment.value]" - }, - "monitoring": { - "value": "[parameters('monitoring')]" - }, - "netAppFileShares": "[if(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp'))), '2022-09-01').outputs.fslogix.value, createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('FSLogix_{0}', parameters('timestamp'))), '2022-09-01').outputs.netAppShares.value), createObject('value', createArray('None')))]", - "networkInterfaceNamePrefix": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.networkInterfaceNamePrefix]" - }, - "networkName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.networkName.value]" - }, - "organizationalUnitPath": { - "value": "[parameters('organizationalUnitPath')]" - }, - "pooledHostPool": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp'))), '2022-09-01').outputs.pooledHostPool.value]" - }, - "recoveryServicesVaultName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.recoveryServicesVaultName]" - }, - "resourceGroupControlPlane": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.resourceGroupControlPlane]" - }, - "resourceGroupHosts": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.resourceGroupHosts]" - }, - "resourceGroupManagement": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.resourceGroupManagement]" - }, - "roleDefinitions": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp'))), '2022-09-01').outputs.roleDefinitions.value]" - }, - "scalingBeginPeakTime": { - "value": "[parameters('scalingBeginPeakTime')]" - }, - "scalingEndPeakTime": { - "value": "[parameters('scalingEndPeakTime')]" - }, - "scalingLimitSecondsToForceLogOffUser": { - "value": "[parameters('scalingLimitSecondsToForceLogOffUser')]" - }, - "scalingMinimumNumberOfRdsh": { - "value": "[parameters('scalingMinimumNumberOfRdsh')]" - }, - "scalingSessionThresholdPerCPU": { - "value": "[parameters('scalingSessionThresholdPerCPU')]" - }, - "securityPrincipalObjectIds": { - "value": "[map(parameters('securityPrincipals'), lambda('item', lambdaVariables('item').objectId))]" - }, - "securityLogAnalyticsWorkspaceResourceId": { - "value": "[parameters('securityLogAnalyticsWorkspaceResourceId')]" - }, - "serviceName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.serviceName.value]" - }, - "sessionHostBatchCount": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp'))), '2022-09-01').outputs.sessionHostBatchCount.value]" - }, - "sessionHostIndex": { - "value": "[parameters('sessionHostIndex')]" - }, - "storageAccountPrefix": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.storageAccountNamePrefix]" - }, - "storageCount": { - "value": "[parameters('storageCount')]" - }, - "storageIndex": { - "value": "[parameters('storageIndex')]" - }, - "storageService": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp'))), '2022-09-01').outputs.storageService.value]" - }, - "storageSuffix": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp'))), '2022-09-01').outputs.storageSuffix.value]" - }, - "subnet": "[if(equals(length(variables('deploymentLocations')), 1), createObject('value', split(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Network_ControlPlane_{0}', parameters('timestamp'))), '2022-09-01').outputs.subnetResourceId.value, '/')[10]), createObject('value', split(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Network_Hosts_{0}', parameters('timestamp'))), '2022-09-01').outputs.subnetResourceId.value, '/')[10]))]", - "tags": { - "value": "[parameters('tags')]" - }, - "timeDifference": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp'))), '2022-09-01').outputs.timeDifference.value]" - }, - "timestamp": { - "value": "[parameters('timestamp')]" - }, - "timeZone": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp'))), '2022-09-01').outputs.timeZone.value]" - }, - "virtualMachineMonitoringAgent": { - "value": "[parameters('virtualMachineMonitoringAgent')]" - }, - "virtualMachineNamePrefix": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.virtualMachineNamePrefix]" - }, - "virtualMachinePassword": { - "value": "[parameters('virtualMachinePassword')]" - }, - "virtualMachineSize": { - "value": "[parameters('virtualMachineSize')]" - }, - "virtualMachineUsername": { - "value": "[parameters('virtualMachineUsername')]" - }, - "virtualNetwork": "[if(equals(length(variables('deploymentLocations')), 1), createObject('value', split(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Network_ControlPlane_{0}', parameters('timestamp'))), '2022-09-01').outputs.subnetResourceId.value, '/')[8]), createObject('value', split(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Network_Hosts_{0}', parameters('timestamp'))), '2022-09-01').outputs.subnetResourceId.value, '/')[8]))]", - "virtualNetworkResourceGroup": "[if(equals(length(variables('deploymentLocations')), 1), createObject('value', split(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Network_ControlPlane_{0}', parameters('timestamp'))), '2022-09-01').outputs.subnetResourceId.value, '/')[4]), createObject('value', split(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Network_Hosts_{0}', parameters('timestamp'))), '2022-09-01').outputs.subnetResourceId.value, '/')[4]))]" - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "14078041054613249102" - } - }, - "parameters": { - "acceleratedNetworking": { - "type": "string" - }, - "activeDirectorySolution": { - "type": "string" - }, - "artifactsUri": { - "type": "string" - }, - "artifactsUserAssignedIdentityClientId": { - "type": "string" - }, - "artifactsUserAssignedIdentityResourceId": { - "type": "string" - }, - "automationAccountName": { - "type": "string" - }, - "availability": { - "type": "string" - }, - "availabilitySetNamePrefix": { - "type": "string" - }, - "availabilitySetsCount": { - "type": "int" - }, - "availabilitySetsIndex": { - "type": "int" - }, - "availabilityZones": { - "type": "array" - }, - "avdAgentBootLoaderMsiName": { - "type": "string" - }, - "avdAgentMsiName": { - "type": "string" - }, - "dataCollectionRuleAssociationName": { - "type": "string" - }, - "dataCollectionRuleResourceId": { - "type": "string" - }, - "deploymentUserAssignedIdentityClientId": { - "type": "string" - }, - "diskEncryptionSetResourceId": { - "type": "string" - }, - "diskNamePrefix": { - "type": "string" - }, - "diskSku": { - "type": "string" - }, - "divisionRemainderValue": { - "type": "int" - }, - "domainJoinPassword": { - "type": "securestring" - }, - "domainJoinUserPrincipalName": { - "type": "string" - }, - "domainName": { - "type": "string" - }, - "drainMode": { - "type": "bool" - }, - "fslogix": { - "type": "bool" - }, - "fslogixContainerType": { - "type": "string" - }, - "hostPoolName": { - "type": "string" - }, - "hostPoolType": { - "type": "string" - }, - "hybridRunbookWorkerGroupName": { - "type": "string" - }, - "imageOffer": { - "type": "string" - }, - "imagePublisher": { - "type": "string" - }, - "imageSku": { - "type": "string" - }, - "imageVersionResourceId": { - "type": "string" - }, - "location": { - "type": "string" - }, - "logAnalyticsWorkspaceName": { - "type": "string" - }, - "managementVirtualMachineName": { - "type": "string" - }, - "maxResourcesPerTemplateDeployment": { - "type": "int" - }, - "monitoring": { - "type": "bool" - }, - "netAppFileShares": { - "type": "array" - }, - "networkInterfaceNamePrefix": { - "type": "string" - }, - "networkName": { - "type": "string" - }, - "organizationalUnitPath": { - "type": "string" - }, - "pooledHostPool": { - "type": "bool" - }, - "enableRecoveryServices": { - "type": "bool" - }, - "enableScalingTool": { - "type": "bool" - }, - "recoveryServicesVaultName": { - "type": "string" - }, - "resourceGroupControlPlane": { - "type": "string" - }, - "resourceGroupHosts": { - "type": "string" - }, - "resourceGroupManagement": { - "type": "string" - }, - "roleDefinitions": { - "type": "object" - }, - "scalingBeginPeakTime": { - "type": "string" - }, - "scalingEndPeakTime": { - "type": "string" - }, - "scalingLimitSecondsToForceLogOffUser": { - "type": "string" - }, - "scalingMinimumNumberOfRdsh": { - "type": "string" - }, - "scalingSessionThresholdPerCPU": { - "type": "string" - }, - "securityPrincipalObjectIds": { - "type": "array" - }, - "securityLogAnalyticsWorkspaceResourceId": { - "type": "string" - }, - "serviceName": { - "type": "string" - }, - "sessionHostBatchCount": { - "type": "int" - }, - "sessionHostIndex": { - "type": "int" - }, - "storageAccountPrefix": { - "type": "string" - }, - "storageCount": { - "type": "int" - }, - "storageIndex": { - "type": "int" - }, - "storageService": { - "type": "string" - }, - "storageSuffix": { - "type": "string" - }, - "subnet": { - "type": "string" - }, - "tags": { - "type": "object" - }, - "timeDifference": { - "type": "string" - }, - "timestamp": { - "type": "string" - }, - "timeZone": { - "type": "string" - }, - "virtualMachineMonitoringAgent": { - "type": "string" - }, - "virtualMachineNamePrefix": { - "type": "string" - }, - "virtualMachinePassword": { - "type": "securestring" - }, - "virtualMachineSize": { - "type": "string" - }, - "virtualMachineUsername": { - "type": "string" - }, - "virtualNetwork": { - "type": "string" - }, - "virtualNetworkResourceGroup": { - "type": "string" - } - }, - "variables": { - "tagsAutomationAccounts": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupManagement'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.Automation/automationAccounts'), parameters('tags')['Microsoft.Automation/automationAccounts'], createObject()))]", - "tagsAvailabilitySets": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupManagement'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.Compute/availabilitySets'), parameters('tags')['Microsoft.Compute/availabilitySets'], createObject()))]", - "tagsNetworkInterfaces": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupManagement'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.Network/networkInterfaces'), parameters('tags')['Microsoft.Network/networkInterfaces'], createObject()))]", - "tagsRecoveryServicesVault": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupManagement'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.recoveryServices/vaults'), parameters('tags')['Microsoft.recoveryServices/vaults'], createObject()))]", - "tagsVirtualMachines": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupManagement'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), parameters('tags')['Microsoft.Compute/virtualMachines'], createObject()))]" - }, - "resources": [ - { - "condition": "[and(parameters('pooledHostPool'), equals(parameters('availability'), 'availabilitySets'))]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('availabilitySets_{0}', parameters('timestamp'))]", - "resourceGroup": "[parameters('resourceGroupHosts')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "availabilitySetNamePrefix": { - "value": "[parameters('availabilitySetNamePrefix')]" - }, - "availabilitySetsCount": { - "value": "[parameters('availabilitySetsCount')]" - }, - "availabilitySetsIndex": { - "value": "[parameters('availabilitySetsIndex')]" - }, - "location": { - "value": "[parameters('location')]" - }, - "tagsAvailabilitySets": { - "value": "[variables('tagsAvailabilitySets')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "277818289187459275" - } - }, - "parameters": { - "availabilitySetNamePrefix": { - "type": "string" - }, - "availabilitySetsCount": { - "type": "int" - }, - "availabilitySetsIndex": { - "type": "int" - }, - "location": { - "type": "string" - }, - "tagsAvailabilitySets": { - "type": "object" - } - }, - "resources": [ - { - "copy": { - "name": "availabilitySets", - "count": "[length(range(0, parameters('availabilitySetsCount')))]" - }, - "type": "Microsoft.Compute/availabilitySets", - "apiVersion": "2019-07-01", - "name": "[format('{0}{1}', parameters('availabilitySetNamePrefix'), padLeft(add(range(0, parameters('availabilitySetsCount'))[copyIndex()], parameters('availabilitySetsIndex')), 2, '0'))]", - "location": "[parameters('location')]", - "tags": "[parameters('tagsAvailabilitySets')]", - "sku": { - "name": "Aligned" - }, - "properties": { - "platformUpdateDomainCount": 5, - "platformFaultDomainCount": 2 - } - } - ] - } - } - }, - { - "copy": { - "name": "roleAssignments", - "count": "[length(range(0, length(parameters('securityPrincipalObjectIds'))))]" - }, - "condition": "[not(contains(parameters('activeDirectorySolution'), 'DomainServices'))]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('RoleAssignments_{0}_{1}', range(0, length(parameters('securityPrincipalObjectIds')))[copyIndex()], parameters('timestamp'))]", - "resourceGroup": "[parameters('resourceGroupHosts')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "PrincipalId": { - "value": "[parameters('securityPrincipalObjectIds')[range(0, length(parameters('securityPrincipalObjectIds')))[copyIndex()]]]" - }, - "PrincipalType": { - "value": "Group" - }, - "RoleDefinitionId": { - "value": "[parameters('roleDefinitions').VirtualMachineUserLogin]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "936749082468094105" - } - }, - "parameters": { - "PrincipalId": { - "type": "string" - }, - "PrincipalType": { - "type": "string" - }, - "RoleDefinitionId": { - "type": "string" - } - }, - "resources": [ - { - "type": "Microsoft.Authorization/roleAssignments", - "apiVersion": "2022-04-01", - "name": "[guid(parameters('PrincipalId'), parameters('RoleDefinitionId'), resourceGroup().id)]", - "properties": { - "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', parameters('RoleDefinitionId'))]", - "principalId": "[parameters('PrincipalId')]", - "principalType": "[parameters('PrincipalType')]" - } - } - ] - } - } - }, - { - "copy": { - "name": "virtualMachines", - "count": "[length(range(1, parameters('sessionHostBatchCount')))]", - "mode": "serial", - "batchSize": 1 - }, - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('VirtualMachines_{0}_{1}', sub(range(1, parameters('sessionHostBatchCount'))[copyIndex()], 1), parameters('timestamp'))]", - "resourceGroup": "[parameters('resourceGroupHosts')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "acceleratedNetworking": { - "value": "[parameters('acceleratedNetworking')]" - }, - "activeDirectorySolution": { - "value": "[parameters('activeDirectorySolution')]" - }, - "artifactsUri": { - "value": "[parameters('artifactsUri')]" - }, - "artifactsUserAssignedIdentityClientId": { - "value": "[parameters('artifactsUserAssignedIdentityClientId')]" - }, - "artifactsUserAssignedIdentityResourceId": { - "value": "[parameters('artifactsUserAssignedIdentityResourceId')]" - }, - "availability": { - "value": "[parameters('availability')]" - }, - "availabilitySetNamePrefix": { - "value": "[parameters('availabilitySetNamePrefix')]" - }, - "availabilityZones": { - "value": "[parameters('availabilityZones')]" - }, - "avdAgentBootLoaderMsiName": { - "value": "[parameters('avdAgentBootLoaderMsiName')]" - }, - "avdAgentMsiName": { - "value": "[parameters('avdAgentMsiName')]" - }, - "batchCount": { - "value": "[range(1, parameters('sessionHostBatchCount'))[copyIndex()]]" - }, - "dataCollectionRuleAssociationName": { - "value": "[parameters('dataCollectionRuleAssociationName')]" - }, - "dataCollectionRuleResourceId": { - "value": "[parameters('dataCollectionRuleResourceId')]" - }, - "deploymentUserAssignedidentityClientId": { - "value": "[parameters('deploymentUserAssignedIdentityClientId')]" - }, - "diskEncryptionSetResourceId": { - "value": "[parameters('diskEncryptionSetResourceId')]" - }, - "diskNamePrefix": { - "value": "[parameters('diskNamePrefix')]" - }, - "diskSku": { - "value": "[parameters('diskSku')]" - }, - "domainJoinPassword": { - "value": "[parameters('domainJoinPassword')]" - }, - "domainJoinUserPrincipalName": { - "value": "[parameters('domainJoinUserPrincipalName')]" - }, - "domainName": { - "value": "[parameters('domainName')]" - }, - "enableDrainMode": { - "value": "[parameters('drainMode')]" - }, - "fslogix": { - "value": "[parameters('fslogix')]" - }, - "fslogixContainerType": { - "value": "[parameters('fslogixContainerType')]" - }, - "hostPoolName": { - "value": "[parameters('hostPoolName')]" - }, - "hostPoolType": { - "value": "[parameters('hostPoolType')]" - }, - "imageVersionResourceId": { - "value": "[parameters('imageVersionResourceId')]" - }, - "imageOffer": { - "value": "[parameters('imageOffer')]" - }, - "imagePublisher": { - "value": "[parameters('imagePublisher')]" - }, - "imageSku": { - "value": "[parameters('imageSku')]" - }, - "location": { - "value": "[parameters('location')]" - }, - "logAnalyticsWorkspaceName": { - "value": "[parameters('logAnalyticsWorkspaceName')]" - }, - "managementVirtualMachineName": { - "value": "[parameters('managementVirtualMachineName')]" - }, - "monitoring": { - "value": "[parameters('monitoring')]" - }, - "netAppFileShares": { - "value": "[parameters('netAppFileShares')]" - }, - "networkInterfaceNamePrefix": { - "value": "[parameters('networkInterfaceNamePrefix')]" - }, - "networkName": { - "value": "[parameters('networkName')]" - }, - "organizationalUnitPath": { - "value": "[parameters('organizationalUnitPath')]" - }, - "resourceGroupControlPlane": { - "value": "[parameters('resourceGroupControlPlane')]" - }, - "resourceGroupManagement": { - "value": "[parameters('resourceGroupManagement')]" - }, - "securityLogAnalyticsWorkspaceResourceId": { - "value": "[parameters('securityLogAnalyticsWorkspaceResourceId')]" - }, - "serviceName": { - "value": "[parameters('serviceName')]" - }, - "sessionHostCount": "[if(and(equals(range(1, parameters('sessionHostBatchCount'))[copyIndex()], parameters('sessionHostBatchCount')), greater(parameters('divisionRemainderValue'), 0)), createObject('value', parameters('divisionRemainderValue')), createObject('value', parameters('maxResourcesPerTemplateDeployment')))]", - "sessionHostIndex": "[if(equals(range(1, parameters('sessionHostBatchCount'))[copyIndex()], 1), createObject('value', parameters('sessionHostIndex')), createObject('value', add(mul(sub(range(1, parameters('sessionHostBatchCount'))[copyIndex()], 1), parameters('maxResourcesPerTemplateDeployment')), parameters('sessionHostIndex'))))]", - "storageAccountPrefix": { - "value": "[parameters('storageAccountPrefix')]" - }, - "storageCount": { - "value": "[parameters('storageCount')]" - }, - "storageIndex": { - "value": "[parameters('storageIndex')]" - }, - "storageService": { - "value": "[parameters('storageService')]" - }, - "storageSuffix": { - "value": "[parameters('storageSuffix')]" - }, - "subnet": { - "value": "[parameters('subnet')]" - }, - "tagsNetworkInterfaces": { - "value": "[variables('tagsNetworkInterfaces')]" - }, - "tagsVirtualMachines": { - "value": "[variables('tagsVirtualMachines')]" - }, - "timestamp": { - "value": "[parameters('timestamp')]" - }, - "virtualMachineMonitoringAgent": { - "value": "[parameters('virtualMachineMonitoringAgent')]" - }, - "virtualMachineNamePrefix": { - "value": "[parameters('virtualMachineNamePrefix')]" - }, - "virtualMachinePassword": { - "value": "[parameters('virtualMachinePassword')]" - }, - "virtualMachineSize": { - "value": "[parameters('virtualMachineSize')]" - }, - "virtualMachineUsername": { - "value": "[parameters('virtualMachineUsername')]" - }, - "virtualNetwork": { - "value": "[parameters('virtualNetwork')]" - }, - "virtualNetworkResourceGroup": { - "value": "[parameters('virtualNetworkResourceGroup')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "8226665117861379575" - } - }, - "parameters": { - "artifactsUri": { - "type": "string" - }, - "artifactsUserAssignedIdentityClientId": { - "type": "string" - }, - "artifactsUserAssignedIdentityResourceId": { - "type": "string" - }, - "acceleratedNetworking": { - "type": "string" - }, - "activeDirectorySolution": { - "type": "string" - }, - "availability": { - "type": "string" - }, - "availabilitySetNamePrefix": { - "type": "string" - }, - "availabilityZones": { - "type": "array" - }, - "avdAgentBootLoaderMsiName": { - "type": "string" - }, - "avdAgentMsiName": { - "type": "string" - }, - "batchCount": { - "type": "int" - }, - "dataCollectionRuleAssociationName": { - "type": "string" - }, - "dataCollectionRuleResourceId": { - "type": "string" - }, - "deploymentUserAssignedidentityClientId": { - "type": "string" - }, - "diskEncryptionSetResourceId": { - "type": "string" - }, - "diskNamePrefix": { - "type": "string" - }, - "diskSku": { - "type": "string" - }, - "domainJoinPassword": { - "type": "securestring" - }, - "domainJoinUserPrincipalName": { - "type": "string" - }, - "domainName": { - "type": "string" - }, - "enableDrainMode": { - "type": "bool" - }, - "fslogix": { - "type": "bool" - }, - "fslogixContainerType": { - "type": "string" - }, - "hostPoolName": { - "type": "string" - }, - "hostPoolType": { - "type": "string" - }, - "imageOffer": { - "type": "string" - }, - "imagePublisher": { - "type": "string" - }, - "imageSku": { - "type": "string" - }, - "imageVersionResourceId": { - "type": "string" - }, - "location": { - "type": "string" - }, - "logAnalyticsWorkspaceName": { - "type": "string" - }, - "managementVirtualMachineName": { - "type": "string" - }, - "monitoring": { - "type": "bool" - }, - "netAppFileShares": { - "type": "array" - }, - "networkInterfaceNamePrefix": { - "type": "string" - }, - "networkName": { - "type": "string" - }, - "organizationalUnitPath": { - "type": "string" - }, - "resourceGroupControlPlane": { - "type": "string" - }, - "resourceGroupManagement": { - "type": "string" - }, - "securityLogAnalyticsWorkspaceResourceId": { - "type": "string" - }, - "serviceName": { - "type": "string" - }, - "sessionHostCount": { - "type": "int" - }, - "sessionHostIndex": { - "type": "int" - }, - "storageAccountPrefix": { - "type": "string" - }, - "storageCount": { - "type": "int" - }, - "storageIndex": { - "type": "int" - }, - "storageService": { - "type": "string" - }, - "storageSuffix": { - "type": "string" - }, - "subnet": { - "type": "string" - }, - "tagsNetworkInterfaces": { - "type": "object" - }, - "tagsVirtualMachines": { - "type": "object" - }, - "timestamp": { - "type": "string" - }, - "virtualMachineMonitoringAgent": { - "type": "string" - }, - "virtualMachineNamePrefix": { - "type": "string" - }, - "virtualMachinePassword": { - "type": "securestring" - }, - "virtualMachineSize": { - "type": "string" - }, - "virtualMachineUsername": { - "type": "string" - }, - "virtualNetwork": { - "type": "string" - }, - "virtualNetworkResourceGroup": { - "type": "string" - } - }, - "variables": { - "amdVmSize": "[contains(variables('amdVmSizes'), parameters('virtualMachineSize'))]", - "amdVmSizes": [ - "Standard_NV4as_v4", - "Standard_NV8as_v4", - "Standard_NV16as_v4", - "Standard_NV32as_v4" - ], - "fslogixExclusions": "[format('\"%TEMP%\\*\\*.VHDX\";\"%Windir%\\TEMP\\*\\*.VHDX\"{0}{1}{2}', variables('fslogixExclusionsCloudCache'), variables('fslogixExclusionsProfileContainers'), variables('fslogixExclusionsOfficeContainers'))]", - "fslogixExclusionsCloudCache": "[if(contains(parameters('fslogixContainerType'), 'CloudCache'), ';\"%ProgramData%\\fslogix\\Cache\\*\";\"%ProgramData%\\fslogix\\Proxy\\*\"', '')]", - "fslogixExclusionsOfficeContainers": "[if(contains(parameters('fslogixContainerType'), 'Office'), format(';\"{0}\";\"{1}.lock\";\"{2}.meta\";\"{3}.metadata\"', variables('fslogixOfficeShare'), variables('fslogixOfficeShare'), variables('fslogixOfficeShare'), variables('fslogixOfficeShare')), '')]", - "fslogixExclusionsProfileContainers": "[format(';\"{0}\";\"{1}.lock\";\"{2}.meta\";\"{3}.metadata\"', variables('fslogixProfileShare'), variables('fslogixProfileShare'), variables('fslogixProfileShare'), variables('fslogixProfileShare'))]", - "fslogixOfficeShare": "[format('\\\\{0}??.file.{1}\\office-containers\\*\\*.VHDX', parameters('storageAccountPrefix'), parameters('storageSuffix'))]", - "fslogixProfileShare": "[format('\\\\{0}??.file.{1}\\profile-containers\\*\\*.VHDX', parameters('storageAccountPrefix'), parameters('storageSuffix'))]", - "imageReference": "[if(empty(parameters('imageVersionResourceId')), createObject('publisher', parameters('imagePublisher'), 'offer', parameters('imageOffer'), 'sku', parameters('imageSku'), 'version', 'latest'), createObject('id', parameters('imageVersionResourceId')))]", - "intune": "[contains(parameters('activeDirectorySolution'), 'intuneEnrollment')]", - "nvidiaVmSize": "[contains(variables('nvidiaVmSizes'), parameters('virtualMachineSize'))]", - "nvidiaVmSizes": [ - "Standard_NV6", - "Standard_NV12", - "Standard_NV24", - "Standard_NV12s_v3", - "Standard_NV24s_v3", - "Standard_NV48s_v3", - "Standard_NC4as_T4_v3", - "Standard_NC8as_T4_v3", - "Standard_NC16as_T4_v3", - "Standard_NC64as_T4_v3", - "Standard_NV6ads_A10_v5", - "Standard_NV12ads_A10_v5", - "Standard_NV18ads_A10_v5", - "Standard_NV36ads_A10_v5", - "Standard_NV36adms_A10_v5", - "Standard_NV72ads_A10_v5" - ], - "pooledHostPool": "[equals(split(parameters('hostPoolType'), ' ')[0], 'Pooled')]", - "securitylogAnalyticsWorkspaceName": "[if(variables('securityMonitoring'), split(parameters('securityLogAnalyticsWorkspaceResourceId'), '/')[8], '')]", - "securityLogAnalyticsWorkspaceResourceGroupName": "[if(variables('securityMonitoring'), split(parameters('securityLogAnalyticsWorkspaceResourceId'), '/')[4], resourceGroup().name)]", - "securityLogAnalyticsWorkspaceSubscriptionId": "[if(variables('securityMonitoring'), split(parameters('securityLogAnalyticsWorkspaceResourceId'), '/')[2], subscription().subscriptionId)]", - "securityMonitoring": "[if(empty(parameters('securityLogAnalyticsWorkspaceResourceId')), false(), true())]", - "sessionHostNamePrefix": "[replace(parameters('virtualMachineNamePrefix'), format('{0}{1}', parameters('serviceName'), parameters('networkName')), '')]" - }, - "resources": [ - { - "copy": { - "name": "networkInterface", - "count": "[length(range(0, parameters('sessionHostCount')))]" - }, - "type": "Microsoft.Network/networkInterfaces", - "apiVersion": "2020-05-01", - "name": "[format('{0}-{1}', replace(parameters('networkInterfaceNamePrefix'), format('-{0}', parameters('serviceName')), ''), padLeft(add(range(0, parameters('sessionHostCount'))[copyIndex()], parameters('sessionHostIndex')), 4, '0'))]", - "location": "[parameters('location')]", - "tags": "[parameters('tagsNetworkInterfaces')]", - "properties": { - "ipConfigurations": [ - { - "name": "ipconfig", - "properties": { - "privateIPAllocationMethod": "Dynamic", - "subnet": { - "id": "[resourceId(subscription().subscriptionId, parameters('virtualNetworkResourceGroup'), 'Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetwork'), parameters('subnet'))]" - }, - "primary": true, - "privateIPAddressVersion": "IPv4" - } - } - ], - "enableAcceleratedNetworking": "[if(equals(parameters('acceleratedNetworking'), 'True'), true(), false())]", - "enableIPForwarding": false - } - }, - { - "copy": { - "name": "virtualMachine", - "count": "[length(range(0, parameters('sessionHostCount')))]" - }, - "type": "Microsoft.Compute/virtualMachines", - "apiVersion": "2021-03-01", - "name": "[format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[copyIndex()], parameters('sessionHostIndex')), 4, '0'))]", - "location": "[parameters('location')]", - "tags": "[parameters('tagsVirtualMachines')]", - "zones": "[if(equals(parameters('availability'), 'AvailabilityZones'), createArray(parameters('availabilityZones')[mod(range(0, parameters('sessionHostCount'))[copyIndex()], length(parameters('availabilityZones')))]), null())]", - "identity": { - "type": "UserAssigned", - "userAssignedIdentities": { - "[format('{0}', parameters('artifactsUserAssignedIdentityResourceId'))]": {} - } - }, - "properties": { - "availabilitySet": "[if(equals(parameters('availability'), 'AvailabilitySets'), createObject('id', resourceId('Microsoft.Compute/availabilitySets', format('{0}{1}', parameters('availabilitySetNamePrefix'), padLeft(div(add(range(0, parameters('sessionHostCount'))[copyIndex()], parameters('sessionHostIndex')), 200), 2, '0')))), null())]", - "hardwareProfile": { - "vmSize": "[parameters('virtualMachineSize')]" - }, - "storageProfile": { - "imageReference": "[variables('imageReference')]", - "osDisk": { - "name": "[format('{0}-{1}', replace(parameters('diskNamePrefix'), format('-{0}', parameters('serviceName')), ''), padLeft(add(range(0, parameters('sessionHostCount'))[copyIndex()], parameters('sessionHostIndex')), 4, '0'))]", - "osType": "Windows", - "createOption": "FromImage", - "caching": "ReadWrite", - "deleteOption": "Delete", - "managedDisk": { - "diskEncryptionSet": { - "id": "[parameters('diskEncryptionSetResourceId')]" - }, - "storageAccountType": "[parameters('diskSku')]" - } - }, - "dataDisks": [] - }, - "osProfile": { - "computerName": "[format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[copyIndex()], parameters('sessionHostIndex')), 4, '0'))]", - "adminUsername": "[parameters('virtualMachineUsername')]", - "adminPassword": "[parameters('virtualMachinePassword')]", - "windowsConfiguration": { - "provisionVMAgent": true, - "enableAutomaticUpdates": false - }, - "secrets": [], - "allowExtensionOperations": true - }, - "networkProfile": { - "networkInterfaces": [ - { - "id": "[resourceId('Microsoft.Network/networkInterfaces', format('{0}-{1}', replace(parameters('networkInterfaceNamePrefix'), format('-{0}', parameters('serviceName')), ''), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')))]", - "properties": { - "deleteOption": "Delete" - } - } - ] - }, - "securityProfile": { - "uefiSettings": { - "secureBootEnabled": true, - "vTpmEnabled": true - }, - "securityType": "trustedLaunch", - "encryptionAtHost": true - }, - "diagnosticsProfile": { - "bootDiagnostics": { - "enabled": false - } - }, - "licenseType": "[if(equals(parameters('imagePublisher'), 'MicrosoftWindowsDesktop'), 'Windows_Client', 'Windows_Server')]" - }, - "dependsOn": [ - "networkInterface" - ] - }, - { - "copy": { - "name": "extension_IaasAntimalware", - "count": "[length(range(0, parameters('sessionHostCount')))]" - }, - "type": "Microsoft.Compute/virtualMachines/extensions", - "apiVersion": "2021-03-01", - "name": "[format('{0}/{1}', format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')), 'IaaSAntimalware')]", - "location": "[parameters('location')]", - "tags": "[parameters('tagsVirtualMachines')]", - "properties": { - "publisher": "Microsoft.Azure.Security", - "type": "IaaSAntimalware", - "typeHandlerVersion": "1.3", - "autoUpgradeMinorVersion": true, - "enableAutomaticUpgrade": false, - "settings": { - "AntimalwareEnabled": true, - "RealtimeProtectionEnabled": "true", - "ScheduledScanSettings": { - "isEnabled": "true", - "day": "7", - "time": "120", - "scanType": "Quick" - }, - "Exclusions": "[if(parameters('fslogix'), createObject('Paths', variables('fslogixExclusions')), createObject())]" - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachines', format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')))]" - ] - }, - { - "copy": { - "name": "extension_GuestAttestation", - "count": "[length(range(0, parameters('sessionHostCount')))]" - }, - "type": "Microsoft.Compute/virtualMachines/extensions", - "apiVersion": "2021-03-01", - "name": "[format('{0}/{1}', format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')), 'GuestAttestation')]", - "location": "[parameters('location')]", - "properties": { - "publisher": "Microsoft.Azure.Security.WindowsAttestation", - "type": "GuestAttestation", - "typeHandlerVersion": "1.0", - "autoUpgradeMinorVersion": true, - "settings": { - "AttestationConfig": { - "MaaSettings": { - "maaEndpoint": "", - "maaTenantName": "GuestAttestation" - }, - "AscSettings": { - "ascReportingEndpoint": "", - "ascReportingFrequency": "" - }, - "useCustomToken": "false", - "disableAlerts": "false" - } - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachines', format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')))]" - ] - }, - { - "copy": { - "name": "extension_MicrosoftMonitoringAgent", - "count": "[length(range(0, parameters('sessionHostCount')))]" - }, - "condition": "[and(parameters('monitoring'), equals(parameters('virtualMachineMonitoringAgent'), 'LogAnalyticsAgent'))]", - "type": "Microsoft.Compute/virtualMachines/extensions", - "apiVersion": "2021-03-01", - "name": "[format('{0}/{1}', format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')), 'MicrosoftmonitoringAgent')]", - "location": "[parameters('location')]", - "tags": "[parameters('tagsVirtualMachines')]", - "properties": { - "publisher": "Microsoft.EnterpriseCloud.monitoring", - "type": "MicrosoftmonitoringAgent", - "typeHandlerVersion": "1.0", - "autoUpgradeMinorVersion": true, - "settings": { - "workspaceId": "[if(parameters('monitoring'), reference(resourceId(parameters('resourceGroupManagement'), 'Microsoft.OperationalInsights/workspaces', parameters('logAnalyticsWorkspaceName')), '2015-03-20').customerId, null())]" - }, - "protectedSettings": { - "workspaceKey": "[if(parameters('monitoring'), listKeys(resourceId(parameters('resourceGroupManagement'), 'Microsoft.OperationalInsights/workspaces', parameters('logAnalyticsWorkspaceName')), '2015-03-20').primarySharedKey, null())]" - } - }, - "dependsOn": [ - "extension_IaasAntimalware", - "[resourceId('Microsoft.Compute/virtualMachines', format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')))]" - ] - }, - { - "copy": { - "name": "extension_AzureMonitorWindowsAgent", - "count": "[length(range(0, parameters('sessionHostCount')))]" - }, - "condition": "[and(parameters('monitoring'), equals(parameters('virtualMachineMonitoringAgent'), 'AzureMonitorAgent'))]", - "type": "Microsoft.Compute/virtualMachines/extensions", - "apiVersion": "2023-03-01", - "name": "[format('{0}/{1}', format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')), 'AzureMonitorWindowsAgent')]", - "location": "[parameters('location')]", - "tags": "[parameters('tagsVirtualMachines')]", - "properties": { - "publisher": "Microsoft.Azure.Monitor", - "type": "AzureMonitorWindowsAgent", - "typeHandlerVersion": "1.0", - "autoUpgradeMinorVersion": true, - "enableAutomaticUpgrade": true - }, - "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachines', format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')))]" - ] - }, - { - "copy": { - "name": "dataCollectionRuleAssociation", - "count": "[length(range(0, parameters('sessionHostCount')))]" - }, - "condition": "[and(parameters('monitoring'), equals(parameters('virtualMachineMonitoringAgent'), 'AzureMonitorAgent'))]", - "type": "Microsoft.Insights/dataCollectionRuleAssociations", - "apiVersion": "2022-06-01", - "scope": "[format('Microsoft.Compute/virtualMachines/{0}', format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')))]", - "name": "[parameters('dataCollectionRuleAssociationName')]", - "properties": { - "dataCollectionRuleId": "[parameters('dataCollectionRuleResourceId')]", - "description": "AVD Insights data collection rule association" - }, - "dependsOn": [ - "extension_AzureMonitorWindowsAgent", - "[resourceId('Microsoft.Compute/virtualMachines', format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')))]" - ] - }, - { - "copy": { - "name": "extension_CustomScriptExtension", - "count": "[length(range(0, parameters('sessionHostCount')))]" - }, - "type": "Microsoft.Compute/virtualMachines/extensions", - "apiVersion": "2021-03-01", - "name": "[format('{0}/{1}', format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')), 'CustomScriptExtension')]", - "location": "[parameters('location')]", - "tags": "[parameters('tagsVirtualMachines')]", - "properties": { - "publisher": "Microsoft.Compute", - "type": "CustomScriptExtension", - "typeHandlerVersion": "1.10", - "autoUpgradeMinorVersion": true, - "settings": { - "fileUris": [ - "[format('{0}{1}', parameters('artifactsUri'), parameters('avdAgentBootLoaderMsiName'))]", - "[format('{0}{1}', parameters('artifactsUri'), parameters('avdAgentMsiName'))]", - "[format('{0}Set-SessionHostConfiguration.ps1', parameters('artifactsUri'))]" - ], - "timestamp": "[parameters('timestamp')]" - }, - "protectedSettings": { - "commandToExecute": "[format('powershell -ExecutionPolicy Unrestricted -File Set-SessionHostConfiguration.ps1 -activeDirectorySolution {0} -amdVmSize {1} -avdAgentBootLoaderMsiName \"{2}\" -avdAgentMsiName \"{3}\" -Environment {4} -fslogix {5} -fslogixContainerType {6} -hostPoolName {7} -HostPoolRegistrationToken \"{8}\" -imageOffer {9} -imagePublisher {10} -netAppFileShares {11} -nvidiaVmSize {12} -pooledHostPool {13} -securityMonitoring {14} -SecurityWorkspaceId {15} -securityWorkspaceKey \"{16}\" -storageAccountPrefix {17} -storageCount {18} -storageIndex {19} -storageService {20} -storageSuffix {21}', parameters('activeDirectorySolution'), variables('amdVmSize'), parameters('avdAgentBootLoaderMsiName'), parameters('avdAgentMsiName'), environment().name, parameters('fslogix'), parameters('fslogixContainerType'), parameters('hostPoolName'), reference(resourceId(parameters('resourceGroupControlPlane'), 'Microsoft.DesktopVirtualization/hostpools', parameters('hostPoolName')), '2019-12-10-preview').registrationInfo.token, parameters('imageOffer'), parameters('imagePublisher'), parameters('netAppFileShares'), variables('nvidiaVmSize'), variables('pooledHostPool'), variables('securityMonitoring'), if(variables('securityMonitoring'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('securityLogAnalyticsWorkspaceSubscriptionId'), variables('securityLogAnalyticsWorkspaceResourceGroupName')), 'Microsoft.OperationalInsights/workspaces', variables('securitylogAnalyticsWorkspaceName')), '2021-06-01').customerId, 'NotApplicable'), if(variables('securityMonitoring'), listKeys(parameters('securityLogAnalyticsWorkspaceResourceId'), '2021-06-01').primarySharedKey, 'NotApplicable'), parameters('storageAccountPrefix'), parameters('storageCount'), parameters('storageIndex'), parameters('storageService'), parameters('storageSuffix'))]", - "managedidentity": { - "clientId": "[parameters('artifactsUserAssignedIdentityClientId')]" - } - } - }, - "dependsOn": [ - "dataCollectionRuleAssociation", - "extension_MicrosoftMonitoringAgent", - "[resourceId('Microsoft.Compute/virtualMachines', format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')))]" - ] - }, - { - "copy": { - "name": "extension_JsonADDomainExtension", - "count": "[length(range(0, parameters('sessionHostCount')))]" - }, - "condition": "[contains(parameters('activeDirectorySolution'), 'DomainServices')]", - "type": "Microsoft.Compute/virtualMachines/extensions", - "apiVersion": "2021-03-01", - "name": "[format('{0}/{1}', format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')), 'JsonADDomainExtension')]", - "location": "[parameters('location')]", - "tags": "[parameters('tagsVirtualMachines')]", - "properties": { - "forceUpdateTag": "[parameters('timestamp')]", - "publisher": "Microsoft.Compute", - "type": "JsonADDomainExtension", - "typeHandlerVersion": "1.3", - "autoUpgradeMinorVersion": true, - "settings": { - "Name": "[parameters('domainName')]", - "Options": "3", - "OUPath": "[parameters('organizationalUnitPath')]", - "Restart": "true", - "User": "[parameters('domainJoinUserPrincipalName')]" - }, - "protectedSettings": { - "Password": "[parameters('domainJoinPassword')]" - } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('CSE_DrainMode_{0}_{1}', parameters('batchCount'), parameters('timestamp')))]", - "[resourceId('Microsoft.Compute/virtualMachines', format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')))]" - ] - }, - { - "copy": { - "name": "extension_AADLoginForWindows", - "count": "[length(range(0, parameters('sessionHostCount')))]" - }, - "condition": "[not(contains(parameters('activeDirectorySolution'), 'DomainServices'))]", - "type": "Microsoft.Compute/virtualMachines/extensions", - "apiVersion": "2021-03-01", - "name": "[format('{0}/{1}', format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')), 'AADLoginForWindows')]", - "location": "[parameters('location')]", - "tags": "[parameters('tagsVirtualMachines')]", - "properties": { - "publisher": "Microsoft.Azure.ActiveDirectory", - "type": "AADLoginForWindows", - "typeHandlerVersion": "2.0", - "autoUpgradeMinorVersion": true, - "settings": "[if(variables('intune'), createObject('mdmId', '0000000a-0000-0000-c000-000000000000'), null())]" - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('CSE_DrainMode_{0}_{1}', parameters('batchCount'), parameters('timestamp')))]", - "[resourceId('Microsoft.Compute/virtualMachines', format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')))]" - ] - }, - { - "copy": { - "name": "extension_AmdGpuDriverWindows", - "count": "[length(range(0, parameters('sessionHostCount')))]" - }, - "condition": "[variables('amdVmSize')]", - "type": "Microsoft.Compute/virtualMachines/extensions", - "apiVersion": "2021-03-01", - "name": "[format('{0}/{1}', format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')), 'AmdGpuDriverWindows')]", - "location": "[parameters('location')]", - "tags": "[parameters('tagsVirtualMachines')]", - "properties": { - "publisher": "Microsoft.HpcCompute", - "type": "AmdGpuDriverWindows", - "typeHandlerVersion": "1.0", - "autoUpgradeMinorVersion": true, - "settings": {} - }, - "dependsOn": [ - "extension_AADLoginForWindows", - "extension_JsonADDomainExtension", - "[resourceId('Microsoft.Compute/virtualMachines', format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')))]" - ] - }, - { - "copy": { - "name": "extension_NvidiaGpuDriverWindows", - "count": "[length(range(0, parameters('sessionHostCount')))]" - }, - "condition": "[variables('nvidiaVmSize')]", - "type": "Microsoft.Compute/virtualMachines/extensions", - "apiVersion": "2021-03-01", - "name": "[format('{0}/{1}', format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')), 'NvidiaGpuDriverWindows')]", - "location": "[parameters('location')]", - "tags": "[parameters('tagsVirtualMachines')]", - "properties": { - "publisher": "Microsoft.HpcCompute", - "type": "NvidiaGpuDriverWindows", - "typeHandlerVersion": "1.2", - "autoUpgradeMinorVersion": true, - "settings": {} - }, - "dependsOn": [ - "extension_AADLoginForWindows", - "extension_JsonADDomainExtension", - "[resourceId('Microsoft.Compute/virtualMachines', format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')))]" - ] - }, - { - "condition": "[parameters('enableDrainMode')]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('CSE_DrainMode_{0}_{1}', parameters('batchCount'), parameters('timestamp'))]", - "resourceGroup": "[parameters('resourceGroupManagement')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "fileUris": { - "value": [ - "[format('{0}Set-AvdDrainMode.ps1', parameters('artifactsUri'))]" - ] - }, - "location": { - "value": "[parameters('location')]" - }, - "parameters": { - "value": "[format('-Environment {0} -hostPoolName {1} -HostPoolResourceGroupName {2} -sessionHostCount {3} -sessionHostIndex {4} -SubscriptionId {5} -TenantId {6} -userAssignedidentityClientId {7} -virtualMachineNamePrefix {8}', environment().name, parameters('hostPoolName'), parameters('resourceGroupControlPlane'), parameters('sessionHostCount'), parameters('sessionHostIndex'), subscription().subscriptionId, tenant().tenantId, parameters('deploymentUserAssignedidentityClientId'), variables('sessionHostNamePrefix'))]" - }, - "scriptFileName": { - "value": "Set-AvdDrainMode.ps1" - }, - "tags": { - "value": "[parameters('tagsVirtualMachines')]" - }, - "userAssignedIdentityClientId": { - "value": "[parameters('deploymentUserAssignedidentityClientId')]" - }, - "virtualMachineName": { - "value": "[parameters('managementVirtualMachineName')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "13331181864693511452" - } - }, - "parameters": { - "fileUris": { - "type": "array" - }, - "location": { - "type": "string" - }, - "parameters": { - "type": "securestring" - }, - "scriptFileName": { - "type": "string" - }, - "tags": { - "type": "object" - }, - "timestamp": { - "type": "string", - "defaultValue": "[utcNow('yyyyMMddhhmmss')]" - }, - "userAssignedIdentityClientId": { - "type": "string" - }, - "virtualMachineName": { - "type": "string" - } - }, - "resources": [ - { - "type": "Microsoft.Compute/virtualMachines/extensions", - "apiVersion": "2021-03-01", - "name": "[format('{0}/{1}', parameters('virtualMachineName'), 'CustomScriptExtension')]", - "location": "[parameters('location')]", - "tags": "[parameters('tags')]", - "properties": { - "publisher": "Microsoft.Compute", - "type": "CustomScriptExtension", - "typeHandlerVersion": "1.10", - "autoUpgradeMinorVersion": true, - "settings": { - "timestamp": "[parameters('timestamp')]" - }, - "protectedSettings": { - "commandToExecute": "[format('powershell -ExecutionPolicy Unrestricted -File {0} {1}', parameters('scriptFileName'), parameters('parameters'))]", - "fileUris": "[parameters('fileUris')]", - "managedIdentity": { - "clientId": "[parameters('userAssignedIdentityClientId')]" - } - } - } - } - ], - "outputs": { - "value": { - "type": "object", - "value": "[json(filter(reference(resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), 'CustomScriptExtension'), '2021-03-01').instanceView.substatuses, lambda('item', equals(lambdaVariables('item').code, 'ComponentStatus/StdOut/succeeded')))[0].message)]" - } - } - } - }, - "dependsOn": [ - "extension_CustomScriptExtension" - ] - } - ] - } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupHosts')), 'Microsoft.Resources/deployments', format('availabilitySets_{0}', parameters('timestamp')))]" - ] - }, - { - "condition": "[and(parameters('enableRecoveryServices'), contains(parameters('hostPoolType'), 'Personal'))]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('RecoveryServices_VirtualMachines_{0}', parameters('timestamp'))]", - "resourceGroup": "[parameters('resourceGroupManagement')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "divisionRemainderValue": { - "value": "[parameters('divisionRemainderValue')]" - }, - "fslogix": { - "value": "[parameters('fslogix')]" - }, - "location": { - "value": "[parameters('location')]" - }, - "maxResourcesPerTemplateDeployment": { - "value": "[parameters('maxResourcesPerTemplateDeployment')]" - }, - "recoveryServicesVaultName": { - "value": "[parameters('recoveryServicesVaultName')]" - }, - "resourceGroupHosts": { - "value": "[parameters('resourceGroupHosts')]" - }, - "resourceGroupManagement": { - "value": "[parameters('resourceGroupManagement')]" - }, - "sessionHostBatchCount": { - "value": "[parameters('sessionHostBatchCount')]" - }, - "sessionHostIndex": { - "value": "[parameters('sessionHostIndex')]" - }, - "tagsRecoveryServicesVault": { - "value": "[variables('tagsRecoveryServicesVault')]" - }, - "timestamp": { - "value": "[parameters('timestamp')]" - }, - "virtualMachineNamePrefix": { - "value": "[parameters('virtualMachineNamePrefix')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "5263294116107055661" - } - }, - "parameters": { - "divisionRemainderValue": { - "type": "int" - }, - "fslogix": { - "type": "bool" - }, - "location": { - "type": "string" - }, - "maxResourcesPerTemplateDeployment": { - "type": "int" - }, - "recoveryServicesVaultName": { - "type": "string" - }, - "resourceGroupHosts": { - "type": "string" - }, - "resourceGroupManagement": { - "type": "string" - }, - "sessionHostBatchCount": { - "type": "int" - }, - "sessionHostIndex": { - "type": "int" - }, - "tagsRecoveryServicesVault": { - "type": "object" - }, - "timestamp": { - "type": "string" - }, - "virtualMachineNamePrefix": { - "type": "string" - } - }, - "resources": [ - { - "copy": { - "name": "protectedItems_Vm", - "count": "[length(range(1, parameters('sessionHostBatchCount')))]" - }, - "condition": "[not(parameters('fslogix'))]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('BackupProtectedItems_VirtualMachines_{0}_{1}', sub(range(1, parameters('sessionHostBatchCount'))[copyIndex()], 1), parameters('timestamp'))]", - "resourceGroup": "[parameters('resourceGroupManagement')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "location": { - "value": "[parameters('location')]" - }, - "policyId": { - "value": "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.RecoveryServices/vaults/backupPolicies', parameters('recoveryServicesVaultName'), 'AvdPolicyVm')]" - }, - "recoveryServicesVaultName": { - "value": "[parameters('recoveryServicesVaultName')]" - }, - "sessionHostCount": "[if(and(equals(range(1, parameters('sessionHostBatchCount'))[copyIndex()], parameters('sessionHostBatchCount')), greater(parameters('divisionRemainderValue'), 0)), createObject('value', parameters('divisionRemainderValue')), createObject('value', parameters('maxResourcesPerTemplateDeployment')))]", - "sessionHostIndex": "[if(equals(range(1, parameters('sessionHostBatchCount'))[copyIndex()], 1), createObject('value', parameters('sessionHostIndex')), createObject('value', add(mul(sub(range(1, parameters('sessionHostBatchCount'))[copyIndex()], 1), parameters('maxResourcesPerTemplateDeployment')), parameters('sessionHostIndex'))))]", - "tags": { - "value": "[parameters('tagsRecoveryServicesVault')]" - }, - "virtualMachineNamePrefix": { - "value": "[parameters('virtualMachineNamePrefix')]" - }, - "virtualMachineResourceGroupName": { - "value": "[parameters('resourceGroupHosts')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "9717044683271821230" - } - }, - "parameters": { - "location": { - "type": "string" - }, - "policyId": { - "type": "string" - }, - "recoveryServicesVaultName": { - "type": "string" - }, - "sessionHostCount": { - "type": "int" - }, - "sessionHostIndex": { - "type": "int" - }, - "tags": { - "type": "object" - }, - "virtualMachineNamePrefix": { - "type": "string" - }, - "virtualMachineResourceGroupName": { - "type": "string" - } - }, - "variables": { - "v2VmContainer": "iaasvmcontainer;iaasvmcontainerv2;", - "v2Vm": "vm;iaasvmcontainerv2;" - }, - "resources": [ - { - "copy": { - "name": "protectedItems_Vm", - "count": "[length(range(0, parameters('sessionHostCount')))]" - }, - "type": "Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems", - "apiVersion": "2021-08-01", - "name": "[format('{0}/Azure/{1}{2};{3}{4}/{5}{6};{7}{8}', parameters('recoveryServicesVaultName'), variables('v2VmContainer'), parameters('virtualMachineResourceGroupName'), parameters('virtualMachineNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[copyIndex()], parameters('sessionHostIndex')), 4, '0'), variables('v2Vm'), parameters('virtualMachineResourceGroupName'), parameters('virtualMachineNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[copyIndex()], parameters('sessionHostIndex')), 4, '0'))]", - "location": "[parameters('location')]", - "tags": "[parameters('tags')]", - "properties": { - "protectedItemType": "Microsoft.Compute/virtualMachines", - "policyId": "[parameters('policyId')]", - "sourceResourceId": "[resourceId(parameters('virtualMachineResourceGroupName'), 'Microsoft.Compute/virtualMachines', format('{0}{1}', parameters('virtualMachineNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[copyIndex()], parameters('sessionHostIndex')), 4, '0')))]" - } - } - ] - } - } - } - ] - } - }, - "dependsOn": [ - "virtualMachines" - ] - }, - { - "condition": "[and(parameters('enableScalingTool'), parameters('pooledHostPool'))]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('ScalingTool_{0}', parameters('timestamp'))]", - "resourceGroup": "[parameters('resourceGroupManagement')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "artifactsUri": { - "value": "[parameters('artifactsUri')]" - }, - "automationAccountName": { - "value": "[parameters('automationAccountName')]" - }, - "beginPeakTime": { - "value": "[parameters('scalingBeginPeakTime')]" - }, - "endPeakTime": { - "value": "[parameters('scalingEndPeakTime')]" - }, - "hostPoolName": { - "value": "[parameters('hostPoolName')]" - }, - "hostPoolResourceGroupName": { - "value": "[parameters('resourceGroupControlPlane')]" - }, - "hybridRunbookWorkerGroupName": { - "value": "[parameters('hybridRunbookWorkerGroupName')]" - }, - "limitSecondsToForceLogOffUser": { - "value": "[parameters('scalingLimitSecondsToForceLogOffUser')]" - }, - "location": { - "value": "[parameters('location')]" - }, - "managementVirtualMachineName": { - "value": "[parameters('managementVirtualMachineName')]" - }, - "minimumNumberOfRdsh": { - "value": "[parameters('scalingMinimumNumberOfRdsh')]" - }, - "resourceGroupControlPlane": { - "value": "[parameters('resourceGroupControlPlane')]" - }, - "resourceGroupHosts": { - "value": "[parameters('resourceGroupHosts')]" - }, - "sessionThresholdPerCPU": { - "value": "[parameters('scalingSessionThresholdPerCPU')]" - }, - "tags": { - "value": "[variables('tagsAutomationAccounts')]" - }, - "timeDifference": { - "value": "[parameters('timeDifference')]" - }, - "timestamp": { - "value": "[parameters('timestamp')]" - }, - "timeZone": { - "value": "[parameters('timeZone')]" - }, - "userAssignedIdentityClientId": { - "value": "[parameters('deploymentUserAssignedIdentityClientId')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "3338170891781673317" - } - }, - "parameters": { - "artifactsUri": { - "type": "string" - }, - "automationAccountName": { - "type": "string" - }, - "beginPeakTime": { - "type": "string" - }, - "endPeakTime": { - "type": "string" - }, - "hostPoolName": { - "type": "string" - }, - "hostPoolResourceGroupName": { - "type": "string" - }, - "hybridRunbookWorkerGroupName": { - "type": "string" - }, - "limitSecondsToForceLogOffUser": { - "type": "string" - }, - "location": { - "type": "string" - }, - "managementVirtualMachineName": { - "type": "string" - }, - "minimumNumberOfRdsh": { - "type": "string" - }, - "resourceGroupControlPlane": { - "type": "string" - }, - "resourceGroupHosts": { - "type": "string" - }, - "sessionThresholdPerCPU": { - "type": "string" - }, - "tags": { - "type": "object" - }, - "timeDifference": { - "type": "string" - }, - "time": { - "type": "string", - "defaultValue": "[utcNow('u')]" - }, - "timestamp": { - "type": "string" - }, - "timeZone": { - "type": "string" - }, - "userAssignedIdentityClientId": { - "type": "string" - } - }, - "variables": { - "roleAssignments": [ - "[parameters('resourceGroupControlPlane')]", - "[parameters('resourceGroupHosts')]" - ], - "runbookFileName": "Set-HostPoolScaling.ps1", - "scriptFileName": "Set-AutomationRunbook.ps1" - }, - "resources": [ - { - "copy": { - "name": "schedules", - "count": "[length(range(0, 4))]" - }, - "type": "Microsoft.Automation/automationAccounts/schedules", - "apiVersion": "2022-08-08", - "name": "[format('{0}/{1}', parameters('automationAccountName'), format('{0}_{1}min', parameters('hostPoolName'), mul(add(range(0, 4)[copyIndex()], 1), 15)))]", - "properties": { - "advancedSchedule": {}, - "description": null, - "expiryTime": null, - "frequency": "Hour", - "interval": 1, - "startTime": "[dateTimeAdd(parameters('time'), format('PT{0}M', mul(add(range(0, 4)[copyIndex()], 1), 15)))]", - "timeZone": "[parameters('timeZone')]" - } - }, - { - "copy": { - "name": "jobSchedules", - "count": "[length(range(0, 4))]" - }, - "type": "Microsoft.Automation/automationAccounts/jobSchedules", - "apiVersion": "2022-08-08", - "name": "[format('{0}/{1}', parameters('automationAccountName'), guid(parameters('time'), variables('runbookFileName'), parameters('hostPoolName'), string(range(0, 4)[copyIndex()])))]", - "properties": { - "parameters": { - "beginPeakTime": "[parameters('beginPeakTime')]", - "endPeakTime": "[parameters('endPeakTime')]", - "EnvironmentName": "[environment().name]", - "hostPoolName": "[parameters('hostPoolName')]", - "limitSecondsToForceLogOffUser": "[parameters('limitSecondsToForceLogOffUser')]", - "LogOffMessageBody": "Your session will be logged off. Please save and close everything.", - "LogOffMessageTitle": "Machine is about to shutdown.", - "MaintenanceTagName": "Maintenance", - "minimumNumberOfRdsh": "[parameters('minimumNumberOfRdsh')]", - "ResourceGroupName": "[parameters('hostPoolResourceGroupName')]", - "sessionThresholdPerCPU": "[parameters('sessionThresholdPerCPU')]", - "SubscriptionId": "[subscription().subscriptionId]", - "TenantId": "[subscription().tenantId]", - "timeDifference": "[parameters('timeDifference')]" - }, - "runbook": { - "name": "[replace(variables('runbookFileName'), '.ps1', '')]" - }, - "runOn": "[parameters('hybridRunbookWorkerGroupName')]", - "schedule": { - "name": "[format('{0}_{1}min', parameters('hostPoolName'), mul(add(range(0, 4)[range(0, 4)[copyIndex()]], 1), 15))]" - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Resources/deployments', format('Runbook_{0}', parameters('timestamp')))]", - "[resourceId('Microsoft.Automation/automationAccounts/schedules', parameters('automationAccountName'), format('{0}_{1}min', parameters('hostPoolName'), mul(add(range(0, 4)[range(0, 4)[copyIndex()]], 1), 15)))]" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('Runbook_{0}', parameters('timestamp'))]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "fileUris": { - "value": [ - "[format('{0}{1}', parameters('artifactsUri'), variables('runbookFileName'))]", - "[format('{0}{1}', parameters('artifactsUri'), variables('scriptFileName'))]" - ] - }, - "location": { - "value": "[parameters('location')]" - }, - "parameters": { - "value": "[format('-AutomationAccountName {0} -Environment {1} -ResourceGroupName {2} -RunbookFileName {3} -SubscriptionId {4} -TenantId {5} -UserAssignedIdentityClientId {6}', parameters('automationAccountName'), environment().name, resourceGroup().name, variables('runbookFileName'), subscription().subscriptionId, tenant().tenantId, parameters('userAssignedIdentityClientId'))]" - }, - "scriptFileName": { - "value": "[variables('scriptFileName')]" - }, - "tags": "[if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), createObject('value', parameters('tags')['Microsoft.Compute/virtualMachines']), createObject('value', createObject()))]", - "userAssignedIdentityClientId": { - "value": "[parameters('userAssignedIdentityClientId')]" - }, - "virtualMachineName": { - "value": "[parameters('managementVirtualMachineName')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "13331181864693511452" - } - }, - "parameters": { - "fileUris": { - "type": "array" - }, - "location": { - "type": "string" - }, - "parameters": { - "type": "securestring" - }, - "scriptFileName": { - "type": "string" - }, - "tags": { - "type": "object" - }, - "timestamp": { - "type": "string", - "defaultValue": "[utcNow('yyyyMMddhhmmss')]" - }, - "userAssignedIdentityClientId": { - "type": "string" - }, - "virtualMachineName": { - "type": "string" - } - }, - "resources": [ - { - "type": "Microsoft.Compute/virtualMachines/extensions", - "apiVersion": "2021-03-01", - "name": "[format('{0}/{1}', parameters('virtualMachineName'), 'CustomScriptExtension')]", - "location": "[parameters('location')]", - "tags": "[parameters('tags')]", - "properties": { - "publisher": "Microsoft.Compute", - "type": "CustomScriptExtension", - "typeHandlerVersion": "1.10", - "autoUpgradeMinorVersion": true, - "settings": { - "timestamp": "[parameters('timestamp')]" - }, - "protectedSettings": { - "commandToExecute": "[format('powershell -ExecutionPolicy Unrestricted -File {0} {1}', parameters('scriptFileName'), parameters('parameters'))]", - "fileUris": "[parameters('fileUris')]", - "managedIdentity": { - "clientId": "[parameters('userAssignedIdentityClientId')]" - } - } - } - } - ], - "outputs": { - "value": { - "type": "object", - "value": "[json(filter(reference(resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), 'CustomScriptExtension'), '2021-03-01').instanceView.substatuses, lambda('item', equals(lambdaVariables('item').code, 'ComponentStatus/StdOut/succeeded')))[0].message)]" - } - } - } - } - }, - { - "copy": { - "name": "roleAssignment", - "count": "[length(range(0, length(variables('roleAssignments'))))]" - }, - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('RoleAssignment_{0}_{1}', range(0, length(variables('roleAssignments')))[copyIndex()], variables('roleAssignments')[range(0, length(variables('roleAssignments')))[copyIndex()]])]", - "resourceGroup": "[variables('roleAssignments')[range(0, length(variables('roleAssignments')))[copyIndex()]]]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "PrincipalId": { - "value": "[reference(resourceId('Microsoft.Automation/automationAccounts', parameters('automationAccountName')), '2022-08-08', 'full').identity.principalId]" - }, - "PrincipalType": { - "value": "ServicePrincipal" - }, - "RoleDefinitionId": { - "value": "40c5ff49-9181-41f8-ae61-143b0e78555e" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "936749082468094105" - } - }, - "parameters": { - "PrincipalId": { - "type": "string" - }, - "PrincipalType": { - "type": "string" - }, - "RoleDefinitionId": { - "type": "string" - } - }, - "resources": [ - { - "type": "Microsoft.Authorization/roleAssignments", - "apiVersion": "2022-04-01", - "name": "[guid(parameters('PrincipalId'), parameters('RoleDefinitionId'), resourceGroup().id)]", - "properties": { - "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', parameters('RoleDefinitionId'))]", - "principalId": "[parameters('PrincipalId')]", - "principalType": "[parameters('PrincipalType')]" - } - } - ] - } - } - } - ] - } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('RecoveryServices_VirtualMachines_{0}', parameters('timestamp')))]" - ] - } - ] - } - }, - "dependsOn": [ - "[subscriptionResourceId('Microsoft.Resources/deployments', format('FSLogix_{0}', parameters('timestamp')))]", - "[subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp')))]", - "[subscriptionResourceId('Microsoft.Resources/deployments', format('Management_{0}', parameters('timestamp')))]", - "[subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp')))]", - "[subscriptionResourceId('Microsoft.Resources/deployments', format('Network_ControlPlane_{0}', parameters('timestamp')))]", - "[subscriptionResourceId('Microsoft.Resources/deployments', format('Network_Hosts_{0}', parameters('timestamp')))]", - "rgs" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('CleanUp_{0}', parameters('timestamp'))]", - "location": "[deployment().location]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "fslogixStorageService": { - "value": "[parameters('fslogixStorageService')]" - }, - "location": { - "value": "[parameters('locationVirtualMachines')]" - }, - "resourceGroupManagement": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.resourceGroupManagement]" - }, - "scalingTool": { - "value": "[parameters('scalingTool')]" - }, - "timestamp": { - "value": "[parameters('timestamp')]" - }, - "userAssignedIdentityClientId": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Management_{0}', parameters('timestamp'))), '2022-09-01').outputs.deploymentUserAssignedIdentityClientId.value]" - }, - "virtualMachineName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Management_{0}', parameters('timestamp'))), '2022-09-01').outputs.virtualMachineName.value]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "5394880876262322307" - } - }, - "parameters": { - "fslogixStorageService": { - "type": "string" - }, - "location": { - "type": "string" - }, - "resourceGroupManagement": { - "type": "string" - }, - "scalingTool": { - "type": "bool" - }, - "timestamp": { - "type": "string" - }, - "userAssignedIdentityClientId": { - "type": "string" - }, - "virtualMachineName": { - "type": "string" - } - }, - "resources": [ - { - "condition": "[and(not(parameters('scalingTool')), not(equals(parameters('fslogixStorageService'), 'AzureFiles Premium')))]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('RemoveManagementVirtualMachine_{0}', parameters('timestamp'))]", - "resourceGroup": "[parameters('resourceGroupManagement')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "Location": { - "value": "[parameters('location')]" - }, - "UserAssignedIdentityClientId": { - "value": "[parameters('userAssignedIdentityClientId')]" - }, - "VirtualMachineName": { - "value": "[parameters('virtualMachineName')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "1172456808080141121" - } - }, - "parameters": { - "Location": { - "type": "string" - }, - "UserAssignedIdentityClientId": { - "type": "string" - }, - "VirtualMachineName": { - "type": "string" - } - }, - "resources": [ - { - "type": "Microsoft.Compute/virtualMachines/runCommands", - "apiVersion": "2023-03-01", - "name": "[format('{0}/{1}', parameters('VirtualMachineName'), 'RunCommand')]", - "location": "[parameters('Location')]", - "properties": { - "treatFailureAsDeploymentFailure": true, - "asyncExecution": true, - "parameters": [ - { - "name": "Environment", - "value": "[environment().name]" - }, - { - "name": "ResourceGroupName", - "value": "[resourceGroup().name]" - }, - { - "name": "SubscriptionId", - "value": "[subscription().subscriptionId]" - }, - { - "name": "TenantId", - "value": "[tenant().tenantId]" - }, - { - "name": "UserAssignedIdentityClientId", - "value": "[parameters('UserAssignedIdentityClientId')]" - }, - { - "name": "VirtualMachineName", - "value": "[parameters('VirtualMachineName')]" - } - ], - "source": { - "script": " param(\r\n [string]$Environment,\r\n [string]$ResourceGroupName,\r\n [string]$SubscriptionId,\r\n [string]$TenantId,\r\n [string]$UserAssignedIdentityClientId,\r\n [string]$VirtualMachineName\r\n )\r\n Start-Sleep -Seconds 30\r\n Connect-AzAccount -Environment $Environment -Tenant $TenantId -Subscription $SubscriptionId -Identity -AccountId $UserAssignedIdentityClientId\r\n Remove-AzVM -ResourceGroupName $ResourceGroupName -Name $VirtualMachineName -NoWait -Force\r\n " - } - } - } - ] - } - } - } - ] - } - }, - "dependsOn": [ - "[subscriptionResourceId('Microsoft.Resources/deployments', format('FSLogix_{0}', parameters('timestamp')))]", - "[subscriptionResourceId('Microsoft.Resources/deployments', format('Management_{0}', parameters('timestamp')))]", - "[subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp')))]", - "[subscriptionResourceId('Microsoft.Resources/deployments', format('SessionHosts_{0}', parameters('timestamp')))]" - ] - } - ] -} \ No newline at end of file diff --git a/src/bicep/add-ons/esri-accelerator/solution.bicep b/src/bicep/add-ons/esri-accelerator/solution.bicep index f491e0629..d9836d642 100644 --- a/src/bicep/add-ons/esri-accelerator/solution.bicep +++ b/src/bicep/add-ons/esri-accelerator/solution.bicep @@ -1,8 +1,5 @@ targetScope = 'subscription' -@description('The file name of the ArcGIS Pro installer. The file must be hosted in an Azure Blobs container with the other deployment artifacts.') -param arcGisProInstaller string - @secure() @description('The password for the ArcGIS service account.') param arcgisServiceAccountPassword string @@ -32,9 +29,21 @@ param certificatePassword string @description('The name of the container in Azure Blobs for the deployment artifacts.') param containerName string +@description('Choose whether to deploy a diagnostic setting for the Activity Log.') +param deployActivityLogDiagnosticSetting bool + +@description('Choose whether to deploy Defender for Cloud.') +param deployDefender bool + @description('The suffix used for naming deployments uniquely. It defaults to a timestamp with the utcNow function.') param deploymentNameSuffix string = utcNow() +@description('Choose whether to deploy Network Watcher for the deployment location.') +param deployNetworkWatcher bool + +@description('Choose whether to deploy a policy assignment.') +param deployPolicy bool + @secure() @description('The password for the domain join account that will be created in Entra Domain Services.') param domainJoinPassword string @@ -66,6 +75,9 @@ param localAdministratorUsername string @description('The region to deploy resources into. It defaults to the deployment location.') param location string = deployment().location +@description('The resource ID of the Log Analytics Workspace to use for log storage.') +param operationsLogAnalyticsWorkspaceResourceId string + @description('The base 64 encoded string containing the license file for the ESRI portal.') param portalLicenseFile string @@ -119,63 +131,13 @@ module missionLandingZone '../../mlz.bicep' = { environmentAbbreviation: 'dev' deployIdentity: true firewallSkuTier: 'Standard' - location: location - resourcePrefix: resourcePrefix - } -} - -module domainServices 'modules/domainServices.bicep' = { - name: 'deploy-entra-domain-services-${deploymentNameSuffix}' - params: { - deploymentNameSuffix: deploymentNameSuffix - domainName: domainName - location: location - resourceGroupName: first(filter(missionLandingZone.outputs.networks, network => network.name == 'identity')).resourceGroupName - subnetResourceId: missionLandingZone.outputs.identitySubnetResourceId - } -} - -module image '../imaging/solution.bicep' = { - name: 'deploy-image-${deploymentNameSuffix}' - params: { - arcGisProInstaller: arcGisProInstaller - azureFirewallResourceId: missionLandingZone.outputs.azureFirewallResourceId - containerName: containerName - emailSecurityContact: emailSecurityContact - enableBuildAutomation: false - environmentAbbreviation: 'dev' - hubVirtualNetworkResourceId: missionLandingZone.outputs.hubVirtualNetworkResourceId hybridUseBenefit: hybridUseBenefit - identifier: identifier - imageDefinitionNamePrefix: 'arcgis-pro' - imageMajorVersion: 1 - imagePatchVersion: 0 - installAccess: false - installArcGisPro: true - installExcel: false - installOneDrive: false - installOneNote: false - installOutlook: false - installPowerPoint: false - installProject: false - installPublisher: false - installSkypeForBusiness: false - installTeams: false - installVirtualDesktopOptimizationTool: false - installVisio: false - installWord: false - localAdministratorPassword: localAdministratorPassword - localAdministratorUsername: localAdministratorUsername location: location - replicaCount: 1 - sourceImageType: 'AzureMarketplace' - spokelogAnalyticsWorkspaceResourceId: missionLandingZone.outputs.logAnalyticsWorkspaceResourceId - storageAccountResourceId: storageAccountResourceId - virtualMachineSize: virtualMachineSize + resourcePrefix: resourcePrefix } } -module azureVirtualDesktop '../azureVirtualDesktop/solution.bicep' = { +module azureVirtualDesktop '../azure-virtual-desktop/solution.bicep' = { name: 'deploy-azure-virtual-desktop-${deploymentNameSuffix}' params: { activeDirectorySolution: 'MicrosoftEntraDomainServices' @@ -187,21 +149,26 @@ module azureVirtualDesktop '../azureVirtualDesktop/solution.bicep' = { avdObjectId: avdObjectId azureNetAppFilesSubnetAddressPrefix: '10.0.140.128/25' azurePowerShellModuleMsiName: azurePowerShellModuleMsiName + deployActivityLogDiagnosticSetting: deployActivityLogDiagnosticSetting + deployDefender: deployDefender + deployNetworkWatcher: deployNetworkWatcher + deployPolicy: deployPolicy domainJoinPassword: domainJoinPassword domainJoinUserPrincipalName: '${domainJoinUsername}@${domainName}' domainName: domainName + emailSecurityContact: emailSecurityContact environmentAbbreviation: 'dev' fslogixStorageService: 'AzureNetAppFiles Premium' hostPoolPublicNetworkAccess: 'Enabled' hubAzureFirewallResourceId: missionLandingZone.outputs.azureFirewallResourceId - hubSubnetResourceId: missionLandingZone.outputs.hubSubnetResourceId hubVirtualNetworkResourceId: missionLandingZone.outputs.hubVirtualNetworkResourceId identifier: identifier - imageDefinitionResourceId: image.outputs.imageDefinitionResourceId locationControlPlane: location locationVirtualMachines: location + operationsLogAnalyticsWorkspaceResourceId: operationsLogAnalyticsWorkspaceResourceId organizationalUnitPath: 'OU=AADDC Computers,DC=${replace(domainName, '.', ',DC=')}' securityPrincipals: securityPrincipals + sharedServicesSubnetResourceId: missionLandingZone.outputs.sharedServicesSubnetResourceId subnetAddressPrefixes: ['10.0.140.0/25'] virtualMachinePassword: localAdministratorPassword virtualMachineSize: virtualMachineSize @@ -210,9 +177,6 @@ module azureVirtualDesktop '../azureVirtualDesktop/solution.bicep' = { virtualNetworkAddressPrefixes: ['10.0.140.0/24'] workspacePublicNetworkAccess: 'Enabled' } - dependsOn: [ - domainServices - ] } module esriEnterprise '../esri-enterprise/solution.bicep' = { diff --git a/src/bicep/add-ons/esri-accelerator/solution.json b/src/bicep/add-ons/esri-accelerator/solution.json index 86361ebcb..2f5368aab 100644 --- a/src/bicep/add-ons/esri-accelerator/solution.json +++ b/src/bicep/add-ons/esri-accelerator/solution.json @@ -4,17 +4,11 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "17533849453387847776" + "version": "0.27.1.19265", + "templateHash": "6298599585943496150" } }, "parameters": { - "arcGisProInstaller": { - "type": "string", - "metadata": { - "description": "The file name of the ArcGIS Pro installer. The file must be hosted in an Azure Blobs container with the other deployment artifacts." - } - }, "arcgisServiceAccountPassword": { "type": "securestring", "metadata": { @@ -69,6 +63,18 @@ "description": "The name of the container in Azure Blobs for the deployment artifacts." } }, + "deployActivityLogDiagnosticSetting": { + "type": "bool", + "metadata": { + "description": "Choose whether to deploy a diagnostic setting for the Activity Log." + } + }, + "deployDefender": { + "type": "bool", + "metadata": { + "description": "Choose whether to deploy Defender for Cloud." + } + }, "deploymentNameSuffix": { "type": "string", "defaultValue": "[utcNow()]", @@ -76,6 +82,18 @@ "description": "The suffix used for naming deployments uniquely. It defaults to a timestamp with the utcNow function." } }, + "deployNetworkWatcher": { + "type": "bool", + "metadata": { + "description": "Choose whether to deploy Network Watcher for the deployment location." + } + }, + "deployPolicy": { + "type": "bool", + "metadata": { + "description": "Choose whether to deploy a policy assignment." + } + }, "domainJoinPassword": { "type": "securestring", "metadata": { @@ -135,6 +153,12 @@ "description": "The region to deploy resources into. It defaults to the deployment location." } }, + "operationsLogAnalyticsWorkspaceResourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the Log Analytics Workspace to use for log storage." + } + }, "portalLicenseFile": { "type": "string", "metadata": { @@ -231,6 +255,9 @@ "firewallSkuTier": { "value": "Standard" }, + "hybridUseBenefit": { + "value": "[parameters('hybridUseBenefit')]" + }, "location": { "value": "[parameters('location')]" }, @@ -244,8 +271,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "6658095312691062805" + "version": "0.27.1.19265", + "templateHash": "9765811962160500422" } }, "parameters": { @@ -450,7 +477,7 @@ "type": "bool", "defaultValue": true, "metadata": { - "description": "[true/false] The Azure Firewall DNS Proxy will forward all DNS traffic. When this value is set to true, you must provide a value for \"servers\"" + "description": "[true/false] The Azure Firewall DNS Proxy will forward all DNS traffic. When this value is set to true, you must provide a value for \"dnsServers\"" } }, "dnsServers": { @@ -475,7 +502,7 @@ }, { "category": "AzureFirewallDnsProxy", - "enabled": true + "enabled": "[parameters('enableProxy')]" } ], "metadata": { @@ -635,7 +662,7 @@ "description": "An array of Network Security Group Metrics to apply to enable for the Identity Virtual Network. See https://docs.microsoft.com/en-us/azure/azure-monitor/essentials/diagnostic-settings?tabs=CMD#metrics for valid settings." } }, - "KeyVaultDiagnosticsLogs": { + "keyVaultDiagnosticsLogs": { "type": "array", "defaultValue": [ { @@ -789,11 +816,25 @@ "description": "The Storage Account SKU to use for log storage. It defaults to \"Standard_GRS\". See https://docs.microsoft.com/en-us/rest/api/storagerp/srp_sku_types for valid settings." } }, - "deployRemoteAccess": { + "deployBastion": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "When set to \"true\", provisions Azure Bastion Host only. It defaults to \"false\"." + } + }, + "deployWindowsVirtualMachine": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "When set to \"true\", provisions Windows Virtual Machine Host only. It defaults to \"false\"." + } + }, + "deployLinuxVirtualMachine": { "type": "bool", "defaultValue": false, "metadata": { - "description": "When set to \"true\", provisions Azure Bastion Host and virtual machine jumpboxes. It defaults to \"false\"." + "description": "When set to \"true\", provisions Linux Virtual Machine Host only. It defaults to \"false\"." } }, "bastionHostSubnetAddressPrefix": { @@ -837,7 +878,7 @@ }, "linuxVmAdminPasswordOrKey": { "type": "securestring", - "defaultValue": "[if(parameters('deployRemoteAccess'), '', newGuid())]", + "defaultValue": "[if(parameters('deployLinuxVirtualMachine'), '', newGuid())]", "minLength": 12, "metadata": { "description": "The administrator password or public SSH key for the Linux Virtual Machine to Azure Bastion remote into. See https://docs.microsoft.com/en-us/azure/virtual-machines/linux/faq#what-are-the-password-requirements-when-creating-a-vm- for password requirements." @@ -873,14 +914,14 @@ }, "linuxVmImageOffer": { "type": "string", - "defaultValue": "UbuntuServer", + "defaultValue": "0001-com-ubuntu-server-focal", "metadata": { "description": "The image offer of the Linux Virtual Machine to Azure Bastion remote into. It defaults to \"UbuntuServer\"." } }, "linuxVmImageSku": { "type": "string", - "defaultValue": "18_04-lts-gen2", + "defaultValue": "20_04-lts-gen2", "metadata": { "description": "The image SKU of the Linux Virtual Machine to Azure Bastion remote into. It defaults to \"18.04-LTS\"." } @@ -912,7 +953,7 @@ }, "windowsVmAdminPassword": { "type": "securestring", - "defaultValue": "[if(parameters('deployRemoteAccess'), '', newGuid())]", + "defaultValue": "[if(parameters('deployWindowsVirtualMachine'), '', newGuid())]", "minLength": 12, "metadata": { "description": "The administrator password the Windows Virtual Machine to Azure Bastion remote into. It must be > 12 characters in length. See https://docs.microsoft.com/en-us/azure/virtual-machines/windows/faq#what-are-the-password-requirements-when-creating-a-vm- for password requirements." @@ -1055,20 +1096,15 @@ "input": "[cidrHost(parameters('firewallClientSubnetAddressPrefix'), range(0, 4)[copyIndex('firewallClientUsableIpAddresses')])]" } ], - "calculatedTags": "[union(parameters('tags'), variables('defaultTags'))]", - "defaultTags": { - "resourcePrefix": "[parameters('resourcePrefix')]", - "environmentAbbreviation": "[parameters('environmentAbbreviation')]", - "DeploymentType": "MissionLandingZoneARM" - }, "firewallClientPrivateIpAddress": "[variables('firewallClientUsableIpAddresses')[3]]", - "logAnalyticsWorkspaceRetentionInDays": "[if(parameters('deploySentinel'), parameters('logAnalyticsSentinelWorkspaceRetentionInDays'), parameters('logAnalyticsWorkspaceNoSentinelRetentionInDays'))]" + "logAnalyticsWorkspaceRetentionInDays": "[if(parameters('deploySentinel'), parameters('logAnalyticsSentinelWorkspaceRetentionInDays'), parameters('logAnalyticsWorkspaceNoSentinelRetentionInDays'))]", + "networks": "[union(createArray(createObject('name', 'hub', 'shortName', 'hub', 'deployUniqueResources', true(), 'subscriptionId', parameters('hubSubscriptionId'), 'nsgDiagLogs', parameters('hubNetworkSecurityGroupDiagnosticsLogs'), 'nsgDiagMetrics', parameters('hubNetworkSecurityGroupDiagnosticsMetrics'), 'nsgRules', parameters('hubNetworkSecurityGroupRules'), 'vnetAddressPrefix', parameters('hubVirtualNetworkAddressPrefix'), 'vnetDiagLogs', parameters('hubVirtualNetworkDiagnosticsLogs'), 'vnetDiagMetrics', parameters('hubVirtualNetworkDiagnosticsMetrics'), 'subnetAddressPrefix', parameters('hubSubnetAddressPrefix')), createObject('name', 'operations', 'shortName', 'ops', 'deployUniqueResources', if(contains(createArray(parameters('hubSubscriptionId')), parameters('operationsSubscriptionId')), false(), true()), 'subscriptionId', parameters('operationsSubscriptionId'), 'nsgDiagLogs', parameters('operationsNetworkSecurityGroupDiagnosticsLogs'), 'nsgDiagMetrics', parameters('operationsNetworkSecurityGroupDiagnosticsMetrics'), 'nsgRules', parameters('operationsNetworkSecurityGroupRules'), 'vnetAddressPrefix', parameters('operationsVirtualNetworkAddressPrefix'), 'vnetDiagLogs', parameters('operationsVirtualNetworkDiagnosticsLogs'), 'vnetDiagMetrics', parameters('operationsVirtualNetworkDiagnosticsMetrics'), 'subnetAddressPrefix', parameters('operationsSubnetAddressPrefix')), createObject('name', 'sharedServices', 'shortName', 'svcs', 'deployUniqueResources', if(contains(createArray(parameters('hubSubscriptionId'), parameters('operationsSubscriptionId')), parameters('sharedServicesSubscriptionId')), false(), true()), 'subscriptionId', parameters('sharedServicesSubscriptionId'), 'nsgDiagLogs', parameters('sharedServicesNetworkSecurityGroupDiagnosticsLogs'), 'nsgDiagMetrics', parameters('sharedServicesNetworkSecurityGroupDiagnosticsMetrics'), 'nsgRules', parameters('sharedServicesNetworkSecurityGroupRules'), 'vnetAddressPrefix', parameters('sharedServicesVirtualNetworkAddressPrefix'), 'vnetDiagLogs', parameters('sharedServicesVirtualNetworkDiagnosticsLogs'), 'vnetDiagMetrics', parameters('sharedServicesVirtualNetworkDiagnosticsMetrics'), 'subnetAddressPrefix', parameters('sharedServicesSubnetAddressPrefix'))), if(parameters('deployIdentity'), createArray(createObject('name', 'identity', 'shortName', 'id', 'deployUniqueResources', if(contains(createArray(parameters('hubSubscriptionId'), parameters('operationsSubscriptionId'), parameters('sharedServicesSubscriptionId')), parameters('identitySubscriptionId')), false(), true()), 'subscriptionId', parameters('sharedServicesSubscriptionId'), 'nsgDiagLogs', parameters('identityNetworkSecurityGroupDiagnosticsLogs'), 'nsgDiagMetrics', parameters('identityNetworkSecurityGroupDiagnosticsMetrics'), 'nsgRules', parameters('identityNetworkSecurityGroupRules'), 'vnetAddressPrefix', parameters('identityVirtualNetworkAddressPrefix'), 'vnetDiagLogs', parameters('identityVirtualNetworkDiagnosticsLogs'), 'vnetDiagMetrics', parameters('identityVirtualNetworkDiagnosticsMetrics'), 'subnetAddressPrefix', parameters('identitySubnetAddressPrefix'))), createArray()))]" }, "resources": [ { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('get-naming-convention-{0}', parameters('deploymentNameSuffix'))]", + "name": "[format('get-logic-{0}', parameters('deploymentNameSuffix'))]", "location": "[deployment().location]", "properties": { "expressionEvaluationOptions": { @@ -1076,12 +1112,18 @@ }, "mode": "Incremental", "parameters": { + "deploymentNameSuffix": { + "value": "[parameters('deploymentNameSuffix')]" + }, "environmentAbbreviation": { "value": "[parameters('environmentAbbreviation')]" }, "location": { "value": "[parameters('location')]" }, + "networks": { + "value": "[variables('networks')]" + }, "resourcePrefix": { "value": "[parameters('resourcePrefix')]" } @@ -1092,22 +1134,39 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "16223515126777270114" + "version": "0.27.1.19265", + "templateHash": "11171233226932915639" } }, "parameters": { + "deploymentNameSuffix": { + "type": "string" + }, "environmentAbbreviation": { "type": "string" }, "location": { "type": "string" }, + "networks": { + "type": "array" + }, "resourcePrefix": { "type": "string" + }, + "stampIndex": { + "type": "string", + "defaultValue": "" } }, "variables": { + "copy": [ + { + "name": "privateDnsZoneNames_Backup", + "count": "[length(items(variables('locations')))]", + "input": "[format('privatelink.{0}.backup.windowsazure.{1}', items(variables('locations'))[copyIndex('privateDnsZoneNames_Backup')].value.recoveryServicesGeo, coalesce(variables('privateDnsZoneSuffixes_Backup')[environment().name], variables('cloudSuffix')))]" + } + ], "$fxv#0": { "AzureChina": { "chinaeast": { @@ -1492,8 +1551,10 @@ } } }, - "$fxv#1": { + "$fxv#1": "1.0.0", + "$fxv#2": { "actionGroups": "ag", + "applicationGroups": "vdag", "automationAccounts": "aa", "availabilitySets": "avail", "azureFirewalls": "afw", @@ -1501,7 +1562,6 @@ "computeGallieries": "cg", "dataCollectionRuleAssociations": "dcra", "dataCollectionRules": "dcr", - "desktopApplicationGroups": "vdag", "diagnosticSettings": "diag", "diskAccesses": "da", "diskEncryptionSets": "des", @@ -1530,397 +1590,260 @@ "virtualNetworks": "vnet", "workspaces": "vdws" }, + "cloudSuffix": "[replace(replace(environment().resourceManager, 'https://management.', ''), '/', '')]", + "environmentName": { + "dev": "Development", + "prod": "Production", + "test": "Test" + }, "locations": "[variables('$fxv#0')[environment().name]]", - "locationAbbreviation": "[variables('locations')[parameters('location')].abbreviation]", - "resourceAbbreviations": "[variables('$fxv#1')]", - "resourceToken": "resource_token", - "serviceToken": "service_token", - "networkToken": "network_token", - "namingConvention": "[format('{0}-{1}-{2}-{3}-{4}-{5}', toLower(parameters('resourcePrefix')), variables('resourceToken'), variables('serviceToken'), variables('networkToken'), parameters('environmentAbbreviation'), variables('locationAbbreviation'))]", - "actionGroupNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').actionGroups)]", - "automationAccountNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').automationAccounts)]", - "bastionHostNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').bastionHosts)]", - "computeGalleryNamingConvention": "[replace(replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').computeGallieries), '-', '_')]", - "diskEncryptionSetNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').diskEncryptionSets)]", - "diskNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').disks)]", - "firewallNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').azureFirewalls)]", - "firewallPolicyNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').firewallPolicies)]", - "ipConfigurationNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').ipConfigurations)]", - "keyVaultNamingConvention": "[format('{0}unique_token', replace(replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').keyVaults), '-', ''))]", - "logAnalyticsWorkspaceNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').logAnalyticsWorkspaces)]", - "networkInterfaceNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').networkInterfaces)]", - "networkSecurityGroupNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').networkSecurityGroups)]", - "networkWatcherNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').networkWatchers)]", - "privateEndpointNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').privateEndpoints)]", - "privateLinkScopeName": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').privateLinkScopes)]", - "publicIpAddressNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').publicIPAddresses)]", - "resourceGroupNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').resourceGroups)]", - "routeTableNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').routeTables)]", - "storageAccountNamingConvention": "[toLower(format('{0}unique_token', replace(replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').storageAccounts), '-', '')))]", - "subnetNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').subnets)]", - "userAssignedIdentityNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').userAssignedIdentities)]", - "virtualMachineNamingConvention": "[replace(replace(replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').virtualMachines), '-', ''), parameters('environmentAbbreviation'), first(parameters('environmentAbbreviation')))]", - "virtualNetworkNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').virtualNetworks)]" - }, - "resources": [], - "outputs": { - "resources": { - "type": "object", - "value": { - "actionGroup": "[variables('actionGroupNamingConvention')]", - "automationAccount": "[variables('automationAccountNamingConvention')]", - "bastionHost": "[variables('bastionHostNamingConvention')]", - "computeGallery": "[variables('computeGalleryNamingConvention')]", - "diskEncryptionSet": "[variables('diskEncryptionSetNamingConvention')]", - "disk": "[variables('diskNamingConvention')]", - "firewall": "[variables('firewallNamingConvention')]", - "firewallPolicy": "[variables('firewallPolicyNamingConvention')]", - "ipConfiguration": "[variables('ipConfigurationNamingConvention')]", - "keyVault": "[variables('keyVaultNamingConvention')]", - "logAnalyticsWorkspace": "[variables('logAnalyticsWorkspaceNamingConvention')]", - "networkInterface": "[variables('networkInterfaceNamingConvention')]", - "networkSecurityGroup": "[variables('networkSecurityGroupNamingConvention')]", - "networkWatcher": "[variables('networkWatcherNamingConvention')]", - "privateEndpoint": "[variables('privateEndpointNamingConvention')]", - "privateLinkScope": "[variables('privateLinkScopeName')]", - "publicIpAddress": "[variables('publicIpAddressNamingConvention')]", - "resourceGroup": "[variables('resourceGroupNamingConvention')]", - "routeTable": "[variables('routeTableNamingConvention')]", - "storageAccount": "[variables('storageAccountNamingConvention')]", - "subnet": "[variables('subnetNamingConvention')]", - "userAssignedIdentity": "[variables('userAssignedIdentityNamingConvention')]", - "virtualMachine": "[variables('virtualMachineNamingConvention')]", - "virtualNetwork": "[variables('virtualNetworkNamingConvention')]" - } + "mlzTags": { + "environment": "[variables('environmentName')[parameters('environmentAbbreviation')]]", + "landingZoneName": "MissionLandingZone", + "landingZoneVersion": "[variables('$fxv#1')]", + "resourcePrefix": "[parameters('resourcePrefix')]" }, + "resourceAbbreviations": "[variables('$fxv#2')]", "tokens": { - "type": "object", - "value": { - "resource": "[variables('resourceToken')]", - "service": "[variables('serviceToken')]", - "network": "[variables('networkToken')]" - } - } - } - } - } - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('get-logic-{0}', parameters('deploymentNameSuffix'))]", - "location": "[deployment().location]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "deployIdentity": { - "value": "[parameters('deployIdentity')]" - }, - "environmentAbbreviation": { - "value": "[parameters('environmentAbbreviation')]" - }, - "hubSubscriptionId": { - "value": "[parameters('hubSubscriptionId')]" - }, - "identitySubnetAddressPrefix": { - "value": "[parameters('identitySubnetAddressPrefix')]" - }, - "identitySubscriptionId": { - "value": "[parameters('identitySubscriptionId')]" - }, - "operationsSubnetAddressPrefix": { - "value": "[parameters('operationsSubnetAddressPrefix')]" - }, - "operationsSubscriptionId": { - "value": "[parameters('operationsSubscriptionId')]" - }, - "resourcePrefix": { - "value": "[parameters('resourcePrefix')]" - }, - "resources": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-naming-convention-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.resources.value]" - }, - "sharedServicesSubscriptionId": { - "value": "[parameters('sharedServicesSubscriptionId')]" - }, - "tokens": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-naming-convention-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value]" - }, - "identityNetworkSecurityGroupDiagnosticsLogs": { - "value": "[parameters('identityNetworkSecurityGroupDiagnosticsLogs')]" - }, - "identityNetworkSecurityGroupDiagnosticsMetrics": { - "value": "[parameters('identityNetworkSecurityGroupDiagnosticsMetrics')]" - }, - "identityNetworkSecurityGroupRules": { - "value": "[parameters('identityNetworkSecurityGroupRules')]" - }, - "identityVirtualNetworkAddressPrefix": { - "value": "[parameters('identityVirtualNetworkAddressPrefix')]" - }, - "identityVirtualNetworkDiagnosticsLogs": { - "value": "[parameters('identityVirtualNetworkDiagnosticsLogs')]" - }, - "identityVirtualNetworkDiagnosticsMetrics": { - "value": "[parameters('identityVirtualNetworkDiagnosticsMetrics')]" - }, - "operationsNetworkSecurityGroupDiagnosticsLogs": { - "value": "[parameters('operationsNetworkSecurityGroupDiagnosticsLogs')]" - }, - "operationsNetworkSecurityGroupDiagnosticsMetrics": { - "value": "[parameters('operationsNetworkSecurityGroupDiagnosticsMetrics')]" - }, - "operationsNetworkSecurityGroupRules": { - "value": "[parameters('operationsNetworkSecurityGroupRules')]" - }, - "operationsVirtualNetworkAddressPrefix": { - "value": "[parameters('operationsVirtualNetworkAddressPrefix')]" - }, - "operationsVirtualNetworkDiagnosticsLogs": { - "value": "[parameters('operationsVirtualNetworkDiagnosticsLogs')]" - }, - "operationsVirtualNetworkDiagnosticsMetrics": { - "value": "[parameters('operationsVirtualNetworkDiagnosticsMetrics')]" - }, - "sharedServicesNetworkSecurityGroupDiagnosticsLogs": { - "value": "[parameters('sharedServicesNetworkSecurityGroupDiagnosticsLogs')]" - }, - "sharedServicesNetworkSecurityGroupDiagnosticsMetrics": { - "value": "[parameters('sharedServicesNetworkSecurityGroupDiagnosticsMetrics')]" - }, - "sharedServicesNetworkSecurityGroupRules": { - "value": "[parameters('sharedServicesNetworkSecurityGroupRules')]" - }, - "sharedServicesSubnetAddressPrefix": { - "value": "[parameters('sharedServicesSubnetAddressPrefix')]" - }, - "sharedServicesVirtualNetworkAddressPrefix": { - "value": "[parameters('sharedServicesVirtualNetworkAddressPrefix')]" - }, - "sharedServicesVirtualNetworkDiagnosticsLogs": { - "value": "[parameters('sharedServicesVirtualNetworkDiagnosticsLogs')]" - }, - "sharedServicesVirtualNetworkDiagnosticsMetrics": { - "value": "[parameters('sharedServicesVirtualNetworkDiagnosticsMetrics')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "5799196638828757253" - } - }, - "parameters": { - "deployIdentity": { - "type": "bool" - }, - "environmentAbbreviation": { - "type": "string" - }, - "hubSubscriptionId": { - "type": "string" - }, - "identityNetworkSecurityGroupDiagnosticsLogs": { - "type": "array" - }, - "identityNetworkSecurityGroupDiagnosticsMetrics": { - "type": "array" - }, - "identityNetworkSecurityGroupRules": { - "type": "array" - }, - "identitySubnetAddressPrefix": { - "type": "string" - }, - "identitySubscriptionId": { - "type": "string" - }, - "identityVirtualNetworkAddressPrefix": { - "type": "string" - }, - "identityVirtualNetworkDiagnosticsLogs": { - "type": "array" - }, - "identityVirtualNetworkDiagnosticsMetrics": { - "type": "array" + "resource": "resource_token", + "service": "service_token" }, - "operationsNetworkSecurityGroupDiagnosticsLogs": { - "type": "array" - }, - "operationsNetworkSecurityGroupDiagnosticsMetrics": { - "type": "array" - }, - "operationsNetworkSecurityGroupRules": { - "type": "array" - }, - "operationsSubnetAddressPrefix": { - "type": "string" - }, - "operationsSubscriptionId": { - "type": "string" - }, - "operationsVirtualNetworkAddressPrefix": { - "type": "string" - }, - "operationsVirtualNetworkDiagnosticsLogs": { - "type": "array" - }, - "operationsVirtualNetworkDiagnosticsMetrics": { - "type": "array" - }, - "resourcePrefix": { - "type": "string" - }, - "resources": { - "type": "object" - }, - "sharedServicesNetworkSecurityGroupDiagnosticsLogs": { - "type": "array" - }, - "sharedServicesNetworkSecurityGroupDiagnosticsMetrics": { - "type": "array" - }, - "sharedServicesNetworkSecurityGroupRules": { - "type": "array" - }, - "sharedServicesSubnetAddressPrefix": { - "type": "string" - }, - "sharedServicesSubscriptionId": { - "type": "string" + "privateDnsZoneNames": "[union(createArray(format('privatelink.agentsvc.azure-automation.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureAutomation')[environment().name], variables('cloudSuffix'))), format('privatelink.azure-automation.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureAutomation')[environment().name], variables('cloudSuffix'))), format('privatelink.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureWebSites')[environment().name], format('appservice.{0}', variables('cloudSuffix')))), format('scm.privatelink.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureWebSites')[environment().name], format('appservice.{0}', variables('cloudSuffix')))), format('privatelink.wvd.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureVirtualDesktop')[environment().name], variables('cloudSuffix'))), format('privatelink-global.wvd.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureVirtualDesktop')[environment().name], variables('cloudSuffix'))), format('privatelink.file.{0}', environment().suffixes.storage), format('privatelink.queue.{0}', environment().suffixes.storage), format('privatelink.table.{0}', environment().suffixes.storage), format('privatelink.blob.{0}', environment().suffixes.storage), format('privatelink{0}', replace(environment().suffixes.keyvaultDns, 'vault', 'vaultcore')), format('privatelink.monitor.{0}', coalesce(variables('privateDnsZoneSuffixes_Monitor')[environment().name], variables('cloudSuffix'))), format('privatelink.ods.opinsights.{0}', coalesce(variables('privateDnsZoneSuffixes_Monitor')[environment().name], variables('cloudSuffix'))), format('privatelink.oms.opinsights.{0}', coalesce(variables('privateDnsZoneSuffixes_Monitor')[environment().name], variables('cloudSuffix')))), variables('privateDnsZoneNames_Backup'))]", + "privateDnsZoneSuffixes_AzureAutomation": { + "AzureCloud": "net", + "AzureUSGovernment": "us", + "USNat": null, + "USSec": null }, - "sharedServicesVirtualNetworkAddressPrefix": { - "type": "string" + "privateDnsZoneSuffixes_AzureVirtualDesktop": { + "AzureCloud": "microsoft.com", + "AzureUSGovernment": "azure.us", + "USNat": null, + "USSec": null }, - "sharedServicesVirtualNetworkDiagnosticsLogs": { - "type": "array" + "privateDnsZoneSuffixes_AzureWebSites": { + "AzureCloud": "azurewebsites.net", + "AzureUSGovernment": "azurewebsites.us", + "USNat": null, + "USSec": null }, - "sharedServicesVirtualNetworkDiagnosticsMetrics": { - "type": "array" + "privateDnsZoneSuffixes_Backup": { + "AzureCloud": "com", + "AzureUSGovernment": "us", + "USNat": null, + "USSec": null }, - "tokens": { - "type": "object" + "privateDnsZoneSuffixes_Monitor": { + "AzureCloud": "azure.com", + "AzureUSGovernment": "azure.us", + "USNat": null, + "USSec": null } }, - "variables": { - "hubName": "hub", - "hubShortName": "hub", - "identityName": "identity", - "identityShortName": "id", - "operationsName": "operations", - "operationsShortName": "ops", - "sharedServicesName": "sharedServices", - "sharedServicesShortName": "svcs", - "hub": { - "name": "[variables('hubName')]", - "subscriptionId": "[parameters('hubSubscriptionId')]", - "resourceGroupName": "[replace(replace(parameters('resources').resourceGroup, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, variables('hubName'))]", - "deployUniqueResources": true, - "bastionHostIPConfigurationName": "[replace(replace(parameters('resources').ipConfiguration, parameters('tokens').service, 'bas'), parameters('tokens').network, variables('hubName'))]", - "bastionHostName": "[replace(replace(parameters('resources').bastionHost, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, variables('hubName'))]", - "bastionHostPublicIPAddressName": "[replace(replace(parameters('resources').publicIpAddress, parameters('tokens').service, 'bas'), parameters('tokens').network, variables('hubName'))]", - "diskEncryptionSetName": "[replace(replace(parameters('resources').diskEncryptionSet, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, variables('hubName'))]", - "firewallClientIpConfigurationName": "[replace(replace(parameters('resources').ipConfiguration, parameters('tokens').service, 'client-afw'), parameters('tokens').network, variables('hubName'))]", - "firewallClientPublicIPAddressName": "[replace(replace(parameters('resources').publicIpAddress, parameters('tokens').service, 'client-afw'), parameters('tokens').network, variables('hubName'))]", - "firewallManagementIpConfigurationName": "[replace(replace(parameters('resources').ipConfiguration, parameters('tokens').service, 'mgmt-afw'), parameters('tokens').network, variables('hubName'))]", - "firewallManagementPublicIPAddressName": "[replace(replace(parameters('resources').publicIpAddress, parameters('tokens').service, 'mgmt-afw'), parameters('tokens').network, variables('hubName'))]", - "firewallName": "[replace(replace(parameters('resources').firewall, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, variables('hubName'))]", - "firewallPolicyName": "[replace(replace(parameters('resources').firewallPolicy, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, variables('hubName'))]", - "keyVaultName": "[take(replace(replace(replace(parameters('resources').keyVault, parameters('tokens').service, ''), parameters('tokens').network, variables('hubShortName')), 'unique_token', uniqueString(parameters('resourcePrefix'), parameters('environmentAbbreviation'), parameters('hubSubscriptionId'))), 24)]", - "keyVaultNetworkInterfaceName": "[replace(replace(parameters('resources').networkInterface, parameters('tokens').service, 'kv'), parameters('tokens').network, variables('hubName'))]", - "keyVaultPrivateEndpointName": "[replace(replace(parameters('resources').privateEndpoint, parameters('tokens').service, 'kv'), parameters('tokens').network, variables('hubName'))]", - "linuxDiskName": "[replace(replace(parameters('resources').disk, parameters('tokens').service, 'linux'), parameters('tokens').network, variables('hubName'))]", - "linuxNetworkInterfaceIpConfigurationName": "[replace(replace(parameters('resources').ipConfiguration, parameters('tokens').service, 'linux'), parameters('tokens').network, variables('hubName'))]", - "linuxNetworkInterfaceName": "[replace(replace(parameters('resources').networkInterface, parameters('tokens').service, 'linux'), parameters('tokens').network, variables('hubName'))]", - "linuxVmName": "[replace(replace(parameters('resources').virtualMachine, parameters('tokens').service, 'lra'), parameters('tokens').network, variables('hubName'))]", - "logStorageAccountName": "[take(replace(replace(replace(parameters('resources').storageAccount, parameters('tokens').service, ''), parameters('tokens').network, variables('hubShortName')), 'unique_token', uniqueString(parameters('resourcePrefix'), parameters('environmentAbbreviation'), parameters('hubSubscriptionId'))), 24)]", - "logStorageAccountNetworkInterfaceNamePrefix": "[replace(replace(parameters('resources').networkInterface, parameters('tokens').service, format('{0}-st', parameters('tokens').service)), parameters('tokens').network, variables('hubName'))]", - "logStorageAccountPrivateEndpointNamePrefix": "[replace(replace(parameters('resources').privateEndpoint, parameters('tokens').service, format('{0}-st', parameters('tokens').service)), parameters('tokens').network, variables('hubName'))]", - "networkSecurityGroupName": "[replace(replace(parameters('resources').networkSecurityGroup, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, variables('hubName'))]", - "networkWatcherName": "[replace(replace(parameters('resources').networkWatcher, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, variables('hubName'))]", - "routeTableName": "[replace(replace(parameters('resources').routeTable, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, variables('hubName'))]", - "subnetName": "[replace(replace(parameters('resources').subnet, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, variables('hubName'))]", - "userAssignedIdentityName": "[replace(replace(parameters('resources').userAssignedIdentity, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, variables('hubName'))]", - "virtualNetworkName": "[replace(replace(parameters('resources').virtualNetwork, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, variables('hubName'))]", - "windowsDiskName": "[replace(replace(parameters('resources').disk, parameters('tokens').service, 'windows'), parameters('tokens').network, variables('hubName'))]", - "windowsNetworkInterfaceIpConfigurationName": "[replace(replace(parameters('resources').ipConfiguration, parameters('tokens').service, 'windows'), parameters('tokens').network, variables('hubName'))]", - "windowsNetworkInterfaceName": "[replace(replace(parameters('resources').networkInterface, parameters('tokens').service, 'windows'), parameters('tokens').network, variables('hubName'))]", - "windowsVmName": "[replace(replace(parameters('resources').virtualMachine, parameters('tokens').service, 'wra'), parameters('tokens').network, variables('hubName'))]" - }, - "spokes": "[union(variables('spokesCommon'), variables('spokesIdentity'))]", - "spokesCommon": [ - { - "name": "[variables('operationsName')]", - "subscriptionId": "[parameters('operationsSubscriptionId')]", - "resourceGroupName": "[replace(replace(parameters('resources').resourceGroup, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, variables('operationsName'))]", - "deployUniqueResources": "[if(contains(createArray(parameters('hubSubscriptionId')), parameters('operationsSubscriptionId')), false(), true())]", - "logAnalyticsWorkspaceName": "[replace(replace(parameters('resources').logAnalyticsWorkspace, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, variables('operationsName'))]", - "logStorageAccountName": "[take(replace(replace(replace(parameters('resources').storageAccount, parameters('tokens').service, ''), parameters('tokens').network, variables('operationsShortName')), 'unique_token', uniqueString(parameters('resourcePrefix'), parameters('environmentAbbreviation'), parameters('operationsSubscriptionId'))), 24)]", - "logStorageAccountNetworkInterfaceNamePrefix": "[replace(replace(parameters('resources').networkInterface, parameters('tokens').service, format('{0}-st', parameters('tokens').service)), parameters('tokens').network, variables('operationsName'))]", - "logStorageAccountPrivateEndpointNamePrefix": "[replace(replace(parameters('resources').privateEndpoint, parameters('tokens').service, format('{0}-st', parameters('tokens').service)), parameters('tokens').network, variables('operationsName'))]", - "networkSecurityGroupDiagnosticsLogs": "[parameters('operationsNetworkSecurityGroupDiagnosticsLogs')]", - "networkSecurityGroupDiagnosticsMetrics": "[parameters('operationsNetworkSecurityGroupDiagnosticsMetrics')]", - "networkSecurityGroupName": "[replace(replace(parameters('resources').networkSecurityGroup, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, variables('operationsName'))]", - "networkSecurityGroupRules": "[parameters('operationsNetworkSecurityGroupRules')]", - "networkWatcherName": "[replace(replace(parameters('resources').networkWatcher, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, variables('operationsName'))]", - "privateLinkScopeName": "[replace(replace(parameters('resources').privateLinkScope, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, variables('operationsName'))]", - "privateLinkScopeNetworkInterfaceName": "[replace(replace(parameters('resources').networkInterface, parameters('tokens').service, 'pls'), parameters('tokens').network, variables('operationsName'))]", - "privateLinkScopePrivateEndpointName": "[replace(replace(parameters('resources').privateEndpoint, parameters('tokens').service, 'pls'), parameters('tokens').network, variables('operationsName'))]", - "routeTableName": "[replace(replace(parameters('resources').routeTable, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, variables('operationsName'))]", - "subnetAddressPrefix": "[parameters('operationsSubnetAddressPrefix')]", - "subnetName": "[replace(replace(parameters('resources').subnet, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, variables('operationsName'))]", - "subnetPrivateEndpointNetworkPolicies": "Disabled", - "subnetPrivateLinkServiceNetworkPolicies": "Disabled", - "virtualNetworkAddressPrefix": "[parameters('operationsVirtualNetworkAddressPrefix')]", - "virtualNetworkDiagnosticsLogs": "[parameters('operationsVirtualNetworkDiagnosticsLogs')]", - "virtualNetworkDiagnosticsMetrics": "[parameters('operationsVirtualNetworkDiagnosticsMetrics')]", - "virtualNetworkName": "[replace(replace(parameters('resources').virtualNetwork, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, variables('operationsName'))]" + "resources": [ + { + "copy": { + "name": "namingConventions", + "count": "[length(parameters('networks'))]" }, - { - "name": "[variables('sharedServicesName')]", - "subscriptionId": "[parameters('sharedServicesSubscriptionId')]", - "resourceGroupName": "[replace(replace(parameters('resources').resourceGroup, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, variables('sharedServicesName'))]", - "deployUniqueResources": "[if(contains(createArray(parameters('hubSubscriptionId'), parameters('operationsSubscriptionId')), parameters('sharedServicesSubscriptionId')), false(), true())]", - "logStorageAccountName": "[take(replace(replace(replace(parameters('resources').storageAccount, parameters('tokens').service, ''), parameters('tokens').network, variables('sharedServicesShortName')), 'unique_token', uniqueString(parameters('resourcePrefix'), parameters('environmentAbbreviation'), parameters('sharedServicesSubscriptionId'))), 24)]", - "logStorageAccountNetworkInterfaceNamePrefix": "[replace(replace(parameters('resources').networkInterface, parameters('tokens').service, format('{0}-st', parameters('tokens').service)), parameters('tokens').network, variables('sharedServicesName'))]", - "logStorageAccountPrivateEndpointNamePrefix": "[replace(replace(parameters('resources').privateEndpoint, parameters('tokens').service, format('{0}-st', parameters('tokens').service)), parameters('tokens').network, variables('sharedServicesName'))]", - "networkSecurityGroupDiagnosticsLogs": "[parameters('sharedServicesNetworkSecurityGroupDiagnosticsLogs')]", - "networkSecurityGroupDiagnosticsMetrics": "[parameters('sharedServicesNetworkSecurityGroupDiagnosticsMetrics')]", - "networkSecurityGroupName": "[replace(replace(parameters('resources').networkSecurityGroup, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, variables('sharedServicesName'))]", - "networkSecurityGroupRules": "[parameters('sharedServicesNetworkSecurityGroupRules')]", - "networkWatcherName": "[replace(replace(parameters('resources').networkWatcher, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, variables('sharedServicesName'))]", - "routeTableName": "[replace(replace(parameters('resources').routeTable, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, variables('sharedServicesName'))]", - "subnetAddressPrefix": "[parameters('sharedServicesSubnetAddressPrefix')]", - "subnetName": "[replace(replace(parameters('resources').subnet, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, variables('sharedServicesName'))]", - "subnetPrivateEndpointNetworkPolicies": "Disabled", - "subnetPrivateLinkServiceNetworkPolicies": "Disabled", - "virtualNetworkAddressPrefix": "[parameters('sharedServicesVirtualNetworkAddressPrefix')]", - "virtualNetworkDiagnosticsLogs": "[parameters('sharedServicesVirtualNetworkDiagnosticsLogs')]", - "virtualNetworkDiagnosticsMetrics": "[parameters('sharedServicesVirtualNetworkDiagnosticsMetrics')]", - "virtualNetworkName": "[replace(replace(parameters('resources').virtualNetwork, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, variables('sharedServicesName'))]" + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('naming-convention-{0}-{1}', parameters('networks')[copyIndex()].name, parameters('deploymentNameSuffix'))]", + "location": "[deployment().location]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "locationAbbreviation": { + "value": "[variables('locations')[parameters('location')].abbreviation]" + }, + "environmentAbbreviation": { + "value": "[parameters('environmentAbbreviation')]" + }, + "networkName": { + "value": "[parameters('networks')[copyIndex()].name]" + }, + "networkShortName": { + "value": "[parameters('networks')[copyIndex()].shortName]" + }, + "resourceAbbreviations": { + "value": "[variables('resourceAbbreviations')]" + }, + "resourcePrefix": { + "value": "[parameters('resourcePrefix')]" + }, + "stampIndex": { + "value": "[parameters('stampIndex')]" + }, + "subscriptionId": { + "value": "[parameters('networks')[copyIndex()].subscriptionId]" + }, + "tokens": { + "value": "[variables('tokens')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "13218155481958331255" + } + }, + "parameters": { + "environmentAbbreviation": { + "type": "string" + }, + "locationAbbreviation": { + "type": "string" + }, + "networkName": { + "type": "string" + }, + "networkShortName": { + "type": "string" + }, + "resourceAbbreviations": { + "type": "object" + }, + "resourcePrefix": { + "type": "string" + }, + "stampIndex": { + "type": "string", + "defaultValue": "" + }, + "subscriptionId": { + "type": "string" + }, + "tokens": { + "type": "object" + } + }, + "variables": { + "namingConvention": "[format('{0}-{1}{2}-{3}-{4}-{5}', toLower(parameters('resourcePrefix')), if(empty(parameters('stampIndex')), '', format('{0}-', parameters('stampIndex'))), parameters('tokens').resource, parameters('networkName'), parameters('environmentAbbreviation'), parameters('locationAbbreviation'))]", + "namingConvention_Service": "[format('{0}-{1}{2}-{3}-{4}-{5}-{6}', toLower(parameters('resourcePrefix')), if(empty(parameters('stampIndex')), '', format('{0}-', parameters('stampIndex'))), parameters('tokens').resource, parameters('tokens').service, parameters('networkName'), parameters('environmentAbbreviation'), parameters('locationAbbreviation'))]", + "names": { + "actionGroup": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').actionGroups)]", + "applicationGroup": "[replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').applicationGroups)]", + "automationAccount": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').automationAccounts)]", + "automationAccountDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, parameters('resourceAbbreviations').automationAccounts)]", + "automationAccountNetworkInterface": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, parameters('resourceAbbreviations').automationAccounts)]", + "automationAccountPrivateEndpoint": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').privateEndpoints), parameters('tokens').service, parameters('resourceAbbreviations').automationAccounts)]", + "availabilitySet": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').availabilitySets)]", + "azureFirewall": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').azureFirewalls)]", + "azureFirewallClientPublicIPAddress": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').publicIpAddresses), parameters('tokens').service, format('client-{0}', parameters('resourceAbbreviations').azureFirewalls))]", + "azureFirewallClientPublicIPAddressDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, format('{0}-client-{1}', parameters('resourceAbbreviations').publicIpAddresses, parameters('resourceAbbreviations').azureFirewalls))]", + "azureFirewallDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, parameters('resourceAbbreviations').azureFirewalls)]", + "azureFirewallManagementPublicIPAddress": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').publicIpAddresses), parameters('tokens').service, format('mgmt-{0}', parameters('resourceAbbreviations').azureFirewalls))]", + "azureFirewallManagementPublicIPAddressDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, format('{0}-mgmt-{1}', parameters('resourceAbbreviations').publicIpAddresses, parameters('resourceAbbreviations').azureFirewalls))]", + "azureFirewallPolicy": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').firewallPolicies)]", + "bastionHost": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').bastionHosts)]", + "bastionHostPublicIPAddress": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').publicIpAddresses), parameters('tokens').service, parameters('resourceAbbreviations').bastionHosts)]", + "bastionHostPublicIPAddressDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, format('{0}-{1}', parameters('resourceAbbreviations').publicIpAddresses, parameters('resourceAbbreviations').bastionHosts))]", + "computeGallery": "[replace(replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').computeGallieries), '-', '_')]", + "dataCollectionRuleAssociation": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').dataCollectionRuleAssociations)]", + "dataCollectionRule": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').dataCollectionRules)]", + "diskAccess": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').diskAccesses)]", + "diskEncryptionSet": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').diskEncryptionSets)]", + "hostPool": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').hostPools)]", + "hostPoolDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, parameters('resourceAbbreviations').hostPools)]", + "hostPoolNetworkInterface": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, parameters('resourceAbbreviations').hostPools)]", + "hostPoolPrivateEndpoint": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').privateEndpoints), parameters('tokens').service, parameters('resourceAbbreviations').hostPools)]", + "keyVault": "[format('{0}{1}', replace(replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').keyVaults), '-', ''), parameters('networkName'), parameters('networkShortName')), uniqueString(parameters('resourcePrefix'), parameters('environmentAbbreviation'), parameters('subscriptionId')))]", + "keyVaultDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, format('{0}{1}', parameters('tokens').service, parameters('resourceAbbreviations').keyVaults))]", + "keyVaultNetworkInterface": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, format('{0}{1}', parameters('tokens').service, parameters('resourceAbbreviations').keyVaults))]", + "keyVaultPrivateEndpoint": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').privateEndpoints), parameters('tokens').service, format('{0}{1}', parameters('tokens').service, parameters('resourceAbbreviations').keyVaults))]", + "logAnalyticsWorkspace": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').logAnalyticsWorkspaces)]", + "logAnalyticsWorkspaceDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, parameters('resourceAbbreviations').logAnalyticsWorkspaces)]", + "netAppAccountCapacityPool": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').netAppCapacityPools)]", + "netAppAccount": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').netAppAccounts)]", + "networkSecurityGroup": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').networkSecurityGroups)]", + "networkSecurityGroupDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, parameters('resourceAbbreviations').networkSecurityGroups)]", + "networkWatcher": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').networkWatchers)]", + "privateLinkScope": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').privateLinkScopes)]", + "privateLinkScopeNetworkInterface": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, parameters('resourceAbbreviations').privateLinkScopes)]", + "privateLinkScopePrivateEndpoint": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').privateEndpoints), parameters('tokens').service, parameters('resourceAbbreviations').privateLinkScopes)]", + "recoveryServicesVault": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').recoveryServicesVaults)]", + "recoveryServicesNetworkInterface": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, parameters('resourceAbbreviations').recoveryServicesVaults)]", + "recoveryServicesPrivateEndpoint": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').privateEndpoints), parameters('tokens').service, parameters('resourceAbbreviations').recoveryServicesVaults)]", + "resourceGroup": "[replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').resourceGroups)]", + "routeTable": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').routeTables)]", + "storageAccount": "[toLower(take(format('{0}{1}', replace(replace(replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').storageAccounts), parameters('networkName'), parameters('networkShortName')), '-', ''), uniqueString(parameters('resourcePrefix'), parameters('environmentAbbreviation'), parameters('subscriptionId'))), 24))]", + "storageAccountNetworkInterface": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').storageAccounts))]", + "storageAccountPrivateEndpoint": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').privateEndpoints), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').storageAccounts))]", + "subnet": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').subnets)]", + "userAssignedIdentity": "[replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').userAssignedIdentities)]", + "virtualMachine": "[replace(replace(replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').virtualMachines), parameters('environmentAbbreviation'), first(parameters('environmentAbbreviation'))), parameters('networkName'), ''), '-', '')]", + "virtualMachineDisk": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').disks), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').virtualMachines))]", + "virtualMachineNetworkInterface": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').virtualMachines))]", + "virtualNetwork": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').virtualNetworks)]", + "virtualNetworkDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, parameters('resourceAbbreviations').virtualNetworks)]", + "workspaceFeed": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').workspaces), format('-{0}', parameters('stampIndex')), '')]", + "workspaceFeedDiagnosticSetting": "[replace(replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').workspaces)), format('-{0}', parameters('stampIndex')), '')]", + "workspaceFeedNetworkInterface": "[replace(replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').workspaces)), format('-{0}', parameters('stampIndex')), '')]", + "workspaceFeedPrivateEndpoint": "[replace(replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').privateEndpoints), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').workspaces)), format('-{0}', parameters('stampIndex')), '')]", + "workspaceGlobal": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').workspaces), format('-{0}', parameters('stampIndex')), '')]", + "workspaceGlobalDiagnosticSetting": "[replace(replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').workspaces)), format('-{0}', parameters('stampIndex')), '')]", + "workspaceGlobalNetworkInterface": "[replace(replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').workspaces)), format('-{0}', parameters('stampIndex')), '')]", + "workspaceGlobalPrivateEndpoint": "[replace(replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').privateEndpoints), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').workspaces)), format('-{0}', parameters('stampIndex')), '')]" + } + }, + "resources": [], + "outputs": { + "names": { + "type": "object", + "value": "[variables('names')]" + } + } + } } - ], - "spokesIdentity": "[if(parameters('deployIdentity'), createArray(createObject('name', variables('identityName'), 'subscriptionId', parameters('identitySubscriptionId'), 'resourceGroupName', replace(replace(parameters('resources').resourceGroup, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, variables('identityName')), 'deployUniqueResources', if(contains(createArray(parameters('hubSubscriptionId'), parameters('operationsSubscriptionId'), parameters('sharedServicesSubscriptionId')), parameters('identitySubscriptionId')), false(), true()), 'logStorageAccountName', take(replace(replace(replace(parameters('resources').storageAccount, parameters('tokens').service, ''), parameters('tokens').network, variables('identityShortName')), 'unique_token', uniqueString(parameters('resourcePrefix'), parameters('environmentAbbreviation'), parameters('identitySubscriptionId'))), 24), 'logStorageAccountNetworkInterfaceNamePrefix', replace(replace(parameters('resources').networkInterface, parameters('tokens').service, format('{0}-st', parameters('tokens').service)), parameters('tokens').network, variables('identityName')), 'logStorageAccountPrivateEndpointNamePrefix', replace(replace(parameters('resources').privateEndpoint, parameters('tokens').service, format('{0}-st', parameters('tokens').service)), parameters('tokens').network, variables('identityName')), 'networkSecurityGroupDiagnosticsLogs', parameters('identityNetworkSecurityGroupDiagnosticsLogs'), 'networkSecurityGroupDiagnosticsMetrics', parameters('identityNetworkSecurityGroupDiagnosticsMetrics'), 'networkSecurityGroupName', replace(replace(parameters('resources').networkSecurityGroup, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, variables('identityName')), 'networkSecurityGroupRules', parameters('identityNetworkSecurityGroupRules'), 'networkWatcherName', replace(replace(parameters('resources').networkWatcher, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, variables('identityName')), 'routeTableName', replace(replace(parameters('resources').routeTable, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, variables('identityName')), 'subnetAddressPrefix', parameters('identitySubnetAddressPrefix'), 'subnetName', replace(replace(parameters('resources').subnet, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, variables('identityName')), 'subnetPrivateEndpointNetworkPolicies', 'Disabled', 'subnetPrivateLinkServiceNetworkPolicies', 'Disabled', 'virtualNetworkAddressPrefix', parameters('identityVirtualNetworkAddressPrefix'), 'virtualNetworkDiagnosticsLogs', parameters('identityVirtualNetworkDiagnosticsLogs'), 'virtualNetworkDiagnosticsMetrics', parameters('identityVirtualNetworkDiagnosticsMetrics'), 'virtualNetworkName', replace(replace(parameters('resources').virtualNetwork, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, variables('identityName')))), createArray())]" - }, - "resources": [], + } + ], "outputs": { - "networks": { + "locationProperties": { + "type": "object", + "value": "[variables('locations')[parameters('location')]]" + }, + "mlzTags": { + "type": "object", + "value": "[variables('mlzTags')]" + }, + "privateDnsZones": { + "type": "array", + "value": "[variables('privateDnsZoneNames')]" + }, + "tiers": { "type": "array", - "value": "[union(createArray(variables('hub')), variables('spokes'))]" + "copy": { + "count": "[length(parameters('networks'))]", + "input": { + "name": "[parameters('networks')[copyIndex()].name]", + "shortName": "[parameters('networks')[copyIndex()].shortName]", + "deployUniqueResources": "[parameters('networks')[copyIndex()].deployUniqueResources]", + "subscriptionId": "[parameters('networks')[copyIndex()].subscriptionId]", + "nsgDiagLogs": "[parameters('networks')[copyIndex()].nsgDiagLogs]", + "nsgDiagMetrics": "[parameters('networks')[copyIndex()].nsgDiagMetrics]", + "nsgRules": "[parameters('networks')[copyIndex()].nsgRules]", + "vnetAddressPrefix": "[parameters('networks')[copyIndex()].vnetAddressPrefix]", + "vnetDiagLogs": "[parameters('networks')[copyIndex()].vnetDiagLogs]", + "vnetDiagMetrics": "[parameters('networks')[copyIndex()].vnetDiagMetrics]", + "subnetAddressPrefix": "[parameters('networks')[copyIndex()].subnetAddressPrefix]", + "namingConvention": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('naming-convention-{0}-{1}', parameters('networks')[copyIndex()].name, parameters('deploymentNameSuffix'))), '2022-09-01').outputs.names.value]" + } + } + }, + "tokens": { + "type": "object", + "value": "[variables('tokens')]" } } } - }, - "dependsOn": [ - "[subscriptionResourceId('Microsoft.Resources/deployments', format('get-naming-convention-{0}', parameters('deploymentNameSuffix')))]" - ] + } }, { "type": "Microsoft.Resources/deployments", @@ -1939,11 +1862,17 @@ "location": { "value": "[parameters('location')]" }, - "networks": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.networks.value]" + "mlzTags": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.mlzTags.value]" + }, + "serviceToken": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value.service]" + }, + "tiers": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value]" }, "tags": { - "value": "[variables('calculatedTags')]" + "value": "[parameters('tags')]" } }, "template": { @@ -1952,8 +1881,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "805276655037964756" + "version": "0.27.1.19265", + "templateHash": "7960487143105550148" } }, "parameters": { @@ -1963,7 +1892,13 @@ "location": { "type": "string" }, - "networks": { + "mlzTags": { + "type": "object" + }, + "serviceToken": { + "type": "string" + }, + "tiers": { "type": "array" }, "tags": { @@ -1974,12 +1909,12 @@ { "copy": { "name": "resourceGroups", - "count": "[length(parameters('networks'))]" + "count": "[length(parameters('tiers'))]" }, "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('deploy-rg-{0}-{1}', parameters('networks')[copyIndex()].name, parameters('deploymentNameSuffix'))]", - "subscriptionId": "[parameters('networks')[copyIndex()].subscriptionId]", + "name": "[format('deploy-rg-{0}-{1}', parameters('tiers')[copyIndex()].name, parameters('deploymentNameSuffix'))]", + "subscriptionId": "[parameters('tiers')[copyIndex()].subscriptionId]", "location": "[deployment().location]", "properties": { "expressionEvaluationOptions": { @@ -1987,8 +1922,11 @@ }, "mode": "Incremental", "parameters": { + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, "name": { - "value": "[parameters('networks')[copyIndex()].resourceGroupName]" + "value": "[replace(parameters('tiers')[copyIndex()].namingConvention.resourceGroup, parameters('serviceToken'), 'network')]" }, "location": { "value": "[parameters('location')]" @@ -2003,11 +1941,14 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "14258191516922489977" + "version": "0.27.1.19265", + "templateHash": "11578255285976861685" } }, "parameters": { + "mlzTags": { + "type": "object" + }, "name": { "type": "string" }, @@ -2025,7 +1966,7 @@ "apiVersion": "2019-05-01", "name": "[parameters('name')]", "location": "[parameters('location')]", - "tags": "[parameters('tags')]" + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Resources/resourceGroups'), parameters('tags')['Microsoft.Resources/resourceGroups'], createObject()), parameters('mlzTags'))]" } ], "outputs": { @@ -2049,7 +1990,16 @@ } } } - ] + ], + "outputs": { + "names": { + "type": "array", + "copy": { + "count": "[length(parameters('tiers'))]", + "input": "[reference(subscriptionResourceId(parameters('tiers')[copyIndex()].subscriptionId, 'Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', parameters('tiers')[copyIndex()].name, parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" + } + } + } } }, "dependsOn": [ @@ -2079,8 +2029,8 @@ "deployNetworkWatcher": { "value": "[parameters('deployNetworkWatcher')]" }, - "deployRemoteAccess": { - "value": "[parameters('deployRemoteAccess')]" + "deployBastion": { + "value": "[parameters('deployBastion')]" }, "dnsServers": { "value": "[parameters('dnsServers')]" @@ -2096,30 +2046,28 @@ "intrusionDetectionMode": "[parameters('firewallIntrusionDetectionMode')]", "managementPublicIPAddressAvailabilityZones": "[parameters('firewallManagementPublicIPAddressAvailabilityZones')]", "managementSubnetAddressPrefix": "[parameters('firewallManagementSubnetAddressPrefix')]", - "publicIpAddressAllocationMethod": "Static", - "publicIpAddressSkuName": "Standard", "skuTier": "[parameters('firewallSkuTier')]", "supernetIPAddress": "[parameters('firewallSupernetIPAddress')]", "threatIntelMode": "[parameters('firewallThreatIntelMode')]" } }, - "hubNetworkSecurityGroupRules": { - "value": "[parameters('hubNetworkSecurityGroupRules')]" - }, - "hubSubnetAddressPrefix": { - "value": "[parameters('hubSubnetAddressPrefix')]" - }, - "hubVirtualNetworkAddressPrefix": { - "value": "[parameters('hubVirtualNetworkAddressPrefix')]" - }, "location": { "value": "[parameters('location')]" }, - "networks": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.networks.value]" + "mlzTags": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.mlzTags.value]" + }, + "privateDnsZoneNames": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.privateDnsZones.value]" + }, + "resourceGroupNames": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-resource-groups-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.names.value]" }, "tags": { - "value": "[variables('calculatedTags')]" + "value": "[parameters('tags')]" + }, + "tiers": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value]" } }, "template": { @@ -2128,8 +2076,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "12805260671779525318" + "version": "0.27.1.19265", + "templateHash": "893825226169234564" } }, "parameters": { @@ -2145,7 +2093,7 @@ "deployNetworkWatcher": { "type": "bool" }, - "deployRemoteAccess": { + "deployBastion": { "type": "bool" }, "dnsServers": { @@ -2157,19 +2105,19 @@ "firewallSettings": { "type": "object" }, - "hubNetworkSecurityGroupRules": { - "type": "array" - }, - "hubSubnetAddressPrefix": { + "location": { "type": "string" }, - "hubVirtualNetworkAddressPrefix": { - "type": "string" + "mlzTags": { + "type": "object" }, - "location": { - "type": "string" + "privateDnsZoneNames": { + "type": "array" }, - "networks": { + "resourceGroupNames": { + "type": "array" + }, + "tiers": { "type": "array" }, "tags": { @@ -2177,9 +2125,10 @@ } }, "variables": { - "hub": "[first(filter(parameters('networks'), lambda('network', equals(lambdaVariables('network').name, 'hub'))))]", - "identity": "[if(parameters('deployIdentity'), first(filter(parameters('networks'), lambda('network', equals(lambdaVariables('network').name, 'identity')))), createObject())]", - "spokes": "[filter(parameters('networks'), lambda('network', not(equals(lambdaVariables('network').name, 'hub'))))]" + "hub": "[filter(parameters('tiers'), lambda('tier', equals(lambdaVariables('tier').name, 'hub')))[0]]", + "hubResourceGroupName": "[filter(parameters('resourceGroupNames'), lambda('name', contains(lambdaVariables('name'), 'hub')))[0]]", + "spokes": "[filter(parameters('tiers'), lambda('tier', not(equals(lambdaVariables('tier').name, 'hub'))))]", + "spokeResourceGroupNames": "[filter(parameters('resourceGroupNames'), lambda('name', not(contains(lambdaVariables('name'), 'hub'))))]" }, "resources": [ { @@ -2187,7 +2136,7 @@ "apiVersion": "2022-09-01", "name": "[format('deploy-vnet-hub-{0}', parameters('deploymentNameSuffix'))]", "subscriptionId": "[variables('hub').subscriptionId]", - "resourceGroup": "[variables('hub').resourceGroupName]", + "resourceGroup": "[variables('hubResourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -2200,8 +2149,8 @@ "deployNetworkWatcher": { "value": "[parameters('deployNetworkWatcher')]" }, - "deployRemoteAccess": { - "value": "[parameters('deployRemoteAccess')]" + "deployBastion": { + "value": "[parameters('deployBastion')]" }, "dnsServers": { "value": "[parameters('dnsServers')]" @@ -2209,9 +2158,6 @@ "enableProxy": { "value": "[parameters('enableProxy')]" }, - "firewallClientIpConfigurationName": { - "value": "[variables('hub').firewallClientIpConfigurationName]" - }, "firewallClientPrivateIpAddress": { "value": "[parameters('firewallSettings').clientPrivateIpAddress]" }, @@ -2219,49 +2165,28 @@ "value": "[parameters('firewallSettings').clientPublicIPAddressAvailabilityZones]" }, "firewallClientPublicIPAddressName": { - "value": "[variables('hub').firewallClientPublicIPAddressName]" - }, - "firewallClientPublicIPAddressSkuName": { - "value": "Standard" - }, - "firewallClientPublicIpAllocationMethod": { - "value": "Static" + "value": "[variables('hub').namingConvention.azureFirewallClientPublicIPAddress]" }, "firewallClientSubnetAddressPrefix": { "value": "[parameters('firewallSettings').clientSubnetAddressPrefix]" }, - "firewallClientSubnetName": { - "value": "AzureFirewallSubnet" - }, "firewallIntrusionDetectionMode": { "value": "[parameters('firewallSettings').intrusionDetectionMode]" }, - "firewallManagementIpConfigurationName": { - "value": "[variables('hub').firewallManagementIpConfigurationName]" - }, "firewallManagementPublicIPAddressAvailabilityZones": { "value": "[parameters('firewallSettings').managementPublicIPAddressAvailabilityZones]" }, "firewallManagementPublicIPAddressName": { - "value": "[variables('hub').firewallManagementPublicIPAddressName]" - }, - "firewallManagementPublicIPAddressSkuName": { - "value": "[parameters('firewallSettings').publicIpAddressSkuName]" - }, - "firewallManagementPublicIpAllocationMethod": { - "value": "[parameters('firewallSettings').publicIpAddressAllocationMethod]" + "value": "[variables('hub').namingConvention.azureFirewallManagementPublicIPAddress]" }, "firewallManagementSubnetAddressPrefix": { "value": "[parameters('firewallSettings').managementSubnetAddressPrefix]" }, - "firewallManagementSubnetName": { - "value": "AzureFirewallManagementSubnet" - }, "firewallName": { - "value": "[variables('hub').firewallName]" + "value": "[variables('hub').namingConvention.azureFirewall]" }, "firewallPolicyName": { - "value": "[variables('hub').firewallPolicyName]" + "value": "[variables('hub').namingConvention.azureFirewallPolicy]" }, "firewallSkuTier": { "value": "[parameters('firewallSettings').skuTier]" @@ -2275,32 +2200,35 @@ "location": { "value": "[parameters('location')]" }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, "networkSecurityGroupName": { - "value": "[variables('hub').networkSecurityGroupName]" + "value": "[variables('hub').namingConvention.networkSecurityGroup]" }, "networkSecurityGroupRules": { - "value": "[parameters('hubNetworkSecurityGroupRules')]" + "value": "[variables('hub').nsgRules]" }, "networkWatcherName": { - "value": "[variables('hub').networkWatcherName]" + "value": "[variables('hub').namingConvention.networkWatcher]" }, "routeTableName": { - "value": "[variables('hub').routeTableName]" + "value": "[variables('hub').namingConvention.routeTable]" }, "subnetAddressPrefix": { - "value": "[parameters('hubSubnetAddressPrefix')]" + "value": "[variables('hub').subnetAddressPrefix]" }, "subnetName": { - "value": "[variables('hub').subnetName]" + "value": "[variables('hub').namingConvention.subnet]" }, "tags": { "value": "[parameters('tags')]" }, "virtualNetworkAddressPrefix": { - "value": "[parameters('hubVirtualNetworkAddressPrefix')]" + "value": "[variables('hub').vnetAddressPrefix]" }, "virtualNetworkName": { - "value": "[variables('hub').virtualNetworkName]" + "value": "[variables('hub').namingConvention.virtualNetwork]" }, "vNetDnsServers": { "value": [ @@ -2314,8 +2242,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "1867861694959053688" + "version": "0.27.1.19265", + "templateHash": "16727244682030781582" } }, "parameters": { @@ -2325,7 +2253,7 @@ "deployNetworkWatcher": { "type": "bool" }, - "deployRemoteAccess": { + "deployBastion": { "type": "bool" }, "dnsServers": { @@ -2334,9 +2262,6 @@ "enableProxy": { "type": "bool" }, - "firewallClientIpConfigurationName": { - "type": "string" - }, "firewallClientPrivateIpAddress": { "type": "string" }, @@ -2346,18 +2271,9 @@ "firewallClientPublicIPAddressName": { "type": "string" }, - "firewallClientPublicIPAddressSkuName": { - "type": "string" - }, - "firewallClientPublicIpAllocationMethod": { - "type": "string" - }, "firewallClientSubnetAddressPrefix": { "type": "string" }, - "firewallClientSubnetName": { - "type": "string" - }, "firewallIntrusionDetectionMode": { "type": "string", "allowedValues": [ @@ -2366,27 +2282,15 @@ "Off" ] }, - "firewallManagementIpConfigurationName": { - "type": "string" - }, "firewallManagementPublicIPAddressAvailabilityZones": { "type": "array" }, "firewallManagementPublicIPAddressName": { "type": "string" }, - "firewallManagementPublicIPAddressSkuName": { - "type": "string" - }, - "firewallManagementPublicIpAllocationMethod": { - "type": "string" - }, "firewallManagementSubnetAddressPrefix": { "type": "string" }, - "firewallManagementSubnetName": { - "type": "string" - }, "firewallName": { "type": "string" }, @@ -2410,6 +2314,9 @@ "location": { "type": "string" }, + "mlzTags": { + "type": "object" + }, "networkSecurityGroupName": { "type": "string" }, @@ -2422,18 +2329,6 @@ "routeTableName": { "type": "string" }, - "routeTableRouteAddressPrefix": { - "type": "string", - "defaultValue": "0.0.0.0/0" - }, - "routeTableRouteName": { - "type": "string", - "defaultValue": "default_route" - }, - "routeTableRouteNextHopType": { - "type": "string", - "defaultValue": "VirtualAppliance" - }, "subnetAddressPrefix": { "type": "string" }, @@ -2453,9 +2348,6 @@ "type": "array" } }, - "variables": { - "subnetsBastion": "[if(parameters('deployRemoteAccess'), createArray(createObject('name', 'AzureBastionSubnet', 'properties', createObject('addressPrefix', parameters('bastionHostSubnetAddressPrefix')))), createArray())]" - }, "resources": [ { "type": "Microsoft.Resources/deployments", @@ -2470,6 +2362,9 @@ "location": { "value": "[parameters('location')]" }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, "name": { "value": "[parameters('networkSecurityGroupName')]" }, @@ -2486,14 +2381,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "7780881015892644264" + "version": "0.27.1.19265", + "templateHash": "12935581119437417634" } }, "parameters": { "location": { "type": "string" }, + "mlzTags": { + "type": "object" + }, "name": { "type": "string" }, @@ -2510,7 +2408,7 @@ "apiVersion": "2021-02-01", "name": "[parameters('name')]", "location": "[parameters('location')]", - "tags": "[parameters('tags')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Network/networkSecurityGroups'), parameters('tags')['Microsoft.Network/networkSecurityGroups'], createObject()), parameters('mlzTags'))]", "properties": { "securityRules": "[parameters('securityRules')]" } @@ -2545,21 +2443,15 @@ "location": { "value": "[parameters('location')]" }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, "name": { "value": "[parameters('routeTableName')]" }, - "routeAddressPrefix": { - "value": "[parameters('routeTableRouteAddressPrefix')]" - }, - "routeName": { - "value": "[parameters('routeTableRouteName')]" - }, "routeNextHopIpAddress": { "value": "[parameters('firewallClientPrivateIpAddress')]" }, - "routeNextHopType": { - "value": "[parameters('routeTableRouteNextHopType')]" - }, "tags": { "value": "[parameters('tags')]" } @@ -2570,8 +2462,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "3452822322028754232" + "version": "0.27.1.19265", + "templateHash": "18262399193161292353" } }, "parameters": { @@ -2581,20 +2473,26 @@ "location": { "type": "string" }, + "mlzTags": { + "type": "object" + }, "name": { "type": "string" }, "routeAddressPrefix": { - "type": "string" + "type": "string", + "defaultValue": "0.0.0.0/0" }, "routeName": { - "type": "string" + "type": "string", + "defaultValue": "default_route" }, "routeNextHopIpAddress": { "type": "string" }, "routeNextHopType": { - "type": "string" + "type": "string", + "defaultValue": "VirtualAppliance" }, "tags": { "type": "object" @@ -2606,7 +2504,7 @@ "apiVersion": "2021-02-01", "name": "[parameters('name')]", "location": "[parameters('location')]", - "tags": "[parameters('tags')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Network/routeTables'), parameters('tags')['Microsoft.Network/routeTables'], createObject()), parameters('mlzTags'))]", "properties": { "disableBgpRoutePropagation": "[parameters('disableBgpRoutePropagation')]", "routes": [ @@ -2649,6 +2547,9 @@ "location": { "value": "[parameters('location')]" }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, "name": { "value": "[parameters('networkWatcherName')]" }, @@ -2662,14 +2563,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "7600987290536274187" + "version": "0.27.1.19265", + "templateHash": "13830033528097307473" } }, "parameters": { "location": { "type": "string" }, + "mlzTags": { + "type": "object" + }, "name": { "type": "string" }, @@ -2683,7 +2587,7 @@ "apiVersion": "2021-02-01", "name": "[parameters('name')]", "location": "[parameters('location')]", - "tags": "[parameters('tags')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Network/networkWatchers'), parameters('tags')['Microsoft.Network/networkWatchers'], createObject()), parameters('mlzTags'))]", "properties": {} } ] @@ -2706,11 +2610,14 @@ "location": { "value": "[parameters('location')]" }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, "name": { "value": "[parameters('virtualNetworkName')]" }, "subnets": { - "value": "[union(createArray(createObject('name', 'AzureFirewallSubnet', 'properties', createObject('addressPrefix', parameters('firewallClientSubnetAddressPrefix'))), createObject('name', 'AzureFirewallManagementSubnet', 'properties', createObject('addressPrefix', parameters('firewallManagementSubnetAddressPrefix'))), createObject('name', parameters('subnetName'), 'properties', createObject('addressPrefix', parameters('subnetAddressPrefix'), 'networkSecurityGroup', createObject('id', reference(resourceId('Microsoft.Resources/deployments', 'networkSecurityGroup'), '2022-09-01').outputs.id.value), 'privateEndpointNetworkPolicies', 'Disabled', 'privateLinkServiceNetworkPolicies', 'Disabled', 'routeTable', createObject('id', reference(resourceId('Microsoft.Resources/deployments', 'routeTable'), '2022-09-01').outputs.id.value)))), variables('subnetsBastion'))]" + "value": "[union(createArray(createObject('name', 'AzureFirewallSubnet', 'properties', createObject('addressPrefix', parameters('firewallClientSubnetAddressPrefix'))), createObject('name', 'AzureFirewallManagementSubnet', 'properties', createObject('addressPrefix', parameters('firewallManagementSubnetAddressPrefix'))), createObject('name', parameters('subnetName'), 'properties', createObject('addressPrefix', parameters('subnetAddressPrefix'), 'networkSecurityGroup', createObject('id', reference(resourceId('Microsoft.Resources/deployments', 'networkSecurityGroup'), '2022-09-01').outputs.id.value), 'privateEndpointNetworkPolicies', 'Disabled', 'privateLinkServiceNetworkPolicies', 'Disabled', 'routeTable', createObject('id', reference(resourceId('Microsoft.Resources/deployments', 'routeTable'), '2022-09-01').outputs.id.value)))), if(parameters('deployBastion'), createArray(createObject('name', 'AzureBastionSubnet', 'properties', createObject('addressPrefix', parameters('bastionHostSubnetAddressPrefix')))), createArray()))]" }, "tags": { "value": "[parameters('tags')]" @@ -2728,8 +2635,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "10147997802991299261" + "version": "0.27.1.19265", + "templateHash": "4325479931624604061" } }, "parameters": { @@ -2739,6 +2646,9 @@ "location": { "type": "string" }, + "mlzTags": { + "type": "object" + }, "name": { "type": "string" }, @@ -2761,7 +2671,7 @@ "apiVersion": "2021-02-01", "name": "[parameters('name')]", "location": "[parameters('location')]", - "tags": "[parameters('tags')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Network/virtualNetworks'), parameters('tags')['Microsoft.Network/virtualNetworks'], createObject()), parameters('mlzTags'))]", "properties": { "addressSpace": { "addressPrefixes": [ @@ -2815,14 +2725,17 @@ "location": { "value": "[parameters('location')]" }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, "name": { "value": "[parameters('firewallClientPublicIPAddressName')]" }, "publicIpAllocationMethod": { - "value": "[parameters('firewallClientPublicIpAllocationMethod')]" + "value": "Static" }, "skuName": { - "value": "[parameters('firewallClientPublicIPAddressSkuName')]" + "value": "Standard" }, "tags": { "value": "[parameters('tags')]" @@ -2834,8 +2747,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "11737243810289041859" + "version": "0.27.1.19265", + "templateHash": "9716386408341493301" } }, "parameters": { @@ -2845,6 +2758,9 @@ "location": { "type": "string" }, + "mlzTags": { + "type": "object" + }, "name": { "type": "string" }, @@ -2864,7 +2780,7 @@ "apiVersion": "2021-02-01", "name": "[parameters('name')]", "location": "[parameters('location')]", - "tags": "[parameters('tags')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Network/publicIPAddresses'), parameters('tags')['Microsoft.Network/publicIPAddresses'], createObject()), parameters('mlzTags'))]", "sku": { "name": "[parameters('skuName')]" }, @@ -2899,14 +2815,17 @@ "location": { "value": "[parameters('location')]" }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, "name": { "value": "[parameters('firewallManagementPublicIPAddressName')]" }, "publicIpAllocationMethod": { - "value": "[parameters('firewallManagementPublicIpAllocationMethod')]" + "value": "Static" }, "skuName": { - "value": "[parameters('firewallManagementPublicIPAddressSkuName')]" + "value": "Standard" }, "tags": { "value": "[parameters('tags')]" @@ -2918,8 +2837,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "11737243810289041859" + "version": "0.27.1.19265", + "templateHash": "9716386408341493301" } }, "parameters": { @@ -2929,6 +2848,9 @@ "location": { "type": "string" }, + "mlzTags": { + "type": "object" + }, "name": { "type": "string" }, @@ -2948,7 +2870,7 @@ "apiVersion": "2021-02-01", "name": "[parameters('name')]", "location": "[parameters('location')]", - "tags": "[parameters('tags')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Network/publicIPAddresses'), parameters('tags')['Microsoft.Network/publicIPAddresses'], createObject()), parameters('mlzTags'))]", "sku": { "name": "[parameters('skuName')]" }, @@ -2977,14 +2899,11 @@ }, "mode": "Incremental", "parameters": { - "clientIpConfigurationName": { - "value": "[parameters('firewallClientIpConfigurationName')]" - }, "clientIpConfigurationPublicIPAddressResourceId": { "value": "[reference(resourceId('Microsoft.Resources/deployments', 'firewallClientPublicIPAddress'), '2022-09-01').outputs.id.value]" }, "clientIpConfigurationSubnetResourceId": { - "value": "[format('{0}/subnets/{1}', reference(resourceId('Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.id.value, parameters('firewallClientSubnetName'))]" + "value": "[format('{0}/subnets/AzureFirewallSubnet', reference(resourceId('Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.id.value)]" }, "dnsServers": { "value": "[parameters('dnsServers')]" @@ -3004,14 +2923,14 @@ "location": { "value": "[parameters('location')]" }, - "managementIpConfigurationName": { - "value": "[parameters('firewallManagementIpConfigurationName')]" - }, "managementIpConfigurationPublicIPAddressResourceId": { "value": "[reference(resourceId('Microsoft.Resources/deployments', 'firewallManagementPublicIPAddress'), '2022-09-01').outputs.id.value]" }, "managementIpConfigurationSubnetResourceId": { - "value": "[format('{0}/subnets/{1}', reference(resourceId('Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.id.value, parameters('firewallManagementSubnetName'))]" + "value": "[format('{0}/subnets/AzureFirewallManagementSubnet', reference(resourceId('Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.id.value)]" + }, + "mlzTags": { + "value": "[parameters('mlzTags')]" }, "name": { "value": "[parameters('firewallName')]" @@ -3032,14 +2951,11 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "17878198270712885843" + "version": "0.27.1.19265", + "templateHash": "17134325627551427989" } }, "parameters": { - "clientIpConfigurationName": { - "type": "string" - }, "clientIpConfigurationSubnetResourceId": { "type": "string" }, @@ -3069,15 +2985,15 @@ "location": { "type": "string" }, - "managementIpConfigurationName": { - "type": "string" - }, "managementIpConfigurationSubnetResourceId": { "type": "string" }, "managementIpConfigurationPublicIPAddressResourceId": { "type": "string" }, + "mlzTags": { + "type": "object" + }, "name": { "type": "string" }, @@ -3117,7 +3033,7 @@ "apiVersion": "2021-02-01", "name": "[parameters('firewallPolicyName')]", "location": "[parameters('location')]", - "tags": "[parameters('tags')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Network/firewallPolicies'), parameters('tags')['Microsoft.Network/firewallPolicies'], createObject()), parameters('mlzTags'))]", "properties": { "threatIntelMode": "[parameters('threatIntelMode')]", "intrusionDetection": "[if(equals(parameters('skuTier'), 'Premium'), variables('intrusionDetectionObject'), null())]", @@ -3250,11 +3166,11 @@ "apiVersion": "2021-02-01", "name": "[parameters('name')]", "location": "[parameters('location')]", - "tags": "[parameters('tags')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Network/azureFirewalls'), parameters('tags')['Microsoft.Network/azureFirewalls'], createObject()), parameters('mlzTags'))]", "properties": { "ipConfigurations": [ { - "name": "[parameters('clientIpConfigurationName')]", + "name": "ipconfig-client", "properties": { "subnet": { "id": "[parameters('clientIpConfigurationSubnetResourceId')]" @@ -3266,7 +3182,7 @@ } ], "managementIpConfiguration": { - "name": "[parameters('managementIpConfigurationName')]", + "name": "ipconfig-management", "properties": { "subnet": { "id": "[parameters('managementIpConfigurationSubnetResourceId')]" @@ -3316,7 +3232,7 @@ "outputs": { "bastionHostSubnetResourceId": { "type": "string", - "value": "[if(parameters('deployRemoteAccess'), reference(resourceId('Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.subnets.value[3].id, '')]" + "value": "[if(parameters('deployBastion'), reference(resourceId('Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.subnets.value[3].id, '')]" }, "firewallName": { "type": "string", @@ -3370,8 +3286,7 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('deploy-vnet-{0}-{1}', variables('spokes')[copyIndex()].name, parameters('deploymentNameSuffix'))]", - "subscriptionId": "[variables('spokes')[copyIndex()].subscriptionId]", - "resourceGroup": "[variables('spokes')[copyIndex()].resourceGroupName]", + "location": "[deployment().location]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -3379,7 +3294,7 @@ "mode": "Incremental", "parameters": { "deployNetworkWatcher": { - "value": "[variables('spokes')[copyIndex()].deployUniqueResources]" + "value": "[and(parameters('deployNetworkWatcher'), variables('spokes')[copyIndex()].deployUniqueResources)]" }, "firewallSkuTier": { "value": "[parameters('firewallSettings').skuTier]" @@ -3387,17 +3302,23 @@ "location": { "value": "[parameters('location')]" }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, "networkSecurityGroupName": { - "value": "[variables('spokes')[copyIndex()].networkSecurityGroupName]" + "value": "[variables('spokes')[copyIndex()].namingConvention.networkSecurityGroup]" }, "networkSecurityGroupRules": { - "value": "[variables('spokes')[copyIndex()].networkSecurityGroupRules]" + "value": "[variables('spokes')[copyIndex()].nsgRules]" }, "networkWatcherName": { - "value": "[variables('spokes')[copyIndex()].networkWatcherName]" + "value": "[variables('spokes')[copyIndex()].namingConvention.networkWatcher]" + }, + "resourceGroupName": { + "value": "[variables('spokeResourceGroupNames')[copyIndex()]]" }, "routeTableName": { - "value": "[variables('spokes')[copyIndex()].routeTableName]" + "value": "[variables('spokes')[copyIndex()].namingConvention.routeTable]" }, "routeTableRouteNextHopIpAddress": { "value": "[parameters('firewallSettings').clientPrivateIpAddress]" @@ -3406,40 +3327,41 @@ "value": "[variables('spokes')[copyIndex()].subnetAddressPrefix]" }, "subnetName": { - "value": "[variables('spokes')[copyIndex()].subnetName]" - }, - "subnetPrivateEndpointNetworkPolicies": { - "value": "[variables('spokes')[copyIndex()].subnetPrivateEndpointNetworkPolicies]" + "value": "[variables('spokes')[copyIndex()].namingConvention.subnet]" }, - "subnetPrivateLinkServiceNetworkPolicies": { - "value": "[variables('spokes')[copyIndex()].subnetPrivateLinkServiceNetworkPolicies]" + "subscriptionId": { + "value": "[variables('spokes')[copyIndex()].subscriptionId]" }, "tags": { "value": "[parameters('tags')]" }, "virtualNetworkAddressPrefix": { - "value": "[variables('spokes')[copyIndex()].virtualNetworkAddressPrefix]" + "value": "[variables('spokes')[copyIndex()].vnetAddressPrefix]" }, "virtualNetworkName": { - "value": "[variables('spokes')[copyIndex()].virtualNetworkName]" + "value": "[variables('spokes')[copyIndex()].namingConvention.virtualNetwork]" }, "vNetDnsServers": { "value": [ - "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hub').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.firewallPrivateIPAddress.value]" + "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.firewallPrivateIPAddress.value]" ] } }, "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "11944009476052352030" + "version": "0.27.1.19265", + "templateHash": "4742978871908330688" } }, "parameters": { + "additionalSubnets": { + "type": "array", + "defaultValue": [] + }, "deployNetworkWatcher": { "type": "bool" }, @@ -3449,6 +3371,9 @@ "location": { "type": "string" }, + "mlzTags": { + "type": "object" + }, "networkSecurityGroupName": { "type": "string" }, @@ -3458,34 +3383,22 @@ "networkWatcherName": { "type": "string" }, - "routeTableName": { + "resourceGroupName": { "type": "string" }, - "routeTableRouteName": { - "type": "string", - "defaultValue": "default_route" - }, - "routeTableRouteAddressPrefix": { - "type": "string", - "defaultValue": "0.0.0.0/0" + "routeTableName": { + "type": "string" }, "routeTableRouteNextHopIpAddress": { "type": "string" }, - "routeTableRouteNextHopType": { - "type": "string", - "defaultValue": "VirtualAppliance" - }, "subnetAddressPrefix": { "type": "string" }, "subnetName": { "type": "string" }, - "subnetPrivateEndpointNetworkPolicies": { - "type": "string" - }, - "subnetPrivateLinkServiceNetworkPolicies": { + "subscriptionId": { "type": "string" }, "tags": { @@ -3501,11 +3414,28 @@ "type": "array" } }, + "variables": { + "delegations": { + "AzureNetAppFiles": [ + { + "name": "Microsoft.Netapp.volumes", + "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets/delegations', parameters('virtualNetworkName'), 'AzureNetAppFiles', 'Microsoft.Netapp.volumes')]", + "properties": { + "serviceName": "Microsoft.Netapp/volumes" + }, + "type": "Microsoft.Network/virtualNetworks/subnets/delegations" + } + ] + }, + "subnets": "[union(createArray(createObject('name', parameters('subnetName'), 'properties', createObject('addressPrefix', parameters('subnetAddressPrefix')))), parameters('additionalSubnets'))]" + }, "resources": [ { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "networkSecurityGroup", + "subscriptionId": "[parameters('subscriptionId')]", + "resourceGroup": "[parameters('resourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -3515,6 +3445,9 @@ "location": { "value": "[parameters('location')]" }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, "name": { "value": "[parameters('networkSecurityGroupName')]" }, @@ -3531,14 +3464,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "7780881015892644264" + "version": "0.27.1.19265", + "templateHash": "12935581119437417634" } }, "parameters": { "location": { "type": "string" }, + "mlzTags": { + "type": "object" + }, "name": { "type": "string" }, @@ -3555,7 +3491,7 @@ "apiVersion": "2021-02-01", "name": "[parameters('name')]", "location": "[parameters('location')]", - "tags": "[parameters('tags')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Network/networkSecurityGroups'), parameters('tags')['Microsoft.Network/networkSecurityGroups'], createObject()), parameters('mlzTags'))]", "properties": { "securityRules": "[parameters('securityRules')]" } @@ -3578,6 +3514,8 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "routeTable", + "subscriptionId": "[parameters('subscriptionId')]", + "resourceGroup": "[parameters('resourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -3590,21 +3528,15 @@ "location": { "value": "[parameters('location')]" }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, "name": { "value": "[parameters('routeTableName')]" }, - "routeAddressPrefix": { - "value": "[parameters('routeTableRouteAddressPrefix')]" - }, - "routeName": { - "value": "[parameters('routeTableRouteName')]" - }, "routeNextHopIpAddress": { "value": "[parameters('routeTableRouteNextHopIpAddress')]" }, - "routeNextHopType": { - "value": "[parameters('routeTableRouteNextHopType')]" - }, "tags": { "value": "[parameters('tags')]" } @@ -3615,8 +3547,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "3452822322028754232" + "version": "0.27.1.19265", + "templateHash": "18262399193161292353" } }, "parameters": { @@ -3626,20 +3558,26 @@ "location": { "type": "string" }, + "mlzTags": { + "type": "object" + }, "name": { "type": "string" }, "routeAddressPrefix": { - "type": "string" + "type": "string", + "defaultValue": "0.0.0.0/0" }, "routeName": { - "type": "string" + "type": "string", + "defaultValue": "default_route" }, "routeNextHopIpAddress": { "type": "string" }, "routeNextHopType": { - "type": "string" + "type": "string", + "defaultValue": "VirtualAppliance" }, "tags": { "type": "object" @@ -3651,7 +3589,7 @@ "apiVersion": "2021-02-01", "name": "[parameters('name')]", "location": "[parameters('location')]", - "tags": "[parameters('tags')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Network/routeTables'), parameters('tags')['Microsoft.Network/routeTables'], createObject()), parameters('mlzTags'))]", "properties": { "disableBgpRoutePropagation": "[parameters('disableBgpRoutePropagation')]", "routes": [ @@ -3685,6 +3623,8 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "networkWatcher", + "subscriptionId": "[parameters('subscriptionId')]", + "resourceGroup": "[parameters('resourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -3694,6 +3634,9 @@ "location": { "value": "[parameters('location')]" }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, "name": { "value": "[parameters('networkWatcherName')]" }, @@ -3707,14 +3650,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "7600987290536274187" + "version": "0.27.1.19265", + "templateHash": "13830033528097307473" } }, "parameters": { "location": { "type": "string" }, + "mlzTags": { + "type": "object" + }, "name": { "type": "string" }, @@ -3728,7 +3674,7 @@ "apiVersion": "2021-02-01", "name": "[parameters('name')]", "location": "[parameters('location')]", - "tags": "[parameters('tags')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Network/networkWatchers'), parameters('tags')['Microsoft.Network/networkWatchers'], createObject()), parameters('mlzTags'))]", "properties": {} } ] @@ -3739,6 +3685,8 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "virtualNetwork", + "subscriptionId": "[parameters('subscriptionId')]", + "resourceGroup": "[parameters('resourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -3751,24 +3699,18 @@ "location": { "value": "[parameters('location')]" }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, "name": { "value": "[parameters('virtualNetworkName')]" }, "subnets": { - "value": [ + "copy": [ { - "name": "[parameters('subnetName')]", - "properties": { - "addressPrefix": "[parameters('subnetAddressPrefix')]", - "networkSecurityGroup": { - "id": "[reference(resourceId('Microsoft.Resources/deployments', 'networkSecurityGroup'), '2022-09-01').outputs.id.value]" - }, - "routeTable": { - "id": "[reference(resourceId('Microsoft.Resources/deployments', 'routeTable'), '2022-09-01').outputs.id.value]" - }, - "privateEndpointNetworkPolicies": "[parameters('subnetPrivateEndpointNetworkPolicies')]", - "privateLinkServiceNetworkPolicies": "[parameters('subnetPrivateLinkServiceNetworkPolicies')]" - } + "name": "value", + "count": "[length(variables('subnets'))]", + "input": "[createObject('name', variables('subnets')[copyIndex('value')].name, 'properties', createObject('addressPrefix', variables('subnets')[copyIndex('value')].properties.addressPrefix, 'delegations', coalesce(tryGet(variables('delegations'), variables('subnets')[copyIndex('value')].name), createArray()), 'networkSecurityGroup', createObject('id', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'networkSecurityGroup'), '2022-09-01').outputs.id.value), 'routeTable', createObject('id', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'routeTable'), '2022-09-01').outputs.id.value), 'privateEndpointNetworkPolicies', 'Disabled', 'privateLinkServiceNetworkPolicies', 'Disabled'))]" } ] }, @@ -3788,8 +3730,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "10147997802991299261" + "version": "0.27.1.19265", + "templateHash": "4325479931624604061" } }, "parameters": { @@ -3799,6 +3741,9 @@ "location": { "type": "string" }, + "mlzTags": { + "type": "object" + }, "name": { "type": "string" }, @@ -3821,7 +3766,7 @@ "apiVersion": "2021-02-01", "name": "[parameters('name')]", "location": "[parameters('location')]", - "tags": "[parameters('tags')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Network/virtualNetworks'), parameters('tags')['Microsoft.Network/virtualNetworks'], createObject()), parameters('mlzTags'))]", "properties": { "addressSpace": { "addressPrefixes": [ @@ -3854,58 +3799,61 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Resources/deployments', 'networkSecurityGroup')]", - "[resourceId('Microsoft.Resources/deployments', 'networkWatcher')]", - "[resourceId('Microsoft.Resources/deployments', 'routeTable')]" + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'networkSecurityGroup')]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'networkWatcher')]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'routeTable')]" ] } ], "outputs": { "virtualNetworkName": { "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.name.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.name.value]" }, "virtualNetworkResourceId": { "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.id.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.id.value]" }, "virtualNetworkAddressPrefix": { "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.addressPrefix.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.addressPrefix.value]" }, "subnetName": { "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.subnets.value[0].name]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.subnets.value[0].name]" }, "subnetAddressPrefix": { "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.subnets.value[0].properties.addressPrefix]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.subnets.value[0].properties.addressPrefix]" }, "subnetResourceId": { "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.subnets.value[0].id]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.subnets.value[0].id]" }, "networkSecurityGroupName": { "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'networkSecurityGroup'), '2022-09-01').outputs.name.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'networkSecurityGroup'), '2022-09-01').outputs.name.value]" }, "networkSecurityGroupResourceId": { "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'networkSecurityGroup'), '2022-09-01').outputs.id.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'networkSecurityGroup'), '2022-09-01').outputs.id.value]" } } } }, "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hub').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('deploymentNameSuffix')))]" + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('deploymentNameSuffix')))]" ] }, { + "copy": { + "name": "hubVirtualNetworkPeerings", + "count": "[length(variables('spokes'))]" + }, "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('deploy-vnet-peerings-hub-{0}', parameters('deploymentNameSuffix'))]", - "subscriptionId": "[variables('hub').subscriptionId]", - "resourceGroup": "[variables('hub').resourceGroupName]", + "name": "[format('deploy-vnet-peerings-hub-{0}-{1}', copyIndex(), parameters('deploymentNameSuffix'))]", + "location": "[deployment().location]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -3913,56 +3861,69 @@ "mode": "Incremental", "parameters": { "hubVirtualNetworkName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hub').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.virtualNetworkName.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.virtualNetworkName.value]" }, - "spokes": { - "copy": [ - { - "name": "value", - "count": "[length(variables('spokes'))]", - "input": "[createObject('type', variables('spokes')[copyIndex('value')].name, 'virtualNetworkName', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('spokes')[copyIndex('value')].subscriptionId, variables('spokes')[copyIndex('value')].resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-vnet-{0}-{1}', variables('spokes')[copyIndex('value')].name, parameters('deploymentNameSuffix'))), '2022-09-01').outputs.virtualNetworkName.value, 'virtualNetworkResourceId', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('spokes')[copyIndex('value')].subscriptionId, variables('spokes')[copyIndex('value')].resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-vnet-{0}-{1}', variables('spokes')[copyIndex('value')].name, parameters('deploymentNameSuffix'))), '2022-09-01').outputs.virtualNetworkResourceId.value)]" - } - ] + "resourceGroupName": { + "value": "[variables('hubResourceGroupName')]" + }, + "spokeName": { + "value": "[variables('spokes')[copyIndex()].name]" + }, + "spokeVirtualNetworkResourceId": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-vnet-{0}-{1}', variables('spokes')[copyIndex()].name, parameters('deploymentNameSuffix'))), '2022-09-01').outputs.virtualNetworkResourceId.value]" + }, + "subscriptionId": { + "value": "[variables('hub').subscriptionId]" } }, "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "11212369470578362410" + "version": "0.27.1.19265", + "templateHash": "16991872399359859910" } }, "parameters": { "hubVirtualNetworkName": { "type": "string" }, - "spokes": { - "type": "array" + "resourceGroupName": { + "type": "string" + }, + "spokeName": { + "type": "string" + }, + "spokeVirtualNetworkResourceId": { + "type": "string" + }, + "subscriptionId": { + "type": "string" } }, "resources": [ { - "copy": { - "name": "hubToSpokePeering", - "count": "[length(parameters('spokes'))]" - }, "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('hub-to-{0}-vnet-peering', parameters('spokes')[copyIndex()].type)]", + "name": "[format('hub-to-{0}-vnet-peering', parameters('spokeName'))]", + "subscriptionId": "[parameters('subscriptionId')]", + "resourceGroup": "[parameters('resourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" }, "mode": "Incremental", "parameters": { - "name": { - "value": "[format('{0}/to-{1}', parameters('hubVirtualNetworkName'), parameters('spokes')[copyIndex()].virtualNetworkName)]" - }, "remoteVirtualNetworkResourceId": { - "value": "[parameters('spokes')[copyIndex()].virtualNetworkResourceId]" + "value": "[parameters('spokeVirtualNetworkResourceId')]" + }, + "virtualNetworkName": { + "value": "[parameters('hubVirtualNetworkName')]" + }, + "virtualNetworkPeerName": { + "value": "[format('to-{0}', split(parameters('spokeVirtualNetworkResourceId'), '/')[8])]" } }, "template": { @@ -3971,15 +3932,18 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "10509951780144584720" + "version": "0.27.1.19265", + "templateHash": "4225396596043462595" } }, "parameters": { - "name": { + "remoteVirtualNetworkResourceId": { "type": "string" }, - "remoteVirtualNetworkResourceId": { + "virtualNetworkName": { + "type": "string" + }, + "virtualNetworkPeerName": { "type": "string" } }, @@ -3987,7 +3951,7 @@ { "type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings", "apiVersion": "2021-02-01", - "name": "[parameters('name')]", + "name": "[format('{0}/{1}', parameters('virtualNetworkName'), parameters('virtualNetworkPeerName'))]", "properties": { "allowForwardedTraffic": true, "remoteVirtualNetwork": { @@ -4003,8 +3967,8 @@ } }, "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hub').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('deploymentNameSuffix')))]", - "spokeNetworks" + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-vnet-{0}-{1}', variables('spokes')[copyIndex()].name, parameters('deploymentNameSuffix')))]" ] }, { @@ -4015,7 +3979,6 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('deploy-vnet-peerings-{0}-{1}', variables('spokes')[copyIndex()].name, parameters('deploymentNameSuffix'))]", - "subscriptionId": "[variables('spokes')[copyIndex()].subscriptionId]", "location": "[deployment().location]", "properties": { "expressionEvaluationOptions": { @@ -4023,20 +3986,20 @@ }, "mode": "Incremental", "parameters": { + "hubVirtualNetworkResourceId": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.virtualNetworkResourceId.value]" + }, + "resourceGroupName": { + "value": "[variables('spokeResourceGroupNames')[copyIndex()]]" + }, "spokeName": { "value": "[variables('spokes')[copyIndex()].name]" }, - "spokeResourceGroupName": { - "value": "[variables('spokes')[copyIndex()].resourceGroupName]" - }, "spokeVirtualNetworkName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('spokes')[copyIndex()].subscriptionId, variables('spokes')[copyIndex()].resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-vnet-{0}-{1}', variables('spokes')[copyIndex()].name, parameters('deploymentNameSuffix'))), '2022-09-01').outputs.virtualNetworkName.value]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-vnet-{0}-{1}', variables('spokes')[copyIndex()].name, parameters('deploymentNameSuffix'))), '2022-09-01').outputs.virtualNetworkName.value]" }, - "hubVirtualNetworkName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hub').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.virtualNetworkName.value]" - }, - "hubVirtualNetworkResourceId": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hub').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.virtualNetworkResourceId.value]" + "subscriptionId": { + "value": "[variables('spokes')[copyIndex()].subscriptionId]" } }, "template": { @@ -4045,24 +4008,24 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "13987612441032900755" + "version": "0.27.1.19265", + "templateHash": "1081420821337659529" } }, "parameters": { - "spokeName": { + "hubVirtualNetworkResourceId": { "type": "string" }, - "spokeResourceGroupName": { + "resourceGroupName": { "type": "string" }, - "spokeVirtualNetworkName": { + "spokeName": { "type": "string" }, - "hubVirtualNetworkName": { + "spokeVirtualNetworkName": { "type": "string" }, - "hubVirtualNetworkResourceId": { + "subscriptionId": { "type": "string" } }, @@ -4071,18 +4034,22 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('{0}-to-hub-vnet-peering', parameters('spokeName'))]", - "resourceGroup": "[parameters('spokeResourceGroupName')]", + "subscriptionId": "[parameters('subscriptionId')]", + "resourceGroup": "[parameters('resourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" }, "mode": "Incremental", "parameters": { - "name": { - "value": "[format('{0}/to-{1}', parameters('spokeVirtualNetworkName'), parameters('hubVirtualNetworkName'))]" - }, "remoteVirtualNetworkResourceId": { "value": "[parameters('hubVirtualNetworkResourceId')]" + }, + "virtualNetworkName": { + "value": "[parameters('spokeVirtualNetworkName')]" + }, + "virtualNetworkPeerName": { + "value": "[format('to-{0}', split(parameters('hubVirtualNetworkResourceId'), '/')[8])]" } }, "template": { @@ -4091,15 +4058,18 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "10509951780144584720" + "version": "0.27.1.19265", + "templateHash": "4225396596043462595" } }, "parameters": { - "name": { + "remoteVirtualNetworkResourceId": { "type": "string" }, - "remoteVirtualNetworkResourceId": { + "virtualNetworkName": { + "type": "string" + }, + "virtualNetworkPeerName": { "type": "string" } }, @@ -4107,7 +4077,7 @@ { "type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings", "apiVersion": "2021-02-01", - "name": "[parameters('name')]", + "name": "[format('{0}/{1}', parameters('virtualNetworkName'), parameters('virtualNetworkPeerName'))]", "properties": { "allowForwardedTraffic": true, "remoteVirtualNetwork": { @@ -4123,8 +4093,8 @@ } }, "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hub').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('deploymentNameSuffix')))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('spokes')[copyIndex()].subscriptionId, variables('spokes')[copyIndex()].resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-vnet-{0}-{1}', variables('spokes')[copyIndex()].name, parameters('deploymentNameSuffix')))]" + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-vnet-{0}-{1}', variables('spokes')[copyIndex()].name, parameters('deploymentNameSuffix')))]" ] }, { @@ -4132,7 +4102,7 @@ "apiVersion": "2022-09-01", "name": "[format('deploy-private-dns-zones-{0}', parameters('deploymentNameSuffix'))]", "subscriptionId": "[variables('hub').subscriptionId]", - "resourceGroup": "[variables('hub').resourceGroupName]", + "resourceGroup": "[variables('hubResourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -4145,18 +4115,16 @@ "deploymentNameSuffix": { "value": "[parameters('deploymentNameSuffix')]" }, - "hubVirtualNetworkName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hub').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.virtualNetworkName.value]" + "hubVirtualNetworkResourceId": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.virtualNetworkResourceId.value]" }, - "hubVirtualNetworkResourceGroupName": { - "value": "[variables('hub').resourceGroupName]" + "identityVirtualNetworkResourceId": "[if(parameters('deployIdentity'), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-vnet-{0}-{1}', variables('spokes')[2].name, parameters('deploymentNameSuffix'))), '2022-09-01').outputs.virtualNetworkResourceId.value), createObject('value', ''))]", + "mlzTags": { + "value": "[parameters('mlzTags')]" }, - "hubVirtualNetworkSubscriptionId": { - "value": "[variables('hub').subscriptionId]" + "privateDnsZoneNames": { + "value": "[parameters('privateDnsZoneNames')]" }, - "identityVirtualNetworkName": "[if(parameters('deployIdentity'), createObject('value', variables('identity').virtualNetworkName), createObject('value', ''))]", - "identityVirtualNetworkResourceGroupName": "[if(parameters('deployIdentity'), createObject('value', variables('identity').resourceGroupName), createObject('value', ''))]", - "identityVirtualNetworkSubscriptionId": "[if(parameters('deployIdentity'), createObject('value', variables('identity').subscriptionId), createObject('value', ''))]", "tags": { "value": "[parameters('tags')]" } @@ -4167,8 +4135,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "10889540705507833390" + "version": "0.27.1.19265", + "templateHash": "14936438908863774818" } }, "parameters": { @@ -4178,460 +4146,36 @@ "deploymentNameSuffix": { "type": "string" }, - "hubVirtualNetworkName": { - "type": "string" - }, - "hubVirtualNetworkResourceGroupName": { - "type": "string" - }, - "hubVirtualNetworkSubscriptionId": { + "hubVirtualNetworkResourceId": { "type": "string" }, - "identityVirtualNetworkName": { + "identityVirtualNetworkResourceId": { "type": "string" }, - "identityVirtualNetworkResourceGroupName": { - "type": "string" + "mlzTags": { + "type": "object" }, - "identityVirtualNetworkSubscriptionId": { - "type": "string" + "privateDnsZoneNames": { + "type": "array" }, "tags": { "type": "object" } }, "variables": { - "copy": [ - { - "name": "privateDnsZoneNames_Backup", - "count": "[length(items(variables('locations')))]", - "input": "[format('privatelink.{0}.backup.windowsazure.{1}', items(variables('locations'))[copyIndex('privateDnsZoneNames_Backup')].value.recoveryServicesGeo, coalesce(variables('privateDnsZoneSuffixes_Backup')[environment().name], variables('cloudSuffix')))]" - } - ], - "$fxv#0": { - "AzureChina": { - "chinaeast": { - "abbreviation": "cne", - "recoveryServicesGeo": "sha", - "timeDifference": "+8:00", - "timeZone": "China Standard Time" - }, - "chinaeast2": { - "abbreviation": "cne2", - "recoveryServicesGeo": "sha2", - "timeDifference": "+8:00", - "timeZone": "China Standard Time" - }, - "chinanorth": { - "abbreviation": "cnn", - "recoveryServicesGeo": "bjb", - "timeDifference": "+8:00", - "timeZone": "China Standard Time" - }, - "chinanorth2": { - "abbreviation": "cnn2", - "recoveryServicesGeo": "bjb2", - "timeDifference": "+8:00", - "timeZone": "China Standard Time" - } - }, - "AzureCloud": { - "australiacentral": { - "abbreviation": "auc", - "recoveryServicesGeo": "acl", - "timeDifference": "+10:00", - "timeZone": "AUS Eastern Standard Time" - }, - "australiacentral2": { - "abbreviation": "auc2", - "recoveryServicesGeo": "acl2", - "timeDifference": "+10:00", - "timeZone": "AUS Eastern Standard Time" - }, - "australiaeast": { - "abbreviation": "aue", - "recoveryServicesGeo": "ae", - "timeDifference": "+10:00", - "timeZone": "AUS Eastern Standard Time" - }, - "australiasoutheast": { - "abbreviation": "ause", - "recoveryServicesGeo": "ase", - "timeDifference": "+10:00", - "timeZone": "AUS Eastern Standard Time" - }, - "brazilsouth": { - "abbreviation": "brs", - "recoveryServicesGeo": "brs", - "timeDifference": "-3:00", - "timeZone": "E. South America Standard Time" - }, - "brazilsoutheast": { - "abbreviation": "brse", - "recoveryServicesGeo": "bse", - "timeDifference": "-3:00", - "timeZone": "E. South America Standard Time" - }, - "canadacentral": { - "abbreviation": "cac", - "recoveryServicesGeo": "cnc", - "timeDifference": "-5:00", - "timeZone": "Eastern Standard Time" - }, - "canadaeast": { - "abbreviation": "cae", - "recoveryServicesGeo": "cne", - "timeDifference": "-5:00", - "timeZone": "Eastern Standard Time" - }, - "centralindia": { - "abbreviation": "inc", - "recoveryServicesGeo": "inc", - "timeDifference": "+5:30", - "timeZone": "India Standard Time" - }, - "centralus": { - "abbreviation": "usc", - "recoveryServicesGeo": "cus", - "timeDifference": "-6:00", - "timeZone": "Central Standard Time" - }, - "eastasia": { - "abbreviation": "ase", - "recoveryServicesGeo": "ea", - "timeDifference": "+8:00", - "timeZone": "China Standard Time" - }, - "eastus": { - "abbreviation": "use", - "recoveryServicesGeo": "eus", - "timeDifference": "-5:00", - "timeZone": "Eastern Standard Time" - }, - "eastus2": { - "abbreviation": "use2", - "recoveryServicesGeo": "eus2", - "timeDifference": "-5:00", - "timeZone": "Eastern Standard Time" - }, - "francecentral": { - "abbreviation": "frc", - "recoveryServicesGeo": "frc", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "francesouth": { - "abbreviation": "frs", - "recoveryServicesGeo": "frs", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "germanynorth": { - "abbreviation": "den", - "recoveryServicesGeo": "gn", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "germanywestcentral": { - "abbreviation": "dewc", - "recoveryServicesGeo": "gwc", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "israelcentral": { - "abbreviation": "ilc", - "recoveryServicesGeo": "ilc", - "timeDifference": "+2:00", - "timeZone": "Israel Standard Time" - }, - "italynorth": { - "abbreviation": "itn", - "recoveryServicesGeo": "itn", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "japaneast": { - "abbreviation": "jpe", - "recoveryServicesGeo": "jpe", - "timeDifference": "+9:00", - "timeZone": "Tokyo Standard Time" - }, - "japanwest": { - "abbreviation": "jpw", - "recoveryServicesGeo": "jpw", - "timeDifference": "+9:00", - "timeZone": "Tokyo Standard Time" - }, - "jioindiacentral": { - "abbreviation": "injc", - "recoveryServicesGeo": "jic", - "timeDifference": "+5:30", - "timeZone": "India Standard Time" - }, - "jioindiawest": { - "abbreviation": "injw", - "recoveryServicesGeo": "jiw", - "timeDifference": "+5:30", - "timeZone": "India Standard Time" - }, - "koreacentral": { - "abbreviation": "krc", - "recoveryServicesGeo": "krc", - "timeDifference": "+9:00", - "timeZone": "Korea Standard Time" - }, - "koreasouth": { - "abbreviation": "krs", - "recoveryServicesGeo": "krs", - "timeDifference": "+9:00", - "timeZone": "Korea Standard Time" - }, - "northcentralus": { - "abbreviation": "usnc", - "recoveryServicesGeo": "ncus", - "timeDifference": "-6:00", - "timeZone": "Central Standard Time" - }, - "northeurope": { - "abbreviation": "eun", - "recoveryServicesGeo": "ne", - "timeDifference": "0:00", - "timeZone": "GMT Standard Time" - }, - "norwayeast": { - "abbreviation": "noe", - "recoveryServicesGeo": "nwe", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "norwaywest": { - "abbreviation": "now", - "recoveryServicesGeo": "nww", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "polandcentral": { - "abbreviation": "plc", - "recoveryServicesGeo": "plc", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "qatarcentral": { - "abbreviation": "qac", - "recoveryServicesGeo": "qac", - "timeDifference": "+3:00", - "timeZone": "Arabian Standard Time" - }, - "southafricanorth": { - "abbreviation": "zan", - "recoveryServicesGeo": "san", - "timeDifference": "+2:00", - "timeZone": "South Africa Standard Time" - }, - "southafricawest": { - "abbreviation": "zaw", - "recoveryServicesGeo": "saw", - "timeDifference": "+2:00", - "timeZone": "South Africa Standard Time" - }, - "southcentralus": { - "abbreviation": "ussc", - "recoveryServicesGeo": "scus", - "timeDifference": "-6:00", - "timeZone": "Central Standard Time" - }, - "southeastasia": { - "abbreviation": "asse", - "recoveryServicesGeo": "sea", - "timeDifference": "+8:00", - "timeZone": "Singapore Standard Time" - }, - "southindia": { - "abbreviation": "ins", - "recoveryServicesGeo": "ins", - "timeDifference": "+5:30", - "timeZone": "India Standard Time" - }, - "swedencentral": { - "abbreviation": "sec", - "recoveryServicesGeo": "sdc", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "switzerlandnorth": { - "abbreviation": "chn", - "recoveryServicesGeo": "szn", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "switzerlandwest": { - "abbreviation": "chw", - "recoveryServicesGeo": "szw", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "uaecentral": { - "abbreviation": "aec", - "recoveryServicesGeo": "uac", - "timeDifference": "+3:00", - "timeZone": "Arabian Standard Time" - }, - "uaenorth": { - "abbreviation": "aen", - "recoveryServicesGeo": "uan", - "timeDifference": "+3:00", - "timeZone": "Arabian Standard Time" - }, - "uksouth": { - "abbreviation": "uks", - "recoveryServicesGeo": "uks", - "timeDifference": "0:00", - "timeZone": "GMT Standard Time" - }, - "ukwest": { - "abbreviation": "ukw", - "recoveryServicesGeo": "ukw", - "timeDifference": "0:00", - "timeZone": "GMT Standard Time" - }, - "westcentralus": { - "abbreviation": "uswc", - "recoveryServicesGeo": "wcus", - "timeDifference": "-7:00", - "timeZone": "Mountain Standard Time" - }, - "westeurope": { - "abbreviation": "euw", - "recoveryServicesGeo": "we", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "westindia": { - "abbreviation": "inw", - "recoveryServicesGeo": "inw", - "timeDifference": "+5:30", - "timeZone": "India Standard Time" - }, - "westus": { - "abbreviation": "usw", - "recoveryServicesGeo": "wus", - "timeDifference": "-8:00", - "timeZone": "Pacific Standard Time" - }, - "westus2": { - "abbreviation": "usw2", - "recoveryServicesGeo": "wus2", - "timeDifference": "-8:00", - "timeZone": "Pacific Standard Time" - }, - "westus3": { - "abbreviation": "usw3", - "recoveryServicesGeo": "wus3", - "timeDifference": "-7:00", - "timeZone": "Mountain Standard Time" - } - }, - "AzureUSGovernment": { - "usdodcentral": { - "abbreviation": "dodc", - "recoveryServicesGeo": "udc", - "timeDifference": "-6:00", - "timeZone": "Central Standard Time" - }, - "usdodeast": { - "abbreviation": "dode", - "recoveryServicesGeo": "ude", - "timeDifference": "-5:00", - "timeZone": "Eastern Standard Time" - }, - "usgovarizona": { - "abbreviation": "az", - "recoveryServicesGeo": "uga", - "timeDifference": "-7:00", - "timeZone": "Mountain Standard Time" - }, - "usgovtexas": { - "abbreviation": "tx", - "recoveryServicesGeo": "ugt", - "timeDifference": "-6:00", - "timeZone": "Central Standard Time" - }, - "usgovvirginia": { - "abbreviation": "va", - "recoveryServicesGeo": "ugv", - "timeDifference": "-5:00", - "timeZone": "Eastern Standard Time" - } - }, - "USNat": { - "usnateast": { - "abbreviation": "east", - "recoveryServicesGeo": "exe", - "timeDifference": "-5:00", - "timeZone": "Eastern Standard Time" - }, - "usnatwest": { - "abbreviation": "west", - "recoveryServicesGeo": "exw", - "timeDifference": "-8:00", - "timeZone": "Pacific Standard Time" - } - }, - "USSec": { - "usseceast": { - "abbreviation": "east", - "recoveryServicesGeo": "rxe", - "timeDifference": "-5:00", - "timeZone": "Eastern Standard Time" - }, - "ussecwest": { - "abbreviation": "west", - "recoveryServicesGeo": "rxw", - "timeDifference": "-8:00", - "timeZone": "Pacific Standard Time" - } - } - }, - "cloudSuffix": "[replace(replace(environment().resourceManager, 'https://management.azure.', ''), '/', '')]", - "locations": "[variables('$fxv#0')[environment().name]]", - "privateDnsZoneNames": "[union(createArray(format('privatelink.agentsvc.azure-automation.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureAutomation')[environment().name], variables('cloudSuffix'))), format('privatelink.azure-automation.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureAutomation')[environment().name], variables('cloudSuffix'))), format('privatelink.wvd.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureVirtualDesktop')[environment().name], variables('cloudSuffix'))), format('privatelink-global.wvd.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureVirtualDesktop')[environment().name], variables('cloudSuffix'))), format('privatelink.file.{0}', environment().suffixes.storage), format('privatelink.queue.{0}', environment().suffixes.storage), format('privatelink.table.{0}', environment().suffixes.storage), format('privatelink.blob.{0}', environment().suffixes.storage), replace(format('privatelink{0}', environment().suffixes.keyvaultDns), 'vault', 'vaultcore'), format('privatelink.monitor.{0}', coalesce(variables('privateDnsZoneSuffixes_Monitor')[environment().name], variables('cloudSuffix'))), format('privatelink.ods.opinsights.{0}', coalesce(variables('privateDnsZoneSuffixes_Monitor')[environment().name], variables('cloudSuffix'))), format('privatelink.oms.opinsights.{0}', coalesce(variables('privateDnsZoneSuffixes_Monitor')[environment().name], variables('cloudSuffix')))), variables('privateDnsZoneNames_Backup'))]", - "privateDnsZoneSuffixes_AzureAutomation": { - "AzureCloud": "net", - "AzureUSGovernment": "us", - "USNat": null, - "USSec": null - }, - "privateDnsZoneSuffixes_AzureVirtualDesktop": { - "AzureCloud": "microsoft.com", - "AzureUSGovernment": "azure.us", - "USNat": null, - "USSec": null - }, - "privateDnsZoneSuffixes_Backup": { - "AzureCloud": "com", - "AzureUSGovernment": "us", - "USNat": null, - "USSec": null - }, - "privateDnsZoneSuffixes_Monitor": { - "AzureCloud": "azure.com", - "AzureUSGovernment": "azure.us", - "USNat": null, - "USSec": null - }, - "virtualNetworks": "[union(createArray(createObject('name', parameters('hubVirtualNetworkName'), 'resourceGroupName', parameters('hubVirtualNetworkResourceGroupName'), 'subscriptionId', parameters('hubVirtualNetworkSubscriptionId'))), if(parameters('deployIdentity'), createArray(createObject('name', parameters('identityVirtualNetworkName'), 'resourceGroupName', parameters('identityVirtualNetworkResourceGroupName'), 'subscriptionId', parameters('identityVirtualNetworkSubscriptionId'))), createArray()))]" + "virtualNetworks": "[union(createArray(createObject('name', split(parameters('hubVirtualNetworkResourceId'), '/')[8], 'resourceGroupName', split(parameters('hubVirtualNetworkResourceId'), '/')[4], 'subscriptionId', split(parameters('hubVirtualNetworkResourceId'), '/')[2])), if(parameters('deployIdentity'), createArray(createObject('name', split(parameters('identityVirtualNetworkResourceId'), '/')[8], 'resourceGroupName', split(parameters('identityVirtualNetworkResourceId'), '/')[4], 'subscriptionId', split(parameters('identityVirtualNetworkResourceId'), '/')[2])), createArray()))]" }, "resources": [ { "copy": { "name": "privateDnsZones", - "count": "[length(variables('privateDnsZoneNames'))]" + "count": "[length(parameters('privateDnsZoneNames'))]" }, "type": "Microsoft.Network/privateDnsZones", "apiVersion": "2018-09-01", - "name": "[variables('privateDnsZoneNames')[copyIndex()]]", + "name": "[parameters('privateDnsZoneNames')[copyIndex()]]", "location": "global", - "tags": "[parameters('tags')]" + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Network/privateDnsZones'), parameters('tags')['Microsoft.Network/privateDnsZones'], createObject()), parameters('mlzTags'))]" }, { "copy": { @@ -4650,7 +4194,7 @@ "mode": "Incremental", "parameters": { "privateDnsZoneNames": { - "value": "[variables('privateDnsZoneNames')]" + "value": "[parameters('privateDnsZoneNames')]" }, "virtualNetworkName": { "value": "[variables('virtualNetworks')[copyIndex()].name]" @@ -4668,8 +4212,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "2646333648192036322" + "version": "0.27.1.19265", + "templateHash": "8477788916212896721" } }, "parameters": { @@ -4712,66 +4256,25 @@ } ], "outputs": { - "agentsvcPrivateDnsZoneId": { - "type": "string", - "value": "[resourceId('Microsoft.Network/privateDnsZones', filter(variables('privateDnsZoneNames'), lambda('name', contains(lambdaVariables('name'), 'privatelink.agentsvc.azure-automation')))[0])]" - }, - "automationPrivateDnsZoneId": { - "type": "string", - "value": "[resourceId('Microsoft.Network/privateDnsZones', filter(variables('privateDnsZoneNames'), lambda('name', contains(lambdaVariables('name'), 'privatelink.azure-automation')))[0])]" - }, - "avdGlobalPrivateDnsZoneId": { - "type": "string", - "value": "[resourceId('Microsoft.Network/privateDnsZones', filter(variables('privateDnsZoneNames'), lambda('name', contains(lambdaVariables('name'), 'privatelink-global.wvd')))[0])]" - }, - "avdPrivateDnsZoneId": { - "type": "string", - "value": "[resourceId('Microsoft.Network/privateDnsZones', filter(variables('privateDnsZoneNames'), lambda('name', contains(lambdaVariables('name'), 'privatelink.wvd')))[0])]" - }, - "backupPrivateDnsZoneIds": { - "type": "array", - "copy": { - "count": "[length(variables('privateDnsZoneNames_Backup'))]", - "input": "[resourceId('Microsoft.Network/privateDnsZones', variables('privateDnsZoneNames_Backup')[copyIndex()])]" + "privateDnsZoneResourceIds": { + "type": "object", + "value": { + "agentSvc": "[resourceId('Microsoft.Network/privateDnsZones', filter(parameters('privateDnsZoneNames'), lambda('name', startsWith(lambdaVariables('name'), 'privatelink.agentsvc')))[0])]", + "blob": "[resourceId('Microsoft.Network/privateDnsZones', filter(parameters('privateDnsZoneNames'), lambda('name', contains(lambdaVariables('name'), 'blob')))[0])]", + "file": "[resourceId('Microsoft.Network/privateDnsZones', filter(parameters('privateDnsZoneNames'), lambda('name', contains(lambdaVariables('name'), 'file')))[0])]", + "keyVault": "[resourceId('Microsoft.Network/privateDnsZones', filter(parameters('privateDnsZoneNames'), lambda('name', contains(lambdaVariables('name'), 'vaultcore')))[0])]", + "monitor": "[resourceId('Microsoft.Network/privateDnsZones', filter(parameters('privateDnsZoneNames'), lambda('name', contains(lambdaVariables('name'), 'monitor')))[0])]", + "ods": "[resourceId('Microsoft.Network/privateDnsZones', filter(parameters('privateDnsZoneNames'), lambda('name', contains(lambdaVariables('name'), 'ods.opinsights')))[0])]", + "oms": "[resourceId('Microsoft.Network/privateDnsZones', filter(parameters('privateDnsZoneNames'), lambda('name', contains(lambdaVariables('name'), 'oms.opinsights')))[0])]", + "queue": "[resourceId('Microsoft.Network/privateDnsZones', filter(parameters('privateDnsZoneNames'), lambda('name', contains(lambdaVariables('name'), 'queue')))[0])]", + "table": "[resourceId('Microsoft.Network/privateDnsZones', filter(parameters('privateDnsZoneNames'), lambda('name', contains(lambdaVariables('name'), 'table')))[0])]" } - }, - "blobPrivateDnsZoneId": { - "type": "string", - "value": "[resourceId('Microsoft.Network/privateDnsZones', filter(variables('privateDnsZoneNames'), lambda('name', contains(lambdaVariables('name'), 'privatelink.blob')))[0])]" - }, - "filePrivateDnsZoneId": { - "type": "string", - "value": "[resourceId('Microsoft.Network/privateDnsZones', filter(variables('privateDnsZoneNames'), lambda('name', contains(lambdaVariables('name'), 'privatelink.file')))[0])]" - }, - "keyvaultDnsPrivateDnsZoneId": { - "type": "string", - "value": "[resourceId('Microsoft.Network/privateDnsZones', filter(variables('privateDnsZoneNames'), lambda('name', contains(lambdaVariables('name'), 'privatelink.vaultcore')))[0])]" - }, - "monitorPrivateDnsZoneId": { - "type": "string", - "value": "[resourceId('Microsoft.Network/privateDnsZones', filter(variables('privateDnsZoneNames'), lambda('name', contains(lambdaVariables('name'), 'privatelink.monitor')))[0])]" - }, - "odsPrivateDnsZoneId": { - "type": "string", - "value": "[resourceId('Microsoft.Network/privateDnsZones', filter(variables('privateDnsZoneNames'), lambda('name', contains(lambdaVariables('name'), 'privatelink.ods.opinsights')))[0])]" - }, - "omsPrivateDnsZoneId": { - "type": "string", - "value": "[resourceId('Microsoft.Network/privateDnsZones', filter(variables('privateDnsZoneNames'), lambda('name', contains(lambdaVariables('name'), 'privatelink.oms.opinsights')))[0])]" - }, - "queuePrivateDnsZoneId": { - "type": "string", - "value": "[resourceId('Microsoft.Network/privateDnsZones', filter(variables('privateDnsZoneNames'), lambda('name', contains(lambdaVariables('name'), 'privatelink.queue')))[0])]" - }, - "tablePrivateDnsZoneId": { - "type": "string", - "value": "[resourceId('Microsoft.Network/privateDnsZones', filter(variables('privateDnsZoneNames'), lambda('name', contains(lambdaVariables('name'), 'privatelink.table')))[0])]" } } } }, "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hub').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('deploymentNameSuffix')))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('deploymentNameSuffix')))]", "spokeNetworks" ] } @@ -4779,49 +4282,39 @@ "outputs": { "azureFirewallResourceId": { "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hub').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.firewallResourceId.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.firewallResourceId.value]" }, "bastionHostSubnetResourceId": { "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hub').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.bastionHostSubnetResourceId.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.bastionHostSubnetResourceId.value]" }, - "hubSubnetResourceId": { + "sharedServicesSubnetResourceId": { "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hub').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.subnetResourceId.value]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-vnet-{0}-{1}', variables('spokes')[1].name, parameters('deploymentNameSuffix'))), '2022-09-01').outputs.subnetResourceId.value]" }, "hubNetworkSecurityGroupResourceId": { "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hub').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.networkSecurityGroupResourceId.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.networkSecurityGroupResourceId.value]" + }, + "hubSubnetResourceId": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.subnetResourceId.value]" }, "hubVirtualNetworkResourceId": { "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hub').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.virtualNetworkResourceId.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.virtualNetworkResourceId.value]" }, "identitySubnetResourceId": { "type": "string", - "value": "[if(parameters('deployIdentity'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('spokes')[2].subscriptionId, variables('spokes')[2].resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-vnet-{0}-{1}', variables('spokes')[2].name, parameters('deploymentNameSuffix'))), '2022-09-01').outputs.subnetResourceId.value, '')]" + "value": "[if(parameters('deployIdentity'), reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-vnet-{0}-{1}', variables('spokes')[2].name, parameters('deploymentNameSuffix'))), '2022-09-01').outputs.subnetResourceId.value, '')]" }, "operationsSubnetResourceId": { "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('spokes')[0].subscriptionId, variables('spokes')[0].resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-vnet-{0}-{1}', variables('spokes')[0].name, parameters('deploymentNameSuffix'))), '2022-09-01').outputs.subnetResourceId.value]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-vnet-{0}-{1}', variables('spokes')[0].name, parameters('deploymentNameSuffix'))), '2022-09-01').outputs.subnetResourceId.value]" }, "privateDnsZoneResourceIds": { "type": "object", - "value": { - "agentsvc": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hub').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-private-dns-zones-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.agentsvcPrivateDnsZoneId.value]", - "automation": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hub').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-private-dns-zones-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.automationPrivateDnsZoneId.value]", - "avdGlobal": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hub').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-private-dns-zones-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.avdGlobalPrivateDnsZoneId.value]", - "avd": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hub').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-private-dns-zones-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.avdPrivateDnsZoneId.value]", - "backups": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hub').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-private-dns-zones-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.backupPrivateDnsZoneIds.value]", - "blob": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hub').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-private-dns-zones-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.blobPrivateDnsZoneId.value]", - "file": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hub').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-private-dns-zones-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.filePrivateDnsZoneId.value]", - "keyvault": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hub').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-private-dns-zones-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyvaultDnsPrivateDnsZoneId.value]", - "monitor": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hub').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-private-dns-zones-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.monitorPrivateDnsZoneId.value]", - "ods": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hub').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-private-dns-zones-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.odsPrivateDnsZoneId.value]", - "oms": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hub').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-private-dns-zones-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.omsPrivateDnsZoneId.value]", - "queue": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hub').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-private-dns-zones-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.queuePrivateDnsZoneId.value]", - "table": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hub').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-private-dns-zones-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tablePrivateDnsZoneId.value]" - } + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-private-dns-zones-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.privateDnsZoneResourceIds.value]" } } } @@ -4845,20 +4338,29 @@ "deploymentNameSuffix": { "value": "[parameters('deploymentNameSuffix')]" }, + "tier": { + "value": "[filter(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value, lambda('tier', equals(lambdaVariables('tier').name, 'hub')))[0]]" + }, + "resourceGroupName": { + "value": "[filter(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-resource-groups-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.names.value, lambda('name', contains(lambdaVariables('name'), 'hub')))[0]]" + }, "keyVaultPrivateDnsZoneResourceId": { "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.privateDnsZoneResourceIds.value.keyVault]" }, "location": { "value": "[parameters('location')]" }, - "networkProperties": { - "value": "[first(filter(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.networks.value, lambda('network', equals(lambdaVariables('network').name, 'hub'))))]" + "mlzTags": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.mlzTags.value]" }, "subnetResourceId": { "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.hubSubnetResourceId.value]" }, "tags": { - "value": "[variables('calculatedTags')]" + "value": "[parameters('tags')]" + }, + "tokens": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value]" } }, "template": { @@ -4867,8 +4369,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "3912836360709277206" + "version": "0.27.1.19265", + "templateHash": "7828233421610885078" } }, "parameters": { @@ -4881,14 +4383,23 @@ "location": { "type": "string" }, - "networkProperties": { + "mlzTags": { "type": "object" }, + "resourceGroupName": { + "type": "string" + }, "subnetResourceId": { "type": "string" }, "tags": { "type": "object" + }, + "tier": { + "type": "object" + }, + "tokens": { + "type": "object" } }, "resources": [ @@ -4896,8 +4407,8 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))]", - "subscriptionId": "[parameters('networkProperties').subscriptionId]", - "resourceGroup": "[parameters('networkProperties').resourceGroupName]", + "subscriptionId": "[parameters('tier').subscriptionId]", + "resourceGroup": "[parameters('resourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -4905,20 +4416,23 @@ "mode": "Incremental", "parameters": { "keyVaultName": { - "value": "[parameters('networkProperties').keyVaultName]" + "value": "[take(replace(parameters('tier').namingConvention.keyVault, parameters('tokens').service, ''), 24)]" }, "keyVaultNetworkInterfaceName": { - "value": "[parameters('networkProperties').keyVaultNetworkInterfaceName]" + "value": "[replace(parameters('tier').namingConvention.keyVaultNetworkInterface, parameters('tokens').service, '')]" }, "keyVaultPrivateDnsZoneResourceId": { "value": "[parameters('keyVaultPrivateDnsZoneResourceId')]" }, "keyVaultPrivateEndpointName": { - "value": "[parameters('networkProperties').keyVaultPrivateEndpointName]" + "value": "[replace(parameters('tier').namingConvention.keyVaultPrivateEndpoint, parameters('tokens').service, '')]" }, "location": { "value": "[parameters('location')]" }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, "subnetResourceId": { "value": "[parameters('subnetResourceId')]" }, @@ -4932,8 +4446,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "17697959832977472677" + "version": "0.27.1.19265", + "templateHash": "12300580845424356573" } }, "parameters": { @@ -4956,6 +4470,9 @@ "location": { "type": "string" }, + "mlzTags": { + "type": "object" + }, "subnetResourceId": { "type": "string" }, @@ -4969,7 +4486,7 @@ "apiVersion": "2022-07-01", "name": "[parameters('keyVaultName')]", "location": "[parameters('location')]", - "tags": "[if(contains(parameters('tags'), 'Microsoft.KeyVault/vaults'), parameters('tags')['Microsoft.KeyVault/vaults'], createObject())]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.KeyVault/vaults'), parameters('tags')['Microsoft.KeyVault/vaults'], createObject()), parameters('mlzTags'))]", "properties": { "enabledForDeployment": false, "enabledForDiskEncryption": true, @@ -4997,7 +4514,7 @@ "apiVersion": "2023-04-01", "name": "[parameters('keyVaultPrivateEndpointName')]", "location": "[parameters('location')]", - "tags": "[parameters('tags')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Network/privateEndpoints'), parameters('tags')['Microsoft.Network/privateEndpoints'], createObject()), parameters('mlzTags'))]", "properties": { "customNetworkInterfaceName": "[parameters('keyVaultNetworkInterfaceName')]", "privateLinkServiceConnections": [ @@ -5142,9 +4659,9 @@ { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('deploy-disk-encryption-set_{0}', parameters('deploymentNameSuffix'))]", - "subscriptionId": "[parameters('networkProperties').subscriptionId]", - "resourceGroup": "[parameters('networkProperties').resourceGroupName]", + "name": "[format('deploy-disk-encryption-set-{0}', parameters('deploymentNameSuffix'))]", + "subscriptionId": "[parameters('tier').subscriptionId]", + "resourceGroup": "[parameters('resourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -5155,17 +4672,20 @@ "value": "[parameters('deploymentNameSuffix')]" }, "diskEncryptionSetName": { - "value": "[parameters('networkProperties').diskEncryptionSetName]" + "value": "[parameters('tier').namingConvention.diskEncryptionSet]" }, "keyUrl": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('networkProperties').subscriptionId, parameters('networkProperties').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyUriWithVersion.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyUriWithVersion.value]" }, "keyVaultResourceId": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('networkProperties').subscriptionId, parameters('networkProperties').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultResourceId.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultResourceId.value]" }, "location": { "value": "[parameters('location')]" }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, "tags": "[if(contains(parameters('tags'), 'Microsoft.Compute/diskEncryptionSets'), createObject('value', parameters('tags')['Microsoft.Compute/diskEncryptionSets']), createObject('value', createObject()))]" }, "template": { @@ -5174,8 +4694,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "8720396217971176471" + "version": "0.27.1.19265", + "templateHash": "15986878026863280024" } }, "parameters": { @@ -5194,6 +4714,9 @@ "location": { "type": "string" }, + "mlzTags": { + "type": "object" + }, "tags": { "type": "object" } @@ -5204,7 +4727,7 @@ "apiVersion": "2023-04-02", "name": "[parameters('diskEncryptionSetName')]", "location": "[parameters('location')]", - "tags": "[parameters('tags')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Compute/diskEncryptionSets'), parameters('tags')['Microsoft.Compute/diskEncryptionSets'], createObject()), parameters('mlzTags'))]", "identity": { "type": "SystemAssigned" }, @@ -5248,8 +4771,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "16166471121138690529" + "version": "0.27.1.19265", + "templateHash": "6383470207031311407" } }, "parameters": { @@ -5306,29 +4829,35 @@ } }, "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('networkProperties').subscriptionId, parameters('networkProperties').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix')))]" + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix')))]" ] }, { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('deploy-user-assigned-identity-{0}', parameters('deploymentNameSuffix'))]", - "subscriptionId": "[parameters('networkProperties').subscriptionId]", - "resourceGroup": "[parameters('networkProperties').resourceGroupName]", + "subscriptionId": "[parameters('tier').subscriptionId]", + "resourceGroup": "[parameters('resourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" }, "mode": "Incremental", "parameters": { + "keyVaultName": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultName.value]" + }, "location": { "value": "[parameters('location')]" }, - "name": { - "value": "[parameters('networkProperties').userAssignedIdentityName]" + "mlzTags": { + "value": "[parameters('mlzTags')]" }, "tags": { "value": "[parameters('tags')]" + }, + "userAssignedIdentityName": { + "value": "[replace(parameters('tier').namingConvention.userAssignedIdentity, format('-{0}', parameters('tokens').service), '')]" } }, "template": { @@ -5337,148 +4866,95 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "9210810628290341713" + "version": "0.27.1.19265", + "templateHash": "6007785905664733866" } }, "parameters": { - "location": { + "keyVaultName": { "type": "string" }, - "name": { + "location": { "type": "string" }, + "mlzTags": { + "type": "object" + }, "tags": { "type": "object" + }, + "userAssignedIdentityName": { + "type": "string" } }, "resources": [ { "type": "Microsoft.ManagedIdentity/userAssignedIdentities", "apiVersion": "2018-11-30", - "name": "[parameters('name')]", + "name": "[parameters('userAssignedIdentityName')]", "location": "[parameters('location')]", - "tags": "[parameters('tags')]" + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.ManagedIdentity/userAssignedIdentities'), parameters('tags')['Microsoft.ManagedIdentity/userAssignedIdentities'], createObject()), parameters('mlzTags'))]" }, { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "roleAssignmentEncryption", + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2020-04-01-preview", + "scope": "[format('Microsoft.KeyVault/vaults/{0}', parameters('keyVaultName'))]", + "name": "[guid(parameters('userAssignedIdentityName'), 'e147488a-f6f5-4113-8e2d-b22465e65bf6', parameters('keyVaultName'))]", "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "principalId": { - "value": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name')), '2018-11-30').principalId]" - }, - "principalType": { - "value": "ServicePrincipal" - }, - "roleDefinitionId": { - "value": "[resourceId('Microsoft.Authorization/roleDefinitions', 'e147488a-f6f5-4113-8e2d-b22465e65bf6')]" - }, - "targetResourceId": { - "value": "[resourceGroup().id]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "16166471121138690529" - } - }, - "parameters": { - "targetResourceId": { - "type": "string" - }, - "roleDefinitionId": { - "type": "string" - }, - "principalId": { - "type": "string" - }, - "principalType": { - "type": "string", - "defaultValue": "ServicePrincipal", - "allowedValues": [ - "ForeignGroup", - "Group", - "ServicePrincipal", - "User" - ] - }, - "description": { - "type": "string", - "defaultValue": "" - } - }, - "resources": [ - { - "type": "Microsoft.Authorization/roleAssignments", - "apiVersion": "2020-04-01-preview", - "name": "[guid(parameters('targetResourceId'), parameters('roleDefinitionId'), parameters('principalId'))]", - "properties": { - "principalId": "[parameters('principalId')]", - "principalType": "[parameters('principalType')]", - "roleDefinitionId": "[parameters('roleDefinitionId')]", - "description": "[parameters('description')]" - } - } - ] - } + "principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('userAssignedIdentityName')), '2018-11-30').principalId]", + "principalType": "ServicePrincipal", + "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', 'e147488a-f6f5-4113-8e2d-b22465e65bf6')]" }, "dependsOn": [ - "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name'))]" + "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('userAssignedIdentityName'))]" ] } ], "outputs": { "resourceId": { "type": "string", - "value": "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name'))]" + "value": "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('userAssignedIdentityName'))]" } } } - } + }, + "dependsOn": [ + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix')))]" + ] } ], "outputs": { "diskEncryptionSetResourceId": { "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('networkProperties').subscriptionId, parameters('networkProperties').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-disk-encryption-set_{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.resourceId.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-disk-encryption-set-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.resourceId.value]" }, - "KeyVaultName": { + "keyVaultName": { "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('networkProperties').subscriptionId, parameters('networkProperties').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultName.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultName.value]" }, "keyVaultUri": { "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('networkProperties').subscriptionId, parameters('networkProperties').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultUri.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultUri.value]" }, "keyVaultResourceId": { "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('networkProperties').subscriptionId, parameters('networkProperties').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultResourceId.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultResourceId.value]" }, "storageKeyName": { "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('networkProperties').subscriptionId, parameters('networkProperties').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.storageKeyName.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.storageKeyName.value]" }, "userAssignedIdentityResourceId": { "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('networkProperties').subscriptionId, parameters('networkProperties').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-user-assigned-identity-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.resourceId.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-user-assigned-identity-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.resourceId.value]" } } } }, "dependsOn": [ "[subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix')))]", - "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}', parameters('deploymentNameSuffix')))]" + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}', parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-resource-groups-{0}', parameters('deploymentNameSuffix')))]" ] }, { @@ -5510,8 +4986,14 @@ "logAnalyticsWorkspaceSkuName": { "value": "[parameters('logAnalyticsWorkspaceSkuName')]" }, - "operationsProperties": { - "value": "[first(filter(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.networks.value, lambda('network', equals(lambdaVariables('network').name, 'operations'))))]" + "mlzTags": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.mlzTags.value]" + }, + "ops": { + "value": "[filter(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value, lambda('tier', equals(lambdaVariables('tier').name, 'operations')))[0]]" + }, + "opsResourceGroupName": { + "value": "[filter(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-resource-groups-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.names.value, lambda('name', contains(lambdaVariables('name'), 'operations')))[0]]" }, "privateDnsZoneResourceIds": { "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.privateDnsZoneResourceIds.value]" @@ -5520,7 +5002,7 @@ "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.operationsSubnetResourceId.value]" }, "tags": { - "value": "[variables('calculatedTags')]" + "value": "[parameters('tags')]" } }, "template": { @@ -5529,8 +5011,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "12328361973188250046" + "version": "0.27.1.19265", + "templateHash": "6307821004764006385" } }, "parameters": { @@ -5552,9 +5034,15 @@ "logAnalyticsWorkspaceSkuName": { "type": "string" }, - "operationsProperties": { + "mlzTags": { "type": "object" }, + "ops": { + "type": "object" + }, + "opsResourceGroupName": { + "type": "string" + }, "privateDnsZoneResourceIds": { "type": "object" }, @@ -5570,8 +5058,8 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('deploy-law-{0}', parameters('deploymentNameSuffix'))]", - "subscriptionId": "[parameters('operationsProperties').subscriptionId]", - "resourceGroup": "[parameters('operationsProperties').resourceGroupName]", + "subscriptionId": "[parameters('ops').subscriptionId]", + "resourceGroup": "[parameters('opsResourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -5584,8 +5072,11 @@ "location": { "value": "[parameters('location')]" }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, "name": { - "value": "[parameters('operationsProperties').logAnalyticsWorkspaceName]" + "value": "[parameters('ops').namingConvention.logAnalyticsWorkspace]" }, "retentionInDays": { "value": "[parameters('logAnalyticsWorkspaceRetentionInDays')]" @@ -5606,20 +5097,20 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "653212175555805634" + "version": "0.27.1.19265", + "templateHash": "1331736335999349604" } }, "parameters": { - "name": { - "type": "string" - }, "location": { "type": "string" }, - "tags": { + "mlzTags": { "type": "object" }, + "name": { + "type": "string" + }, "retentionInDays": { "type": "int", "defaultValue": 30 @@ -5628,6 +5119,9 @@ "type": "string", "defaultValue": "PerGB2018" }, + "tags": { + "type": "object" + }, "workspaceCappingDailyQuotaGb": { "type": "int", "defaultValue": -1 @@ -5699,7 +5193,7 @@ "apiVersion": "2021-06-01", "name": "[parameters('name')]", "location": "[parameters('location')]", - "tags": "[parameters('tags')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.OperationalInsights/workspaces'), parameters('tags')['Microsoft.OperationalInsights/workspaces'], createObject()), parameters('mlzTags'))]", "properties": { "retentionInDays": "[parameters('retentionInDays')]", "sku": { @@ -5722,7 +5216,7 @@ "apiVersion": "2015-11-01-preview", "name": "[format('{0}({1})', variables('solutions')[copyIndex()].name, parameters('name'))]", "location": "[parameters('location')]", - "tags": "[parameters('tags')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.OperationsManagement/solutions'), parameters('tags')['Microsoft.OperationsManagement/solutions'], createObject()), parameters('mlzTags'))]", "properties": { "workspaceResourceId": "[resourceId('Microsoft.OperationalInsights/workspaces', parameters('name'))]" }, @@ -5750,8 +5244,8 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('deploy-private-link-scope-{0}', parameters('deploymentNameSuffix'))]", - "subscriptionId": "[parameters('operationsProperties').subscriptionId]", - "resourceGroup": "[parameters('operationsProperties').resourceGroupName]", + "subscriptionId": "[parameters('ops').subscriptionId]", + "resourceGroup": "[parameters('opsResourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -5759,10 +5253,10 @@ "mode": "Incremental", "parameters": { "logAnalyticsWorkspaceResourceId": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsProperties').subscriptionId, parameters('operationsProperties').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-law-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.resourceId.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('ops').subscriptionId, parameters('opsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-law-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.resourceId.value]" }, "name": { - "value": "[parameters('operationsProperties').privateLinkScopeName]" + "value": "[parameters('ops').namingConvention.privateLinkScope]" } }, "template": { @@ -5771,8 +5265,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "2580615270360595587" + "version": "0.27.1.19265", + "templateHash": "12769672183239579434" } }, "parameters": { @@ -5791,8 +5285,8 @@ "location": "global", "properties": { "accessModeSettings": { - "ingestionAccessMode": "Private", - "queryAccessMode": "Private" + "ingestionAccessMode": "PrivateOnly", + "queryAccessMode": "PrivateOnly" } } }, @@ -5817,15 +5311,15 @@ } }, "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsProperties').subscriptionId, parameters('operationsProperties').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-law-{0}', parameters('deploymentNameSuffix')))]" + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('ops').subscriptionId, parameters('opsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-law-{0}', parameters('deploymentNameSuffix')))]" ] }, { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('deploy-private-endpoint-{0}', parameters('deploymentNameSuffix'))]", - "subscriptionId": "[parameters('operationsProperties').subscriptionId]", - "resourceGroup": "[parameters('operationsProperties').resourceGroupName]", + "subscriptionId": "[parameters('ops').subscriptionId]", + "resourceGroup": "[parameters('opsResourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -5840,11 +5334,14 @@ "location": { "value": "[parameters('location')]" }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, "name": { - "value": "[parameters('operationsProperties').privateLinkScopePrivateEndpointName]" + "value": "[parameters('ops').namingConvention.privateLinkScopePrivateEndpoint]" }, "networkInterfaceName": { - "value": "[parameters('operationsProperties').privateLinkScopeNetworkInterfaceName]" + "value": "[parameters('ops').namingConvention.privateLinkScopeNetworkInterface]" }, "privateDnsZoneConfigs": { "value": [ @@ -5871,11 +5368,17 @@ "properties": { "privateDnsZoneId": "[parameters('privateDnsZoneResourceIds').agentsvc]" } + }, + { + "name": "blob", + "properties": { + "privateDnsZoneId": "[parameters('privateDnsZoneResourceIds').blob]" + } } ] }, "privateLinkServiceId": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsProperties').subscriptionId, parameters('operationsProperties').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-private-link-scope-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.resourceId.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('ops').subscriptionId, parameters('opsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-private-link-scope-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.resourceId.value]" }, "subnetResourceId": { "value": "[parameters('subnetResourceId')]" @@ -5890,8 +5393,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "17334434587124887543" + "version": "0.27.1.19265", + "templateHash": "13414067387913558241" } }, "parameters": { @@ -5901,6 +5404,9 @@ "location": { "type": "string" }, + "mlzTags": { + "type": "object" + }, "name": { "type": "string" }, @@ -5926,7 +5432,7 @@ "apiVersion": "2023-04-01", "name": "[parameters('name')]", "location": "[parameters('location')]", - "tags": "[parameters('tags')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Network/privateEndpoints'), parameters('tags')['Microsoft.Network/privateEndpoints'], createObject()), parameters('mlzTags'))]", "properties": { "customNetworkInterfaceName": "[parameters('networkInterfaceName')]", "privateLinkServiceConnections": [ @@ -5958,25 +5464,25 @@ } }, "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsProperties').subscriptionId, parameters('operationsProperties').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-private-link-scope-{0}', parameters('deploymentNameSuffix')))]" + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('ops').subscriptionId, parameters('opsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-private-link-scope-{0}', parameters('deploymentNameSuffix')))]" ] } ], "outputs": { "logAnalyticsWorkspaceResourceId": { "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsProperties').subscriptionId, parameters('operationsProperties').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-law-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.resourceId.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('ops').subscriptionId, parameters('opsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-law-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.resourceId.value]" } } } }, "dependsOn": [ "[subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix')))]", - "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}', parameters('deploymentNameSuffix')))]" + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}', parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-resource-groups-{0}', parameters('deploymentNameSuffix')))]" ] }, { - "condition": "[parameters('deployRemoteAccess')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('deploy-remote-access-{0}', parameters('deploymentNameSuffix'))]", @@ -5999,14 +5505,26 @@ "bastionHostSubnetResourceId": { "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.bastionHostSubnetResourceId.value]" }, + "deployBastion": { + "value": "[parameters('deployBastion')]" + }, + "deployLinuxVirtualMachine": { + "value": "[parameters('deployLinuxVirtualMachine')]" + }, + "deployWindowsVirtualMachine": { + "value": "[parameters('deployWindowsVirtualMachine')]" + }, "diskEncryptionSetResourceId": { "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-hub-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.diskEncryptionSetResourceId.value]" }, + "hub": { + "value": "[filter(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value, lambda('tier', equals(lambdaVariables('tier').name, 'hub')))[0]]" + }, "hubNetworkSecurityGroupResourceId": { "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.hubNetworkSecurityGroupResourceId.value]" }, - "hubProperties": { - "value": "[first(filter(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.networks.value, lambda('network', equals(lambdaVariables('network').name, 'hub'))))]" + "hubResourceGroupName": { + "value": "[filter(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-resource-groups-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.names.value, lambda('name', contains(lambdaVariables('name'), 'hub')))[0]]" }, "hubSubnetResourceId": { "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.hubSubnetResourceId.value]" @@ -6053,6 +5571,12 @@ "logAnalyticsWorkspaceId": { "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-monitoring-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.logAnalyticsWorkspaceResourceId.value]" }, + "mlzTags": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.mlzTags.value]" + }, + "serviceToken": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value.service]" + }, "tags": { "value": "[parameters('tags')]" }, @@ -6093,8 +5617,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "16169845730142749981" + "version": "0.27.1.19265", + "templateHash": "6988657277317429041" } }, "parameters": { @@ -6110,14 +5634,26 @@ "bastionHostSubnetResourceId": { "type": "string" }, + "deployBastion": { + "type": "bool" + }, + "deployLinuxVirtualMachine": { + "type": "bool" + }, + "deployWindowsVirtualMachine": { + "type": "bool" + }, "diskEncryptionSetResourceId": { "type": "string" }, + "hub": { + "type": "object" + }, "hubNetworkSecurityGroupResourceId": { "type": "string" }, - "hubProperties": { - "type": "object" + "hubResourceGroupName": { + "type": "string" }, "hubSubnetResourceId": { "type": "string" @@ -6169,6 +5705,12 @@ "logAnalyticsWorkspaceId": { "type": "string" }, + "mlzTags": { + "type": "object" + }, + "serviceToken": { + "type": "string" + }, "tags": { "type": "object" }, @@ -6206,11 +5748,12 @@ }, "resources": [ { + "condition": "[parameters('deployBastion')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "remoteAccess-bastionHost", - "subscriptionId": "[parameters('hubProperties').subscriptionId]", - "resourceGroup": "[parameters('hubProperties').resourceGroupName]", + "subscriptionId": "[parameters('hub').subscriptionId]", + "resourceGroup": "[parameters('hubResourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -6220,14 +5763,14 @@ "bastionHostSubnetResourceId": { "value": "[parameters('bastionHostSubnetResourceId')]" }, - "ipConfigurationName": { - "value": "[parameters('hubProperties').bastionHostIPConfigurationName]" - }, "location": { "value": "[parameters('location')]" }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, "name": { - "value": "[parameters('hubProperties').bastionHostName]" + "value": "[parameters('hub').namingConvention.bastionHost]" }, "publicIPAddressAllocationMethod": { "value": "[parameters('bastionHostPublicIPAddressAllocationMethod')]" @@ -6236,7 +5779,7 @@ "value": "[parameters('bastionHostPublicIPAddressAvailabilityZones')]" }, "publicIPAddressName": { - "value": "[parameters('hubProperties').bastionHostPublicIPAddressName]" + "value": "[parameters('hub').namingConvention.bastionHostPublicIPAddress]" }, "publicIPAddressSkuName": { "value": "[parameters('bastionHostPublicIPAddressSkuName')]" @@ -6251,20 +5794,20 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "1234518262680018356" + "version": "0.27.1.19265", + "templateHash": "3883997117333639435" } }, "parameters": { "bastionHostSubnetResourceId": { "type": "string" }, - "ipConfigurationName": { - "type": "string" - }, "location": { "type": "string" }, + "mlzTags": { + "type": "object" + }, "name": { "type": "string" }, @@ -6290,7 +5833,7 @@ "apiVersion": "2021-02-01", "name": "[parameters('publicIPAddressName')]", "location": "[parameters('location')]", - "tags": "[parameters('tags')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Network/publicIPAddresses'), parameters('tags')['Microsoft.Network/publicIPAddresses'], createObject()), parameters('mlzTags'))]", "sku": { "name": "[parameters('publicIPAddressSkuName')]" }, @@ -6304,11 +5847,11 @@ "apiVersion": "2021-02-01", "name": "[parameters('name')]", "location": "[parameters('location')]", - "tags": "[parameters('tags')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Network/bastionHosts'), parameters('tags')['Microsoft.Network/bastionHosts'], createObject()), parameters('mlzTags'))]", "properties": { "ipConfigurations": [ { - "name": "[parameters('ipConfigurationName')]", + "name": "ipconfig", "properties": { "subnet": { "id": "[parameters('bastionHostSubnetResourceId')]" @@ -6329,117 +5872,12 @@ } }, { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "remoteAccess-linuxNetworkInterface", - "subscriptionId": "[parameters('hubProperties').subscriptionId]", - "resourceGroup": "[parameters('hubProperties').resourceGroupName]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "ipConfigurationName": { - "value": "[parameters('hubProperties').linuxNetworkInterfaceIpConfigurationName]" - }, - "location": { - "value": "[parameters('location')]" - }, - "name": { - "value": "[parameters('hubProperties').linuxNetworkInterfaceName]" - }, - "networkSecurityGroupId": { - "value": "[parameters('hubNetworkSecurityGroupResourceId')]" - }, - "privateIPAddressAllocationMethod": { - "value": "[parameters('linuxNetworkInterfacePrivateIPAddressAllocationMethod')]" - }, - "subnetId": { - "value": "[parameters('hubSubnetResourceId')]" - }, - "tags": { - "value": "[parameters('tags')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "10828172865350023243" - } - }, - "parameters": { - "name": { - "type": "string" - }, - "location": { - "type": "string" - }, - "tags": { - "type": "object", - "defaultValue": {} - }, - "ipConfigurationName": { - "type": "string" - }, - "subnetId": { - "type": "string" - }, - "networkSecurityGroupId": { - "type": "string" - }, - "privateIPAddressAllocationMethod": { - "type": "string" - } - }, - "resources": [ - { - "type": "Microsoft.Network/networkInterfaces", - "apiVersion": "2021-02-01", - "name": "[parameters('name')]", - "location": "[parameters('location')]", - "tags": "[parameters('tags')]", - "properties": { - "ipConfigurations": [ - { - "name": "[parameters('ipConfigurationName')]", - "properties": { - "subnet": { - "id": "[parameters('subnetId')]" - }, - "privateIPAllocationMethod": "[parameters('privateIPAddressAllocationMethod')]" - } - } - ], - "networkSecurityGroup": { - "id": "[parameters('networkSecurityGroupId')]" - } - } - } - ], - "outputs": { - "id": { - "type": "string", - "value": "[resourceId('Microsoft.Network/networkInterfaces', parameters('name'))]" - }, - "name": { - "type": "string", - "value": "[parameters('name')]" - } - } - } - } - }, - { + "condition": "[parameters('deployLinuxVirtualMachine')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "remoteAccess-linuxVirtualMachine", - "subscriptionId": "[parameters('hubProperties').subscriptionId]", - "resourceGroup": "[parameters('hubProperties').resourceGroupName]", + "subscriptionId": "[parameters('hub').subscriptionId]", + "resourceGroup": "[parameters('hubResourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -6459,7 +5897,7 @@ "value": "[parameters('diskEncryptionSetResourceId')]" }, "diskName": { - "value": "[parameters('hubProperties').linuxDiskName]" + "value": "[replace(parameters('hub').namingConvention.virtualMachineDisk, parameters('serviceToken'), 'remoteAccess-linux')]" }, "location": { "value": "[parameters('location')]" @@ -6467,11 +5905,17 @@ "logAnalyticsWorkspaceId": { "value": "[parameters('logAnalyticsWorkspaceId')]" }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, "name": { - "value": "[parameters('hubProperties').linuxVmName]" + "value": "[replace(parameters('hub').namingConvention.virtualMachine, parameters('serviceToken'), 'ral')]" }, "networkInterfaceName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('hubProperties').subscriptionId, parameters('hubProperties').resourceGroupName), 'Microsoft.Resources/deployments', 'remoteAccess-linuxNetworkInterface'), '2022-09-01').outputs.name.value]" + "value": "[replace(parameters('hub').namingConvention.virtualMachineNetworkInterface, parameters('serviceToken'), 'remoteAccess-linux')]" + }, + "networkSecurityGroupResourceId": { + "value": "[parameters('hubNetworkSecurityGroupResourceId')]" }, "osDiskCreateOption": { "value": "[parameters('linuxVmOsDiskCreateOption')]" @@ -6479,6 +5923,12 @@ "osDiskType": { "value": "[parameters('linuxVmOsDiskType')]" }, + "privateIPAddressAllocationMethod": { + "value": "[parameters('linuxNetworkInterfacePrivateIPAddressAllocationMethod')]" + }, + "subnetResourceId": { + "value": "[parameters('hubSubnetResourceId')]" + }, "tags": { "value": "[parameters('tags')]" }, @@ -6504,8 +5954,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "7442640059400837072" + "version": "0.27.1.19265", + "templateHash": "5326114636620544955" } }, "parameters": { @@ -6532,18 +5982,33 @@ "location": { "type": "string" }, + "logAnalyticsWorkspaceId": { + "type": "string" + }, + "mlzTags": { + "type": "object" + }, "name": { "type": "string" }, "networkInterfaceName": { "type": "string" }, + "networkSecurityGroupResourceId": { + "type": "string" + }, "osDiskCreateOption": { "type": "string" }, "osDiskType": { "type": "string" }, + "privateIPAddressAllocationMethod": { + "type": "string" + }, + "subnetResourceId": { + "type": "string" + }, "tags": { "type": "object" }, @@ -6561,9 +6026,6 @@ }, "vmSize": { "type": "string" - }, - "logAnalyticsWorkspaceId": { - "type": "string" } }, "variables": { @@ -6585,7 +6047,7 @@ "apiVersion": "2021-04-01", "name": "[parameters('name')]", "location": "[parameters('location')]", - "tags": "[parameters('tags')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), parameters('tags')['Microsoft.Compute/virtualMachines'], createObject()), parameters('mlzTags'))]", "properties": { "diagnosticsProfile": { "bootDiagnostics": { @@ -6598,7 +6060,7 @@ "networkProfile": { "networkInterfaces": [ { - "id": "[resourceId('Microsoft.Network/networkInterfaces', parameters('networkInterfaceName'))]", + "id": "[reference(resourceId('Microsoft.Resources/deployments', 'remoteAccess-linuxNetworkInterface'), '2022-09-01').outputs.id.value]", "properties": { "deleteOption": "Delete" } @@ -6641,7 +6103,10 @@ } }, "licenseType": null - } + }, + "dependsOn": [ + "[resourceId('Microsoft.Resources/deployments', 'remoteAccess-linuxNetworkInterface')]" + ] }, { "type": "Microsoft.Compute/virtualMachines/extensions", @@ -6711,7 +6176,7 @@ "properties": { "publisher": "Microsoft.EnterpriseCloud.Monitoring", "type": "OmsAgentForLinux", - "typeHandlerVersion": "1.17", + "typeHandlerVersion": "1.19", "settings": { "workspaceId": "[reference(parameters('logAnalyticsWorkspaceId'), '2015-11-01-preview').customerId]", "stopOnMultipleConnections": true @@ -6740,136 +6205,133 @@ "[resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('name'), 'OMSExtension')]", "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]" ] - } - ], - "outputs": { - "adminUsername": { - "type": "string", - "value": "[parameters('adminUsername')]" }, - "authenticationType": { - "type": "string", - "value": "[parameters('authenticationType')]" - } - } - } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('hubProperties').subscriptionId, parameters('hubProperties').resourceGroupName), 'Microsoft.Resources/deployments', 'remoteAccess-linuxNetworkInterface')]" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "remoteAccess-windowsNetworkInterface", - "subscriptionId": "[parameters('hubProperties').subscriptionId]", - "resourceGroup": "[parameters('hubProperties').resourceGroupName]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "ipConfigurationName": { - "value": "[parameters('hubProperties').windowsNetworkInterfaceIpConfigurationName]" - }, - "location": { - "value": "[parameters('location')]" - }, - "name": { - "value": "[parameters('hubProperties').windowsNetworkInterfaceName]" - }, - "networkSecurityGroupId": { - "value": "[parameters('hubNetworkSecurityGroupResourceId')]" - }, - "privateIPAddressAllocationMethod": { - "value": "[parameters('windowsNetworkInterfacePrivateIPAddressAllocationMethod')]" - }, - "subnetId": { - "value": "[parameters('hubSubnetResourceId')]" - }, - "tags": { - "value": "[parameters('tags')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "10828172865350023243" - } - }, - "parameters": { - "name": { - "type": "string" - }, - "location": { - "type": "string" - }, - "tags": { - "type": "object", - "defaultValue": {} - }, - "ipConfigurationName": { - "type": "string" - }, - "subnetId": { - "type": "string" - }, - "networkSecurityGroupId": { - "type": "string" - }, - "privateIPAddressAllocationMethod": { - "type": "string" - } - }, - "resources": [ { - "type": "Microsoft.Network/networkInterfaces", - "apiVersion": "2021-02-01", - "name": "[parameters('name')]", - "location": "[parameters('location')]", - "tags": "[parameters('tags')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "remoteAccess-linuxNetworkInterface", "properties": { - "ipConfigurations": [ - { - "name": "[parameters('ipConfigurationName')]", - "properties": { - "subnet": { - "id": "[parameters('subnetId')]" - }, - "privateIPAllocationMethod": "[parameters('privateIPAddressAllocationMethod')]" + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "location": { + "value": "[parameters('location')]" + }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, + "name": { + "value": "[parameters('networkInterfaceName')]" + }, + "networkSecurityGroupResourceId": { + "value": "[parameters('networkSecurityGroupResourceId')]" + }, + "privateIPAddressAllocationMethod": { + "value": "[parameters('privateIPAddressAllocationMethod')]" + }, + "subnetResourceId": { + "value": "[parameters('subnetResourceId')]" + }, + "tags": { + "value": "[parameters('tags')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "10681682753551959771" + } + }, + "parameters": { + "location": { + "type": "string" + }, + "mlzTags": { + "type": "object", + "defaultValue": {} + }, + "name": { + "type": "string" + }, + "networkSecurityGroupResourceId": { + "type": "string" + }, + "privateIPAddressAllocationMethod": { + "type": "string" + }, + "subnetResourceId": { + "type": "string" + }, + "tags": { + "type": "object", + "defaultValue": {} + } + }, + "resources": [ + { + "type": "Microsoft.Network/networkInterfaces", + "apiVersion": "2021-02-01", + "name": "[parameters('name')]", + "location": "[parameters('location')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Network/networkInterfaces'), parameters('tags')['Microsoft.Network/networkInterfaces'], createObject()), parameters('mlzTags'))]", + "properties": { + "ipConfigurations": [ + { + "name": "ipconfig", + "properties": { + "subnet": { + "id": "[parameters('subnetResourceId')]" + }, + "privateIPAllocationMethod": "[parameters('privateIPAddressAllocationMethod')]" + } + } + ], + "networkSecurityGroup": { + "id": "[parameters('networkSecurityGroupResourceId')]" + } + } + } + ], + "outputs": { + "id": { + "type": "string", + "value": "[resourceId('Microsoft.Network/networkInterfaces', parameters('name'))]" + }, + "name": { + "type": "string", + "value": "[parameters('name')]" } } - ], - "networkSecurityGroup": { - "id": "[parameters('networkSecurityGroupId')]" } } } ], "outputs": { - "id": { + "adminUsername": { "type": "string", - "value": "[resourceId('Microsoft.Network/networkInterfaces', parameters('name'))]" + "value": "[parameters('adminUsername')]" }, - "name": { + "authenticationType": { "type": "string", - "value": "[parameters('name')]" + "value": "[parameters('authenticationType')]" } } } } }, { + "condition": "[parameters('deployWindowsVirtualMachine')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "remoteAccess-windowsVirtualMachine", - "subscriptionId": "[parameters('hubProperties').subscriptionId]", - "resourceGroup": "[parameters('hubProperties').resourceGroupName]", + "subscriptionId": "[parameters('hub').subscriptionId]", + "resourceGroup": "[parameters('hubResourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -6889,7 +6351,7 @@ "value": "[parameters('diskEncryptionSetResourceId')]" }, "diskName": { - "value": "[parameters('hubProperties').windowsDiskName]" + "value": "[replace(parameters('hub').namingConvention.virtualMachineDisk, parameters('serviceToken'), 'remoteAccess-windows')]" }, "hybridUseBenefit": { "value": "[parameters('hybridUseBenefit')]" @@ -6900,15 +6362,24 @@ "logAnalyticsWorkspaceId": { "value": "[parameters('logAnalyticsWorkspaceId')]" }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, "name": { - "value": "[parameters('hubProperties').windowsVmName]" + "value": "[replace(parameters('hub').namingConvention.virtualMachine, parameters('serviceToken'), 'raw')]" }, "networkInterfaceName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('hubProperties').subscriptionId, parameters('hubProperties').resourceGroupName), 'Microsoft.Resources/deployments', 'remoteAccess-windowsNetworkInterface'), '2022-09-01').outputs.name.value]" + "value": "[replace(parameters('hub').namingConvention.virtualMachineNetworkInterface, parameters('serviceToken'), 'remoteAccess-windows')]" + }, + "networkSecurityGroupResourceId": { + "value": "[parameters('hubNetworkSecurityGroupResourceId')]" }, "offer": { "value": "[parameters('windowsVmOffer')]" }, + "privateIPAddressAllocationMethod": { + "value": "[parameters('windowsNetworkInterfacePrivateIPAddressAllocationMethod')]" + }, "publisher": { "value": "[parameters('windowsVmPublisher')]" }, @@ -6921,6 +6392,9 @@ "storageAccountType": { "value": "[parameters('windowsVmStorageAccountType')]" }, + "subnetResourceId": { + "value": "[parameters('hubSubnetResourceId')]" + }, "tags": { "value": "[parameters('tags')]" }, @@ -6934,8 +6408,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "12555507350677928020" + "version": "0.27.1.19265", + "templateHash": "12051440793252806008" } }, "parameters": { @@ -6968,15 +6442,25 @@ "logAnalyticsWorkspaceId": { "type": "string" }, + "mlzTags": { + "type": "object", + "defaultValue": {} + }, "name": { "type": "string" }, "networkInterfaceName": { "type": "string" }, + "networkSecurityGroupResourceId": { + "type": "string" + }, "offer": { "type": "string" }, + "privateIPAddressAllocationMethod": { + "type": "string" + }, "publisher": { "type": "string" }, @@ -6989,6 +6473,9 @@ "storageAccountType": { "type": "string" }, + "subnetResourceId": { + "type": "string" + }, "tags": { "type": "object", "defaultValue": {} @@ -7003,7 +6490,7 @@ "apiVersion": "2021-04-01", "name": "[parameters('name')]", "location": "[parameters('location')]", - "tags": "[parameters('tags')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), parameters('tags')['Microsoft.Compute/virtualMachines'], createObject()), parameters('mlzTags'))]", "identity": { "type": "SystemAssigned" }, @@ -7019,7 +6506,7 @@ "networkProfile": { "networkInterfaces": [ { - "id": "[resourceId('Microsoft.Network/networkInterfaces', parameters('networkInterfaceName'))]", + "id": "[reference(resourceId('Microsoft.Resources/deployments', 'remoteAccess-windowsNetworkInterface'), '2022-09-01').outputs.id.value]", "properties": { "deleteOption": "Delete" } @@ -7062,7 +6549,10 @@ "dataDisks": "[parameters('dataDisks')]" }, "licenseType": "[if(parameters('hybridUseBenefit'), 'Windows_Server', null())]" - } + }, + "dependsOn": [ + "[resourceId('Microsoft.Resources/deployments', 'remoteAccess-windowsNetworkInterface')]" + ] }, { "type": "Microsoft.Compute/virtualMachines/extensions", @@ -7158,13 +6648,115 @@ "dependsOn": [ "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]" ] + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "remoteAccess-windowsNetworkInterface", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "location": { + "value": "[parameters('location')]" + }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, + "name": { + "value": "[parameters('networkInterfaceName')]" + }, + "networkSecurityGroupResourceId": { + "value": "[parameters('networkSecurityGroupResourceId')]" + }, + "privateIPAddressAllocationMethod": { + "value": "[parameters('privateIPAddressAllocationMethod')]" + }, + "subnetResourceId": { + "value": "[parameters('subnetResourceId')]" + }, + "tags": { + "value": "[parameters('tags')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "10681682753551959771" + } + }, + "parameters": { + "location": { + "type": "string" + }, + "mlzTags": { + "type": "object", + "defaultValue": {} + }, + "name": { + "type": "string" + }, + "networkSecurityGroupResourceId": { + "type": "string" + }, + "privateIPAddressAllocationMethod": { + "type": "string" + }, + "subnetResourceId": { + "type": "string" + }, + "tags": { + "type": "object", + "defaultValue": {} + } + }, + "resources": [ + { + "type": "Microsoft.Network/networkInterfaces", + "apiVersion": "2021-02-01", + "name": "[parameters('name')]", + "location": "[parameters('location')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Network/networkInterfaces'), parameters('tags')['Microsoft.Network/networkInterfaces'], createObject()), parameters('mlzTags'))]", + "properties": { + "ipConfigurations": [ + { + "name": "ipconfig", + "properties": { + "subnet": { + "id": "[parameters('subnetResourceId')]" + }, + "privateIPAllocationMethod": "[parameters('privateIPAddressAllocationMethod')]" + } + } + ], + "networkSecurityGroup": { + "id": "[parameters('networkSecurityGroupResourceId')]" + } + } + } + ], + "outputs": { + "id": { + "type": "string", + "value": "[resourceId('Microsoft.Network/networkInterfaces', parameters('name'))]" + }, + "name": { + "type": "string", + "value": "[parameters('name')]" + } + } + } + } } ] } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('hubProperties').subscriptionId, parameters('hubProperties').resourceGroupName), 'Microsoft.Resources/deployments', 'remoteAccess-windowsNetworkInterface')]" - ] + } } ] } @@ -7173,7 +6765,8 @@ "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-hub-{0}', parameters('deploymentNameSuffix')))]", "[subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix')))]", "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-monitoring-{0}', parameters('deploymentNameSuffix')))]", - "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}', parameters('deploymentNameSuffix')))]" + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}', parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-resource-groups-{0}', parameters('deploymentNameSuffix')))]" ] }, { @@ -7193,6 +6786,9 @@ "deployIdentity": { "value": "[parameters('deployIdentity')]" }, + "deploymentNameSuffix": { + "value": "[parameters('deploymentNameSuffix')]" + }, "keyVaultUri": { "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-hub-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultUri.value]" }, @@ -7202,23 +6798,26 @@ "logStorageSkuName": { "value": "[parameters('logStorageSkuName')]" }, - "networks": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.networks.value]" + "mlzTags": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.mlzTags.value]" + }, + "resourceGroupNames": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-resource-groups-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.names.value]" }, "serviceToken": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-naming-convention-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value.service]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value.service]" }, "storageEncryptionKeyName": { "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-hub-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.storageKeyName.value]" }, - "subnetResourceId": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.hubSubnetResourceId.value]" - }, "tablesPrivateDnsZoneResourceId": { "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.privateDnsZoneResourceIds.value.table]" }, "tags": { - "value": "[variables('calculatedTags')]" + "value": "[parameters('tags')]" + }, + "tiers": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value]" }, "userAssignedIdentityResourceId": { "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-hub-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.userAssignedIdentityResourceId.value]" @@ -7230,8 +6829,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "15215887488033870389" + "version": "0.27.1.19265", + "templateHash": "14815858899021771781" } }, "parameters": { @@ -7241,16 +6840,22 @@ "deployIdentity": { "type": "bool" }, - "keyVaultUri": { + "deploymentNameSuffix": { "type": "string" }, - "logStorageSkuName": { + "keyVaultUri": { "type": "string" }, "location": { "type": "string" }, - "networks": { + "logStorageSkuName": { + "type": "string" + }, + "mlzTags": { + "type": "object" + }, + "resourceGroupNames": { "type": "array" }, "serviceToken": { @@ -7259,15 +6864,15 @@ "storageEncryptionKeyName": { "type": "string" }, - "subnetResourceId": { - "type": "string" - }, "tablesPrivateDnsZoneResourceId": { "type": "string" }, "tags": { "type": "object" }, + "tiers": { + "type": "array" + }, "userAssignedIdentityResourceId": { "type": "string" } @@ -7276,13 +6881,13 @@ { "copy": { "name": "storageAccount", - "count": "[length(parameters('networks'))]" + "count": "[length(parameters('tiers'))]" }, "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "storage", - "subscriptionId": "[parameters('networks')[copyIndex()].subscriptionId]", - "resourceGroup": "[parameters('networks')[copyIndex()].resourceGroupName]", + "name": "[format('deploy-storage-account-{0}-{1}', parameters('tiers')[copyIndex()].name, parameters('deploymentNameSuffix'))]", + "subscriptionId": "[parameters('tiers')[copyIndex()].subscriptionId]", + "resourceGroup": "[parameters('resourceGroupNames')[copyIndex()]]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -7298,6 +6903,9 @@ "location": { "value": "[parameters('location')]" }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, "serviceToken": { "value": "[parameters('serviceToken')]" }, @@ -7305,19 +6913,19 @@ "value": "[parameters('logStorageSkuName')]" }, "storageAccountName": { - "value": "[parameters('networks')[copyIndex()].logStorageAccountName]" + "value": "[parameters('tiers')[copyIndex()].namingConvention.storageAccount]" }, "storageAccountNetworkInterfaceNamePrefix": { - "value": "[parameters('networks')[copyIndex()].logStorageAccountNetworkInterfaceNamePrefix]" + "value": "[parameters('tiers')[copyIndex()].namingConvention.storageAccountNetworkInterface]" }, "storageAccountPrivateEndpointNamePrefix": { - "value": "[parameters('networks')[copyIndex()].logStorageAccountPrivateEndpointNamePrefix]" + "value": "[parameters('tiers')[copyIndex()].namingConvention.storageAccountPrivateEndpoint]" }, "storageEncryptionKeyName": { "value": "[parameters('storageEncryptionKeyName')]" }, "subnetResourceId": { - "value": "[parameters('subnetResourceId')]" + "value": "[resourceId(parameters('tiers')[copyIndex()].subscriptionId, parameters('resourceGroupNames')[copyIndex()], 'Microsoft.Network/virtualNetworks/subnets', parameters('tiers')[copyIndex()].namingConvention.virtualNetwork, parameters('tiers')[copyIndex()].namingConvention.subnet)]" }, "tablesPrivateDnsZoneResourceId": { "value": "[parameters('tablesPrivateDnsZoneResourceId')]" @@ -7335,8 +6943,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "6728136650948993728" + "version": "0.27.1.19265", + "templateHash": "6116693144339389145" } }, "parameters": { @@ -7349,6 +6957,9 @@ "location": { "type": "string" }, + "mlzTags": { + "type": "object" + }, "serviceToken": { "type": "string" }, @@ -7392,6 +7003,7 @@ "apiVersion": "2023-01-01", "name": "[parameters('storageAccountName')]", "location": "[parameters('location')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Storage/storageAccounts'), parameters('tags')['Microsoft.Storage/storageAccounts'], createObject()), parameters('mlzTags'))]", "identity": { "type": "UserAssigned", "userAssignedIdentities": { @@ -7402,7 +7014,6 @@ "sku": { "name": "[parameters('skuName')]" }, - "tags": "[parameters('tags')]", "properties": { "accessTier": "Hot", "allowBlobPublicAccess": false, @@ -7460,7 +7071,7 @@ "apiVersion": "2023-04-01", "name": "[replace(parameters('storageAccountPrivateEndpointNamePrefix'), parameters('serviceToken'), split(split(variables('zones')[copyIndex()], '/')[8], '.')[1])]", "location": "[parameters('location')]", - "tags": "[parameters('tags')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Network/privateEndpoints'), parameters('tags')['Microsoft.Network/privateEndpoints'], createObject()), parameters('mlzTags'))]", "properties": { "customNetworkInterfaceName": "[replace(parameters('storageAccountNetworkInterfaceNamePrefix'), parameters('serviceToken'), split(split(variables('zones')[copyIndex()], '/')[8], '.')[1])]", "privateLinkServiceConnections": [ @@ -7518,7 +7129,7 @@ "outputs": { "storageAccountResourceIds": { "type": "array", - "value": "[union(createArray(resourceId(parameters('networks')[0].subscriptionId, parameters('networks')[0].resourceGroupName, 'Microsoft.Storage/storageAccounts', parameters('networks')[0].logStorageAccountName), resourceId(parameters('networks')[1].subscriptionId, parameters('networks')[1].resourceGroupName, 'Microsoft.Storage/storageAccounts', parameters('networks')[1].logStorageAccountName), resourceId(parameters('networks')[2].subscriptionId, parameters('networks')[2].resourceGroupName, 'Microsoft.Storage/storageAccounts', parameters('networks')[2].logStorageAccountName)), if(parameters('deployIdentity'), createArray(resourceId(parameters('networks')[3].subscriptionId, parameters('networks')[3].resourceGroupName, 'Microsoft.Storage/storageAccounts', parameters('networks')[3].logStorageAccountName)), createArray()))]" + "value": "[union(createArray(resourceId(parameters('tiers')[0].subscriptionId, parameters('resourceGroupNames')[0], 'Microsoft.Storage/storageAccounts', parameters('tiers')[0].namingConvention.storageAccount), resourceId(parameters('tiers')[1].subscriptionId, parameters('resourceGroupNames')[1], 'Microsoft.Storage/storageAccounts', parameters('tiers')[1].namingConvention.storageAccount), resourceId(parameters('tiers')[2].subscriptionId, parameters('resourceGroupNames')[2], 'Microsoft.Storage/storageAccounts', parameters('tiers')[2].namingConvention.storageAccount)), if(parameters('deployIdentity'), createArray(resourceId(parameters('tiers')[3].subscriptionId, parameters('resourceGroupNames')[3], 'Microsoft.Storage/storageAccounts', parameters('tiers')[3].namingConvention.storageAccount)), createArray()))]" } } } @@ -7526,9 +7137,9 @@ "dependsOn": [ "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-hub-{0}', parameters('deploymentNameSuffix')))]", "[subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix')))]", - "[subscriptionResourceId('Microsoft.Resources/deployments', format('get-naming-convention-{0}', parameters('deploymentNameSuffix')))]", "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}', parameters('deploymentNameSuffix')))]", - "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-remote-access-{0}', parameters('deploymentNameSuffix')))]" + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-remote-access-{0}', parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-resource-groups-{0}', parameters('deploymentNameSuffix')))]" ] }, { @@ -7542,6 +7153,9 @@ }, "mode": "Incremental", "parameters": { + "deployBastion": { + "value": "[parameters('deployBastion')]" + }, "deploymentNameSuffix": { "value": "[parameters('deploymentNameSuffix')]" }, @@ -7551,41 +7165,35 @@ "firewallDiagnosticsMetrics": { "value": "[parameters('firewallDiagnosticsMetrics')]" }, - "KeyVaultName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-hub-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.KeyVaultName.value]" + "keyVaultName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-hub-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultName.value]" }, "keyVaultDiagnosticLogs": { - "value": "[parameters('KeyVaultDiagnosticsLogs')]" + "value": "[parameters('keyVaultDiagnosticsLogs')]" }, "logAnalyticsWorkspaceResourceId": { "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-monitoring-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.logAnalyticsWorkspaceResourceId.value]" }, - "networks": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.networks.value]" - }, - "networkSecurityGroupDiagnosticsLogs": { - "value": "[parameters('hubNetworkSecurityGroupDiagnosticsLogs')]" - }, - "networkSecurityGroupDiagnosticsMetrics": { - "value": "[parameters('hubNetworkSecurityGroupDiagnosticsMetrics')]" - }, "publicIPAddressDiagnosticsLogs": { "value": "[parameters('publicIPAddressDiagnosticsLogs')]" }, "publicIPAddressDiagnosticsMetrics": { "value": "[parameters('publicIPAddressDiagnosticsMetrics')]" }, + "resourceGroupNames": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-resource-groups-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.names.value]" + }, + "serviceToken": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value.service]" + }, "storageAccountResourceIds": { "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-log-storage-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.storageAccountResourceIds.value]" }, "supportedClouds": { "value": "[parameters('supportedClouds')]" }, - "virtualNetworkDiagnosticsLogs": { - "value": "[parameters('hubVirtualNetworkDiagnosticsLogs')]" - }, - "virtualNetworkDiagnosticsMetrics": { - "value": "[parameters('hubVirtualNetworkDiagnosticsMetrics')]" + "tiers": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value]" } }, "template": { @@ -7594,11 +7202,14 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "49100111797787087" + "version": "0.27.1.19265", + "templateHash": "13913551355436490268" } }, "parameters": { + "deployBastion": { + "type": "bool" + }, "deploymentNameSuffix": { "type": "string" }, @@ -7608,29 +7219,26 @@ "firewallDiagnosticsMetrics": { "type": "array" }, - "KeyVaultName": { - "type": "string" - }, "keyVaultDiagnosticLogs": { "type": "array" }, - "logAnalyticsWorkspaceResourceId": { + "keyVaultName": { "type": "string" }, - "networks": { - "type": "array" + "logAnalyticsWorkspaceResourceId": { + "type": "string" }, - "networkSecurityGroupDiagnosticsLogs": { + "publicIPAddressDiagnosticsLogs": { "type": "array" }, - "networkSecurityGroupDiagnosticsMetrics": { + "publicIPAddressDiagnosticsMetrics": { "type": "array" }, - "publicIPAddressDiagnosticsLogs": { + "resourceGroupNames": { "type": "array" }, - "publicIPAddressDiagnosticsMetrics": { - "type": "array" + "serviceToken": { + "type": "string" }, "storageAccountResourceIds": { "type": "array" @@ -7638,34 +7246,28 @@ "supportedClouds": { "type": "array" }, - "virtualNetworkDiagnosticsLogs": { - "type": "array" - }, - "virtualNetworkDiagnosticsMetrics": { + "tiers": { "type": "array" } }, "variables": { - "hub": "[first(filter(parameters('networks'), lambda('network', equals(lambdaVariables('network').name, 'hub'))))]", - "hubResourceGroupName": "[variables('hub').resourceGroupName]", - "hubSubscriptionId": "[variables('hub').subscriptionId]", - "operations": "[first(filter(parameters('networks'), lambda('network', equals(lambdaVariables('network').name, 'operations'))))]", - "publicIPAddressNames": [ - "[variables('hub').firewallClientPublicIPAddressName]", - "[variables('hub').firewallManagementPublicIPAddressName]" - ] + "hub": "[filter(parameters('tiers'), lambda('tier', equals(lambdaVariables('tier').name, 'hub')))[0]]", + "hubResourceGroupName": "[filter(parameters('resourceGroupNames'), lambda('name', contains(lambdaVariables('name'), 'hub')))[0]]", + "operations": "[first(filter(parameters('tiers'), lambda('tier', equals(lambdaVariables('tier').name, 'operations'))))]", + "operationsResourceGroupName": "[filter(parameters('resourceGroupNames'), lambda('name', contains(lambdaVariables('name'), 'operations')))[0]]", + "publicIPAddresses": "[union(createArray(createObject('name', variables('hub').namingConvention.azureFirewallClientPublicIPAddress, 'diagName', variables('hub').namingConvention.azureFirewallClientPublicIPAddressDiagnosticSetting), createObject('name', variables('hub').namingConvention.azureFirewallManagementPublicIPAddress, 'diagName', variables('hub').namingConvention.azureFirewallManagementPublicIPAddressDiagnosticSetting)), if(parameters('deployBastion'), createArray(createObject('name', variables('hub').namingConvention.bastionHostPublicIPAddress, 'diagName', variables('hub').namingConvention.bastionHostPublicIPAddressDiagnosticSetting)), createArray()))]" }, "resources": [ { "copy": { "name": "activityLogDiagnosticSettings", - "count": "[length(parameters('networks'))]" + "count": "[length(parameters('tiers'))]" }, - "condition": "[parameters('networks')[copyIndex()].deployUniqueResources]", + "condition": "[parameters('tiers')[copyIndex()].deployUniqueResources]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('deploy-activity-diags-{0}-{1}', parameters('networks')[copyIndex()].name, parameters('deploymentNameSuffix'))]", - "subscriptionId": "[parameters('networks')[copyIndex()].subscriptionId]", + "name": "[format('deploy-activity-diags-{0}-{1}', parameters('tiers')[copyIndex()].name, parameters('deploymentNameSuffix'))]", + "subscriptionId": "[parameters('tiers')[copyIndex()].subscriptionId]", "location": "[deployment().location]", "properties": { "expressionEvaluationOptions": { @@ -7675,9 +7277,6 @@ "parameters": { "logAnalyticsWorkspaceId": { "value": "[parameters('logAnalyticsWorkspaceResourceId')]" - }, - "supportedClouds": { - "value": "[parameters('supportedClouds')]" } }, "template": { @@ -7686,21 +7285,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "14852926421482749735" + "version": "0.27.1.19265", + "templateHash": "11148640012050316356" } }, "parameters": { "logAnalyticsWorkspaceId": { "type": "string" - }, - "supportedClouds": { - "type": "array" } }, "resources": [ { - "condition": "[contains(parameters('supportedClouds'), environment().name)]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2017-05-01-preview", "name": "[format('diag-activity-log-{0}', subscription().subscriptionId)]", @@ -7751,7 +7346,7 @@ "apiVersion": "2022-09-01", "name": "[format('deploy-law-diag-{0}', parameters('deploymentNameSuffix'))]", "subscriptionId": "[variables('operations').subscriptionId]", - "resourceGroup": "[variables('operations').resourceGroupName]", + "resourceGroup": "[variables('operationsResourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -7759,7 +7354,10 @@ "mode": "Incremental", "parameters": { "diagnosticStorageAccountName": { - "value": "[variables('operations').logStorageAccountName]" + "value": "[variables('operations').namingConvention.storageAccount]" + }, + "logAnalyticsWorkspaceDiagnosticSettingName": { + "value": "[variables('operations').namingConvention.logAnalyticsWorkspaceDiagnosticSetting]" }, "logAnalyticsWorkspaceName": { "value": "[split(parameters('logAnalyticsWorkspaceResourceId'), '/')[8]]" @@ -7774,14 +7372,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "7596701148342767595" + "version": "0.27.1.19265", + "templateHash": "18083714839459110812" } }, "parameters": { "diagnosticStorageAccountName": { "type": "string" }, + "logAnalyticsWorkspaceDiagnosticSettingName": { + "type": "string" + }, "logAnalyticsWorkspaceName": { "type": "string" }, @@ -7795,7 +7396,7 @@ "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2017-05-01-preview", "scope": "[format('Microsoft.OperationalInsights/workspaces/{0}', parameters('logAnalyticsWorkspaceName'))]", - "name": "[format('diag-{0}', parameters('logAnalyticsWorkspaceName'))]", + "name": "[parameters('logAnalyticsWorkspaceDiagnosticSettingName')]", "properties": { "workspaceId": "[resourceId('Microsoft.OperationalInsights/workspaces', parameters('logAnalyticsWorkspaceName'))]", "storageAccountId": "[resourceId('Microsoft.Storage/storageAccounts', parameters('diagnosticStorageAccountName'))]", @@ -7820,13 +7421,13 @@ { "copy": { "name": "networkSecurityGroupDiagnostics", - "count": "[length(parameters('networks'))]" + "count": "[length(parameters('tiers'))]" }, "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('deploy-nsg-diags-{0}-{1}', parameters('networks')[copyIndex()].name, parameters('deploymentNameSuffix'))]", - "subscriptionId": "[parameters('networks')[copyIndex()].subscriptionId]", - "resourceGroup": "[parameters('networks')[copyIndex()].resourceGroupName]", + "name": "[format('deploy-nsg-diags-{0}-{1}', parameters('tiers')[copyIndex()].name, parameters('deploymentNameSuffix'))]", + "subscriptionId": "[parameters('tiers')[copyIndex()].subscriptionId]", + "resourceGroup": "[parameters('resourceGroupNames')[copyIndex()]]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -7837,16 +7438,19 @@ "value": "[parameters('logAnalyticsWorkspaceResourceId')]" }, "logs": { - "value": "[parameters('networkSecurityGroupDiagnosticsLogs')]" + "value": "[parameters('tiers')[copyIndex()].nsgDiagLogs]" }, "logStorageAccountResourceId": { "value": "[parameters('storageAccountResourceIds')[copyIndex()]]" }, "metrics": { - "value": "[parameters('networkSecurityGroupDiagnosticsMetrics')]" + "value": "[parameters('tiers')[copyIndex()].nsgDiagMetrics]" }, - "name": { - "value": "[parameters('networks')[copyIndex()].networkSecurityGroupName]" + "networkSecurityGroupDiagnosticSettingName": { + "value": "[parameters('tiers')[copyIndex()].namingConvention.networkSecurityGroupDiagnosticSetting]" + }, + "networkSecurityGroupName": { + "value": "[parameters('tiers')[copyIndex()].namingConvention.networkSecurityGroup]" } }, "template": { @@ -7855,14 +7459,11 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "14146627423781433804" + "version": "0.27.1.19265", + "templateHash": "12049539018034280966" } }, "parameters": { - "name": { - "type": "string" - }, "logAnalyticsWorkspaceResourceId": { "type": "string" }, @@ -7874,14 +7475,20 @@ }, "metrics": { "type": "array" + }, + "networkSecurityGroupDiagnosticSettingName": { + "type": "string" + }, + "networkSecurityGroupName": { + "type": "string" } }, "resources": [ { "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2017-05-01-preview", - "scope": "[format('Microsoft.Network/networkSecurityGroups/{0}', parameters('name'))]", - "name": "[format('{0}-diagnostics', parameters('name'))]", + "scope": "[format('Microsoft.Network/networkSecurityGroups/{0}', parameters('networkSecurityGroupName'))]", + "name": "[parameters('networkSecurityGroupDiagnosticSettingName')]", "properties": { "storageAccountId": "[parameters('logStorageAccountResourceId')]", "workspaceId": "[parameters('logAnalyticsWorkspaceResourceId')]", @@ -7896,13 +7503,13 @@ { "copy": { "name": "virtualNetworkDiagnostics", - "count": "[length(parameters('networks'))]" + "count": "[length(parameters('tiers'))]" }, "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('deploy-vnet-diags-{0}-{1}', parameters('networks')[copyIndex()].name, parameters('deploymentNameSuffix'))]", - "subscriptionId": "[parameters('networks')[copyIndex()].subscriptionId]", - "resourceGroup": "[parameters('networks')[copyIndex()].resourceGroupName]", + "name": "[format('deploy-vnet-diags-{0}-{1}', parameters('tiers')[copyIndex()].name, parameters('deploymentNameSuffix'))]", + "subscriptionId": "[parameters('tiers')[copyIndex()].subscriptionId]", + "resourceGroup": "[parameters('resourceGroupNames')[copyIndex()]]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -7913,16 +7520,19 @@ "value": "[parameters('logAnalyticsWorkspaceResourceId')]" }, "logs": { - "value": "[parameters('virtualNetworkDiagnosticsLogs')]" + "value": "[parameters('tiers')[copyIndex()].vnetDiagLogs]" }, "logStorageAccountResourceId": { "value": "[parameters('storageAccountResourceIds')[copyIndex()]]" }, "metrics": { - "value": "[parameters('virtualNetworkDiagnosticsMetrics')]" + "value": "[parameters('tiers')[copyIndex()].vnetDiagMetrics]" }, - "name": { - "value": "[parameters('networks')[copyIndex()].virtualNetworkName]" + "virtualNetworkDiagnosticSettingName": { + "value": "[parameters('tiers')[copyIndex()].namingConvention.virtualNetworkDiagnosticSetting]" + }, + "virtualNetworkName": { + "value": "[parameters('tiers')[copyIndex()].namingConvention.virtualNetwork]" } }, "template": { @@ -7931,8 +7541,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "17731844489242416935" + "version": "0.27.1.19265", + "templateHash": "13356625654141484072" } }, "parameters": { @@ -7948,7 +7558,10 @@ "metrics": { "type": "array" }, - "name": { + "virtualNetworkDiagnosticSettingName": { + "type": "string" + }, + "virtualNetworkName": { "type": "string" } }, @@ -7956,8 +7569,8 @@ { "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2017-05-01-preview", - "scope": "[format('Microsoft.Network/virtualNetworks/{0}', parameters('name'))]", - "name": "[format('{0}-diagnostics', parameters('name'))]", + "scope": "[format('Microsoft.Network/virtualNetworks/{0}', parameters('virtualNetworkName'))]", + "name": "[parameters('virtualNetworkDiagnosticSettingName')]", "properties": { "storageAccountId": "[parameters('logStorageAccountResourceId')]", "workspaceId": "[parameters('logAnalyticsWorkspaceResourceId')]", @@ -7972,12 +7585,12 @@ { "copy": { "name": "publicIpAddressDiagnostics", - "count": "[length(variables('publicIPAddressNames'))]" + "count": "[length(variables('publicIPAddresses'))]" }, "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('deploy-pip-diags-{0}-{1}-{2}', split(variables('publicIPAddressNames')[copyIndex()], '-')[2], split(variables('publicIPAddressNames')[copyIndex()], '-')[3], parameters('deploymentNameSuffix'))]", - "subscriptionId": "[variables('hubSubscriptionId')]", + "name": "[format('deploy-pip-diags-{0}-{1}-{2}', split(variables('publicIPAddresses')[copyIndex()].name, '-')[2], split(variables('publicIPAddresses')[copyIndex()].name, '-')[3], parameters('deploymentNameSuffix'))]", + "subscriptionId": "[variables('hub').subscriptionId]", "resourceGroup": "[variables('hubResourceGroupName')]", "properties": { "expressionEvaluationOptions": { @@ -7991,14 +7604,17 @@ "logAnalyticsWorkspaceResourceId": { "value": "[parameters('logAnalyticsWorkspaceResourceId')]" }, - "name": { - "value": "[variables('publicIPAddressNames')[copyIndex()]]" + "publicIPAddressDiagnosticSettingName": { + "value": "[variables('publicIPAddresses')[copyIndex()].diagName]" }, "publicIPAddressDiagnosticsLogs": { "value": "[parameters('publicIPAddressDiagnosticsLogs')]" }, "publicIPAddressDiagnosticsMetrics": { "value": "[parameters('publicIPAddressDiagnosticsMetrics')]" + }, + "publicIPAddressName": { + "value": "[variables('publicIPAddresses')[copyIndex()].name]" } }, "template": { @@ -8007,8 +7623,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "17767559360664239960" + "version": "0.27.1.19265", + "templateHash": "5486243867531845253" } }, "parameters": { @@ -8018,7 +7634,7 @@ "logAnalyticsWorkspaceResourceId": { "type": "string" }, - "name": { + "publicIPAddressDiagnosticSettingName": { "type": "string" }, "publicIPAddressDiagnosticsLogs": { @@ -8026,14 +7642,17 @@ }, "publicIPAddressDiagnosticsMetrics": { "type": "array" + }, + "publicIPAddressName": { + "type": "string" } }, "resources": [ { "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2017-05-01-preview", - "scope": "[format('Microsoft.Network/publicIPAddresses/{0}', parameters('name'))]", - "name": "[format('{0}-diagnostics', parameters('name'))]", + "scope": "[format('Microsoft.Network/publicIPAddresses/{0}', parameters('publicIPAddressName'))]", + "name": "[parameters('publicIPAddressDiagnosticSettingName')]", "properties": { "storageAccountId": "[parameters('hubStorageAccountResourceId')]", "workspaceId": "[parameters('logAnalyticsWorkspaceResourceId')]", @@ -8049,7 +7668,7 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('deploy-afw-diags-{0}', parameters('deploymentNameSuffix'))]", - "subscriptionId": "[variables('hubSubscriptionId')]", + "subscriptionId": "[variables('hub').subscriptionId]", "resourceGroup": "[variables('hubResourceGroupName')]", "properties": { "expressionEvaluationOptions": { @@ -8057,6 +7676,12 @@ }, "mode": "Incremental", "parameters": { + "firewallDiagnosticSettingsName": { + "value": "[variables('hub').namingConvention.azureFirewallDiagnosticSetting]" + }, + "firewallName": { + "value": "[variables('hub').namingConvention.azureFirewall]" + }, "logAnalyticsWorkspaceResourceId": { "value": "[parameters('logAnalyticsWorkspaceResourceId')]" }, @@ -8068,9 +7693,6 @@ }, "metrics": { "value": "[parameters('firewallDiagnosticsMetrics')]" - }, - "name": { - "value": "[variables('hub').firewallName]" } }, "template": { @@ -8079,11 +7701,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "15968308489764733204" + "version": "0.27.1.19265", + "templateHash": "14138036785238952784" } }, "parameters": { + "firewallDiagnosticSettingsName": { + "type": "string" + }, + "firewallName": { + "type": "string" + }, "logAnalyticsWorkspaceResourceId": { "type": "string" }, @@ -8095,17 +7723,14 @@ }, "metrics": { "type": "array" - }, - "name": { - "type": "string" } }, "resources": [ { "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2017-05-01-preview", - "scope": "[format('Microsoft.Network/azureFirewalls/{0}', parameters('name'))]", - "name": "[format('{0}-diagnostics', parameters('name'))]", + "scope": "[format('Microsoft.Network/azureFirewalls/{0}', parameters('firewallName'))]", + "name": "[parameters('firewallDiagnosticSettingsName')]", "properties": { "storageAccountId": "[parameters('logStorageAccountResourceId')]", "workspaceId": "[parameters('logAnalyticsWorkspaceResourceId')]", @@ -8117,7 +7742,7 @@ "outputs": { "privateIPAddress": { "type": "string", - "value": "[reference(resourceId('Microsoft.Network/azureFirewalls', parameters('name')), '2021-02-01').ipConfigurations[0].properties.privateIPAddress]" + "value": "[reference(resourceId('Microsoft.Network/azureFirewalls', parameters('firewallName')), '2021-02-01').ipConfigurations[0].properties.privateIPAddress]" } } } @@ -8127,7 +7752,7 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('deploy-kv-diags-{0}', parameters('deploymentNameSuffix'))]", - "subscriptionId": "[variables('hubSubscriptionId')]", + "subscriptionId": "[variables('hub').subscriptionId]", "resourceGroup": "[variables('hubResourceGroupName')]", "properties": { "expressionEvaluationOptions": { @@ -8135,17 +7760,20 @@ }, "mode": "Incremental", "parameters": { + "keyVaultDiagnosticSettingName": { + "value": "[replace(variables('hub').namingConvention.keyVaultDiagnosticSetting, parameters('serviceToken'), '')]" + }, + "keyVaultName": { + "value": "[parameters('keyVaultName')]" + }, + "keyVaultStorageAccountId": { + "value": "[parameters('storageAccountResourceIds')[0]]" + }, "logAnalyticsWorkspaceResourceId": { "value": "[parameters('logAnalyticsWorkspaceResourceId')]" }, "logs": { "value": "[parameters('keyVaultDiagnosticLogs')]" - }, - "keyVaultstorageAccountId": { - "value": "[parameters('storageAccountResourceIds')[0]]" - }, - "name": { - "value": "[parameters('KeyVaultName')]" } }, "template": { @@ -8154,32 +7782,35 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "9848944155815832346" + "version": "0.27.1.19265", + "templateHash": "11931053519285250235" } }, "parameters": { - "logAnalyticsWorkspaceResourceId": { + "keyVaultDiagnosticSettingName": { "type": "string" }, - "logs": { - "type": "array" + "keyVaultName": { + "type": "string" }, - "name": { + "keyVaultStorageAccountId": { "type": "string" }, - "keyVaultstorageAccountId": { + "logAnalyticsWorkspaceResourceId": { "type": "string" + }, + "logs": { + "type": "array" } }, "resources": [ { "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2017-05-01-preview", - "scope": "[format('Microsoft.KeyVault/vaults/{0}', parameters('name'))]", - "name": "[format('{0}-diagnostics', parameters('name'))]", + "scope": "[format('Microsoft.KeyVault/vaults/{0}', parameters('keyVaultName'))]", + "name": "[parameters('keyVaultDiagnosticSettingName')]", "properties": { - "storageAccountId": "[parameters('keyVaultstorageAccountId')]", + "storageAccountId": "[parameters('keyVaultStorageAccountId')]", "workspaceId": "[parameters('logAnalyticsWorkspaceResourceId')]", "logs": "[parameters('logs')]" } @@ -8196,6 +7827,7 @@ "[subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix')))]", "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-monitoring-{0}', parameters('deploymentNameSuffix')))]", "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}', parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-resource-groups-{0}', parameters('deploymentNameSuffix')))]", "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-log-storage-{0}', parameters('deploymentNameSuffix')))]" ] }, @@ -8220,11 +7852,14 @@ "logAnalyticsWorkspaceResourceId": { "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-monitoring-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.logAnalyticsWorkspaceResourceId.value]" }, - "networks": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.networks.value]" - }, "policy": { "value": "[parameters('policy')]" + }, + "resourceGroupNames": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-resource-groups-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.names.value]" + }, + "tiers": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value]" } }, "template": { @@ -8233,8 +7868,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "2594345850908952645" + "version": "0.27.1.19265", + "templateHash": "379956182717650153" } }, "parameters": { @@ -8247,24 +7882,27 @@ "logAnalyticsWorkspaceResourceId": { "type": "string" }, - "networks": { - "type": "array" - }, "policy": { "type": "string" + }, + "resourceGroupNames": { + "type": "array" + }, + "tiers": { + "type": "array" } }, "resources": [ { "copy": { "name": "policyAssignment", - "count": "[length(parameters('networks'))]" + "count": "[length(parameters('tiers'))]" }, "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('assign-policy-{0}-{1}', parameters('networks')[copyIndex()].name, parameters('deploymentNameSuffix'))]", - "subscriptionId": "[parameters('networks')[copyIndex()].subscriptionId]", - "resourceGroup": "[parameters('networks')[copyIndex()].resourceGroupName]", + "name": "[format('assign-policy-{0}-{1}', parameters('tiers')[copyIndex()].name, parameters('deploymentNameSuffix'))]", + "subscriptionId": "[parameters('tiers')[copyIndex()].subscriptionId]", + "resourceGroup": "[parameters('resourceGroupNames')[copyIndex()]]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -8287,8 +7925,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "14286124867588017135" + "version": "0.27.1.19265", + "templateHash": "9464536540108620518" } }, "parameters": { @@ -8463,8 +8101,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "16166471121138690529" + "version": "0.27.1.19265", + "templateHash": "6383470207031311407" } }, "parameters": { @@ -8520,7 +8158,8 @@ }, "dependsOn": [ "[subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix')))]", - "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-monitoring-{0}', parameters('deploymentNameSuffix')))]" + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-monitoring-{0}', parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-resource-groups-{0}', parameters('deploymentNameSuffix')))]" ] }, { @@ -8535,6 +8174,9 @@ }, "mode": "Incremental", "parameters": { + "defenderPlans": { + "value": "[parameters('deployDefenderPlans')]" + }, "defenderSkuTier": { "value": "[parameters('defenderSkuTier')]" }, @@ -8547,11 +8189,8 @@ "logAnalyticsWorkspaceResourceId": { "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-monitoring-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.logAnalyticsWorkspaceResourceId.value]" }, - "networks": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.networks.value]" - }, - "defenderPlans": { - "value": "[parameters('deployDefenderPlans')]" + "tiers": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value]" } }, "template": { @@ -8560,11 +8199,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "12295251709791687425" + "version": "0.27.1.19265", + "templateHash": "7356216205468542805" } }, "parameters": { + "defenderPlans": { + "type": "array", + "defaultValue": [ + "VirtualMachines" + ] + }, "defenderSkuTier": { "type": "string" }, @@ -8577,27 +8222,21 @@ "logAnalyticsWorkspaceResourceId": { "type": "string" }, - "networks": { + "tiers": { "type": "array" - }, - "defenderPlans": { - "type": "array", - "defaultValue": [ - "VirtualMachines" - ] } }, "resources": [ { "copy": { "name": "defenderForCloud", - "count": "[length(parameters('networks'))]" + "count": "[length(parameters('tiers'))]" }, - "condition": "[parameters('networks')[copyIndex()].deployUniqueResources]", + "condition": "[parameters('tiers')[copyIndex()].deployUniqueResources]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('set-defender-{0}-{1}', parameters('networks')[copyIndex()].name, parameters('deploymentNameSuffix'))]", - "subscriptionId": "[parameters('networks')[copyIndex()].subscriptionId]", + "name": "[format('set-defender-{0}-{1}', parameters('tiers')[copyIndex()].name, parameters('deploymentNameSuffix'))]", + "subscriptionId": "[parameters('tiers')[copyIndex()].subscriptionId]", "location": "[deployment().location]", "properties": { "expressionEvaluationOptions": { @@ -8624,8 +8263,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "2376507858724004427" + "version": "0.27.1.19265", + "templateHash": "4615387508967890473" } }, "parameters": { @@ -8674,14 +8313,77 @@ }, "variables": { "autoProvisioning": "[if(parameters('enableAutoProvisioning'), 'On', 'Off')]", - "defenderPaidPlansSpecialHandlingAzurePublicList": [ - "Api" - ], "defenderPaidPlanConfig": { "AzureCloud": { "Api": { "subPlan": "P1" - } + }, + "appServices": {}, + "KeyVaults": { + "subPlan": "PerKeyVault" + }, + "Arm": { + "subPlan": "PerSubscription" + }, + "CloudPosture": { + "extensions": [ + { + "name": "SensitiveDataDiscovery", + "isEnabled": "True" + }, + { + "name": "ContainerRegistriesVulnerabilityAssessments", + "isEnabled": "True" + }, + { + "name": "AgentlessDiscoveryForKubernetes", + "isEnabled": "True" + }, + { + "name": "AgentlessVmScanning", + "isEnabled": "True" + }, + { + "name": "EntraPermissionsManagement", + "isEnabled": "True" + } + ] + }, + "Containers": { + "extensions": [ + { + "name": "ContainerRegistriesVulnerabilityAssessments", + "isEnabled": "True" + }, + { + "name": "AgentlessDiscoveryForKubernetes", + "isEnabled": "True" + } + ] + }, + "CosmosDbs": {}, + "StorageAccounts": { + "subPlan": "DefenderForStorageV2", + "extensions": [ + { + "name": "OnUploadMalwareScanning", + "isEnabled": "True", + "additionalExtensionProperties": { + "CapGBPerMonthPerStorageAccount": "5000" + } + }, + { + "name": "SensitiveDataDiscovery", + "isEnabled": "True" + } + ] + }, + "VirtualMachines": { + "subPlan": "P1" + }, + "SqlServerVirtualMachines": {}, + "SqlServers": {}, + "OpenSourceRelationalDatabases": {} } } }, @@ -8693,7 +8395,7 @@ "mode": "serial", "batchSize": 1 }, - "condition": "[and(not(empty(parameters('defenderPlans'))), equals(parameters('defenderSkuTier'), 'Free'))]", + "condition": "[equals(parameters('defenderSkuTier'), 'Free')]", "type": "Microsoft.Security/pricings", "apiVersion": "2023-01-01", "name": "[parameters('defenderPlans')[copyIndex()]]", @@ -8708,7 +8410,7 @@ "mode": "serial", "batchSize": 1 }, - "condition": "[and(and(not(empty(parameters('defenderPlans'))), equals(parameters('defenderSkuTier'), 'Standard')), not(contains(variables('defenderPaidPlansSpecialHandlingAzurePublicList'), parameters('defenderPlans')[copyIndex()])))]", + "condition": "[and(equals(parameters('defenderSkuTier'), 'Standard'), not(equals(environment().name, 'AzureCloud')))]", "type": "Microsoft.Security/pricings", "apiVersion": "2023-01-01", "name": "[parameters('defenderPlans')[copyIndex()]]", @@ -8723,11 +8425,15 @@ "mode": "serial", "batchSize": 1 }, - "condition": "[and(and(and(not(empty(parameters('defenderPlans'))), equals(parameters('defenderSkuTier'), 'Standard')), contains(variables('defenderPaidPlansSpecialHandlingAzurePublicList'), parameters('defenderPlans')[copyIndex()])), equals(environment().name, 'AzureCloud'))]", + "condition": "[and(equals(parameters('defenderSkuTier'), 'Standard'), equals(environment().name, 'AzureCloud'))]", "type": "Microsoft.Security/pricings", "apiVersion": "2023-01-01", "name": "[parameters('defenderPlans')[copyIndex()]]", - "properties": "[if(not(contains(variables('defenderPaidPlanConfig')[environment().name][parameters('defenderPlans')[copyIndex()]], 'subPlan')), createObject('pricingTier', parameters('defenderSkuTier')), createObject('pricingTier', parameters('defenderSkuTier'), 'subPlan', variables('defenderPaidPlanConfig')[environment().name][parameters('defenderPlans')[copyIndex()]].subPlan))]" + "properties": { + "pricingTier": "[parameters('defenderSkuTier')]", + "subPlan": "[if(contains(variables('defenderPaidPlanConfig')[environment().name][parameters('defenderPlans')[copyIndex()]], 'subPlan'), variables('defenderPaidPlanConfig')[environment().name][parameters('defenderPlans')[copyIndex()]].subPlan, json('null'))]", + "extensions": "[if(contains(variables('defenderPaidPlanConfig')[environment().name][parameters('defenderPlans')[copyIndex()]], 'extensions'), variables('defenderPaidPlanConfig')[environment().name][parameters('defenderPlans')[copyIndex()]].extensions, json('null'))]" + } }, { "type": "Microsoft.Security/autoProvisioningSettings", @@ -8801,10 +8507,6 @@ "type": "string", "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-hub-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.diskEncryptionSetResourceId.value]" }, - "hubSubnetResourceId": { - "type": "string", - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.hubSubnetResourceId.value]" - }, "hubVirtualNetworkResourceId": { "type": "string", "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.hubVirtualNetworkResourceId.value]" @@ -8813,13 +8515,21 @@ "type": "string", "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.identitySubnetResourceId.value]" }, + "locationProperties": { + "type": "object", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.locationProperties.value]" + }, "logAnalyticsWorkspaceResourceId": { "type": "string", "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-monitoring-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.logAnalyticsWorkspaceResourceId.value]" }, - "networks": { + "sharedServicesSubnetResourceId": { + "type": "string", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.sharedServicesSubnetResourceId.value]" + }, + "tiers": { "type": "array", - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.networks.value]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value]" } } } @@ -8828,7 +8538,7 @@ { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('deploy-entra-domain-services-{0}', parameters('deploymentNameSuffix'))]", + "name": "[format('deploy-azure-virtual-desktop-{0}', parameters('deploymentNameSuffix'))]", "location": "[deployment().location]", "properties": { "expressionEvaluationOptions": { @@ -8836,251 +8546,117 @@ }, "mode": "Incremental", "parameters": { - "deploymentNameSuffix": { - "value": "[parameters('deploymentNameSuffix')]" - }, - "domainName": { - "value": "[parameters('domainName')]" - }, - "location": { - "value": "[parameters('location')]" + "activeDirectorySolution": { + "value": "MicrosoftEntraDomainServices" }, - "resourceGroupName": { - "value": "[first(filter(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-mission-landing-zone-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.networks.value, lambda('network', equals(lambdaVariables('network').name, 'identity')))).resourceGroupName]" + "artifactsContainerName": { + "value": "[parameters('containerName')]" }, - "subnetResourceId": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-mission-landing-zone-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.identitySubnetResourceId.value]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "13212518281279287862" - } + "artifactsStorageAccountResourceId": { + "value": "[parameters('storageAccountResourceId')]" }, - "parameters": { - "deploymentNameSuffix": { - "type": "string" - }, - "domainName": { - "type": "string" - }, - "location": { - "type": "string" - }, - "resourceGroupName": { - "type": "string" - }, - "subnetResourceId": { - "type": "string" - } + "availability": { + "value": "None" }, - "resources": [ - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('domain-services-{0}', parameters('deploymentNameSuffix'))]", - "resourceGroup": "[parameters('resourceGroupName')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "domainName": { - "value": "[parameters('domainName')]" - }, - "location": { - "value": "[parameters('location')]" - }, - "subnetResourceId": { - "value": "[parameters('subnetResourceId')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "8227079009844125640" - } - }, - "parameters": { - "domainName": { - "type": "string", - "metadata": { - "description": "The domain name for the managed domain." - } - }, - "location": { - "type": "string", - "metadata": { - "description": "The location of the managed domain." - } - }, - "subnetResourceId": { - "type": "string", - "metadata": { - "description": "The resource ID of the subnet for the managed domain." - } - } - }, - "resources": [ - { - "type": "Microsoft.AAD/domainServices", - "apiVersion": "2022-12-01", - "name": "[parameters('domainName')]", - "location": "[parameters('location')]", - "properties": { - "domainConfigurationType": "FullySynced", - "domainName": "[parameters('domainName')]", - "domainSecuritySettings": { - "kerberosRc4Encryption": "Disabled" - }, - "filteredSync": "Disabled", - "notificationSettings": { - "notifyGlobalAdmins": "Enabled", - "notifyDcAdmins": "Enabled", - "additionalRecipients": [] - }, - "replicaSets": [ - { - "subnetId": "[parameters('subnetResourceId')]", - "location": "[parameters('location')]" - } - ], - "sku": "Standard" - } - } - ] - } - } - } - ] - } - }, - "dependsOn": [ - "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-mission-landing-zone-{0}', parameters('deploymentNameSuffix')))]" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('deploy-image-{0}', parameters('deploymentNameSuffix'))]", - "location": "[deployment().location]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "arcGisProInstaller": { - "value": "[parameters('arcGisProInstaller')]" + "avdAgentBootLoaderMsiName": { + "value": "[parameters('avdAgentBootLoaderMsiName')]" }, - "azureFirewallResourceId": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-mission-landing-zone-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.azureFirewallResourceId.value]" + "avdAgentMsiName": { + "value": "[parameters('avdAgentMsiName')]" }, - "containerName": { - "value": "[parameters('containerName')]" + "avdObjectId": { + "value": "[parameters('avdObjectId')]" }, - "emailSecurityContact": { - "value": "[parameters('emailSecurityContact')]" + "azureNetAppFilesSubnetAddressPrefix": { + "value": "10.0.140.128/25" }, - "enableBuildAutomation": { - "value": false + "azurePowerShellModuleMsiName": { + "value": "[parameters('azurePowerShellModuleMsiName')]" }, - "environmentAbbreviation": { - "value": "dev" + "deployActivityLogDiagnosticSetting": { + "value": "[parameters('deployActivityLogDiagnosticSetting')]" }, - "hubVirtualNetworkResourceId": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-mission-landing-zone-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.hubVirtualNetworkResourceId.value]" + "deployDefender": { + "value": "[parameters('deployDefender')]" }, - "hybridUseBenefit": { - "value": "[parameters('hybridUseBenefit')]" + "deployNetworkWatcher": { + "value": "[parameters('deployNetworkWatcher')]" }, - "identifier": { - "value": "[parameters('identifier')]" + "deployPolicy": { + "value": "[parameters('deployPolicy')]" }, - "imageDefinitionNamePrefix": { - "value": "arcgis-pro" + "domainJoinPassword": { + "value": "[parameters('domainJoinPassword')]" }, - "imageMajorVersion": { - "value": 1 + "domainJoinUserPrincipalName": { + "value": "[format('{0}@{1}', parameters('domainJoinUsername'), parameters('domainName'))]" }, - "imagePatchVersion": { - "value": 0 + "domainName": { + "value": "[parameters('domainName')]" }, - "installAccess": { - "value": false + "emailSecurityContact": { + "value": "[parameters('emailSecurityContact')]" }, - "installArcGisPro": { - "value": true + "environmentAbbreviation": { + "value": "dev" }, - "installExcel": { - "value": false + "fslogixStorageService": { + "value": "AzureNetAppFiles Premium" }, - "installOneDrive": { - "value": false + "hostPoolPublicNetworkAccess": { + "value": "Enabled" }, - "installOneNote": { - "value": false + "hubAzureFirewallResourceId": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-mission-landing-zone-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.azureFirewallResourceId.value]" }, - "installOutlook": { - "value": false + "hubVirtualNetworkResourceId": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-mission-landing-zone-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.hubVirtualNetworkResourceId.value]" }, - "installPowerPoint": { - "value": false + "identifier": { + "value": "[parameters('identifier')]" }, - "installProject": { - "value": false + "locationControlPlane": { + "value": "[parameters('location')]" }, - "installPublisher": { - "value": false + "locationVirtualMachines": { + "value": "[parameters('location')]" }, - "installSkypeForBusiness": { - "value": false + "operationsLogAnalyticsWorkspaceResourceId": { + "value": "[parameters('operationsLogAnalyticsWorkspaceResourceId')]" }, - "installTeams": { - "value": false + "organizationalUnitPath": { + "value": "[format('OU=AADDC Computers,DC={0}', replace(parameters('domainName'), '.', ',DC='))]" }, - "installVirtualDesktopOptimizationTool": { - "value": false + "securityPrincipals": { + "value": "[parameters('securityPrincipals')]" }, - "installVisio": { - "value": false + "sharedServicesSubnetResourceId": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-mission-landing-zone-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.sharedServicesSubnetResourceId.value]" }, - "installWord": { - "value": false + "subnetAddressPrefixes": { + "value": [ + "10.0.140.0/25" + ] }, - "localAdministratorPassword": { + "virtualMachinePassword": { "value": "[parameters('localAdministratorPassword')]" }, - "localAdministratorUsername": { - "value": "[parameters('localAdministratorUsername')]" - }, - "location": { - "value": "[parameters('location')]" - }, - "replicaCount": { - "value": 1 + "virtualMachineSize": { + "value": "[parameters('virtualMachineSize')]" }, - "sourceImageType": { - "value": "AzureMarketplace" + "virtualMachineUsername": { + "value": "[parameters('localAdministratorUsername')]" }, - "spokelogAnalyticsWorkspaceResourceId": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-mission-landing-zone-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.logAnalyticsWorkspaceResourceId.value]" + "virtualMachineVirtualCpuCount": { + "value": "[int(replace(replace(parameters('virtualMachineSize'), 'Standard_NV', ''), 'as_v4', ''))]" }, - "storageAccountResourceId": { - "value": "[parameters('storageAccountResourceId')]" + "virtualNetworkAddressPrefixes": { + "value": [ + "10.0.140.0/24" + ] }, - "virtualMachineSize": { - "value": "[parameters('virtualMachineSize')]" + "workspacePublicNetworkAccess": { + "value": "Enabled" } }, "template": { @@ -9089,117 +8665,167 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "2257313557829752087" + "version": "0.27.1.19265", + "templateHash": "9129577939878768654" } }, "parameters": { - "arcGisProInstaller": { + "activeDirectorySolution": { "type": "string", - "defaultValue": "", + "allowedValues": [ + "ActiveDirectoryDomainServices", + "MicrosoftEntraDomainServices", + "MicrosoftEntraId", + "MicrosoftEntraIdIntuneEnrollment" + ], "metadata": { - "description": "The file name of the ArcGIS Pro installer in Azure Blobs." + "description": "The service providing domain services for Azure Virtual Desktop. This is needed to properly configure the session hosts and if applicable, the Azure Storage Account." } }, - "azureFirewallResourceId": { + "artifactsContainerName": { + "type": "string", + "metadata": { + "description": "The name of the Azure Blobs container hosting the required artifacts." + } + }, + "artifactsStorageAccountResourceId": { + "type": "string", + "metadata": { + "description": "The resource ID for the storage account hosting the artifacts in Blob storage." + } + }, + "availability": { + "type": "string", + "defaultValue": "AvailabilityZones", + "allowedValues": [ + "AvailabilitySets", + "AvailabilityZones", + "None" + ], + "metadata": { + "description": "The desired availability option when deploying a pooled host pool. The best practice is to deploy to availability zones for the highest resilency and service level agreement." + } + }, + "avdAgentMsiName": { + "type": "string", + "metadata": { + "description": "The blob name of the MSI file for the AVD Agent installer. The file must be hosted in an Azure Blobs container with the other deployment artifacts." + } + }, + "avdAgentBootLoaderMsiName": { + "type": "string", + "metadata": { + "description": "The blob name of the MSI file for the AVD Agent Boot Loader installer. The file must be hosted in an Azure Blobs container with the other deployment artifacts." + } + }, + "avdObjectId": { "type": "string", "metadata": { - "description": "The resource ID for the Azure Firewall in the HUB." + "description": "The object ID for the Azure Virtual Desktop enterprise application in Microsoft Entra ID. The object ID can found by selecting Microsoft Applications using the Application type filter in the Enterprise Applications blade of Microsoft Entra ID." } }, - "computeGalleryImageResourceId": { + "azureNetAppFilesSubnetAddressPrefix": { "type": "string", "defaultValue": "", "metadata": { - "description": "The resource ID of the source compute gallery image." + "description": "The subnet address prefix for the Azure NetApp Files delegated subnet." } }, - "containerName": { + "azurePowerShellModuleMsiName": { "type": "string", "metadata": { - "description": "The name of the container in the storage account where the installer files are located." + "description": "The blob name of the MSI file for the Azure PowerShell Module installer. The file must be hosted in an Azure Blobs container with the other deployment artifacts." } }, - "customizations": { - "type": "array", - "defaultValue": [], + "customRdpProperty": { + "type": "string", + "defaultValue": "audiocapturemode:i:1;camerastoredirect:s:*;use multimon:i:0;drivestoredirect:s:;encode redirected video capture:i:1;redirected video capture encoding quality:i:1;audiomode:i:0;devicestoredirect:s:;redirectclipboard:i:0;redirectcomports:i:0;redirectlocation:i:1;redirectprinters:i:0;redirectsmartcards:i:1;redirectwebauthn:i:1;usbdevicestoredirect:s:;keyboardhook:i:2;", "metadata": { - "description": "The array of customizations to apply to the image." + "description": "The RDP properties to add or remove RDP functionality on the AVD host pool. The string must end with a semi-colon. Settings reference: https://learn.microsoft.com/windows-server/remote/remote-desktop-services/clients/rdp-files" } }, "deployActivityLogDiagnosticSetting": { "type": "bool", - "defaultValue": false, "metadata": { "description": "Choose whether to deploy a diagnostic setting for the Activity Log." } }, "deployDefender": { "type": "bool", - "defaultValue": false, - "metadata": { - "description": "Defender for Cloud enabled." - } - }, - "deploymentNameSuffix": { - "type": "string", - "defaultValue": "[utcNow('yyMMddHHs')]", "metadata": { - "description": "The suffix to append to deployment names." + "description": "Choose whether to deploy Defender for Cloud." } }, "deployNetworkWatcher": { "type": "bool", - "defaultValue": false, "metadata": { - "description": "Choose whether to deploy a network watcher for deployment location." + "description": "Choose whether to deploy Network Watcher for the deployment location." } }, "deployPolicy": { "type": "bool", - "defaultValue": false, "metadata": { - "description": "Deploy Policy enabled." + "description": "Choose whether to deploy a policy assignment." + } + }, + "deploymentNameSuffix": { + "type": "string", + "defaultValue": "[utcNow()]", + "metadata": { + "description": "A suffix to use for naming deployments uniquely. It defaults to the Bicep resolution of the \"utcNow()\" function." } }, - "distributionGroup": { + "desktopFriendlyName": { "type": "string", "defaultValue": "", "metadata": { - "description": "The distribution group for email notifications." + "description": "The friendly name for the SessionDesktop application in the desktop application group." + } + }, + "diskSku": { + "type": "string", + "defaultValue": "Premium_LRS", + "allowedValues": [ + "Standard_LRS", + "StandardSSD_LRS", + "Premium_LRS" + ], + "metadata": { + "description": "The storage SKU for the managed disks on the AVD session hosts. Production deployments should use Premium_LRS." } }, "domainJoinPassword": { "type": "securestring", "defaultValue": "", "metadata": { - "description": "The password for the domain join account." + "description": "The password for the account to domain join the AVD session hosts." } }, "domainJoinUserPrincipalName": { "type": "string", "defaultValue": "", "metadata": { - "description": "The user principal name for the domain join account." + "description": "The user principal name for the account to domain join the AVD session hosts." } }, "domainName": { "type": "string", "defaultValue": "", "metadata": { - "description": "The domain name to join." + "description": "The name of the domain that provides ADDS to the AVD session hosts." } }, - "emailSecurityContact": { - "type": "string", + "drainMode": { + "type": "bool", + "defaultValue": false, "metadata": { - "description": "The email address for the security contact." + "description": "The drain mode option enables drain mode for the sessions hosts in this deployment to prevent users from accessing the hosts until they have been validated." } }, - "enableBuildAutomation": { - "type": "bool", + "emailSecurityContact": { + "type": "string", "metadata": { - "description": "Determines whether to enable build automation." + "description": "The email address to use for Defender for Cloud notifications." } }, "environmentAbbreviation": { @@ -9211,810 +8837,435 @@ "test" ], "metadata": { - "description": "The abbreviation for the environment." + "description": "The abbreviation for the target environment." } }, - "excludeFromLatest": { - "type": "bool", - "defaultValue": true, + "fslogixShareSizeInGB": { + "type": "int", + "defaultValue": 100, "metadata": { - "description": "Determines whether to exclude the image from the latest version." + "description": "The file share size(s) in GB for the Fslogix storage solution." } }, - "exemptPolicyAssignmentIds": { - "type": "array", - "defaultValue": [], + "fslogixContainerType": { + "type": "string", + "defaultValue": "ProfileContainer", + "allowedValues": [ + "CloudCacheProfileContainer", + "CloudCacheProfileOfficeContainer", + "ProfileContainer", + "ProfileOfficeContainer" + ], "metadata": { - "description": "The array of policy assignment IDs to exempt to prevent issues with the build process." + "description": "If deploying FSLogix, select the desired type of container for user profiles. https://learn.microsoft.com/en-us/fslogix/concepts-container-types" } }, - "hubVirtualNetworkResourceId": { + "fslogixStorageService": { "type": "string", + "defaultValue": "AzureFiles Standard", + "allowedValues": [ + "AzureNetAppFiles Premium", + "AzureNetAppFiles Standard", + "AzureFiles Premium", + "AzureFiles Standard", + "None" + ], "metadata": { - "description": "The resource ID for the hub virtual network." + "description": "Enable an Fslogix storage option to manage user profiles for the AVD session hosts. The selected service & SKU should provide sufficient IOPS for all of your users. https://docs.microsoft.com/en-us/azure/architecture/example-scenario/wvd/windows-virtual-desktop-fslogix#performance-requirements" } }, - "hybridUseBenefit": { - "type": "bool", + "hostPoolPublicNetworkAccess": { + "type": "string", + "allowedValues": [ + "Disabled", + "Enabled", + "EnabledForClientsOnly", + "EnabledForSessionHostsOnly" + ], "metadata": { - "description": "Determines whether to use the hybrid use benefit." + "description": "The type of public network access for the host pool." } }, - "identifier": { + "hostPoolType": { "type": "string", + "defaultValue": "Pooled DepthFirst", + "allowedValues": [ + "Pooled DepthFirst", + "Pooled BreadthFirst", + "Personal Automatic", + "Personal Direct" + ], "metadata": { - "description": "The identifier for the resource names. This value should represent the workload, project, or business unit." + "description": "These options specify the host pool type and depending on the type provides the load balancing options and assignment types." } }, - "imageDefinitionNamePrefix": { + "hubAzureFirewallResourceId": { "type": "string", "metadata": { - "description": "The name prefix for the image definition resource." + "description": "The resource ID for the Azure Firewall in the HUB subscription" } }, - "imageMajorVersion": { - "type": "int", + "hubVirtualNetworkResourceId": { + "type": "string", "metadata": { - "description": "The major version for the name of the image version resource." + "description": "The resource ID for the Azure Virtual Network in the HUB subscription." } }, - "imagePatchVersion": { - "type": "int", + "identifier": { + "type": "string", + "defaultValue": "avd", + "maxLength": 3, "metadata": { - "description": "The patch version for the name of the image version resource." + "description": "The unique identifier between each business unit or project supporting AVD in your tenant. This is the unique naming component between each AVD stamp." } }, - "installAccess": { - "type": "bool", + "imageVersionResourceId": { + "type": "string", + "defaultValue": "", "metadata": { - "description": "Determines whether to install Access." + "description": "The resource ID for the Compute Gallery Image Version. Do not set this value if using a marketplace image." } }, - "installArcGisPro": { - "type": "bool", + "imageOffer": { + "type": "string", + "defaultValue": "office-365", "metadata": { - "description": "Determines whether to install ArcGIS Pro." + "description": "Offer for the virtual machine image" } }, - "installExcel": { - "type": "bool", + "imagePublisher": { + "type": "string", + "defaultValue": "MicrosoftWindowsDesktop", "metadata": { - "description": "Determines whether to install Excel." + "description": "Publisher for the virtual machine image" } }, - "installOneDrive": { - "type": "bool", + "imageSku": { + "type": "string", + "defaultValue": "win11-22h2-avd-m365", "metadata": { - "description": "Determines whether to install OneDrive." + "description": "SKU for the virtual machine image" } }, - "installOneNote": { - "type": "bool", + "locationControlPlane": { + "type": "string", + "defaultValue": "[deployment().location]", "metadata": { - "description": "Determines whether to install OneNote." + "description": "The deployment location for the AVD management resources." } }, - "installOutlook": { - "type": "bool", + "locationVirtualMachines": { + "type": "string", + "defaultValue": "[deployment().location]", "metadata": { - "description": "Determines whether to install Outlook." + "description": "The deployment location for the AVD sessions hosts." } }, - "installPowerPoint": { - "type": "bool", + "logAnalyticsWorkspaceRetention": { + "type": "int", + "defaultValue": 30, + "minValue": 30, + "maxValue": 730, "metadata": { - "description": "Determines whether to install PowerPoint." + "description": "The retention for the Log Analytics Workspace to setup the AVD monitoring solution" } }, - "installProject": { - "type": "bool", + "logAnalyticsWorkspaceSku": { + "type": "string", + "defaultValue": "PerGB2018", + "allowedValues": [ + "Free", + "Standard", + "Premium", + "PerNode", + "PerGB2018", + "Standalone", + "CapacityReservation" + ], "metadata": { - "description": "Determines whether to install Project." + "description": "The SKU for the Log Analytics Workspace to setup the AVD monitoring solution" } }, - "installPublisher": { + "monitoring": { "type": "bool", + "defaultValue": true, "metadata": { - "description": "Determines whether to install Publisher." + "description": "Deploys the required monitoring resources to enable AVD Insights and monitor features in the automation account." } }, - "installSkypeForBusiness": { - "type": "bool", + "operationsLogAnalyticsWorkspaceResourceId": { + "type": "string", "metadata": { - "description": "Determines whether to install Skype for Business." + "description": "The resource ID of the Log Analytics Workspace to use for log storage." } }, - "installTeams": { - "type": "bool", + "organizationalUnitPath": { + "type": "string", + "defaultValue": "", "metadata": { - "description": "Determines whether to install Teams." + "description": "The distinguished name for the target Organization Unit in Active Directory Domain Services." } }, - "installUpdates": { - "type": "bool", - "defaultValue": false, + "policy": { + "type": "string", + "defaultValue": "NISTRev4", "metadata": { - "description": "Determines whether to install Microsoft/Windows Updates." + "description": "The policy to assign to the workload." } }, - "installVirtualDesktopOptimizationTool": { + "recoveryServices": { "type": "bool", + "defaultValue": false, "metadata": { - "description": "Determines whether to install the Virtual Desktop Optimization Tool." - } - }, - "installVisio": { - "type": "bool", - "metadata": { - "description": "Determines whether to install Visio." - } - }, - "installWord": { - "type": "bool", - "metadata": { - "description": "Determines whether to install Word." - } - }, - "localAdministratorPassword": { - "type": "securestring", - "metadata": { - "description": "The password for the local administrator account." - } - }, - "localAdministratorUsername": { - "type": "string", - "metadata": { - "description": "The username for the local administrator account." - } - }, - "location": { - "type": "string", - "defaultValue": "[deployment().location]", - "metadata": { - "description": "The location for the resources." - } - }, - "logAnalyticsWorkspaceResourceId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "The resource ID of the log analytics workspace if using build automation and desired." + "description": "Enable backups to an Azure Recovery Services vault. For a pooled host pool this will enable backups on the Azure file share. For a personal host pool this will enable backups on the AVD sessions hosts." } }, - "logStorageSkuName": { + "scalingBeginPeakTime": { "type": "string", - "defaultValue": "Standard_GRS", + "defaultValue": "9:00", "metadata": { - "description": "The Storage Account SKU to use for log storage. It defaults to \"Standard_GRS\". See https://docs.microsoft.com/en-us/rest/api/storagerp/srp_sku_types for valid settings." + "description": "The time when session hosts will scale up and continue to stay on to support peak demand; Format 24 hours e.g. 9:00 for 9am" } }, - "marketplaceImageOffer": { + "scalingEndPeakTime": { "type": "string", - "defaultValue": "", + "defaultValue": "17:00", "metadata": { - "description": "The marketplace image offer." + "description": "The time when session hosts will scale down and stay off to support low demand; Format 24 hours e.g. 17:00 for 5pm" } }, - "marketplaceImagePublisher": { + "scalingLimitSecondsToForceLogOffUser": { "type": "string", - "defaultValue": "", + "defaultValue": "0", "metadata": { - "description": "The marketplace image publisher." + "description": "The number of seconds to wait before automatically signing out users. If set to 0 any session host that has user sessions will be left untouched" } }, - "marketplaceImageSKU": { + "scalingMinimumNumberOfRdsh": { "type": "string", - "defaultValue": "", + "defaultValue": "0", "metadata": { - "description": "The marketplace image SKU." + "description": "The minimum number of session host VMs to keep running during off-peak hours. The scaling tool will not work if all virtual machines are turned off and the Start VM On Connect solution is not enabled." } }, - "msrdcwebrtcsvcInstaller": { + "scalingSessionThresholdPerCPU": { "type": "string", - "defaultValue": "", - "metadata": { - "description": "The file name of the msrdcwebrtcsvc installer in Azure Blobs." - } - }, - "networkSecurityGroupDiagnosticsLogs": { - "type": "array", - "defaultValue": [ - { - "category": "NetworkSecurityGroupEvent", - "enabled": true - }, - { - "category": "NetworkSecurityGroupRuleCounter", - "enabled": true - } - ], + "defaultValue": "1", "metadata": { - "description": "The network security group diagnostics logs to apply to the subnet." + "description": "The maximum number of sessions per CPU that will be used as a threshold to determine when new session host VMs need to be started during peak hours" } }, - "networkSecurityGroupDiagnosticsMetrics": { - "type": "array", - "defaultValue": [], + "scalingTool": { + "type": "bool", + "defaultValue": false, "metadata": { - "description": "The network security group diagnostics metrics to apply to the subnet." + "description": "Deploys the required resources for the Scaling Tool. https://docs.microsoft.com/en-us/azure/virtual-desktop/scaling-automation-logic-apps" } }, - "networkSecurityGroupRules": { + "securityPrincipals": { "type": "array", - "defaultValue": [], - "metadata": { - "description": "The network security group rules to apply to the subnet." - } - }, - "officeInstaller": { - "type": "string", - "defaultValue": "", "metadata": { - "description": "The file name of the Office installer in Azure Blobs." - } - }, - "oUPath": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "The distinguished name of the organizational unit to join." + "description": "The array of Security Principals with their object IDs and display names to assign to the AVD Application Group and FSLogix Storage." } }, - "policy": { - "type": "string", - "defaultValue": "", + "sessionHostCount": { + "type": "int", + "defaultValue": 1, + "minValue": 0, + "maxValue": 5000, "metadata": { - "description": "The policy name" + "description": "The number of session hosts to deploy in the host pool. Ensure you have the approved quota to deploy the desired count." } }, - "replicaCount": { + "sessionHostIndex": { "type": "int", + "defaultValue": 0, + "minValue": 0, + "maxValue": 4999, "metadata": { - "description": "The count of replicas for the image version resource." + "description": "The starting number for the session hosts. This is important when adding virtual machines to ensure an update deployment is not performed on an existing, active session host." } }, - "sourceImageType": { + "sharedServicesSubnetResourceId": { "type": "string", - "allowedValues": [ - "AzureComputeGallery", - "AzureMarketplace" - ], "metadata": { - "description": "The type of source image." + "description": "The resource ID for the subnet in the Shared Services subscription. This is required for the private endpoint on the AVD Global Workspace." } }, - "spokelogAnalyticsWorkspaceResourceId": { - "type": "string", + "stampIndex": { + "type": "int", + "defaultValue": 0, + "minValue": 0, + "maxValue": 9, "metadata": { - "description": "The resource ID of the log analytics workspace if using build automation and desired." + "description": "The stamp index allows for multiple AVD stamps with the same business unit or project to support different use cases. For example, \"0\" could be used for an office workers host pool and \"1\" could be used for a developers host pool within the \"finance\" business unit." } }, - "storageAccountResourceId": { - "type": "string", + "storageCount": { + "type": "int", + "defaultValue": 1, + "minValue": 0, + "maxValue": 100, "metadata": { - "description": "The resource ID of the storage account where the installers and scripts are stored in Azure Blobs." + "description": "The number of storage accounts to deploy to support sharding across multiple storage accounts. https://docs.microsoft.com/en-us/azure/architecture/patterns/sharding" } }, - "subnetAddressPrefix": { - "type": "string", - "defaultValue": "10.0.134.0/24", + "storageIndex": { + "type": "int", + "defaultValue": 0, + "minValue": 0, + "maxValue": 99, "metadata": { - "description": "The subnet address prefix." + "description": "The starting number for the names of the storage accounts to support sharding across multiple storage accounts. https://docs.microsoft.com/en-us/azure/architecture/patterns/sharding" } }, - "supportedClouds": { + "subnetAddressPrefixes": { "type": "array", "defaultValue": [ - "AzureCloud", - "AzureUSGovernment" + "10.0.140.0/24" ], + "minLength": 1, + "maxLength": 2, "metadata": { - "description": "The array of supported clouds for specific deployments." + "description": "The address prefix(es) for the new subnet(s) that will be created in the spoke virtual network(s). Specify only one address prefix in the array if the session hosts location and the control plan location are the same. If different locations are specified, add a second address prefix for the hosts virtual network." } }, "tags": { "type": "object", "defaultValue": {}, "metadata": { - "description": "The key value pairs of meta data to apply to the resources." + "description": "The Key / value pairs of metadata for the Azure resource groups and resources." } }, - "teamsInstaller": { - "type": "string", - "defaultValue": "", + "usersPerCore": { + "type": "int", + "defaultValue": 1, "metadata": { - "description": "The file name of the Teams installer in Azure Blobs." + "description": "The number of users per core is used to determine the maximum number of users per session host." } }, - "updateService": { - "type": "string", - "defaultValue": "MU", - "allowedValues": [ - "WU", - "MU", - "WSUS", - "DCAT", - "STORE", - "OTHER" - ], + "validationEnvironment": { + "type": "bool", + "defaultValue": false, "metadata": { - "description": "Determines if the updates service. (Default: 'MU')" + "description": "The validation environment setting on the AVD host pool determines whether the hostpool should receive AVD preview features for testing." } }, - "vcRedistInstaller": { - "type": "string", - "defaultValue": "", + "virtualMachineVirtualCpuCount": { + "type": "int", "metadata": { - "description": "The file name of the vcRedist installer in Azure Blobs." + "description": "The number of virtual CPUs per virtual machine for the selected virtual machine size." } }, - "vDOTInstaller": { + "virtualMachineMonitoringAgent": { "type": "string", - "defaultValue": "", + "defaultValue": "LogAnalyticsAgent", + "allowedValues": [ + "AzureMonitorAgent", + "LogAnalyticsAgent" + ], "metadata": { - "description": "The file name of the vDOT installer in Azure Blobs." + "description": "Input the desired monitoring agent to send events and performance counters to a log analytics workspace." } }, - "virtualMachineSize": { - "type": "string", + "virtualMachinePassword": { + "type": "securestring", "metadata": { - "description": "The size of the image virtual machine." + "description": "The local administrator password for the AVD session hosts" } }, - "virtualNetworkAddressPrefix": { + "virtualMachineSize": { "type": "string", - "defaultValue": "10.0.134.0/24", + "defaultValue": "Standard_D4ads_v5", "metadata": { - "description": "The virtual network address prefix." + "description": "The virtual machine SKU for the AVD session hosts." } }, - "virtualNetworkDiagnosticsLogs": { - "type": "array", - "defaultValue": [], + "virtualMachineUsername": { + "type": "string", "metadata": { - "description": "The logs for the diagnostic setting on the virtual network." + "description": "The local administrator username for the AVD session hosts" } }, - "virtualNetworkDiagnosticsMetrics": { + "virtualNetworkAddressPrefixes": { "type": "array", - "defaultValue": [], - "metadata": { - "description": "The metrics for the diagnostic setting on the virtual network." - } - }, - "workloadName": { - "type": "string", - "defaultValue": "imaging", + "defaultValue": [ + "10.0.140.0/24" + ], "minLength": 1, - "maxLength": 10, + "maxLength": 2, "metadata": { - "description": "The name of the workload." + "description": "The address prefix for the new spoke virtual network(s). Specify only one address prefix in the array if the session hosts location and the control plan location are the same. If different locations are specified, add a second address prefix for the hosts virtual network." } }, - "workloadShortName": { + "workspaceFriendlyName": { "type": "string", - "defaultValue": "img", - "minLength": 1, - "maxLength": 3, + "defaultValue": "", "metadata": { - "description": "The short name of the workload." + "description": "The friendly name for the AVD workspace that is displayed in the end-user client." } }, - "wsusServer": { + "workspacePublicNetworkAccess": { "type": "string", - "defaultValue": "", + "allowedValues": [ + "Disabled", + "Enabled" + ], "metadata": { - "description": "The WSUS Server Url if WSUS is specified. (i.e., https://wsus.corp.contoso.com:8531)" + "description": "The public network access setting on the AVD workspace either disables public network access or allows both public and private network access." } } }, "variables": { - "$fxv#0": { - "AzureChina": { - "chinaeast": { - "abbreviation": "cne", - "recoveryServicesGeo": "sha", - "timeDifference": "+8:00", - "timeZone": "China Standard Time" - }, - "chinaeast2": { - "abbreviation": "cne2", - "recoveryServicesGeo": "sha2", - "timeDifference": "+8:00", - "timeZone": "China Standard Time" - }, - "chinanorth": { - "abbreviation": "cnn", - "recoveryServicesGeo": "bjb", - "timeDifference": "+8:00", - "timeZone": "China Standard Time" - }, - "chinanorth2": { - "abbreviation": "cnn2", - "recoveryServicesGeo": "bjb2", - "timeDifference": "+8:00", - "timeZone": "China Standard Time" - } - }, - "AzureCloud": { - "australiacentral": { - "abbreviation": "auc", - "recoveryServicesGeo": "acl", - "timeDifference": "+10:00", - "timeZone": "AUS Eastern Standard Time" - }, - "australiacentral2": { - "abbreviation": "auc2", - "recoveryServicesGeo": "acl2", - "timeDifference": "+10:00", - "timeZone": "AUS Eastern Standard Time" - }, - "australiaeast": { - "abbreviation": "aue", - "recoveryServicesGeo": "ae", - "timeDifference": "+10:00", - "timeZone": "AUS Eastern Standard Time" - }, - "australiasoutheast": { - "abbreviation": "ause", - "recoveryServicesGeo": "ase", - "timeDifference": "+10:00", - "timeZone": "AUS Eastern Standard Time" - }, - "brazilsouth": { - "abbreviation": "brs", - "recoveryServicesGeo": "brs", - "timeDifference": "-3:00", - "timeZone": "E. South America Standard Time" - }, - "brazilsoutheast": { - "abbreviation": "brse", - "recoveryServicesGeo": "bse", - "timeDifference": "-3:00", - "timeZone": "E. South America Standard Time" - }, - "canadacentral": { - "abbreviation": "cac", - "recoveryServicesGeo": "cnc", - "timeDifference": "-5:00", - "timeZone": "Eastern Standard Time" - }, - "canadaeast": { - "abbreviation": "cae", - "recoveryServicesGeo": "cne", - "timeDifference": "-5:00", - "timeZone": "Eastern Standard Time" - }, - "centralindia": { - "abbreviation": "inc", - "recoveryServicesGeo": "inc", - "timeDifference": "+5:30", - "timeZone": "India Standard Time" - }, - "centralus": { - "abbreviation": "usc", - "recoveryServicesGeo": "cus", - "timeDifference": "-6:00", - "timeZone": "Central Standard Time" - }, - "eastasia": { - "abbreviation": "ase", - "recoveryServicesGeo": "ea", - "timeDifference": "+8:00", - "timeZone": "China Standard Time" - }, - "eastus": { - "abbreviation": "use", - "recoveryServicesGeo": "eus", - "timeDifference": "-5:00", - "timeZone": "Eastern Standard Time" - }, - "eastus2": { - "abbreviation": "use2", - "recoveryServicesGeo": "eus2", - "timeDifference": "-5:00", - "timeZone": "Eastern Standard Time" - }, - "francecentral": { - "abbreviation": "frc", - "recoveryServicesGeo": "frc", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "francesouth": { - "abbreviation": "frs", - "recoveryServicesGeo": "frs", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "germanynorth": { - "abbreviation": "den", - "recoveryServicesGeo": "gn", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "germanywestcentral": { - "abbreviation": "dewc", - "recoveryServicesGeo": "gwc", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "israelcentral": { - "abbreviation": "ilc", - "recoveryServicesGeo": "ilc", - "timeDifference": "+2:00", - "timeZone": "Israel Standard Time" - }, - "italynorth": { - "abbreviation": "itn", - "recoveryServicesGeo": "itn", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "japaneast": { - "abbreviation": "jpe", - "recoveryServicesGeo": "jpe", - "timeDifference": "+9:00", - "timeZone": "Tokyo Standard Time" - }, - "japanwest": { - "abbreviation": "jpw", - "recoveryServicesGeo": "jpw", - "timeDifference": "+9:00", - "timeZone": "Tokyo Standard Time" - }, - "jioindiacentral": { - "abbreviation": "injc", - "recoveryServicesGeo": "jic", - "timeDifference": "+5:30", - "timeZone": "India Standard Time" - }, - "jioindiawest": { - "abbreviation": "injw", - "recoveryServicesGeo": "jiw", - "timeDifference": "+5:30", - "timeZone": "India Standard Time" - }, - "koreacentral": { - "abbreviation": "krc", - "recoveryServicesGeo": "krc", - "timeDifference": "+9:00", - "timeZone": "Korea Standard Time" - }, - "koreasouth": { - "abbreviation": "krs", - "recoveryServicesGeo": "krs", - "timeDifference": "+9:00", - "timeZone": "Korea Standard Time" - }, - "northcentralus": { - "abbreviation": "usnc", - "recoveryServicesGeo": "ncus", - "timeDifference": "-6:00", - "timeZone": "Central Standard Time" - }, - "northeurope": { - "abbreviation": "eun", - "recoveryServicesGeo": "ne", - "timeDifference": "0:00", - "timeZone": "GMT Standard Time" - }, - "norwayeast": { - "abbreviation": "noe", - "recoveryServicesGeo": "nwe", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "norwaywest": { - "abbreviation": "now", - "recoveryServicesGeo": "nww", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "polandcentral": { - "abbreviation": "plc", - "recoveryServicesGeo": "plc", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "qatarcentral": { - "abbreviation": "qac", - "recoveryServicesGeo": "qac", - "timeDifference": "+3:00", - "timeZone": "Arabian Standard Time" - }, - "southafricanorth": { - "abbreviation": "zan", - "recoveryServicesGeo": "san", - "timeDifference": "+2:00", - "timeZone": "South Africa Standard Time" - }, - "southafricawest": { - "abbreviation": "zaw", - "recoveryServicesGeo": "saw", - "timeDifference": "+2:00", - "timeZone": "South Africa Standard Time" - }, - "southcentralus": { - "abbreviation": "ussc", - "recoveryServicesGeo": "scus", - "timeDifference": "-6:00", - "timeZone": "Central Standard Time" - }, - "southeastasia": { - "abbreviation": "asse", - "recoveryServicesGeo": "sea", - "timeDifference": "+8:00", - "timeZone": "Singapore Standard Time" - }, - "southindia": { - "abbreviation": "ins", - "recoveryServicesGeo": "ins", - "timeDifference": "+5:30", - "timeZone": "India Standard Time" - }, - "swedencentral": { - "abbreviation": "sec", - "recoveryServicesGeo": "sdc", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "switzerlandnorth": { - "abbreviation": "chn", - "recoveryServicesGeo": "szn", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "switzerlandwest": { - "abbreviation": "chw", - "recoveryServicesGeo": "szw", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "uaecentral": { - "abbreviation": "aec", - "recoveryServicesGeo": "uac", - "timeDifference": "+3:00", - "timeZone": "Arabian Standard Time" - }, - "uaenorth": { - "abbreviation": "aen", - "recoveryServicesGeo": "uan", - "timeDifference": "+3:00", - "timeZone": "Arabian Standard Time" - }, - "uksouth": { - "abbreviation": "uks", - "recoveryServicesGeo": "uks", - "timeDifference": "0:00", - "timeZone": "GMT Standard Time" - }, - "ukwest": { - "abbreviation": "ukw", - "recoveryServicesGeo": "ukw", - "timeDifference": "0:00", - "timeZone": "GMT Standard Time" - }, - "westcentralus": { - "abbreviation": "uswc", - "recoveryServicesGeo": "wcus", - "timeDifference": "-7:00", - "timeZone": "Mountain Standard Time" - }, - "westeurope": { - "abbreviation": "euw", - "recoveryServicesGeo": "we", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "westindia": { - "abbreviation": "inw", - "recoveryServicesGeo": "inw", - "timeDifference": "+5:30", - "timeZone": "India Standard Time" - }, - "westus": { - "abbreviation": "usw", - "recoveryServicesGeo": "wus", - "timeDifference": "-8:00", - "timeZone": "Pacific Standard Time" - }, - "westus2": { - "abbreviation": "usw2", - "recoveryServicesGeo": "wus2", - "timeDifference": "-8:00", - "timeZone": "Pacific Standard Time" - }, - "westus3": { - "abbreviation": "usw3", - "recoveryServicesGeo": "wus3", - "timeDifference": "-7:00", - "timeZone": "Mountain Standard Time" - } - }, - "AzureUSGovernment": { - "usdodcentral": { - "abbreviation": "dodc", - "recoveryServicesGeo": "udc", - "timeDifference": "-6:00", - "timeZone": "Central Standard Time" - }, - "usdodeast": { - "abbreviation": "dode", - "recoveryServicesGeo": "ude", - "timeDifference": "-5:00", - "timeZone": "Eastern Standard Time" - }, - "usgovarizona": { - "abbreviation": "az", - "recoveryServicesGeo": "uga", - "timeDifference": "-7:00", - "timeZone": "Mountain Standard Time" - }, - "usgovtexas": { - "abbreviation": "tx", - "recoveryServicesGeo": "ugt", - "timeDifference": "-6:00", - "timeZone": "Central Standard Time" - }, - "usgovvirginia": { - "abbreviation": "va", - "recoveryServicesGeo": "ugv", - "timeDifference": "-5:00", - "timeZone": "Eastern Standard Time" - } - }, - "USNat": { - "usnateast": { - "abbreviation": "east", - "recoveryServicesGeo": "exe", - "timeDifference": "-5:00", - "timeZone": "Eastern Standard Time" - }, - "usnatwest": { - "abbreviation": "west", - "recoveryServicesGeo": "exw", - "timeDifference": "-8:00", - "timeZone": "Pacific Standard Time" - } - }, - "USSec": { - "usseceast": { - "abbreviation": "east", - "recoveryServicesGeo": "rxe", - "timeDifference": "-5:00", - "timeZone": "Eastern Standard Time" - }, - "ussecwest": { - "abbreviation": "west", - "recoveryServicesGeo": "rxw", - "timeDifference": "-8:00", - "timeZone": "Pacific Standard Time" - } - } - }, - "automationAccountPrivateDnsZoneResourceId": "[resourceId(split(parameters('hubVirtualNetworkResourceId'), '/')[2], split(parameters('hubVirtualNetworkResourceId'), '/')[4], 'Microsoft.Network/privateDnsZones', format('privatelink.azure-automation.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureAutomation')[environment().name], variables('cloudSuffix'))))]", - "calculatedTags": "[union(parameters('tags'), variables('defaultTags'))]", - "cloudSuffix": "[replace(replace(environment().resourceManager, 'https://management.azure.', ''), '/', '')]", - "defaultTags": { - "DeploymentType": "MissionLandingZoneARM" - }, - "keyVaultPrivateDnsZoneResourceId": "[resourceId(split(parameters('hubVirtualNetworkResourceId'), '/')[2], split(parameters('hubVirtualNetworkResourceId'), '/')[4], 'Microsoft.Network/privateDnsZones', replace(format('privatelink{0}', environment().suffixes.keyvaultDns), 'vault', 'vaultcore'))]", - "imageDefinitionName": "[if(empty(parameters('computeGalleryImageResourceId')), format('{0}-{1}', parameters('imageDefinitionNamePrefix'), parameters('marketplaceImageSKU')), format('{0}-{1}', parameters('imageDefinitionNamePrefix'), split(parameters('computeGalleryImageResourceId'), '/')[10]))]", - "privateDnsZoneSuffixes_AzureAutomation": { - "AzureCloud": "net", - "AzureUSGovernment": "us", - "USNat": null, - "USSec": null + "maxResourcesPerTemplateDeployment": 88, + "divisionValue": "[div(parameters('sessionHostCount'), variables('maxResourcesPerTemplateDeployment'))]", + "divisionRemainderValue": "[mod(parameters('sessionHostCount'), variables('maxResourcesPerTemplateDeployment'))]", + "sessionHostBatchCount": "[if(greater(variables('divisionRemainderValue'), 0), add(variables('divisionValue'), 1), variables('divisionValue'))]", + "maxAvSetMembers": 200, + "beginAvSetRange": "[div(parameters('sessionHostIndex'), variables('maxAvSetMembers'))]", + "endAvSetRange": "[div(add(parameters('sessionHostCount'), parameters('sessionHostIndex')), variables('maxAvSetMembers'))]", + "availabilitySetsCount": "[length(range(variables('beginAvSetRange'), add(sub(variables('endAvSetRange'), variables('beginAvSetRange')), 1)))]", + "customImageId": "[if(empty(parameters('imageVersionResourceId')), 'null', format('\"{0}\"', parameters('imageVersionResourceId')))]", + "fileShares": "[variables('fileShareNames')[parameters('fslogixContainerType')]]", + "deployFslogix": "[if(or(equals(parameters('fslogixStorageService'), 'None'), not(contains(parameters('activeDirectorySolution'), 'DomainServices'))), false(), true())]", + "netbios": "[split(parameters('domainName'), '.')[0]]", + "pooledHostPool": "[if(equals(split(parameters('hostPoolType'), ' ')[0], 'Pooled'), true(), false())]", + "roleDefinitions": { + "DesktopVirtualizationPowerOnContributor": "489581de-a3bd-480d-9518-53dea7416b33", + "DesktopVirtualizationUser": "1d18fff3-a72a-46b5-b4a9-0b38a3cd7e63", + "Reader": "acdd72a7-3385-48ef-bd42-f606fba81ae7", + "VirtualMachineUserLogin": "fb879df8-f326-4884-b1cf-06f3ad86be52" + }, + "storageSku": "[if(equals(parameters('fslogixStorageService'), 'None'), 'None', split(parameters('fslogixStorageService'), ' ')[1])]", + "storageService": "[split(parameters('fslogixStorageService'), ' ')[0]]", + "storageSuffix": "[environment().suffixes.storage]", + "artifactsUri": "[format('https://{0}.blob.{1}/{2}/', variables('artifactsStorageAccountName'), environment().suffixes.storage, parameters('artifactsContainerName'))]", + "artifactsStorageAccountName": "[split(parameters('artifactsStorageAccountResourceId'), '/')[8]]", + "fileShareNames": { + "CloudCacheProfileContainer": [ + "profile-containers" + ], + "CloudCacheProfileOfficeContainer": [ + "office-containers", + "profile-containers" + ], + "ProfileContainer": [ + "profile-containers" + ], + "ProfileOfficeContainer": [ + "office-containers", + "profile-containers" + ] }, - "subscriptionId": "[subscription().subscriptionId]", - "locations": "[variables('$fxv#0')[environment().name]]" + "privateDnsZoneResourceIdPrefix": "[format('/subscriptions/{0}/resourceGroups/{1}/providers/Microsoft.Network/privateDnsZones/', split(parameters('hubVirtualNetworkResourceId'), '/')[2], split(parameters('hubVirtualNetworkResourceId'), '/')[4])]", + "deploymentLocations": "[union(createArray(parameters('locationControlPlane')), createArray(parameters('locationVirtualMachines')))]", + "resourceGroupServices": "[union(createArray('controlPlane', 'feedWorkspace', 'hosts', 'management'), if(variables('deployFslogix'), createArray('storage'), createArray()))]" }, "resources": [ { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('tier3-{0}', parameters('deploymentNameSuffix'))]", + "name": "[format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))]", "location": "[deployment().location]", "properties": { "expressionEvaluationOptions": { @@ -10022,15 +9273,13 @@ }, "mode": "Incremental", "parameters": { + "additionalSubnets": "[if(and(and(contains(parameters('fslogixStorageService'), 'AzureNetAppFiles'), not(empty(parameters('azureNetAppFilesSubnetAddressPrefix')))), equals(length(variables('deploymentLocations')), 1)), createObject('value', createArray(createObject('name', 'AzureNetAppFiles', 'addressPrefix', parameters('azureNetAppFilesSubnetAddressPrefix')))), createObject('value', createArray()))]", "deployActivityLogDiagnosticSetting": { "value": "[parameters('deployActivityLogDiagnosticSetting')]" }, "deployDefender": { "value": "[parameters('deployDefender')]" }, - "deploymentNameSuffix": { - "value": "[parameters('deploymentNameSuffix')]" - }, "deployNetworkWatcher": { "value": "[parameters('deployNetworkWatcher')]" }, @@ -10044,58 +9293,37 @@ "value": "[parameters('environmentAbbreviation')]" }, "firewallResourceId": { - "value": "[parameters('azureFirewallResourceId')]" + "value": "[parameters('hubAzureFirewallResourceId')]" }, "hubVirtualNetworkResourceId": { "value": "[parameters('hubVirtualNetworkResourceId')]" }, - "location": { - "value": "[parameters('location')]" + "identifier": { + "value": "[parameters('identifier')]" }, "logAnalyticsWorkspaceResourceId": { - "value": "[parameters('spokelogAnalyticsWorkspaceResourceId')]" - }, - "logStorageSkuName": { - "value": "[parameters('logStorageSkuName')]" - }, - "networkSecurityGroupDiagnosticsLogs": { - "value": "[parameters('networkSecurityGroupDiagnosticsLogs')]" - }, - "networkSecurityGroupDiagnosticsMetrics": { - "value": "[parameters('networkSecurityGroupDiagnosticsMetrics')]" - }, - "networkSecurityGroupRules": { - "value": "[parameters('networkSecurityGroupRules')]" + "value": "[parameters('operationsLogAnalyticsWorkspaceResourceId')]" }, "policy": { "value": "[parameters('policy')]" }, - "resourcePrefix": { - "value": "[parameters('identifier')]" - }, - "tags": { - "value": "[variables('calculatedTags')]" + "stampIndex": { + "value": "[string(parameters('stampIndex'))]" }, "subnetAddressPrefix": { - "value": "[parameters('subnetAddressPrefix')]" + "value": "[parameters('subnetAddressPrefixes')[0]]" }, - "supportedClouds": { - "value": "[parameters('supportedClouds')]" + "tags": { + "value": "[parameters('tags')]" }, "virtualNetworkAddressPrefix": { - "value": "[parameters('virtualNetworkAddressPrefix')]" - }, - "virtualNetworkDiagnosticsLogs": { - "value": "[parameters('virtualNetworkDiagnosticsLogs')]" - }, - "virtualNetworkDiagnosticsMetrics": { - "value": "[parameters('virtualNetworkDiagnosticsMetrics')]" + "value": "[parameters('virtualNetworkAddressPrefixes')[0]]" }, "workloadName": { - "value": "[parameters('workloadName')]" + "value": "avd" }, "workloadShortName": { - "value": "[parameters('workloadShortName')]" + "value": "avd" } }, "template": { @@ -10104,11 +9332,18 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "6273770388343340114" + "version": "0.27.1.19265", + "templateHash": "6877974702104389401" } }, "parameters": { + "additionalSubnets": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "An array of additional subnets to support the tier3 workload." + } + }, "deployActivityLogDiagnosticSetting": { "type": "bool", "metadata": { @@ -10170,6 +9405,29 @@ "description": "The resource ID of the HUB Virtual Network." } }, + "identifier": { + "type": "string", + "maxLength": 3, + "metadata": { + "description": "The identifier for the resource names. This value should represent the workload, project, or business unit." + } + }, + "keyVaultDiagnosticsLogs": { + "type": "array", + "defaultValue": [ + { + "category": "AuditEvent", + "enabled": true + }, + { + "category": "AzurePolicyEvaluationDetails", + "enabled": true + } + ], + "metadata": { + "description": "An array of Key Vault Diagnostic Logs categories to collect. See \"https://learn.microsoft.com/en-us/azure/key-vault/general/logging?tabs=Vault\" for valid values." + } + }, "location": { "type": "string", "defaultValue": "[deployment().location]", @@ -10222,16 +9480,16 @@ }, "policy": { "type": "string", + "defaultValue": "NISTRev4", "metadata": { "description": "The policy to assign to the workload." } }, - "resourcePrefix": { + "stampIndex": { "type": "string", - "minLength": 3, - "maxLength": 10, + "defaultValue": "", "metadata": { - "description": "A prefix, 3 to 10 characters in length, to append to resource names (e.g. \"dev\", \"test\", \"prod\", \"mlz\"). It defaults to \"mlz\"." + "description": "The stamp index allows for multiple AVD stamps with the same business unit or project to support different use cases." } }, "subnetAddressPrefix": { @@ -10240,16 +9498,6 @@ "description": "The address prefix for the workload subnet." } }, - "supportedClouds": { - "type": "array", - "defaultValue": [ - "AzureCloud", - "AzureUSGovernment" - ], - "metadata": { - "description": "The supported clouds for the deployment. It defaults to \"AzureCloud\" and \"AzureUSGovernment\"." - } - }, "tags": { "type": "object", "defaultValue": {}, @@ -10297,10 +9545,6 @@ } }, "variables": { - "calculatedTags": "[union(parameters('tags'), variables('defaultTags'))]", - "defaultTags": { - "DeploymentType": "MissionLandingZoneARM" - }, "hubResourceGroupName": "[split(parameters('hubVirtualNetworkResourceId'), '/')[4]]", "hubSubscriptionId": "[split(parameters('hubVirtualNetworkResourceId'), '/')[2]]", "subscriptionId": "[subscription().subscriptionId]" @@ -10309,7 +9553,7 @@ { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('get-naming-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))]", + "name": "[format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))]", "location": "[deployment().location]", "properties": { "expressionEvaluationOptions": { @@ -10317,14 +9561,37 @@ }, "mode": "Incremental", "parameters": { + "deploymentNameSuffix": { + "value": "[parameters('deploymentNameSuffix')]" + }, "environmentAbbreviation": { "value": "[parameters('environmentAbbreviation')]" }, "location": { "value": "[parameters('location')]" }, + "networks": { + "value": [ + { + "name": "[parameters('workloadName')]", + "shortName": "[parameters('workloadShortName')]", + "deployUniqueResources": false, + "subscriptionId": "[variables('subscriptionId')]", + "nsgDiagLogs": "[parameters('networkSecurityGroupDiagnosticsLogs')]", + "nsgDiagMetrics": "[parameters('networkSecurityGroupDiagnosticsMetrics')]", + "nsgRules": "[parameters('networkSecurityGroupRules')]", + "vnetAddressPrefix": "[parameters('virtualNetworkAddressPrefix')]", + "vnetDiagLogs": "[parameters('virtualNetworkDiagnosticsLogs')]", + "vnetDiagMetrics": "[parameters('virtualNetworkDiagnosticsMetrics')]", + "subnetAddressPrefix": "[parameters('subnetAddressPrefix')]" + } + ] + }, "resourcePrefix": { - "value": "[parameters('resourcePrefix')]" + "value": "[parameters('identifier')]" + }, + "stampIndex": { + "value": "[parameters('stampIndex')]" } }, "template": { @@ -10333,22 +9600,39 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "16223515126777270114" + "version": "0.27.1.19265", + "templateHash": "11171233226932915639" } }, "parameters": { + "deploymentNameSuffix": { + "type": "string" + }, "environmentAbbreviation": { "type": "string" }, "location": { "type": "string" }, + "networks": { + "type": "array" + }, "resourcePrefix": { "type": "string" + }, + "stampIndex": { + "type": "string", + "defaultValue": "" } }, "variables": { + "copy": [ + { + "name": "privateDnsZoneNames_Backup", + "count": "[length(items(variables('locations')))]", + "input": "[format('privatelink.{0}.backup.windowsazure.{1}', items(variables('locations'))[copyIndex('privateDnsZoneNames_Backup')].value.recoveryServicesGeo, coalesce(variables('privateDnsZoneSuffixes_Backup')[environment().name], variables('cloudSuffix')))]" + } + ], "$fxv#0": { "AzureChina": { "chinaeast": { @@ -10733,8 +10017,10 @@ } } }, - "$fxv#1": { + "$fxv#1": "1.0.0", + "$fxv#2": { "actionGroups": "ag", + "applicationGroups": "vdag", "automationAccounts": "aa", "availabilitySets": "avail", "azureFirewalls": "afw", @@ -10742,7 +10028,6 @@ "computeGallieries": "cg", "dataCollectionRuleAssociations": "dcra", "dataCollectionRules": "dcr", - "desktopApplicationGroups": "vdag", "diagnosticSettings": "diag", "diskAccesses": "da", "diskEncryptionSets": "des", @@ -10771,200 +10056,260 @@ "virtualNetworks": "vnet", "workspaces": "vdws" }, + "cloudSuffix": "[replace(replace(environment().resourceManager, 'https://management.', ''), '/', '')]", + "environmentName": { + "dev": "Development", + "prod": "Production", + "test": "Test" + }, "locations": "[variables('$fxv#0')[environment().name]]", - "locationAbbreviation": "[variables('locations')[parameters('location')].abbreviation]", - "resourceAbbreviations": "[variables('$fxv#1')]", - "resourceToken": "resource_token", - "serviceToken": "service_token", - "networkToken": "network_token", - "namingConvention": "[format('{0}-{1}-{2}-{3}-{4}-{5}', toLower(parameters('resourcePrefix')), variables('resourceToken'), variables('serviceToken'), variables('networkToken'), parameters('environmentAbbreviation'), variables('locationAbbreviation'))]", - "actionGroupNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').actionGroups)]", - "automationAccountNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').automationAccounts)]", - "bastionHostNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').bastionHosts)]", - "computeGalleryNamingConvention": "[replace(replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').computeGallieries), '-', '_')]", - "diskEncryptionSetNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').diskEncryptionSets)]", - "diskNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').disks)]", - "firewallNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').azureFirewalls)]", - "firewallPolicyNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').firewallPolicies)]", - "ipConfigurationNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').ipConfigurations)]", - "keyVaultNamingConvention": "[format('{0}unique_token', replace(replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').keyVaults), '-', ''))]", - "logAnalyticsWorkspaceNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').logAnalyticsWorkspaces)]", - "networkInterfaceNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').networkInterfaces)]", - "networkSecurityGroupNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').networkSecurityGroups)]", - "networkWatcherNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').networkWatchers)]", - "privateEndpointNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').privateEndpoints)]", - "privateLinkScopeName": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').privateLinkScopes)]", - "publicIpAddressNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').publicIPAddresses)]", - "resourceGroupNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').resourceGroups)]", - "routeTableNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').routeTables)]", - "storageAccountNamingConvention": "[toLower(format('{0}unique_token', replace(replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').storageAccounts), '-', '')))]", - "subnetNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').subnets)]", - "userAssignedIdentityNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').userAssignedIdentities)]", - "virtualMachineNamingConvention": "[replace(replace(replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').virtualMachines), '-', ''), parameters('environmentAbbreviation'), first(parameters('environmentAbbreviation')))]", - "virtualNetworkNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').virtualNetworks)]" - }, - "resources": [], - "outputs": { - "resources": { - "type": "object", - "value": { - "actionGroup": "[variables('actionGroupNamingConvention')]", - "automationAccount": "[variables('automationAccountNamingConvention')]", - "bastionHost": "[variables('bastionHostNamingConvention')]", - "computeGallery": "[variables('computeGalleryNamingConvention')]", - "diskEncryptionSet": "[variables('diskEncryptionSetNamingConvention')]", - "disk": "[variables('diskNamingConvention')]", - "firewall": "[variables('firewallNamingConvention')]", - "firewallPolicy": "[variables('firewallPolicyNamingConvention')]", - "ipConfiguration": "[variables('ipConfigurationNamingConvention')]", - "keyVault": "[variables('keyVaultNamingConvention')]", - "logAnalyticsWorkspace": "[variables('logAnalyticsWorkspaceNamingConvention')]", - "networkInterface": "[variables('networkInterfaceNamingConvention')]", - "networkSecurityGroup": "[variables('networkSecurityGroupNamingConvention')]", - "networkWatcher": "[variables('networkWatcherNamingConvention')]", - "privateEndpoint": "[variables('privateEndpointNamingConvention')]", - "privateLinkScope": "[variables('privateLinkScopeName')]", - "publicIpAddress": "[variables('publicIpAddressNamingConvention')]", - "resourceGroup": "[variables('resourceGroupNamingConvention')]", - "routeTable": "[variables('routeTableNamingConvention')]", - "storageAccount": "[variables('storageAccountNamingConvention')]", - "subnet": "[variables('subnetNamingConvention')]", - "userAssignedIdentity": "[variables('userAssignedIdentityNamingConvention')]", - "virtualMachine": "[variables('virtualMachineNamingConvention')]", - "virtualNetwork": "[variables('virtualNetworkNamingConvention')]" - } + "mlzTags": { + "environment": "[variables('environmentName')[parameters('environmentAbbreviation')]]", + "landingZoneName": "MissionLandingZone", + "landingZoneVersion": "[variables('$fxv#1')]", + "resourcePrefix": "[parameters('resourcePrefix')]" }, + "resourceAbbreviations": "[variables('$fxv#2')]", "tokens": { - "type": "object", - "value": { - "resource": "[variables('resourceToken')]", - "service": "[variables('serviceToken')]", - "network": "[variables('networkToken')]" - } - } - } - } - } - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))]", - "location": "[deployment().location]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "environmentAbbreviation": { - "value": "[parameters('environmentAbbreviation')]" - }, - "resourcePrefix": { - "value": "[parameters('resourcePrefix')]" - }, - "resources": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-naming-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.resources.value]" - }, - "subscriptionId": { - "value": "[variables('subscriptionId')]" - }, - "tokens": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-naming-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value]" - }, - "workloadName": { - "value": "[parameters('workloadName')]" - }, - "workloadShortName": { - "value": "[parameters('workloadShortName')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "6875432534491165308" - } - }, - "parameters": { - "environmentAbbreviation": { - "type": "string" - }, - "subscriptionId": { - "type": "string" + "resource": "resource_token", + "service": "service_token" }, - "resourcePrefix": { - "type": "string" + "privateDnsZoneNames": "[union(createArray(format('privatelink.agentsvc.azure-automation.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureAutomation')[environment().name], variables('cloudSuffix'))), format('privatelink.azure-automation.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureAutomation')[environment().name], variables('cloudSuffix'))), format('privatelink.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureWebSites')[environment().name], format('appservice.{0}', variables('cloudSuffix')))), format('scm.privatelink.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureWebSites')[environment().name], format('appservice.{0}', variables('cloudSuffix')))), format('privatelink.wvd.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureVirtualDesktop')[environment().name], variables('cloudSuffix'))), format('privatelink-global.wvd.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureVirtualDesktop')[environment().name], variables('cloudSuffix'))), format('privatelink.file.{0}', environment().suffixes.storage), format('privatelink.queue.{0}', environment().suffixes.storage), format('privatelink.table.{0}', environment().suffixes.storage), format('privatelink.blob.{0}', environment().suffixes.storage), format('privatelink{0}', replace(environment().suffixes.keyvaultDns, 'vault', 'vaultcore')), format('privatelink.monitor.{0}', coalesce(variables('privateDnsZoneSuffixes_Monitor')[environment().name], variables('cloudSuffix'))), format('privatelink.ods.opinsights.{0}', coalesce(variables('privateDnsZoneSuffixes_Monitor')[environment().name], variables('cloudSuffix'))), format('privatelink.oms.opinsights.{0}', coalesce(variables('privateDnsZoneSuffixes_Monitor')[environment().name], variables('cloudSuffix')))), variables('privateDnsZoneNames_Backup'))]", + "privateDnsZoneSuffixes_AzureAutomation": { + "AzureCloud": "net", + "AzureUSGovernment": "us", + "USNat": null, + "USSec": null }, - "resources": { - "type": "object" + "privateDnsZoneSuffixes_AzureVirtualDesktop": { + "AzureCloud": "microsoft.com", + "AzureUSGovernment": "azure.us", + "USNat": null, + "USSec": null }, - "tokens": { - "type": "object" + "privateDnsZoneSuffixes_AzureWebSites": { + "AzureCloud": "azurewebsites.net", + "AzureUSGovernment": "azurewebsites.us", + "USNat": null, + "USSec": null }, - "workloadName": { - "type": "string" + "privateDnsZoneSuffixes_Backup": { + "AzureCloud": "com", + "AzureUSGovernment": "us", + "USNat": null, + "USSec": null }, - "workloadShortName": { - "type": "string" + "privateDnsZoneSuffixes_Monitor": { + "AzureCloud": "azure.com", + "AzureUSGovernment": "azure.us", + "USNat": null, + "USSec": null } }, - "variables": { - "network": { - "name": "[parameters('workloadName')]", - "subscriptionId": "[parameters('subscriptionId')]", - "resourceGroupName": "[replace(replace(parameters('resources').resourceGroup, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, parameters('workloadName'))]", - "deployUniqueResources": true, - "actionGroupName": "[replace(replace(parameters('resources').actionGroup, parameters('tokens').service, ''), parameters('tokens').network, parameters('workloadName'))]", - "automationAccountName": "[replace(replace(parameters('resources').automationAccount, parameters('tokens').service, ''), parameters('tokens').network, parameters('workloadName'))]", - "bastionHostIPConfigurationName": "[replace(replace(parameters('resources').ipConfiguration, parameters('tokens').service, 'bas'), parameters('tokens').network, parameters('workloadName'))]", - "bastionHostName": "[replace(replace(parameters('resources').bastionHost, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, parameters('workloadName'))]", - "bastionHostPublicIPAddressName": "[replace(replace(parameters('resources').publicIpAddress, parameters('tokens').service, 'bas'), parameters('tokens').network, parameters('workloadName'))]", - "computeGalleryName": "[replace(replace(parameters('resources').computeGallery, format('_{0}', parameters('tokens').service), ''), parameters('tokens').network, parameters('workloadName'))]", - "diskEncryptionSetName": "[replace(replace(parameters('resources').diskEncryptionSet, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, parameters('workloadName'))]", - "firewallClientIpConfigurationName": "[replace(replace(parameters('resources').ipConfiguration, parameters('tokens').service, 'client-afw'), parameters('tokens').network, parameters('workloadName'))]", - "firewallClientPublicIPAddressName": "[replace(replace(parameters('resources').publicIpAddress, parameters('tokens').service, 'client-afw'), parameters('tokens').network, parameters('workloadName'))]", - "firewallManagementIpConfigurationName": "[replace(replace(parameters('resources').ipConfiguration, parameters('tokens').service, 'mgmt-afw'), parameters('tokens').network, parameters('workloadName'))]", - "firewallManagementPublicIPAddressName": "[replace(replace(parameters('resources').publicIpAddress, parameters('tokens').service, 'mgmt-afw'), parameters('tokens').network, parameters('workloadName'))]", - "firewallName": "[replace(replace(parameters('resources').firewall, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, parameters('workloadName'))]", - "firewallPolicyName": "[replace(replace(parameters('resources').firewallPolicy, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, parameters('workloadName'))]", - "keyVaultName": "[take(replace(replace(replace(parameters('resources').keyVault, parameters('tokens').service, ''), parameters('tokens').network, parameters('workloadShortName')), 'unique_token', uniqueString(parameters('resourcePrefix'), parameters('environmentAbbreviation'), parameters('subscriptionId'))), 24)]", - "keyVaultNetworkInterfaceName": "[replace(replace(parameters('resources').networkInterface, parameters('tokens').service, 'kv'), parameters('tokens').network, parameters('workloadName'))]", - "keyVaultPrivateEndpointName": "[replace(replace(parameters('resources').privateEndpoint, parameters('tokens').service, 'kv'), parameters('tokens').network, parameters('workloadName'))]", - "linuxDiskName": "[replace(replace(parameters('resources').disk, parameters('tokens').service, 'linux'), parameters('tokens').network, parameters('workloadName'))]", - "linuxNetworkInterfaceIpConfigurationName": "[replace(replace(parameters('resources').ipConfiguration, parameters('tokens').service, 'linux'), parameters('tokens').network, parameters('workloadName'))]", - "linuxNetworkInterfaceName": "[replace(replace(parameters('resources').networkInterface, parameters('tokens').service, 'linux'), parameters('tokens').network, parameters('workloadName'))]", - "linuxVmName": "[replace(replace(parameters('resources').virtualMachine, parameters('tokens').service, format('l{0}', parameters('tokens').service)), parameters('tokens').network, parameters('workloadShortName'))]", - "logStorageAccountName": "[take(replace(replace(replace(parameters('resources').storageAccount, parameters('tokens').service, ''), parameters('tokens').network, parameters('workloadShortName')), 'unique_token', uniqueString(parameters('resourcePrefix'), parameters('environmentAbbreviation'), parameters('subscriptionId'))), 24)]", - "logStorageAccountNetworkInterfaceNamePrefix": "[replace(replace(parameters('resources').networkInterface, parameters('tokens').service, format('{0}-st', parameters('tokens').service)), parameters('tokens').network, parameters('workloadName'))]", - "logStorageAccountPrivateEndpointNamePrefix": "[replace(replace(parameters('resources').privateEndpoint, parameters('tokens').service, format('{0}-st', parameters('tokens').service)), parameters('tokens').network, parameters('workloadName'))]", - "networkSecurityGroupName": "[replace(replace(parameters('resources').networkSecurityGroup, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, parameters('workloadName'))]", - "networkWatcherName": "[replace(replace(parameters('resources').networkWatcher, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, parameters('workloadName'))]", - "routeTableName": "[replace(replace(parameters('resources').routeTable, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, parameters('workloadName'))]", - "subnetName": "[replace(replace(parameters('resources').subnet, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, parameters('workloadName'))]", - "userAssignedIdentityName": "[replace(replace(parameters('resources').userAssignedIdentity, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, parameters('workloadName'))]", - "virtualNetworkName": "[replace(replace(parameters('resources').virtualNetwork, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, parameters('workloadName'))]", - "windowsDiskName": "[replace(replace(parameters('resources').disk, parameters('tokens').service, 'windows'), parameters('tokens').network, parameters('workloadName'))]", - "windowsNetworkInterfaceIpConfigurationName": "[replace(replace(parameters('resources').ipConfiguration, parameters('tokens').service, 'windows'), parameters('tokens').network, parameters('workloadName'))]", - "windowsNetworkInterfaceName": "[replace(replace(parameters('resources').networkInterface, parameters('tokens').service, 'windows'), parameters('tokens').network, parameters('workloadName'))]", - "windowsVmName": "[replace(replace(parameters('resources').virtualMachine, parameters('tokens').service, format('w{0}', parameters('tokens').service)), parameters('tokens').network, parameters('workloadShortName'))]" + "resources": [ + { + "copy": { + "name": "namingConventions", + "count": "[length(parameters('networks'))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('naming-convention-{0}-{1}', parameters('networks')[copyIndex()].name, parameters('deploymentNameSuffix'))]", + "location": "[deployment().location]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "locationAbbreviation": { + "value": "[variables('locations')[parameters('location')].abbreviation]" + }, + "environmentAbbreviation": { + "value": "[parameters('environmentAbbreviation')]" + }, + "networkName": { + "value": "[parameters('networks')[copyIndex()].name]" + }, + "networkShortName": { + "value": "[parameters('networks')[copyIndex()].shortName]" + }, + "resourceAbbreviations": { + "value": "[variables('resourceAbbreviations')]" + }, + "resourcePrefix": { + "value": "[parameters('resourcePrefix')]" + }, + "stampIndex": { + "value": "[parameters('stampIndex')]" + }, + "subscriptionId": { + "value": "[parameters('networks')[copyIndex()].subscriptionId]" + }, + "tokens": { + "value": "[variables('tokens')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "13218155481958331255" + } + }, + "parameters": { + "environmentAbbreviation": { + "type": "string" + }, + "locationAbbreviation": { + "type": "string" + }, + "networkName": { + "type": "string" + }, + "networkShortName": { + "type": "string" + }, + "resourceAbbreviations": { + "type": "object" + }, + "resourcePrefix": { + "type": "string" + }, + "stampIndex": { + "type": "string", + "defaultValue": "" + }, + "subscriptionId": { + "type": "string" + }, + "tokens": { + "type": "object" + } + }, + "variables": { + "namingConvention": "[format('{0}-{1}{2}-{3}-{4}-{5}', toLower(parameters('resourcePrefix')), if(empty(parameters('stampIndex')), '', format('{0}-', parameters('stampIndex'))), parameters('tokens').resource, parameters('networkName'), parameters('environmentAbbreviation'), parameters('locationAbbreviation'))]", + "namingConvention_Service": "[format('{0}-{1}{2}-{3}-{4}-{5}-{6}', toLower(parameters('resourcePrefix')), if(empty(parameters('stampIndex')), '', format('{0}-', parameters('stampIndex'))), parameters('tokens').resource, parameters('tokens').service, parameters('networkName'), parameters('environmentAbbreviation'), parameters('locationAbbreviation'))]", + "names": { + "actionGroup": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').actionGroups)]", + "applicationGroup": "[replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').applicationGroups)]", + "automationAccount": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').automationAccounts)]", + "automationAccountDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, parameters('resourceAbbreviations').automationAccounts)]", + "automationAccountNetworkInterface": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, parameters('resourceAbbreviations').automationAccounts)]", + "automationAccountPrivateEndpoint": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').privateEndpoints), parameters('tokens').service, parameters('resourceAbbreviations').automationAccounts)]", + "availabilitySet": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').availabilitySets)]", + "azureFirewall": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').azureFirewalls)]", + "azureFirewallClientPublicIPAddress": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').publicIpAddresses), parameters('tokens').service, format('client-{0}', parameters('resourceAbbreviations').azureFirewalls))]", + "azureFirewallClientPublicIPAddressDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, format('{0}-client-{1}', parameters('resourceAbbreviations').publicIpAddresses, parameters('resourceAbbreviations').azureFirewalls))]", + "azureFirewallDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, parameters('resourceAbbreviations').azureFirewalls)]", + "azureFirewallManagementPublicIPAddress": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').publicIpAddresses), parameters('tokens').service, format('mgmt-{0}', parameters('resourceAbbreviations').azureFirewalls))]", + "azureFirewallManagementPublicIPAddressDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, format('{0}-mgmt-{1}', parameters('resourceAbbreviations').publicIpAddresses, parameters('resourceAbbreviations').azureFirewalls))]", + "azureFirewallPolicy": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').firewallPolicies)]", + "bastionHost": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').bastionHosts)]", + "bastionHostPublicIPAddress": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').publicIpAddresses), parameters('tokens').service, parameters('resourceAbbreviations').bastionHosts)]", + "bastionHostPublicIPAddressDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, format('{0}-{1}', parameters('resourceAbbreviations').publicIpAddresses, parameters('resourceAbbreviations').bastionHosts))]", + "computeGallery": "[replace(replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').computeGallieries), '-', '_')]", + "dataCollectionRuleAssociation": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').dataCollectionRuleAssociations)]", + "dataCollectionRule": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').dataCollectionRules)]", + "diskAccess": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').diskAccesses)]", + "diskEncryptionSet": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').diskEncryptionSets)]", + "hostPool": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').hostPools)]", + "hostPoolDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, parameters('resourceAbbreviations').hostPools)]", + "hostPoolNetworkInterface": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, parameters('resourceAbbreviations').hostPools)]", + "hostPoolPrivateEndpoint": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').privateEndpoints), parameters('tokens').service, parameters('resourceAbbreviations').hostPools)]", + "keyVault": "[format('{0}{1}', replace(replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').keyVaults), '-', ''), parameters('networkName'), parameters('networkShortName')), uniqueString(parameters('resourcePrefix'), parameters('environmentAbbreviation'), parameters('subscriptionId')))]", + "keyVaultDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, format('{0}{1}', parameters('tokens').service, parameters('resourceAbbreviations').keyVaults))]", + "keyVaultNetworkInterface": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, format('{0}{1}', parameters('tokens').service, parameters('resourceAbbreviations').keyVaults))]", + "keyVaultPrivateEndpoint": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').privateEndpoints), parameters('tokens').service, format('{0}{1}', parameters('tokens').service, parameters('resourceAbbreviations').keyVaults))]", + "logAnalyticsWorkspace": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').logAnalyticsWorkspaces)]", + "logAnalyticsWorkspaceDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, parameters('resourceAbbreviations').logAnalyticsWorkspaces)]", + "netAppAccountCapacityPool": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').netAppCapacityPools)]", + "netAppAccount": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').netAppAccounts)]", + "networkSecurityGroup": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').networkSecurityGroups)]", + "networkSecurityGroupDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, parameters('resourceAbbreviations').networkSecurityGroups)]", + "networkWatcher": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').networkWatchers)]", + "privateLinkScope": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').privateLinkScopes)]", + "privateLinkScopeNetworkInterface": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, parameters('resourceAbbreviations').privateLinkScopes)]", + "privateLinkScopePrivateEndpoint": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').privateEndpoints), parameters('tokens').service, parameters('resourceAbbreviations').privateLinkScopes)]", + "recoveryServicesVault": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').recoveryServicesVaults)]", + "recoveryServicesNetworkInterface": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, parameters('resourceAbbreviations').recoveryServicesVaults)]", + "recoveryServicesPrivateEndpoint": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').privateEndpoints), parameters('tokens').service, parameters('resourceAbbreviations').recoveryServicesVaults)]", + "resourceGroup": "[replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').resourceGroups)]", + "routeTable": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').routeTables)]", + "storageAccount": "[toLower(take(format('{0}{1}', replace(replace(replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').storageAccounts), parameters('networkName'), parameters('networkShortName')), '-', ''), uniqueString(parameters('resourcePrefix'), parameters('environmentAbbreviation'), parameters('subscriptionId'))), 24))]", + "storageAccountNetworkInterface": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').storageAccounts))]", + "storageAccountPrivateEndpoint": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').privateEndpoints), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').storageAccounts))]", + "subnet": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').subnets)]", + "userAssignedIdentity": "[replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').userAssignedIdentities)]", + "virtualMachine": "[replace(replace(replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').virtualMachines), parameters('environmentAbbreviation'), first(parameters('environmentAbbreviation'))), parameters('networkName'), ''), '-', '')]", + "virtualMachineDisk": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').disks), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').virtualMachines))]", + "virtualMachineNetworkInterface": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').virtualMachines))]", + "virtualNetwork": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').virtualNetworks)]", + "virtualNetworkDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, parameters('resourceAbbreviations').virtualNetworks)]", + "workspaceFeed": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').workspaces), format('-{0}', parameters('stampIndex')), '')]", + "workspaceFeedDiagnosticSetting": "[replace(replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').workspaces)), format('-{0}', parameters('stampIndex')), '')]", + "workspaceFeedNetworkInterface": "[replace(replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').workspaces)), format('-{0}', parameters('stampIndex')), '')]", + "workspaceFeedPrivateEndpoint": "[replace(replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').privateEndpoints), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').workspaces)), format('-{0}', parameters('stampIndex')), '')]", + "workspaceGlobal": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').workspaces), format('-{0}', parameters('stampIndex')), '')]", + "workspaceGlobalDiagnosticSetting": "[replace(replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').workspaces)), format('-{0}', parameters('stampIndex')), '')]", + "workspaceGlobalNetworkInterface": "[replace(replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').workspaces)), format('-{0}', parameters('stampIndex')), '')]", + "workspaceGlobalPrivateEndpoint": "[replace(replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').privateEndpoints), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').workspaces)), format('-{0}', parameters('stampIndex')), '')]" + } + }, + "resources": [], + "outputs": { + "names": { + "type": "object", + "value": "[variables('names')]" + } + } + } + } } - }, - "resources": [], + ], "outputs": { - "network": { + "locationProperties": { + "type": "object", + "value": "[variables('locations')[parameters('location')]]" + }, + "mlzTags": { + "type": "object", + "value": "[variables('mlzTags')]" + }, + "privateDnsZones": { + "type": "array", + "value": "[variables('privateDnsZoneNames')]" + }, + "tiers": { + "type": "array", + "copy": { + "count": "[length(parameters('networks'))]", + "input": { + "name": "[parameters('networks')[copyIndex()].name]", + "shortName": "[parameters('networks')[copyIndex()].shortName]", + "deployUniqueResources": "[parameters('networks')[copyIndex()].deployUniqueResources]", + "subscriptionId": "[parameters('networks')[copyIndex()].subscriptionId]", + "nsgDiagLogs": "[parameters('networks')[copyIndex()].nsgDiagLogs]", + "nsgDiagMetrics": "[parameters('networks')[copyIndex()].nsgDiagMetrics]", + "nsgRules": "[parameters('networks')[copyIndex()].nsgRules]", + "vnetAddressPrefix": "[parameters('networks')[copyIndex()].vnetAddressPrefix]", + "vnetDiagLogs": "[parameters('networks')[copyIndex()].vnetDiagLogs]", + "vnetDiagMetrics": "[parameters('networks')[copyIndex()].vnetDiagMetrics]", + "subnetAddressPrefix": "[parameters('networks')[copyIndex()].subnetAddressPrefix]", + "namingConvention": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('naming-convention-{0}-{1}', parameters('networks')[copyIndex()].name, parameters('deploymentNameSuffix'))), '2022-09-01').outputs.names.value]" + } + } + }, + "tokens": { "type": "object", - "value": "[variables('network')]" + "value": "[variables('tokens')]" } } } - }, - "dependsOn": [ - "[subscriptionResourceId('Microsoft.Resources/deployments', format('get-naming-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]" - ] + } }, { "type": "Microsoft.Resources/deployments", @@ -10980,11 +10325,14 @@ "location": { "value": "[parameters('location')]" }, + "mlzTags": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.mlzTags.value]" + }, "name": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.network.value.resourceGroupName]" + "value": "[replace(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value[0].namingConvention.resourceGroup, reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value.service, 'network')]" }, "tags": { - "value": "[variables('calculatedTags')]" + "value": "[parameters('tags')]" } }, "template": { @@ -10993,11 +10341,14 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "14258191516922489977" + "version": "0.27.1.19265", + "templateHash": "11578255285976861685" } }, "parameters": { + "mlzTags": { + "type": "object" + }, "name": { "type": "string" }, @@ -11015,7 +10366,7 @@ "apiVersion": "2019-05-01", "name": "[parameters('name')]", "location": "[parameters('location')]", - "tags": "[parameters('tags')]" + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Resources/resourceGroups'), parameters('tags')['Microsoft.Resources/resourceGroups'], createObject()), parameters('mlzTags'))]" } ], "outputs": { @@ -11053,6 +10404,9 @@ }, "mode": "Incremental", "parameters": { + "additionalSubnets": { + "value": "[parameters('additionalSubnets')]" + }, "deploymentNameSuffix": { "value": "[parameters('deploymentNameSuffix')]" }, @@ -11068,20 +10422,23 @@ "location": { "value": "[parameters('location')]" }, + "mlzTags": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.mlzTags.value]" + }, "networkSecurityGroupName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.network.value.networkSecurityGroupName]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value[0].namingConvention.networkSecurityGroup]" }, "networkSecurityGroupRules": { "value": "[parameters('networkSecurityGroupRules')]" }, "networkWatcherName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.network.value.networkWatcherName]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value[0].namingConvention.networkWatcher]" }, "resourceGroupName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.network.value.resourceGroupName]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" }, "routeTableName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.network.value.routeTableName]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value[0].namingConvention.routeTable]" }, "routeTableRouteNextHopIpAddress": { "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('firewallResourceId'), '/')[2], split(parameters('firewallResourceId'), '/')[4]), 'Microsoft.Network/azureFirewalls', split(parameters('firewallResourceId'), '/')[8]), '2020-11-01').ipConfigurations[0].properties.privateIPAddress]" @@ -11090,7 +10447,7 @@ "value": "[parameters('subnetAddressPrefix')]" }, "subnetName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.network.value.subnetName]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value[0].namingConvention.subnet]" }, "subscriptionId": { "value": "[variables('subscriptionId')]" @@ -11102,7 +10459,7 @@ "value": "[parameters('virtualNetworkAddressPrefix')]" }, "virtualNetworkName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.network.value.virtualNetworkName]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value[0].namingConvention.virtualNetwork]" }, "vNetDnsServers": { "value": [ @@ -11110,7 +10467,7 @@ ] }, "workloadName": { - "value": "[parameters('workloadName')]" + "value": "[toLower(parameters('workloadName'))]" }, "workloadShortName": { "value": "[parameters('workloadShortName')]" @@ -11122,11 +10479,14 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "17369831668491029949" + "version": "0.27.1.19265", + "templateHash": "3012486009507231873" } }, "parameters": { + "additionalSubnets": { + "type": "array" + }, "deploymentNameSuffix": { "type": "string" }, @@ -11142,6 +10502,9 @@ "location": { "type": "string" }, + "mlzTags": { + "type": "object" + }, "networkSecurityGroupName": { "type": "string" }, @@ -11193,28 +10556,27 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "spokeNetwork", - "subscriptionId": "[parameters('subscriptionId')]", - "resourceGroup": "[parameters('resourceGroupName')]", + "location": "[deployment().location]", "properties": { "expressionEvaluationOptions": { "scope": "inner" }, "mode": "Incremental", "parameters": { - "tags": { - "value": "[parameters('tags')]" + "additionalSubnets": { + "value": "[parameters('additionalSubnets')]" }, - "location": { - "value": "[parameters('location')]" + "deployNetworkWatcher": { + "value": "[parameters('deployNetworkWatcher')]" }, - "virtualNetworkName": { - "value": "[parameters('virtualNetworkName')]" + "firewallSkuTier": { + "value": "[parameters('firewallSkuTier')]" }, - "virtualNetworkAddressPrefix": { - "value": "[parameters('virtualNetworkAddressPrefix')]" + "location": { + "value": "[parameters('location')]" }, - "vNetDnsServers": { - "value": "[parameters('vNetDnsServers')]" + "mlzTags": { + "value": "[parameters('mlzTags')]" }, "networkSecurityGroupName": { "value": "[parameters('networkSecurityGroupName')]" @@ -11222,45 +10584,55 @@ "networkSecurityGroupRules": { "value": "[parameters('networkSecurityGroupRules')]" }, - "subnetName": { - "value": "[parameters('subnetName')]" + "networkWatcherName": { + "value": "[parameters('networkWatcherName')]" + }, + "resourceGroupName": { + "value": "[parameters('resourceGroupName')]" + }, + "routeTableName": { + "value": "[parameters('routeTableName')]" + }, + "routeTableRouteNextHopIpAddress": { + "value": "[parameters('routeTableRouteNextHopIpAddress')]" }, "subnetAddressPrefix": { "value": "[parameters('subnetAddressPrefix')]" }, - "subnetPrivateEndpointNetworkPolicies": { - "value": "Disabled" - }, - "subnetPrivateLinkServiceNetworkPolicies": { - "value": "Disabled" + "subnetName": { + "value": "[parameters('subnetName')]" }, - "deployNetworkWatcher": { - "value": "[parameters('deployNetworkWatcher')]" + "subscriptionId": { + "value": "[parameters('subscriptionId')]" }, - "firewallSkuTier": { - "value": "[parameters('firewallSkuTier')]" + "tags": { + "value": "[parameters('tags')]" }, - "networkWatcherName": { - "value": "[parameters('networkWatcherName')]" + "virtualNetworkAddressPrefix": { + "value": "[parameters('virtualNetworkAddressPrefix')]" }, - "routeTableName": { - "value": "[parameters('routeTableName')]" + "virtualNetworkName": { + "value": "[parameters('virtualNetworkName')]" }, - "routeTableRouteNextHopIpAddress": { - "value": "[parameters('routeTableRouteNextHopIpAddress')]" + "vNetDnsServers": { + "value": "[parameters('vNetDnsServers')]" } }, "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "11944009476052352030" + "version": "0.27.1.19265", + "templateHash": "4742978871908330688" } }, "parameters": { + "additionalSubnets": { + "type": "array", + "defaultValue": [] + }, "deployNetworkWatcher": { "type": "bool" }, @@ -11270,6 +10642,9 @@ "location": { "type": "string" }, + "mlzTags": { + "type": "object" + }, "networkSecurityGroupName": { "type": "string" }, @@ -11279,34 +10654,22 @@ "networkWatcherName": { "type": "string" }, - "routeTableName": { + "resourceGroupName": { "type": "string" }, - "routeTableRouteName": { - "type": "string", - "defaultValue": "default_route" - }, - "routeTableRouteAddressPrefix": { - "type": "string", - "defaultValue": "0.0.0.0/0" + "routeTableName": { + "type": "string" }, "routeTableRouteNextHopIpAddress": { "type": "string" }, - "routeTableRouteNextHopType": { - "type": "string", - "defaultValue": "VirtualAppliance" - }, "subnetAddressPrefix": { "type": "string" }, "subnetName": { "type": "string" }, - "subnetPrivateEndpointNetworkPolicies": { - "type": "string" - }, - "subnetPrivateLinkServiceNetworkPolicies": { + "subscriptionId": { "type": "string" }, "tags": { @@ -11322,11 +10685,28 @@ "type": "array" } }, + "variables": { + "delegations": { + "AzureNetAppFiles": [ + { + "name": "Microsoft.Netapp.volumes", + "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets/delegations', parameters('virtualNetworkName'), 'AzureNetAppFiles', 'Microsoft.Netapp.volumes')]", + "properties": { + "serviceName": "Microsoft.Netapp/volumes" + }, + "type": "Microsoft.Network/virtualNetworks/subnets/delegations" + } + ] + }, + "subnets": "[union(createArray(createObject('name', parameters('subnetName'), 'properties', createObject('addressPrefix', parameters('subnetAddressPrefix')))), parameters('additionalSubnets'))]" + }, "resources": [ { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "networkSecurityGroup", + "subscriptionId": "[parameters('subscriptionId')]", + "resourceGroup": "[parameters('resourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -11336,6 +10716,9 @@ "location": { "value": "[parameters('location')]" }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, "name": { "value": "[parameters('networkSecurityGroupName')]" }, @@ -11352,14 +10735,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "7780881015892644264" + "version": "0.27.1.19265", + "templateHash": "12935581119437417634" } }, "parameters": { "location": { "type": "string" }, + "mlzTags": { + "type": "object" + }, "name": { "type": "string" }, @@ -11376,7 +10762,7 @@ "apiVersion": "2021-02-01", "name": "[parameters('name')]", "location": "[parameters('location')]", - "tags": "[parameters('tags')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Network/networkSecurityGroups'), parameters('tags')['Microsoft.Network/networkSecurityGroups'], createObject()), parameters('mlzTags'))]", "properties": { "securityRules": "[parameters('securityRules')]" } @@ -11399,6 +10785,8 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "routeTable", + "subscriptionId": "[parameters('subscriptionId')]", + "resourceGroup": "[parameters('resourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -11411,21 +10799,15 @@ "location": { "value": "[parameters('location')]" }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, "name": { "value": "[parameters('routeTableName')]" }, - "routeAddressPrefix": { - "value": "[parameters('routeTableRouteAddressPrefix')]" - }, - "routeName": { - "value": "[parameters('routeTableRouteName')]" - }, "routeNextHopIpAddress": { "value": "[parameters('routeTableRouteNextHopIpAddress')]" }, - "routeNextHopType": { - "value": "[parameters('routeTableRouteNextHopType')]" - }, "tags": { "value": "[parameters('tags')]" } @@ -11436,8 +10818,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "3452822322028754232" + "version": "0.27.1.19265", + "templateHash": "18262399193161292353" } }, "parameters": { @@ -11447,20 +10829,26 @@ "location": { "type": "string" }, + "mlzTags": { + "type": "object" + }, "name": { "type": "string" }, "routeAddressPrefix": { - "type": "string" + "type": "string", + "defaultValue": "0.0.0.0/0" }, "routeName": { - "type": "string" + "type": "string", + "defaultValue": "default_route" }, "routeNextHopIpAddress": { "type": "string" }, "routeNextHopType": { - "type": "string" + "type": "string", + "defaultValue": "VirtualAppliance" }, "tags": { "type": "object" @@ -11472,7 +10860,7 @@ "apiVersion": "2021-02-01", "name": "[parameters('name')]", "location": "[parameters('location')]", - "tags": "[parameters('tags')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Network/routeTables'), parameters('tags')['Microsoft.Network/routeTables'], createObject()), parameters('mlzTags'))]", "properties": { "disableBgpRoutePropagation": "[parameters('disableBgpRoutePropagation')]", "routes": [ @@ -11506,6 +10894,8 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "networkWatcher", + "subscriptionId": "[parameters('subscriptionId')]", + "resourceGroup": "[parameters('resourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -11515,6 +10905,9 @@ "location": { "value": "[parameters('location')]" }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, "name": { "value": "[parameters('networkWatcherName')]" }, @@ -11528,14 +10921,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "7600987290536274187" + "version": "0.27.1.19265", + "templateHash": "13830033528097307473" } }, "parameters": { "location": { "type": "string" }, + "mlzTags": { + "type": "object" + }, "name": { "type": "string" }, @@ -11549,7 +10945,7 @@ "apiVersion": "2021-02-01", "name": "[parameters('name')]", "location": "[parameters('location')]", - "tags": "[parameters('tags')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Network/networkWatchers'), parameters('tags')['Microsoft.Network/networkWatchers'], createObject()), parameters('mlzTags'))]", "properties": {} } ] @@ -11560,6 +10956,8 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "virtualNetwork", + "subscriptionId": "[parameters('subscriptionId')]", + "resourceGroup": "[parameters('resourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -11572,24 +10970,18 @@ "location": { "value": "[parameters('location')]" }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, "name": { "value": "[parameters('virtualNetworkName')]" }, "subnets": { - "value": [ + "copy": [ { - "name": "[parameters('subnetName')]", - "properties": { - "addressPrefix": "[parameters('subnetAddressPrefix')]", - "networkSecurityGroup": { - "id": "[reference(resourceId('Microsoft.Resources/deployments', 'networkSecurityGroup'), '2022-09-01').outputs.id.value]" - }, - "routeTable": { - "id": "[reference(resourceId('Microsoft.Resources/deployments', 'routeTable'), '2022-09-01').outputs.id.value]" - }, - "privateEndpointNetworkPolicies": "[parameters('subnetPrivateEndpointNetworkPolicies')]", - "privateLinkServiceNetworkPolicies": "[parameters('subnetPrivateLinkServiceNetworkPolicies')]" - } + "name": "value", + "count": "[length(variables('subnets'))]", + "input": "[createObject('name', variables('subnets')[copyIndex('value')].name, 'properties', createObject('addressPrefix', variables('subnets')[copyIndex('value')].properties.addressPrefix, 'delegations', coalesce(tryGet(variables('delegations'), variables('subnets')[copyIndex('value')].name), createArray()), 'networkSecurityGroup', createObject('id', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'networkSecurityGroup'), '2022-09-01').outputs.id.value), 'routeTable', createObject('id', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'routeTable'), '2022-09-01').outputs.id.value), 'privateEndpointNetworkPolicies', 'Disabled', 'privateLinkServiceNetworkPolicies', 'Disabled'))]" } ] }, @@ -11609,8 +11001,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "10147997802991299261" + "version": "0.27.1.19265", + "templateHash": "4325479931624604061" } }, "parameters": { @@ -11620,6 +11012,9 @@ "location": { "type": "string" }, + "mlzTags": { + "type": "object" + }, "name": { "type": "string" }, @@ -11642,7 +11037,7 @@ "apiVersion": "2021-02-01", "name": "[parameters('name')]", "location": "[parameters('location')]", - "tags": "[parameters('tags')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Network/virtualNetworks'), parameters('tags')['Microsoft.Network/virtualNetworks'], createObject()), parameters('mlzTags'))]", "properties": { "addressSpace": { "addressPrefixes": [ @@ -11675,44 +11070,44 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Resources/deployments', 'networkSecurityGroup')]", - "[resourceId('Microsoft.Resources/deployments', 'networkWatcher')]", - "[resourceId('Microsoft.Resources/deployments', 'routeTable')]" + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'networkSecurityGroup')]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'networkWatcher')]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'routeTable')]" ] } ], "outputs": { "virtualNetworkName": { "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.name.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.name.value]" }, "virtualNetworkResourceId": { "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.id.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.id.value]" }, "virtualNetworkAddressPrefix": { "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.addressPrefix.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.addressPrefix.value]" }, "subnetName": { "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.subnets.value[0].name]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.subnets.value[0].name]" }, "subnetAddressPrefix": { "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.subnets.value[0].properties.addressPrefix]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.subnets.value[0].properties.addressPrefix]" }, "subnetResourceId": { "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.subnets.value[0].id]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.subnets.value[0].id]" }, "networkSecurityGroupName": { "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'networkSecurityGroup'), '2022-09-01').outputs.name.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'networkSecurityGroup'), '2022-09-01').outputs.name.value]" }, "networkSecurityGroupResourceId": { "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'networkSecurityGroup'), '2022-09-01').outputs.id.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'networkSecurityGroup'), '2022-09-01').outputs.id.value]" } } } @@ -11729,20 +11124,20 @@ }, "mode": "Incremental", "parameters": { - "spokeName": { - "value": "[parameters('workloadName')]" + "hubVirtualNetworkResourceId": { + "value": "[parameters('hubVirtualNetworkResourceId')]" }, - "spokeResourceGroupName": { + "resourceGroupName": { "value": "[parameters('resourceGroupName')]" }, - "spokeVirtualNetworkName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'spokeNetwork'), '2022-09-01').outputs.virtualNetworkName.value]" + "spokeName": { + "value": "[parameters('workloadName')]" }, - "hubVirtualNetworkName": { - "value": "[split(parameters('hubVirtualNetworkResourceId'), '/')[8]]" + "spokeVirtualNetworkName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', 'spokeNetwork'), '2022-09-01').outputs.virtualNetworkName.value]" }, - "hubVirtualNetworkResourceId": { - "value": "[parameters('hubVirtualNetworkResourceId')]" + "subscriptionId": { + "value": "[parameters('subscriptionId')]" } }, "template": { @@ -11751,24 +11146,24 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "13987612441032900755" + "version": "0.27.1.19265", + "templateHash": "1081420821337659529" } }, "parameters": { - "spokeName": { + "hubVirtualNetworkResourceId": { "type": "string" }, - "spokeResourceGroupName": { + "resourceGroupName": { "type": "string" }, - "spokeVirtualNetworkName": { + "spokeName": { "type": "string" }, - "hubVirtualNetworkName": { + "spokeVirtualNetworkName": { "type": "string" }, - "hubVirtualNetworkResourceId": { + "subscriptionId": { "type": "string" } }, @@ -11777,18 +11172,22 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('{0}-to-hub-vnet-peering', parameters('spokeName'))]", - "resourceGroup": "[parameters('spokeResourceGroupName')]", + "subscriptionId": "[parameters('subscriptionId')]", + "resourceGroup": "[parameters('resourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" }, "mode": "Incremental", "parameters": { - "name": { - "value": "[format('{0}/to-{1}', parameters('spokeVirtualNetworkName'), parameters('hubVirtualNetworkName'))]" - }, "remoteVirtualNetworkResourceId": { "value": "[parameters('hubVirtualNetworkResourceId')]" + }, + "virtualNetworkName": { + "value": "[parameters('spokeVirtualNetworkName')]" + }, + "virtualNetworkPeerName": { + "value": "[format('to-{0}', split(parameters('hubVirtualNetworkResourceId'), '/')[8])]" } }, "template": { @@ -11797,15 +11196,18 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "10509951780144584720" + "version": "0.27.1.19265", + "templateHash": "4225396596043462595" } }, "parameters": { - "name": { + "remoteVirtualNetworkResourceId": { "type": "string" }, - "remoteVirtualNetworkResourceId": { + "virtualNetworkName": { + "type": "string" + }, + "virtualNetworkPeerName": { "type": "string" } }, @@ -11813,7 +11215,7 @@ { "type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings", "apiVersion": "2021-02-01", - "name": "[parameters('name')]", + "name": "[format('{0}/{1}', parameters('virtualNetworkName'), parameters('virtualNetworkPeerName'))]", "properties": { "allowForwardedTraffic": true, "remoteVirtualNetwork": { @@ -11829,15 +11231,14 @@ } }, "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'spokeNetwork')]" + "[subscriptionResourceId('Microsoft.Resources/deployments', 'spokeNetwork')]" ] }, { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('deploy-vnet-peering-hub-{0}', parameters('deploymentNameSuffix'))]", - "subscriptionId": "[split(parameters('hubVirtualNetworkResourceId'), '/')[2]]", - "resourceGroup": "[split(parameters('hubVirtualNetworkResourceId'), '/')[4]]", + "location": "[deployment().location]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -11847,54 +11248,67 @@ "hubVirtualNetworkName": { "value": "[split(parameters('hubVirtualNetworkResourceId'), '/')[8]]" }, - "spokes": { - "value": [ - { - "type": "[parameters('workloadName')]", - "virtualNetworkName": "[parameters('virtualNetworkName')]", - "virtualNetworkResourceId": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'spokeNetwork'), '2022-09-01').outputs.virtualNetworkResourceId.value]" - } - ] + "resourceGroupName": { + "value": "[split(parameters('hubVirtualNetworkResourceId'), '/')[4]]" + }, + "spokeName": { + "value": "[parameters('workloadName')]" + }, + "spokeVirtualNetworkResourceId": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', 'spokeNetwork'), '2022-09-01').outputs.virtualNetworkResourceId.value]" + }, + "subscriptionId": { + "value": "[split(parameters('hubVirtualNetworkResourceId'), '/')[2]]" } }, "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "11212369470578362410" + "version": "0.27.1.19265", + "templateHash": "16991872399359859910" } }, "parameters": { "hubVirtualNetworkName": { "type": "string" }, - "spokes": { - "type": "array" + "resourceGroupName": { + "type": "string" + }, + "spokeName": { + "type": "string" + }, + "spokeVirtualNetworkResourceId": { + "type": "string" + }, + "subscriptionId": { + "type": "string" } }, "resources": [ { - "copy": { - "name": "hubToSpokePeering", - "count": "[length(parameters('spokes'))]" - }, "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('hub-to-{0}-vnet-peering', parameters('spokes')[copyIndex()].type)]", + "name": "[format('hub-to-{0}-vnet-peering', parameters('spokeName'))]", + "subscriptionId": "[parameters('subscriptionId')]", + "resourceGroup": "[parameters('resourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" }, "mode": "Incremental", "parameters": { - "name": { - "value": "[format('{0}/to-{1}', parameters('hubVirtualNetworkName'), parameters('spokes')[copyIndex()].virtualNetworkName)]" - }, "remoteVirtualNetworkResourceId": { - "value": "[parameters('spokes')[copyIndex()].virtualNetworkResourceId]" + "value": "[parameters('spokeVirtualNetworkResourceId')]" + }, + "virtualNetworkName": { + "value": "[parameters('hubVirtualNetworkName')]" + }, + "virtualNetworkPeerName": { + "value": "[format('to-{0}', split(parameters('spokeVirtualNetworkResourceId'), '/')[8])]" } }, "template": { @@ -11903,15 +11317,18 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "10509951780144584720" + "version": "0.27.1.19265", + "templateHash": "4225396596043462595" } }, "parameters": { - "name": { + "remoteVirtualNetworkResourceId": { "type": "string" }, - "remoteVirtualNetworkResourceId": { + "virtualNetworkName": { + "type": "string" + }, + "virtualNetworkPeerName": { "type": "string" } }, @@ -11919,7 +11336,7 @@ { "type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings", "apiVersion": "2021-02-01", - "name": "[parameters('name')]", + "name": "[format('{0}/{1}', parameters('virtualNetworkName'), parameters('virtualNetworkPeerName'))]", "properties": { "allowForwardedTraffic": true, "remoteVirtualNetwork": { @@ -11935,14 +11352,22 @@ } }, "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'spokeNetwork')]" + "[subscriptionResourceId('Microsoft.Resources/deployments', 'spokeNetwork')]" ] } ], "outputs": { + "networkSecurityGroupName": { + "type": "string", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', 'spokeNetwork'), '2022-09-01').outputs.networkSecurityGroupName.value]" + }, "subnetResourceId": { "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'spokeNetwork'), '2022-09-01').outputs.subnetResourceId.value]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', 'spokeNetwork'), '2022-09-01').outputs.subnetResourceId.value]" + }, + "virtualNetworkName": { + "type": "string", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', 'spokeNetwork'), '2022-09-01').outputs.virtualNetworkName.value]" } } } @@ -11972,14 +11397,23 @@ "location": { "value": "[parameters('location')]" }, - "networkProperties": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.network.value]" + "mlzTags": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.mlzTags.value]" + }, + "resourceGroupName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" }, "subnetResourceId": { "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.subnetResourceId.value]" }, "tags": { - "value": "[variables('calculatedTags')]" + "value": "[parameters('tags')]" + }, + "tier": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value[0]]" + }, + "tokens": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value]" } }, "template": { @@ -11988,8 +11422,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "3912836360709277206" + "version": "0.27.1.19265", + "templateHash": "7828233421610885078" } }, "parameters": { @@ -12002,14 +11436,23 @@ "location": { "type": "string" }, - "networkProperties": { + "mlzTags": { "type": "object" }, + "resourceGroupName": { + "type": "string" + }, "subnetResourceId": { "type": "string" }, "tags": { "type": "object" + }, + "tier": { + "type": "object" + }, + "tokens": { + "type": "object" } }, "resources": [ @@ -12017,8 +11460,8 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))]", - "subscriptionId": "[parameters('networkProperties').subscriptionId]", - "resourceGroup": "[parameters('networkProperties').resourceGroupName]", + "subscriptionId": "[parameters('tier').subscriptionId]", + "resourceGroup": "[parameters('resourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -12026,20 +11469,23 @@ "mode": "Incremental", "parameters": { "keyVaultName": { - "value": "[parameters('networkProperties').keyVaultName]" + "value": "[take(replace(parameters('tier').namingConvention.keyVault, parameters('tokens').service, ''), 24)]" }, "keyVaultNetworkInterfaceName": { - "value": "[parameters('networkProperties').keyVaultNetworkInterfaceName]" + "value": "[replace(parameters('tier').namingConvention.keyVaultNetworkInterface, parameters('tokens').service, '')]" }, "keyVaultPrivateDnsZoneResourceId": { "value": "[parameters('keyVaultPrivateDnsZoneResourceId')]" }, "keyVaultPrivateEndpointName": { - "value": "[parameters('networkProperties').keyVaultPrivateEndpointName]" + "value": "[replace(parameters('tier').namingConvention.keyVaultPrivateEndpoint, parameters('tokens').service, '')]" }, "location": { "value": "[parameters('location')]" }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, "subnetResourceId": { "value": "[parameters('subnetResourceId')]" }, @@ -12053,8 +11499,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "17697959832977472677" + "version": "0.27.1.19265", + "templateHash": "12300580845424356573" } }, "parameters": { @@ -12077,6 +11523,9 @@ "location": { "type": "string" }, + "mlzTags": { + "type": "object" + }, "subnetResourceId": { "type": "string" }, @@ -12090,7 +11539,7 @@ "apiVersion": "2022-07-01", "name": "[parameters('keyVaultName')]", "location": "[parameters('location')]", - "tags": "[if(contains(parameters('tags'), 'Microsoft.KeyVault/vaults'), parameters('tags')['Microsoft.KeyVault/vaults'], createObject())]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.KeyVault/vaults'), parameters('tags')['Microsoft.KeyVault/vaults'], createObject()), parameters('mlzTags'))]", "properties": { "enabledForDeployment": false, "enabledForDiskEncryption": true, @@ -12118,7 +11567,7 @@ "apiVersion": "2023-04-01", "name": "[parameters('keyVaultPrivateEndpointName')]", "location": "[parameters('location')]", - "tags": "[parameters('tags')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Network/privateEndpoints'), parameters('tags')['Microsoft.Network/privateEndpoints'], createObject()), parameters('mlzTags'))]", "properties": { "customNetworkInterfaceName": "[parameters('keyVaultNetworkInterfaceName')]", "privateLinkServiceConnections": [ @@ -12263,9 +11712,9 @@ { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('deploy-disk-encryption-set_{0}', parameters('deploymentNameSuffix'))]", - "subscriptionId": "[parameters('networkProperties').subscriptionId]", - "resourceGroup": "[parameters('networkProperties').resourceGroupName]", + "name": "[format('deploy-disk-encryption-set-{0}', parameters('deploymentNameSuffix'))]", + "subscriptionId": "[parameters('tier').subscriptionId]", + "resourceGroup": "[parameters('resourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -12276,17 +11725,20 @@ "value": "[parameters('deploymentNameSuffix')]" }, "diskEncryptionSetName": { - "value": "[parameters('networkProperties').diskEncryptionSetName]" + "value": "[parameters('tier').namingConvention.diskEncryptionSet]" }, "keyUrl": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('networkProperties').subscriptionId, parameters('networkProperties').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyUriWithVersion.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyUriWithVersion.value]" }, "keyVaultResourceId": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('networkProperties').subscriptionId, parameters('networkProperties').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultResourceId.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultResourceId.value]" }, "location": { "value": "[parameters('location')]" }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, "tags": "[if(contains(parameters('tags'), 'Microsoft.Compute/diskEncryptionSets'), createObject('value', parameters('tags')['Microsoft.Compute/diskEncryptionSets']), createObject('value', createObject()))]" }, "template": { @@ -12295,8 +11747,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "8720396217971176471" + "version": "0.27.1.19265", + "templateHash": "15986878026863280024" } }, "parameters": { @@ -12315,6 +11767,9 @@ "location": { "type": "string" }, + "mlzTags": { + "type": "object" + }, "tags": { "type": "object" } @@ -12325,7 +11780,7 @@ "apiVersion": "2023-04-02", "name": "[parameters('diskEncryptionSetName')]", "location": "[parameters('location')]", - "tags": "[parameters('tags')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Compute/diskEncryptionSets'), parameters('tags')['Microsoft.Compute/diskEncryptionSets'], createObject()), parameters('mlzTags'))]", "identity": { "type": "SystemAssigned" }, @@ -12369,8 +11824,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "16166471121138690529" + "version": "0.27.1.19265", + "templateHash": "6383470207031311407" } }, "parameters": { @@ -12427,29 +11882,35 @@ } }, "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('networkProperties').subscriptionId, parameters('networkProperties').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix')))]" + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix')))]" ] }, { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('deploy-user-assigned-identity-{0}', parameters('deploymentNameSuffix'))]", - "subscriptionId": "[parameters('networkProperties').subscriptionId]", - "resourceGroup": "[parameters('networkProperties').resourceGroupName]", + "subscriptionId": "[parameters('tier').subscriptionId]", + "resourceGroup": "[parameters('resourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" }, "mode": "Incremental", "parameters": { + "keyVaultName": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultName.value]" + }, "location": { "value": "[parameters('location')]" }, - "name": { - "value": "[parameters('networkProperties').userAssignedIdentityName]" + "mlzTags": { + "value": "[parameters('mlzTags')]" }, "tags": { "value": "[parameters('tags')]" + }, + "userAssignedIdentityName": { + "value": "[replace(parameters('tier').namingConvention.userAssignedIdentity, format('-{0}', parameters('tokens').service), '')]" } }, "template": { @@ -12458,148 +11919,95 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "9210810628290341713" + "version": "0.27.1.19265", + "templateHash": "6007785905664733866" } }, "parameters": { - "location": { + "keyVaultName": { "type": "string" }, - "name": { + "location": { "type": "string" }, + "mlzTags": { + "type": "object" + }, "tags": { "type": "object" + }, + "userAssignedIdentityName": { + "type": "string" } }, "resources": [ { "type": "Microsoft.ManagedIdentity/userAssignedIdentities", "apiVersion": "2018-11-30", - "name": "[parameters('name')]", + "name": "[parameters('userAssignedIdentityName')]", "location": "[parameters('location')]", - "tags": "[parameters('tags')]" + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.ManagedIdentity/userAssignedIdentities'), parameters('tags')['Microsoft.ManagedIdentity/userAssignedIdentities'], createObject()), parameters('mlzTags'))]" }, { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "roleAssignmentEncryption", + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2020-04-01-preview", + "scope": "[format('Microsoft.KeyVault/vaults/{0}', parameters('keyVaultName'))]", + "name": "[guid(parameters('userAssignedIdentityName'), 'e147488a-f6f5-4113-8e2d-b22465e65bf6', parameters('keyVaultName'))]", "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "principalId": { - "value": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name')), '2018-11-30').principalId]" - }, - "principalType": { - "value": "ServicePrincipal" - }, - "roleDefinitionId": { - "value": "[resourceId('Microsoft.Authorization/roleDefinitions', 'e147488a-f6f5-4113-8e2d-b22465e65bf6')]" - }, - "targetResourceId": { - "value": "[resourceGroup().id]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "16166471121138690529" - } - }, - "parameters": { - "targetResourceId": { - "type": "string" - }, - "roleDefinitionId": { - "type": "string" - }, - "principalId": { - "type": "string" - }, - "principalType": { - "type": "string", - "defaultValue": "ServicePrincipal", - "allowedValues": [ - "ForeignGroup", - "Group", - "ServicePrincipal", - "User" - ] - }, - "description": { - "type": "string", - "defaultValue": "" - } - }, - "resources": [ - { - "type": "Microsoft.Authorization/roleAssignments", - "apiVersion": "2020-04-01-preview", - "name": "[guid(parameters('targetResourceId'), parameters('roleDefinitionId'), parameters('principalId'))]", - "properties": { - "principalId": "[parameters('principalId')]", - "principalType": "[parameters('principalType')]", - "roleDefinitionId": "[parameters('roleDefinitionId')]", - "description": "[parameters('description')]" - } - } - ] - } + "principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('userAssignedIdentityName')), '2018-11-30').principalId]", + "principalType": "ServicePrincipal", + "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', 'e147488a-f6f5-4113-8e2d-b22465e65bf6')]" }, "dependsOn": [ - "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name'))]" + "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('userAssignedIdentityName'))]" ] } ], "outputs": { "resourceId": { "type": "string", - "value": "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name'))]" + "value": "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('userAssignedIdentityName'))]" } } } - } + }, + "dependsOn": [ + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix')))]" + ] } ], "outputs": { "diskEncryptionSetResourceId": { "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('networkProperties').subscriptionId, parameters('networkProperties').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-disk-encryption-set_{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.resourceId.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-disk-encryption-set-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.resourceId.value]" }, - "KeyVaultName": { + "keyVaultName": { "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('networkProperties').subscriptionId, parameters('networkProperties').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultName.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultName.value]" }, "keyVaultUri": { "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('networkProperties').subscriptionId, parameters('networkProperties').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultUri.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultUri.value]" }, "keyVaultResourceId": { "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('networkProperties').subscriptionId, parameters('networkProperties').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultResourceId.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultResourceId.value]" }, "storageKeyName": { "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('networkProperties').subscriptionId, parameters('networkProperties').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.storageKeyName.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.storageKeyName.value]" }, "userAssignedIdentityResourceId": { "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('networkProperties').subscriptionId, parameters('networkProperties').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-user-assigned-identity-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.resourceId.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-user-assigned-identity-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.resourceId.value]" } } } }, "dependsOn": [ "[subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]", - "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]" + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]" ] }, { @@ -12625,11 +12033,17 @@ "logStorageSkuName": { "value": "[parameters('logStorageSkuName')]" }, + "mlzTags": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.mlzTags.value]" + }, "network": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.network.value]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value[0]]" + }, + "resourceGroupName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" }, "serviceToken": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-naming-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value.service]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value.service]" }, "storageEncryptionKeyName": { "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.storageKeyName.value]" @@ -12641,7 +12055,7 @@ "value": "[resourceId(variables('hubSubscriptionId'), variables('hubResourceGroupName'), 'Microsoft.Network/privateDnsZones', format('privatelink.table.{0}', environment().suffixes.storage))]" }, "tags": { - "value": "[variables('calculatedTags')]" + "value": "[parameters('tags')]" }, "userAssignedIdentityResourceId": { "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.userAssignedIdentityResourceId.value]" @@ -12653,8 +12067,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "8737645416670201102" + "version": "0.27.1.19265", + "templateHash": "15276628086161283630" } }, "parameters": { @@ -12670,9 +12084,15 @@ "location": { "type": "string" }, + "mlzTags": { + "type": "object" + }, "network": { "type": "object" }, + "resourceGroupName": { + "type": "string" + }, "serviceToken": { "type": "string" }, @@ -12698,7 +12118,7 @@ "apiVersion": "2022-09-01", "name": "storage", "subscriptionId": "[parameters('network').subscriptionId]", - "resourceGroup": "[parameters('network').resourceGroupName]", + "resourceGroup": "[parameters('resourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -12714,6 +12134,9 @@ "location": { "value": "[parameters('location')]" }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, "serviceToken": { "value": "[parameters('serviceToken')]" }, @@ -12721,13 +12144,13 @@ "value": "[parameters('logStorageSkuName')]" }, "storageAccountName": { - "value": "[parameters('network').logStorageAccountName]" + "value": "[parameters('network').namingConvention.storageAccount]" }, "storageAccountNetworkInterfaceNamePrefix": { - "value": "[parameters('network').logStorageAccountNetworkInterfaceNamePrefix]" + "value": "[parameters('network').namingConvention.storageAccountNetworkInterface]" }, "storageAccountPrivateEndpointNamePrefix": { - "value": "[parameters('network').logStorageAccountPrivateEndpointNamePrefix]" + "value": "[parameters('network').namingConvention.storageAccountPrivateEndpoint]" }, "storageEncryptionKeyName": { "value": "[parameters('storageEncryptionKeyName')]" @@ -12751,8 +12174,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "6728136650948993728" + "version": "0.27.1.19265", + "templateHash": "6116693144339389145" } }, "parameters": { @@ -12765,6 +12188,9 @@ "location": { "type": "string" }, + "mlzTags": { + "type": "object" + }, "serviceToken": { "type": "string" }, @@ -12808,6 +12234,7 @@ "apiVersion": "2023-01-01", "name": "[parameters('storageAccountName')]", "location": "[parameters('location')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Storage/storageAccounts'), parameters('tags')['Microsoft.Storage/storageAccounts'], createObject()), parameters('mlzTags'))]", "identity": { "type": "UserAssigned", "userAssignedIdentities": { @@ -12818,7 +12245,6 @@ "sku": { "name": "[parameters('skuName')]" }, - "tags": "[parameters('tags')]", "properties": { "accessTier": "Hot", "allowBlobPublicAccess": false, @@ -12876,7 +12302,7 @@ "apiVersion": "2023-04-01", "name": "[replace(parameters('storageAccountPrivateEndpointNamePrefix'), parameters('serviceToken'), split(split(variables('zones')[copyIndex()], '/')[8], '.')[1])]", "location": "[parameters('location')]", - "tags": "[parameters('tags')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Network/privateEndpoints'), parameters('tags')['Microsoft.Network/privateEndpoints'], createObject()), parameters('mlzTags'))]", "properties": { "customNetworkInterfaceName": "[replace(parameters('storageAccountNetworkInterfaceNamePrefix'), parameters('serviceToken'), split(split(variables('zones')[copyIndex()], '/')[8], '.')[1])]", "privateLinkServiceConnections": [ @@ -12934,7 +12360,7 @@ "outputs": { "storageAccountResourceId": { "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('network').subscriptionId, parameters('network').resourceGroupName), 'Microsoft.Resources/deployments', 'storage'), '2022-09-01').outputs.id.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('network').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'storage'), '2022-09-01').outputs.id.value]" } } } @@ -12942,8 +12368,8 @@ "dependsOn": [ "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]", "[subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]", - "[subscriptionResourceId('Microsoft.Resources/deployments', format('get-naming-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]", - "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]" + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]" ] }, { @@ -12963,29 +12389,41 @@ "deploymentNameSuffix": { "value": "[parameters('deploymentNameSuffix')]" }, + "keyVaultDiagnosticLogs": { + "value": "[parameters('keyVaultDiagnosticsLogs')]" + }, + "keyVaultName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultName.value]" + }, "logAnalyticsWorkspaceResourceId": { "value": "[parameters('logAnalyticsWorkspaceResourceId')]" }, - "network": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.network.value]" - }, "networkSecurityGroupDiagnosticsLogs": { "value": "[parameters('networkSecurityGroupDiagnosticsLogs')]" }, "networkSecurityGroupDiagnosticsMetrics": { "value": "[parameters('networkSecurityGroupDiagnosticsMetrics')]" }, + "networkSecurityGroupName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.networkSecurityGroupName.value]" + }, + "resourceGroupName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" + }, "storageAccountResourceId": { "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-storage-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.storageAccountResourceId.value]" }, - "supportedClouds": { - "value": "[parameters('supportedClouds')]" + "tier": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value[0]]" }, "virtualNetworkDiagnosticsLogs": { "value": "[parameters('virtualNetworkDiagnosticsLogs')]" }, "virtualNetworkDiagnosticsMetrics": { "value": "[parameters('virtualNetworkDiagnosticsMetrics')]" + }, + "virtualNetworkName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.virtualNetworkName.value]" } }, "template": { @@ -12994,8 +12432,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "4413878666182449542" + "version": "0.27.1.19265", + "templateHash": "738419494311113164" } }, "parameters": { @@ -13005,11 +12443,14 @@ "deploymentNameSuffix": { "type": "string" }, - "logAnalyticsWorkspaceResourceId": { + "keyVaultDiagnosticLogs": { + "type": "array" + }, + "keyVaultName": { "type": "string" }, - "network": { - "type": "object" + "logAnalyticsWorkspaceResourceId": { + "type": "string" }, "networkSecurityGroupDiagnosticsLogs": { "type": "array" @@ -13017,17 +12458,26 @@ "networkSecurityGroupDiagnosticsMetrics": { "type": "array" }, + "networkSecurityGroupName": { + "type": "string" + }, + "resourceGroupName": { + "type": "string" + }, "storageAccountResourceId": { "type": "string" }, - "supportedClouds": { - "type": "array" + "tier": { + "type": "object" }, "virtualNetworkDiagnosticsLogs": { "type": "array" }, "virtualNetworkDiagnosticsMetrics": { "type": "array" + }, + "virtualNetworkName": { + "type": "string" } }, "resources": [ @@ -13035,8 +12485,8 @@ "condition": "[parameters('deployActivityLogDiagnosticSetting')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('deploy-activity-diags-{0}-{1}', parameters('network').name, parameters('deploymentNameSuffix'))]", - "subscriptionId": "[parameters('network').subscriptionId]", + "name": "[format('deploy-activity-diags-{0}-{1}', parameters('tier').name, parameters('deploymentNameSuffix'))]", + "subscriptionId": "[parameters('tier').subscriptionId]", "location": "[deployment().location]", "properties": { "expressionEvaluationOptions": { @@ -13046,9 +12496,6 @@ "parameters": { "logAnalyticsWorkspaceId": { "value": "[parameters('logAnalyticsWorkspaceResourceId')]" - }, - "supportedClouds": { - "value": "[parameters('supportedClouds')]" } }, "template": { @@ -13057,21 +12504,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "14852926421482749735" + "version": "0.27.1.19265", + "templateHash": "11148640012050316356" } }, "parameters": { "logAnalyticsWorkspaceId": { "type": "string" - }, - "supportedClouds": { - "type": "array" } }, "resources": [ { - "condition": "[contains(parameters('supportedClouds'), environment().name)]", "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2017-05-01-preview", "name": "[format('diag-activity-log-{0}', subscription().subscriptionId)]", @@ -13120,29 +12563,29 @@ { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('deploy-nsg-diags-{0}-{1}', parameters('network').name, parameters('deploymentNameSuffix'))]", - "subscriptionId": "[parameters('network').subscriptionId]", - "resourceGroup": "[parameters('network').resourceGroupName]", + "name": "[format('deploy-kv-diags-{0}', parameters('deploymentNameSuffix'))]", + "subscriptionId": "[parameters('tier').subscriptionId]", + "resourceGroup": "[parameters('resourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" }, "mode": "Incremental", "parameters": { - "logAnalyticsWorkspaceResourceId": { - "value": "[parameters('logAnalyticsWorkspaceResourceId')]" + "keyVaultDiagnosticSettingName": { + "value": "[parameters('tier').namingConvention.keyVaultDiagnosticSetting]" }, - "logs": { - "value": "[parameters('networkSecurityGroupDiagnosticsLogs')]" + "keyVaultName": { + "value": "[parameters('keyVaultName')]" }, - "logStorageAccountResourceId": { + "keyVaultStorageAccountId": { "value": "[parameters('storageAccountResourceId')]" }, - "metrics": { - "value": "[parameters('networkSecurityGroupDiagnosticsMetrics')]" + "logAnalyticsWorkspaceResourceId": { + "value": "[parameters('logAnalyticsWorkspaceResourceId')]" }, - "name": { - "value": "[parameters('network').networkSecurityGroupName]" + "logs": { + "value": "[parameters('keyVaultDiagnosticLogs')]" } }, "template": { @@ -13151,24 +12594,24 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "14146627423781433804" + "version": "0.27.1.19265", + "templateHash": "11931053519285250235" } }, "parameters": { - "name": { + "keyVaultDiagnosticSettingName": { "type": "string" }, - "logAnalyticsWorkspaceResourceId": { + "keyVaultName": { "type": "string" }, - "logs": { - "type": "array" + "keyVaultStorageAccountId": { + "type": "string" }, - "logStorageAccountResourceId": { + "logAnalyticsWorkspaceResourceId": { "type": "string" }, - "metrics": { + "logs": { "type": "array" } }, @@ -13176,13 +12619,12 @@ { "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2017-05-01-preview", - "scope": "[format('Microsoft.Network/networkSecurityGroups/{0}', parameters('name'))]", - "name": "[format('{0}-diagnostics', parameters('name'))]", + "scope": "[format('Microsoft.KeyVault/vaults/{0}', parameters('keyVaultName'))]", + "name": "[parameters('keyVaultDiagnosticSettingName')]", "properties": { - "storageAccountId": "[parameters('logStorageAccountResourceId')]", + "storageAccountId": "[parameters('keyVaultStorageAccountId')]", "workspaceId": "[parameters('logAnalyticsWorkspaceResourceId')]", - "logs": "[parameters('logs')]", - "metrics": "[parameters('metrics')]" + "logs": "[parameters('logs')]" } } ] @@ -13192,9 +12634,9 @@ { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('deploy-vnet-diags-{0}-{1}', parameters('network').name, parameters('deploymentNameSuffix'))]", - "subscriptionId": "[parameters('network').subscriptionId]", - "resourceGroup": "[parameters('network').resourceGroupName]", + "name": "[format('deploy-nsg-diags-{0}-{1}', parameters('tier').name, parameters('deploymentNameSuffix'))]", + "subscriptionId": "[parameters('tier').subscriptionId]", + "resourceGroup": "[parameters('resourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -13205,16 +12647,19 @@ "value": "[parameters('logAnalyticsWorkspaceResourceId')]" }, "logs": { - "value": "[parameters('virtualNetworkDiagnosticsLogs')]" + "value": "[parameters('networkSecurityGroupDiagnosticsLogs')]" }, "logStorageAccountResourceId": { "value": "[parameters('storageAccountResourceId')]" }, "metrics": { - "value": "[parameters('virtualNetworkDiagnosticsMetrics')]" + "value": "[parameters('networkSecurityGroupDiagnosticsMetrics')]" }, - "name": { - "value": "[parameters('network').virtualNetworkName]" + "networkSecurityGroupDiagnosticSettingName": { + "value": "[parameters('tier').namingConvention.networkSecurityGroupDiagnosticSetting]" + }, + "networkSecurityGroupName": { + "value": "[parameters('networkSecurityGroupName')]" } }, "template": { @@ -13223,8 +12668,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "17731844489242416935" + "version": "0.27.1.19265", + "templateHash": "12049539018034280966" } }, "parameters": { @@ -13240,7 +12685,88 @@ "metrics": { "type": "array" }, - "name": { + "networkSecurityGroupDiagnosticSettingName": { + "type": "string" + }, + "networkSecurityGroupName": { + "type": "string" + } + }, + "resources": [ + { + "type": "Microsoft.Insights/diagnosticSettings", + "apiVersion": "2017-05-01-preview", + "scope": "[format('Microsoft.Network/networkSecurityGroups/{0}', parameters('networkSecurityGroupName'))]", + "name": "[parameters('networkSecurityGroupDiagnosticSettingName')]", + "properties": { + "storageAccountId": "[parameters('logStorageAccountResourceId')]", + "workspaceId": "[parameters('logAnalyticsWorkspaceResourceId')]", + "logs": "[parameters('logs')]", + "metrics": "[parameters('metrics')]" + } + } + ] + } + } + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-vnet-diags-{0}-{1}', parameters('tier').name, parameters('deploymentNameSuffix'))]", + "subscriptionId": "[parameters('tier').subscriptionId]", + "resourceGroup": "[parameters('resourceGroupName')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "logAnalyticsWorkspaceResourceId": { + "value": "[parameters('logAnalyticsWorkspaceResourceId')]" + }, + "logs": { + "value": "[parameters('virtualNetworkDiagnosticsLogs')]" + }, + "logStorageAccountResourceId": { + "value": "[parameters('storageAccountResourceId')]" + }, + "metrics": { + "value": "[parameters('virtualNetworkDiagnosticsMetrics')]" + }, + "virtualNetworkDiagnosticSettingName": { + "value": "[parameters('tier').namingConvention.virtualNetworkDiagnosticSetting]" + }, + "virtualNetworkName": { + "value": "[parameters('virtualNetworkName')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "13356625654141484072" + } + }, + "parameters": { + "logAnalyticsWorkspaceResourceId": { + "type": "string" + }, + "logs": { + "type": "array" + }, + "logStorageAccountResourceId": { + "type": "string" + }, + "metrics": { + "type": "array" + }, + "virtualNetworkDiagnosticSettingName": { + "type": "string" + }, + "virtualNetworkName": { "type": "string" } }, @@ -13248,8 +12774,8 @@ { "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2017-05-01-preview", - "scope": "[format('Microsoft.Network/virtualNetworks/{0}', parameters('name'))]", - "name": "[format('{0}-diagnostics', parameters('name'))]", + "scope": "[format('Microsoft.Network/virtualNetworks/{0}', parameters('virtualNetworkName'))]", + "name": "[parameters('virtualNetworkDiagnosticSettingName')]", "properties": { "storageAccountId": "[parameters('logStorageAccountResourceId')]", "workspaceId": "[parameters('logAnalyticsWorkspaceResourceId')]", @@ -13265,7 +12791,10 @@ } }, "dependsOn": [ + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]", "[subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]", "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-storage-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]" ] }, @@ -13273,7 +12802,7 @@ "condition": "[parameters('deployPolicy')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('assign-policy-{0}-{1}', parameters('workloadName'), parameters('deploymentNameSuffix'))]", + "name": "[format('assign-policy-{0}-{1}', toLower(parameters('workloadName')), parameters('deploymentNameSuffix'))]", "location": "[deployment().location]", "properties": { "expressionEvaluationOptions": { @@ -13290,13 +12819,16 @@ "logAnalyticsWorkspaceResourceId": { "value": "[parameters('logAnalyticsWorkspaceResourceId')]" }, - "networks": { - "value": [ - "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.network.value]" - ] + "tiers": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value]" }, "policy": { "value": "[parameters('policy')]" + }, + "resourceGroupNames": { + "value": [ + "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" + ] } }, "template": { @@ -13305,8 +12837,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "2594345850908952645" + "version": "0.27.1.19265", + "templateHash": "379956182717650153" } }, "parameters": { @@ -13319,24 +12851,27 @@ "logAnalyticsWorkspaceResourceId": { "type": "string" }, - "networks": { - "type": "array" - }, "policy": { "type": "string" + }, + "resourceGroupNames": { + "type": "array" + }, + "tiers": { + "type": "array" } }, "resources": [ { "copy": { "name": "policyAssignment", - "count": "[length(parameters('networks'))]" + "count": "[length(parameters('tiers'))]" }, "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('assign-policy-{0}-{1}', parameters('networks')[copyIndex()].name, parameters('deploymentNameSuffix'))]", - "subscriptionId": "[parameters('networks')[copyIndex()].subscriptionId]", - "resourceGroup": "[parameters('networks')[copyIndex()].resourceGroupName]", + "name": "[format('assign-policy-{0}-{1}', parameters('tiers')[copyIndex()].name, parameters('deploymentNameSuffix'))]", + "subscriptionId": "[parameters('tiers')[copyIndex()].subscriptionId]", + "resourceGroup": "[parameters('resourceGroupNames')[copyIndex()]]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -13359,8 +12894,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "14286124867588017135" + "version": "0.27.1.19265", + "templateHash": "9464536540108620518" } }, "parameters": { @@ -13535,8 +13070,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "16166471121138690529" + "version": "0.27.1.19265", + "templateHash": "6383470207031311407" } }, "parameters": { @@ -13599,7 +13134,7 @@ "condition": "[parameters('deployDefender')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('set-{0}-sub-defender', parameters('workloadName'))]", + "name": "[format('set-{0}-sub-defender', toLower(parameters('workloadName')))]", "location": "[deployment().location]", "properties": { "expressionEvaluationOptions": { @@ -13607,11 +13142,11 @@ }, "mode": "Incremental", "parameters": { - "logAnalyticsWorkspaceId": { - "value": "[parameters('logAnalyticsWorkspaceResourceId')]" - }, "emailSecurityContact": { "value": "[parameters('emailSecurityContact')]" + }, + "logAnalyticsWorkspaceId": { + "value": "[parameters('logAnalyticsWorkspaceResourceId')]" } }, "template": { @@ -13620,8 +13155,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "2376507858724004427" + "version": "0.27.1.19265", + "templateHash": "4615387508967890473" } }, "parameters": { @@ -13670,14 +13205,77 @@ }, "variables": { "autoProvisioning": "[if(parameters('enableAutoProvisioning'), 'On', 'Off')]", - "defenderPaidPlansSpecialHandlingAzurePublicList": [ - "Api" - ], "defenderPaidPlanConfig": { "AzureCloud": { "Api": { "subPlan": "P1" - } + }, + "appServices": {}, + "KeyVaults": { + "subPlan": "PerKeyVault" + }, + "Arm": { + "subPlan": "PerSubscription" + }, + "CloudPosture": { + "extensions": [ + { + "name": "SensitiveDataDiscovery", + "isEnabled": "True" + }, + { + "name": "ContainerRegistriesVulnerabilityAssessments", + "isEnabled": "True" + }, + { + "name": "AgentlessDiscoveryForKubernetes", + "isEnabled": "True" + }, + { + "name": "AgentlessVmScanning", + "isEnabled": "True" + }, + { + "name": "EntraPermissionsManagement", + "isEnabled": "True" + } + ] + }, + "Containers": { + "extensions": [ + { + "name": "ContainerRegistriesVulnerabilityAssessments", + "isEnabled": "True" + }, + { + "name": "AgentlessDiscoveryForKubernetes", + "isEnabled": "True" + } + ] + }, + "CosmosDbs": {}, + "StorageAccounts": { + "subPlan": "DefenderForStorageV2", + "extensions": [ + { + "name": "OnUploadMalwareScanning", + "isEnabled": "True", + "additionalExtensionProperties": { + "CapGBPerMonthPerStorageAccount": "5000" + } + }, + { + "name": "SensitiveDataDiscovery", + "isEnabled": "True" + } + ] + }, + "VirtualMachines": { + "subPlan": "P1" + }, + "SqlServerVirtualMachines": {}, + "SqlServers": {}, + "OpenSourceRelationalDatabases": {} } } }, @@ -13689,7 +13287,7 @@ "mode": "serial", "batchSize": 1 }, - "condition": "[and(not(empty(parameters('defenderPlans'))), equals(parameters('defenderSkuTier'), 'Free'))]", + "condition": "[equals(parameters('defenderSkuTier'), 'Free')]", "type": "Microsoft.Security/pricings", "apiVersion": "2023-01-01", "name": "[parameters('defenderPlans')[copyIndex()]]", @@ -13704,7 +13302,7 @@ "mode": "serial", "batchSize": 1 }, - "condition": "[and(and(not(empty(parameters('defenderPlans'))), equals(parameters('defenderSkuTier'), 'Standard')), not(contains(variables('defenderPaidPlansSpecialHandlingAzurePublicList'), parameters('defenderPlans')[copyIndex()])))]", + "condition": "[and(equals(parameters('defenderSkuTier'), 'Standard'), not(equals(environment().name, 'AzureCloud')))]", "type": "Microsoft.Security/pricings", "apiVersion": "2023-01-01", "name": "[parameters('defenderPlans')[copyIndex()]]", @@ -13719,11 +13317,15 @@ "mode": "serial", "batchSize": 1 }, - "condition": "[and(and(and(not(empty(parameters('defenderPlans'))), equals(parameters('defenderSkuTier'), 'Standard')), contains(variables('defenderPaidPlansSpecialHandlingAzurePublicList'), parameters('defenderPlans')[copyIndex()])), equals(environment().name, 'AzureCloud'))]", + "condition": "[and(equals(parameters('defenderSkuTier'), 'Standard'), equals(environment().name, 'AzureCloud'))]", "type": "Microsoft.Security/pricings", "apiVersion": "2023-01-01", "name": "[parameters('defenderPlans')[copyIndex()]]", - "properties": "[if(not(contains(variables('defenderPaidPlanConfig')[environment().name][parameters('defenderPlans')[copyIndex()]], 'subPlan')), createObject('pricingTier', parameters('defenderSkuTier')), createObject('pricingTier', parameters('defenderSkuTier'), 'subPlan', variables('defenderPaidPlanConfig')[environment().name][parameters('defenderPlans')[copyIndex()]].subPlan))]" + "properties": { + "pricingTier": "[parameters('defenderSkuTier')]", + "subPlan": "[if(contains(variables('defenderPaidPlanConfig')[environment().name][parameters('defenderPlans')[copyIndex()]], 'subPlan'), variables('defenderPaidPlanConfig')[environment().name][parameters('defenderPlans')[copyIndex()]].subPlan, json('null'))]", + "extensions": "[if(contains(variables('defenderPaidPlanConfig')[environment().name][parameters('defenderPlans')[copyIndex()]], 'extensions'), variables('defenderPaidPlanConfig')[environment().name][parameters('defenderPlans')[copyIndex()]].extensions, json('null'))]" + } }, { "type": "Microsoft.Security/autoProvisioningSettings", @@ -13785,26 +13387,59 @@ "type": "string", "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.diskEncryptionSetResourceId.value]" }, - "network": { + "keyVaultUri": { + "type": "string", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultUri.value]" + }, + "locatonProperties": { + "type": "object", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.locationProperties.value]" + }, + "mlzTags": { + "type": "object", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.mlzTags.value]" + }, + "namingConvention": { "type": "object", - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.network.value]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value[0].namingConvention]" + }, + "privateDnsZones": { + "type": "array", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.privateDnsZones.value]" + }, + "resourcePrefix": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('firewallResourceId'), '/')[2], split(parameters('firewallResourceId'), '/')[4]), 'Microsoft.Network/azureFirewalls', split(parameters('firewallResourceId'), '/')[8]), '2020-11-01', 'full').tags.resourcePrefix]" + }, + "storageEncryptionKeyName": { + "type": "string", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.storageKeyName.value]" }, "subnetResourceId": { "type": "string", "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.subnetResourceId.value]" }, + "tier": { + "type": "object", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value[0]]" + }, "tokens": { "type": "object", - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-naming-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value]" + }, + "userAssignedIdentityResourceId": { + "type": "string", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.userAssignedIdentityResourceId.value]" } } } } }, { + "condition": "[equals(length(variables('deploymentLocations')), 2)]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('baseline-{0}', parameters('deploymentNameSuffix'))]", + "name": "[format('deploy-tier3-session-hosts-{0}', parameters('deploymentNameSuffix'))]", "location": "[deployment().location]", "properties": { "expressionEvaluationOptions": { @@ -13812,38 +13447,57 @@ }, "mode": "Incremental", "parameters": { - "computeGalleryName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('tier3-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.network.value.computeGalleryName]" + "additionalSubnets": "[if(and(and(contains(parameters('fslogixStorageService'), 'AzureNetAppFiles'), not(empty(parameters('azureNetAppFilesSubnetAddressPrefix')))), equals(length(variables('deploymentLocations')), 2)), createObject('value', createArray(createObject('name', 'AzureNetAppFiles', 'addressPrefix', parameters('azureNetAppFilesSubnetAddressPrefix')))), createObject('value', createArray()))]", + "deployActivityLogDiagnosticSetting": { + "value": "[parameters('deployActivityLogDiagnosticSetting')]" }, - "deploymentNameSuffix": { - "value": "[parameters('deploymentNameSuffix')]" + "deployDefender": { + "value": "[parameters('deployDefender')]" }, - "diskEncryptionSetResourceId": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('tier3-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.diskEncryptionSetResourceId.value]" + "deployNetworkWatcher": { + "value": "[parameters('deployNetworkWatcher')]" + }, + "deployPolicy": { + "value": "[parameters('deployPolicy')]" }, - "enableBuildAutomation": { - "value": "[parameters('enableBuildAutomation')]" + "emailSecurityContact": { + "value": "[parameters('emailSecurityContact')]" }, - "exemptPolicyAssignmentIds": { - "value": "[parameters('exemptPolicyAssignmentIds')]" + "environmentAbbreviation": { + "value": "[parameters('environmentAbbreviation')]" }, - "location": { - "value": "[parameters('location')]" + "firewallResourceId": { + "value": "[parameters('hubAzureFirewallResourceId')]" }, - "resourceGroupName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('tier3-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.network.value.resourceGroupName]" + "hubVirtualNetworkResourceId": { + "value": "[parameters('hubVirtualNetworkResourceId')]" }, - "storageAccountResourceId": { - "value": "[parameters('storageAccountResourceId')]" + "identifier": { + "value": "[parameters('identifier')]" }, - "subscriptionId": { - "value": "[variables('subscriptionId')]" + "logAnalyticsWorkspaceResourceId": { + "value": "[parameters('operationsLogAnalyticsWorkspaceResourceId')]" + }, + "policy": { + "value": "[parameters('policy')]" + }, + "stampIndex": { + "value": "[string(parameters('stampIndex'))]" + }, + "subnetAddressPrefix": { + "value": "[parameters('subnetAddressPrefixes')[1]]" }, "tags": { - "value": "[variables('calculatedTags')]" + "value": "[parameters('tags')]" + }, + "virtualNetworkAddressPrefix": { + "value": "[parameters('virtualNetworkAddressPrefixes')[1]]" }, - "userAssignedIdentityName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('tier3-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.network.value.userAssignedIdentityName]" + "workloadName": { + "value": "avd" + }, + "workloadShortName": { + "value": "avd" } }, "template": { @@ -13852,3271 +13506,2114 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "12181921994224744670" + "version": "0.27.1.19265", + "templateHash": "6877974702104389401" } }, "parameters": { - "computeGalleryName": { - "type": "string" + "additionalSubnets": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "An array of additional subnets to support the tier3 workload." + } + }, + "deployActivityLogDiagnosticSetting": { + "type": "bool", + "metadata": { + "description": "Choose whether to deploy a diagnostic setting for the Activity Log." + } + }, + "deployDefender": { + "type": "bool", + "metadata": { + "description": "Choose whether to deploy Defender for Cloud." + } }, "deploymentNameSuffix": { - "type": "string" + "type": "string", + "defaultValue": "[utcNow()]", + "metadata": { + "description": "The suffix to append to the deployment name. It defaults to the current UTC date and time." + } }, - "diskEncryptionSetResourceId": { - "type": "string" + "deployNetworkWatcher": { + "type": "bool", + "metadata": { + "description": "Choose whether to deploy Network Watcher for the deployment location." + } }, - "enableBuildAutomation": { - "type": "bool" + "deployPolicy": { + "type": "bool", + "metadata": { + "description": "Choose whether to deploy a policy assignment." + } }, - "exemptPolicyAssignmentIds": { - "type": "array" + "emailSecurityContact": { + "type": "string", + "metadata": { + "description": "The email address to use for Defender for Cloud notifications." + } + }, + "environmentAbbreviation": { + "type": "string", + "defaultValue": "dev", + "allowedValues": [ + "dev", + "prod", + "test" + ], + "metadata": { + "description": "The abbreviation for the environment." + } + }, + "firewallResourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the Azure Firewall in the HUB." + } + }, + "hubVirtualNetworkResourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the HUB Virtual Network." + } + }, + "identifier": { + "type": "string", + "maxLength": 3, + "metadata": { + "description": "The identifier for the resource names. This value should represent the workload, project, or business unit." + } + }, + "keyVaultDiagnosticsLogs": { + "type": "array", + "defaultValue": [ + { + "category": "AuditEvent", + "enabled": true + }, + { + "category": "AzurePolicyEvaluationDetails", + "enabled": true + } + ], + "metadata": { + "description": "An array of Key Vault Diagnostic Logs categories to collect. See \"https://learn.microsoft.com/en-us/azure/key-vault/general/logging?tabs=Vault\" for valid values." + } }, "location": { - "type": "string" + "type": "string", + "defaultValue": "[deployment().location]", + "metadata": { + "description": "The location for the deployment. It defaults to the location of the deployment." + } }, - "resourceGroupName": { - "type": "string" + "logAnalyticsWorkspaceResourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the Log Analytics Workspace to use for log storage." + } }, - "storageAccountResourceId": { - "type": "string" + "logStorageSkuName": { + "type": "string", + "defaultValue": "Standard_GRS", + "metadata": { + "description": "The Storage Account SKU to use for log storage. It defaults to \"Standard_GRS\". See https://docs.microsoft.com/en-us/rest/api/storagerp/srp_sku_types for valid settings." + } }, - "subscriptionId": { - "type": "string" + "networkSecurityGroupDiagnosticsLogs": { + "type": "array", + "defaultValue": [ + { + "category": "NetworkSecurityGroupEvent", + "enabled": true + }, + { + "category": "NetworkSecurityGroupRuleCounter", + "enabled": true + } + ], + "metadata": { + "description": "An array of Network Security Group diagnostic logs to apply to the workload Virtual Network. See https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-nsg-manage-log#log-categories for valid settings." + } + }, + "networkSecurityGroupDiagnosticsMetrics": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "The metrics to monitor for the Network Security Group." + } + }, + "networkSecurityGroupRules": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "The rules to apply to the Network Security Group." + } + }, + "policy": { + "type": "string", + "defaultValue": "NISTRev4", + "metadata": { + "description": "The policy to assign to the workload." + } + }, + "stampIndex": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "The stamp index allows for multiple AVD stamps with the same business unit or project to support different use cases." + } + }, + "subnetAddressPrefix": { + "type": "string", + "metadata": { + "description": "The address prefix for the workload subnet." + } }, "tags": { - "type": "object" + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "The tags to apply to the resources." + } }, - "userAssignedIdentityName": { - "type": "string" + "virtualNetworkAddressPrefix": { + "type": "string", + "metadata": { + "description": "The address prefix for the workload Virtual Network." + } + }, + "virtualNetworkDiagnosticsLogs": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "The diagnostic logs to apply to the workload Virtual Network." + } + }, + "virtualNetworkDiagnosticsMetrics": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "The metrics to monitor for the workload Virtual Network." + } + }, + "workloadName": { + "type": "string", + "defaultValue": "tier3", + "minLength": 1, + "maxLength": 10, + "metadata": { + "description": "The name for the workload." + } + }, + "workloadShortName": { + "type": "string", + "defaultValue": "t3", + "minLength": 1, + "maxLength": 3, + "metadata": { + "description": "The short name for the workload." + } } }, + "variables": { + "hubResourceGroupName": "[split(parameters('hubVirtualNetworkResourceId'), '/')[4]]", + "hubSubscriptionId": "[split(parameters('hubVirtualNetworkResourceId'), '/')[2]]", + "subscriptionId": "[subscription().subscriptionId]" + }, "resources": [ { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('user-assigned-identity-{0}', parameters('deploymentNameSuffix'))]", - "subscriptionId": "[parameters('subscriptionId')]", - "resourceGroup": "[parameters('resourceGroupName')]", + "name": "[format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))]", + "location": "[deployment().location]", "properties": { "expressionEvaluationOptions": { "scope": "inner" }, "mode": "Incremental", "parameters": { + "deploymentNameSuffix": { + "value": "[parameters('deploymentNameSuffix')]" + }, + "environmentAbbreviation": { + "value": "[parameters('environmentAbbreviation')]" + }, "location": { "value": "[parameters('location')]" }, - "name": { - "value": "[parameters('userAssignedIdentityName')]" + "networks": { + "value": [ + { + "name": "[parameters('workloadName')]", + "shortName": "[parameters('workloadShortName')]", + "deployUniqueResources": false, + "subscriptionId": "[variables('subscriptionId')]", + "nsgDiagLogs": "[parameters('networkSecurityGroupDiagnosticsLogs')]", + "nsgDiagMetrics": "[parameters('networkSecurityGroupDiagnosticsMetrics')]", + "nsgRules": "[parameters('networkSecurityGroupRules')]", + "vnetAddressPrefix": "[parameters('virtualNetworkAddressPrefix')]", + "vnetDiagLogs": "[parameters('virtualNetworkDiagnosticsLogs')]", + "vnetDiagMetrics": "[parameters('virtualNetworkDiagnosticsMetrics')]", + "subnetAddressPrefix": "[parameters('subnetAddressPrefix')]" + } + ] }, - "tags": { - "value": "[parameters('tags')]" + "resourcePrefix": { + "value": "[parameters('identifier')]" + }, + "stampIndex": { + "value": "[parameters('stampIndex')]" } }, "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "3261785720771012004" + "version": "0.27.1.19265", + "templateHash": "11171233226932915639" } }, "parameters": { - "location": { + "deploymentNameSuffix": { "type": "string" }, - "name": { + "environmentAbbreviation": { "type": "string" }, - "tags": { - "type": "object" - } - }, - "resources": [ - { - "type": "Microsoft.ManagedIdentity/userAssignedIdentities", - "apiVersion": "2018-11-30", - "name": "[parameters('name')]", - "location": "[parameters('location')]", - "tags": "[if(contains(parameters('tags'), 'Microsoft.ManagedIdentity/userAssignedIdentities'), parameters('tags')['Microsoft.ManagedIdentity/userAssignedIdentities'], createObject())]" - } - ], - "outputs": { - "clientId": { - "type": "string", - "value": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name')), '2018-11-30').clientId]" + "location": { + "type": "string" }, - "principalId": { - "type": "string", - "value": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name')), '2018-11-30').principalId]" + "networks": { + "type": "array" }, - "resourceId": { - "type": "string", - "value": "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name'))]" - } - } - } - } - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('role-assignment-compute-{0}', parameters('deploymentNameSuffix'))]", - "subscriptionId": "[parameters('subscriptionId')]", - "resourceGroup": "[parameters('resourceGroupName')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "principalId": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('user-assigned-identity-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.principalId.value]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "6123420137652686226" - } - }, - "parameters": { - "principalId": { + "resourcePrefix": { "type": "string" + }, + "stampIndex": { + "type": "string", + "defaultValue": "" } }, "variables": { - "roleDefinitionIds": [ - "f353d9bd-d4a6-484e-a77a-8050b599b867", - "f1a07417-d97a-45cb-824c-7a7467783830", - "acdd72a7-3385-48ef-bd42-f606fba81ae7", - "9980e02c-c2be-4d73-94e8-173b1dc7cf3c" - ] - }, - "resources": [ - { - "copy": { - "name": "roleAssignment", - "count": "[length(variables('roleDefinitionIds'))]" - }, - "type": "Microsoft.Authorization/roleAssignments", - "apiVersion": "2022-04-01", - "name": "[guid(parameters('principalId'), variables('roleDefinitionIds')[copyIndex()], resourceGroup().name)]", - "properties": { - "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', variables('roleDefinitionIds')[copyIndex()])]", - "principalId": "[parameters('principalId')]", - "principalType": "ServicePrincipal" + "copy": [ + { + "name": "privateDnsZoneNames_Backup", + "count": "[length(items(variables('locations')))]", + "input": "[format('privatelink.{0}.backup.windowsazure.{1}', items(variables('locations'))[copyIndex('privateDnsZoneNames_Backup')].value.recoveryServicesGeo, coalesce(variables('privateDnsZoneSuffixes_Backup')[environment().name], variables('cloudSuffix')))]" + } + ], + "$fxv#0": { + "AzureChina": { + "chinaeast": { + "abbreviation": "cne", + "recoveryServicesGeo": "sha", + "timeDifference": "+8:00", + "timeZone": "China Standard Time" + }, + "chinaeast2": { + "abbreviation": "cne2", + "recoveryServicesGeo": "sha2", + "timeDifference": "+8:00", + "timeZone": "China Standard Time" + }, + "chinanorth": { + "abbreviation": "cnn", + "recoveryServicesGeo": "bjb", + "timeDifference": "+8:00", + "timeZone": "China Standard Time" + }, + "chinanorth2": { + "abbreviation": "cnn2", + "recoveryServicesGeo": "bjb2", + "timeDifference": "+8:00", + "timeZone": "China Standard Time" + } + }, + "AzureCloud": { + "australiacentral": { + "abbreviation": "auc", + "recoveryServicesGeo": "acl", + "timeDifference": "+10:00", + "timeZone": "AUS Eastern Standard Time" + }, + "australiacentral2": { + "abbreviation": "auc2", + "recoveryServicesGeo": "acl2", + "timeDifference": "+10:00", + "timeZone": "AUS Eastern Standard Time" + }, + "australiaeast": { + "abbreviation": "aue", + "recoveryServicesGeo": "ae", + "timeDifference": "+10:00", + "timeZone": "AUS Eastern Standard Time" + }, + "australiasoutheast": { + "abbreviation": "ause", + "recoveryServicesGeo": "ase", + "timeDifference": "+10:00", + "timeZone": "AUS Eastern Standard Time" + }, + "brazilsouth": { + "abbreviation": "brs", + "recoveryServicesGeo": "brs", + "timeDifference": "-3:00", + "timeZone": "E. South America Standard Time" + }, + "brazilsoutheast": { + "abbreviation": "brse", + "recoveryServicesGeo": "bse", + "timeDifference": "-3:00", + "timeZone": "E. South America Standard Time" + }, + "canadacentral": { + "abbreviation": "cac", + "recoveryServicesGeo": "cnc", + "timeDifference": "-5:00", + "timeZone": "Eastern Standard Time" + }, + "canadaeast": { + "abbreviation": "cae", + "recoveryServicesGeo": "cne", + "timeDifference": "-5:00", + "timeZone": "Eastern Standard Time" + }, + "centralindia": { + "abbreviation": "inc", + "recoveryServicesGeo": "inc", + "timeDifference": "+5:30", + "timeZone": "India Standard Time" + }, + "centralus": { + "abbreviation": "usc", + "recoveryServicesGeo": "cus", + "timeDifference": "-6:00", + "timeZone": "Central Standard Time" + }, + "eastasia": { + "abbreviation": "ase", + "recoveryServicesGeo": "ea", + "timeDifference": "+8:00", + "timeZone": "China Standard Time" + }, + "eastus": { + "abbreviation": "use", + "recoveryServicesGeo": "eus", + "timeDifference": "-5:00", + "timeZone": "Eastern Standard Time" + }, + "eastus2": { + "abbreviation": "use2", + "recoveryServicesGeo": "eus2", + "timeDifference": "-5:00", + "timeZone": "Eastern Standard Time" + }, + "francecentral": { + "abbreviation": "frc", + "recoveryServicesGeo": "frc", + "timeDifference": "+1:00", + "timeZone": "Central Europe Standard Time" + }, + "francesouth": { + "abbreviation": "frs", + "recoveryServicesGeo": "frs", + "timeDifference": "+1:00", + "timeZone": "Central Europe Standard Time" + }, + "germanynorth": { + "abbreviation": "den", + "recoveryServicesGeo": "gn", + "timeDifference": "+1:00", + "timeZone": "Central Europe Standard Time" + }, + "germanywestcentral": { + "abbreviation": "dewc", + "recoveryServicesGeo": "gwc", + "timeDifference": "+1:00", + "timeZone": "Central Europe Standard Time" + }, + "israelcentral": { + "abbreviation": "ilc", + "recoveryServicesGeo": "ilc", + "timeDifference": "+2:00", + "timeZone": "Israel Standard Time" + }, + "italynorth": { + "abbreviation": "itn", + "recoveryServicesGeo": "itn", + "timeDifference": "+1:00", + "timeZone": "Central Europe Standard Time" + }, + "japaneast": { + "abbreviation": "jpe", + "recoveryServicesGeo": "jpe", + "timeDifference": "+9:00", + "timeZone": "Tokyo Standard Time" + }, + "japanwest": { + "abbreviation": "jpw", + "recoveryServicesGeo": "jpw", + "timeDifference": "+9:00", + "timeZone": "Tokyo Standard Time" + }, + "jioindiacentral": { + "abbreviation": "injc", + "recoveryServicesGeo": "jic", + "timeDifference": "+5:30", + "timeZone": "India Standard Time" + }, + "jioindiawest": { + "abbreviation": "injw", + "recoveryServicesGeo": "jiw", + "timeDifference": "+5:30", + "timeZone": "India Standard Time" + }, + "koreacentral": { + "abbreviation": "krc", + "recoveryServicesGeo": "krc", + "timeDifference": "+9:00", + "timeZone": "Korea Standard Time" + }, + "koreasouth": { + "abbreviation": "krs", + "recoveryServicesGeo": "krs", + "timeDifference": "+9:00", + "timeZone": "Korea Standard Time" + }, + "northcentralus": { + "abbreviation": "usnc", + "recoveryServicesGeo": "ncus", + "timeDifference": "-6:00", + "timeZone": "Central Standard Time" + }, + "northeurope": { + "abbreviation": "eun", + "recoveryServicesGeo": "ne", + "timeDifference": "0:00", + "timeZone": "GMT Standard Time" + }, + "norwayeast": { + "abbreviation": "noe", + "recoveryServicesGeo": "nwe", + "timeDifference": "+1:00", + "timeZone": "Central Europe Standard Time" + }, + "norwaywest": { + "abbreviation": "now", + "recoveryServicesGeo": "nww", + "timeDifference": "+1:00", + "timeZone": "Central Europe Standard Time" + }, + "polandcentral": { + "abbreviation": "plc", + "recoveryServicesGeo": "plc", + "timeDifference": "+1:00", + "timeZone": "Central Europe Standard Time" + }, + "qatarcentral": { + "abbreviation": "qac", + "recoveryServicesGeo": "qac", + "timeDifference": "+3:00", + "timeZone": "Arabian Standard Time" + }, + "southafricanorth": { + "abbreviation": "zan", + "recoveryServicesGeo": "san", + "timeDifference": "+2:00", + "timeZone": "South Africa Standard Time" + }, + "southafricawest": { + "abbreviation": "zaw", + "recoveryServicesGeo": "saw", + "timeDifference": "+2:00", + "timeZone": "South Africa Standard Time" + }, + "southcentralus": { + "abbreviation": "ussc", + "recoveryServicesGeo": "scus", + "timeDifference": "-6:00", + "timeZone": "Central Standard Time" + }, + "southeastasia": { + "abbreviation": "asse", + "recoveryServicesGeo": "sea", + "timeDifference": "+8:00", + "timeZone": "Singapore Standard Time" + }, + "southindia": { + "abbreviation": "ins", + "recoveryServicesGeo": "ins", + "timeDifference": "+5:30", + "timeZone": "India Standard Time" + }, + "swedencentral": { + "abbreviation": "sec", + "recoveryServicesGeo": "sdc", + "timeDifference": "+1:00", + "timeZone": "Central Europe Standard Time" + }, + "switzerlandnorth": { + "abbreviation": "chn", + "recoveryServicesGeo": "szn", + "timeDifference": "+1:00", + "timeZone": "Central Europe Standard Time" + }, + "switzerlandwest": { + "abbreviation": "chw", + "recoveryServicesGeo": "szw", + "timeDifference": "+1:00", + "timeZone": "Central Europe Standard Time" + }, + "uaecentral": { + "abbreviation": "aec", + "recoveryServicesGeo": "uac", + "timeDifference": "+3:00", + "timeZone": "Arabian Standard Time" + }, + "uaenorth": { + "abbreviation": "aen", + "recoveryServicesGeo": "uan", + "timeDifference": "+3:00", + "timeZone": "Arabian Standard Time" + }, + "uksouth": { + "abbreviation": "uks", + "recoveryServicesGeo": "uks", + "timeDifference": "0:00", + "timeZone": "GMT Standard Time" + }, + "ukwest": { + "abbreviation": "ukw", + "recoveryServicesGeo": "ukw", + "timeDifference": "0:00", + "timeZone": "GMT Standard Time" + }, + "westcentralus": { + "abbreviation": "uswc", + "recoveryServicesGeo": "wcus", + "timeDifference": "-7:00", + "timeZone": "Mountain Standard Time" + }, + "westeurope": { + "abbreviation": "euw", + "recoveryServicesGeo": "we", + "timeDifference": "+1:00", + "timeZone": "Central Europe Standard Time" + }, + "westindia": { + "abbreviation": "inw", + "recoveryServicesGeo": "inw", + "timeDifference": "+5:30", + "timeZone": "India Standard Time" + }, + "westus": { + "abbreviation": "usw", + "recoveryServicesGeo": "wus", + "timeDifference": "-8:00", + "timeZone": "Pacific Standard Time" + }, + "westus2": { + "abbreviation": "usw2", + "recoveryServicesGeo": "wus2", + "timeDifference": "-8:00", + "timeZone": "Pacific Standard Time" + }, + "westus3": { + "abbreviation": "usw3", + "recoveryServicesGeo": "wus3", + "timeDifference": "-7:00", + "timeZone": "Mountain Standard Time" + } + }, + "AzureUSGovernment": { + "usdodcentral": { + "abbreviation": "dodc", + "recoveryServicesGeo": "udc", + "timeDifference": "-6:00", + "timeZone": "Central Standard Time" + }, + "usdodeast": { + "abbreviation": "dode", + "recoveryServicesGeo": "ude", + "timeDifference": "-5:00", + "timeZone": "Eastern Standard Time" + }, + "usgovarizona": { + "abbreviation": "az", + "recoveryServicesGeo": "uga", + "timeDifference": "-7:00", + "timeZone": "Mountain Standard Time" + }, + "usgovtexas": { + "abbreviation": "tx", + "recoveryServicesGeo": "ugt", + "timeDifference": "-6:00", + "timeZone": "Central Standard Time" + }, + "usgovvirginia": { + "abbreviation": "va", + "recoveryServicesGeo": "ugv", + "timeDifference": "-5:00", + "timeZone": "Eastern Standard Time" + } + }, + "USNat": { + "usnateast": { + "abbreviation": "east", + "recoveryServicesGeo": "exe", + "timeDifference": "-5:00", + "timeZone": "Eastern Standard Time" + }, + "usnatwest": { + "abbreviation": "west", + "recoveryServicesGeo": "exw", + "timeDifference": "-8:00", + "timeZone": "Pacific Standard Time" + } + }, + "USSec": { + "usseceast": { + "abbreviation": "east", + "recoveryServicesGeo": "rxe", + "timeDifference": "-5:00", + "timeZone": "Eastern Standard Time" + }, + "ussecwest": { + "abbreviation": "west", + "recoveryServicesGeo": "rxw", + "timeDifference": "-8:00", + "timeZone": "Pacific Standard Time" + } } - } - ] - } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('user-assigned-identity-{0}', parameters('deploymentNameSuffix')))]" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('role-assignment-storage-{0}', parameters('deploymentNameSuffix'))]", - "subscriptionId": "[parameters('subscriptionId')]", - "resourceGroup": "[split(parameters('storageAccountResourceId'), '/')[4]]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "principalId": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('user-assigned-identity-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.principalId.value]" - }, - "storageAccountResourceId": { - "value": "[parameters('storageAccountResourceId')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "4730086051603564055" - } - }, - "parameters": { - "principalId": { - "type": "string" }, - "storageAccountResourceId": { - "type": "string" + "$fxv#1": "1.0.0", + "$fxv#2": { + "actionGroups": "ag", + "applicationGroups": "vdag", + "automationAccounts": "aa", + "availabilitySets": "avail", + "azureFirewalls": "afw", + "bastionHosts": "bas", + "computeGallieries": "cg", + "dataCollectionRuleAssociations": "dcra", + "dataCollectionRules": "dcr", + "diagnosticSettings": "diag", + "diskAccesses": "da", + "diskEncryptionSets": "des", + "disks": "disk", + "firewallPolicies": "afwp", + "hostPools": "vdpool", + "ipConfigurations": "ipconf", + "keyVaults": "kv", + "logAnalyticsWorkspaces": "log", + "netAppAccounts": "naa", + "netAppCapacityPools": "nacp", + "networkInterfaces": "nic", + "networkSecurityGroups": "nsg", + "networkWatchers": "nw", + "privateEndpoints": "pe", + "privateLinkScopes": "pls", + "publicIPAddresses": "pip", + "recoveryServicesVaults": "rsv", + "remoteApplicationGroups": "vdag", + "resourceGroups": "rg", + "routeTables": "rt", + "storageAccounts": "st", + "subnets": "snet", + "userAssignedIdentities": "id", + "virtualMachines": "vm", + "virtualNetworks": "vnet", + "workspaces": "vdws" + }, + "cloudSuffix": "[replace(replace(environment().resourceManager, 'https://management.', ''), '/', '')]", + "environmentName": { + "dev": "Development", + "prod": "Production", + "test": "Test" + }, + "locations": "[variables('$fxv#0')[environment().name]]", + "mlzTags": { + "environment": "[variables('environmentName')[parameters('environmentAbbreviation')]]", + "landingZoneName": "MissionLandingZone", + "landingZoneVersion": "[variables('$fxv#1')]", + "resourcePrefix": "[parameters('resourcePrefix')]" + }, + "resourceAbbreviations": "[variables('$fxv#2')]", + "tokens": { + "resource": "resource_token", + "service": "service_token" + }, + "privateDnsZoneNames": "[union(createArray(format('privatelink.agentsvc.azure-automation.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureAutomation')[environment().name], variables('cloudSuffix'))), format('privatelink.azure-automation.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureAutomation')[environment().name], variables('cloudSuffix'))), format('privatelink.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureWebSites')[environment().name], format('appservice.{0}', variables('cloudSuffix')))), format('scm.privatelink.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureWebSites')[environment().name], format('appservice.{0}', variables('cloudSuffix')))), format('privatelink.wvd.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureVirtualDesktop')[environment().name], variables('cloudSuffix'))), format('privatelink-global.wvd.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureVirtualDesktop')[environment().name], variables('cloudSuffix'))), format('privatelink.file.{0}', environment().suffixes.storage), format('privatelink.queue.{0}', environment().suffixes.storage), format('privatelink.table.{0}', environment().suffixes.storage), format('privatelink.blob.{0}', environment().suffixes.storage), format('privatelink{0}', replace(environment().suffixes.keyvaultDns, 'vault', 'vaultcore')), format('privatelink.monitor.{0}', coalesce(variables('privateDnsZoneSuffixes_Monitor')[environment().name], variables('cloudSuffix'))), format('privatelink.ods.opinsights.{0}', coalesce(variables('privateDnsZoneSuffixes_Monitor')[environment().name], variables('cloudSuffix'))), format('privatelink.oms.opinsights.{0}', coalesce(variables('privateDnsZoneSuffixes_Monitor')[environment().name], variables('cloudSuffix')))), variables('privateDnsZoneNames_Backup'))]", + "privateDnsZoneSuffixes_AzureAutomation": { + "AzureCloud": "net", + "AzureUSGovernment": "us", + "USNat": null, + "USSec": null + }, + "privateDnsZoneSuffixes_AzureVirtualDesktop": { + "AzureCloud": "microsoft.com", + "AzureUSGovernment": "azure.us", + "USNat": null, + "USSec": null + }, + "privateDnsZoneSuffixes_AzureWebSites": { + "AzureCloud": "azurewebsites.net", + "AzureUSGovernment": "azurewebsites.us", + "USNat": null, + "USSec": null + }, + "privateDnsZoneSuffixes_Backup": { + "AzureCloud": "com", + "AzureUSGovernment": "us", + "USNat": null, + "USSec": null + }, + "privateDnsZoneSuffixes_Monitor": { + "AzureCloud": "azure.com", + "AzureUSGovernment": "azure.us", + "USNat": null, + "USSec": null } }, - "variables": { - "roleDefinitionId": "2a2b9908-6ea1-4ae2-8e65-a410df84e7d1" - }, "resources": [ { - "type": "Microsoft.Authorization/roleAssignments", - "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.Storage/storageAccounts/{0}', split(parameters('storageAccountResourceId'), '/')[8])]", - "name": "[guid(parameters('principalId'), variables('roleDefinitionId'), parameters('storageAccountResourceId'))]", + "copy": { + "name": "namingConventions", + "count": "[length(parameters('networks'))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('naming-convention-{0}-{1}', parameters('networks')[copyIndex()].name, parameters('deploymentNameSuffix'))]", + "location": "[deployment().location]", "properties": { - "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', variables('roleDefinitionId'))]", - "principalId": "[parameters('principalId')]", - "principalType": "ServicePrincipal" - } - } - ] - } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('user-assigned-identity-{0}', parameters('deploymentNameSuffix')))]" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('disk-encryption-set-{0}', parameters('deploymentNameSuffix'))]", - "subscriptionId": "[split(parameters('diskEncryptionSetResourceId'), '/')[2]]", - "resourceGroup": "[split(parameters('diskEncryptionSetResourceId'), '/')[4]]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "diskEncryptionSetName": { - "value": "[split(parameters('diskEncryptionSetResourceId'), '/')[8]]" - }, - "principalId": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('user-assigned-identity-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.principalId.value]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "1555328837128180474" - } - }, - "parameters": { - "diskEncryptionSetName": { - "type": "string" - }, - "principalId": { - "type": "string" + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "locationAbbreviation": { + "value": "[variables('locations')[parameters('location')].abbreviation]" + }, + "environmentAbbreviation": { + "value": "[parameters('environmentAbbreviation')]" + }, + "networkName": { + "value": "[parameters('networks')[copyIndex()].name]" + }, + "networkShortName": { + "value": "[parameters('networks')[copyIndex()].shortName]" + }, + "resourceAbbreviations": { + "value": "[variables('resourceAbbreviations')]" + }, + "resourcePrefix": { + "value": "[parameters('resourcePrefix')]" + }, + "stampIndex": { + "value": "[parameters('stampIndex')]" + }, + "subscriptionId": { + "value": "[parameters('networks')[copyIndex()].subscriptionId]" + }, + "tokens": { + "value": "[variables('tokens')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "13218155481958331255" + } + }, + "parameters": { + "environmentAbbreviation": { + "type": "string" + }, + "locationAbbreviation": { + "type": "string" + }, + "networkName": { + "type": "string" + }, + "networkShortName": { + "type": "string" + }, + "resourceAbbreviations": { + "type": "object" + }, + "resourcePrefix": { + "type": "string" + }, + "stampIndex": { + "type": "string", + "defaultValue": "" + }, + "subscriptionId": { + "type": "string" + }, + "tokens": { + "type": "object" + } + }, + "variables": { + "namingConvention": "[format('{0}-{1}{2}-{3}-{4}-{5}', toLower(parameters('resourcePrefix')), if(empty(parameters('stampIndex')), '', format('{0}-', parameters('stampIndex'))), parameters('tokens').resource, parameters('networkName'), parameters('environmentAbbreviation'), parameters('locationAbbreviation'))]", + "namingConvention_Service": "[format('{0}-{1}{2}-{3}-{4}-{5}-{6}', toLower(parameters('resourcePrefix')), if(empty(parameters('stampIndex')), '', format('{0}-', parameters('stampIndex'))), parameters('tokens').resource, parameters('tokens').service, parameters('networkName'), parameters('environmentAbbreviation'), parameters('locationAbbreviation'))]", + "names": { + "actionGroup": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').actionGroups)]", + "applicationGroup": "[replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').applicationGroups)]", + "automationAccount": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').automationAccounts)]", + "automationAccountDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, parameters('resourceAbbreviations').automationAccounts)]", + "automationAccountNetworkInterface": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, parameters('resourceAbbreviations').automationAccounts)]", + "automationAccountPrivateEndpoint": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').privateEndpoints), parameters('tokens').service, parameters('resourceAbbreviations').automationAccounts)]", + "availabilitySet": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').availabilitySets)]", + "azureFirewall": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').azureFirewalls)]", + "azureFirewallClientPublicIPAddress": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').publicIpAddresses), parameters('tokens').service, format('client-{0}', parameters('resourceAbbreviations').azureFirewalls))]", + "azureFirewallClientPublicIPAddressDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, format('{0}-client-{1}', parameters('resourceAbbreviations').publicIpAddresses, parameters('resourceAbbreviations').azureFirewalls))]", + "azureFirewallDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, parameters('resourceAbbreviations').azureFirewalls)]", + "azureFirewallManagementPublicIPAddress": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').publicIpAddresses), parameters('tokens').service, format('mgmt-{0}', parameters('resourceAbbreviations').azureFirewalls))]", + "azureFirewallManagementPublicIPAddressDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, format('{0}-mgmt-{1}', parameters('resourceAbbreviations').publicIpAddresses, parameters('resourceAbbreviations').azureFirewalls))]", + "azureFirewallPolicy": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').firewallPolicies)]", + "bastionHost": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').bastionHosts)]", + "bastionHostPublicIPAddress": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').publicIpAddresses), parameters('tokens').service, parameters('resourceAbbreviations').bastionHosts)]", + "bastionHostPublicIPAddressDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, format('{0}-{1}', parameters('resourceAbbreviations').publicIpAddresses, parameters('resourceAbbreviations').bastionHosts))]", + "computeGallery": "[replace(replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').computeGallieries), '-', '_')]", + "dataCollectionRuleAssociation": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').dataCollectionRuleAssociations)]", + "dataCollectionRule": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').dataCollectionRules)]", + "diskAccess": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').diskAccesses)]", + "diskEncryptionSet": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').diskEncryptionSets)]", + "hostPool": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').hostPools)]", + "hostPoolDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, parameters('resourceAbbreviations').hostPools)]", + "hostPoolNetworkInterface": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, parameters('resourceAbbreviations').hostPools)]", + "hostPoolPrivateEndpoint": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').privateEndpoints), parameters('tokens').service, parameters('resourceAbbreviations').hostPools)]", + "keyVault": "[format('{0}{1}', replace(replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').keyVaults), '-', ''), parameters('networkName'), parameters('networkShortName')), uniqueString(parameters('resourcePrefix'), parameters('environmentAbbreviation'), parameters('subscriptionId')))]", + "keyVaultDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, format('{0}{1}', parameters('tokens').service, parameters('resourceAbbreviations').keyVaults))]", + "keyVaultNetworkInterface": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, format('{0}{1}', parameters('tokens').service, parameters('resourceAbbreviations').keyVaults))]", + "keyVaultPrivateEndpoint": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').privateEndpoints), parameters('tokens').service, format('{0}{1}', parameters('tokens').service, parameters('resourceAbbreviations').keyVaults))]", + "logAnalyticsWorkspace": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').logAnalyticsWorkspaces)]", + "logAnalyticsWorkspaceDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, parameters('resourceAbbreviations').logAnalyticsWorkspaces)]", + "netAppAccountCapacityPool": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').netAppCapacityPools)]", + "netAppAccount": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').netAppAccounts)]", + "networkSecurityGroup": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').networkSecurityGroups)]", + "networkSecurityGroupDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, parameters('resourceAbbreviations').networkSecurityGroups)]", + "networkWatcher": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').networkWatchers)]", + "privateLinkScope": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').privateLinkScopes)]", + "privateLinkScopeNetworkInterface": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, parameters('resourceAbbreviations').privateLinkScopes)]", + "privateLinkScopePrivateEndpoint": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').privateEndpoints), parameters('tokens').service, parameters('resourceAbbreviations').privateLinkScopes)]", + "recoveryServicesVault": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').recoveryServicesVaults)]", + "recoveryServicesNetworkInterface": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, parameters('resourceAbbreviations').recoveryServicesVaults)]", + "recoveryServicesPrivateEndpoint": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').privateEndpoints), parameters('tokens').service, parameters('resourceAbbreviations').recoveryServicesVaults)]", + "resourceGroup": "[replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').resourceGroups)]", + "routeTable": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').routeTables)]", + "storageAccount": "[toLower(take(format('{0}{1}', replace(replace(replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').storageAccounts), parameters('networkName'), parameters('networkShortName')), '-', ''), uniqueString(parameters('resourcePrefix'), parameters('environmentAbbreviation'), parameters('subscriptionId'))), 24))]", + "storageAccountNetworkInterface": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').storageAccounts))]", + "storageAccountPrivateEndpoint": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').privateEndpoints), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').storageAccounts))]", + "subnet": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').subnets)]", + "userAssignedIdentity": "[replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').userAssignedIdentities)]", + "virtualMachine": "[replace(replace(replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').virtualMachines), parameters('environmentAbbreviation'), first(parameters('environmentAbbreviation'))), parameters('networkName'), ''), '-', '')]", + "virtualMachineDisk": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').disks), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').virtualMachines))]", + "virtualMachineNetworkInterface": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').virtualMachines))]", + "virtualNetwork": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').virtualNetworks)]", + "virtualNetworkDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, parameters('resourceAbbreviations').virtualNetworks)]", + "workspaceFeed": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').workspaces), format('-{0}', parameters('stampIndex')), '')]", + "workspaceFeedDiagnosticSetting": "[replace(replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').workspaces)), format('-{0}', parameters('stampIndex')), '')]", + "workspaceFeedNetworkInterface": "[replace(replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').workspaces)), format('-{0}', parameters('stampIndex')), '')]", + "workspaceFeedPrivateEndpoint": "[replace(replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').privateEndpoints), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').workspaces)), format('-{0}', parameters('stampIndex')), '')]", + "workspaceGlobal": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').workspaces), format('-{0}', parameters('stampIndex')), '')]", + "workspaceGlobalDiagnosticSetting": "[replace(replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').workspaces)), format('-{0}', parameters('stampIndex')), '')]", + "workspaceGlobalNetworkInterface": "[replace(replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').workspaces)), format('-{0}', parameters('stampIndex')), '')]", + "workspaceGlobalPrivateEndpoint": "[replace(replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').privateEndpoints), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').workspaces)), format('-{0}', parameters('stampIndex')), '')]" + } + }, + "resources": [], + "outputs": { + "names": { + "type": "object", + "value": "[variables('names')]" + } + } + } + } } - }, - "variables": { - "roleDefinitionId": "acdd72a7-3385-48ef-bd42-f606fba81ae7" - }, - "resources": [ - { - "type": "Microsoft.Authorization/roleAssignments", - "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.Compute/diskEncryptionSets/{0}', parameters('diskEncryptionSetName'))]", - "name": "[guid(parameters('principalId'), variables('roleDefinitionId'), resourceId('Microsoft.Compute/diskEncryptionSets', parameters('diskEncryptionSetName')))]", - "properties": { - "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', variables('roleDefinitionId'))]", - "principalId": "[parameters('principalId')]", - "principalType": "ServicePrincipal" + ], + "outputs": { + "locationProperties": { + "type": "object", + "value": "[variables('locations')[parameters('location')]]" + }, + "mlzTags": { + "type": "object", + "value": "[variables('mlzTags')]" + }, + "privateDnsZones": { + "type": "array", + "value": "[variables('privateDnsZoneNames')]" + }, + "tiers": { + "type": "array", + "copy": { + "count": "[length(parameters('networks'))]", + "input": { + "name": "[parameters('networks')[copyIndex()].name]", + "shortName": "[parameters('networks')[copyIndex()].shortName]", + "deployUniqueResources": "[parameters('networks')[copyIndex()].deployUniqueResources]", + "subscriptionId": "[parameters('networks')[copyIndex()].subscriptionId]", + "nsgDiagLogs": "[parameters('networks')[copyIndex()].nsgDiagLogs]", + "nsgDiagMetrics": "[parameters('networks')[copyIndex()].nsgDiagMetrics]", + "nsgRules": "[parameters('networks')[copyIndex()].nsgRules]", + "vnetAddressPrefix": "[parameters('networks')[copyIndex()].vnetAddressPrefix]", + "vnetDiagLogs": "[parameters('networks')[copyIndex()].vnetDiagLogs]", + "vnetDiagMetrics": "[parameters('networks')[copyIndex()].vnetDiagMetrics]", + "subnetAddressPrefix": "[parameters('networks')[copyIndex()].subnetAddressPrefix]", + "namingConvention": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('naming-convention-{0}-{1}', parameters('networks')[copyIndex()].name, parameters('deploymentNameSuffix'))), '2022-09-01').outputs.names.value]" + } } + }, + "tokens": { + "type": "object", + "value": "[variables('tokens')]" } - ] + } } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('user-assigned-identity-{0}', parameters('deploymentNameSuffix')))]" - ] + } }, { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('gallery-image-{0}', parameters('deploymentNameSuffix'))]", - "subscriptionId": "[parameters('subscriptionId')]", - "resourceGroup": "[parameters('resourceGroupName')]", + "name": "[format('deploy-rg-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))]", + "location": "[deployment().location]", "properties": { "expressionEvaluationOptions": { "scope": "inner" }, "mode": "Incremental", "parameters": { - "enableBuildAutomation": { - "value": "[parameters('enableBuildAutomation')]" - }, "location": { "value": "[parameters('location')]" }, - "computeGalleryName": { - "value": "[parameters('computeGalleryName')]" + "mlzTags": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.mlzTags.value]" + }, + "name": { + "value": "[replace(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value[0].namingConvention.resourceGroup, reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value.service, 'network')]" }, "tags": { "value": "[parameters('tags')]" - }, - "userAssignedIdentityPrincipalId": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('user-assigned-identity-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.principalId.value]" } }, "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "2894140398868893648" + "version": "0.27.1.19265", + "templateHash": "11578255285976861685" } }, "parameters": { - "computeGalleryName": { - "type": "string" + "mlzTags": { + "type": "object" }, - "enableBuildAutomation": { - "type": "bool" + "name": { + "type": "string" }, "location": { "type": "string" }, "tags": { - "type": "object" - }, - "userAssignedIdentityPrincipalId": { - "type": "string" + "type": "object", + "defaultValue": {} } }, - "variables": { - "roleDefinitionId": "b24988ac-6180-42a0-ab88-20f7382dd24c" - }, "resources": [ { - "type": "Microsoft.Compute/galleries", - "apiVersion": "2022-01-03", - "name": "[parameters('computeGalleryName')]", + "type": "Microsoft.Resources/resourceGroups", + "apiVersion": "2019-05-01", + "name": "[parameters('name')]", "location": "[parameters('location')]", - "tags": "[if(contains(parameters('tags'), 'Microsoft.Compute/galleries'), parameters('tags')['Microsoft.Compute/galleries'], createObject())]" - }, - { - "condition": "[parameters('enableBuildAutomation')]", - "type": "Microsoft.Authorization/roleAssignments", - "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.Compute/galleries/{0}', parameters('computeGalleryName'))]", - "name": "[guid(parameters('userAssignedIdentityPrincipalId'), variables('roleDefinitionId'), resourceId('Microsoft.Compute/galleries', parameters('computeGalleryName')))]", - "properties": { - "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', variables('roleDefinitionId'))]", - "principalId": "[parameters('userAssignedIdentityPrincipalId')]", - "principalType": "ServicePrincipal" - }, - "dependsOn": [ - "[resourceId('Microsoft.Compute/galleries', parameters('computeGalleryName'))]" - ] + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Resources/resourceGroups'), parameters('tags')['Microsoft.Resources/resourceGroups'], createObject()), parameters('mlzTags'))]" } ], "outputs": { - "computeGalleryResourceId": { + "id": { + "type": "string", + "value": "[subscriptionResourceId('Microsoft.Resources/resourceGroups', parameters('name'))]" + }, + "name": { + "type": "string", + "value": "[parameters('name')]" + }, + "location": { "type": "string", - "value": "[resourceId('Microsoft.Compute/galleries', parameters('computeGalleryName'))]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/resourceGroups', parameters('name')), '2019-05-01', 'full').location]" + }, + "tags": { + "type": "object", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/resourceGroups', parameters('name')), '2019-05-01', 'full').tags]" } } } }, "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('user-assigned-identity-{0}', parameters('deploymentNameSuffix')))]" + "[subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]" ] }, { - "copy": { - "name": "policyExemptions", - "count": "[length(range(0, length(parameters('exemptPolicyAssignmentIds'))))]" - }, - "condition": "[not(empty(parameters('exemptPolicyAssignmentIds')[0]))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('PolicyExemption_{0}', range(0, length(parameters('exemptPolicyAssignmentIds')))[copyIndex()])]", - "subscriptionId": "[parameters('subscriptionId')]", - "resourceGroup": "[parameters('resourceGroupName')]", + "name": "[format('deploy-networking-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))]", + "location": "[deployment().location]", "properties": { "expressionEvaluationOptions": { "scope": "inner" }, "mode": "Incremental", "parameters": { - "policyAssignmentId": { - "value": "[parameters('exemptPolicyAssignmentIds')[range(0, length(parameters('exemptPolicyAssignmentIds')))[copyIndex()]]]" + "additionalSubnets": { + "value": "[parameters('additionalSubnets')]" + }, + "deploymentNameSuffix": { + "value": "[parameters('deploymentNameSuffix')]" + }, + "deployNetworkWatcher": { + "value": "[parameters('deployNetworkWatcher')]" + }, + "firewallSkuTier": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('firewallResourceId'), '/')[2], split(parameters('firewallResourceId'), '/')[4]), 'Microsoft.Network/azureFirewalls', split(parameters('firewallResourceId'), '/')[8]), '2020-11-01').sku.tier]" + }, + "hubVirtualNetworkResourceId": { + "value": "[parameters('hubVirtualNetworkResourceId')]" + }, + "location": { + "value": "[parameters('location')]" + }, + "mlzTags": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.mlzTags.value]" + }, + "networkSecurityGroupName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value[0].namingConvention.networkSecurityGroup]" + }, + "networkSecurityGroupRules": { + "value": "[parameters('networkSecurityGroupRules')]" + }, + "networkWatcherName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value[0].namingConvention.networkWatcher]" + }, + "resourceGroupName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" + }, + "routeTableName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value[0].namingConvention.routeTable]" + }, + "routeTableRouteNextHopIpAddress": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('firewallResourceId'), '/')[2], split(parameters('firewallResourceId'), '/')[4]), 'Microsoft.Network/azureFirewalls', split(parameters('firewallResourceId'), '/')[8]), '2020-11-01').ipConfigurations[0].properties.privateIPAddress]" + }, + "subnetAddressPrefix": { + "value": "[parameters('subnetAddressPrefix')]" + }, + "subnetName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value[0].namingConvention.subnet]" + }, + "subscriptionId": { + "value": "[variables('subscriptionId')]" + }, + "tags": { + "value": "[parameters('tags')]" + }, + "virtualNetworkAddressPrefix": { + "value": "[parameters('virtualNetworkAddressPrefix')]" + }, + "virtualNetworkName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value[0].namingConvention.virtualNetwork]" + }, + "vNetDnsServers": { + "value": [ + "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('firewallResourceId'), '/')[2], split(parameters('firewallResourceId'), '/')[4]), 'Microsoft.Network/azureFirewalls', split(parameters('firewallResourceId'), '/')[8]), '2020-11-01').ipConfigurations[0].properties.privateIPAddress]" + ] + }, + "workloadName": { + "value": "[toLower(parameters('workloadName'))]" + }, + "workloadShortName": { + "value": "[parameters('workloadShortName')]" } }, "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "13573162316169096662" + "version": "0.27.1.19265", + "templateHash": "3012486009507231873" } }, "parameters": { - "policyAssignmentId": { + "additionalSubnets": { + "type": "array" + }, + "deploymentNameSuffix": { + "type": "string" + }, + "deployNetworkWatcher": { + "type": "bool" + }, + "firewallSkuTier": { + "type": "string" + }, + "hubVirtualNetworkResourceId": { + "type": "string" + }, + "location": { + "type": "string" + }, + "mlzTags": { + "type": "object" + }, + "networkSecurityGroupName": { + "type": "string" + }, + "networkSecurityGroupRules": { + "type": "array" + }, + "networkWatcherName": { + "type": "string" + }, + "resourceGroupName": { + "type": "string" + }, + "routeTableName": { + "type": "string" + }, + "routeTableRouteNextHopIpAddress": { + "type": "string" + }, + "subnetAddressPrefix": { + "type": "string" + }, + "subnetName": { + "type": "string" + }, + "subscriptionId": { + "type": "string" + }, + "tags": { + "type": "object" + }, + "vNetDnsServers": { + "type": "array" + }, + "virtualNetworkAddressPrefix": { + "type": "string" + }, + "virtualNetworkName": { + "type": "string" + }, + "workloadName": { + "type": "string" + }, + "workloadShortName": { "type": "string" } }, "resources": [ { - "type": "Microsoft.Authorization/policyExemptions", - "apiVersion": "2022-07-01-preview", - "name": "exempt-imaging-resource-group", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "spokeNetwork", + "location": "[deployment().location]", "properties": { - "assignmentScopeValidation": "Default", - "description": "Exempts the imaging resource group to prevent issues with building images.", - "displayName": "Imaging resource group", - "exemptionCategory": "Mitigated", - "expiresOn": null, - "metadata": null, - "policyAssignmentId": "[parameters('policyAssignmentId')]", - "policyDefinitionReferenceIds": [], - "resourceSelectors": [] - } - } - ] - } - } - } - ], - "outputs": { - "computeGalleryResourceId": { - "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('gallery-image-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.computeGalleryResourceId.value]" - }, - "userAssignedIdentityClientId": { - "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('user-assigned-identity-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.clientId.value]" - }, - "userAssignedIdentityPrincipalId": { - "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('user-assigned-identity-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.principalId.value]" - }, - "userAssignedIdentityResourceId": { - "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('user-assigned-identity-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.resourceId.value]" - } - } - } - }, - "dependsOn": [ - "[subscriptionResourceId('Microsoft.Resources/deployments', format('tier3-{0}', parameters('deploymentNameSuffix')))]" - ] - }, - { - "condition": "[parameters('enableBuildAutomation')]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('build-automation-{0}', parameters('deploymentNameSuffix'))]", - "location": "[deployment().location]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "actionGroupName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('tier3-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.network.value.actionGroupName]" - }, - "arcGisProInstaller": { - "value": "[parameters('arcGisProInstaller')]" - }, - "automationAccountName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('tier3-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.network.value.automationAccountName]" - }, - "automationAccountPrivateDnsZoneResourceId": { - "value": "[variables('automationAccountPrivateDnsZoneResourceId')]" - }, - "computeGalleryImageResourceId": { - "value": "[parameters('computeGalleryImageResourceId')]" - }, - "computeGalleryResourceId": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('baseline-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.computeGalleryResourceId.value]" - }, - "containerName": { - "value": "[parameters('containerName')]" - }, - "customizations": { - "value": "[parameters('customizations')]" - }, - "deploymentNameSuffix": { - "value": "[parameters('deploymentNameSuffix')]" - }, - "diskEncryptionSetResourceId": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('tier3-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.diskEncryptionSetResourceId.value]" - }, - "distributionGroup": { - "value": "[parameters('distributionGroup')]" - }, - "domainJoinPassword": { - "value": "[parameters('domainJoinPassword')]" - }, - "domainJoinUserPrincipalName": { - "value": "[parameters('domainJoinUserPrincipalName')]" - }, - "domainName": { - "value": "[parameters('domainName')]" - }, - "enableBuildAutomation": { - "value": "[parameters('enableBuildAutomation')]" - }, - "excludeFromLatest": { - "value": "[parameters('excludeFromLatest')]" - }, - "hybridUseBenefit": { - "value": "[parameters('hybridUseBenefit')]" - }, - "imageDefinitionName": { - "value": "[variables('imageDefinitionName')]" - }, - "imageMajorVersion": { - "value": "[parameters('imageMajorVersion')]" - }, - "imagePatchVersion": { - "value": "[parameters('imagePatchVersion')]" - }, - "imageVirtualMachineName": { - "value": "[replace(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('tier3-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.network.value.virtualMachineName, reference(subscriptionResourceId('Microsoft.Resources/deployments', format('tier3-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value.service, 'bd')]" - }, - "installAccess": { - "value": "[parameters('installAccess')]" - }, - "installArcGisPro": { - "value": "[parameters('installArcGisPro')]" - }, - "installExcel": { - "value": "[parameters('installExcel')]" - }, - "installOneDrive": { - "value": "[parameters('installOneDrive')]" - }, - "installOneNote": { - "value": "[parameters('installOneNote')]" - }, - "installOutlook": { - "value": "[parameters('installOutlook')]" - }, - "installPowerPoint": { - "value": "[parameters('installPowerPoint')]" - }, - "installProject": { - "value": "[parameters('installProject')]" - }, - "installPublisher": { - "value": "[parameters('installPublisher')]" - }, - "installSkypeForBusiness": { - "value": "[parameters('installSkypeForBusiness')]" - }, - "installTeams": { - "value": "[parameters('installTeams')]" - }, - "installUpdates": { - "value": "[parameters('installUpdates')]" - }, - "installVirtualDesktopOptimizationTool": { - "value": "[parameters('installVirtualDesktopOptimizationTool')]" - }, - "installVisio": { - "value": "[parameters('installVisio')]" - }, - "installWord": { - "value": "[parameters('installWord')]" - }, - "keyVaultName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('tier3-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.network.value.keyVaultName]" - }, - "keyVaultPrivateDnsZoneResourceId": { - "value": "[variables('keyVaultPrivateDnsZoneResourceId')]" - }, - "localAdministratorPassword": { - "value": "[parameters('localAdministratorPassword')]" - }, - "localAdministratorUsername": { - "value": "[parameters('localAdministratorUsername')]" - }, - "location": { - "value": "[parameters('location')]" - }, - "logAnalyticsWorkspaceResourceId": { - "value": "[parameters('logAnalyticsWorkspaceResourceId')]" - }, - "managementVirtualMachineName": { - "value": "[replace(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('tier3-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.network.value.virtualMachineName, reference(subscriptionResourceId('Microsoft.Resources/deployments', format('tier3-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value.service, 'mg')]" - }, - "marketplaceImageOffer": { - "value": "[parameters('marketplaceImageOffer')]" - }, - "marketplaceImagePublisher": { - "value": "[parameters('marketplaceImagePublisher')]" - }, - "marketplaceImageSKU": { - "value": "[parameters('marketplaceImageSKU')]" - }, - "msrdcwebrtcsvcInstaller": { - "value": "[parameters('msrdcwebrtcsvcInstaller')]" - }, - "officeInstaller": { - "value": "[parameters('officeInstaller')]" - }, - "oUPath": { - "value": "[parameters('oUPath')]" - }, - "replicaCount": { - "value": "[parameters('replicaCount')]" - }, - "resourceGroupName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('tier3-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.network.value.resourceGroupName]" - }, - "sourceImageType": { - "value": "[parameters('sourceImageType')]" - }, - "storageAccountResourceId": { - "value": "[parameters('storageAccountResourceId')]" - }, - "subnetResourceId": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('tier3-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.subnetResourceId.value]" - }, - "subscriptionId": { - "value": "[variables('subscriptionId')]" - }, - "tags": { - "value": "[variables('calculatedTags')]" - }, - "teamsInstaller": { - "value": "[parameters('teamsInstaller')]" - }, - "timeZone": { - "value": "[variables('locations')[parameters('location')].timeZone]" - }, - "updateService": { - "value": "[parameters('updateService')]" - }, - "userAssignedIdentityClientId": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('baseline-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.userAssignedIdentityClientId.value]" - }, - "userAssignedIdentityPrincipalId": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('baseline-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.userAssignedIdentityPrincipalId.value]" - }, - "userAssignedIdentityResourceId": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('baseline-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.userAssignedIdentityResourceId.value]" - }, - "vcRedistInstaller": { - "value": "[parameters('vcRedistInstaller')]" - }, - "vDOTInstaller": { - "value": "[parameters('vDOTInstaller')]" - }, - "virtualMachineSize": { - "value": "[parameters('virtualMachineSize')]" - }, - "wsusServer": { - "value": "[parameters('wsusServer')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "9040575151241198514" - } - }, - "parameters": { - "actionGroupName": { - "type": "string" - }, - "arcGisProInstaller": { - "type": "string" - }, - "automationAccountName": { - "type": "string" - }, - "automationAccountPrivateDnsZoneResourceId": { - "type": "string" - }, - "computeGalleryResourceId": { - "type": "string" - }, - "containerName": { - "type": "string" - }, - "customizations": { - "type": "array" - }, - "deploymentNameSuffix": { - "type": "string" - }, - "diskEncryptionSetResourceId": { - "type": "string" - }, - "distributionGroup": { - "type": "string" - }, - "domainJoinPassword": { - "type": "securestring" - }, - "domainJoinUserPrincipalName": { - "type": "string" - }, - "domainName": { - "type": "string" - }, - "enableBuildAutomation": { - "type": "bool" - }, - "excludeFromLatest": { - "type": "bool" - }, - "hybridUseBenefit": { - "type": "bool" - }, - "imageDefinitionName": { - "type": "string" - }, - "imageMajorVersion": { - "type": "int" - }, - "imagePatchVersion": { - "type": "int" - }, - "imageVirtualMachineName": { - "type": "string" - }, - "installAccess": { - "type": "bool" - }, - "installArcGisPro": { - "type": "bool" - }, - "installExcel": { - "type": "bool" - }, - "installOneDrive": { - "type": "bool" - }, - "installOneNote": { - "type": "bool" - }, - "installOutlook": { - "type": "bool" - }, - "installPowerPoint": { - "type": "bool" - }, - "installProject": { - "type": "bool" - }, - "installPublisher": { - "type": "bool" - }, - "installSkypeForBusiness": { - "type": "bool" - }, - "installTeams": { - "type": "bool" - }, - "installUpdates": { - "type": "bool" - }, - "installVirtualDesktopOptimizationTool": { - "type": "bool" - }, - "installVisio": { - "type": "bool" - }, - "installWord": { - "type": "bool" - }, - "keyVaultName": { - "type": "string" - }, - "keyVaultPrivateDnsZoneResourceId": { - "type": "string" - }, - "localAdministratorPassword": { - "type": "securestring" - }, - "localAdministratorUsername": { - "type": "string" - }, - "location": { - "type": "string" - }, - "logAnalyticsWorkspaceResourceId": { - "type": "string" - }, - "managementVirtualMachineName": { - "type": "string" - }, - "marketplaceImageOffer": { - "type": "string" - }, - "marketplaceImagePublisher": { - "type": "string" - }, - "marketplaceImageSKU": { - "type": "string" - }, - "msrdcwebrtcsvcInstaller": { - "type": "string" - }, - "officeInstaller": { - "type": "string" - }, - "oUPath": { - "type": "string" - }, - "replicaCount": { - "type": "int" - }, - "resourceGroupName": { - "type": "string" - }, - "computeGalleryImageResourceId": { - "type": "string" - }, - "sourceImageType": { - "type": "string" - }, - "storageAccountResourceId": { - "type": "string" - }, - "subnetResourceId": { - "type": "string" - }, - "subscriptionId": { - "type": "string" - }, - "tags": { - "type": "object" - }, - "teamsInstaller": { - "type": "string" - }, - "timeZone": { - "type": "string" - }, - "updateService": { - "type": "string" - }, - "userAssignedIdentityClientId": { - "type": "string" - }, - "userAssignedIdentityPrincipalId": { - "type": "string" - }, - "userAssignedIdentityResourceId": { - "type": "string" - }, - "vcRedistInstaller": { - "type": "string" - }, - "vDOTInstaller": { - "type": "string" - }, - "virtualMachineSize": { - "type": "string" - }, - "wsusServer": { - "type": "string" - } - }, - "resources": [ - { - "type": "Microsoft.Authorization/roleDefinitions", - "apiVersion": "2022-04-01", - "name": "[guid(subscription().id, 'KeyVaultDeployAction')]", - "properties": { - "roleName": "[format('KeyVaultDeployAction_{0}', subscription().subscriptionId)]", - "description": "Allows a principal to get but not view Key Vault secrets for ARM template deployments.", - "assignableScopes": [ - "[subscription().id]" - ], - "permissions": [ - { - "actions": [ - "Microsoft.KeyVault/vaults/deploy/action" - ] - } - ] - } - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('virtual-network-{0}', parameters('deploymentNameSuffix'))]", - "subscriptionId": "[split(parameters('subnetResourceId'), '/')[2]]", - "resourceGroup": "[split(parameters('subnetResourceId'), '/')[4]]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "principalId": { - "value": "[parameters('userAssignedIdentityPrincipalId')]" - }, - "virtualNetworkName": { - "value": "[split(parameters('subnetResourceId'), '/')[8]]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "3831662428877063007" - } - }, - "parameters": { - "principalId": { - "type": "string" - }, - "virtualNetworkName": { - "type": "string" - } - }, - "variables": { - "roleDefinitionId": "9980e02c-c2be-4d73-94e8-173b1dc7cf3c" - }, - "resources": [ - { - "type": "Microsoft.Authorization/roleAssignments", - "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.Network/virtualNetworks/{0}', parameters('virtualNetworkName'))]", - "name": "[guid(parameters('principalId'), variables('roleDefinitionId'), resourceId('Microsoft.Network/virtualNetworks', parameters('virtualNetworkName')))]", - "properties": { - "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', variables('roleDefinitionId'))]", - "principalId": "[parameters('principalId')]", - "principalType": "ServicePrincipal" - } - } - ] - } - } - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('key-vault-{0}', parameters('deploymentNameSuffix'))]", - "subscriptionId": "[parameters('subscriptionId')]", - "resourceGroup": "[parameters('resourceGroupName')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "domainJoinPassword": { - "value": "[parameters('domainJoinPassword')]" - }, - "domainJoinUserPrincipalName": { - "value": "[parameters('domainJoinUserPrincipalName')]" - }, - "keyVaultName": { - "value": "[parameters('keyVaultName')]" - }, - "keyVaultPrivateDnsZoneResourceId": { - "value": "[parameters('keyVaultPrivateDnsZoneResourceId')]" - }, - "localAdministratorPassword": { - "value": "[parameters('localAdministratorPassword')]" - }, - "localAdministratorUsername": { - "value": "[parameters('localAdministratorUsername')]" - }, - "location": { - "value": "[parameters('location')]" - }, - "roleDefinitionResourceId": { - "value": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', guid(subscription().id, 'KeyVaultDeployAction'))]" - }, - "subnetResourceId": { - "value": "[parameters('subnetResourceId')]" - }, - "tags": { - "value": "[parameters('tags')]" - }, - "userAssignedIdentityPrincipalId": { - "value": "[parameters('userAssignedIdentityPrincipalId')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "1379414864345021329" - } - }, - "parameters": { - "domainJoinPassword": { - "type": "securestring" - }, - "domainJoinUserPrincipalName": { - "type": "securestring" - }, - "keyVaultName": { - "type": "string" - }, - "keyVaultPrivateDnsZoneResourceId": { - "type": "string" - }, - "location": { - "type": "string" - }, - "localAdministratorPassword": { - "type": "securestring" - }, - "localAdministratorUsername": { - "type": "securestring" - }, - "roleDefinitionResourceId": { - "type": "string" - }, - "subnetResourceId": { - "type": "string" - }, - "tags": { - "type": "object" - }, - "userAssignedIdentityPrincipalId": { - "type": "string" - } - }, - "variables": { - "privateEndpointName": "[format('pe-{0}', parameters('keyVaultName'))]", - "Secrets": [ - { - "name": "DomainJoinPassword", - "value": "[parameters('domainJoinPassword')]" - }, - { - "name": "DomainJoinUserPrincipalName", - "value": "[parameters('domainJoinUserPrincipalName')]" - }, - { - "name": "LocalAdministratorPassword", - "value": "[parameters('localAdministratorPassword')]" - }, - { - "name": "LocalAdministratorUsername", - "value": "[parameters('localAdministratorUsername')]" - } - ] - }, - "resources": [ - { - "type": "Microsoft.KeyVault/vaults", - "apiVersion": "2021-10-01", - "name": "[parameters('keyVaultName')]", - "location": "[parameters('location')]", - "tags": "[if(contains(parameters('tags'), 'Microsoft.KeyVault/vaults'), parameters('tags')['Microsoft.KeyVault/vaults'], createObject())]", - "properties": { - "tenantId": "[subscription().tenantId]", - "sku": { - "family": "A", - "name": "standard" - }, - "enabledForDeployment": true, - "enabledForTemplateDeployment": true, - "enabledForDiskEncryption": false, - "enableRbacAuthorization": true, - "enableSoftDelete": false, - "networkAcls": { - "bypass": "AzureServices", - "defaultAction": "Deny", - "ipRules": [], - "virtualNetworkRules": [] + "expressionEvaluationOptions": { + "scope": "inner" }, - "publicNetworkAccess": "Disabled" - } - }, - { - "type": "Microsoft.Network/privateEndpoints", - "apiVersion": "2023-05-01", - "name": "[variables('privateEndpointName')]", - "location": "[parameters('location')]", - "tags": "[if(contains(parameters('tags'), 'Microsoft.Network/privateEndpoints'), parameters('tags')['Microsoft.Network/privateEndpoints'], createObject())]", - "properties": { - "privateLinkServiceConnections": [ - { - "name": "[variables('privateEndpointName')]", - "id": "[resourceId('Microsoft.Network/privateEndpoints/privateLinkServiceConnections', variables('privateEndpointName'), variables('privateEndpointName'))]", - "properties": { - "privateLinkServiceId": "[resourceId('Microsoft.KeyVault/vaults', parameters('keyVaultName'))]", - "groupIds": [ - "vault" - ] - } - } - ], - "customNetworkInterfaceName": "[format('nic-{0}', parameters('keyVaultName'))]", - "subnet": { - "id": "[parameters('subnetResourceId')]" - } - }, - "dependsOn": [ - "[resourceId('Microsoft.KeyVault/vaults', parameters('keyVaultName'))]" - ] - }, - { - "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups", - "apiVersion": "2023-05-01", - "name": "[format('{0}/{1}', variables('privateEndpointName'), 'default')]", - "properties": { - "privateDnsZoneConfigs": [ - { - "name": "privatelink-azure-automation-net", - "properties": { - "privateDnsZoneId": "[parameters('keyVaultPrivateDnsZoneResourceId')]" - } + "mode": "Incremental", + "parameters": { + "additionalSubnets": { + "value": "[parameters('additionalSubnets')]" + }, + "deployNetworkWatcher": { + "value": "[parameters('deployNetworkWatcher')]" + }, + "firewallSkuTier": { + "value": "[parameters('firewallSkuTier')]" + }, + "location": { + "value": "[parameters('location')]" + }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, + "networkSecurityGroupName": { + "value": "[parameters('networkSecurityGroupName')]" + }, + "networkSecurityGroupRules": { + "value": "[parameters('networkSecurityGroupRules')]" + }, + "networkWatcherName": { + "value": "[parameters('networkWatcherName')]" + }, + "resourceGroupName": { + "value": "[parameters('resourceGroupName')]" + }, + "routeTableName": { + "value": "[parameters('routeTableName')]" + }, + "routeTableRouteNextHopIpAddress": { + "value": "[parameters('routeTableRouteNextHopIpAddress')]" + }, + "subnetAddressPrefix": { + "value": "[parameters('subnetAddressPrefix')]" + }, + "subnetName": { + "value": "[parameters('subnetName')]" + }, + "subscriptionId": { + "value": "[parameters('subscriptionId')]" + }, + "tags": { + "value": "[parameters('tags')]" + }, + "virtualNetworkAddressPrefix": { + "value": "[parameters('virtualNetworkAddressPrefix')]" + }, + "virtualNetworkName": { + "value": "[parameters('virtualNetworkName')]" + }, + "vNetDnsServers": { + "value": "[parameters('vNetDnsServers')]" } - ] - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/privateEndpoints', variables('privateEndpointName'))]" - ] - }, - { - "copy": { - "name": "secrets", - "count": "[length(variables('Secrets'))]" - }, - "type": "Microsoft.KeyVault/vaults/secrets", - "apiVersion": "2021-10-01", - "name": "[format('{0}/{1}', parameters('keyVaultName'), variables('Secrets')[copyIndex()].name)]", - "tags": "[if(contains(parameters('tags'), 'Microsoft.KeyVault/vaults'), parameters('tags')['Microsoft.KeyVault/vaults'], createObject())]", - "properties": { - "value": "[variables('Secrets')[copyIndex()].value]" - }, - "dependsOn": [ - "[resourceId('Microsoft.KeyVault/vaults', parameters('keyVaultName'))]" - ] - }, - { - "type": "Microsoft.Authorization/roleAssignments", - "apiVersion": "2020-10-01-preview", - "scope": "[format('Microsoft.KeyVault/vaults/{0}', parameters('keyVaultName'))]", - "name": "[guid(parameters('userAssignedIdentityPrincipalId'), parameters('roleDefinitionResourceId'), resourceGroup().id)]", - "properties": { - "roleDefinitionId": "[parameters('roleDefinitionResourceId')]", - "principalId": "[parameters('userAssignedIdentityPrincipalId')]", - "principalType": "ServicePrincipal" - }, - "dependsOn": [ - "[resourceId('Microsoft.KeyVault/vaults', parameters('keyVaultName'))]" - ] - } - ], - "outputs": { - "resourceId": { - "type": "string", - "value": "[resourceId('Microsoft.KeyVault/vaults', parameters('keyVaultName'))]" - } - } - } - }, - "dependsOn": [ - "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', guid(subscription().id, 'KeyVaultDeployAction'))]" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('template-spec-{0}', parameters('deploymentNameSuffix'))]", - "subscriptionId": "[parameters('subscriptionId')]", - "resourceGroup": "[parameters('resourceGroupName')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "imageDefinitionName": { - "value": "[parameters('imageDefinitionName')]" - }, - "location": { - "value": "[parameters('location')]" - }, - "tags": { - "value": "[parameters('tags')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "247100698972349712" - } - }, - "parameters": { - "imageDefinitionName": { - "type": "string" - }, - "location": { - "type": "string" - }, - "tags": { - "type": "object" - } - }, - "variables": { - "$fxv#0": { - "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "9174134663226790442" - } - }, - "parameters": { - "arcGisProInstaller": { - "type": "string", - "defaultValue": "" - }, - "computeGalleryImageResourceId": { - "type": "string", - "defaultValue": "" - }, - "computeGalleryName": { - "type": "string" }, - "containerName": { - "type": "string" - }, - "customizations": { - "type": "array", - "defaultValue": [] - }, - "deploymentNameSuffix": { - "type": "string", - "defaultValue": "[[utcNow('yyMMddHHs')]" - }, - "diskEncryptionSetResourceId": { - "type": "string" - }, - "enableBuildAutomation": { - "type": "bool", - "defaultValue": false - }, - "excludeFromLatest": { - "type": "bool", - "defaultValue": true - }, - "hybridUseBenefit": { - "type": "bool", - "defaultValue": false - }, - "imageDefinitionName": { - "type": "string" - }, - "imageMajorVersion": { - "type": "int" - }, - "imagePatchVersion": { - "type": "int" - }, - "imageVirtualMachineName": { - "type": "string" - }, - "installAccess": { - "type": "bool", - "defaultValue": false - }, - "installArcGisPro": { - "type": "bool", - "defaultValue": false - }, - "installExcel": { - "type": "bool", - "defaultValue": false - }, - "installOneDrive": { - "type": "bool", - "defaultValue": false - }, - "installOneNote": { - "type": "bool", - "defaultValue": false - }, - "installOutlook": { - "type": "bool", - "defaultValue": false - }, - "installPowerPoint": { - "type": "bool", - "defaultValue": false - }, - "installProject": { - "type": "bool", - "defaultValue": false - }, - "installPublisher": { - "type": "bool", - "defaultValue": false - }, - "installSkypeForBusiness": { - "type": "bool", - "defaultValue": false - }, - "installTeams": { - "type": "bool", - "defaultValue": false - }, - "installUpdates": { - "type": "bool", - "defaultValue": false - }, - "installVirtualDesktopOptimizationTool": { - "type": "bool", - "defaultValue": false - }, - "installVisio": { - "type": "bool", - "defaultValue": false - }, - "installWord": { - "type": "bool", - "defaultValue": false - }, - "keyVaultName": { - "type": "string" - }, - "localAdministratorPassword": { - "type": "securestring", - "defaultValue": "" - }, - "localAdministratorUsername": { - "type": "securestring", - "defaultValue": "" - }, - "location": { - "type": "string", - "defaultValue": "[[deployment().location]" - }, - "managementVirtualMachineName": { - "type": "string" - }, - "marketplaceImageOffer": { - "type": "string" - }, - "marketplaceImagePublisher": { - "type": "string" - }, - "marketplaceImageSKU": { - "type": "string" - }, - "msrdcwebrtcsvcInstaller": { - "type": "string", - "defaultValue": "" - }, - "officeInstaller": { - "type": "string", - "defaultValue": "" - }, - "replicaCount": { - "type": "int", - "defaultValue": 1 - }, - "resourceGroupName": { - "type": "string" - }, - "runbookExecution": { - "type": "bool", - "defaultValue": false - }, - "sourceImageType": { - "type": "string", - "defaultValue": "AzureMarketplace" - }, - "storageAccountResourceId": { - "type": "string" - }, - "subnetResourceId": { - "type": "string" - }, - "tags": { - "type": "object", - "defaultValue": {} - }, - "teamsInstaller": { - "type": "string", - "defaultValue": "" - }, - "updateService": { - "type": "string", - "defaultValue": "MicrosoftUpdate" - }, - "userAssignedIdentityClientId": { - "type": "string" - }, - "userAssignedIdentityPrincipalId": { - "type": "string" - }, - "userAssignedIdentityResourceId": { - "type": "string" - }, - "vcRedistInstaller": { - "type": "string", - "defaultValue": "" - }, - "vDOTInstaller": { - "type": "string", - "defaultValue": "" - }, - "virtualMachineSize": { - "type": "string" - }, - "wsusServer": { - "type": "string", - "defaultValue": "" - } - }, - "variables": { - "autoImageVersion": "[[format('{0}.{1}.{2}', parameters('imageMajorVersion'), variables('imageSuffix'), parameters('imagePatchVersion'))]", - "imageSuffix": "[[take(parameters('deploymentNameSuffix'), 9)]", - "storageAccountName": "[[split(parameters('storageAccountResourceId'), '/')[8]]", - "storageEndpoint": "[[environment().suffixes.storage]", - "subscriptionId": "[[subscription().subscriptionId]" - }, - "resources": [ - { - "condition": "[[not(parameters('enableBuildAutomation'))]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[[format('management-vm-{0}', parameters('deploymentNameSuffix'))]", - "subscriptionId": "[[variables('subscriptionId')]", - "resourceGroup": "[[parameters('resourceGroupName')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" + "template": { + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "4742978871908330688" + } + }, + "parameters": { + "additionalSubnets": { + "type": "array", + "defaultValue": [] }, - "mode": "Incremental", - "parameters": { - "containerName": { - "value": "[[parameters('containerName')]" - }, - "diskEncryptionSetResourceId": { - "value": "[[parameters('diskEncryptionSetResourceId')]" - }, - "hybridUseBenefit": { - "value": "[[parameters('hybridUseBenefit')]" - }, - "localAdministratorPassword": { - "value": "[[parameters('localAdministratorPassword')]" - }, - "localAdministratorUsername": { - "value": "[[parameters('localAdministratorUsername')]" - }, - "location": { - "value": "[[parameters('location')]" - }, - "storageAccountName": { - "value": "[[split(parameters('storageAccountResourceId'), '/')[8]]" - }, - "subnetResourceId": { - "value": "[[parameters('subnetResourceId')]" - }, - "tags": { - "value": "[[parameters('tags')]" - }, - "userAssignedIdentityPrincipalId": { - "value": "[[parameters('userAssignedIdentityPrincipalId')]" - }, - "userAssignedIdentityResourceId": { - "value": "[[parameters('userAssignedIdentityResourceId')]" - }, - "virtualMachineName": { - "value": "[[parameters('managementVirtualMachineName')]" - } + "deployNetworkWatcher": { + "type": "bool" }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "12968919444807468891" - } - }, - "parameters": { - "containerName": { - "type": "string" - }, - "diskEncryptionSetResourceId": { - "type": "string" - }, - "hybridUseBenefit": { - "type": "bool" - }, - "localAdministratorPassword": { - "type": "securestring" - }, - "localAdministratorUsername": { - "type": "securestring" - }, - "location": { - "type": "string" - }, - "storageAccountName": { - "type": "string" - }, - "subnetResourceId": { - "type": "string" - }, - "tags": { - "type": "object" - }, - "userAssignedIdentityPrincipalId": { - "type": "string" - }, - "userAssignedIdentityResourceId": { - "type": "string" - }, - "virtualMachineName": { - "type": "string" - } - }, - "resources": [ - { - "type": "Microsoft.Network/networkInterfaces", - "apiVersion": "2023-04-01", - "name": "[[format('nic-{0}', parameters('virtualMachineName'))]", - "location": "[[parameters('location')]", - "tags": "[[if(contains(parameters('tags'), 'Microsoft.Network/networkInterfaces'), parameters('tags')['Microsoft.Network/networkInterfaces'], createObject())]", - "properties": { - "ipConfigurations": [ - { - "name": "ipconfig", - "properties": { - "privateIPAllocationMethod": "Dynamic", - "subnet": { - "id": "[[parameters('subnetResourceId')]" - }, - "primary": true, - "privateIPAddressVersion": "IPv4" - } - } - ], - "enableAcceleratedNetworking": true, - "enableIPForwarding": false - } - }, - { - "type": "Microsoft.Compute/virtualMachines", - "apiVersion": "2022-03-01", - "name": "[[parameters('virtualMachineName')]", - "location": "[[parameters('location')]", - "tags": "[[if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), parameters('tags')['Microsoft.Compute/virtualMachines'], createObject())]", - "identity": { - "type": "UserAssigned", - "userAssignedIdentities": { - "[[format('{0}', parameters('userAssignedIdentityResourceId'))]": {} - } - }, - "properties": { - "hardwareProfile": { - "vmSize": "Standard_D2s_v3" - }, - "osProfile": { - "computerName": "[[parameters('virtualMachineName')]", - "adminUsername": "[[parameters('localAdministratorUsername')]", - "adminPassword": "[[parameters('localAdministratorPassword')]", - "windowsConfiguration": { - "provisionVMAgent": true, - "enableAutomaticUpdates": true, - "patchSettings": { - "patchMode": "AutomaticByOS", - "assessmentMode": "ImageDefault" - } - } - }, - "storageProfile": { - "imageReference": { - "publisher": "MicrosoftWindowsServer", - "offer": "WindowsServer", - "sku": "2019-datacenter-core-g2", - "version": "latest" - }, - "osDisk": { - "caching": "ReadWrite", - "createOption": "FromImage", - "deleteOption": "Delete", - "managedDisk": { - "diskEncryptionSet": { - "id": "[[parameters('diskEncryptionSetResourceId')]" - }, - "storageAccountType": "Premium_LRS" - }, - "name": "[[format('disk-{0}', parameters('virtualMachineName'))]", - "osType": "Windows" - } - }, - "networkProfile": { - "networkInterfaces": [ - { - "id": "[[resourceId('Microsoft.Network/networkInterfaces', format('nic-{0}', parameters('virtualMachineName')))]", - "properties": { - "deleteOption": "Delete" - } - } - ] - }, - "diagnosticsProfile": { - "bootDiagnostics": { - "enabled": false - } - }, - "securityProfile": { - "encryptionAtHost": true, - "uefiSettings": { - "secureBootEnabled": true, - "vTpmEnabled": true - }, - "securityType": "TrustedLaunch" - }, - "licenseType": "[[if(parameters('hybridUseBenefit'), 'Windows_Server', null())]" - }, - "dependsOn": [ - "[[resourceId('Microsoft.Network/networkInterfaces', format('nic-{0}', parameters('virtualMachineName')))]" - ] - }, + "firewallSkuTier": { + "type": "string" + }, + "location": { + "type": "string" + }, + "mlzTags": { + "type": "object" + }, + "networkSecurityGroupName": { + "type": "string" + }, + "networkSecurityGroupRules": { + "type": "array" + }, + "networkWatcherName": { + "type": "string" + }, + "resourceGroupName": { + "type": "string" + }, + "routeTableName": { + "type": "string" + }, + "routeTableRouteNextHopIpAddress": { + "type": "string" + }, + "subnetAddressPrefix": { + "type": "string" + }, + "subnetName": { + "type": "string" + }, + "subscriptionId": { + "type": "string" + }, + "tags": { + "type": "object" + }, + "virtualNetworkAddressPrefix": { + "type": "string" + }, + "virtualNetworkName": { + "type": "string" + }, + "vNetDnsServers": { + "type": "array" + } + }, + "variables": { + "delegations": { + "AzureNetAppFiles": [ { - "type": "Microsoft.Compute/virtualMachines/runCommands", - "apiVersion": "2023-03-01", - "name": "[[format('{0}/{1}', parameters('virtualMachineName'), 'appAzModules')]", - "location": "[[parameters('location')]", - "tags": "[[if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), parameters('tags')['Microsoft.Compute/virtualMachines'], createObject())]", + "name": "Microsoft.Netapp.volumes", + "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets/delegations', parameters('virtualNetworkName'), 'AzureNetAppFiles', 'Microsoft.Netapp.volumes')]", "properties": { - "treatFailureAsDeploymentFailure": true, - "asyncExecution": false, - "parameters": [ - { - "name": "ContainerName", - "value": "[[parameters('containerName')]" - }, - { - "name": "StorageAccountName", - "value": "[[parameters('storageAccountName')]" - }, - { - "name": "StorageEndpoint", - "value": "[[environment().suffixes.storage]" - }, - { - "name": "UserAssignedIdentityObjectId", - "value": "[[parameters('userAssignedIdentityPrincipalId')]" - } - ], - "source": { - "script": " param(\r\n [string]$ContainerName,\r\n [string]$StorageAccountName,\r\n [string]$StorageEndpoint,\r\n [string]$UserAssignedIdentityObjectId\r\n )\r\n $ErrorActionPreference = \"Stop\"\r\n $StorageAccountUrl = \"https://\" + $StorageAccountName + \".blob.\" + $StorageEndpoint + \"/\"\r\n $TokenUri = \"http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=$StorageAccountUrl&object_id=$UserAssignedIdentityObjectId\"\r\n $AccessToken = ((Invoke-WebRequest -Headers @{Metadata=$true} -Uri $TokenUri -UseBasicParsing).Content | ConvertFrom-Json).access_token\r\n $BlobNames = @('az.accounts.2.12.1.nupkg','az.automation.1.9.0.nupkg','az.compute.5.7.0.nupkg','az.resources.6.6.0.nupkg')\r\n foreach($BlobName in $BlobNames)\r\n {\r\n do\r\n {\r\n try\r\n {\r\n Write-Output \"Download Attempt $i\"\r\n Invoke-WebRequest -Headers @{\"x-ms-version\"=\"2017-11-09\"; Authorization =\"Bearer $AccessToken\"} -Uri \"$StorageAccountUrl$ContainerName/$BlobName\" -OutFile \"$env:windir\\temp\\$BlobName\"\r\n }\r\n catch [System.Net.WebException]\r\n {\r\n Start-Sleep -Seconds 60\r\n $i++\r\n if($i -gt 10){throw}\r\n continue\r\n }\r\n catch\r\n {\r\n $Output = $_ | select *\r\n Write-Output $Output\r\n throw\r\n }\r\n }\r\n until(Test-Path -Path $env:windir\\temp\\$BlobName)\r\n Start-Sleep -Seconds 5\r\n Unblock-File -Path $env:windir\\temp\\$BlobName\r\n $BlobZipName = $Blobname.Replace('nupkg','zip')\r\n Rename-Item -Path $env:windir\\temp\\$BlobName -NewName $BlobZipName\r\n $BlobNameArray = $BlobName.Split('.')\r\n $ModuleFolderName = $BlobNameArray[0] + '.' + $BlobNameArray[1]\r\n $VersionFolderName = $BlobNameArray[2] + '.' + $BlobNameArray[3]+ '.' + $BlobNameArray[4]\r\n $ModulesDirectory = \"C:\\Program Files\\WindowsPowerShell\\Modules\"\r\n New-Item -Path $ModulesDirectory -Name $ModuleFolderName -ItemType \"Directory\" -Force\r\n Expand-Archive -Path $env:windir\\temp\\$BlobZipName -DestinationPath \"$ModulesDirectory\\$ModuleFolderName\\$VersionFolderName\" -Force\r\n Remove-Item -Path \"$ModulesDirectory\\$ModuleFolderName\\$VersionFolderName\\_rels\" -Force -Recurse\r\n Remove-Item -Path \"$ModulesDirectory\\$ModuleFolderName\\$VersionFolderName\\package\" -Force -Recurse\r\n Remove-Item -LiteralPath \"$ModulesDirectory\\$ModuleFolderName\\$VersionFolderName\\[Content_Types].xml\" -Force\r\n Remove-Item -Path \"$ModulesDirectory\\$ModuleFolderName\\$VersionFolderName\\$ModuleFolderName.nuspec\" -Force\r\n }\r\n Remove-Item -Path \"$env:windir\\temp\\az*\" -Force\r\n " - } + "serviceName": "Microsoft.Netapp/volumes" }, - "dependsOn": [ - "[[resourceId('Microsoft.Compute/virtualMachines', parameters('virtualMachineName'))]" - ] - } - ], - "outputs": { - "name": { - "type": "string", - "value": "[[parameters('virtualMachineName')]" + "type": "Microsoft.Network/virtualNetworks/subnets/delegations" } - } - } - } - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[[format('image-vm-{0}', parameters('deploymentNameSuffix'))]", - "subscriptionId": "[[variables('subscriptionId')]", - "resourceGroup": "[[parameters('resourceGroupName')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "localAdministratorPassword": "[[if(parameters('runbookExecution'), createObject('reference', createObject('keyVault', createObject('id', extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.KeyVault/vaults', parameters('keyVaultName'))), 'secretName', 'LocalAdministratorPassword')), createObject('value', parameters('localAdministratorPassword')))]", - "localAdministratorUsername": "[[if(parameters('runbookExecution'), createObject('reference', createObject('keyVault', createObject('id', extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.KeyVault/vaults', parameters('keyVaultName'))), 'secretName', 'LocalAdministratorUsername')), createObject('value', parameters('localAdministratorUsername')))]", - "location": { - "value": "[[parameters('location')]" - }, - "marketplaceImageOffer": { - "value": "[[parameters('marketplaceImageOffer')]" - }, - "marketplaceImagePublisher": { - "value": "[[parameters('marketplaceImagePublisher')]" - }, - "marketplaceImageSKU": { - "value": "[[parameters('marketplaceImageSKU')]" - }, - "computeGalleryImageResourceId": { - "value": "[[parameters('computeGalleryImageResourceId')]" - }, - "sourceImageType": { - "value": "[[parameters('sourceImageType')]" - }, - "subnetResourceId": { - "value": "[[parameters('subnetResourceId')]" - }, - "tags": { - "value": "[[parameters('tags')]" - }, - "userAssignedIdentityResourceId": { - "value": "[[parameters('userAssignedIdentityResourceId')]" - }, - "virtualMachineName": { - "value": "[[parameters('imageVirtualMachineName')]" - }, - "virtualMachineSize": { - "value": "[[parameters('virtualMachineSize')]" - } + ] }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "3416440754020274895" - } - }, - "parameters": { - "localAdministratorPassword": { - "type": "securestring" - }, - "localAdministratorUsername": { - "type": "securestring" - }, - "location": { - "type": "string" - }, - "marketplaceImageOffer": { - "type": "string" - }, - "marketplaceImagePublisher": { - "type": "string" - }, - "marketplaceImageSKU": { - "type": "string" - }, - "computeGalleryImageResourceId": { - "type": "string" - }, - "sourceImageType": { - "type": "string" - }, - "subnetResourceId": { - "type": "string" - }, - "tags": { - "type": "object" - }, - "userAssignedIdentityResourceId": { - "type": "string" - }, - "virtualMachineName": { - "type": "string" + "subnets": "[union(createArray(createObject('name', parameters('subnetName'), 'properties', createObject('addressPrefix', parameters('subnetAddressPrefix')))), parameters('additionalSubnets'))]" + }, + "resources": [ + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "networkSecurityGroup", + "subscriptionId": "[parameters('subscriptionId')]", + "resourceGroup": "[parameters('resourceGroupName')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" }, - "virtualMachineSize": { - "type": "string" - } - }, - "variables": { - "imageReference": "[[if(equals(parameters('sourceImageType'), 'AzureComputeGallery'), createObject('id', parameters('computeGalleryImageResourceId')), createObject('publisher', parameters('marketplaceImagePublisher'), 'offer', parameters('marketplaceImageOffer'), 'sku', parameters('marketplaceImageSKU'), 'version', 'latest'))]" - }, - "resources": [ - { - "type": "Microsoft.Network/networkInterfaces", - "apiVersion": "2022-05-01", - "name": "[[format('nic-{0}', parameters('virtualMachineName'))]", - "location": "[[parameters('location')]", - "tags": "[[if(contains(parameters('tags'), 'Microsoft.Network/networkInterfaces'), parameters('tags')['Microsoft.Network/networkInterfaces'], createObject())]", - "properties": { - "ipConfigurations": [ - { - "name": "ipconfig1", - "properties": { - "privateIPAllocationMethod": "Dynamic", - "subnet": { - "id": "[[parameters('subnetResourceId')]" - } - } - } - ] + "mode": "Incremental", + "parameters": { + "location": { + "value": "[parameters('location')]" + }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, + "name": { + "value": "[parameters('networkSecurityGroupName')]" + }, + "securityRules": { + "value": "[parameters('networkSecurityGroupRules')]" + }, + "tags": { + "value": "[parameters('tags')]" } }, - { - "type": "Microsoft.Compute/virtualMachines", - "apiVersion": "2022-03-01", - "name": "[[parameters('virtualMachineName')]", - "location": "[[parameters('location')]", - "tags": "[[if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), parameters('tags')['Microsoft.Compute/virtualMachines'], createObject())]", - "identity": { - "type": "UserAssigned", - "userAssignedIdentities": { - "[[format('{0}', parameters('userAssignedIdentityResourceId'))]": {} + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "12935581119437417634" } }, - "properties": { - "hardwareProfile": { - "vmSize": "[[parameters('virtualMachineSize')]" + "parameters": { + "location": { + "type": "string" }, - "osProfile": { - "computerName": "[[parameters('virtualMachineName')]", - "adminUsername": "[[parameters('localAdministratorUsername')]", - "adminPassword": "[[parameters('localAdministratorPassword')]" + "mlzTags": { + "type": "object" }, - "storageProfile": { - "imageReference": "[[variables('imageReference')]", - "osDisk": { - "createOption": "FromImage", - "deleteOption": "Delete", - "managedDisk": { - "storageAccountType": "StandardSSD_LRS" - }, - "name": "[[format('disk-{0}', parameters('virtualMachineName'))]" - } + "name": { + "type": "string" }, - "networkProfile": { - "networkInterfaces": [ - { - "id": "[[resourceId('Microsoft.Network/networkInterfaces', format('nic-{0}', parameters('virtualMachineName')))]", - "properties": { - "deleteOption": "Delete" - } - } - ] + "securityRules": { + "type": "array" }, - "diagnosticsProfile": { - "bootDiagnostics": { - "enabled": false + "tags": { + "type": "object" + } + }, + "resources": [ + { + "type": "Microsoft.Network/networkSecurityGroups", + "apiVersion": "2021-02-01", + "name": "[parameters('name')]", + "location": "[parameters('location')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Network/networkSecurityGroups'), parameters('tags')['Microsoft.Network/networkSecurityGroups'], createObject()), parameters('mlzTags'))]", + "properties": { + "securityRules": "[parameters('securityRules')]" } + } + ], + "outputs": { + "id": { + "type": "string", + "value": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('name'))]" }, - "securityProfile": { - "uefiSettings": { - "secureBootEnabled": true, - "vTpmEnabled": true - }, - "securityType": "TrustedLaunch" + "name": { + "type": "string", + "value": "[parameters('name')]" } - }, - "dependsOn": [ - "[[resourceId('Microsoft.Network/networkInterfaces', format('nic-{0}', parameters('virtualMachineName')))]" - ] - } - ], - "outputs": { - "name": { - "type": "string", - "value": "[[parameters('virtualMachineName')]" - }, - "resourceId": { - "type": "string", - "value": "[[resourceId('Microsoft.Compute/virtualMachines', parameters('virtualMachineName'))]" + } } } - } - } - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[[format('customizations-{0}', parameters('deploymentNameSuffix'))]", - "subscriptionId": "[[variables('subscriptionId')]", - "resourceGroup": "[[parameters('resourceGroupName')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "arcGisProInstaller": { - "value": "[[parameters('arcGisProInstaller')]" - }, - "containerName": { - "value": "[[parameters('containerName')]" - }, - "customizations": { - "value": "[[parameters('customizations')]" - }, - "installAccess": { - "value": "[[parameters('installAccess')]" - }, - "installArcGisPro": { - "value": "[[parameters('installArcGisPro')]" - }, - "installExcel": { - "value": "[[parameters('installExcel')]" - }, - "installOneDrive": { - "value": "[[parameters('installOneDrive')]" - }, - "installOneNote": { - "value": "[[parameters('installOneNote')]" - }, - "installOutlook": { - "value": "[[parameters('installOutlook')]" - }, - "installPowerPoint": { - "value": "[[parameters('installPowerPoint')]" - }, - "installProject": { - "value": "[[parameters('installProject')]" - }, - "installPublisher": { - "value": "[[parameters('installPublisher')]" - }, - "installSkypeForBusiness": { - "value": "[[parameters('installSkypeForBusiness')]" - }, - "installTeams": { - "value": "[[parameters('installTeams')]" - }, - "installVirtualDesktopOptimizationTool": { - "value": "[[parameters('installVirtualDesktopOptimizationTool')]" - }, - "installVisio": { - "value": "[[parameters('installVisio')]" - }, - "installWord": { - "value": "[[parameters('installWord')]" - }, - "location": { - "value": "[[parameters('location')]" - }, - "msrdcwebrtcsvcInstaller": { - "value": "[[parameters('msrdcwebrtcsvcInstaller')]" - }, - "officeInstaller": { - "value": "[[parameters('officeInstaller')]" - }, - "storageAccountName": { - "value": "[[variables('storageAccountName')]" - }, - "storageEndpoint": { - "value": "[[variables('storageEndpoint')]" - }, - "tags": { - "value": "[[parameters('tags')]" - }, - "teamsInstaller": { - "value": "[[parameters('teamsInstaller')]" - }, - "userAssignedIdentityObjectId": { - "value": "[[parameters('userAssignedIdentityPrincipalId')]" - }, - "vcRedistInstaller": { - "value": "[[parameters('vcRedistInstaller')]" - }, - "vDotInstaller": { - "value": "[[parameters('vDOTInstaller')]" - }, - "virtualMachineName": { - "value": "[[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('image-vm-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" - } }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "10008712211219806019" - } - }, - "parameters": { - "arcGisProInstaller": { - "type": "string" - }, - "containerName": { - "type": "string" - }, - "customizations": { - "type": "array" - }, - "installAccess": { - "type": "bool" - }, - "installArcGisPro": { - "type": "bool" - }, - "installExcel": { - "type": "bool" - }, - "installOneDrive": { - "type": "bool" - }, - "installOneNote": { - "type": "bool" - }, - "installOutlook": { - "type": "bool" - }, - "installPowerPoint": { - "type": "bool" - }, - "installProject": { - "type": "bool" - }, - "installPublisher": { - "type": "bool" - }, - "installSkypeForBusiness": { - "type": "bool" - }, - "installTeams": { - "type": "bool" - }, - "installVirtualDesktopOptimizationTool": { - "type": "bool" - }, - "installVisio": { - "type": "bool" - }, - "installWord": { - "type": "bool" - }, - "location": { - "type": "string" - }, - "msrdcwebrtcsvcInstaller": { - "type": "string" - }, - "officeInstaller": { - "type": "string" - }, - "storageAccountName": { - "type": "string" - }, - "storageEndpoint": { - "type": "string" - }, - "tags": { - "type": "object" - }, - "teamsInstaller": { - "type": "string" - }, - "userAssignedIdentityObjectId": { - "type": "string" - }, - "vcRedistInstaller": { - "type": "string" - }, - "vDotInstaller": { - "type": "string" + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "routeTable", + "subscriptionId": "[parameters('subscriptionId')]", + "resourceGroup": "[parameters('resourceGroupName')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" }, - "virtualMachineName": { - "type": "string" - } - }, - "variables": { - "installAccessVar": "[[format('{0}installAccess', parameters('installAccess'))]", - "installers": "[[parameters('customizations')]", - "installExcelVar": "[[format('{0}installWord', parameters('installExcel'))]", - "installOneDriveVar": "[[format('{0}installOneDrive', parameters('installOneDrive'))]", - "installOneNoteVar": "[[format('{0}installOneNote', parameters('installOneNote'))]", - "installOutlookVar": "[[format('{0}installOutlook', parameters('installOutlook'))]", - "installPowerPointVar": "[[format('{0}installPowerPoint', parameters('installPowerPoint'))]", - "installProjectVar": "[[format('{0}installProject', parameters('installProject'))]", - "installPublisherVar": "[[format('{0}installPublisher', parameters('installPublisher'))]", - "installSkypeForBusinessVar": "[[format('{0}installSkypeForBusiness', parameters('installSkypeForBusiness'))]", - "installVisioVar": "[[format('{0}installVisio', parameters('installVisio'))]", - "installWordVar": "[[format('{0}installWord', parameters('installWord'))]" - }, - "resources": [ - { - "[string('copy')]": { - "name": "applications", - "count": "[[length(variables('installers'))]", - "mode": "serial", - "batchSize": 1 + "mode": "Incremental", + "parameters": { + "disableBgpRoutePropagation": { + "value": true }, - "type": "Microsoft.Compute/virtualMachines/runCommands", - "apiVersion": "2023-03-01", - "name": "[[format('{0}/{1}', parameters('virtualMachineName'), format('app-{0}', variables('installers')[copyIndex()].name))]", - "location": "[[parameters('location')]", - "tags": "[[if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), parameters('tags')['Microsoft.Compute/virtualMachines'], createObject())]", - "properties": { - "treatFailureAsDeploymentFailure": true, - "asyncExecution": false, - "parameters": [ - { - "name": "UserAssignedIdentityObjectId", - "value": "[[parameters('userAssignedIdentityObjectId')]" - }, - { - "name": "StorageAccountName", - "value": "[[parameters('storageAccountName')]" - }, - { - "name": "ContainerName", - "value": "[[parameters('containerName')]" - }, - { - "name": "StorageEndpoint", - "value": "[[parameters('storageEndpoint')]" - }, - { - "name": "Blobname", - "value": "[[variables('installers')[copyIndex()].blobName]" - }, - { - "name": "Installer", - "value": "[[variables('installers')[copyIndex()].name]" - }, - { - "name": "Arguments", - "value": "[[variables('installers')[copyIndex()].arguments]" - } - ], - "source": { - "script": " param(\r\n [string]$UserAssignedIdentityObjectId,\r\n [string]$StorageAccountName,\r\n [string]$ContainerName,\r\n [string]$StorageEndpoint,\r\n [string]$BlobName,\r\n [string]$Installer,\r\n [string]$Arguments\r\n )\r\n $ErrorActionPreference = 'Stop'\r\n $WarningPreference = 'SilentlyContinue'\r\n $StorageAccountUrl = \"https://\" + $StorageAccountName + \".blob.\" + $StorageEndpoint + \"/\"\r\n $TokenUri = \"http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=$StorageAccountUrl&object_id=$UserAssignedIdentityObjectId\"\r\n $AccessToken = ((Invoke-WebRequest -Headers @{Metadata=$true} -Uri $TokenUri -UseBasicParsing).Content | ConvertFrom-Json).access_token\r\n New-Item -Path $env:windir\\temp -Name $Installer -ItemType \"directory\" -Force\r\n New-Item -Path $env:windir\\temp\\$Installer -Name 'Files' -ItemType \"directory\" -Force\r\n #Invoking WebClient to download blobs because it is more efficient than Invoke-WebRequest for large files.\r\n $WebClient = New-Object System.Net.WebClient\r\n $WebClient.Headers.Add('x-ms-version', '2017-11-09')\r\n $webClient.Headers.Add(\"Authorization\", \"Bearer $AccessToken\")\r\n $webClient.DownloadFile(\"$StorageAccountUrl$ContainerName/$BlobName\", \"$env:windir\\temp\\$Installer\\Files\\$Blobname\")\r\n Start-Sleep -Seconds 30\r\n Set-Location -Path $env:windir\\temp\\$Installer\r\n if($Blobname -like (\"*.exe\"))\r\n {\r\n Start-Process -FilePath $env:windir\\temp\\$Installer\\Files\\$Blobname -ArgumentList $Arguments -NoNewWindow -Wait -PassThru\r\n $status = Get-WmiObject -Class Win32_Product | Where-Object Name -like \"*$($installer)*\"\r\n if($status)\r\n {\r\n Write-Host $status.Name \"is installed\"\r\n }\r\n else\r\n {\r\n Write-host $Installer \"did not install properly, please check arguments\"\r\n }\r\n }\r\n if($Blobname -like (\"*.msi\"))\r\n {\r\n Set-Location -Path $env:windir\\temp\\$Installer\\Files\r\n Start-Process -FilePath msiexec.exe -ArgumentList $Arguments -Wait\r\n $status = Get-WmiObject -Class Win32_Product | Where-Object Name -like \"*$($installer)*\"\r\n if($status)\r\n {\r\n Write-Host $status.Name \"is installed\"\r\n }\r\n else\r\n {\r\n Write-host $Installer \"did not install properly, please check arguments\"\r\n }\r\n }\r\n if($Blobname -like (\"*.bat\"))\r\n {\r\n Start-Process -FilePath cmd.exe -ArgumentList $env:windir\\temp\\$Installer\\Files\\$Arguments -Wait\r\n }\r\n if($Blobname -like (\"*.ps1\"))\r\n {\r\n Start-Process -FilePath PowerShell.exe -ArgumentList $env:windir\\temp\\$Installer\\Files\\$Arguments -Wait\r\n }\r\n if($Blobname -like (\"*.zip\"))\r\n {\r\n Set-Location -Path $env:windir\\temp\\$Installer\\Files\r\n Expand-Archive -Path $env:windir\\temp\\$Installer\\Files\\$Blobname -DestinationPath $env:windir\\temp\\$Installer\\Files -Force\r\n Remove-Item -Path .\\$Blobname -Force -Recurse\r\n }\r\n Write-Host \"Removing $Installer Files\"\r\n Remove-item $env:windir\\temp\\$Installer -Force -Recurse -Confirm:$false\r\n " - } + "location": { + "value": "[parameters('location')]" + }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, + "name": { + "value": "[parameters('routeTableName')]" + }, + "routeNextHopIpAddress": { + "value": "[parameters('routeTableRouteNextHopIpAddress')]" + }, + "tags": { + "value": "[parameters('tags')]" } }, - { - "condition": "[[or(or(or(or(or(or(or(or(or(or(parameters('installAccess'), parameters('installExcel')), parameters('installOneDrive')), parameters('installOneNote')), parameters('installOutlook')), parameters('installPowerPoint')), parameters('installPublisher')), parameters('installSkypeForBusiness')), parameters('installWord')), parameters('installVisio')), parameters('installProject'))]", - "type": "Microsoft.Compute/virtualMachines/runCommands", - "apiVersion": "2023-03-01", - "name": "[[format('{0}/{1}', parameters('virtualMachineName'), 'office')]", - "location": "[[parameters('location')]", - "tags": "[[if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), parameters('tags')['Microsoft.Compute/virtualMachines'], createObject())]", - "properties": { - "treatFailureAsDeploymentFailure": true, - "asyncExecution": false, - "parameters": [ - { - "name": "InstallAccess", - "value": "[[variables('installAccessVar')]" - }, - { - "name": "InstallWord", - "value": "[[variables('installWordVar')]" - }, - { - "name": "InstallExcel", - "value": "[[variables('installExcelVar')]" - }, - { - "name": "InstallOneDrive", - "value": "[[variables('installOneDriveVar')]" - }, - { - "name": "InstallOneNote", - "value": "[[variables('installOneNoteVar')]" - }, - { - "name": "InstallOutlook", - "value": "[[variables('installOutlookVar')]" - }, - { - "name": "InstallPowerPoint", - "value": "[[variables('installPowerPointVar')]" - }, - { - "name": "InstallProject", - "value": "[[variables('installProjectVar')]" - }, - { - "name": "InstallPublisher", - "value": "[[variables('installPublisherVar')]" - }, - { - "name": "InstallSkypeForBusiness", - "value": "[[variables('installSkypeForBusinessVar')]" - }, - { - "name": "InstallVisio", - "value": "[[variables('installVisioVar')]" - }, - { - "name": "UserAssignedIdentityObjectId", - "value": "[[parameters('userAssignedIdentityObjectId')]" - }, - { - "name": "StorageAccountName", - "value": "[[parameters('storageAccountName')]" - }, - { - "name": "ContainerName", - "value": "[[parameters('containerName')]" - }, - { - "name": "StorageEndpoint", - "value": "[[parameters('storageEndpoint')]" - }, - { - "name": "BlobName", - "value": "[[parameters('officeInstaller')]" - } - ], - "source": { - "script": " param(\r\n [string]$InstallAccess,\r\n [string]$InstallExcel,\r\n [string]$InstallOneDrive,\r\n [string]$InstallOutlook,\r\n [string]$InstallProject,\r\n [string]$InstallPublisher,\r\n [string]$InstallSkypeForBusiness,\r\n [string]$InstallVisio,\r\n [string]$InstallWord,\r\n [string]$InstallOneNote,\r\n [string]$InstallPowerPoint,\r\n [string]$UserAssignedIdentityObjectId,\r\n [string]$StorageAccountName,\r\n [string]$ContainerName,\r\n [string]$StorageEndpoint,\r\n [string]$BlobName\r\n )\r\n $ErrorActionPreference = 'Stop'\r\n $WarningPreference = 'SilentlyContinue'\r\n $StorageAccountUrl = \"https://\" + $StorageAccountName + \".blob.\" + $StorageEndpoint + \"/\"\r\n $TokenUri = \"http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=$StorageAccountUrl&object_id=$UserAssignedIdentityObjectId\"\r\n $AccessToken = ((Invoke-WebRequest -Headers @{Metadata=$true} -Uri $TokenUri -UseBasicParsing).Content | ConvertFrom-Json).access_token\r\n New-Item -Path \"$env:windir\\temp\\office\" -ItemType \"directory\" -Force\r\n $sku = (Get-ComputerInfo).OsName\r\n $o365ConfigHeader = Set-Content \"$env:windir\\temp\\office\\office365x64.xml\" ''\r\n $o365OfficeHeader = Add-Content \"$env:windir\\temp\\office\\office365x64.xml\" ''\r\n if($InstallAccess -notlike '*true*'){\r\n Add-Content \"$env:windir\\temp\\office\\office365x64.xml\" ''\r\n }\r\n if($InstallExcel -notlike '*true*'){\r\n Add-Content \"$env:windir\\temp\\office\\office365x64.xml\" ''\r\n }\r\n if($InstallOneDrive -notlike '*true*'){\r\n Add-Content \"$env:windir\\temp\\office\\office365x64.xml\" ''\r\n }\r\n if($InstallOneNote -notlike '*true*'){\r\n Add-Content \"$env:windir\\temp\\office\\office365x64.xml\" ''\r\n }\r\n if($InstallOutlook -notlike '*true*'){\r\n Add-Content \"$env:windir\\temp\\office\\office365x64.xml\" ''\r\n }\r\n if($InstallPowerPoint -notlike '*true*'){\r\n Add-Content \"$env:windir\\temp\\office\\office365x64.xml\" ''\r\n }\r\n if($InstallPublisher -notlike '*true*'){\r\n Add-Content \"$env:windir\\temp\\office\\office365x64.xml\" ''\r\n }\r\n if($InstallSkypeForBusiness -notlike '*true*'){\r\n Add-Content \"$env:windir\\temp\\office\\office365x64.xml\" ''\r\n }\r\n if($InstallWord -notlike '*true*'){\r\n Add-Content \"$env:windir\\temp\\office\\office365x64.xml\" ''\r\n }\r\n $addOfficefooter = Add-Content \"$env:windir\\temp\\office\\office365x64.xml\" ''\r\n if($InstallProject -like '*true*'){\r\n Add-Content \"$env:windir\\temp\\office\\office365x64.xml\" ''\r\n }\r\n if($InstallVisio -like '*true*'){\r\n Add-Content \"$env:windir\\temp\\office\\office365x64.xml\" ''\r\n }\r\n Add-Content \"$env:windir\\temp\\office\\office365x64.xml\" ''\r\n $PerMachineConfiguration = if(($Sku).Contains(\"multi\") -eq \"true\"){\r\n Add-Content \"$env:windir\\temp\\office\\office365x64.xml\" ''\r\n }\r\n Add-Content \"$env:windir\\temp\\office\\office365x64.xml\" ''\r\n $Installer = \"$env:windir\\temp\\office\\office.exe\"\r\n #$DownloadLinks = Invoke-WebRequest -Uri \"https://www.microsoft.com/en-us/download/confirmation.aspx?id=49117\" -UseBasicParsing\r\n #$URL = $DownloadLinks.Links.href | Where-Object {$_ -like \"https://download.microsoft.com/download/*officedeploymenttool*\"} | Select-Object -First 1\r\n #Invoke-WebRequest -Uri $URL -OutFile $Installer -UseBasicParsing\r\n Invoke-WebRequest -Headers @{\"x-ms-version\"=\"2017-11-09\"; Authorization =\"Bearer $AccessToken\"} -Uri \"$StorageAccountUrl$ContainerName/$BlobName\" -OutFile $Installer\r\n Start-Process -FilePath $Installer -ArgumentList \"/extract:$env:windir\\temp\\office /quiet /passive /norestart\" -Wait -PassThru | Out-Null\r\n Write-Host \"Downloaded & extracted the Office 365 Deployment Toolkit\"\r\n Start-Process -FilePath \"$env:windir\\temp\\office\\setup.exe\" -ArgumentList \"/configure $env:windir\\temp\\office\\office365x64.xml\" -Wait -PassThru -ErrorAction \"Stop\" | Out-Null\r\n Write-Host \"Installed the selected Office365 applications\"\r\n Write-Host \"Removing Office FIles\"\r\n Remove-item -Path \"$env:windir\\temp\\office\" -Force -Confirm:$false -Recurse\r\n " + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "18262399193161292353" } }, - "dependsOn": [ - "applications" - ] - }, - { - "condition": "[[parameters('installVirtualDesktopOptimizationTool')]", - "type": "Microsoft.Compute/virtualMachines/runCommands", - "apiVersion": "2023-03-01", - "name": "[[format('{0}/{1}', parameters('virtualMachineName'), 'vdot')]", - "location": "[[parameters('location')]", - "tags": "[[if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), parameters('tags')['Microsoft.Compute/virtualMachines'], createObject())]", - "properties": { - "treatFailureAsDeploymentFailure": true, - "asyncExecution": false, - "parameters": [ - { - "name": "UserAssignedIdentityObjectId", - "value": "[[parameters('userAssignedIdentityObjectId')]" - }, - { - "name": "StorageAccountName", - "value": "[[parameters('storageAccountName')]" - }, - { - "name": "ContainerName", - "value": "[[parameters('containerName')]" - }, - { - "name": "StorageEndpoint", - "value": "[[parameters('storageEndpoint')]" - }, - { - "name": "BlobName", - "value": "[[parameters('vDotInstaller')]" - } - ], - "source": { - "script": " param(\r\n [string]$UserAssignedIdentityObjectId,\r\n [string]$StorageAccountName,\r\n [string]$ContainerName,\r\n [string]$StorageEndpoint,\r\n [string]$BlobName\r\n )\r\n $ErrorActionPreference = 'Stop'\r\n $WarningPreference = 'SilentlyContinue'\r\n $StorageAccountUrl = \"https://\" + $StorageAccountName + \".blob.\" + $StorageEndpoint + \"/\"\r\n $TokenUri = \"http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=$StorageAccountUrl&object_id=$UserAssignedIdentityObjectId\"\r\n $AccessToken = ((Invoke-WebRequest -Headers @{Metadata=$true} -Uri $TokenUri -UseBasicParsing).Content | ConvertFrom-Json).access_token\r\n $ZIP = \"$env:windir\\temp\\VDOT.zip\"\r\n Invoke-WebRequest -Headers @{\"x-ms-version\"=\"2017-11-09\"; Authorization =\"Bearer $AccessToken\"} -Uri \"$StorageAccountUrl$ContainerName/$BlobName\" -OutFile $ZIP\r\n Start-Sleep -Seconds 30\r\n Set-Location -Path $env:windir\\temp\r\n Unblock-File -Path $ZIP\r\n Expand-Archive -LiteralPath $ZIP -DestinationPath \"$env:windir\\temp\" -Force\r\n $Path = (Get-ChildItem -Path \"$env:windir\\temp\" -Recurse | Where-Object {$_.Name -eq \"Windows_VDOT.ps1\"}).FullName\r\n $Script = Get-Content -Path $Path\r\n $ScriptUpdate = $Script.Replace(\"Set-NetAdapterAdvancedProperty\",\"#Set-NetAdapterAdvancedProperty\")\r\n $ScriptUpdate | Set-Content -Path $Path\r\n & $Path -Optimizations @(\"AppxPackages\",\"Autologgers\",\"DefaultUserSettings\",\"LGPO\";\"NetworkOptimizations\",\"ScheduledTasks\",\"Services\",\"WindowsMediaPlayer\") -AdvancedOptimizations \"All\" -AcceptEULA\r\n Write-Host \"Removing VDOT Files\"\r\n # Expecting this format for vDot ZIP, update if using a different ZIP format for folder structure\r\n Remove-Item -Path $env:windir\\temp\\Virtual-Desktop-Optimization-Tool-main -Force -Recurse -Confirm:$false\r\n " + "parameters": { + "disableBgpRoutePropagation": { + "type": "bool" }, - "timeoutInSeconds": 640 - }, - "dependsOn": [ - "applications", - "[[resourceId('Microsoft.Compute/virtualMachines/runCommands', parameters('virtualMachineName'), 'office')]", - "[[resourceId('Microsoft.Compute/virtualMachines/runCommands', parameters('virtualMachineName'), 'teams')]" - ] - }, - { - "condition": "[[parameters('installTeams')]", - "type": "Microsoft.Compute/virtualMachines/runCommands", - "apiVersion": "2023-03-01", - "name": "[[format('{0}/{1}', parameters('virtualMachineName'), 'teams')]", - "location": "[[parameters('location')]", - "tags": "[[if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), parameters('tags')['Microsoft.Compute/virtualMachines'], createObject())]", - "properties": { - "treatFailureAsDeploymentFailure": true, - "asyncExecution": false, - "parameters": [ - { - "name": "UserAssignedIdentityObjectId", - "value": "[[parameters('userAssignedIdentityObjectId')]" - }, - { - "name": "StorageAccountName", - "value": "[[parameters('storageAccountName')]" - }, - { - "name": "ContainerName", - "value": "[[parameters('containerName')]" - }, - { - "name": "StorageEndpoint", - "value": "[[parameters('storageEndpoint')]" - }, - { - "name": "BlobName", - "value": "[[parameters('teamsInstaller')]" - }, - { - "name": "BlobName2", - "value": "[[parameters('vcRedistInstaller')]" - }, - { - "name": "BlobName3", - "value": "[[parameters('msrdcwebrtcsvcInstaller')]" - } - ], - "source": { - "script": " param(\r\n [string]$UserAssignedIdentityObjectId,\r\n [string]$StorageAccountName,\r\n [string]$ContainerName,\r\n [string]$StorageEndpoint,\r\n [string]$BlobName,\r\n [string]$BlobName2,\r\n [string]$BlobName3\r\n )\r\n $ErrorActionPreference = 'Stop'\r\n $WarningPreference = 'SilentlyContinue'\r\n $StorageAccountUrl = \"https://\" + $StorageAccountName + \".blob.\" + $StorageEndpoint + \"/\"\r\n $TokenUri = \"http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=$StorageAccountUrl&object_id=$UserAssignedIdentityObjectId\"\r\n $AccessToken = ((Invoke-WebRequest -Headers @{Metadata=$true} -Uri $TokenUri -UseBasicParsing).Content | ConvertFrom-Json).access_token\r\n $vcRedistFile = \"$env:windir\\temp\\vc_redist.x64.exe\"\r\n $webSocketFile = \"$env:windir\\temp\\webSocketSvc.msi\"\r\n $teamsFile = \"$env:windir\\temp\\teams.msi\"\r\n Invoke-WebRequest -Headers @{\"x-ms-version\"=\"2017-11-09\"; Authorization =\"Bearer $AccessToken\"} -Uri \"$StorageAccountUrl$ContainerName/$BlobName\" -OutFile $teamsFile\r\n Invoke-WebRequest -Headers @{\"x-ms-version\"=\"2017-11-09\"; Authorization =\"Bearer $AccessToken\"} -Uri \"$StorageAccountUrl$ContainerName/$BlobName2\" -OutFile $vcRedistFile\r\n Invoke-WebRequest -Headers @{\"x-ms-version\"=\"2017-11-09\"; Authorization =\"Bearer $AccessToken\"} -Uri \"$StorageAccountUrl$ContainerName/$BlobName3\" -OutFile $webSocketFile\r\n\r\n # Enable media optimizations for Team\r\n Start-Process \"reg\" -ArgumentList \"add HKLM\\SOFTWARE\\Microsoft\\Teams /v IsWVDEnvironment /t REG_DWORD /d 1 /f\" -Wait -PassThru -ErrorAction \"Stop\"\r\n Write-Host \"Enabled media optimizations for Teams\"\r\n # Download & install the latest version of Microsoft Visual C++ Redistributable\r\n #$File = \"$env:windir\\temp\\vc_redist.x64.exe\"\r\n #Invoke-WebRequest -Uri \"https://aka.ms/vs/16/release/vc_redist.x64.exe\" -OutFile $File\r\n Start-Process -FilePath $vcRedistFile -Args \"/install /quiet /norestart /log vcdist.log\" -Wait -PassThru | Out-Null\r\n Write-Host \"Installed the latest version of Microsoft Visual C++ Redistributable\"\r\n # Download & install the Remote Desktop WebRTC Redirector Service\r\n #$File = \"$env:windir\\temp\\webSocketSvc.msi\"\r\n #Invoke-WebRequest -Uri \"https://aka.ms/msrdcwebrtcsvc/msi\" -OutFile $File\r\n Start-Process -FilePath msiexec.exe -Args \"/i $webSocketFile /quiet /qn /norestart /passive /log webSocket.log\" -Wait -PassThru | Out-Null\r\n Write-Host \"Installed the Remote Desktop WebRTC Redirector Service\"\r\n # Install Teams\r\n #$File = \"$env:windir\\temp\\teams.msi\"\r\n #Write-host $($TeamsUrl)\r\n #Invoke-WebRequest -Uri \"$TeamsUrl\" -OutFile $File\r\n $sku = (Get-ComputerInfo).OsName\r\n $PerMachineConfiguration = if(($Sku).Contains(\"multi\") -eq \"true\"){\"ALLUSER=1\"}else{\"\"}\r\n Start-Process -FilePath msiexec.exe -Args \"/i $teamsFile /quiet /qn /norestart /passive /log teams.log $PerMachineConfiguration ALLUSERS=1\" -Wait -PassThru | Out-Null\r\n Write-Host \"Installed Teams\"\r\n Write-Host \"Removing Teams Files\"\r\n Remove-Item \"$teamsFile\" -Force -Confirm:$false\r\n Remove-Item \"$vcRedistFile\" -Force -Confirm:$false\r\n Remove-Item \"$webSocketFile\" -Force -Confirm:$false\r\n " + "location": { + "type": "string" + }, + "mlzTags": { + "type": "object" + }, + "name": { + "type": "string" + }, + "routeAddressPrefix": { + "type": "string", + "defaultValue": "0.0.0.0/0" + }, + "routeName": { + "type": "string", + "defaultValue": "default_route" + }, + "routeNextHopIpAddress": { + "type": "string" + }, + "routeNextHopType": { + "type": "string", + "defaultValue": "VirtualAppliance" + }, + "tags": { + "type": "object" } }, - "dependsOn": [ - "applications", - "[[resourceId('Microsoft.Compute/virtualMachines/runCommands', parameters('virtualMachineName'), 'office')]" - ] - }, - { - "condition": "[[parameters('installArcGisPro')]", - "type": "Microsoft.Compute/virtualMachines/runCommands", - "apiVersion": "2023-03-01", - "name": "[[format('{0}/{1}', parameters('virtualMachineName'), 'arcGisPro')]", - "location": "[[parameters('location')]", - "tags": "[[if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), parameters('tags')['Microsoft.Compute/virtualMachines'], createObject())]", - "properties": { - "treatFailureAsDeploymentFailure": true, - "asyncExecution": false, - "parameters": [ - { - "name": "UserAssignedIdentityObjectId", - "value": "[[parameters('userAssignedIdentityObjectId')]" - }, - { - "name": "StorageAccountName", - "value": "[[parameters('storageAccountName')]" - }, - { - "name": "ContainerName", - "value": "[[parameters('containerName')]" - }, - { - "name": "StorageEndpoint", - "value": "[[parameters('storageEndpoint')]" - }, - { - "name": "BlobName", - "value": "[[parameters('arcGisProInstaller')]" + "resources": [ + { + "type": "Microsoft.Network/routeTables", + "apiVersion": "2021-02-01", + "name": "[parameters('name')]", + "location": "[parameters('location')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Network/routeTables'), parameters('tags')['Microsoft.Network/routeTables'], createObject()), parameters('mlzTags'))]", + "properties": { + "disableBgpRoutePropagation": "[parameters('disableBgpRoutePropagation')]", + "routes": [ + { + "name": "[parameters('routeName')]", + "properties": { + "addressPrefix": "[parameters('routeAddressPrefix')]", + "nextHopIpAddress": "[parameters('routeNextHopIpAddress')]", + "nextHopType": "[parameters('routeNextHopType')]" + } + } + ] } - ], - "source": { - "script": " param(\r\n [string]$UserAssignedIdentityObjectId,\r\n [string]$StorageAccountName,\r\n [string]$ContainerName,\r\n [string]$StorageEndpoint,\r\n [string]$BlobName\r\n )\r\n $ErrorActionPreference = 'Stop'\r\n $WarningPreference = 'SilentlyContinue'\r\n $StorageAccountUrl = \"https://\" + $StorageAccountName + \".blob.\" + $StorageEndpoint + \"/\"\r\n $TokenUri = \"http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=$StorageAccountUrl&object_id=$UserAssignedIdentityObjectId\"\r\n $AccessToken = ((Invoke-WebRequest -Headers @{Metadata=$true} -Uri $TokenUri -UseBasicParsing).Content | ConvertFrom-Json).access_token\r\n # Retrieve Files\r\n New-Item -Path $env:windir\\temp -Name arcgis -ItemType \"directory\" -Force\r\n $ZIP = \"$env:windir\\temp\\arcgispro.zip\"\r\n Invoke-WebRequest -Headers @{\"x-ms-version\"=\"2017-11-09\"; Authorization =\"Bearer $AccessToken\"} -Uri \"$StorageAccountUrl$ContainerName/$BlobName\" -OutFile $ZIP\r\n Start-Sleep -Seconds 30\r\n Set-Location -Path $env:windir\\temp\r\n Unblock-File -Path $ZIP\r\n Expand-Archive -LiteralPath $ZIP -DestinationPath \"$env:windir\\temp\\arcgis\" -Force\r\n\r\n # Install Arcgis\r\n $arcGisProMsi = (Get-ChildItem \"$env:windir\\temp\\arcgis\\\" -Recurse | where {$_.Name -eq \"ArcGisPro.msi\"})\r\n $arcGisProMsp = (Get-ChildItem \"$env:windir\\temp\\arcgis\" -Recurse | where {$_.Extension -eq \".msp\"})\r\n $winDesktopRuntime = (Get-ChildItem \"$env:windir\\temp\\arcgis\\\" -Recurse | where {$_.Name -like \"windowsdesktop-runtime-*\"})\r\n\r\n # If found Install Windows Desktop Runtime Pre-Req\r\n try {\r\n if ($winDesktopRuntime ){\r\n Start-Process -FilePath \"$($winDesktopRuntime.Directory.FullName)\\$winDesktopRuntime\" -ArgumentList \"/install /quiet /norestart\" -Wait -NoNewWindow -PassThru\r\n }\r\n }\r\n catch {\r\n Write-Output \"Please validate all software requirements are included with the ArcGIS Pro Zip\"\r\n }\r\n\r\n try {\r\n # Install ArcGis Pro\r\n $arcGisProArguments = \"/i $($arcGisProMsi.Directory.FullName)\\$arcGisProMsi ALLUSERS=1 ACCEPTEULA=yes ENABLEEUEI=0 SOFTWARE_CLASS=Professional AUTHORIZATION_TYPE=NAMED_USER LOCK_AUTH_SETTINGS=False ArcGIS_Connection=TRUE /qn /norestart\"\r\n Start-Process \"msiexec.exe\" -ArgumentList $arcGisProArguments -Wait -NoNewWindow -PassThru\r\n }\r\n catch {\r\n Write-Output \"Please validate all software requirements are included with the ArcGIS Pro Zip\"\r\n }\r\n\r\n try {\r\n # If MSP is found, patch ArcGisPro with MSP file\r\n if($arcGisProMsp){\r\n Start-Process \"msiexec.exe\" -ArgumentList \"/p $($arcGisProMsp.Directory.FullName)\\$arcGisProMsp /qn\" -Wait -NoNewWindow -PassThru\r\n }\r\n }\r\n catch {\r\n Write-Output \"Please validate all software requirements are included with the ArcGIS Pro Zip\"\r\n }\r\n Write-Host \"Removing ArcGis Files\"\r\n Remove-Item $ZIP -Force -Confirm:$false -Recurse\r\n Remove-item -Path \"$env:windir\\temp\\arcgis\" -Force -Confirm:$false -Recurse\r\n " } - }, - "dependsOn": [ - "applications", - "[[resourceId('Microsoft.Compute/virtualMachines/runCommands', parameters('virtualMachineName'), 'office')]", - "[[resourceId('Microsoft.Compute/virtualMachines/runCommands', parameters('virtualMachineName'), 'teams')]", - "[[resourceId('Microsoft.Compute/virtualMachines/runCommands', parameters('virtualMachineName'), 'vdot')]" - ] - } - ] - } - }, - "dependsOn": [ - "[[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('image-vm-{0}', parameters('deploymentNameSuffix')))]" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[[format('restart-vm-1-{0}', parameters('deploymentNameSuffix'))]", - "subscriptionId": "[[variables('subscriptionId')]", - "resourceGroup": "[[parameters('resourceGroupName')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "imageVirtualMachineName": { - "value": "[[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('image-vm-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" - }, - "resourceGroupName": { - "value": "[[parameters('resourceGroupName')]" - }, - "location": { - "value": "[[parameters('location')]" - }, - "tags": { - "value": "[[parameters('tags')]" - }, - "userAssignedIdentityClientId": { - "value": "[[parameters('userAssignedIdentityClientId')]" - }, - "virtualMachineName": "[[if(parameters('enableBuildAutomation'), createObject('value', parameters('managementVirtualMachineName')), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('management-vm-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value))]" - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "10420021406848674052" - } - }, - "parameters": { - "imageVirtualMachineName": { - "type": "string" - }, - "resourceGroupName": { - "type": "string" - }, - "location": { - "type": "string" - }, - "tags": { - "type": "object" - }, - "userAssignedIdentityClientId": { - "type": "string" - }, - "virtualMachineName": { - "type": "string" - } - }, - "resources": [ - { - "type": "Microsoft.Compute/virtualMachines/runCommands", - "apiVersion": "2023-03-01", - "name": "[[format('{0}/{1}', parameters('virtualMachineName'), 'restartVirtualMachine')]", - "location": "[[parameters('location')]", - "tags": "[[if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), parameters('tags')['Microsoft.Compute/virtualMachines'], createObject())]", - "properties": { - "treatFailureAsDeploymentFailure": true, - "asyncExecution": false, - "parameters": [ - { - "name": "Environment", - "value": "[[environment().name]" - }, - { - "name": "ResourceGroupName", - "value": "[[parameters('resourceGroupName')]" - }, - { - "name": "SubscriptionId", - "value": "[[subscription().subscriptionId]" - }, - { - "name": "TenantId", - "value": "[[tenant().tenantId]" - }, - { - "name": "UserAssignedIdentityClientId", - "value": "[[parameters('userAssignedIdentityClientId')]" - }, - { - "name": "VirtualMachineName", - "value": "[[parameters('imageVirtualMachineName')]" - } - ], - "source": { - "script": " param(\r\n [string]$Environment,\r\n [string]$ResourceGroupName,\r\n [string]$SubscriptionId,\r\n [string]$TenantId,\r\n [string]$UserAssignedIdentityClientId,\r\n [string]$VirtualMachineName\r\n )\r\n $ErrorActionPreference = 'Stop'\r\n Connect-AzAccount -Environment $Environment -Tenant $TenantId -Subscription $SubscriptionId -Identity -AccountId $UserAssignedIdentityClientId | Out-Null\r\n Restart-AzVM -ResourceGroupName $ResourceGroupName -Name $VirtualMachineName\r\n $AgentStatus = $Null\r\n while ($Null -eq $AgentStatus) \r\n {\r\n Start-Sleep -Seconds 5\r\n $AgentStatus = (Get-AzVM -ResourceGroupName $ResourceGroupName -Name $VirtualMachineName -Status).VMAgent\r\n }\r\n " + ], + "outputs": { + "id": { + "type": "string", + "value": "[resourceId('Microsoft.Network/routeTables', parameters('name'))]" + }, + "name": { + "type": "string", + "value": "[parameters('name')]" } } } - ] - } - }, - "dependsOn": [ - "[[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('customizations-{0}', parameters('deploymentNameSuffix')))]", - "[[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('management-vm-{0}', parameters('deploymentNameSuffix')))]", - "[[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('image-vm-{0}', parameters('deploymentNameSuffix')))]" - ] - }, - { - "condition": "[[parameters('installUpdates')]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[[format('microsoft-updates-{0}', parameters('deploymentNameSuffix'))]", - "subscriptionId": "[[variables('subscriptionId')]", - "resourceGroup": "[[parameters('resourceGroupName')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "imageVirtualMachineName": { - "value": "[[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('image-vm-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" - }, - "location": { - "value": "[[parameters('location')]" - }, - "tags": { - "value": "[[parameters('tags')]" - }, - "updateService": { - "value": "[[parameters('updateService')]" - }, - "wsusServer": { - "value": "[[parameters('wsusServer')]" } }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "12095172867813258567" - } - }, - "parameters": { - "location": { - "type": "string" - }, - "imageVirtualMachineName": { - "type": "string" - }, - "tags": { - "type": "object" - }, - "updateService": { - "type": "string" + { + "condition": "[parameters('deployNetworkWatcher')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "networkWatcher", + "subscriptionId": "[parameters('subscriptionId')]", + "resourceGroup": "[parameters('resourceGroupName')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" }, - "wsusServer": { - "type": "string" - } - }, - "resources": [ - { - "type": "Microsoft.Compute/virtualMachines/runCommands", - "apiVersion": "2023-03-01", - "name": "[[format('{0}/{1}', parameters('imageVirtualMachineName'), 'install-microsoft-updates')]", - "location": "[[parameters('location')]", - "properties": { - "asyncExecution": false, - "parameters": "[[if(equals(parameters('updateService'), 'WSUS'), createArray(createObject('name', 'Service', 'value', parameters('updateService')), createObject('name', 'WSUSServer', 'value', parameters('wsusServer'))), createArray(createObject('name', 'Service', 'value', parameters('updateService'))))]", - "source": { - "script": " param (\r\n # The App Name to pass to the WUA API as the calling application.\r\n [Parameter()]\r\n [String]$AppName = \"Windows Update API Script\",\r\n # The search criteria to be used.\r\n [Parameter()]\r\n [String]$Criteria = \"IsInstalled=0 and Type='Software' and IsHidden=0\",\r\n [Parameter()]\r\n [bool]$ExcludePreviewUpdates = $true,\r\n # Default service (WSUS if machine is configured to use it, or MU if opted in, or WU otherwise.)\r\n [Parameter()]\r\n [ValidateSet(\"WU\",\"MU\",\"WSUS\",\"DCAT\",\"STORE\",\"OTHER\")]\r\n [string]$Service = 'MU',\r\n # The http/https fqdn for the Windows Server Update Server\r\n [Parameter()]\r\n [string]$WSUSServer\r\n )\r\n \r\n Function ConvertFrom-InstallationResult {\r\n [CmdletBinding()]\r\n param (\r\n [Parameter()]\r\n [int]$Result\r\n ) \r\n switch ($Result) {\r\n 2 { $Text = 'Succeeded' }\r\n 3 { $Text = 'Succeeded with errors' }\r\n 4 { $Text = 'Failed' }\r\n 5 { $Text = 'Cancelled' }\r\n Default { $Text = \"Unexpected ($Result)\"}\r\n } \r\n Return $Text\r\n }\r\n Start-Transcript -Path \"$env:SystemRoot\\Logs\\ImageBuild\\Install-Updates.log\"\r\n Switch ($Service.ToUpper()) {\r\n 'WU' { $ServerSelection = 2 }\r\n 'MU' { $ServerSelection = 3; $ServiceId = \"7971f918-a847-4430-9279-4a52d1efe18d\" }\r\n 'WSUS' { $ServerSelection = 1 }\r\n 'DCAT' { $ServerSelection = 3; $ServiceId = \"855E8A7C-ECB4-4CA3-B045-1DFA50104289\" }\r\n 'STORE' { $serverSelection = 3; $ServiceId = \"117cab2d-82b1-4b5a-a08c-4d62dbee7782\" }\r\n 'OTHER' { $ServerSelection = 3; $ServiceId = $Service }\r\n } \r\n If ($Service -eq 'MU') {\r\n $UpdateServiceManager = New-Object -ComObject Microsoft.Update.ServiceManager\r\n $UpdateServiceManager.ClientApplicationID = $AppName\r\n $UpdateServiceManager.AddService2(\"7971f918-a847-4430-9279-4a52d1efe18d\", 7, \"\")\r\n $null = cmd /c reg.exe ADD \"HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate\\AU\" /v AllowMUUpdateService /t REG_DWORD /d 1 /f '2>&1'\r\n Write-Output \"Added Registry entry to configure Microsoft Update. Exit Code: [$LastExitCode]\"\r\n } Elseif ($Service -eq 'WSUS' -and $WSUSServer) {\r\n $null = cmd /c reg.exe ADD \"HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate\" /v WUServer /t REG_SZ /d $WSUSServer /f '2>&1'\r\n $null = cmd /c reg.exe ADD \"HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate\" /v WUStatusServer /t REG_SZ /d $WSUSServer /f '2>&1'\r\n Write-Output \"Added Registry entry to configure WSUS Server. Exit Code: [$LastExitCode]\"\r\n } \r\n $UpdateSession = New-Object -ComObject Microsoft.Update.Session\r\n $updateSession.ClientApplicationID = $AppName \r\n $UpdateSearcher = $UpdateSession.CreateUpdateSearcher()\r\n $UpdateSearcher.ServerSelection = $ServerSelection\r\n If ($ServerSelection -eq 3) {\r\n $UpdateSearcher.ServiceId = $ServiceId\r\n }\r\n Write-Output \"Searching for Updates...\"\r\n $SearchResult = $UpdateSearcher.Search($Criteria)\r\n If ($SearchResult.Updates.Count -eq 0) {\r\n Write-Output \"There are no applicable updates.\"\r\n Write-Output \"Now Exiting\"\r\n Exit $ExitCode\r\n }\r\n Write-Output \"List of applicable items found for this computer:\"\r\n For ($i = 0; $i -lt $SearchResult.Updates.Count; $i++) {\r\n $Update = $SearchResult.Updates[$i]\r\n Write-Output \"$($i + 1) > $($update.Title)\"\r\n }\r\n $AtLeastOneAdded = $false\r\n $ExclusiveAdded = $false \r\n $UpdatesToDownload = New-Object -ComObject Microsoft.Update.UpdateColl\r\n Write-Output \"Checking search results:\"\r\n For ($i = 0; $i -lt $SearchResult.Updates.Count; $i++) {\r\n $Update = $SearchResult.Updates[$i]\r\n $AddThisUpdate = $false \r\n If ($ExclusiveAdded) {\r\n Write-Output \"$($i + 1) > skipping: '$($update.Title)' because an exclusive update has already been selected.\"\r\n } Else {\r\n $AddThisUpdate = $true\r\n } \r\n if ($ExcludePreviewUpdates -and $update.Title -like '*Preview*') {\r\n Write-Output \"$($i + 1) > Skipping: '$($update.Title)' because it is a preview update.\"\r\n $AddThisUpdate = $false\r\n } \r\n If ($AddThisUpdate) {\r\n $PropertyTest = 0\r\n $ErrorActionPreference = 'SilentlyContinue'\r\n $PropertyTest = $Update.InstallationBehavior.Impact\r\n $ErrorActionPreference = 'Stop'\r\n If ($PropertyTest -eq 2) {\r\n If ($AtLeastOneAdded) {\r\n Write-Output \"$($i + 1) > skipping: '$($update.Title)' because it is exclusive and other updates are being installed first.\"\r\n $AddThisUpdate = $false\r\n }\r\n }\r\n }\r\n If ($AddThisUpdate) {\r\n Write-Output \"$($i + 1) > adding: '$($update.Title)'\"\r\n $UpdatesToDownload.Add($Update) | out-null\r\n $AtLeastOneAdded = $true\r\n $ErrorActionPreference = 'SilentlyContinue'\r\n $PropertyTest = $Update.InstallationBehavior.Impact\r\n $ErrorActionPreference = 'Stop'\r\n If ($PropertyTest -eq 2) {\r\n Write-Output \"This update is exclusive; skipping remaining updates\"\r\n $ExclusiveAdded = $true\r\n }\r\n }\r\n } \r\n $UpdatesToInstall = New-Object -ComObject Microsoft.Update.UpdateColl\r\n Write-Output \"Downloading updates...\"\r\n $Downloader = $UpdateSession.CreateUpdateDownloader()\r\n $Downloader.Updates = $UpdatesToDownload\r\n $Downloader.Download()\r\n Write-Output \"Successfully downloaded updates:\" \r\n For ($i = 0; $i -lt $UpdatesToDownload.Count; $i++) {\r\n $Update = $UpdatesToDownload[$i]\r\n If ($Update.IsDownloaded -eq $true) {\r\n Write-Output \"$($i + 1) > $($update.title)\"\r\n $UpdatesToInstall.Add($Update) | out-null\r\n }\r\n } \r\n If ($UpdatesToInstall.Count -gt 0) {\r\n Write-Output \"Now installing updates...\"\r\n $Installer = $UpdateSession.CreateUpdateInstaller()\r\n $Installer.Updates = $UpdatesToInstall\r\n $InstallationResult = $Installer.Install()\r\n $Text = ConvertFrom-InstallationResult -Result $InstallationResult.ResultCode\r\n Write-Output \"Installation Result: $($Text)\" \r\n If ($InstallationResult.RebootRequired) {\r\n Write-Output \"Atleast one update requires a reboot to complete the installation.\"\r\n }\r\n }\r\n If ($service -eq 'MU') {\r\n Reg.exe DELETE \"HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate\\AU\" /v AllowMUUpdateService /f\r\n } Elseif ($Service -eq 'WSUS' -and $WSUSServer) {\r\n reg.exe DELETE \"HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate\" /v WUServer /f\r\n reg.exe DELETE \"HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate\" /v WUStatusServer /f\r\n }\r\n Stop-Transcript\r\n " - }, - "treatFailureAsDeploymentFailure": true + "mode": "Incremental", + "parameters": { + "location": { + "value": "[parameters('location')]" }, - "tags": "[[parameters('tags')]" - } - ] - } - }, - "dependsOn": [ - "[[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('restart-vm-1-{0}', parameters('deploymentNameSuffix')))]", - "[[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('image-vm-{0}', parameters('deploymentNameSuffix')))]" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[[format('restart-vm-2-{0}', parameters('deploymentNameSuffix'))]", - "subscriptionId": "[[variables('subscriptionId')]", - "resourceGroup": "[[parameters('resourceGroupName')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "imageVirtualMachineName": { - "value": "[[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('image-vm-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" - }, - "resourceGroupName": { - "value": "[[parameters('resourceGroupName')]" - }, - "location": { - "value": "[[parameters('location')]" - }, - "tags": { - "value": "[[parameters('tags')]" - }, - "userAssignedIdentityClientId": { - "value": "[[parameters('userAssignedIdentityClientId')]" - }, - "virtualMachineName": "[[if(parameters('enableBuildAutomation'), createObject('value', parameters('managementVirtualMachineName')), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('management-vm-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value))]" - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "10420021406848674052" - } - }, - "parameters": { - "imageVirtualMachineName": { - "type": "string" - }, - "resourceGroupName": { - "type": "string" - }, - "location": { - "type": "string" - }, - "tags": { - "type": "object" - }, - "userAssignedIdentityClientId": { - "type": "string" + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, + "name": { + "value": "[parameters('networkWatcherName')]" + }, + "tags": { + "value": "[parameters('tags')]" + } }, - "virtualMachineName": { - "type": "string" - } - }, - "resources": [ - { - "type": "Microsoft.Compute/virtualMachines/runCommands", - "apiVersion": "2023-03-01", - "name": "[[format('{0}/{1}', parameters('virtualMachineName'), 'restartVirtualMachine')]", - "location": "[[parameters('location')]", - "tags": "[[if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), parameters('tags')['Microsoft.Compute/virtualMachines'], createObject())]", - "properties": { - "treatFailureAsDeploymentFailure": true, - "asyncExecution": false, - "parameters": [ - { - "name": "Environment", - "value": "[[environment().name]" - }, - { - "name": "ResourceGroupName", - "value": "[[parameters('resourceGroupName')]" - }, - { - "name": "SubscriptionId", - "value": "[[subscription().subscriptionId]" - }, - { - "name": "TenantId", - "value": "[[tenant().tenantId]" - }, - { - "name": "UserAssignedIdentityClientId", - "value": "[[parameters('userAssignedIdentityClientId')]" - }, - { - "name": "VirtualMachineName", - "value": "[[parameters('imageVirtualMachineName')]" - } - ], - "source": { - "script": " param(\r\n [string]$Environment,\r\n [string]$ResourceGroupName,\r\n [string]$SubscriptionId,\r\n [string]$TenantId,\r\n [string]$UserAssignedIdentityClientId,\r\n [string]$VirtualMachineName\r\n )\r\n $ErrorActionPreference = 'Stop'\r\n Connect-AzAccount -Environment $Environment -Tenant $TenantId -Subscription $SubscriptionId -Identity -AccountId $UserAssignedIdentityClientId | Out-Null\r\n Restart-AzVM -ResourceGroupName $ResourceGroupName -Name $VirtualMachineName\r\n $AgentStatus = $Null\r\n while ($Null -eq $AgentStatus) \r\n {\r\n Start-Sleep -Seconds 5\r\n $AgentStatus = (Get-AzVM -ResourceGroupName $ResourceGroupName -Name $VirtualMachineName -Status).VMAgent\r\n }\r\n " + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "13830033528097307473" } - } + }, + "parameters": { + "location": { + "type": "string" + }, + "mlzTags": { + "type": "object" + }, + "name": { + "type": "string" + }, + "tags": { + "type": "object" + } + }, + "resources": [ + { + "type": "Microsoft.Network/networkWatchers", + "apiVersion": "2021-02-01", + "name": "[parameters('name')]", + "location": "[parameters('location')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Network/networkWatchers'), parameters('tags')['Microsoft.Network/networkWatchers'], createObject()), parameters('mlzTags'))]", + "properties": {} + } + ] } - ] - } - }, - "dependsOn": [ - "[[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('management-vm-{0}', parameters('deploymentNameSuffix')))]", - "[[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('microsoft-updates-{0}', parameters('deploymentNameSuffix')))]", - "[[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('image-vm-{0}', parameters('deploymentNameSuffix')))]" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[[format('sysprep-vm-{0}', parameters('deploymentNameSuffix'))]", - "subscriptionId": "[[variables('subscriptionId')]", - "resourceGroup": "[[parameters('resourceGroupName')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "location": { - "value": "[[parameters('location')]" - }, - "tags": { - "value": "[[parameters('tags')]" - }, - "virtualMachineName": { - "value": "[[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('image-vm-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" } }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "13855748863144258342" - } - }, - "parameters": { - "location": { - "type": "string" + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "virtualNetwork", + "subscriptionId": "[parameters('subscriptionId')]", + "resourceGroup": "[parameters('resourceGroupName')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" }, - "tags": { - "type": "object" + "mode": "Incremental", + "parameters": { + "addressPrefix": { + "value": "[parameters('virtualNetworkAddressPrefix')]" + }, + "location": { + "value": "[parameters('location')]" + }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, + "name": { + "value": "[parameters('virtualNetworkName')]" + }, + "subnets": { + "copy": [ + { + "name": "value", + "count": "[length(variables('subnets'))]", + "input": "[createObject('name', variables('subnets')[copyIndex('value')].name, 'properties', createObject('addressPrefix', variables('subnets')[copyIndex('value')].properties.addressPrefix, 'delegations', coalesce(tryGet(variables('delegations'), variables('subnets')[copyIndex('value')].name), createArray()), 'networkSecurityGroup', createObject('id', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'networkSecurityGroup'), '2022-09-01').outputs.id.value), 'routeTable', createObject('id', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'routeTable'), '2022-09-01').outputs.id.value), 'privateEndpointNetworkPolicies', 'Disabled', 'privateLinkServiceNetworkPolicies', 'Disabled'))]" + } + ] + }, + "tags": { + "value": "[parameters('tags')]" + }, + "vNetDnsServers": { + "value": "[parameters('vNetDnsServers')]" + }, + "firewallSkuTier": { + "value": "[parameters('firewallSkuTier')]" + } }, - "virtualMachineName": { - "type": "string" - } - }, - "resources": [ - { - "type": "Microsoft.Compute/virtualMachines/runCommands", - "apiVersion": "2023-03-01", - "name": "[[format('{0}/{1}', parameters('virtualMachineName'), 'sysprepVirtualMachine')]", - "location": "[[parameters('location')]", - "tags": "[[if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), parameters('tags')['Microsoft.Compute/virtualMachines'], createObject())]", - "properties": { - "treatFailureAsDeploymentFailure": false, - "asyncExecution": true, - "parameters": [], - "source": { - "script": " Start-Sleep -Seconds 30\r\n Remove-Item -LiteralPath 'C:\\Windows\\Panther' -Force -Recurse -ErrorAction SilentlyContinue\r\n Set-ItemProperty -Path 'HKLM:\\SYSTEM\\CurrentControlSet\\Services\\cdrom' -Name 'Start' -Value 1\r\n Start-Process -File 'C:\\Windows\\System32\\Sysprep\\Sysprep.exe' -ArgumentList '/generalize /oobe /shutdown /mode:vm'\r\n " + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "4325479931624604061" + } + }, + "parameters": { + "addressPrefix": { + "type": "string" + }, + "location": { + "type": "string" + }, + "mlzTags": { + "type": "object" + }, + "name": { + "type": "string" + }, + "subnets": { + "type": "array" + }, + "tags": { + "type": "object" + }, + "vNetDnsServers": { + "type": "array" + }, + "firewallSkuTier": { + "type": "string" + } + }, + "resources": [ + { + "type": "Microsoft.Network/virtualNetworks", + "apiVersion": "2021-02-01", + "name": "[parameters('name')]", + "location": "[parameters('location')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Network/virtualNetworks'), parameters('tags')['Microsoft.Network/virtualNetworks'], createObject()), parameters('mlzTags'))]", + "properties": { + "addressSpace": { + "addressPrefixes": [ + "[parameters('addressPrefix')]" + ] + }, + "subnets": "[parameters('subnets')]", + "dhcpOptions": "[if(and(not(equals(parameters('vNetDnsServers'), null())), or(equals(parameters('firewallSkuTier'), 'Premium'), equals(parameters('firewallSkuTier'), 'Standard'))), createObject('dnsServers', parameters('vNetDnsServers')), null())]" + } + } + ], + "outputs": { + "name": { + "type": "string", + "value": "[parameters('name')]" + }, + "id": { + "type": "string", + "value": "[resourceId('Microsoft.Network/virtualNetworks', parameters('name'))]" + }, + "subnets": { + "type": "array", + "value": "[reference(resourceId('Microsoft.Network/virtualNetworks', parameters('name')), '2021-02-01').subnets]" + }, + "addressPrefix": { + "type": "string", + "value": "[reference(resourceId('Microsoft.Network/virtualNetworks', parameters('name')), '2021-02-01').addressSpace.addressPrefixes[0]]" } } } + }, + "dependsOn": [ + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'networkSecurityGroup')]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'networkWatcher')]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'routeTable')]" ] } - }, - "dependsOn": [ - "[[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('restart-vm-1-{0}', parameters('deploymentNameSuffix')))]", - "[[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('restart-vm-2-{0}', parameters('deploymentNameSuffix')))]", - "[[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('image-vm-{0}', parameters('deploymentNameSuffix')))]" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[[format('generalize-vm-{0}', parameters('deploymentNameSuffix'))]", - "subscriptionId": "[[variables('subscriptionId')]", - "resourceGroup": "[[parameters('resourceGroupName')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" + ], + "outputs": { + "virtualNetworkName": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.name.value]" }, - "mode": "Incremental", - "parameters": { - "imageVirtualMachineName": { - "value": "[[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('image-vm-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" - }, - "resourceGroupName": { - "value": "[[parameters('resourceGroupName')]" - }, - "location": { - "value": "[[parameters('location')]" - }, - "tags": { - "value": "[[parameters('tags')]" - }, - "userAssignedIdentityClientId": { - "value": "[[parameters('userAssignedIdentityClientId')]" - }, - "virtualMachineName": "[[if(parameters('enableBuildAutomation'), createObject('value', parameters('managementVirtualMachineName')), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('management-vm-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value))]" + "virtualNetworkResourceId": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.id.value]" }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "1408076597272275810" - } - }, - "parameters": { - "imageVirtualMachineName": { - "type": "string" - }, - "resourceGroupName": { - "type": "string" - }, - "location": { - "type": "string", - "defaultValue": "[[resourceGroup().location]" - }, - "tags": { - "type": "object" - }, - "userAssignedIdentityClientId": { - "type": "string" - }, - "virtualMachineName": { - "type": "string" - } - }, - "resources": [ - { - "type": "Microsoft.Compute/virtualMachines/runCommands", - "apiVersion": "2023-03-01", - "name": "[[format('{0}/{1}', parameters('virtualMachineName'), 'generalizeVirtualMachine')]", - "location": "[[parameters('location')]", - "tags": "[[if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), parameters('tags')['Microsoft.Compute/virtualMachines'], createObject())]", - "properties": { - "treatFailureAsDeploymentFailure": true, - "asyncExecution": false, - "parameters": [ - { - "name": "Environment", - "value": "[[environment().name]" - }, - { - "name": "ResourceGroupName", - "value": "[[parameters('resourceGroupName')]" - }, - { - "name": "SubscriptionId", - "value": "[[subscription().subscriptionId]" - }, - { - "name": "TenantId", - "value": "[[tenant().tenantId]" - }, - { - "name": "UserAssignedIdentityClientId", - "value": "[[parameters('userAssignedIdentityClientId')]" - }, - { - "name": "VirtualMachineName", - "value": "[[parameters('imageVirtualMachineName')]" - } - ], - "source": { - "script": " param(\r\n [string]$Environment,\r\n [string]$ResourceGroupName,\r\n [string]$SubscriptionId,\r\n [string]$TenantId,\r\n [string]$UserAssignedIdentityClientId,\r\n [string]$VirtualMachineName\r\n )\r\n $ErrorActionPreference = 'Stop'\r\n Connect-AzAccount -Environment $Environment -Tenant $TenantId -Subscription $SubscriptionId -Identity -AccountId $UserAssignedIdentityClientId | Out-Null\r\n $PowerStatus = ''\r\n while ($PowerStatus -ne 'VM stopped') \r\n {\r\n Start-Sleep -Seconds 5\r\n $PowerStatus = (Get-AzVM -ResourceGroupName $ResourceGroupName -Name $VirtualMachineName -Status).Statuses[1].DisplayStatus\r\n }\r\n Set-AzVm -ResourceGroupName $ResourceGroupName -Name $VirtualMachineName -Generalized\r\n Start-Sleep -Seconds 30\r\n " - } - } - } - ] + "virtualNetworkAddressPrefix": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.addressPrefix.value]" + }, + "subnetName": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.subnets.value[0].name]" + }, + "subnetAddressPrefix": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.subnets.value[0].properties.addressPrefix]" + }, + "subnetResourceId": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.subnets.value[0].id]" + }, + "networkSecurityGroupName": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'networkSecurityGroup'), '2022-09-01').outputs.name.value]" + }, + "networkSecurityGroupResourceId": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'networkSecurityGroup'), '2022-09-01').outputs.id.value]" } + } + } + } + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-vnet-peering-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))]", + "location": "[deployment().location]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "hubVirtualNetworkResourceId": { + "value": "[parameters('hubVirtualNetworkResourceId')]" }, - "dependsOn": [ - "[[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('management-vm-{0}', parameters('deploymentNameSuffix')))]", - "[[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('sysprep-vm-{0}', parameters('deploymentNameSuffix')))]", - "[[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('image-vm-{0}', parameters('deploymentNameSuffix')))]" - ] + "resourceGroupName": { + "value": "[parameters('resourceGroupName')]" + }, + "spokeName": { + "value": "[parameters('workloadName')]" + }, + "spokeVirtualNetworkName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', 'spokeNetwork'), '2022-09-01').outputs.virtualNetworkName.value]" + }, + "subscriptionId": { + "value": "[parameters('subscriptionId')]" + } }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[[format('image-version-{0}', parameters('deploymentNameSuffix'))]", - "subscriptionId": "[[variables('subscriptionId')]", - "resourceGroup": "[[parameters('resourceGroupName')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" + "template": { + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "1081420821337659529" + } + }, + "parameters": { + "hubVirtualNetworkResourceId": { + "type": "string" }, - "mode": "Incremental", - "parameters": { - "computeGalleryImageResourceId": { - "value": "[[parameters('computeGalleryImageResourceId')]" - }, - "computeGalleryName": { - "value": "[[parameters('computeGalleryName')]" - }, - "excludeFromLatest": { - "value": "[[parameters('excludeFromLatest')]" - }, - "imageDefinitionName": { - "value": "[[parameters('imageDefinitionName')]" - }, - "imageVersionNumber": { - "value": "[[variables('autoImageVersion')]" - }, - "imageVirtualMachineResourceId": { - "value": "[[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('image-vm-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.resourceId.value]" - }, - "location": { - "value": "[[parameters('location')]" - }, - "marketplaceImageOffer": { - "value": "[[parameters('marketplaceImageOffer')]" - }, - "marketplaceImagePublisher": { - "value": "[[parameters('marketplaceImagePublisher')]" - }, - "replicaCount": { - "value": "[[parameters('replicaCount')]" - }, - "tags": { - "value": "[[parameters('tags')]" - } + "resourceGroupName": { + "type": "string" }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "5850341894374079914" - } - }, - "parameters": { - "allowDeletionOfReplicatedLocations": { - "type": "bool", - "defaultValue": true - }, - "computeGalleryName": { - "type": "string" - }, - "computeGalleryImageResourceId": { - "type": "string" - }, - "excludeFromLatest": { - "type": "bool" - }, - "imageDefinitionName": { - "type": "string" - }, - "imageVersionNumber": { - "type": "string" - }, - "imageVirtualMachineResourceId": { - "type": "string" - }, - "location": { - "type": "string" - }, - "marketplaceImageOffer": { - "type": "string" - }, - "marketplaceImagePublisher": { - "type": "string" - }, - "replicaCount": { - "type": "int" + "spokeName": { + "type": "string" + }, + "spokeVirtualNetworkName": { + "type": "string" + }, + "subscriptionId": { + "type": "string" + } + }, + "resources": [ + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-to-hub-vnet-peering', parameters('spokeName'))]", + "subscriptionId": "[parameters('subscriptionId')]", + "resourceGroup": "[parameters('resourceGroupName')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" }, - "tags": { - "type": "object" - } - }, - "resources": [ - { - "type": "Microsoft.Compute/galleries/images", - "apiVersion": "2022-03-03", - "name": "[[format('{0}/{1}', parameters('computeGalleryName'), parameters('imageDefinitionName'))]", - "location": "[[parameters('location')]", - "tags": "[[if(contains(parameters('tags'), 'Microsoft.Compute/galleries'), parameters('tags')['Microsoft.Compute/galleries'], createObject())]", - "properties": { - "architecture": "x64", - "features": [ - { - "name": "SecurityType", - "value": "TrustedLaunch" - } - ], - "hyperVGeneration": "V2", - "identifier": { - "offer": "[[if(empty(parameters('computeGalleryImageResourceId')), parameters('marketplaceImageOffer'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('computeGalleryImageResourceId'), '/')[2], split(parameters('computeGalleryImageResourceId'), '/')[4]), 'Microsoft.Compute/galleries/images', split(parameters('computeGalleryImageResourceId'), '/')[8], split(parameters('computeGalleryImageResourceId'), '/')[10]), '2022-03-03').identifier.offer)]", - "publisher": "[[if(empty(parameters('computeGalleryImageResourceId')), parameters('marketplaceImagePublisher'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('computeGalleryImageResourceId'), '/')[2], split(parameters('computeGalleryImageResourceId'), '/')[4]), 'Microsoft.Compute/galleries/images', split(parameters('computeGalleryImageResourceId'), '/')[8], split(parameters('computeGalleryImageResourceId'), '/')[10]), '2022-03-03').identifier.publisher)]", - "sku": "[[parameters('imageDefinitionName')]" - }, - "osState": "Generalized", - "osType": "Windows" + "mode": "Incremental", + "parameters": { + "remoteVirtualNetworkResourceId": { + "value": "[parameters('hubVirtualNetworkResourceId')]" + }, + "virtualNetworkName": { + "value": "[parameters('spokeVirtualNetworkName')]" + }, + "virtualNetworkPeerName": { + "value": "[format('to-{0}', split(parameters('hubVirtualNetworkResourceId'), '/')[8])]" } }, - { - "type": "Microsoft.Compute/galleries/images/versions", - "apiVersion": "2022-03-03", - "name": "[[format('{0}/{1}/{2}', parameters('computeGalleryName'), parameters('imageDefinitionName'), parameters('imageVersionNumber'))]", - "location": "[[parameters('location')]", - "tags": "[[if(contains(parameters('tags'), 'Microsoft.Compute/galleries'), parameters('tags')['Microsoft.Compute/galleries'], createObject())]", - "properties": { - "publishingProfile": { - "excludeFromLatest": "[[parameters('excludeFromLatest')]", - "replicaCount": "[[parameters('replicaCount')]", - "replicationMode": "Full", - "storageAccountType": "Standard_LRS", - "targetRegions": [ - { - "name": "[[parameters('location')]", - "regionalReplicaCount": "[[parameters('replicaCount')]", - "storageAccountType": "Standard_LRS" - } - ] + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "4225396596043462595" + } + }, + "parameters": { + "remoteVirtualNetworkResourceId": { + "type": "string" }, - "safetyProfile": { - "allowDeletionOfReplicatedLocations": "[[parameters('allowDeletionOfReplicatedLocations')]" + "virtualNetworkName": { + "type": "string" }, - "storageProfile": { - "source": { - "id": "[[parameters('imageVirtualMachineResourceId')]" - } + "virtualNetworkPeerName": { + "type": "string" } }, - "dependsOn": [ - "[[resourceId('Microsoft.Compute/galleries/images', parameters('computeGalleryName'), parameters('imageDefinitionName'))]" + "resources": [ + { + "type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings", + "apiVersion": "2021-02-01", + "name": "[format('{0}/{1}', parameters('virtualNetworkName'), parameters('virtualNetworkPeerName'))]", + "properties": { + "allowForwardedTraffic": true, + "remoteVirtualNetwork": { + "id": "[parameters('remoteVirtualNetworkResourceId')]" + } + } + } ] } - ], - "outputs": { - "imageDefinitionResourceId": { - "type": "string", - "value": "[[resourceId('Microsoft.Compute/galleries/images', parameters('computeGalleryName'), parameters('imageDefinitionName'))]" - } } } - }, - "dependsOn": [ - "[[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('generalize-vm-{0}', parameters('deploymentNameSuffix')))]", - "[[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('image-vm-{0}', parameters('deploymentNameSuffix')))]" ] + } + }, + "dependsOn": [ + "[subscriptionResourceId('Microsoft.Resources/deployments', 'spokeNetwork')]" + ] + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-vnet-peering-hub-{0}', parameters('deploymentNameSuffix'))]", + "location": "[deployment().location]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[[format('remove-vm-{0}', parameters('deploymentNameSuffix'))]", - "subscriptionId": "[[variables('subscriptionId')]", - "resourceGroup": "[[parameters('resourceGroupName')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" + "mode": "Incremental", + "parameters": { + "hubVirtualNetworkName": { + "value": "[split(parameters('hubVirtualNetworkResourceId'), '/')[8]]" + }, + "resourceGroupName": { + "value": "[split(parameters('hubVirtualNetworkResourceId'), '/')[4]]" + }, + "spokeName": { + "value": "[parameters('workloadName')]" + }, + "spokeVirtualNetworkResourceId": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', 'spokeNetwork'), '2022-09-01').outputs.virtualNetworkResourceId.value]" + }, + "subscriptionId": { + "value": "[split(parameters('hubVirtualNetworkResourceId'), '/')[2]]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "16991872399359859910" + } + }, + "parameters": { + "hubVirtualNetworkName": { + "type": "string" }, - "mode": "Incremental", - "parameters": { - "enableBuildAutomation": { - "value": "[[parameters('enableBuildAutomation')]" - }, - "imageVirtualMachineName": { - "value": "[[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('image-vm-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" - }, - "location": { - "value": "[[parameters('location')]" - }, - "tags": { - "value": "[[parameters('tags')]" - }, - "userAssignedIdentityClientId": { - "value": "[[parameters('userAssignedIdentityClientId')]" - }, - "virtualMachineName": "[[if(parameters('enableBuildAutomation'), createObject('value', parameters('managementVirtualMachineName')), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('management-vm-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value))]" + "resourceGroupName": { + "type": "string" }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "2352439563696964014" - } - }, - "parameters": { - "enableBuildAutomation": { - "type": "bool" - }, - "imageVirtualMachineName": { - "type": "string" - }, - "location": { - "type": "string", - "defaultValue": "[[resourceGroup().location]" - }, - "tags": { - "type": "object" + "spokeName": { + "type": "string" + }, + "spokeVirtualNetworkResourceId": { + "type": "string" + }, + "subscriptionId": { + "type": "string" + } + }, + "resources": [ + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('hub-to-{0}-vnet-peering', parameters('spokeName'))]", + "subscriptionId": "[parameters('subscriptionId')]", + "resourceGroup": "[parameters('resourceGroupName')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" }, - "userAssignedIdentityClientId": { - "type": "string" + "mode": "Incremental", + "parameters": { + "remoteVirtualNetworkResourceId": { + "value": "[parameters('spokeVirtualNetworkResourceId')]" + }, + "virtualNetworkName": { + "value": "[parameters('hubVirtualNetworkName')]" + }, + "virtualNetworkPeerName": { + "value": "[format('to-{0}', split(parameters('spokeVirtualNetworkResourceId'), '/')[8])]" + } }, - "virtualMachineName": { - "type": "string" - } - }, - "resources": [ - { - "type": "Microsoft.Compute/virtualMachines/runCommands", - "apiVersion": "2023-03-01", - "name": "[[format('{0}/{1}', parameters('virtualMachineName'), 'removeVirtualMachine')]", - "location": "[[parameters('location')]", - "tags": "[[if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), parameters('tags')['Microsoft.Compute/virtualMachines'], createObject())]", - "properties": { - "treatFailureAsDeploymentFailure": true, - "asyncExecution": "[[if(parameters('enableBuildAutomation'), false(), true())]", - "parameters": [ - { - "name": "EnableBuildAutomation", - "value": "[[string(parameters('enableBuildAutomation'))]" - }, - { - "name": "Environment", - "value": "[[environment().name]" - }, - { - "name": "ImageVmName", - "value": "[[parameters('imageVirtualMachineName')]" - }, - { - "name": "ManagementVmName", - "value": "[[parameters('virtualMachineName')]" - }, - { - "name": "ResourceGroupName", - "value": "[[resourceGroup().name]" - }, - { - "name": "SubscriptionId", - "value": "[[subscription().subscriptionId]" - }, - { - "name": "TenantId", - "value": "[[tenant().tenantId]" - }, - { - "name": "UserAssignedIdentityClientId", - "value": "[[parameters('userAssignedIdentityClientId')]" + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "4225396596043462595" + } + }, + "parameters": { + "remoteVirtualNetworkResourceId": { + "type": "string" + }, + "virtualNetworkName": { + "type": "string" + }, + "virtualNetworkPeerName": { + "type": "string" + } + }, + "resources": [ + { + "type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings", + "apiVersion": "2021-02-01", + "name": "[format('{0}/{1}', parameters('virtualNetworkName'), parameters('virtualNetworkPeerName'))]", + "properties": { + "allowForwardedTraffic": true, + "remoteVirtualNetwork": { + "id": "[parameters('remoteVirtualNetworkResourceId')]" + } } - ], - "source": { - "script": " param(\r\n [string]$EnableBuildAutomation,\r\n [string]$Environment,\r\n [string]$ImageVmName,\r\n [string]$ManagementVmName,\r\n [string]$ResourceGroupName,\r\n [string]$SubscriptionId,\r\n [string]$TenantId,\r\n [string]$UserAssignedIdentityClientId\r\n )\r\n $ErrorActionPreference = 'Stop'\r\n Connect-AzAccount -Environment $Environment -Tenant $TenantId -Subscription $SubscriptionId -Identity -AccountId $UserAssignedIdentityClientId | Out-Null\r\n Remove-AzVM -ResourceGroupName $ResourceGroupName -Name $ImageVmName -Force\r\n if($EnableBuildAutomation -eq 'false')\r\n {\r\n Remove-AzVM -ResourceGroupName $ResourceGroupName -Name $ManagementVmName -NoWait -Force -AsJob\r\n }\r\n " } - } + ] } - ] + } } - }, - "dependsOn": [ - "[[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('image-version-{0}', parameters('deploymentNameSuffix')))]", - "[[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('management-vm-{0}', parameters('deploymentNameSuffix')))]", - "[[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('image-vm-{0}', parameters('deploymentNameSuffix')))]" ] } - ], - "outputs": { - "imageDefinitionResourceId": { - "type": "string", - "value": "[[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('image-version-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.imageDefinitionResourceId.value]" - } - } - } - }, - "resources": [ - { - "type": "Microsoft.Resources/templateSpecs", - "apiVersion": "2022-02-01", - "name": "[format('ts-{0}', parameters('imageDefinitionName'))]", - "location": "[parameters('location')]", - "tags": "[if(contains(parameters('tags'), 'Microsoft.Resources/templateSpecs'), parameters('tags')['Microsoft.Resources/templateSpecs'], createObject())]", - "properties": { - "description": "[format('An automation runbook deploys a new image version for the \"{0}\" image definition from this template spec.', parameters('imageDefinitionName'))]", - "displayName": "[format('Zero Trust Image Build Automation: {0}', parameters('imageDefinitionName'))]" - } - }, - { - "type": "Microsoft.Resources/templateSpecs/versions", - "apiVersion": "2022-02-01", - "name": "[format('{0}/{1}', format('ts-{0}', parameters('imageDefinitionName')), '1.0')]", - "location": "[parameters('location')]", - "tags": "[if(contains(parameters('tags'), 'Microsoft.Resources/templateSpecs'), parameters('tags')['Microsoft.Resources/templateSpecs'], createObject())]", - "properties": { - "mainTemplate": "[variables('$fxv#0')]" - }, - "dependsOn": [ - "[resourceId('Microsoft.Resources/templateSpecs', format('ts-{0}', parameters('imageDefinitionName')))]" - ] + }, + "dependsOn": [ + "[subscriptionResourceId('Microsoft.Resources/deployments', 'spokeNetwork')]" + ] } ], "outputs": { - "resourceId": { + "networkSecurityGroupName": { + "type": "string", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', 'spokeNetwork'), '2022-09-01').outputs.networkSecurityGroupName.value]" + }, + "subnetResourceId": { + "type": "string", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', 'spokeNetwork'), '2022-09-01').outputs.subnetResourceId.value]" + }, + "virtualNetworkName": { "type": "string", - "value": "[resourceId('Microsoft.Resources/templateSpecs/versions', format('ts-{0}', parameters('imageDefinitionName')), '1.0')]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', 'spokeNetwork'), '2022-09-01').outputs.virtualNetworkName.value]" } } } - } + }, + "dependsOn": [ + "[subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]" + ] }, { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('management-vm-{0}', parameters('deploymentNameSuffix'))]", - "subscriptionId": "[parameters('subscriptionId')]", - "resourceGroup": "[parameters('resourceGroupName')]", + "name": "[format('deploy-cmk-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))]", + "location": "[deployment().location]", "properties": { "expressionEvaluationOptions": { "scope": "inner" }, "mode": "Incremental", "parameters": { - "containerName": { - "value": "[parameters('containerName')]" - }, - "diskEncryptionSetResourceId": { - "value": "[parameters('diskEncryptionSetResourceId')]" - }, - "hybridUseBenefit": { - "value": "[parameters('hybridUseBenefit')]" - }, - "localAdministratorPassword": { - "value": "[parameters('localAdministratorPassword')]" + "deploymentNameSuffix": { + "value": "[parameters('deploymentNameSuffix')]" }, - "localAdministratorUsername": { - "value": "[parameters('localAdministratorUsername')]" + "keyVaultPrivateDnsZoneResourceId": { + "value": "[resourceId(variables('hubSubscriptionId'), variables('hubResourceGroupName'), 'Microsoft.Network/privateDnsZones', replace(format('privatelink{0}', environment().suffixes.keyvaultDns), 'vault', 'vaultcore'))]" }, "location": { "value": "[parameters('location')]" }, - "storageAccountName": { - "value": "[split(parameters('storageAccountResourceId'), '/')[8]]" + "mlzTags": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.mlzTags.value]" + }, + "resourceGroupName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" }, "subnetResourceId": { - "value": "[parameters('subnetResourceId')]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.subnetResourceId.value]" }, "tags": { "value": "[parameters('tags')]" }, - "userAssignedIdentityPrincipalId": { - "value": "[parameters('userAssignedIdentityPrincipalId')]" - }, - "userAssignedIdentityResourceId": { - "value": "[parameters('userAssignedIdentityResourceId')]" + "tier": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value[0]]" }, - "virtualMachineName": { - "value": "[parameters('managementVirtualMachineName')]" + "tokens": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value]" } }, "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "12968919444807468891" + "version": "0.27.1.19265", + "templateHash": "7828233421610885078" } }, "parameters": { - "containerName": { + "deploymentNameSuffix": { "type": "string" }, - "diskEncryptionSetResourceId": { + "keyVaultPrivateDnsZoneResourceId": { "type": "string" }, - "hybridUseBenefit": { - "type": "bool" - }, - "localAdministratorPassword": { - "type": "securestring" - }, - "localAdministratorUsername": { - "type": "securestring" - }, "location": { "type": "string" }, - "storageAccountName": { + "mlzTags": { + "type": "object" + }, + "resourceGroupName": { "type": "string" }, "subnetResourceId": { @@ -17125,900 +15622,469 @@ "tags": { "type": "object" }, - "userAssignedIdentityPrincipalId": { - "type": "string" - }, - "userAssignedIdentityResourceId": { - "type": "string" + "tier": { + "type": "object" }, - "virtualMachineName": { - "type": "string" + "tokens": { + "type": "object" } }, "resources": [ { - "type": "Microsoft.Network/networkInterfaces", - "apiVersion": "2023-04-01", - "name": "[format('nic-{0}', parameters('virtualMachineName'))]", - "location": "[parameters('location')]", - "tags": "[if(contains(parameters('tags'), 'Microsoft.Network/networkInterfaces'), parameters('tags')['Microsoft.Network/networkInterfaces'], createObject())]", - "properties": { - "ipConfigurations": [ - { - "name": "ipconfig", - "properties": { - "privateIPAllocationMethod": "Dynamic", - "subnet": { - "id": "[parameters('subnetResourceId')]" - }, - "primary": true, - "privateIPAddressVersion": "IPv4" - } - } - ], - "enableAcceleratedNetworking": true, - "enableIPForwarding": false - } - }, - { - "type": "Microsoft.Compute/virtualMachines", - "apiVersion": "2022-03-01", - "name": "[parameters('virtualMachineName')]", - "location": "[parameters('location')]", - "tags": "[if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), parameters('tags')['Microsoft.Compute/virtualMachines'], createObject())]", - "identity": { - "type": "UserAssigned", - "userAssignedIdentities": { - "[format('{0}', parameters('userAssignedIdentityResourceId'))]": {} - } - }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))]", + "subscriptionId": "[parameters('tier').subscriptionId]", + "resourceGroup": "[parameters('resourceGroupName')]", "properties": { - "hardwareProfile": { - "vmSize": "Standard_D2s_v3" + "expressionEvaluationOptions": { + "scope": "inner" }, - "osProfile": { - "computerName": "[parameters('virtualMachineName')]", - "adminUsername": "[parameters('localAdministratorUsername')]", - "adminPassword": "[parameters('localAdministratorPassword')]", - "windowsConfiguration": { - "provisionVMAgent": true, - "enableAutomaticUpdates": true, - "patchSettings": { - "patchMode": "AutomaticByOS", - "assessmentMode": "ImageDefault" - } + "mode": "Incremental", + "parameters": { + "keyVaultName": { + "value": "[take(replace(parameters('tier').namingConvention.keyVault, parameters('tokens').service, ''), 24)]" + }, + "keyVaultNetworkInterfaceName": { + "value": "[replace(parameters('tier').namingConvention.keyVaultNetworkInterface, parameters('tokens').service, '')]" + }, + "keyVaultPrivateDnsZoneResourceId": { + "value": "[parameters('keyVaultPrivateDnsZoneResourceId')]" + }, + "keyVaultPrivateEndpointName": { + "value": "[replace(parameters('tier').namingConvention.keyVaultPrivateEndpoint, parameters('tokens').service, '')]" + }, + "location": { + "value": "[parameters('location')]" + }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, + "subnetResourceId": { + "value": "[parameters('subnetResourceId')]" + }, + "tags": { + "value": "[parameters('tags')]" } }, - "storageProfile": { - "imageReference": { - "publisher": "MicrosoftWindowsServer", - "offer": "WindowsServer", - "sku": "2019-datacenter-core-g2", - "version": "latest" + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "12300580845424356573" + } }, - "osDisk": { - "caching": "ReadWrite", - "createOption": "FromImage", - "deleteOption": "Delete", - "managedDisk": { - "diskEncryptionSet": { - "id": "[parameters('diskEncryptionSetResourceId')]" - }, - "storageAccountType": "Premium_LRS" + "parameters": { + "diskEncryptionKeyExpirationInDays": { + "type": "int", + "defaultValue": 30 }, - "name": "[format('disk-{0}', parameters('virtualMachineName'))]", - "osType": "Windows" - } - }, - "networkProfile": { - "networkInterfaces": [ + "keyVaultName": { + "type": "string" + }, + "keyVaultNetworkInterfaceName": { + "type": "string" + }, + "keyVaultPrivateDnsZoneResourceId": { + "type": "string" + }, + "keyVaultPrivateEndpointName": { + "type": "string" + }, + "location": { + "type": "string" + }, + "mlzTags": { + "type": "object" + }, + "subnetResourceId": { + "type": "string" + }, + "tags": { + "type": "object" + } + }, + "resources": [ { - "id": "[resourceId('Microsoft.Network/networkInterfaces', format('nic-{0}', parameters('virtualMachineName')))]", + "type": "Microsoft.KeyVault/vaults", + "apiVersion": "2022-07-01", + "name": "[parameters('keyVaultName')]", + "location": "[parameters('location')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.KeyVault/vaults'), parameters('tags')['Microsoft.KeyVault/vaults'], createObject()), parameters('mlzTags'))]", "properties": { - "deleteOption": "Delete" + "enabledForDeployment": false, + "enabledForDiskEncryption": true, + "enabledForTemplateDeployment": false, + "enablePurgeProtection": true, + "enableRbacAuthorization": true, + "enableSoftDelete": true, + "networkAcls": { + "bypass": "AzureServices", + "defaultAction": "Deny", + "ipRules": [], + "virtualNetworkRules": [] + }, + "publicNetworkAccess": "Disabled", + "sku": { + "family": "A", + "name": "standard" + }, + "softDeleteRetentionInDays": 7, + "tenantId": "[subscription().tenantId]" } + }, + { + "type": "Microsoft.Network/privateEndpoints", + "apiVersion": "2023-04-01", + "name": "[parameters('keyVaultPrivateEndpointName')]", + "location": "[parameters('location')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Network/privateEndpoints'), parameters('tags')['Microsoft.Network/privateEndpoints'], createObject()), parameters('mlzTags'))]", + "properties": { + "customNetworkInterfaceName": "[parameters('keyVaultNetworkInterfaceName')]", + "privateLinkServiceConnections": [ + { + "name": "[parameters('keyVaultPrivateEndpointName')]", + "properties": { + "privateLinkServiceId": "[resourceId('Microsoft.KeyVault/vaults', parameters('keyVaultName'))]", + "groupIds": [ + "vault" + ] + } + } + ], + "subnet": { + "id": "[parameters('subnetResourceId')]" + } + }, + "dependsOn": [ + "[resourceId('Microsoft.KeyVault/vaults', parameters('keyVaultName'))]" + ] + }, + { + "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups", + "apiVersion": "2021-08-01", + "name": "[format('{0}/{1}', parameters('keyVaultPrivateEndpointName'), parameters('keyVaultName'))]", + "properties": { + "privateDnsZoneConfigs": [ + { + "name": "ipconfig1", + "properties": { + "privateDnsZoneId": "[parameters('keyVaultPrivateDnsZoneResourceId')]" + } + } + ] + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/privateEndpoints', parameters('keyVaultPrivateEndpointName'))]" + ] + }, + { + "type": "Microsoft.KeyVault/vaults/keys", + "apiVersion": "2022-07-01", + "name": "[format('{0}/{1}', parameters('keyVaultName'), 'DiskEncryptionKey')]", + "properties": { + "attributes": { + "enabled": true + }, + "keySize": 4096, + "kty": "RSA", + "rotationPolicy": { + "attributes": { + "expiryTime": "[format('P{0}D', string(parameters('diskEncryptionKeyExpirationInDays')))]" + }, + "lifetimeActions": [ + { + "action": { + "type": "Notify" + }, + "trigger": { + "timeBeforeExpiry": "P10D" + } + }, + { + "action": { + "type": "Rotate" + }, + "trigger": { + "timeAfterCreate": "[format('P{0}D', string(sub(parameters('diskEncryptionKeyExpirationInDays'), 7)))]" + } + } + ] + } + }, + "dependsOn": [ + "[resourceId('Microsoft.KeyVault/vaults', parameters('keyVaultName'))]" + ] + }, + { + "type": "Microsoft.KeyVault/vaults/keys", + "apiVersion": "2022-07-01", + "name": "[format('{0}/{1}', parameters('keyVaultName'), 'StorageEncryptionKey')]", + "properties": { + "attributes": { + "enabled": true + }, + "keySize": 4096, + "kty": "RSA", + "rotationPolicy": { + "attributes": { + "expiryTime": "[format('P{0}D', string(parameters('diskEncryptionKeyExpirationInDays')))]" + }, + "lifetimeActions": [ + { + "action": { + "type": "Notify" + }, + "trigger": { + "timeBeforeExpiry": "P10D" + } + }, + { + "action": { + "type": "Rotate" + }, + "trigger": { + "timeAfterCreate": "[format('P{0}D', string(sub(parameters('diskEncryptionKeyExpirationInDays'), 7)))]" + } + } + ] + } + }, + "dependsOn": [ + "[resourceId('Microsoft.KeyVault/vaults', parameters('keyVaultName'))]" + ] + } + ], + "outputs": { + "keyUriWithVersion": { + "type": "string", + "value": "[reference(resourceId('Microsoft.KeyVault/vaults/keys', parameters('keyVaultName'), 'DiskEncryptionKey'), '2022-07-01').keyUriWithVersion]" + }, + "keyVaultResourceId": { + "type": "string", + "value": "[resourceId('Microsoft.KeyVault/vaults', parameters('keyVaultName'))]" + }, + "keyVaultName": { + "type": "string", + "value": "[parameters('keyVaultName')]" + }, + "keyVaultUri": { + "type": "string", + "value": "[reference(resourceId('Microsoft.KeyVault/vaults', parameters('keyVaultName')), '2022-07-01').vaultUri]" + }, + "storageKeyName": { + "type": "string", + "value": "StorageEncryptionKey" } - ] - }, - "diagnosticsProfile": { - "bootDiagnostics": { - "enabled": false } - }, - "securityProfile": { - "encryptionAtHost": true, - "uefiSettings": { - "secureBootEnabled": true, - "vTpmEnabled": true - }, - "securityType": "TrustedLaunch" - }, - "licenseType": "[if(parameters('hybridUseBenefit'), 'Windows_Server', null())]" - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/networkInterfaces', format('nic-{0}', parameters('virtualMachineName')))]" - ] + } + } }, { - "type": "Microsoft.Compute/virtualMachines/runCommands", - "apiVersion": "2023-03-01", - "name": "[format('{0}/{1}', parameters('virtualMachineName'), 'appAzModules')]", - "location": "[parameters('location')]", - "tags": "[if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), parameters('tags')['Microsoft.Compute/virtualMachines'], createObject())]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-disk-encryption-set-{0}', parameters('deploymentNameSuffix'))]", + "subscriptionId": "[parameters('tier').subscriptionId]", + "resourceGroup": "[parameters('resourceGroupName')]", "properties": { - "treatFailureAsDeploymentFailure": true, - "asyncExecution": false, - "parameters": [ - { - "name": "ContainerName", - "value": "[parameters('containerName')]" + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "deploymentNameSuffix": { + "value": "[parameters('deploymentNameSuffix')]" }, - { - "name": "StorageAccountName", - "value": "[parameters('storageAccountName')]" + "diskEncryptionSetName": { + "value": "[parameters('tier').namingConvention.diskEncryptionSet]" }, - { - "name": "StorageEndpoint", - "value": "[environment().suffixes.storage]" + "keyUrl": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyUriWithVersion.value]" }, - { - "name": "UserAssignedIdentityObjectId", - "value": "[parameters('userAssignedIdentityPrincipalId')]" - } - ], - "source": { - "script": " param(\r\n [string]$ContainerName,\r\n [string]$StorageAccountName,\r\n [string]$StorageEndpoint,\r\n [string]$UserAssignedIdentityObjectId\r\n )\r\n $ErrorActionPreference = \"Stop\"\r\n $StorageAccountUrl = \"https://\" + $StorageAccountName + \".blob.\" + $StorageEndpoint + \"/\"\r\n $TokenUri = \"http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=$StorageAccountUrl&object_id=$UserAssignedIdentityObjectId\"\r\n $AccessToken = ((Invoke-WebRequest -Headers @{Metadata=$true} -Uri $TokenUri -UseBasicParsing).Content | ConvertFrom-Json).access_token\r\n $BlobNames = @('az.accounts.2.12.1.nupkg','az.automation.1.9.0.nupkg','az.compute.5.7.0.nupkg','az.resources.6.6.0.nupkg')\r\n foreach($BlobName in $BlobNames)\r\n {\r\n do\r\n {\r\n try\r\n {\r\n Write-Output \"Download Attempt $i\"\r\n Invoke-WebRequest -Headers @{\"x-ms-version\"=\"2017-11-09\"; Authorization =\"Bearer $AccessToken\"} -Uri \"$StorageAccountUrl$ContainerName/$BlobName\" -OutFile \"$env:windir\\temp\\$BlobName\"\r\n }\r\n catch [System.Net.WebException]\r\n {\r\n Start-Sleep -Seconds 60\r\n $i++\r\n if($i -gt 10){throw}\r\n continue\r\n }\r\n catch\r\n {\r\n $Output = $_ | select *\r\n Write-Output $Output\r\n throw\r\n }\r\n }\r\n until(Test-Path -Path $env:windir\\temp\\$BlobName)\r\n Start-Sleep -Seconds 5\r\n Unblock-File -Path $env:windir\\temp\\$BlobName\r\n $BlobZipName = $Blobname.Replace('nupkg','zip')\r\n Rename-Item -Path $env:windir\\temp\\$BlobName -NewName $BlobZipName\r\n $BlobNameArray = $BlobName.Split('.')\r\n $ModuleFolderName = $BlobNameArray[0] + '.' + $BlobNameArray[1]\r\n $VersionFolderName = $BlobNameArray[2] + '.' + $BlobNameArray[3]+ '.' + $BlobNameArray[4]\r\n $ModulesDirectory = \"C:\\Program Files\\WindowsPowerShell\\Modules\"\r\n New-Item -Path $ModulesDirectory -Name $ModuleFolderName -ItemType \"Directory\" -Force\r\n Expand-Archive -Path $env:windir\\temp\\$BlobZipName -DestinationPath \"$ModulesDirectory\\$ModuleFolderName\\$VersionFolderName\" -Force\r\n Remove-Item -Path \"$ModulesDirectory\\$ModuleFolderName\\$VersionFolderName\\_rels\" -Force -Recurse\r\n Remove-Item -Path \"$ModulesDirectory\\$ModuleFolderName\\$VersionFolderName\\package\" -Force -Recurse\r\n Remove-Item -LiteralPath \"$ModulesDirectory\\$ModuleFolderName\\$VersionFolderName\\[Content_Types].xml\" -Force\r\n Remove-Item -Path \"$ModulesDirectory\\$ModuleFolderName\\$VersionFolderName\\$ModuleFolderName.nuspec\" -Force\r\n }\r\n Remove-Item -Path \"$env:windir\\temp\\az*\" -Force\r\n " - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachines', parameters('virtualMachineName'))]" - ] - } - ], - "outputs": { - "name": { - "type": "string", - "value": "[parameters('virtualMachineName')]" - } - } - } - } - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('automation-account-{0}', parameters('deploymentNameSuffix'))]", - "subscriptionId": "[parameters('subscriptionId')]", - "resourceGroup": "[parameters('resourceGroupName')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "arcGisProInstaller": { - "value": "[parameters('arcGisProInstaller')]" - }, - "actionGroupName": { - "value": "[parameters('actionGroupName')]" - }, - "automationAccountName": { - "value": "[parameters('automationAccountName')]" - }, - "automationAccountPrivateDnsZoneResourceId": { - "value": "[parameters('automationAccountPrivateDnsZoneResourceId')]" - }, - "computeGalleryImageResourceId": { - "value": "[parameters('computeGalleryImageResourceId')]" - }, - "computeGalleryResourceId": { - "value": "[parameters('computeGalleryResourceId')]" - }, - "containerName": { - "value": "[parameters('containerName')]" - }, - "customizations": { - "value": "[parameters('customizations')]" - }, - "deploymentNameSuffix": { - "value": "[parameters('deploymentNameSuffix')]" - }, - "diskEncryptionSetResourceId": { - "value": "[parameters('diskEncryptionSetResourceId')]" - }, - "distributionGroup": { - "value": "[parameters('distributionGroup')]" - }, - "domainJoinPassword": { - "value": "[parameters('domainJoinPassword')]" - }, - "domainJoinUserPrincipalName": { - "value": "[parameters('domainJoinUserPrincipalName')]" - }, - "domainName": { - "value": "[parameters('domainName')]" - }, - "enableBuildAutomation": { - "value": "[parameters('enableBuildAutomation')]" - }, - "excludeFromLatest": { - "value": "[parameters('excludeFromLatest')]" - }, - "hybridUseBenefit": { - "value": "[parameters('hybridUseBenefit')]" - }, - "imageDefinitionName": { - "value": "[parameters('imageDefinitionName')]" - }, - "imageMajorVersion": { - "value": "[parameters('imageMajorVersion')]" - }, - "imagePatchVersion": { - "value": "[parameters('imagePatchVersion')]" - }, - "imageVirtualMachineName": { - "value": "[parameters('imageVirtualMachineName')]" - }, - "installAccess": { - "value": "[parameters('installAccess')]" - }, - "installArcGisPro": { - "value": "[parameters('installArcGisPro')]" - }, - "installExcel": { - "value": "[parameters('installExcel')]" - }, - "installOneDrive": { - "value": "[parameters('installOneDrive')]" - }, - "installOneNote": { - "value": "[parameters('installOneNote')]" - }, - "installOutlook": { - "value": "[parameters('installOutlook')]" - }, - "installPowerPoint": { - "value": "[parameters('installPowerPoint')]" - }, - "installProject": { - "value": "[parameters('installProject')]" - }, - "installPublisher": { - "value": "[parameters('installPublisher')]" - }, - "installSkypeForBusiness": { - "value": "[parameters('installSkypeForBusiness')]" - }, - "installTeams": { - "value": "[parameters('installTeams')]" - }, - "installUpdates": { - "value": "[parameters('installUpdates')]" - }, - "installVirtualDesktopOptimizationTool": { - "value": "[parameters('installVirtualDesktopOptimizationTool')]" - }, - "installVisio": { - "value": "[parameters('installVisio')]" - }, - "installWord": { - "value": "[parameters('installWord')]" - }, - "keyVaultName": { - "value": "[parameters('keyVaultName')]" - }, - "location": { - "value": "[parameters('location')]" - }, - "logAnalyticsWorkspaceResourceId": { - "value": "[parameters('logAnalyticsWorkspaceResourceId')]" - }, - "managementVirtualMachineName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('management-vm-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" - }, - "marketplaceImageOffer": { - "value": "[parameters('marketplaceImageOffer')]" - }, - "marketplaceImagePublisher": { - "value": "[parameters('marketplaceImagePublisher')]" - }, - "marketplaceImageSKU": { - "value": "[parameters('marketplaceImageSKU')]" - }, - "msrdcwebrtcsvcInstaller": { - "value": "[parameters('msrdcwebrtcsvcInstaller')]" - }, - "officeInstaller": { - "value": "[parameters('officeInstaller')]" - }, - "oUPath": { - "value": "[parameters('oUPath')]" - }, - "replicaCount": { - "value": "[parameters('replicaCount')]" - }, - "resourceGroupName": { - "value": "[parameters('resourceGroupName')]" - }, - "sourceImageType": { - "value": "[parameters('sourceImageType')]" - }, - "storageAccountResourceId": { - "value": "[parameters('storageAccountResourceId')]" - }, - "subnetResourceId": { - "value": "[parameters('subnetResourceId')]" - }, - "tags": { - "value": "[parameters('tags')]" - }, - "teamsInstaller": { - "value": "[parameters('teamsInstaller')]" - }, - "templateSpecResourceId": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('template-spec-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.resourceId.value]" - }, - "timeZone": { - "value": "[parameters('timeZone')]" - }, - "updateService": { - "value": "[parameters('updateService')]" - }, - "userAssignedIdentityClientId": { - "value": "[parameters('userAssignedIdentityClientId')]" - }, - "userAssignedIdentityPrincipalId": { - "value": "[parameters('userAssignedIdentityPrincipalId')]" - }, - "userAssignedIdentityResourceId": { - "value": "[parameters('userAssignedIdentityResourceId')]" - }, - "vcRedistInstaller": { - "value": "[parameters('vcRedistInstaller')]" - }, - "vDOTInstaller": { - "value": "[parameters('vDOTInstaller')]" - }, - "virtualMachineSize": { - "value": "[parameters('virtualMachineSize')]" - }, - "wsusServer": { - "value": "[parameters('wsusServer')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "1975706033396141500" - } - }, - "parameters": { - "arcGisProInstaller": { - "type": "string" - }, - "actionGroupName": { - "type": "string" - }, - "automationAccountName": { - "type": "string" - }, - "automationAccountPrivateDnsZoneResourceId": { - "type": "string" - }, - "computeGalleryImageResourceId": { - "type": "string" - }, - "computeGalleryResourceId": { - "type": "string" - }, - "containerName": { - "type": "string" - }, - "customizations": { - "type": "array" - }, - "deploymentNameSuffix": { - "type": "string" - }, - "diskEncryptionSetResourceId": { - "type": "string" - }, - "distributionGroup": { - "type": "string" - }, - "domainJoinPassword": { - "type": "securestring" - }, - "domainJoinUserPrincipalName": { - "type": "string" - }, - "domainName": { - "type": "string" - }, - "enableBuildAutomation": { - "type": "bool" - }, - "excludeFromLatest": { - "type": "bool" - }, - "hybridUseBenefit": { - "type": "bool" - }, - "imageDefinitionName": { - "type": "string" - }, - "imageMajorVersion": { - "type": "int" - }, - "imagePatchVersion": { - "type": "int" - }, - "imageVirtualMachineName": { - "type": "string" - }, - "installAccess": { - "type": "bool" - }, - "installArcGisPro": { - "type": "bool" - }, - "installExcel": { - "type": "bool" - }, - "installOneDrive": { - "type": "bool" - }, - "installOneNote": { - "type": "bool" - }, - "installOutlook": { - "type": "bool" - }, - "installPowerPoint": { - "type": "bool" - }, - "installProject": { - "type": "bool" - }, - "installPublisher": { - "type": "bool" - }, - "installSkypeForBusiness": { - "type": "bool" - }, - "installTeams": { - "type": "bool" - }, - "installUpdates": { - "type": "bool" - }, - "installVirtualDesktopOptimizationTool": { - "type": "bool" - }, - "installVisio": { - "type": "bool" - }, - "installWord": { - "type": "bool" - }, - "keyVaultName": { - "type": "string" - }, - "jobScheduleName": { - "type": "string", - "defaultValue": "[newGuid()]" - }, - "location": { - "type": "string" - }, - "logAnalyticsWorkspaceResourceId": { - "type": "string" - }, - "managementVirtualMachineName": { - "type": "string" - }, - "marketplaceImageOffer": { - "type": "string" - }, - "marketplaceImagePublisher": { - "type": "string" - }, - "marketplaceImageSKU": { - "type": "string" - }, - "msrdcwebrtcsvcInstaller": { - "type": "string" - }, - "officeInstaller": { - "type": "string" - }, - "oUPath": { - "type": "string" - }, - "replicaCount": { - "type": "int" - }, - "resourceGroupName": { - "type": "string" - }, - "sourceImageType": { - "type": "string" - }, - "storageAccountResourceId": { - "type": "string" - }, - "subnetResourceId": { - "type": "string" - }, - "tags": { - "type": "object" - }, - "teamsInstaller": { - "type": "string" - }, - "templateSpecResourceId": { - "type": "string" - }, - "time": { - "type": "string", - "defaultValue": "[utcNow()]" - }, - "timeZone": { - "type": "string" - }, - "updateService": { - "type": "string" - }, - "userAssignedIdentityClientId": { - "type": "string" - }, - "userAssignedIdentityPrincipalId": { - "type": "string" - }, - "userAssignedIdentityResourceId": { - "type": "string" - }, - "vcRedistInstaller": { - "type": "string" - }, - "vDOTInstaller": { - "type": "string" - }, - "virtualMachineSize": { - "type": "string" - }, - "wsusServer": { - "type": "string" - } - }, - "variables": { - "parameters": { - "arcGisProInstaller": "[parameters('arcGisProInstaller')]", - "computeGalleryResourceId": "[parameters('computeGalleryResourceId')]", - "containerName": "[parameters('containerName')]", - "customizations": "[string(parameters('customizations'))]", - "diskEncryptionSetResourceId": "[parameters('diskEncryptionSetResourceId')]", - "enableBuildAutomation": "[string(parameters('enableBuildAutomation'))]", - "environmentName": "[environment().name]", - "excludeFromLatest": "[parameters('excludeFromLatest')]", - "hybridUseBenefit": "[parameters('hybridUseBenefit')]", - "imageDefinitionName": "[parameters('imageDefinitionName')]", - "imageMajorVersion": "[string(parameters('imageMajorVersion'))]", - "imagePatchVersion": "[string(parameters('imagePatchVersion'))]", - "imageVirtualMachineName": "[parameters('imageVirtualMachineName')]", - "installAccess": "[string(parameters('installAccess'))]", - "installArcGisPro": "[string(parameters('installArcGisPro'))]", - "installExcel": "[string(parameters('installExcel'))]", - "InstallOneDrive": "[string(parameters('installOneDrive'))]", - "installOneNote": "[string(parameters('installOneNote'))]", - "installOutlook": "[string(parameters('installOutlook'))]", - "installPowerPoint": "[string(parameters('installPowerPoint'))]", - "installProject": "[string(parameters('installProject'))]", - "installPublisher": "[string(parameters('installPublisher'))]", - "installSkypeForBusiness": "[string(parameters('installSkypeForBusiness'))]", - "installTeams": "[string(parameters('installTeams'))]", - "installUpdates": "[string(parameters('installUpdates'))]", - "installVirtualDesktopOptimizationTool": "[string(parameters('installVirtualDesktopOptimizationTool'))]", - "installVisio": "[string(parameters('installVisio'))]", - "installWord": "[string(parameters('installWord'))]", - "keyVaultName": "[parameters('keyVaultName')]", - "location": "[parameters('location')]", - "managementVirtualMachineName": "[parameters('managementVirtualMachineName')]", - "marketplaceImageOffer": "[parameters('marketplaceImageOffer')]", - "marketplaceImagePublisher": "[parameters('marketplaceImagePublisher')]", - "marketplaceImageSKU": "[parameters('marketplaceImageSKU')]", - "msrdcwebrtcsvcInstaller": "[parameters('msrdcwebrtcsvcInstaller')]", - "officeInstaller": "[parameters('officeInstaller')]", - "replicaCount": "[string(parameters('replicaCount'))]", - "resourceGroupName": "[parameters('resourceGroupName')]", - "computeGalleryImageResourceId": "[parameters('computeGalleryImageResourceId')]", - "sourceImageType": "[parameters('sourceImageType')]", - "storageAccountResourceId": "[parameters('storageAccountResourceId')]", - "subnetResourceId": "[parameters('subnetResourceId')]", - "subscriptionId": "[variables('subscriptionId')]", - "tags": "[string(parameters('tags'))]", - "teamsInstaller": "[parameters('teamsInstaller')]", - "templateSpecResourceId": "[parameters('templateSpecResourceId')]", - "tenantId": "[variables('tenantId')]", - "updateService": "[parameters('updateService')]", - "userAssignedIdentityClientId": "[parameters('userAssignedIdentityClientId')]", - "userAssignedIdentityPrincipalId": "[parameters('userAssignedIdentityPrincipalId')]", - "userAssignedIdentityResourceId": "[parameters('userAssignedIdentityResourceId')]", - "vcRedistInstaller": "[parameters('vcRedistInstaller')]", - "vDOTInstaller": "[parameters('vDOTInstaller')]", - "virtualMachineSize": "[parameters('virtualMachineSize')]", - "wsusServer": "[parameters('wsusServer')]" - }, - "privateEndpointName": "[format('pe-{0}', parameters('automationAccountName'))]", - "runbookName": "New-AzureZeroTrustImageBuild", - "storageEndpoint": "[environment().suffixes.storage]", - "subscriptionId": "[subscription().subscriptionId]", - "tenantId": "[subscription().tenantId]" - }, - "resources": [ - { - "type": "Microsoft.Automation/automationAccounts", - "apiVersion": "2022-08-08", - "name": "[parameters('automationAccountName')]", - "location": "[parameters('location')]", - "tags": "[if(contains(parameters('tags'), 'Microsoft.Automation/automationAccounts'), parameters('tags')['Microsoft.Automation/automationAccounts'], createObject())]", - "properties": { - "disableLocalAuth": false, - "publicNetworkAccess": false, - "sku": { - "name": "Basic" - }, - "encryption": { - "keySource": "Microsoft.Automation", - "identity": {} - } - } - }, - { - "type": "Microsoft.Network/privateEndpoints", - "apiVersion": "2023-05-01", - "name": "[variables('privateEndpointName')]", - "location": "[parameters('location')]", - "tags": "[if(contains(parameters('tags'), 'Microsoft.Network/privateEndpoints'), parameters('tags')['Microsoft.Network/privateEndpoints'], createObject())]", - "properties": { - "privateLinkServiceConnections": [ - { - "name": "[variables('privateEndpointName')]", - "id": "[resourceId('Microsoft.Network/privateEndpoints/privateLinkServiceConnections', variables('privateEndpointName'), variables('privateEndpointName'))]", - "properties": { - "privateLinkServiceId": "[resourceId('Microsoft.Automation/automationAccounts', parameters('automationAccountName'))]", - "groupIds": [ - "DSCAndHybridWorker" - ] - } - } - ], - "customNetworkInterfaceName": "[format('nic-{0}', parameters('automationAccountName'))]", - "subnet": { - "id": "[parameters('subnetResourceId')]" - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Automation/automationAccounts', parameters('automationAccountName'))]" - ] - }, - { - "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups", - "apiVersion": "2023-05-01", - "name": "[format('{0}/{1}', variables('privateEndpointName'), 'default')]", - "properties": { - "privateDnsZoneConfigs": [ - { - "name": "privatelink-azure-automation-net", - "properties": { - "privateDnsZoneId": "[parameters('automationAccountPrivateDnsZoneResourceId')]" - } - } - ] - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/privateEndpoints', variables('privateEndpointName'))]" - ] - }, - { - "type": "Microsoft.Compute/virtualMachines/runCommands", - "apiVersion": "2023-07-01", - "name": "[format('{0}/{1}', parameters('managementVirtualMachineName'), 'runbook')]", - "location": "[parameters('location')]", - "tags": "[if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), parameters('tags')['Microsoft.Compute/virtualMachines'], createObject())]", - "properties": { - "treatFailureAsDeploymentFailure": true, - "asyncExecution": false, - "parameters": [ - { - "name": "AutomationAccountName", - "value": "[parameters('automationAccountName')]" - }, - { - "name": "ContainerName", - "value": "[parameters('containerName')]" - }, - { - "name": "Environment", - "value": "[environment().name]" - }, - { - "name": "ResourceGroupName", - "value": "[resourceGroup().name]" - }, - { - "name": "RunbookName", - "value": "[variables('runbookName')]" - }, - { - "name": "StorageAccountName", - "value": "[split(parameters('storageAccountResourceId'), '/')[8]]" + "keyVaultResourceId": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultResourceId.value]" }, - { - "name": "StorageEndpoint", - "value": "[variables('storageEndpoint')]" + "location": { + "value": "[parameters('location')]" }, - { - "name": "SubscriptionId", - "value": "[subscription().subscriptionId]" + "mlzTags": { + "value": "[parameters('mlzTags')]" }, - { - "name": "TenantId", - "value": "[tenant().tenantId]" + "tags": "[if(contains(parameters('tags'), 'Microsoft.Compute/diskEncryptionSets'), createObject('value', parameters('tags')['Microsoft.Compute/diskEncryptionSets']), createObject('value', createObject()))]" + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "15986878026863280024" + } }, - { - "name": "UserAssignedIdentityClientId", - "value": "[parameters('userAssignedIdentityClientId')]" + "parameters": { + "deploymentNameSuffix": { + "type": "string" + }, + "diskEncryptionSetName": { + "type": "string" + }, + "keyUrl": { + "type": "string" + }, + "keyVaultResourceId": { + "type": "string" + }, + "location": { + "type": "string" + }, + "mlzTags": { + "type": "object" + }, + "tags": { + "type": "object" + } }, - { - "name": "UserAssignedIdentityObjectId", - "value": "[parameters('userAssignedIdentityPrincipalId')]" + "resources": [ + { + "type": "Microsoft.Compute/diskEncryptionSets", + "apiVersion": "2023-04-02", + "name": "[parameters('diskEncryptionSetName')]", + "location": "[parameters('location')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Compute/diskEncryptionSets'), parameters('tags')['Microsoft.Compute/diskEncryptionSets'], createObject()), parameters('mlzTags'))]", + "identity": { + "type": "SystemAssigned" + }, + "properties": { + "activeKey": { + "sourceVault": { + "id": "[parameters('keyVaultResourceId')]" + }, + "keyUrl": "[parameters('keyUrl')]" + }, + "encryptionType": "EncryptionAtRestWithPlatformAndCustomerKeys", + "rotationToLatestKeyVersionEnabled": true + } + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('assign-role-disk-encryption-set-ops-{0}', parameters('deploymentNameSuffix'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "principalId": { + "value": "[reference(resourceId('Microsoft.Compute/diskEncryptionSets', parameters('diskEncryptionSetName')), '2023-04-02', 'full').identity.principalId]" + }, + "principalType": { + "value": "ServicePrincipal" + }, + "roleDefinitionId": { + "value": "[resourceId('Microsoft.Authorization/roleDefinitions', 'e147488a-f6f5-4113-8e2d-b22465e65bf6')]" + }, + "targetResourceId": { + "value": "[resourceGroup().id]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "6383470207031311407" + } + }, + "parameters": { + "targetResourceId": { + "type": "string" + }, + "roleDefinitionId": { + "type": "string" + }, + "principalId": { + "type": "string" + }, + "principalType": { + "type": "string", + "defaultValue": "ServicePrincipal", + "allowedValues": [ + "ForeignGroup", + "Group", + "ServicePrincipal", + "User" + ] + }, + "description": { + "type": "string", + "defaultValue": "" + } + }, + "resources": [ + { + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2020-04-01-preview", + "name": "[guid(parameters('targetResourceId'), parameters('roleDefinitionId'), parameters('principalId'))]", + "properties": { + "principalId": "[parameters('principalId')]", + "principalType": "[parameters('principalType')]", + "roleDefinitionId": "[parameters('roleDefinitionId')]", + "description": "[parameters('description')]" + } + } + ] + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Compute/diskEncryptionSets', parameters('diskEncryptionSetName'))]" + ] + } + ], + "outputs": { + "resourceId": { + "type": "string", + "value": "[resourceId('Microsoft.Compute/diskEncryptionSets', parameters('diskEncryptionSetName'))]" + } } - ], - "source": { - "script": " param (\r\n [string]$AutomationAccountName,\r\n [string]$ContainerName,\r\n [string]$Environment,\r\n [string]$ResourceGroupName,\r\n [string]$RunbookName,\r\n [string]$StorageAccountName,\r\n [string]$StorageEndpoint,\r\n [string]$SubscriptionId,\r\n [string]$TenantId,\r\n [string]$UserAssignedIdentityClientId,\r\n [string]$UserAssignedIdentityObjectId\r\n )\r\n $ErrorActionPreference = 'Stop'\r\n $WarningPreference = 'SilentlyContinue'\r\n $BlobName = 'New-AzureZeroTrustImageBuild.ps1'\r\n $StorageAccountUrl = \"https://\" + $StorageAccountName + \".blob.\" + $StorageEndpoint + \"/\"\r\n $TokenUri = \"http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=$StorageAccountUrl&object_id=$UserAssignedIdentityObjectId\"\r\n $AccessToken = ((Invoke-WebRequest -Headers @{Metadata=$true} -Uri $TokenUri -UseBasicParsing).Content | ConvertFrom-Json).access_token\r\n $File = \"$env:windir\\temp\\$BlobName\"\r\n do\r\n {\r\n try\r\n {\r\n Write-Output \"Download Attempt $i\"\r\n Invoke-WebRequest -Headers @{\"x-ms-version\"=\"2017-11-09\"; Authorization =\"Bearer $AccessToken\"} -Uri \"$StorageAccountUrl$ContainerName/$BlobName\" -OutFile $File\r\n }\r\n catch [System.Net.WebException]\r\n {\r\n Start-Sleep -Seconds 60\r\n $i++\r\n if($i -gt 10){throw}\r\n continue\r\n }\r\n catch\r\n {\r\n $Output = $_ | select *\r\n Write-Output $Output\r\n throw\r\n }\r\n }\r\n until(Test-Path -Path $File)\r\n Connect-AzAccount -Environment $Environment -Tenant $TenantId -Subscription $SubscriptionId -Identity -AccountId $UserAssignedIdentityClientId | Out-Null\r\n Import-AzAutomationRunbook -Name $RunbookName -Path $File -Type PowerShell -AutomationAccountName $AutomationAccountName -ResourceGroupName $ResourceGroupName -Published -Force | Out-Null\r\n " - } - } - }, - { - "type": "Microsoft.Automation/automationAccounts/schedules", - "apiVersion": "2022-08-08", - "name": "[format('{0}/{1}', parameters('automationAccountName'), parameters('imageDefinitionName'))]", - "properties": { - "frequency": "Day", - "interval": 1, - "startTime": "[dateTimeAdd(parameters('time'), 'P1D')]", - "timeZone": "[parameters('timeZone')]" - }, - "dependsOn": [ - "[resourceId('Microsoft.Automation/automationAccounts', parameters('automationAccountName'))]" - ] - }, - { - "type": "Microsoft.Automation/automationAccounts/jobSchedules", - "apiVersion": "2022-08-08", - "name": "[format('{0}/{1}', parameters('automationAccountName'), parameters('jobScheduleName'))]", - "properties": { - "parameters": { - "parameters": "[replace(string(variables('parameters')), '\"', '\\\"')]" - }, - "runbook": { - "name": "[variables('runbookName')]" - }, - "runOn": "Zero Trust Image Build Automation", - "schedule": { - "name": "[parameters('imageDefinitionName')]" - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Automation/automationAccounts', parameters('automationAccountName'))]", - "[resourceId('Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups', parameters('automationAccountName'), 'Zero Trust Image Build Automation')]", - "[resourceId('Microsoft.Compute/virtualMachines/runCommands', parameters('managementVirtualMachineName'), 'runbook')]", - "[resourceId('Microsoft.Automation/automationAccounts/schedules', parameters('automationAccountName'), parameters('imageDefinitionName'))]" - ] - }, - { - "type": "Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups", - "apiVersion": "2022-08-08", - "name": "[format('{0}/{1}', parameters('automationAccountName'), 'Zero Trust Image Build Automation')]", - "dependsOn": [ - "[resourceId('Microsoft.Automation/automationAccounts', parameters('automationAccountName'))]" - ] - }, - { - "type": "Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/hybridRunbookWorkers", - "apiVersion": "2022-08-08", - "name": "[format('{0}/{1}/{2}', parameters('automationAccountName'), 'Zero Trust Image Build Automation', guid(resourceId('Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups', parameters('automationAccountName'), 'Zero Trust Image Build Automation')))]", - "properties": { - "vmResourceId": "[resourceId('Microsoft.Compute/virtualMachines', parameters('managementVirtualMachineName'))]" - }, - "dependsOn": [ - "[resourceId('Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups', parameters('automationAccountName'), 'Zero Trust Image Build Automation')]", - "[resourceId('Microsoft.Compute/virtualMachines/runCommands', parameters('managementVirtualMachineName'), 'runbook')]" - ] - }, - { - "type": "Microsoft.Compute/virtualMachines/extensions", - "apiVersion": "2022-03-01", - "name": "[format('{0}/{1}', parameters('managementVirtualMachineName'), 'HybridWorkerForWindows')]", - "location": "[parameters('location')]", - "tags": "[if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), parameters('tags')['Microsoft.Compute/virtualMachines'], createObject())]", - "properties": { - "publisher": "Microsoft.Azure.Automation.HybridWorker", - "type": "HybridWorkerForWindows", - "typeHandlerVersion": "1.1", - "autoUpgradeMinorVersion": true, - "enableAutomaticUpgrade": true, - "settings": { - "AutomationAccountURL": "[reference(resourceId('Microsoft.Automation/automationAccounts', parameters('automationAccountName')), '2022-08-08').automationHybridServiceUrl]" - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Automation/automationAccounts', parameters('automationAccountName'))]", - "[resourceId('Microsoft.Compute/virtualMachines/runCommands', parameters('managementVirtualMachineName'), 'runbook')]" - ] - }, - { - "condition": "[and(and(not(empty(parameters('domainJoinUserPrincipalName'))), not(empty(parameters('domainName')))), not(empty(parameters('oUPath'))))]", - "type": "Microsoft.Compute/virtualMachines/extensions", - "apiVersion": "2021-03-01", - "name": "[format('{0}/{1}', parameters('managementVirtualMachineName'), 'JsonADDomainExtension')]", - "location": "[parameters('location')]", - "tags": "[if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), parameters('tags')['Microsoft.Compute/virtualMachines'], createObject())]", - "properties": { - "forceUpdateTag": "[parameters('time')]", - "publisher": "Microsoft.Compute", - "type": "JsonADDomainExtension", - "typeHandlerVersion": "1.3", - "autoUpgradeMinorVersion": true, - "settings": { - "Name": "[parameters('domainName')]", - "User": "[parameters('domainJoinUserPrincipalName')]", - "Restart": "true", - "Options": "3", - "OUPath": "[parameters('oUPath')]" - }, - "protectedSettings": { - "Password": "[parameters('domainJoinPassword')]" } }, "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('managementVirtualMachineName'), 'HybridWorkerForWindows')]", - "[resourceId('Microsoft.Compute/virtualMachines/runCommands', parameters('managementVirtualMachineName'), 'runbook')]" + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix')))]" ] }, { - "condition": "[and(and(not(empty(parameters('logAnalyticsWorkspaceResourceId'))), not(empty(parameters('distributionGroup')))), not(empty(parameters('actionGroupName'))))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('monitoring-{0}', parameters('deploymentNameSuffix'))]", + "name": "[format('deploy-user-assigned-identity-{0}', parameters('deploymentNameSuffix'))]", + "subscriptionId": "[parameters('tier').subscriptionId]", + "resourceGroup": "[parameters('resourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" }, "mode": "Incremental", "parameters": { - "actionGroupName": { - "value": "[parameters('actionGroupName')]" - }, - "automationAccountName": { - "value": "[parameters('automationAccountName')]" - }, - "distributionGroup": { - "value": "[parameters('distributionGroup')]" + "keyVaultName": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultName.value]" }, "location": { "value": "[parameters('location')]" }, - "logAnalyticsWorkspaceResourceId": { - "value": "[parameters('logAnalyticsWorkspaceResourceId')]" + "mlzTags": { + "value": "[parameters('mlzTags')]" }, "tags": { "value": "[parameters('tags')]" + }, + "userAssignedIdentityName": { + "value": "[replace(parameters('tier').namingConvention.userAssignedIdentity, format('-{0}', parameters('tokens').service), '')]" } }, "template": { @@ -18027,4366 +16093,1206 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "2083337980389295324" + "version": "0.27.1.19265", + "templateHash": "6007785905664733866" } }, "parameters": { - "actionGroupName": { - "type": "string" - }, - "automationAccountName": { - "type": "string" - }, - "distributionGroup": { + "keyVaultName": { "type": "string" }, "location": { "type": "string" }, - "logAnalyticsWorkspaceResourceId": { - "type": "string" + "mlzTags": { + "type": "object" }, "tags": { "type": "object" + }, + "userAssignedIdentityName": { + "type": "string" } }, - "variables": { - "alerts": [ - { - "name": "[format('Zero Trust Image Build - Failure ({0})', parameters('automationAccountName'))]", - "description": "Sends an error alert when the runbook build fails.", - "severity": 0, - "evaluationFrequency": "PT5M", - "windowSize": "PT5M", - "criteria": { - "allOf": [ - { - "query": "AzureDiagnostics\n| where ResourceProvider == \"MICROSOFT.AUTOMATION\"\n| where Category == \"JobStreams\"\n| where ResultDescription has \"Image build failed\"", - "timeAggregation": "Count", - "dimensions": [ - { - "name": "ResultDescription", - "operator": "Include", - "values": [ - "*" - ] - } - ], - "operator": "GreaterThanOrEqual", - "threshold": 1, - "failingPeriods": { - "numberOfEvaluationPeriods": 1, - "minFailingPeriodsToAlert": 1 - } - } - ] - } - }, - { - "name": "[format('Zero Trust Image Build - Success ({0})', parameters('automationAccountName'))]", - "description": "Sends an informational alert when the runbook build succeeds.", - "severity": 3, - "evaluationFrequency": "PT5M", - "windowSize": "PT5M", - "criteria": { - "allOf": [ - { - "query": "AzureDiagnostics\n| where ResourceProvider == \"MICROSOFT.AUTOMATION\"\n| where Category == \"JobStreams\"\n| where ResultDescription has \"Image build succeeded\"", - "timeAggregation": "Count", - "dimensions": [ - { - "name": "ResultDescription", - "operator": "Include", - "values": [ - "*" - ] - } - ], - "operator": "GreaterThanOrEqual", - "threshold": 1, - "failingPeriods": { - "numberOfEvaluationPeriods": 1, - "minFailingPeriodsToAlert": 1 - } - } - ] - } - } - ] - }, "resources": [ { - "type": "Microsoft.Insights/diagnosticSettings", - "apiVersion": "2017-05-01-preview", - "scope": "[format('Microsoft.Automation/automationAccounts/{0}', parameters('automationAccountName'))]", - "name": "[format('diag-{0}', parameters('automationAccountName'))]", - "properties": { - "logs": [ - { - "category": "JobLogs", - "enabled": true - }, - { - "category": "JobStreams", - "enabled": true - } - ], - "workspaceId": "[parameters('logAnalyticsWorkspaceResourceId')]" - } - }, - { - "condition": "[and(not(empty(parameters('actionGroupName'))), not(empty(parameters('distributionGroup'))))]", - "type": "Microsoft.Insights/actionGroups", - "apiVersion": "2022-06-01", - "name": "[parameters('actionGroupName')]", - "location": "global", - "tags": "[if(contains(parameters('tags'), 'Microsoft.Insights/actionGroups'), parameters('tags')['Microsoft.Insights/actionGroups'], createObject())]", - "properties": { - "emailReceivers": [ - { - "emailAddress": "[parameters('distributionGroup')]", - "name": "[parameters('distributionGroup')]", - "useCommonAlertSchema": true - } - ], - "enabled": true, - "groupShortName": "Image Builds" - } + "type": "Microsoft.ManagedIdentity/userAssignedIdentities", + "apiVersion": "2018-11-30", + "name": "[parameters('userAssignedIdentityName')]", + "location": "[parameters('location')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.ManagedIdentity/userAssignedIdentities'), parameters('tags')['Microsoft.ManagedIdentity/userAssignedIdentities'], createObject()), parameters('mlzTags'))]" }, { - "copy": { - "name": "scheduledQueryRules", - "count": "[length(range(0, length(variables('alerts'))))]" - }, - "condition": "[and(not(empty(parameters('actionGroupName'))), not(empty(parameters('logAnalyticsWorkspaceResourceId'))))]", - "type": "Microsoft.Insights/scheduledQueryRules", - "apiVersion": "2022-06-15", - "name": "[variables('alerts')[range(0, length(variables('alerts')))[copyIndex()]].name]", - "location": "[parameters('location')]", - "tags": "[if(contains(parameters('tags'), 'Microsoft.Insights/scheduledQueryRules'), parameters('tags')['Microsoft.Insights/scheduledQueryRules'], createObject())]", - "kind": "LogAlert", + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2020-04-01-preview", + "scope": "[format('Microsoft.KeyVault/vaults/{0}', parameters('keyVaultName'))]", + "name": "[guid(parameters('userAssignedIdentityName'), 'e147488a-f6f5-4113-8e2d-b22465e65bf6', parameters('keyVaultName'))]", "properties": { - "actions": { - "actionGroups": [ - "[resourceId('Microsoft.Insights/actionGroups', parameters('actionGroupName'))]" - ] - }, - "autoMitigate": false, - "skipQueryValidation": false, - "criteria": "[variables('alerts')[range(0, length(variables('alerts')))[copyIndex()]].criteria]", - "description": "[variables('alerts')[range(0, length(variables('alerts')))[copyIndex()]].description]", - "displayName": "[variables('alerts')[range(0, length(variables('alerts')))[copyIndex()]].name]", - "enabled": true, - "evaluationFrequency": "[variables('alerts')[range(0, length(variables('alerts')))[copyIndex()]].evaluationFrequency]", - "severity": "[variables('alerts')[range(0, length(variables('alerts')))[copyIndex()]].severity]", - "windowSize": "[variables('alerts')[range(0, length(variables('alerts')))[copyIndex()]].windowSize]", - "scopes": [ - "[parameters('logAnalyticsWorkspaceResourceId')]" - ] + "principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('userAssignedIdentityName')), '2018-11-30').principalId]", + "principalType": "ServicePrincipal", + "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', 'e147488a-f6f5-4113-8e2d-b22465e65bf6')]" }, "dependsOn": [ - "[resourceId('Microsoft.Insights/actionGroups', parameters('actionGroupName'))]" + "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('userAssignedIdentityName'))]" ] } - ] + ], + "outputs": { + "resourceId": { + "type": "string", + "value": "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('userAssignedIdentityName'))]" + } + } } }, "dependsOn": [ - "[resourceId('Microsoft.Automation/automationAccounts', parameters('automationAccountName'))]" + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix')))]" ] } - ] + ], + "outputs": { + "diskEncryptionSetResourceId": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-disk-encryption-set-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.resourceId.value]" + }, + "keyVaultName": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultName.value]" + }, + "keyVaultUri": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultUri.value]" + }, + "keyVaultResourceId": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultResourceId.value]" + }, + "storageKeyName": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.storageKeyName.value]" + }, + "userAssignedIdentityResourceId": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-user-assigned-identity-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.resourceId.value]" + } + } } }, "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('management-vm-{0}', parameters('deploymentNameSuffix')))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('template-spec-{0}', parameters('deploymentNameSuffix')))]" + "[subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]" ] - } - ] - } - }, - "dependsOn": [ - "[subscriptionResourceId('Microsoft.Resources/deployments', format('baseline-{0}', parameters('deploymentNameSuffix')))]", - "[subscriptionResourceId('Microsoft.Resources/deployments', format('tier3-{0}', parameters('deploymentNameSuffix')))]" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('image-build-{0}', parameters('deploymentNameSuffix'))]", - "location": "[deployment().location]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "arcGisProInstaller": { - "value": "[parameters('arcGisProInstaller')]" - }, - "computeGalleryImageResourceId": { - "value": "[parameters('computeGalleryImageResourceId')]" - }, - "computeGalleryName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('tier3-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.network.value.computeGalleryName]" - }, - "containerName": { - "value": "[parameters('containerName')]" - }, - "customizations": { - "value": "[parameters('customizations')]" - }, - "deploymentNameSuffix": { - "value": "[parameters('deploymentNameSuffix')]" - }, - "diskEncryptionSetResourceId": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('tier3-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.diskEncryptionSetResourceId.value]" - }, - "enableBuildAutomation": { - "value": "[parameters('enableBuildAutomation')]" - }, - "excludeFromLatest": { - "value": "[parameters('excludeFromLatest')]" - }, - "hybridUseBenefit": { - "value": "[parameters('hybridUseBenefit')]" - }, - "imageDefinitionName": { - "value": "[variables('imageDefinitionName')]" - }, - "imageMajorVersion": { - "value": "[parameters('imageMajorVersion')]" - }, - "imagePatchVersion": { - "value": "[parameters('imagePatchVersion')]" - }, - "imageVirtualMachineName": { - "value": "[replace(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('tier3-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.network.value.windowsVmName, reference(subscriptionResourceId('Microsoft.Resources/deployments', format('tier3-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value.service, 'bd')]" - }, - "installAccess": { - "value": "[parameters('installAccess')]" - }, - "installArcGisPro": { - "value": "[parameters('installArcGisPro')]" - }, - "installExcel": { - "value": "[parameters('installExcel')]" - }, - "installOneDrive": { - "value": "[parameters('installOneDrive')]" - }, - "installOneNote": { - "value": "[parameters('installOneNote')]" - }, - "installOutlook": { - "value": "[parameters('installOutlook')]" - }, - "installPowerPoint": { - "value": "[parameters('installPowerPoint')]" - }, - "installProject": { - "value": "[parameters('installProject')]" - }, - "installPublisher": { - "value": "[parameters('installPublisher')]" - }, - "installSkypeForBusiness": { - "value": "[parameters('installSkypeForBusiness')]" - }, - "installTeams": { - "value": "[parameters('installTeams')]" - }, - "installUpdates": { - "value": "[parameters('installUpdates')]" - }, - "installVirtualDesktopOptimizationTool": { - "value": "[parameters('installVirtualDesktopOptimizationTool')]" - }, - "installVisio": { - "value": "[parameters('installVisio')]" - }, - "installWord": { - "value": "[parameters('installWord')]" - }, - "keyVaultName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('tier3-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.network.value.keyVaultName]" - }, - "localAdministratorPassword": { - "value": "[parameters('localAdministratorPassword')]" - }, - "localAdministratorUsername": { - "value": "[parameters('localAdministratorUsername')]" - }, - "location": { - "value": "[parameters('location')]" - }, - "managementVirtualMachineName": { - "value": "[replace(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('tier3-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.network.value.windowsVmName, reference(subscriptionResourceId('Microsoft.Resources/deployments', format('tier3-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value.service, 'mg')]" - }, - "marketplaceImageOffer": { - "value": "[parameters('marketplaceImageOffer')]" - }, - "marketplaceImagePublisher": { - "value": "[parameters('marketplaceImagePublisher')]" - }, - "marketplaceImageSKU": { - "value": "[parameters('marketplaceImageSKU')]" - }, - "msrdcwebrtcsvcInstaller": { - "value": "[parameters('msrdcwebrtcsvcInstaller')]" - }, - "officeInstaller": { - "value": "[parameters('officeInstaller')]" - }, - "replicaCount": { - "value": "[parameters('replicaCount')]" - }, - "resourceGroupName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('tier3-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.network.value.resourceGroupName]" - }, - "sourceImageType": { - "value": "[parameters('sourceImageType')]" - }, - "storageAccountResourceId": { - "value": "[parameters('storageAccountResourceId')]" - }, - "subnetResourceId": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('tier3-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.subnetResourceId.value]" - }, - "tags": { - "value": "[variables('calculatedTags')]" - }, - "teamsInstaller": { - "value": "[parameters('teamsInstaller')]" - }, - "updateService": { - "value": "[parameters('updateService')]" - }, - "userAssignedIdentityClientId": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('baseline-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.userAssignedIdentityClientId.value]" - }, - "userAssignedIdentityPrincipalId": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('baseline-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.userAssignedIdentityPrincipalId.value]" - }, - "userAssignedIdentityResourceId": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('baseline-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.userAssignedIdentityResourceId.value]" - }, - "vcRedistInstaller": { - "value": "[parameters('vcRedistInstaller')]" - }, - "vDOTInstaller": { - "value": "[parameters('vDOTInstaller')]" - }, - "virtualMachineSize": { - "value": "[parameters('virtualMachineSize')]" - }, - "wsusServer": { - "value": "[parameters('wsusServer')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "9174134663226790442" - } - }, - "parameters": { - "arcGisProInstaller": { - "type": "string", - "defaultValue": "" - }, - "computeGalleryImageResourceId": { - "type": "string", - "defaultValue": "" - }, - "computeGalleryName": { - "type": "string" - }, - "containerName": { - "type": "string" - }, - "customizations": { - "type": "array", - "defaultValue": [] - }, - "deploymentNameSuffix": { - "type": "string", - "defaultValue": "[utcNow('yyMMddHHs')]" - }, - "diskEncryptionSetResourceId": { - "type": "string" - }, - "enableBuildAutomation": { - "type": "bool", - "defaultValue": false - }, - "excludeFromLatest": { - "type": "bool", - "defaultValue": true - }, - "hybridUseBenefit": { - "type": "bool", - "defaultValue": false - }, - "imageDefinitionName": { - "type": "string" - }, - "imageMajorVersion": { - "type": "int" - }, - "imagePatchVersion": { - "type": "int" - }, - "imageVirtualMachineName": { - "type": "string" - }, - "installAccess": { - "type": "bool", - "defaultValue": false - }, - "installArcGisPro": { - "type": "bool", - "defaultValue": false - }, - "installExcel": { - "type": "bool", - "defaultValue": false - }, - "installOneDrive": { - "type": "bool", - "defaultValue": false - }, - "installOneNote": { - "type": "bool", - "defaultValue": false - }, - "installOutlook": { - "type": "bool", - "defaultValue": false - }, - "installPowerPoint": { - "type": "bool", - "defaultValue": false - }, - "installProject": { - "type": "bool", - "defaultValue": false - }, - "installPublisher": { - "type": "bool", - "defaultValue": false - }, - "installSkypeForBusiness": { - "type": "bool", - "defaultValue": false - }, - "installTeams": { - "type": "bool", - "defaultValue": false - }, - "installUpdates": { - "type": "bool", - "defaultValue": false - }, - "installVirtualDesktopOptimizationTool": { - "type": "bool", - "defaultValue": false - }, - "installVisio": { - "type": "bool", - "defaultValue": false - }, - "installWord": { - "type": "bool", - "defaultValue": false - }, - "keyVaultName": { - "type": "string" - }, - "localAdministratorPassword": { - "type": "securestring", - "defaultValue": "" - }, - "localAdministratorUsername": { - "type": "securestring", - "defaultValue": "" - }, - "location": { - "type": "string", - "defaultValue": "[deployment().location]" - }, - "managementVirtualMachineName": { - "type": "string" - }, - "marketplaceImageOffer": { - "type": "string" - }, - "marketplaceImagePublisher": { - "type": "string" - }, - "marketplaceImageSKU": { - "type": "string" - }, - "msrdcwebrtcsvcInstaller": { - "type": "string", - "defaultValue": "" - }, - "officeInstaller": { - "type": "string", - "defaultValue": "" - }, - "replicaCount": { - "type": "int", - "defaultValue": 1 - }, - "resourceGroupName": { - "type": "string" - }, - "runbookExecution": { - "type": "bool", - "defaultValue": false - }, - "sourceImageType": { - "type": "string", - "defaultValue": "AzureMarketplace" - }, - "storageAccountResourceId": { - "type": "string" - }, - "subnetResourceId": { - "type": "string" - }, - "tags": { - "type": "object", - "defaultValue": {} - }, - "teamsInstaller": { - "type": "string", - "defaultValue": "" - }, - "updateService": { - "type": "string", - "defaultValue": "MicrosoftUpdate" }, - "userAssignedIdentityClientId": { - "type": "string" - }, - "userAssignedIdentityPrincipalId": { - "type": "string" - }, - "userAssignedIdentityResourceId": { - "type": "string" - }, - "vcRedistInstaller": { - "type": "string", - "defaultValue": "" - }, - "vDOTInstaller": { - "type": "string", - "defaultValue": "" - }, - "virtualMachineSize": { - "type": "string" - }, - "wsusServer": { - "type": "string", - "defaultValue": "" - } - }, - "variables": { - "autoImageVersion": "[format('{0}.{1}.{2}', parameters('imageMajorVersion'), variables('imageSuffix'), parameters('imagePatchVersion'))]", - "imageSuffix": "[take(parameters('deploymentNameSuffix'), 9)]", - "storageAccountName": "[split(parameters('storageAccountResourceId'), '/')[8]]", - "storageEndpoint": "[environment().suffixes.storage]", - "subscriptionId": "[subscription().subscriptionId]" - }, - "resources": [ { - "condition": "[not(parameters('enableBuildAutomation'))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('management-vm-{0}', parameters('deploymentNameSuffix'))]", - "subscriptionId": "[variables('subscriptionId')]", - "resourceGroup": "[parameters('resourceGroupName')]", + "name": "[format('deploy-storage-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))]", + "location": "[deployment().location]", "properties": { "expressionEvaluationOptions": { "scope": "inner" }, "mode": "Incremental", "parameters": { - "containerName": { - "value": "[parameters('containerName')]" + "blobsPrivateDnsZoneResourceId": { + "value": "[resourceId(variables('hubSubscriptionId'), variables('hubResourceGroupName'), 'Microsoft.Network/privateDnsZones', format('privatelink.blob.{0}', environment().suffixes.storage))]" }, - "diskEncryptionSetResourceId": { - "value": "[parameters('diskEncryptionSetResourceId')]" + "keyVaultUri": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultUri.value]" }, - "hybridUseBenefit": { - "value": "[parameters('hybridUseBenefit')]" + "location": { + "value": "[parameters('location')]" + }, + "logStorageSkuName": { + "value": "[parameters('logStorageSkuName')]" }, - "localAdministratorPassword": { - "value": "[parameters('localAdministratorPassword')]" + "mlzTags": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.mlzTags.value]" }, - "localAdministratorUsername": { - "value": "[parameters('localAdministratorUsername')]" + "network": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value[0]]" }, - "location": { - "value": "[parameters('location')]" + "resourceGroupName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" }, - "storageAccountName": { - "value": "[split(parameters('storageAccountResourceId'), '/')[8]]" + "serviceToken": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value.service]" + }, + "storageEncryptionKeyName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.storageKeyName.value]" }, "subnetResourceId": { - "value": "[parameters('subnetResourceId')]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.subnetResourceId.value]" + }, + "tablesPrivateDnsZoneResourceId": { + "value": "[resourceId(variables('hubSubscriptionId'), variables('hubResourceGroupName'), 'Microsoft.Network/privateDnsZones', format('privatelink.table.{0}', environment().suffixes.storage))]" }, "tags": { "value": "[parameters('tags')]" }, - "userAssignedIdentityPrincipalId": { - "value": "[parameters('userAssignedIdentityPrincipalId')]" - }, "userAssignedIdentityResourceId": { - "value": "[parameters('userAssignedIdentityResourceId')]" - }, - "virtualMachineName": { - "value": "[parameters('managementVirtualMachineName')]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.userAssignedIdentityResourceId.value]" } }, "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", "contentVersion": "1.0.0.0", "metadata": { - "_generator": { - "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "12968919444807468891" - } - }, - "parameters": { - "containerName": { - "type": "string" - }, - "diskEncryptionSetResourceId": { - "type": "string" - }, - "hybridUseBenefit": { - "type": "bool" - }, - "localAdministratorPassword": { - "type": "securestring" - }, - "localAdministratorUsername": { - "type": "securestring" - }, - "location": { - "type": "string" - }, - "storageAccountName": { - "type": "string" - }, - "subnetResourceId": { - "type": "string" - }, - "tags": { - "type": "object" - }, - "userAssignedIdentityPrincipalId": { - "type": "string" - }, - "userAssignedIdentityResourceId": { - "type": "string" - }, - "virtualMachineName": { - "type": "string" - } - }, - "resources": [ - { - "type": "Microsoft.Network/networkInterfaces", - "apiVersion": "2023-04-01", - "name": "[format('nic-{0}', parameters('virtualMachineName'))]", - "location": "[parameters('location')]", - "tags": "[if(contains(parameters('tags'), 'Microsoft.Network/networkInterfaces'), parameters('tags')['Microsoft.Network/networkInterfaces'], createObject())]", - "properties": { - "ipConfigurations": [ - { - "name": "ipconfig", - "properties": { - "privateIPAllocationMethod": "Dynamic", - "subnet": { - "id": "[parameters('subnetResourceId')]" - }, - "primary": true, - "privateIPAddressVersion": "IPv4" - } - } - ], - "enableAcceleratedNetworking": true, - "enableIPForwarding": false - } - }, - { - "type": "Microsoft.Compute/virtualMachines", - "apiVersion": "2022-03-01", - "name": "[parameters('virtualMachineName')]", - "location": "[parameters('location')]", - "tags": "[if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), parameters('tags')['Microsoft.Compute/virtualMachines'], createObject())]", - "identity": { - "type": "UserAssigned", - "userAssignedIdentities": { - "[format('{0}', parameters('userAssignedIdentityResourceId'))]": {} - } - }, - "properties": { - "hardwareProfile": { - "vmSize": "Standard_D2s_v3" - }, - "osProfile": { - "computerName": "[parameters('virtualMachineName')]", - "adminUsername": "[parameters('localAdministratorUsername')]", - "adminPassword": "[parameters('localAdministratorPassword')]", - "windowsConfiguration": { - "provisionVMAgent": true, - "enableAutomaticUpdates": true, - "patchSettings": { - "patchMode": "AutomaticByOS", - "assessmentMode": "ImageDefault" - } - } - }, - "storageProfile": { - "imageReference": { - "publisher": "MicrosoftWindowsServer", - "offer": "WindowsServer", - "sku": "2019-datacenter-core-g2", - "version": "latest" - }, - "osDisk": { - "caching": "ReadWrite", - "createOption": "FromImage", - "deleteOption": "Delete", - "managedDisk": { - "diskEncryptionSet": { - "id": "[parameters('diskEncryptionSetResourceId')]" - }, - "storageAccountType": "Premium_LRS" - }, - "name": "[format('disk-{0}', parameters('virtualMachineName'))]", - "osType": "Windows" - } - }, - "networkProfile": { - "networkInterfaces": [ - { - "id": "[resourceId('Microsoft.Network/networkInterfaces', format('nic-{0}', parameters('virtualMachineName')))]", - "properties": { - "deleteOption": "Delete" - } - } - ] - }, - "diagnosticsProfile": { - "bootDiagnostics": { - "enabled": false - } - }, - "securityProfile": { - "encryptionAtHost": true, - "uefiSettings": { - "secureBootEnabled": true, - "vTpmEnabled": true - }, - "securityType": "TrustedLaunch" - }, - "licenseType": "[if(parameters('hybridUseBenefit'), 'Windows_Server', null())]" - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/networkInterfaces', format('nic-{0}', parameters('virtualMachineName')))]" - ] - }, - { - "type": "Microsoft.Compute/virtualMachines/runCommands", - "apiVersion": "2023-03-01", - "name": "[format('{0}/{1}', parameters('virtualMachineName'), 'appAzModules')]", - "location": "[parameters('location')]", - "tags": "[if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), parameters('tags')['Microsoft.Compute/virtualMachines'], createObject())]", - "properties": { - "treatFailureAsDeploymentFailure": true, - "asyncExecution": false, - "parameters": [ - { - "name": "ContainerName", - "value": "[parameters('containerName')]" - }, - { - "name": "StorageAccountName", - "value": "[parameters('storageAccountName')]" - }, - { - "name": "StorageEndpoint", - "value": "[environment().suffixes.storage]" - }, - { - "name": "UserAssignedIdentityObjectId", - "value": "[parameters('userAssignedIdentityPrincipalId')]" - } - ], - "source": { - "script": " param(\r\n [string]$ContainerName,\r\n [string]$StorageAccountName,\r\n [string]$StorageEndpoint,\r\n [string]$UserAssignedIdentityObjectId\r\n )\r\n $ErrorActionPreference = \"Stop\"\r\n $StorageAccountUrl = \"https://\" + $StorageAccountName + \".blob.\" + $StorageEndpoint + \"/\"\r\n $TokenUri = \"http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=$StorageAccountUrl&object_id=$UserAssignedIdentityObjectId\"\r\n $AccessToken = ((Invoke-WebRequest -Headers @{Metadata=$true} -Uri $TokenUri -UseBasicParsing).Content | ConvertFrom-Json).access_token\r\n $BlobNames = @('az.accounts.2.12.1.nupkg','az.automation.1.9.0.nupkg','az.compute.5.7.0.nupkg','az.resources.6.6.0.nupkg')\r\n foreach($BlobName in $BlobNames)\r\n {\r\n do\r\n {\r\n try\r\n {\r\n Write-Output \"Download Attempt $i\"\r\n Invoke-WebRequest -Headers @{\"x-ms-version\"=\"2017-11-09\"; Authorization =\"Bearer $AccessToken\"} -Uri \"$StorageAccountUrl$ContainerName/$BlobName\" -OutFile \"$env:windir\\temp\\$BlobName\"\r\n }\r\n catch [System.Net.WebException]\r\n {\r\n Start-Sleep -Seconds 60\r\n $i++\r\n if($i -gt 10){throw}\r\n continue\r\n }\r\n catch\r\n {\r\n $Output = $_ | select *\r\n Write-Output $Output\r\n throw\r\n }\r\n }\r\n until(Test-Path -Path $env:windir\\temp\\$BlobName)\r\n Start-Sleep -Seconds 5\r\n Unblock-File -Path $env:windir\\temp\\$BlobName\r\n $BlobZipName = $Blobname.Replace('nupkg','zip')\r\n Rename-Item -Path $env:windir\\temp\\$BlobName -NewName $BlobZipName\r\n $BlobNameArray = $BlobName.Split('.')\r\n $ModuleFolderName = $BlobNameArray[0] + '.' + $BlobNameArray[1]\r\n $VersionFolderName = $BlobNameArray[2] + '.' + $BlobNameArray[3]+ '.' + $BlobNameArray[4]\r\n $ModulesDirectory = \"C:\\Program Files\\WindowsPowerShell\\Modules\"\r\n New-Item -Path $ModulesDirectory -Name $ModuleFolderName -ItemType \"Directory\" -Force\r\n Expand-Archive -Path $env:windir\\temp\\$BlobZipName -DestinationPath \"$ModulesDirectory\\$ModuleFolderName\\$VersionFolderName\" -Force\r\n Remove-Item -Path \"$ModulesDirectory\\$ModuleFolderName\\$VersionFolderName\\_rels\" -Force -Recurse\r\n Remove-Item -Path \"$ModulesDirectory\\$ModuleFolderName\\$VersionFolderName\\package\" -Force -Recurse\r\n Remove-Item -LiteralPath \"$ModulesDirectory\\$ModuleFolderName\\$VersionFolderName\\[Content_Types].xml\" -Force\r\n Remove-Item -Path \"$ModulesDirectory\\$ModuleFolderName\\$VersionFolderName\\$ModuleFolderName.nuspec\" -Force\r\n }\r\n Remove-Item -Path \"$env:windir\\temp\\az*\" -Force\r\n " - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachines', parameters('virtualMachineName'))]" - ] - } - ], - "outputs": { - "name": { - "type": "string", - "value": "[parameters('virtualMachineName')]" - } - } - } - } - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('image-vm-{0}', parameters('deploymentNameSuffix'))]", - "subscriptionId": "[variables('subscriptionId')]", - "resourceGroup": "[parameters('resourceGroupName')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "localAdministratorPassword": "[if(parameters('runbookExecution'), createObject('reference', createObject('keyVault', createObject('id', extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.KeyVault/vaults', parameters('keyVaultName'))), 'secretName', 'LocalAdministratorPassword')), createObject('value', parameters('localAdministratorPassword')))]", - "localAdministratorUsername": "[if(parameters('runbookExecution'), createObject('reference', createObject('keyVault', createObject('id', extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.KeyVault/vaults', parameters('keyVaultName'))), 'secretName', 'LocalAdministratorUsername')), createObject('value', parameters('localAdministratorUsername')))]", - "location": { - "value": "[parameters('location')]" - }, - "marketplaceImageOffer": { - "value": "[parameters('marketplaceImageOffer')]" - }, - "marketplaceImagePublisher": { - "value": "[parameters('marketplaceImagePublisher')]" - }, - "marketplaceImageSKU": { - "value": "[parameters('marketplaceImageSKU')]" - }, - "computeGalleryImageResourceId": { - "value": "[parameters('computeGalleryImageResourceId')]" - }, - "sourceImageType": { - "value": "[parameters('sourceImageType')]" - }, - "subnetResourceId": { - "value": "[parameters('subnetResourceId')]" - }, - "tags": { - "value": "[parameters('tags')]" - }, - "userAssignedIdentityResourceId": { - "value": "[parameters('userAssignedIdentityResourceId')]" - }, - "virtualMachineName": { - "value": "[parameters('imageVirtualMachineName')]" - }, - "virtualMachineSize": { - "value": "[parameters('virtualMachineSize')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "3416440754020274895" - } - }, - "parameters": { - "localAdministratorPassword": { - "type": "securestring" - }, - "localAdministratorUsername": { - "type": "securestring" - }, - "location": { - "type": "string" - }, - "marketplaceImageOffer": { - "type": "string" - }, - "marketplaceImagePublisher": { - "type": "string" - }, - "marketplaceImageSKU": { - "type": "string" - }, - "computeGalleryImageResourceId": { - "type": "string" - }, - "sourceImageType": { - "type": "string" - }, - "subnetResourceId": { - "type": "string" - }, - "tags": { - "type": "object" - }, - "userAssignedIdentityResourceId": { - "type": "string" - }, - "virtualMachineName": { - "type": "string" - }, - "virtualMachineSize": { - "type": "string" - } - }, - "variables": { - "imageReference": "[if(equals(parameters('sourceImageType'), 'AzureComputeGallery'), createObject('id', parameters('computeGalleryImageResourceId')), createObject('publisher', parameters('marketplaceImagePublisher'), 'offer', parameters('marketplaceImageOffer'), 'sku', parameters('marketplaceImageSKU'), 'version', 'latest'))]" - }, - "resources": [ - { - "type": "Microsoft.Network/networkInterfaces", - "apiVersion": "2022-05-01", - "name": "[format('nic-{0}', parameters('virtualMachineName'))]", - "location": "[parameters('location')]", - "tags": "[if(contains(parameters('tags'), 'Microsoft.Network/networkInterfaces'), parameters('tags')['Microsoft.Network/networkInterfaces'], createObject())]", - "properties": { - "ipConfigurations": [ - { - "name": "ipconfig1", - "properties": { - "privateIPAllocationMethod": "Dynamic", - "subnet": { - "id": "[parameters('subnetResourceId')]" - } - } - } - ] - } - }, - { - "type": "Microsoft.Compute/virtualMachines", - "apiVersion": "2022-03-01", - "name": "[parameters('virtualMachineName')]", - "location": "[parameters('location')]", - "tags": "[if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), parameters('tags')['Microsoft.Compute/virtualMachines'], createObject())]", - "identity": { - "type": "UserAssigned", - "userAssignedIdentities": { - "[format('{0}', parameters('userAssignedIdentityResourceId'))]": {} - } - }, - "properties": { - "hardwareProfile": { - "vmSize": "[parameters('virtualMachineSize')]" - }, - "osProfile": { - "computerName": "[parameters('virtualMachineName')]", - "adminUsername": "[parameters('localAdministratorUsername')]", - "adminPassword": "[parameters('localAdministratorPassword')]" - }, - "storageProfile": { - "imageReference": "[variables('imageReference')]", - "osDisk": { - "createOption": "FromImage", - "deleteOption": "Delete", - "managedDisk": { - "storageAccountType": "StandardSSD_LRS" - }, - "name": "[format('disk-{0}', parameters('virtualMachineName'))]" - } - }, - "networkProfile": { - "networkInterfaces": [ - { - "id": "[resourceId('Microsoft.Network/networkInterfaces', format('nic-{0}', parameters('virtualMachineName')))]", - "properties": { - "deleteOption": "Delete" - } - } - ] - }, - "diagnosticsProfile": { - "bootDiagnostics": { - "enabled": false - } - }, - "securityProfile": { - "uefiSettings": { - "secureBootEnabled": true, - "vTpmEnabled": true - }, - "securityType": "TrustedLaunch" - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/networkInterfaces', format('nic-{0}', parameters('virtualMachineName')))]" - ] - } - ], - "outputs": { - "name": { - "type": "string", - "value": "[parameters('virtualMachineName')]" - }, - "resourceId": { - "type": "string", - "value": "[resourceId('Microsoft.Compute/virtualMachines', parameters('virtualMachineName'))]" - } - } - } - } - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('customizations-{0}', parameters('deploymentNameSuffix'))]", - "subscriptionId": "[variables('subscriptionId')]", - "resourceGroup": "[parameters('resourceGroupName')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "arcGisProInstaller": { - "value": "[parameters('arcGisProInstaller')]" - }, - "containerName": { - "value": "[parameters('containerName')]" - }, - "customizations": { - "value": "[parameters('customizations')]" - }, - "installAccess": { - "value": "[parameters('installAccess')]" - }, - "installArcGisPro": { - "value": "[parameters('installArcGisPro')]" - }, - "installExcel": { - "value": "[parameters('installExcel')]" - }, - "installOneDrive": { - "value": "[parameters('installOneDrive')]" - }, - "installOneNote": { - "value": "[parameters('installOneNote')]" - }, - "installOutlook": { - "value": "[parameters('installOutlook')]" - }, - "installPowerPoint": { - "value": "[parameters('installPowerPoint')]" - }, - "installProject": { - "value": "[parameters('installProject')]" - }, - "installPublisher": { - "value": "[parameters('installPublisher')]" - }, - "installSkypeForBusiness": { - "value": "[parameters('installSkypeForBusiness')]" - }, - "installTeams": { - "value": "[parameters('installTeams')]" - }, - "installVirtualDesktopOptimizationTool": { - "value": "[parameters('installVirtualDesktopOptimizationTool')]" - }, - "installVisio": { - "value": "[parameters('installVisio')]" - }, - "installWord": { - "value": "[parameters('installWord')]" - }, - "location": { - "value": "[parameters('location')]" - }, - "msrdcwebrtcsvcInstaller": { - "value": "[parameters('msrdcwebrtcsvcInstaller')]" - }, - "officeInstaller": { - "value": "[parameters('officeInstaller')]" - }, - "storageAccountName": { - "value": "[variables('storageAccountName')]" - }, - "storageEndpoint": { - "value": "[variables('storageEndpoint')]" - }, - "tags": { - "value": "[parameters('tags')]" - }, - "teamsInstaller": { - "value": "[parameters('teamsInstaller')]" - }, - "userAssignedIdentityObjectId": { - "value": "[parameters('userAssignedIdentityPrincipalId')]" - }, - "vcRedistInstaller": { - "value": "[parameters('vcRedistInstaller')]" - }, - "vDotInstaller": { - "value": "[parameters('vDOTInstaller')]" - }, - "virtualMachineName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('image-vm-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "10008712211219806019" - } - }, - "parameters": { - "arcGisProInstaller": { - "type": "string" - }, - "containerName": { - "type": "string" - }, - "customizations": { - "type": "array" - }, - "installAccess": { - "type": "bool" - }, - "installArcGisPro": { - "type": "bool" - }, - "installExcel": { - "type": "bool" - }, - "installOneDrive": { - "type": "bool" - }, - "installOneNote": { - "type": "bool" - }, - "installOutlook": { - "type": "bool" - }, - "installPowerPoint": { - "type": "bool" - }, - "installProject": { - "type": "bool" - }, - "installPublisher": { - "type": "bool" - }, - "installSkypeForBusiness": { - "type": "bool" - }, - "installTeams": { - "type": "bool" - }, - "installVirtualDesktopOptimizationTool": { - "type": "bool" - }, - "installVisio": { - "type": "bool" - }, - "installWord": { - "type": "bool" - }, - "location": { - "type": "string" - }, - "msrdcwebrtcsvcInstaller": { - "type": "string" - }, - "officeInstaller": { - "type": "string" - }, - "storageAccountName": { - "type": "string" - }, - "storageEndpoint": { - "type": "string" - }, - "tags": { - "type": "object" - }, - "teamsInstaller": { - "type": "string" - }, - "userAssignedIdentityObjectId": { - "type": "string" - }, - "vcRedistInstaller": { - "type": "string" - }, - "vDotInstaller": { - "type": "string" - }, - "virtualMachineName": { - "type": "string" - } - }, - "variables": { - "installAccessVar": "[format('{0}installAccess', parameters('installAccess'))]", - "installers": "[parameters('customizations')]", - "installExcelVar": "[format('{0}installWord', parameters('installExcel'))]", - "installOneDriveVar": "[format('{0}installOneDrive', parameters('installOneDrive'))]", - "installOneNoteVar": "[format('{0}installOneNote', parameters('installOneNote'))]", - "installOutlookVar": "[format('{0}installOutlook', parameters('installOutlook'))]", - "installPowerPointVar": "[format('{0}installPowerPoint', parameters('installPowerPoint'))]", - "installProjectVar": "[format('{0}installProject', parameters('installProject'))]", - "installPublisherVar": "[format('{0}installPublisher', parameters('installPublisher'))]", - "installSkypeForBusinessVar": "[format('{0}installSkypeForBusiness', parameters('installSkypeForBusiness'))]", - "installVisioVar": "[format('{0}installVisio', parameters('installVisio'))]", - "installWordVar": "[format('{0}installWord', parameters('installWord'))]" - }, - "resources": [ - { - "copy": { - "name": "applications", - "count": "[length(variables('installers'))]", - "mode": "serial", - "batchSize": 1 - }, - "type": "Microsoft.Compute/virtualMachines/runCommands", - "apiVersion": "2023-03-01", - "name": "[format('{0}/{1}', parameters('virtualMachineName'), format('app-{0}', variables('installers')[copyIndex()].name))]", - "location": "[parameters('location')]", - "tags": "[if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), parameters('tags')['Microsoft.Compute/virtualMachines'], createObject())]", - "properties": { - "treatFailureAsDeploymentFailure": true, - "asyncExecution": false, - "parameters": [ - { - "name": "UserAssignedIdentityObjectId", - "value": "[parameters('userAssignedIdentityObjectId')]" - }, - { - "name": "StorageAccountName", - "value": "[parameters('storageAccountName')]" - }, - { - "name": "ContainerName", - "value": "[parameters('containerName')]" - }, - { - "name": "StorageEndpoint", - "value": "[parameters('storageEndpoint')]" - }, - { - "name": "Blobname", - "value": "[variables('installers')[copyIndex()].blobName]" - }, - { - "name": "Installer", - "value": "[variables('installers')[copyIndex()].name]" - }, - { - "name": "Arguments", - "value": "[variables('installers')[copyIndex()].arguments]" - } - ], - "source": { - "script": " param(\r\n [string]$UserAssignedIdentityObjectId,\r\n [string]$StorageAccountName,\r\n [string]$ContainerName,\r\n [string]$StorageEndpoint,\r\n [string]$BlobName,\r\n [string]$Installer,\r\n [string]$Arguments\r\n )\r\n $ErrorActionPreference = 'Stop'\r\n $WarningPreference = 'SilentlyContinue'\r\n $StorageAccountUrl = \"https://\" + $StorageAccountName + \".blob.\" + $StorageEndpoint + \"/\"\r\n $TokenUri = \"http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=$StorageAccountUrl&object_id=$UserAssignedIdentityObjectId\"\r\n $AccessToken = ((Invoke-WebRequest -Headers @{Metadata=$true} -Uri $TokenUri -UseBasicParsing).Content | ConvertFrom-Json).access_token\r\n New-Item -Path $env:windir\\temp -Name $Installer -ItemType \"directory\" -Force\r\n New-Item -Path $env:windir\\temp\\$Installer -Name 'Files' -ItemType \"directory\" -Force\r\n #Invoking WebClient to download blobs because it is more efficient than Invoke-WebRequest for large files.\r\n $WebClient = New-Object System.Net.WebClient\r\n $WebClient.Headers.Add('x-ms-version', '2017-11-09')\r\n $webClient.Headers.Add(\"Authorization\", \"Bearer $AccessToken\")\r\n $webClient.DownloadFile(\"$StorageAccountUrl$ContainerName/$BlobName\", \"$env:windir\\temp\\$Installer\\Files\\$Blobname\")\r\n Start-Sleep -Seconds 30\r\n Set-Location -Path $env:windir\\temp\\$Installer\r\n if($Blobname -like (\"*.exe\"))\r\n {\r\n Start-Process -FilePath $env:windir\\temp\\$Installer\\Files\\$Blobname -ArgumentList $Arguments -NoNewWindow -Wait -PassThru\r\n $status = Get-WmiObject -Class Win32_Product | Where-Object Name -like \"*$($installer)*\"\r\n if($status)\r\n {\r\n Write-Host $status.Name \"is installed\"\r\n }\r\n else\r\n {\r\n Write-host $Installer \"did not install properly, please check arguments\"\r\n }\r\n }\r\n if($Blobname -like (\"*.msi\"))\r\n {\r\n Set-Location -Path $env:windir\\temp\\$Installer\\Files\r\n Start-Process -FilePath msiexec.exe -ArgumentList $Arguments -Wait\r\n $status = Get-WmiObject -Class Win32_Product | Where-Object Name -like \"*$($installer)*\"\r\n if($status)\r\n {\r\n Write-Host $status.Name \"is installed\"\r\n }\r\n else\r\n {\r\n Write-host $Installer \"did not install properly, please check arguments\"\r\n }\r\n }\r\n if($Blobname -like (\"*.bat\"))\r\n {\r\n Start-Process -FilePath cmd.exe -ArgumentList $env:windir\\temp\\$Installer\\Files\\$Arguments -Wait\r\n }\r\n if($Blobname -like (\"*.ps1\"))\r\n {\r\n Start-Process -FilePath PowerShell.exe -ArgumentList $env:windir\\temp\\$Installer\\Files\\$Arguments -Wait\r\n }\r\n if($Blobname -like (\"*.zip\"))\r\n {\r\n Set-Location -Path $env:windir\\temp\\$Installer\\Files\r\n Expand-Archive -Path $env:windir\\temp\\$Installer\\Files\\$Blobname -DestinationPath $env:windir\\temp\\$Installer\\Files -Force\r\n Remove-Item -Path .\\$Blobname -Force -Recurse\r\n }\r\n Write-Host \"Removing $Installer Files\"\r\n Remove-item $env:windir\\temp\\$Installer -Force -Recurse -Confirm:$false\r\n " - } - } - }, - { - "condition": "[or(or(or(or(or(or(or(or(or(or(parameters('installAccess'), parameters('installExcel')), parameters('installOneDrive')), parameters('installOneNote')), parameters('installOutlook')), parameters('installPowerPoint')), parameters('installPublisher')), parameters('installSkypeForBusiness')), parameters('installWord')), parameters('installVisio')), parameters('installProject'))]", - "type": "Microsoft.Compute/virtualMachines/runCommands", - "apiVersion": "2023-03-01", - "name": "[format('{0}/{1}', parameters('virtualMachineName'), 'office')]", - "location": "[parameters('location')]", - "tags": "[if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), parameters('tags')['Microsoft.Compute/virtualMachines'], createObject())]", - "properties": { - "treatFailureAsDeploymentFailure": true, - "asyncExecution": false, - "parameters": [ - { - "name": "InstallAccess", - "value": "[variables('installAccessVar')]" - }, - { - "name": "InstallWord", - "value": "[variables('installWordVar')]" - }, - { - "name": "InstallExcel", - "value": "[variables('installExcelVar')]" - }, - { - "name": "InstallOneDrive", - "value": "[variables('installOneDriveVar')]" - }, - { - "name": "InstallOneNote", - "value": "[variables('installOneNoteVar')]" - }, - { - "name": "InstallOutlook", - "value": "[variables('installOutlookVar')]" - }, - { - "name": "InstallPowerPoint", - "value": "[variables('installPowerPointVar')]" - }, - { - "name": "InstallProject", - "value": "[variables('installProjectVar')]" - }, - { - "name": "InstallPublisher", - "value": "[variables('installPublisherVar')]" - }, - { - "name": "InstallSkypeForBusiness", - "value": "[variables('installSkypeForBusinessVar')]" - }, - { - "name": "InstallVisio", - "value": "[variables('installVisioVar')]" - }, - { - "name": "UserAssignedIdentityObjectId", - "value": "[parameters('userAssignedIdentityObjectId')]" - }, - { - "name": "StorageAccountName", - "value": "[parameters('storageAccountName')]" - }, - { - "name": "ContainerName", - "value": "[parameters('containerName')]" - }, - { - "name": "StorageEndpoint", - "value": "[parameters('storageEndpoint')]" - }, - { - "name": "BlobName", - "value": "[parameters('officeInstaller')]" - } - ], - "source": { - "script": " param(\r\n [string]$InstallAccess,\r\n [string]$InstallExcel,\r\n [string]$InstallOneDrive,\r\n [string]$InstallOutlook,\r\n [string]$InstallProject,\r\n [string]$InstallPublisher,\r\n [string]$InstallSkypeForBusiness,\r\n [string]$InstallVisio,\r\n [string]$InstallWord,\r\n [string]$InstallOneNote,\r\n [string]$InstallPowerPoint,\r\n [string]$UserAssignedIdentityObjectId,\r\n [string]$StorageAccountName,\r\n [string]$ContainerName,\r\n [string]$StorageEndpoint,\r\n [string]$BlobName\r\n )\r\n $ErrorActionPreference = 'Stop'\r\n $WarningPreference = 'SilentlyContinue'\r\n $StorageAccountUrl = \"https://\" + $StorageAccountName + \".blob.\" + $StorageEndpoint + \"/\"\r\n $TokenUri = \"http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=$StorageAccountUrl&object_id=$UserAssignedIdentityObjectId\"\r\n $AccessToken = ((Invoke-WebRequest -Headers @{Metadata=$true} -Uri $TokenUri -UseBasicParsing).Content | ConvertFrom-Json).access_token\r\n New-Item -Path \"$env:windir\\temp\\office\" -ItemType \"directory\" -Force\r\n $sku = (Get-ComputerInfo).OsName\r\n $o365ConfigHeader = Set-Content \"$env:windir\\temp\\office\\office365x64.xml\" ''\r\n $o365OfficeHeader = Add-Content \"$env:windir\\temp\\office\\office365x64.xml\" ''\r\n if($InstallAccess -notlike '*true*'){\r\n Add-Content \"$env:windir\\temp\\office\\office365x64.xml\" ''\r\n }\r\n if($InstallExcel -notlike '*true*'){\r\n Add-Content \"$env:windir\\temp\\office\\office365x64.xml\" ''\r\n }\r\n if($InstallOneDrive -notlike '*true*'){\r\n Add-Content \"$env:windir\\temp\\office\\office365x64.xml\" ''\r\n }\r\n if($InstallOneNote -notlike '*true*'){\r\n Add-Content \"$env:windir\\temp\\office\\office365x64.xml\" ''\r\n }\r\n if($InstallOutlook -notlike '*true*'){\r\n Add-Content \"$env:windir\\temp\\office\\office365x64.xml\" ''\r\n }\r\n if($InstallPowerPoint -notlike '*true*'){\r\n Add-Content \"$env:windir\\temp\\office\\office365x64.xml\" ''\r\n }\r\n if($InstallPublisher -notlike '*true*'){\r\n Add-Content \"$env:windir\\temp\\office\\office365x64.xml\" ''\r\n }\r\n if($InstallSkypeForBusiness -notlike '*true*'){\r\n Add-Content \"$env:windir\\temp\\office\\office365x64.xml\" ''\r\n }\r\n if($InstallWord -notlike '*true*'){\r\n Add-Content \"$env:windir\\temp\\office\\office365x64.xml\" ''\r\n }\r\n $addOfficefooter = Add-Content \"$env:windir\\temp\\office\\office365x64.xml\" ''\r\n if($InstallProject -like '*true*'){\r\n Add-Content \"$env:windir\\temp\\office\\office365x64.xml\" ''\r\n }\r\n if($InstallVisio -like '*true*'){\r\n Add-Content \"$env:windir\\temp\\office\\office365x64.xml\" ''\r\n }\r\n Add-Content \"$env:windir\\temp\\office\\office365x64.xml\" ''\r\n $PerMachineConfiguration = if(($Sku).Contains(\"multi\") -eq \"true\"){\r\n Add-Content \"$env:windir\\temp\\office\\office365x64.xml\" ''\r\n }\r\n Add-Content \"$env:windir\\temp\\office\\office365x64.xml\" ''\r\n $Installer = \"$env:windir\\temp\\office\\office.exe\"\r\n #$DownloadLinks = Invoke-WebRequest -Uri \"https://www.microsoft.com/en-us/download/confirmation.aspx?id=49117\" -UseBasicParsing\r\n #$URL = $DownloadLinks.Links.href | Where-Object {$_ -like \"https://download.microsoft.com/download/*officedeploymenttool*\"} | Select-Object -First 1\r\n #Invoke-WebRequest -Uri $URL -OutFile $Installer -UseBasicParsing\r\n Invoke-WebRequest -Headers @{\"x-ms-version\"=\"2017-11-09\"; Authorization =\"Bearer $AccessToken\"} -Uri \"$StorageAccountUrl$ContainerName/$BlobName\" -OutFile $Installer\r\n Start-Process -FilePath $Installer -ArgumentList \"/extract:$env:windir\\temp\\office /quiet /passive /norestart\" -Wait -PassThru | Out-Null\r\n Write-Host \"Downloaded & extracted the Office 365 Deployment Toolkit\"\r\n Start-Process -FilePath \"$env:windir\\temp\\office\\setup.exe\" -ArgumentList \"/configure $env:windir\\temp\\office\\office365x64.xml\" -Wait -PassThru -ErrorAction \"Stop\" | Out-Null\r\n Write-Host \"Installed the selected Office365 applications\"\r\n Write-Host \"Removing Office FIles\"\r\n Remove-item -Path \"$env:windir\\temp\\office\" -Force -Confirm:$false -Recurse\r\n " - } - }, - "dependsOn": [ - "applications" - ] - }, - { - "condition": "[parameters('installVirtualDesktopOptimizationTool')]", - "type": "Microsoft.Compute/virtualMachines/runCommands", - "apiVersion": "2023-03-01", - "name": "[format('{0}/{1}', parameters('virtualMachineName'), 'vdot')]", - "location": "[parameters('location')]", - "tags": "[if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), parameters('tags')['Microsoft.Compute/virtualMachines'], createObject())]", - "properties": { - "treatFailureAsDeploymentFailure": true, - "asyncExecution": false, - "parameters": [ - { - "name": "UserAssignedIdentityObjectId", - "value": "[parameters('userAssignedIdentityObjectId')]" - }, - { - "name": "StorageAccountName", - "value": "[parameters('storageAccountName')]" - }, - { - "name": "ContainerName", - "value": "[parameters('containerName')]" - }, - { - "name": "StorageEndpoint", - "value": "[parameters('storageEndpoint')]" - }, - { - "name": "BlobName", - "value": "[parameters('vDotInstaller')]" - } - ], - "source": { - "script": " param(\r\n [string]$UserAssignedIdentityObjectId,\r\n [string]$StorageAccountName,\r\n [string]$ContainerName,\r\n [string]$StorageEndpoint,\r\n [string]$BlobName\r\n )\r\n $ErrorActionPreference = 'Stop'\r\n $WarningPreference = 'SilentlyContinue'\r\n $StorageAccountUrl = \"https://\" + $StorageAccountName + \".blob.\" + $StorageEndpoint + \"/\"\r\n $TokenUri = \"http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=$StorageAccountUrl&object_id=$UserAssignedIdentityObjectId\"\r\n $AccessToken = ((Invoke-WebRequest -Headers @{Metadata=$true} -Uri $TokenUri -UseBasicParsing).Content | ConvertFrom-Json).access_token\r\n $ZIP = \"$env:windir\\temp\\VDOT.zip\"\r\n Invoke-WebRequest -Headers @{\"x-ms-version\"=\"2017-11-09\"; Authorization =\"Bearer $AccessToken\"} -Uri \"$StorageAccountUrl$ContainerName/$BlobName\" -OutFile $ZIP\r\n Start-Sleep -Seconds 30\r\n Set-Location -Path $env:windir\\temp\r\n Unblock-File -Path $ZIP\r\n Expand-Archive -LiteralPath $ZIP -DestinationPath \"$env:windir\\temp\" -Force\r\n $Path = (Get-ChildItem -Path \"$env:windir\\temp\" -Recurse | Where-Object {$_.Name -eq \"Windows_VDOT.ps1\"}).FullName\r\n $Script = Get-Content -Path $Path\r\n $ScriptUpdate = $Script.Replace(\"Set-NetAdapterAdvancedProperty\",\"#Set-NetAdapterAdvancedProperty\")\r\n $ScriptUpdate | Set-Content -Path $Path\r\n & $Path -Optimizations @(\"AppxPackages\",\"Autologgers\",\"DefaultUserSettings\",\"LGPO\";\"NetworkOptimizations\",\"ScheduledTasks\",\"Services\",\"WindowsMediaPlayer\") -AdvancedOptimizations \"All\" -AcceptEULA\r\n Write-Host \"Removing VDOT Files\"\r\n # Expecting this format for vDot ZIP, update if using a different ZIP format for folder structure\r\n Remove-Item -Path $env:windir\\temp\\Virtual-Desktop-Optimization-Tool-main -Force -Recurse -Confirm:$false\r\n " - }, - "timeoutInSeconds": 640 - }, - "dependsOn": [ - "applications", - "[resourceId('Microsoft.Compute/virtualMachines/runCommands', parameters('virtualMachineName'), 'office')]", - "[resourceId('Microsoft.Compute/virtualMachines/runCommands', parameters('virtualMachineName'), 'teams')]" - ] - }, - { - "condition": "[parameters('installTeams')]", - "type": "Microsoft.Compute/virtualMachines/runCommands", - "apiVersion": "2023-03-01", - "name": "[format('{0}/{1}', parameters('virtualMachineName'), 'teams')]", - "location": "[parameters('location')]", - "tags": "[if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), parameters('tags')['Microsoft.Compute/virtualMachines'], createObject())]", - "properties": { - "treatFailureAsDeploymentFailure": true, - "asyncExecution": false, - "parameters": [ - { - "name": "UserAssignedIdentityObjectId", - "value": "[parameters('userAssignedIdentityObjectId')]" - }, - { - "name": "StorageAccountName", - "value": "[parameters('storageAccountName')]" - }, - { - "name": "ContainerName", - "value": "[parameters('containerName')]" - }, - { - "name": "StorageEndpoint", - "value": "[parameters('storageEndpoint')]" - }, - { - "name": "BlobName", - "value": "[parameters('teamsInstaller')]" - }, - { - "name": "BlobName2", - "value": "[parameters('vcRedistInstaller')]" - }, - { - "name": "BlobName3", - "value": "[parameters('msrdcwebrtcsvcInstaller')]" - } - ], - "source": { - "script": " param(\r\n [string]$UserAssignedIdentityObjectId,\r\n [string]$StorageAccountName,\r\n [string]$ContainerName,\r\n [string]$StorageEndpoint,\r\n [string]$BlobName,\r\n [string]$BlobName2,\r\n [string]$BlobName3\r\n )\r\n $ErrorActionPreference = 'Stop'\r\n $WarningPreference = 'SilentlyContinue'\r\n $StorageAccountUrl = \"https://\" + $StorageAccountName + \".blob.\" + $StorageEndpoint + \"/\"\r\n $TokenUri = \"http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=$StorageAccountUrl&object_id=$UserAssignedIdentityObjectId\"\r\n $AccessToken = ((Invoke-WebRequest -Headers @{Metadata=$true} -Uri $TokenUri -UseBasicParsing).Content | ConvertFrom-Json).access_token\r\n $vcRedistFile = \"$env:windir\\temp\\vc_redist.x64.exe\"\r\n $webSocketFile = \"$env:windir\\temp\\webSocketSvc.msi\"\r\n $teamsFile = \"$env:windir\\temp\\teams.msi\"\r\n Invoke-WebRequest -Headers @{\"x-ms-version\"=\"2017-11-09\"; Authorization =\"Bearer $AccessToken\"} -Uri \"$StorageAccountUrl$ContainerName/$BlobName\" -OutFile $teamsFile\r\n Invoke-WebRequest -Headers @{\"x-ms-version\"=\"2017-11-09\"; Authorization =\"Bearer $AccessToken\"} -Uri \"$StorageAccountUrl$ContainerName/$BlobName2\" -OutFile $vcRedistFile\r\n Invoke-WebRequest -Headers @{\"x-ms-version\"=\"2017-11-09\"; Authorization =\"Bearer $AccessToken\"} -Uri \"$StorageAccountUrl$ContainerName/$BlobName3\" -OutFile $webSocketFile\r\n\r\n # Enable media optimizations for Team\r\n Start-Process \"reg\" -ArgumentList \"add HKLM\\SOFTWARE\\Microsoft\\Teams /v IsWVDEnvironment /t REG_DWORD /d 1 /f\" -Wait -PassThru -ErrorAction \"Stop\"\r\n Write-Host \"Enabled media optimizations for Teams\"\r\n # Download & install the latest version of Microsoft Visual C++ Redistributable\r\n #$File = \"$env:windir\\temp\\vc_redist.x64.exe\"\r\n #Invoke-WebRequest -Uri \"https://aka.ms/vs/16/release/vc_redist.x64.exe\" -OutFile $File\r\n Start-Process -FilePath $vcRedistFile -Args \"/install /quiet /norestart /log vcdist.log\" -Wait -PassThru | Out-Null\r\n Write-Host \"Installed the latest version of Microsoft Visual C++ Redistributable\"\r\n # Download & install the Remote Desktop WebRTC Redirector Service\r\n #$File = \"$env:windir\\temp\\webSocketSvc.msi\"\r\n #Invoke-WebRequest -Uri \"https://aka.ms/msrdcwebrtcsvc/msi\" -OutFile $File\r\n Start-Process -FilePath msiexec.exe -Args \"/i $webSocketFile /quiet /qn /norestart /passive /log webSocket.log\" -Wait -PassThru | Out-Null\r\n Write-Host \"Installed the Remote Desktop WebRTC Redirector Service\"\r\n # Install Teams\r\n #$File = \"$env:windir\\temp\\teams.msi\"\r\n #Write-host $($TeamsUrl)\r\n #Invoke-WebRequest -Uri \"$TeamsUrl\" -OutFile $File\r\n $sku = (Get-ComputerInfo).OsName\r\n $PerMachineConfiguration = if(($Sku).Contains(\"multi\") -eq \"true\"){\"ALLUSER=1\"}else{\"\"}\r\n Start-Process -FilePath msiexec.exe -Args \"/i $teamsFile /quiet /qn /norestart /passive /log teams.log $PerMachineConfiguration ALLUSERS=1\" -Wait -PassThru | Out-Null\r\n Write-Host \"Installed Teams\"\r\n Write-Host \"Removing Teams Files\"\r\n Remove-Item \"$teamsFile\" -Force -Confirm:$false\r\n Remove-Item \"$vcRedistFile\" -Force -Confirm:$false\r\n Remove-Item \"$webSocketFile\" -Force -Confirm:$false\r\n " - } - }, - "dependsOn": [ - "applications", - "[resourceId('Microsoft.Compute/virtualMachines/runCommands', parameters('virtualMachineName'), 'office')]" - ] - }, - { - "condition": "[parameters('installArcGisPro')]", - "type": "Microsoft.Compute/virtualMachines/runCommands", - "apiVersion": "2023-03-01", - "name": "[format('{0}/{1}', parameters('virtualMachineName'), 'arcGisPro')]", - "location": "[parameters('location')]", - "tags": "[if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), parameters('tags')['Microsoft.Compute/virtualMachines'], createObject())]", - "properties": { - "treatFailureAsDeploymentFailure": true, - "asyncExecution": false, - "parameters": [ - { - "name": "UserAssignedIdentityObjectId", - "value": "[parameters('userAssignedIdentityObjectId')]" - }, - { - "name": "StorageAccountName", - "value": "[parameters('storageAccountName')]" - }, - { - "name": "ContainerName", - "value": "[parameters('containerName')]" - }, - { - "name": "StorageEndpoint", - "value": "[parameters('storageEndpoint')]" - }, - { - "name": "BlobName", - "value": "[parameters('arcGisProInstaller')]" - } - ], - "source": { - "script": " param(\r\n [string]$UserAssignedIdentityObjectId,\r\n [string]$StorageAccountName,\r\n [string]$ContainerName,\r\n [string]$StorageEndpoint,\r\n [string]$BlobName\r\n )\r\n $ErrorActionPreference = 'Stop'\r\n $WarningPreference = 'SilentlyContinue'\r\n $StorageAccountUrl = \"https://\" + $StorageAccountName + \".blob.\" + $StorageEndpoint + \"/\"\r\n $TokenUri = \"http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=$StorageAccountUrl&object_id=$UserAssignedIdentityObjectId\"\r\n $AccessToken = ((Invoke-WebRequest -Headers @{Metadata=$true} -Uri $TokenUri -UseBasicParsing).Content | ConvertFrom-Json).access_token\r\n # Retrieve Files\r\n New-Item -Path $env:windir\\temp -Name arcgis -ItemType \"directory\" -Force\r\n $ZIP = \"$env:windir\\temp\\arcgispro.zip\"\r\n Invoke-WebRequest -Headers @{\"x-ms-version\"=\"2017-11-09\"; Authorization =\"Bearer $AccessToken\"} -Uri \"$StorageAccountUrl$ContainerName/$BlobName\" -OutFile $ZIP\r\n Start-Sleep -Seconds 30\r\n Set-Location -Path $env:windir\\temp\r\n Unblock-File -Path $ZIP\r\n Expand-Archive -LiteralPath $ZIP -DestinationPath \"$env:windir\\temp\\arcgis\" -Force\r\n\r\n # Install Arcgis\r\n $arcGisProMsi = (Get-ChildItem \"$env:windir\\temp\\arcgis\\\" -Recurse | where {$_.Name -eq \"ArcGisPro.msi\"})\r\n $arcGisProMsp = (Get-ChildItem \"$env:windir\\temp\\arcgis\" -Recurse | where {$_.Extension -eq \".msp\"})\r\n $winDesktopRuntime = (Get-ChildItem \"$env:windir\\temp\\arcgis\\\" -Recurse | where {$_.Name -like \"windowsdesktop-runtime-*\"})\r\n\r\n # If found Install Windows Desktop Runtime Pre-Req\r\n try {\r\n if ($winDesktopRuntime ){\r\n Start-Process -FilePath \"$($winDesktopRuntime.Directory.FullName)\\$winDesktopRuntime\" -ArgumentList \"/install /quiet /norestart\" -Wait -NoNewWindow -PassThru\r\n }\r\n }\r\n catch {\r\n Write-Output \"Please validate all software requirements are included with the ArcGIS Pro Zip\"\r\n }\r\n\r\n try {\r\n # Install ArcGis Pro\r\n $arcGisProArguments = \"/i $($arcGisProMsi.Directory.FullName)\\$arcGisProMsi ALLUSERS=1 ACCEPTEULA=yes ENABLEEUEI=0 SOFTWARE_CLASS=Professional AUTHORIZATION_TYPE=NAMED_USER LOCK_AUTH_SETTINGS=False ArcGIS_Connection=TRUE /qn /norestart\"\r\n Start-Process \"msiexec.exe\" -ArgumentList $arcGisProArguments -Wait -NoNewWindow -PassThru\r\n }\r\n catch {\r\n Write-Output \"Please validate all software requirements are included with the ArcGIS Pro Zip\"\r\n }\r\n\r\n try {\r\n # If MSP is found, patch ArcGisPro with MSP file\r\n if($arcGisProMsp){\r\n Start-Process \"msiexec.exe\" -ArgumentList \"/p $($arcGisProMsp.Directory.FullName)\\$arcGisProMsp /qn\" -Wait -NoNewWindow -PassThru\r\n }\r\n }\r\n catch {\r\n Write-Output \"Please validate all software requirements are included with the ArcGIS Pro Zip\"\r\n }\r\n Write-Host \"Removing ArcGis Files\"\r\n Remove-Item $ZIP -Force -Confirm:$false -Recurse\r\n Remove-item -Path \"$env:windir\\temp\\arcgis\" -Force -Confirm:$false -Recurse\r\n " - } - }, - "dependsOn": [ - "applications", - "[resourceId('Microsoft.Compute/virtualMachines/runCommands', parameters('virtualMachineName'), 'office')]", - "[resourceId('Microsoft.Compute/virtualMachines/runCommands', parameters('virtualMachineName'), 'teams')]", - "[resourceId('Microsoft.Compute/virtualMachines/runCommands', parameters('virtualMachineName'), 'vdot')]" - ] - } - ] - } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('image-vm-{0}', parameters('deploymentNameSuffix')))]" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('restart-vm-1-{0}', parameters('deploymentNameSuffix'))]", - "subscriptionId": "[variables('subscriptionId')]", - "resourceGroup": "[parameters('resourceGroupName')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "imageVirtualMachineName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('image-vm-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" - }, - "resourceGroupName": { - "value": "[parameters('resourceGroupName')]" - }, - "location": { - "value": "[parameters('location')]" - }, - "tags": { - "value": "[parameters('tags')]" - }, - "userAssignedIdentityClientId": { - "value": "[parameters('userAssignedIdentityClientId')]" - }, - "virtualMachineName": "[if(parameters('enableBuildAutomation'), createObject('value', parameters('managementVirtualMachineName')), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('management-vm-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value))]" - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "10420021406848674052" - } - }, - "parameters": { - "imageVirtualMachineName": { - "type": "string" - }, - "resourceGroupName": { - "type": "string" - }, - "location": { - "type": "string" - }, - "tags": { - "type": "object" - }, - "userAssignedIdentityClientId": { - "type": "string" - }, - "virtualMachineName": { - "type": "string" - } - }, - "resources": [ - { - "type": "Microsoft.Compute/virtualMachines/runCommands", - "apiVersion": "2023-03-01", - "name": "[format('{0}/{1}', parameters('virtualMachineName'), 'restartVirtualMachine')]", - "location": "[parameters('location')]", - "tags": "[if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), parameters('tags')['Microsoft.Compute/virtualMachines'], createObject())]", - "properties": { - "treatFailureAsDeploymentFailure": true, - "asyncExecution": false, - "parameters": [ - { - "name": "Environment", - "value": "[environment().name]" - }, - { - "name": "ResourceGroupName", - "value": "[parameters('resourceGroupName')]" - }, - { - "name": "SubscriptionId", - "value": "[subscription().subscriptionId]" - }, - { - "name": "TenantId", - "value": "[tenant().tenantId]" - }, - { - "name": "UserAssignedIdentityClientId", - "value": "[parameters('userAssignedIdentityClientId')]" - }, - { - "name": "VirtualMachineName", - "value": "[parameters('imageVirtualMachineName')]" - } - ], - "source": { - "script": " param(\r\n [string]$Environment,\r\n [string]$ResourceGroupName,\r\n [string]$SubscriptionId,\r\n [string]$TenantId,\r\n [string]$UserAssignedIdentityClientId,\r\n [string]$VirtualMachineName\r\n )\r\n $ErrorActionPreference = 'Stop'\r\n Connect-AzAccount -Environment $Environment -Tenant $TenantId -Subscription $SubscriptionId -Identity -AccountId $UserAssignedIdentityClientId | Out-Null\r\n Restart-AzVM -ResourceGroupName $ResourceGroupName -Name $VirtualMachineName\r\n $AgentStatus = $Null\r\n while ($Null -eq $AgentStatus) \r\n {\r\n Start-Sleep -Seconds 5\r\n $AgentStatus = (Get-AzVM -ResourceGroupName $ResourceGroupName -Name $VirtualMachineName -Status).VMAgent\r\n }\r\n " - } - } - } - ] - } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('customizations-{0}', parameters('deploymentNameSuffix')))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('management-vm-{0}', parameters('deploymentNameSuffix')))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('image-vm-{0}', parameters('deploymentNameSuffix')))]" - ] - }, - { - "condition": "[parameters('installUpdates')]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('microsoft-updates-{0}', parameters('deploymentNameSuffix'))]", - "subscriptionId": "[variables('subscriptionId')]", - "resourceGroup": "[parameters('resourceGroupName')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "imageVirtualMachineName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('image-vm-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" - }, - "location": { - "value": "[parameters('location')]" - }, - "tags": { - "value": "[parameters('tags')]" - }, - "updateService": { - "value": "[parameters('updateService')]" - }, - "wsusServer": { - "value": "[parameters('wsusServer')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "12095172867813258567" - } - }, - "parameters": { - "location": { - "type": "string" - }, - "imageVirtualMachineName": { - "type": "string" - }, - "tags": { - "type": "object" - }, - "updateService": { - "type": "string" - }, - "wsusServer": { - "type": "string" - } - }, - "resources": [ - { - "type": "Microsoft.Compute/virtualMachines/runCommands", - "apiVersion": "2023-03-01", - "name": "[format('{0}/{1}', parameters('imageVirtualMachineName'), 'install-microsoft-updates')]", - "location": "[parameters('location')]", - "properties": { - "asyncExecution": false, - "parameters": "[if(equals(parameters('updateService'), 'WSUS'), createArray(createObject('name', 'Service', 'value', parameters('updateService')), createObject('name', 'WSUSServer', 'value', parameters('wsusServer'))), createArray(createObject('name', 'Service', 'value', parameters('updateService'))))]", - "source": { - "script": " param (\r\n # The App Name to pass to the WUA API as the calling application.\r\n [Parameter()]\r\n [String]$AppName = \"Windows Update API Script\",\r\n # The search criteria to be used.\r\n [Parameter()]\r\n [String]$Criteria = \"IsInstalled=0 and Type='Software' and IsHidden=0\",\r\n [Parameter()]\r\n [bool]$ExcludePreviewUpdates = $true,\r\n # Default service (WSUS if machine is configured to use it, or MU if opted in, or WU otherwise.)\r\n [Parameter()]\r\n [ValidateSet(\"WU\",\"MU\",\"WSUS\",\"DCAT\",\"STORE\",\"OTHER\")]\r\n [string]$Service = 'MU',\r\n # The http/https fqdn for the Windows Server Update Server\r\n [Parameter()]\r\n [string]$WSUSServer\r\n )\r\n \r\n Function ConvertFrom-InstallationResult {\r\n [CmdletBinding()]\r\n param (\r\n [Parameter()]\r\n [int]$Result\r\n ) \r\n switch ($Result) {\r\n 2 { $Text = 'Succeeded' }\r\n 3 { $Text = 'Succeeded with errors' }\r\n 4 { $Text = 'Failed' }\r\n 5 { $Text = 'Cancelled' }\r\n Default { $Text = \"Unexpected ($Result)\"}\r\n } \r\n Return $Text\r\n }\r\n Start-Transcript -Path \"$env:SystemRoot\\Logs\\ImageBuild\\Install-Updates.log\"\r\n Switch ($Service.ToUpper()) {\r\n 'WU' { $ServerSelection = 2 }\r\n 'MU' { $ServerSelection = 3; $ServiceId = \"7971f918-a847-4430-9279-4a52d1efe18d\" }\r\n 'WSUS' { $ServerSelection = 1 }\r\n 'DCAT' { $ServerSelection = 3; $ServiceId = \"855E8A7C-ECB4-4CA3-B045-1DFA50104289\" }\r\n 'STORE' { $serverSelection = 3; $ServiceId = \"117cab2d-82b1-4b5a-a08c-4d62dbee7782\" }\r\n 'OTHER' { $ServerSelection = 3; $ServiceId = $Service }\r\n } \r\n If ($Service -eq 'MU') {\r\n $UpdateServiceManager = New-Object -ComObject Microsoft.Update.ServiceManager\r\n $UpdateServiceManager.ClientApplicationID = $AppName\r\n $UpdateServiceManager.AddService2(\"7971f918-a847-4430-9279-4a52d1efe18d\", 7, \"\")\r\n $null = cmd /c reg.exe ADD \"HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate\\AU\" /v AllowMUUpdateService /t REG_DWORD /d 1 /f '2>&1'\r\n Write-Output \"Added Registry entry to configure Microsoft Update. Exit Code: [$LastExitCode]\"\r\n } Elseif ($Service -eq 'WSUS' -and $WSUSServer) {\r\n $null = cmd /c reg.exe ADD \"HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate\" /v WUServer /t REG_SZ /d $WSUSServer /f '2>&1'\r\n $null = cmd /c reg.exe ADD \"HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate\" /v WUStatusServer /t REG_SZ /d $WSUSServer /f '2>&1'\r\n Write-Output \"Added Registry entry to configure WSUS Server. Exit Code: [$LastExitCode]\"\r\n } \r\n $UpdateSession = New-Object -ComObject Microsoft.Update.Session\r\n $updateSession.ClientApplicationID = $AppName \r\n $UpdateSearcher = $UpdateSession.CreateUpdateSearcher()\r\n $UpdateSearcher.ServerSelection = $ServerSelection\r\n If ($ServerSelection -eq 3) {\r\n $UpdateSearcher.ServiceId = $ServiceId\r\n }\r\n Write-Output \"Searching for Updates...\"\r\n $SearchResult = $UpdateSearcher.Search($Criteria)\r\n If ($SearchResult.Updates.Count -eq 0) {\r\n Write-Output \"There are no applicable updates.\"\r\n Write-Output \"Now Exiting\"\r\n Exit $ExitCode\r\n }\r\n Write-Output \"List of applicable items found for this computer:\"\r\n For ($i = 0; $i -lt $SearchResult.Updates.Count; $i++) {\r\n $Update = $SearchResult.Updates[$i]\r\n Write-Output \"$($i + 1) > $($update.Title)\"\r\n }\r\n $AtLeastOneAdded = $false\r\n $ExclusiveAdded = $false \r\n $UpdatesToDownload = New-Object -ComObject Microsoft.Update.UpdateColl\r\n Write-Output \"Checking search results:\"\r\n For ($i = 0; $i -lt $SearchResult.Updates.Count; $i++) {\r\n $Update = $SearchResult.Updates[$i]\r\n $AddThisUpdate = $false \r\n If ($ExclusiveAdded) {\r\n Write-Output \"$($i + 1) > skipping: '$($update.Title)' because an exclusive update has already been selected.\"\r\n } Else {\r\n $AddThisUpdate = $true\r\n } \r\n if ($ExcludePreviewUpdates -and $update.Title -like '*Preview*') {\r\n Write-Output \"$($i + 1) > Skipping: '$($update.Title)' because it is a preview update.\"\r\n $AddThisUpdate = $false\r\n } \r\n If ($AddThisUpdate) {\r\n $PropertyTest = 0\r\n $ErrorActionPreference = 'SilentlyContinue'\r\n $PropertyTest = $Update.InstallationBehavior.Impact\r\n $ErrorActionPreference = 'Stop'\r\n If ($PropertyTest -eq 2) {\r\n If ($AtLeastOneAdded) {\r\n Write-Output \"$($i + 1) > skipping: '$($update.Title)' because it is exclusive and other updates are being installed first.\"\r\n $AddThisUpdate = $false\r\n }\r\n }\r\n }\r\n If ($AddThisUpdate) {\r\n Write-Output \"$($i + 1) > adding: '$($update.Title)'\"\r\n $UpdatesToDownload.Add($Update) | out-null\r\n $AtLeastOneAdded = $true\r\n $ErrorActionPreference = 'SilentlyContinue'\r\n $PropertyTest = $Update.InstallationBehavior.Impact\r\n $ErrorActionPreference = 'Stop'\r\n If ($PropertyTest -eq 2) {\r\n Write-Output \"This update is exclusive; skipping remaining updates\"\r\n $ExclusiveAdded = $true\r\n }\r\n }\r\n } \r\n $UpdatesToInstall = New-Object -ComObject Microsoft.Update.UpdateColl\r\n Write-Output \"Downloading updates...\"\r\n $Downloader = $UpdateSession.CreateUpdateDownloader()\r\n $Downloader.Updates = $UpdatesToDownload\r\n $Downloader.Download()\r\n Write-Output \"Successfully downloaded updates:\" \r\n For ($i = 0; $i -lt $UpdatesToDownload.Count; $i++) {\r\n $Update = $UpdatesToDownload[$i]\r\n If ($Update.IsDownloaded -eq $true) {\r\n Write-Output \"$($i + 1) > $($update.title)\"\r\n $UpdatesToInstall.Add($Update) | out-null\r\n }\r\n } \r\n If ($UpdatesToInstall.Count -gt 0) {\r\n Write-Output \"Now installing updates...\"\r\n $Installer = $UpdateSession.CreateUpdateInstaller()\r\n $Installer.Updates = $UpdatesToInstall\r\n $InstallationResult = $Installer.Install()\r\n $Text = ConvertFrom-InstallationResult -Result $InstallationResult.ResultCode\r\n Write-Output \"Installation Result: $($Text)\" \r\n If ($InstallationResult.RebootRequired) {\r\n Write-Output \"Atleast one update requires a reboot to complete the installation.\"\r\n }\r\n }\r\n If ($service -eq 'MU') {\r\n Reg.exe DELETE \"HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate\\AU\" /v AllowMUUpdateService /f\r\n } Elseif ($Service -eq 'WSUS' -and $WSUSServer) {\r\n reg.exe DELETE \"HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate\" /v WUServer /f\r\n reg.exe DELETE \"HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate\" /v WUStatusServer /f\r\n }\r\n Stop-Transcript\r\n " - }, - "treatFailureAsDeploymentFailure": true - }, - "tags": "[parameters('tags')]" - } - ] - } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('restart-vm-1-{0}', parameters('deploymentNameSuffix')))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('image-vm-{0}', parameters('deploymentNameSuffix')))]" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('restart-vm-2-{0}', parameters('deploymentNameSuffix'))]", - "subscriptionId": "[variables('subscriptionId')]", - "resourceGroup": "[parameters('resourceGroupName')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "imageVirtualMachineName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('image-vm-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" - }, - "resourceGroupName": { - "value": "[parameters('resourceGroupName')]" - }, - "location": { - "value": "[parameters('location')]" - }, - "tags": { - "value": "[parameters('tags')]" - }, - "userAssignedIdentityClientId": { - "value": "[parameters('userAssignedIdentityClientId')]" - }, - "virtualMachineName": "[if(parameters('enableBuildAutomation'), createObject('value', parameters('managementVirtualMachineName')), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('management-vm-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value))]" - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "10420021406848674052" - } - }, - "parameters": { - "imageVirtualMachineName": { - "type": "string" - }, - "resourceGroupName": { - "type": "string" - }, - "location": { - "type": "string" - }, - "tags": { - "type": "object" - }, - "userAssignedIdentityClientId": { - "type": "string" - }, - "virtualMachineName": { - "type": "string" - } - }, - "resources": [ - { - "type": "Microsoft.Compute/virtualMachines/runCommands", - "apiVersion": "2023-03-01", - "name": "[format('{0}/{1}', parameters('virtualMachineName'), 'restartVirtualMachine')]", - "location": "[parameters('location')]", - "tags": "[if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), parameters('tags')['Microsoft.Compute/virtualMachines'], createObject())]", - "properties": { - "treatFailureAsDeploymentFailure": true, - "asyncExecution": false, - "parameters": [ - { - "name": "Environment", - "value": "[environment().name]" - }, - { - "name": "ResourceGroupName", - "value": "[parameters('resourceGroupName')]" - }, - { - "name": "SubscriptionId", - "value": "[subscription().subscriptionId]" - }, - { - "name": "TenantId", - "value": "[tenant().tenantId]" - }, - { - "name": "UserAssignedIdentityClientId", - "value": "[parameters('userAssignedIdentityClientId')]" - }, - { - "name": "VirtualMachineName", - "value": "[parameters('imageVirtualMachineName')]" - } - ], - "source": { - "script": " param(\r\n [string]$Environment,\r\n [string]$ResourceGroupName,\r\n [string]$SubscriptionId,\r\n [string]$TenantId,\r\n [string]$UserAssignedIdentityClientId,\r\n [string]$VirtualMachineName\r\n )\r\n $ErrorActionPreference = 'Stop'\r\n Connect-AzAccount -Environment $Environment -Tenant $TenantId -Subscription $SubscriptionId -Identity -AccountId $UserAssignedIdentityClientId | Out-Null\r\n Restart-AzVM -ResourceGroupName $ResourceGroupName -Name $VirtualMachineName\r\n $AgentStatus = $Null\r\n while ($Null -eq $AgentStatus) \r\n {\r\n Start-Sleep -Seconds 5\r\n $AgentStatus = (Get-AzVM -ResourceGroupName $ResourceGroupName -Name $VirtualMachineName -Status).VMAgent\r\n }\r\n " - } - } - } - ] - } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('management-vm-{0}', parameters('deploymentNameSuffix')))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('microsoft-updates-{0}', parameters('deploymentNameSuffix')))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('image-vm-{0}', parameters('deploymentNameSuffix')))]" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('sysprep-vm-{0}', parameters('deploymentNameSuffix'))]", - "subscriptionId": "[variables('subscriptionId')]", - "resourceGroup": "[parameters('resourceGroupName')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "location": { - "value": "[parameters('location')]" - }, - "tags": { - "value": "[parameters('tags')]" - }, - "virtualMachineName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('image-vm-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "13855748863144258342" - } - }, - "parameters": { - "location": { - "type": "string" - }, - "tags": { - "type": "object" - }, - "virtualMachineName": { - "type": "string" - } - }, - "resources": [ - { - "type": "Microsoft.Compute/virtualMachines/runCommands", - "apiVersion": "2023-03-01", - "name": "[format('{0}/{1}', parameters('virtualMachineName'), 'sysprepVirtualMachine')]", - "location": "[parameters('location')]", - "tags": "[if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), parameters('tags')['Microsoft.Compute/virtualMachines'], createObject())]", - "properties": { - "treatFailureAsDeploymentFailure": false, - "asyncExecution": true, - "parameters": [], - "source": { - "script": " Start-Sleep -Seconds 30\r\n Remove-Item -LiteralPath 'C:\\Windows\\Panther' -Force -Recurse -ErrorAction SilentlyContinue\r\n Set-ItemProperty -Path 'HKLM:\\SYSTEM\\CurrentControlSet\\Services\\cdrom' -Name 'Start' -Value 1\r\n Start-Process -File 'C:\\Windows\\System32\\Sysprep\\Sysprep.exe' -ArgumentList '/generalize /oobe /shutdown /mode:vm'\r\n " - } - } - } - ] - } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('restart-vm-1-{0}', parameters('deploymentNameSuffix')))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('restart-vm-2-{0}', parameters('deploymentNameSuffix')))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('image-vm-{0}', parameters('deploymentNameSuffix')))]" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('generalize-vm-{0}', parameters('deploymentNameSuffix'))]", - "subscriptionId": "[variables('subscriptionId')]", - "resourceGroup": "[parameters('resourceGroupName')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "imageVirtualMachineName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('image-vm-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" - }, - "resourceGroupName": { - "value": "[parameters('resourceGroupName')]" - }, - "location": { - "value": "[parameters('location')]" - }, - "tags": { - "value": "[parameters('tags')]" - }, - "userAssignedIdentityClientId": { - "value": "[parameters('userAssignedIdentityClientId')]" - }, - "virtualMachineName": "[if(parameters('enableBuildAutomation'), createObject('value', parameters('managementVirtualMachineName')), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('management-vm-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value))]" - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "1408076597272275810" - } - }, - "parameters": { - "imageVirtualMachineName": { - "type": "string" - }, - "resourceGroupName": { - "type": "string" - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]" - }, - "tags": { - "type": "object" - }, - "userAssignedIdentityClientId": { - "type": "string" - }, - "virtualMachineName": { - "type": "string" - } - }, - "resources": [ - { - "type": "Microsoft.Compute/virtualMachines/runCommands", - "apiVersion": "2023-03-01", - "name": "[format('{0}/{1}', parameters('virtualMachineName'), 'generalizeVirtualMachine')]", - "location": "[parameters('location')]", - "tags": "[if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), parameters('tags')['Microsoft.Compute/virtualMachines'], createObject())]", - "properties": { - "treatFailureAsDeploymentFailure": true, - "asyncExecution": false, - "parameters": [ - { - "name": "Environment", - "value": "[environment().name]" - }, - { - "name": "ResourceGroupName", - "value": "[parameters('resourceGroupName')]" - }, - { - "name": "SubscriptionId", - "value": "[subscription().subscriptionId]" - }, - { - "name": "TenantId", - "value": "[tenant().tenantId]" - }, - { - "name": "UserAssignedIdentityClientId", - "value": "[parameters('userAssignedIdentityClientId')]" - }, - { - "name": "VirtualMachineName", - "value": "[parameters('imageVirtualMachineName')]" - } - ], - "source": { - "script": " param(\r\n [string]$Environment,\r\n [string]$ResourceGroupName,\r\n [string]$SubscriptionId,\r\n [string]$TenantId,\r\n [string]$UserAssignedIdentityClientId,\r\n [string]$VirtualMachineName\r\n )\r\n $ErrorActionPreference = 'Stop'\r\n Connect-AzAccount -Environment $Environment -Tenant $TenantId -Subscription $SubscriptionId -Identity -AccountId $UserAssignedIdentityClientId | Out-Null\r\n $PowerStatus = ''\r\n while ($PowerStatus -ne 'VM stopped') \r\n {\r\n Start-Sleep -Seconds 5\r\n $PowerStatus = (Get-AzVM -ResourceGroupName $ResourceGroupName -Name $VirtualMachineName -Status).Statuses[1].DisplayStatus\r\n }\r\n Set-AzVm -ResourceGroupName $ResourceGroupName -Name $VirtualMachineName -Generalized\r\n Start-Sleep -Seconds 30\r\n " - } - } - } - ] - } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('management-vm-{0}', parameters('deploymentNameSuffix')))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('sysprep-vm-{0}', parameters('deploymentNameSuffix')))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('image-vm-{0}', parameters('deploymentNameSuffix')))]" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('image-version-{0}', parameters('deploymentNameSuffix'))]", - "subscriptionId": "[variables('subscriptionId')]", - "resourceGroup": "[parameters('resourceGroupName')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "computeGalleryImageResourceId": { - "value": "[parameters('computeGalleryImageResourceId')]" - }, - "computeGalleryName": { - "value": "[parameters('computeGalleryName')]" - }, - "excludeFromLatest": { - "value": "[parameters('excludeFromLatest')]" - }, - "imageDefinitionName": { - "value": "[parameters('imageDefinitionName')]" - }, - "imageVersionNumber": { - "value": "[variables('autoImageVersion')]" - }, - "imageVirtualMachineResourceId": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('image-vm-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.resourceId.value]" - }, - "location": { - "value": "[parameters('location')]" - }, - "marketplaceImageOffer": { - "value": "[parameters('marketplaceImageOffer')]" - }, - "marketplaceImagePublisher": { - "value": "[parameters('marketplaceImagePublisher')]" - }, - "replicaCount": { - "value": "[parameters('replicaCount')]" - }, - "tags": { - "value": "[parameters('tags')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "5850341894374079914" - } - }, - "parameters": { - "allowDeletionOfReplicatedLocations": { - "type": "bool", - "defaultValue": true - }, - "computeGalleryName": { - "type": "string" - }, - "computeGalleryImageResourceId": { - "type": "string" - }, - "excludeFromLatest": { - "type": "bool" - }, - "imageDefinitionName": { - "type": "string" - }, - "imageVersionNumber": { - "type": "string" - }, - "imageVirtualMachineResourceId": { - "type": "string" - }, - "location": { - "type": "string" - }, - "marketplaceImageOffer": { - "type": "string" - }, - "marketplaceImagePublisher": { - "type": "string" - }, - "replicaCount": { - "type": "int" - }, - "tags": { - "type": "object" - } - }, - "resources": [ - { - "type": "Microsoft.Compute/galleries/images", - "apiVersion": "2022-03-03", - "name": "[format('{0}/{1}', parameters('computeGalleryName'), parameters('imageDefinitionName'))]", - "location": "[parameters('location')]", - "tags": "[if(contains(parameters('tags'), 'Microsoft.Compute/galleries'), parameters('tags')['Microsoft.Compute/galleries'], createObject())]", - "properties": { - "architecture": "x64", - "features": [ - { - "name": "SecurityType", - "value": "TrustedLaunch" - } - ], - "hyperVGeneration": "V2", - "identifier": { - "offer": "[if(empty(parameters('computeGalleryImageResourceId')), parameters('marketplaceImageOffer'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('computeGalleryImageResourceId'), '/')[2], split(parameters('computeGalleryImageResourceId'), '/')[4]), 'Microsoft.Compute/galleries/images', split(parameters('computeGalleryImageResourceId'), '/')[8], split(parameters('computeGalleryImageResourceId'), '/')[10]), '2022-03-03').identifier.offer)]", - "publisher": "[if(empty(parameters('computeGalleryImageResourceId')), parameters('marketplaceImagePublisher'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('computeGalleryImageResourceId'), '/')[2], split(parameters('computeGalleryImageResourceId'), '/')[4]), 'Microsoft.Compute/galleries/images', split(parameters('computeGalleryImageResourceId'), '/')[8], split(parameters('computeGalleryImageResourceId'), '/')[10]), '2022-03-03').identifier.publisher)]", - "sku": "[parameters('imageDefinitionName')]" - }, - "osState": "Generalized", - "osType": "Windows" - } - }, - { - "type": "Microsoft.Compute/galleries/images/versions", - "apiVersion": "2022-03-03", - "name": "[format('{0}/{1}/{2}', parameters('computeGalleryName'), parameters('imageDefinitionName'), parameters('imageVersionNumber'))]", - "location": "[parameters('location')]", - "tags": "[if(contains(parameters('tags'), 'Microsoft.Compute/galleries'), parameters('tags')['Microsoft.Compute/galleries'], createObject())]", - "properties": { - "publishingProfile": { - "excludeFromLatest": "[parameters('excludeFromLatest')]", - "replicaCount": "[parameters('replicaCount')]", - "replicationMode": "Full", - "storageAccountType": "Standard_LRS", - "targetRegions": [ - { - "name": "[parameters('location')]", - "regionalReplicaCount": "[parameters('replicaCount')]", - "storageAccountType": "Standard_LRS" - } - ] - }, - "safetyProfile": { - "allowDeletionOfReplicatedLocations": "[parameters('allowDeletionOfReplicatedLocations')]" - }, - "storageProfile": { - "source": { - "id": "[parameters('imageVirtualMachineResourceId')]" - } - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Compute/galleries/images', parameters('computeGalleryName'), parameters('imageDefinitionName'))]" - ] - } - ], - "outputs": { - "imageDefinitionResourceId": { - "type": "string", - "value": "[resourceId('Microsoft.Compute/galleries/images', parameters('computeGalleryName'), parameters('imageDefinitionName'))]" - } - } - } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('generalize-vm-{0}', parameters('deploymentNameSuffix')))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('image-vm-{0}', parameters('deploymentNameSuffix')))]" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('remove-vm-{0}', parameters('deploymentNameSuffix'))]", - "subscriptionId": "[variables('subscriptionId')]", - "resourceGroup": "[parameters('resourceGroupName')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "enableBuildAutomation": { - "value": "[parameters('enableBuildAutomation')]" - }, - "imageVirtualMachineName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('image-vm-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" - }, - "location": { - "value": "[parameters('location')]" - }, - "tags": { - "value": "[parameters('tags')]" - }, - "userAssignedIdentityClientId": { - "value": "[parameters('userAssignedIdentityClientId')]" - }, - "virtualMachineName": "[if(parameters('enableBuildAutomation'), createObject('value', parameters('managementVirtualMachineName')), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('management-vm-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value))]" - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "2352439563696964014" - } - }, - "parameters": { - "enableBuildAutomation": { - "type": "bool" - }, - "imageVirtualMachineName": { - "type": "string" - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]" - }, - "tags": { - "type": "object" - }, - "userAssignedIdentityClientId": { - "type": "string" - }, - "virtualMachineName": { - "type": "string" - } - }, - "resources": [ - { - "type": "Microsoft.Compute/virtualMachines/runCommands", - "apiVersion": "2023-03-01", - "name": "[format('{0}/{1}', parameters('virtualMachineName'), 'removeVirtualMachine')]", - "location": "[parameters('location')]", - "tags": "[if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), parameters('tags')['Microsoft.Compute/virtualMachines'], createObject())]", - "properties": { - "treatFailureAsDeploymentFailure": true, - "asyncExecution": "[if(parameters('enableBuildAutomation'), false(), true())]", - "parameters": [ - { - "name": "EnableBuildAutomation", - "value": "[string(parameters('enableBuildAutomation'))]" - }, - { - "name": "Environment", - "value": "[environment().name]" - }, - { - "name": "ImageVmName", - "value": "[parameters('imageVirtualMachineName')]" - }, - { - "name": "ManagementVmName", - "value": "[parameters('virtualMachineName')]" - }, - { - "name": "ResourceGroupName", - "value": "[resourceGroup().name]" - }, - { - "name": "SubscriptionId", - "value": "[subscription().subscriptionId]" - }, - { - "name": "TenantId", - "value": "[tenant().tenantId]" - }, - { - "name": "UserAssignedIdentityClientId", - "value": "[parameters('userAssignedIdentityClientId')]" - } - ], - "source": { - "script": " param(\r\n [string]$EnableBuildAutomation,\r\n [string]$Environment,\r\n [string]$ImageVmName,\r\n [string]$ManagementVmName,\r\n [string]$ResourceGroupName,\r\n [string]$SubscriptionId,\r\n [string]$TenantId,\r\n [string]$UserAssignedIdentityClientId\r\n )\r\n $ErrorActionPreference = 'Stop'\r\n Connect-AzAccount -Environment $Environment -Tenant $TenantId -Subscription $SubscriptionId -Identity -AccountId $UserAssignedIdentityClientId | Out-Null\r\n Remove-AzVM -ResourceGroupName $ResourceGroupName -Name $ImageVmName -Force\r\n if($EnableBuildAutomation -eq 'false')\r\n {\r\n Remove-AzVM -ResourceGroupName $ResourceGroupName -Name $ManagementVmName -NoWait -Force -AsJob\r\n }\r\n " - } - } - } - ] - } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('image-version-{0}', parameters('deploymentNameSuffix')))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('management-vm-{0}', parameters('deploymentNameSuffix')))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('image-vm-{0}', parameters('deploymentNameSuffix')))]" - ] - } - ], - "outputs": { - "imageDefinitionResourceId": { - "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('image-version-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.imageDefinitionResourceId.value]" - } - } - } - }, - "dependsOn": [ - "[subscriptionResourceId('Microsoft.Resources/deployments', format('baseline-{0}', parameters('deploymentNameSuffix')))]", - "[subscriptionResourceId('Microsoft.Resources/deployments', format('build-automation-{0}', parameters('deploymentNameSuffix')))]", - "[subscriptionResourceId('Microsoft.Resources/deployments', format('tier3-{0}', parameters('deploymentNameSuffix')))]" - ] - } - ], - "outputs": { - "imageDefinitionResourceId": { - "type": "string", - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('image-build-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.imageDefinitionResourceId.value]" - } - } - } - }, - "dependsOn": [ - "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-mission-landing-zone-{0}', parameters('deploymentNameSuffix')))]" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('deploy-azure-virtual-desktop-{0}', parameters('deploymentNameSuffix'))]", - "location": "[deployment().location]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "activeDirectorySolution": { - "value": "MicrosoftEntraDomainServices" - }, - "artifactsContainerName": { - "value": "[parameters('containerName')]" - }, - "artifactsStorageAccountResourceId": { - "value": "[parameters('storageAccountResourceId')]" - }, - "availability": { - "value": "None" - }, - "avdAgentBootLoaderMsiName": { - "value": "[parameters('avdAgentBootLoaderMsiName')]" - }, - "avdAgentMsiName": { - "value": "[parameters('avdAgentMsiName')]" - }, - "avdObjectId": { - "value": "[parameters('avdObjectId')]" - }, - "azureNetAppFilesSubnetAddressPrefix": { - "value": "10.0.140.128/25" - }, - "azurePowerShellModuleMsiName": { - "value": "[parameters('azurePowerShellModuleMsiName')]" - }, - "domainJoinPassword": { - "value": "[parameters('domainJoinPassword')]" - }, - "domainJoinUserPrincipalName": { - "value": "[format('{0}@{1}', parameters('domainJoinUsername'), parameters('domainName'))]" - }, - "domainName": { - "value": "[parameters('domainName')]" - }, - "environmentAbbreviation": { - "value": "dev" - }, - "fslogixStorageService": { - "value": "AzureNetAppFiles Premium" - }, - "hostPoolPublicNetworkAccess": { - "value": "Enabled" - }, - "hubAzureFirewallResourceId": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-mission-landing-zone-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.azureFirewallResourceId.value]" - }, - "hubSubnetResourceId": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-mission-landing-zone-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.hubSubnetResourceId.value]" - }, - "hubVirtualNetworkResourceId": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-mission-landing-zone-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.hubVirtualNetworkResourceId.value]" - }, - "identifier": { - "value": "[parameters('identifier')]" - }, - "imageDefinitionResourceId": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-image-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.imageDefinitionResourceId.value]" - }, - "locationControlPlane": { - "value": "[parameters('location')]" - }, - "locationVirtualMachines": { - "value": "[parameters('location')]" - }, - "organizationalUnitPath": { - "value": "[format('OU=AADDC Computers,DC={0}', replace(parameters('domainName'), '.', ',DC='))]" - }, - "securityPrincipals": { - "value": "[parameters('securityPrincipals')]" - }, - "subnetAddressPrefixes": { - "value": [ - "10.0.140.0/25" - ] - }, - "virtualMachinePassword": { - "value": "[parameters('localAdministratorPassword')]" - }, - "virtualMachineSize": { - "value": "[parameters('virtualMachineSize')]" - }, - "virtualMachineUsername": { - "value": "[parameters('localAdministratorUsername')]" - }, - "virtualMachineVirtualCpuCount": { - "value": "[int(replace(replace(parameters('virtualMachineSize'), 'Standard_NV', ''), 'as_v4', ''))]" - }, - "virtualNetworkAddressPrefixes": { - "value": [ - "10.0.140.0/24" - ] - }, - "workspacePublicNetworkAccess": { - "value": "Enabled" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "10433674774053335579" - } - }, - "parameters": { - "activeDirectorySolution": { - "type": "string", - "allowedValues": [ - "ActiveDirectoryDomainServices", - "MicrosoftEntraDomainServices", - "MicrosoftEntraId", - "MicrosoftEntraIdIntuneEnrollment" - ], - "metadata": { - "description": "The service providing domain services for Azure Virtual Desktop. This is needed to properly configure the session hosts and if applicable, the Azure Storage Account." - } - }, - "artifactsContainerName": { - "type": "string", - "metadata": { - "description": "The name of the Azure Blobs container hosting the required artifacts." - } - }, - "artifactsStorageAccountResourceId": { - "type": "string", - "metadata": { - "description": "The resource ID for the storage account hosting the artifacts in Blob storage." - } - }, - "availability": { - "type": "string", - "defaultValue": "AvailabilityZones", - "allowedValues": [ - "AvailabilitySets", - "AvailabilityZones", - "None" - ], - "metadata": { - "description": "The desired availability option when deploying a pooled host pool. The best practice is to deploy to availability zones for the highest resilency and service level agreement." - } - }, - "avdAgentMsiName": { - "type": "string", - "metadata": { - "description": "The blob name of the MSI file for the AVD Agent installer. The file must be hosted in an Azure Blobs container with the other deployment artifacts." - } - }, - "avdAgentBootLoaderMsiName": { - "type": "string", - "metadata": { - "description": "The blob name of the MSI file for the AVD Agent Boot Loader installer. The file must be hosted in an Azure Blobs container with the other deployment artifacts." - } - }, - "avdObjectId": { - "type": "string", - "metadata": { - "description": "The object ID for the Azure Virtual Desktop enterprise application in Microsoft Entra ID. The object ID can found by selecting Microsoft Applications using the Application type filter in the Enterprise Applications blade of Microsoft Entra ID." - } - }, - "azureNetAppFilesSubnetAddressPrefix": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "The subnet address prefix for the Azure NetApp Files delegated subnet." - } - }, - "azurePowerShellModuleMsiName": { - "type": "string", - "metadata": { - "description": "The blob name of the MSI file for the Azure PowerShell Module installer. The file must be hosted in an Azure Blobs container with the other deployment artifacts." - } - }, - "customRdpProperty": { - "type": "string", - "defaultValue": "audiocapturemode:i:1;camerastoredirect:s:*;use multimon:i:0;drivestoredirect:s:;encode redirected video capture:i:1;redirected video capture encoding quality:i:1;audiomode:i:0;devicestoredirect:s:;redirectclipboard:i:0;redirectcomports:i:0;redirectlocation:i:1;redirectprinters:i:0;redirectsmartcards:i:1;redirectwebauthn:i:1;usbdevicestoredirect:s:;keyboardhook:i:2;", - "metadata": { - "description": "The RDP properties to add or remove RDP functionality on the AVD host pool. The string must end with a semi-colon. Settings reference: https://learn.microsoft.com/windows-server/remote/remote-desktop-services/clients/rdp-files" - } - }, - "desktopFriendlyName": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "The friendly name for the SessionDesktop application in the desktop application group." - } - }, - "disableBgpRoutePropagation": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Disabling BGP route propagation is a route table configuration that prevents the propagation of on-premises routes to network interfaces in the associated subnets." - } - }, - "diskSku": { - "type": "string", - "defaultValue": "Premium_LRS", - "allowedValues": [ - "Standard_LRS", - "StandardSSD_LRS", - "Premium_LRS" - ], - "metadata": { - "description": "The storage SKU for the managed disks on the AVD session hosts. Production deployments should use Premium_LRS." - } - }, - "domainJoinPassword": { - "type": "securestring", - "defaultValue": "", - "metadata": { - "description": "The password for the account to domain join the AVD session hosts." - } - }, - "domainJoinUserPrincipalName": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "The user principal name for the account to domain join the AVD session hosts." - } - }, - "domainName": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "The name of the domain that provides ADDS to the AVD session hosts." - } - }, - "drainMode": { - "type": "bool", - "defaultValue": false, - "metadata": { - "description": "The drain mode option enables drain mode for the sessions hosts in this deployment to prevent users from accessing the hosts until they have been validated." - } - }, - "environmentAbbreviation": { - "type": "string", - "defaultValue": "dev", - "allowedValues": [ - "dev", - "prod", - "test" - ], - "metadata": { - "description": "The abbreviation for the target environment." - } - }, - "fslogixShareSizeInGB": { - "type": "int", - "defaultValue": 100, - "metadata": { - "description": "The file share size(s) in GB for the Fslogix storage solution." - } - }, - "fslogixContainerType": { - "type": "string", - "defaultValue": "ProfileContainer", - "allowedValues": [ - "CloudCacheProfileContainer", - "CloudCacheProfileOfficeContainer", - "ProfileContainer", - "ProfileOfficeContainer" - ], - "metadata": { - "description": "If deploying FSLogix, select the desired type of container for user profiles. https://learn.microsoft.com/en-us/fslogix/concepts-container-types" - } - }, - "fslogixStorageService": { - "type": "string", - "defaultValue": "AzureFiles Standard", - "allowedValues": [ - "AzureNetAppFiles Premium", - "AzureNetAppFiles Standard", - "AzureFiles Premium", - "AzureFiles Standard", - "None" - ], - "metadata": { - "description": "Enable an Fslogix storage option to manage user profiles for the AVD session hosts. The selected service & SKU should provide sufficient IOPS for all of your users. https://docs.microsoft.com/en-us/azure/architecture/example-scenario/wvd/windows-virtual-desktop-fslogix#performance-requirements" - } - }, - "hostPoolPublicNetworkAccess": { - "type": "string", - "allowedValues": [ - "Disabled", - "Enabled", - "EnabledForClientsOnly", - "EnabledForSessionHostsOnly" - ], - "metadata": { - "description": "The type of public network access for the host pool." - } - }, - "hostPoolType": { - "type": "string", - "defaultValue": "Pooled DepthFirst", - "allowedValues": [ - "Pooled DepthFirst", - "Pooled BreadthFirst", - "Personal Automatic", - "Personal Direct" - ], - "metadata": { - "description": "These options specify the host pool type and depending on the type provides the load balancing options and assignment types." - } - }, - "hubAzureFirewallResourceId": { - "type": "string", - "metadata": { - "description": "The resource ID for the Azure Firewall in the HUB subscription" - } - }, - "hubSubnetResourceId": { - "type": "string", - "metadata": { - "description": "The resource ID for the subnet in the Shared Services subscription. This is required for the private endpoint on the AVD Global Workspace." - } - }, - "hubVirtualNetworkResourceId": { - "type": "string", - "metadata": { - "description": "The resource ID for the Azure Virtual Network in the HUB subscription." - } - }, - "identifier": { - "type": "string", - "defaultValue": "avd", - "maxLength": 3, - "metadata": { - "description": "The unique identifier between each business unit or project supporting AVD in your tenant. This is the unique naming component between each AVD stamp." - } - }, - "imageDefinitionResourceId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "The resource ID for the Compute Gallery Image Version. Do not set this value if using a marketplace image." - } - }, - "imageOffer": { - "type": "string", - "defaultValue": "office-365", - "metadata": { - "description": "Offer for the virtual machine image" - } - }, - "imagePublisher": { - "type": "string", - "defaultValue": "MicrosoftWindowsDesktop", - "metadata": { - "description": "Publisher for the virtual machine image" - } - }, - "imageSku": { - "type": "string", - "defaultValue": "win11-22h2-avd-m365", - "metadata": { - "description": "SKU for the virtual machine image" - } - }, - "locationControlPlane": { - "type": "string", - "defaultValue": "[deployment().location]", - "metadata": { - "description": "The deployment location for the AVD management resources." - } - }, - "locationVirtualMachines": { - "type": "string", - "defaultValue": "[deployment().location]", - "metadata": { - "description": "The deployment location for the AVD sessions hosts." - } - }, - "logAnalyticsWorkspaceRetention": { - "type": "int", - "defaultValue": 30, - "minValue": 30, - "maxValue": 730, - "metadata": { - "description": "The retention for the Log Analytics Workspace to setup the AVD monitoring solution" - } - }, - "logAnalyticsWorkspaceSku": { - "type": "string", - "defaultValue": "PerGB2018", - "allowedValues": [ - "Free", - "Standard", - "Premium", - "PerNode", - "PerGB2018", - "Standalone", - "CapacityReservation" - ], - "metadata": { - "description": "The SKU for the Log Analytics Workspace to setup the AVD monitoring solution" - } - }, - "monitoring": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Deploys the required monitoring resources to enable AVD Insights and monitor features in the automation account." - } - }, - "organizationalUnitPath": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "The distinguished name for the target Organization Unit in Active Directory Domain Services." - } - }, - "recoveryServices": { - "type": "bool", - "defaultValue": false, - "metadata": { - "description": "Enable backups to an Azure Recovery Services vault. For a pooled host pool this will enable backups on the Azure file share. For a personal host pool this will enable backups on the AVD sessions hosts." - } - }, - "scalingBeginPeakTime": { - "type": "string", - "defaultValue": "9:00", - "metadata": { - "description": "The time when session hosts will scale up and continue to stay on to support peak demand; Format 24 hours e.g. 9:00 for 9am" - } - }, - "scalingEndPeakTime": { - "type": "string", - "defaultValue": "17:00", - "metadata": { - "description": "The time when session hosts will scale down and stay off to support low demand; Format 24 hours e.g. 17:00 for 5pm" - } - }, - "scalingLimitSecondsToForceLogOffUser": { - "type": "string", - "defaultValue": "0", - "metadata": { - "description": "The number of seconds to wait before automatically signing out users. If set to 0 any session host that has user sessions will be left untouched" - } - }, - "scalingMinimumNumberOfRdsh": { - "type": "string", - "defaultValue": "0", - "metadata": { - "description": "The minimum number of session host VMs to keep running during off-peak hours. The scaling tool will not work if all virtual machines are turned off and the Start VM On Connect solution is not enabled." - } - }, - "scalingSessionThresholdPerCPU": { - "type": "string", - "defaultValue": "1", - "metadata": { - "description": "The maximum number of sessions per CPU that will be used as a threshold to determine when new session host VMs need to be started during peak hours" - } - }, - "scalingTool": { - "type": "bool", - "defaultValue": false, - "metadata": { - "description": "Deploys the required resources for the Scaling Tool. https://docs.microsoft.com/en-us/azure/virtual-desktop/scaling-automation-logic-apps" - } - }, - "securityLogAnalyticsWorkspaceResourceId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "The resource ID of the log analytics workspace used for Azure Sentinel and / or Defender for Cloud. When using the Microsoft monitoring Agent, this allows you to multihome the agent to reduce unnecessary log collection and reduce cost." - } - }, - "securityPrincipals": { - "type": "array", - "metadata": { - "description": "The array of Security Principals with their object IDs and display names to assign to the AVD Application Group and FSLogix Storage." - } - }, - "sessionHostCount": { - "type": "int", - "defaultValue": 1, - "minValue": 0, - "maxValue": 5000, - "metadata": { - "description": "The number of session hosts to deploy in the host pool. Ensure you have the approved quota to deploy the desired count." - } - }, - "sessionHostIndex": { - "type": "int", - "defaultValue": 0, - "minValue": 0, - "maxValue": 4999, - "metadata": { - "description": "The starting number for the session hosts. This is important when adding virtual machines to ensure an update deployment is not performed on an existing, active session host." - } - }, - "stampIndex": { - "type": "int", - "defaultValue": 0, - "minValue": 0, - "maxValue": 9, - "metadata": { - "description": "The stamp index allows for multiple AVD stamps with the same business unit or project to support different use cases. For example, \"0\" could be used for an office workers host pool and \"1\" could be used for a developers host pool within the \"finance\" business unit." - } - }, - "storageCount": { - "type": "int", - "defaultValue": 1, - "minValue": 0, - "maxValue": 100, - "metadata": { - "description": "The number of storage accounts to deploy to support sharding across multiple storage accounts. https://docs.microsoft.com/en-us/azure/architecture/patterns/sharding" - } - }, - "storageIndex": { - "type": "int", - "defaultValue": 0, - "minValue": 0, - "maxValue": 99, - "metadata": { - "description": "The starting number for the names of the storage accounts to support sharding across multiple storage accounts. https://docs.microsoft.com/en-us/azure/architecture/patterns/sharding" - } - }, - "subnetAddressPrefixes": { - "type": "array", - "defaultValue": [ - "10.0.140.0/24" - ], - "minLength": 1, - "maxLength": 2, - "metadata": { - "description": "The address prefix(es) for the new subnet(s) that will be created in the spoke virtual network(s). Specify only one address prefix in the array if the session hosts location and the control plan location are the same. If different locations are specified, add a second address prefix for the hosts virtual network." - } - }, - "tags": { - "type": "object", - "defaultValue": {}, - "metadata": { - "description": "The Key / value pairs of metadata for the Azure resource groups and resources." - } - }, - "timestamp": { - "type": "string", - "defaultValue": "[utcNow('yyyyMMddhhmmss')]", - "metadata": { - "description": "DO NOT MODIFY THIS VALUE! The timestamp is needed to differentiate deployments for certain Azure resources and must be set using a parameter." - } - }, - "usersPerCore": { - "type": "int", - "defaultValue": 1, - "metadata": { - "description": "The number of users per core is used to determine the maximum number of users per session host." - } - }, - "validationEnvironment": { - "type": "bool", - "defaultValue": false, - "metadata": { - "description": "The validation environment setting on the AVD host pool determines whether the hostpool should receive AVD preview features for testing." - } - }, - "virtualMachineVirtualCpuCount": { - "type": "int", - "metadata": { - "description": "The number of virtual CPUs per virtual machine for the selected virtual machine size." - } - }, - "virtualMachineMonitoringAgent": { - "type": "string", - "defaultValue": "LogAnalyticsAgent", - "allowedValues": [ - "AzureMonitorAgent", - "LogAnalyticsAgent" - ], - "metadata": { - "description": "Input the desired monitoring agent to send events and performance counters to a log analytics workspace." - } - }, - "virtualMachinePassword": { - "type": "securestring", - "metadata": { - "description": "The local administrator password for the AVD session hosts" - } - }, - "virtualMachineSize": { - "type": "string", - "defaultValue": "Standard_D4ads_v5", - "metadata": { - "description": "The virtual machine SKU for the AVD session hosts." - } - }, - "virtualMachineUsername": { - "type": "string", - "metadata": { - "description": "The local administrator username for the AVD session hosts" - } - }, - "virtualNetworkAddressPrefixes": { - "type": "array", - "defaultValue": [ - "10.0.140.0/24" - ], - "minLength": 1, - "maxLength": 2, - "metadata": { - "description": "The address prefix for the new spoke virtual network(s). Specify only one address prefix in the array if the session hosts location and the control plan location are the same. If different locations are specified, add a second address prefix for the hosts virtual network." - } - }, - "workspaceFriendlyName": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "The friendly name for the AVD workspace that is displayed in the end-user client." - } - }, - "workspacePublicNetworkAccess": { - "type": "string", - "allowedValues": [ - "Disabled", - "Enabled" - ], - "metadata": { - "description": "The public network access setting on the AVD workspace either disables public network access or allows both public and private network access." - } - } - }, - "variables": { - "artifactsUri": "[format('https://{0}.blob.{1}/{2}/', variables('artifactsStorageAccountName'), environment().suffixes.storage, parameters('artifactsContainerName'))]", - "artifactsStorageAccountName": "[split(parameters('artifactsStorageAccountResourceId'), '/')[8]]", - "privateDnsZoneResourceIdPrefix": "[format('/subscriptions/{0}/resourceGroups/{1}/providers/Microsoft.Network/privateDnsZones/', split(parameters('hubVirtualNetworkResourceId'), '/')[2], split(parameters('hubVirtualNetworkResourceId'), '/')[4])]", - "deploymentLocations": "[union(createArray(parameters('locationControlPlane')), createArray(parameters('locationVirtualMachines')))]", - "resourceGroupsCount": "[add(add(4, length(variables('deploymentLocations'))), if(equals(parameters('fslogixStorageService'), 'None'), 0, 1))]" - }, - "resources": [ - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('Names_{0}', parameters('timestamp'))]", - "location": "[deployment().location]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "environmentAbbreviation": { - "value": "[parameters('environmentAbbreviation')]" - }, - "identifier": { - "value": "[parameters('identifier')]" - }, - "locationControlPlane": { - "value": "[parameters('locationControlPlane')]" - }, - "locationVirtualMachines": { - "value": "[parameters('locationVirtualMachines')]" - }, - "stampIndex": { - "value": "[parameters('stampIndex')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "13248824573115289793" - } - }, - "parameters": { - "environmentAbbreviation": { - "type": "string" - }, - "identifier": { - "type": "string" - }, - "locationControlPlane": { - "type": "string" - }, - "locationVirtualMachines": { - "type": "string" - }, - "stampIndex": { - "type": "int" - } - }, - "variables": { - "$fxv#0": { - "AzureChina": { - "chinaeast": { - "abbreviation": "cne", - "recoveryServicesGeo": "sha", - "timeDifference": "+8:00", - "timeZone": "China Standard Time" - }, - "chinaeast2": { - "abbreviation": "cne2", - "recoveryServicesGeo": "sha2", - "timeDifference": "+8:00", - "timeZone": "China Standard Time" - }, - "chinanorth": { - "abbreviation": "cnn", - "recoveryServicesGeo": "bjb", - "timeDifference": "+8:00", - "timeZone": "China Standard Time" - }, - "chinanorth2": { - "abbreviation": "cnn2", - "recoveryServicesGeo": "bjb2", - "timeDifference": "+8:00", - "timeZone": "China Standard Time" - } - }, - "AzureCloud": { - "australiacentral": { - "abbreviation": "auc", - "recoveryServicesGeo": "acl", - "timeDifference": "+10:00", - "timeZone": "AUS Eastern Standard Time" - }, - "australiacentral2": { - "abbreviation": "auc2", - "recoveryServicesGeo": "acl2", - "timeDifference": "+10:00", - "timeZone": "AUS Eastern Standard Time" - }, - "australiaeast": { - "abbreviation": "aue", - "recoveryServicesGeo": "ae", - "timeDifference": "+10:00", - "timeZone": "AUS Eastern Standard Time" - }, - "australiasoutheast": { - "abbreviation": "ause", - "recoveryServicesGeo": "ase", - "timeDifference": "+10:00", - "timeZone": "AUS Eastern Standard Time" - }, - "brazilsouth": { - "abbreviation": "brs", - "recoveryServicesGeo": "brs", - "timeDifference": "-3:00", - "timeZone": "E. South America Standard Time" - }, - "brazilsoutheast": { - "abbreviation": "brse", - "recoveryServicesGeo": "bse", - "timeDifference": "-3:00", - "timeZone": "E. South America Standard Time" - }, - "canadacentral": { - "abbreviation": "cac", - "recoveryServicesGeo": "cnc", - "timeDifference": "-5:00", - "timeZone": "Eastern Standard Time" - }, - "canadaeast": { - "abbreviation": "cae", - "recoveryServicesGeo": "cne", - "timeDifference": "-5:00", - "timeZone": "Eastern Standard Time" - }, - "centralindia": { - "abbreviation": "inc", - "recoveryServicesGeo": "inc", - "timeDifference": "+5:30", - "timeZone": "India Standard Time" - }, - "centralus": { - "abbreviation": "usc", - "recoveryServicesGeo": "cus", - "timeDifference": "-6:00", - "timeZone": "Central Standard Time" - }, - "eastasia": { - "abbreviation": "ase", - "recoveryServicesGeo": "ea", - "timeDifference": "+8:00", - "timeZone": "China Standard Time" - }, - "eastus": { - "abbreviation": "use", - "recoveryServicesGeo": "eus", - "timeDifference": "-5:00", - "timeZone": "Eastern Standard Time" - }, - "eastus2": { - "abbreviation": "use2", - "recoveryServicesGeo": "eus2", - "timeDifference": "-5:00", - "timeZone": "Eastern Standard Time" - }, - "francecentral": { - "abbreviation": "frc", - "recoveryServicesGeo": "frc", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "francesouth": { - "abbreviation": "frs", - "recoveryServicesGeo": "frs", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "germanynorth": { - "abbreviation": "den", - "recoveryServicesGeo": "gn", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "germanywestcentral": { - "abbreviation": "dewc", - "recoveryServicesGeo": "gwc", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "israelcentral": { - "abbreviation": "ilc", - "recoveryServicesGeo": "ilc", - "timeDifference": "+2:00", - "timeZone": "Israel Standard Time" - }, - "italynorth": { - "abbreviation": "itn", - "recoveryServicesGeo": "itn", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "japaneast": { - "abbreviation": "jpe", - "recoveryServicesGeo": "jpe", - "timeDifference": "+9:00", - "timeZone": "Tokyo Standard Time" - }, - "japanwest": { - "abbreviation": "jpw", - "recoveryServicesGeo": "jpw", - "timeDifference": "+9:00", - "timeZone": "Tokyo Standard Time" - }, - "jioindiacentral": { - "abbreviation": "injc", - "recoveryServicesGeo": "jic", - "timeDifference": "+5:30", - "timeZone": "India Standard Time" - }, - "jioindiawest": { - "abbreviation": "injw", - "recoveryServicesGeo": "jiw", - "timeDifference": "+5:30", - "timeZone": "India Standard Time" - }, - "koreacentral": { - "abbreviation": "krc", - "recoveryServicesGeo": "krc", - "timeDifference": "+9:00", - "timeZone": "Korea Standard Time" - }, - "koreasouth": { - "abbreviation": "krs", - "recoveryServicesGeo": "krs", - "timeDifference": "+9:00", - "timeZone": "Korea Standard Time" - }, - "northcentralus": { - "abbreviation": "usnc", - "recoveryServicesGeo": "ncus", - "timeDifference": "-6:00", - "timeZone": "Central Standard Time" - }, - "northeurope": { - "abbreviation": "eun", - "recoveryServicesGeo": "ne", - "timeDifference": "0:00", - "timeZone": "GMT Standard Time" - }, - "norwayeast": { - "abbreviation": "noe", - "recoveryServicesGeo": "nwe", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "norwaywest": { - "abbreviation": "now", - "recoveryServicesGeo": "nww", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "polandcentral": { - "abbreviation": "plc", - "recoveryServicesGeo": "plc", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "qatarcentral": { - "abbreviation": "qac", - "recoveryServicesGeo": "qac", - "timeDifference": "+3:00", - "timeZone": "Arabian Standard Time" - }, - "southafricanorth": { - "abbreviation": "zan", - "recoveryServicesGeo": "san", - "timeDifference": "+2:00", - "timeZone": "South Africa Standard Time" - }, - "southafricawest": { - "abbreviation": "zaw", - "recoveryServicesGeo": "saw", - "timeDifference": "+2:00", - "timeZone": "South Africa Standard Time" - }, - "southcentralus": { - "abbreviation": "ussc", - "recoveryServicesGeo": "scus", - "timeDifference": "-6:00", - "timeZone": "Central Standard Time" - }, - "southeastasia": { - "abbreviation": "asse", - "recoveryServicesGeo": "sea", - "timeDifference": "+8:00", - "timeZone": "Singapore Standard Time" - }, - "southindia": { - "abbreviation": "ins", - "recoveryServicesGeo": "ins", - "timeDifference": "+5:30", - "timeZone": "India Standard Time" - }, - "swedencentral": { - "abbreviation": "sec", - "recoveryServicesGeo": "sdc", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "switzerlandnorth": { - "abbreviation": "chn", - "recoveryServicesGeo": "szn", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "switzerlandwest": { - "abbreviation": "chw", - "recoveryServicesGeo": "szw", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "uaecentral": { - "abbreviation": "aec", - "recoveryServicesGeo": "uac", - "timeDifference": "+3:00", - "timeZone": "Arabian Standard Time" - }, - "uaenorth": { - "abbreviation": "aen", - "recoveryServicesGeo": "uan", - "timeDifference": "+3:00", - "timeZone": "Arabian Standard Time" - }, - "uksouth": { - "abbreviation": "uks", - "recoveryServicesGeo": "uks", - "timeDifference": "0:00", - "timeZone": "GMT Standard Time" - }, - "ukwest": { - "abbreviation": "ukw", - "recoveryServicesGeo": "ukw", - "timeDifference": "0:00", - "timeZone": "GMT Standard Time" - }, - "westcentralus": { - "abbreviation": "uswc", - "recoveryServicesGeo": "wcus", - "timeDifference": "-7:00", - "timeZone": "Mountain Standard Time" - }, - "westeurope": { - "abbreviation": "euw", - "recoveryServicesGeo": "we", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "westindia": { - "abbreviation": "inw", - "recoveryServicesGeo": "inw", - "timeDifference": "+5:30", - "timeZone": "India Standard Time" - }, - "westus": { - "abbreviation": "usw", - "recoveryServicesGeo": "wus", - "timeDifference": "-8:00", - "timeZone": "Pacific Standard Time" - }, - "westus2": { - "abbreviation": "usw2", - "recoveryServicesGeo": "wus2", - "timeDifference": "-8:00", - "timeZone": "Pacific Standard Time" - }, - "westus3": { - "abbreviation": "usw3", - "recoveryServicesGeo": "wus3", - "timeDifference": "-7:00", - "timeZone": "Mountain Standard Time" - } - }, - "AzureUSGovernment": { - "usdodcentral": { - "abbreviation": "dodc", - "recoveryServicesGeo": "udc", - "timeDifference": "-6:00", - "timeZone": "Central Standard Time" - }, - "usdodeast": { - "abbreviation": "dode", - "recoveryServicesGeo": "ude", - "timeDifference": "-5:00", - "timeZone": "Eastern Standard Time" - }, - "usgovarizona": { - "abbreviation": "az", - "recoveryServicesGeo": "uga", - "timeDifference": "-7:00", - "timeZone": "Mountain Standard Time" - }, - "usgovtexas": { - "abbreviation": "tx", - "recoveryServicesGeo": "ugt", - "timeDifference": "-6:00", - "timeZone": "Central Standard Time" - }, - "usgovvirginia": { - "abbreviation": "va", - "recoveryServicesGeo": "ugv", - "timeDifference": "-5:00", - "timeZone": "Eastern Standard Time" - } - }, - "USNat": { - "usnateast": { - "abbreviation": "east", - "recoveryServicesGeo": "exe", - "timeDifference": "-5:00", - "timeZone": "Eastern Standard Time" - }, - "usnatwest": { - "abbreviation": "west", - "recoveryServicesGeo": "exw", - "timeDifference": "-8:00", - "timeZone": "Pacific Standard Time" - } - }, - "USSec": { - "usseceast": { - "abbreviation": "east", - "recoveryServicesGeo": "rxe", - "timeDifference": "-5:00", - "timeZone": "Eastern Standard Time" - }, - "ussecwest": { - "abbreviation": "west", - "recoveryServicesGeo": "rxw", - "timeDifference": "-8:00", - "timeZone": "Pacific Standard Time" - } - } - }, - "$fxv#1": { - "actionGroups": "ag", - "automationAccounts": "aa", - "availabilitySets": "avail", - "azureFirewalls": "afw", - "bastionHosts": "bas", - "computeGallieries": "cg", - "dataCollectionRuleAssociations": "dcra", - "dataCollectionRules": "dcr", - "desktopApplicationGroups": "vdag", - "diagnosticSettings": "diag", - "diskAccesses": "da", - "diskEncryptionSets": "des", - "disks": "disk", - "firewallPolicies": "afwp", - "hostPools": "vdpool", - "ipConfigurations": "ipconf", - "keyVaults": "kv", - "logAnalyticsWorkspaces": "log", - "netAppAccounts": "naa", - "netAppCapacityPools": "nacp", - "networkInterfaces": "nic", - "networkSecurityGroups": "nsg", - "networkWatchers": "nw", - "privateEndpoints": "pe", - "privateLinkScopes": "pls", - "publicIPAddresses": "pip", - "recoveryServicesVaults": "rsv", - "remoteApplicationGroups": "vdag", - "resourceGroups": "rg", - "routeTables": "rt", - "storageAccounts": "st", - "subnets": "snet", - "userAssignedIdentities": "id", - "virtualMachines": "vm", - "virtualNetworks": "vnet", - "workspaces": "vdws" - }, - "resourceAbbreviation": "resourceAbbreviation", - "serviceName": "serviceName", - "networkName": "avd", - "locationAbbreviation": "locationAbbreviation", - "namingConvention": "[format('{0}-{1}-{2}-{3}-{4}-{5}-{6}', parameters('identifier'), parameters('stampIndex'), variables('resourceAbbreviation'), variables('serviceName'), variables('networkName'), parameters('environmentAbbreviation'), variables('locationAbbreviation'))]", - "namingConvention_Global": "[format('{0}-{1}-{2}-{3}-{4}', variables('resourceAbbreviation'), variables('serviceName'), variables('networkName'), parameters('environmentAbbreviation'), variables('locationAbbreviation'))]", - "namingConvention_Shared": "[format('{0}-{1}-{2}-{3}-{4}-{5}', parameters('identifier'), variables('resourceAbbreviation'), variables('serviceName'), variables('networkName'), parameters('environmentAbbreviation'), variables('locationAbbreviation'))]", - "cloudEndpointSuffix": "[replace(replace(environment().resourceManager, 'https://management.', ''), '/', '')]", - "privateDnsZoneSuffixes_AzureAutomation": { - "AzureCloud": "net", - "AzureUSGovernment": "us" - }, - "privateDnsZoneSuffixes_AzureVirtualDesktop": { - "AzureCloud": "microsoft.com", - "AzureUSGovernment": "azure.us" - }, - "privateDnsZoneSuffixes_Backup": { - "AzureCloud": "windowsazure.com", - "AzureUSGovernment": "windowsazure.us" - }, - "privateDnsZoneSuffixes_Monitor": { - "AzureCloud": "azure.com", - "AzureUSGovernment": "azure.us" - }, - "locations": "[variables('$fxv#0')[environment().name]]", - "resourceAbbreviations": "[variables('$fxv#1')]", - "resources": { - "agentSvcPrivateDnsZoneName": "[format('privatelink.agentsvc.azure-automation.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureAutomation')[environment().name], variables('cloudEndpointSuffix')))]", - "automationAccountDiagnosticSettingName": "[replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').diagnosticSettings), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", - "automationAccountName": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').automationAccounts), format('-{0}', variables('serviceName')), ''), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", - "automationAccountNetworkInterfaceName": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').networkInterfaces), variables('serviceName'), format('DSCAndHybridWorker-{0}', variables('resourceAbbreviations').automationAccounts)), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", - "automationAccountPrivateEndpointName": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').privateEndpoints), variables('serviceName'), format('DSCAndHybridWorker-{0}', variables('resourceAbbreviations').automationAccounts)), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", - "availabilitySetNamePrefix": "[format('{0}-', replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').availabilitySets), format('-{0}', variables('serviceName')), ''), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation))]", - "avdGlobalPrivateDnsZoneName": "[format('privatelink-global.wvd.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureVirtualDesktop')[environment().name], variables('cloudEndpointSuffix')))]", - "avdPrivateDnsZoneName": "[format('privatelink.wvd.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureVirtualDesktop')[environment().name], variables('cloudEndpointSuffix')))]", - "azureAutomationPrivateDnsZoneName": "[format('privatelink.azure-automation.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureAutomation')[environment().name], variables('cloudEndpointSuffix')))]", - "backupPrivateDnsZoneName": "[format('privatelink.{0}.backup.{1}', variables('locations')[parameters('locationVirtualMachines')].recoveryServicesGeo, coalesce(variables('privateDnsZoneSuffixes_Backup')[environment().name], variables('cloudEndpointSuffix')))]", - "blobPrivateDnsZoneName": "[format('privatelink.blob.{0}', environment().suffixes.storage)]", - "dataCollectionRuleAssociationName": "[format('{0}-avdi', replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').dataCollectionRuleAssociations), format('-{0}', variables('serviceName')), ''), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation))]", - "dataCollectionRuleName": "[format('microsoft-avdi-{0}', variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", - "desktopApplicationGroupName": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').desktopApplicationGroups), format('-{0}', variables('serviceName')), ''), variables('locationAbbreviation'), variables('locations')[parameters('locationControlPlane')].abbreviation)]", - "diskAccessName": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').diskAccesses), format('-{0}', variables('serviceName')), ''), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", - "diskEncryptionSetName": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').diskEncryptionSets), format('-{0}', variables('serviceName')), ''), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", - "diskNamePrefix": "[replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').disks), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", - "filePrivateDnsZoneName": "[format('privatelink.file.{0}', environment().suffixes.storage)]", - "fileShareNames": { - "CloudCacheProfileContainer": [ - "profile-containers" - ], - "CloudCacheProfileOfficeContainer": [ - "office-containers", - "profile-containers" - ], - "ProfileContainer": [ - "profile-containers" - ], - "ProfileOfficeContainer": [ - "office-containers", - "profile-containers" - ] - }, - "hostPoolDiagnosticSettingName": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').diagnosticSettings), variables('serviceName'), variables('resourceAbbreviations').hostPools), variables('locationAbbreviation'), variables('locations')[parameters('locationControlPlane')].abbreviation)]", - "hostPoolName": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').hostPools), format('-{0}', variables('serviceName')), ''), variables('locationAbbreviation'), variables('locations')[parameters('locationControlPlane')].abbreviation)]", - "hostPoolNetworkInterfaceName": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').networkInterfaces), variables('serviceName'), variables('resourceAbbreviations').hostPools), variables('locationAbbreviation'), variables('locations')[parameters('locationControlPlane')].abbreviation)]", - "hostPoolPrivateEndpointName": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').privateEndpoints), variables('serviceName'), variables('resourceAbbreviations').hostPools), variables('locationAbbreviation'), variables('locations')[parameters('locationControlPlane')].abbreviation)]", - "keyVaultName": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').keyVaults), format('-{0}', variables('serviceName')), ''), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", - "keyVaultNetworkInterfaceName": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').networkInterfaces), variables('serviceName'), variables('resourceAbbreviations').keyVaults), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", - "keyVaultPrivateDnsZoneName": "[replace(format('privatelink{0}', environment().suffixes.keyvaultDns), 'vault', 'vaultcore')]", - "keyVaultPrivateEndpointName": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').privateEndpoints), variables('serviceName'), variables('resourceAbbreviations').keyVaults), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", - "logAnalyticsWorkspaceName": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').logAnalyticsWorkspaces), format('-{0}', variables('serviceName')), ''), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", - "netAppAccountName": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').netAppAccounts), format('-{0}', variables('serviceName')), ''), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", - "netAppCapacityPoolName": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').netAppCapacityPools), format('-{0}', variables('serviceName')), ''), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", - "networkInterfaceNamePrefix": "[replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').networkInterfaces), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", - "networkSecurityGroupNames": [ - "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').networkSecurityGroups), format('-{0}', variables('serviceName')), ''), variables('locationAbbreviation'), variables('locations')[parameters('locationControlPlane')].abbreviation)]", - "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').networkSecurityGroups), format('-{0}', variables('serviceName')), ''), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]" - ], - "monitorPrivateDnsZoneName": "[format('privatelink.monitor.{0}', coalesce(variables('privateDnsZoneSuffixes_Monitor')[environment().name], variables('cloudEndpointSuffix')))]", - "odsOpinsightsPrivateDnsZoneName": "[format('privatelink.ods.opinsights.{0}', coalesce(variables('privateDnsZoneSuffixes_Monitor')[environment().name], variables('cloudEndpointSuffix')))]", - "omsOpinsightsPrivateDnsZoneName": "[format('privatelink.oms.opinsights.{0}', coalesce(variables('privateDnsZoneSuffixes_Monitor')[environment().name], variables('cloudEndpointSuffix')))]", - "queuePrivateDnsZoneName": "[format('privatelink.queue.{0}', environment().suffixes.storage)]", - "recoveryServicesVaultName": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').recoveryServicesVaults), format('-{0}', variables('serviceName')), ''), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", - "recoveryServicesVaultNetworkInterfaceName": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').networkInterfaces), variables('serviceName'), variables('resourceAbbreviations').recoveryServicesVaults), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", - "recoveryServicesVaultPrivateEndpointName": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').privateEndpoints), variables('serviceName'), variables('resourceAbbreviations').recoveryServicesVaults), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", - "resourceGroupControlPlane": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').resourceGroups), variables('serviceName'), 'controlPlane'), variables('locationAbbreviation'), variables('locations')[parameters('locationControlPlane')].abbreviation)]", - "resourceGroupFeedWorkspace": "[replace(replace(replace(variables('namingConvention_Shared'), variables('resourceAbbreviation'), variables('resourceAbbreviations').resourceGroups), variables('serviceName'), 'feedWorkspace'), variables('locationAbbreviation'), variables('locations')[parameters('locationControlPlane')].abbreviation)]", - "resourceGroupGlobalWorkspace": "[replace(replace(replace(variables('namingConvention_Global'), variables('resourceAbbreviation'), variables('resourceAbbreviations').resourceGroups), variables('serviceName'), 'globalWorkspace'), variables('locationAbbreviation'), variables('locations')[parameters('locationControlPlane')].abbreviation)]", - "resourceGroupHosts": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').resourceGroups), variables('serviceName'), 'sessionHosts'), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", - "resourceGroupManagement": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').resourceGroups), variables('serviceName'), 'management'), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", - "resourceGroupsNetwork": [ - "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').resourceGroups), variables('serviceName'), 'network'), variables('locationAbbreviation'), variables('locations')[parameters('locationControlPlane')].abbreviation)]", - "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').resourceGroups), variables('serviceName'), 'network'), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]" - ], - "resourceGroupStorage": "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').resourceGroups), variables('serviceName'), 'profileStorage'), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", - "routeTableNames": [ - "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').routeTables), format('-{0}', variables('serviceName')), ''), variables('locationAbbreviation'), variables('locations')[parameters('locationControlPlane')].abbreviation)]", - "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').routeTables), format('-{0}', variables('serviceName')), ''), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]" - ], - "storageAccountNamePrefix": "[replace(replace(replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').storageAccounts), format('-{0}', variables('serviceName')), ''), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation), parameters('environmentAbbreviation'), first(parameters('environmentAbbreviation'))), '-', '')]", - "storageAccountNetworkInterfaceNamePrefix": "[replace(replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').networkInterfaces), variables('serviceName'), variables('resourceAbbreviations').storageAccounts), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation), parameters('environmentAbbreviation'), first(parameters('environmentAbbreviation')))]", - "storageAccountPrivateEndpointNamePrefix": "[replace(replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').privateEndpoints), variables('serviceName'), variables('resourceAbbreviations').storageAccounts), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation), parameters('environmentAbbreviation'), first(parameters('environmentAbbreviation')))]", - "userAssignedIdentityNamePrefix": "[replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').userAssignedIdentities), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]", - "virtualMachineNamePrefix": "[replace(replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').virtualMachines), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation), parameters('environmentAbbreviation'), first(parameters('environmentAbbreviation'))), '-', '')]", - "virtualNetworkNames": [ - "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').virtualNetworks), format('-{0}', variables('serviceName')), ''), variables('locationAbbreviation'), variables('locations')[parameters('locationControlPlane')].abbreviation)]", - "[replace(replace(replace(variables('namingConvention'), variables('resourceAbbreviation'), variables('resourceAbbreviations').virtualNetworks), format('-{0}', variables('serviceName')), ''), variables('locationAbbreviation'), variables('locations')[parameters('locationVirtualMachines')].abbreviation)]" - ], - "workspaceFeedDiagnosticSettingName": "[replace(replace(replace(variables('namingConvention_Shared'), variables('resourceAbbreviation'), variables('resourceAbbreviations').diagnosticSettings), variables('serviceName'), format('feed-{0}', variables('resourceAbbreviations').workspaces)), variables('locationAbbreviation'), variables('locations')[parameters('locationControlPlane')].abbreviation)]", - "workspaceFeedName": "[replace(replace(replace(variables('namingConvention_Shared'), variables('resourceAbbreviation'), format('feed-{0}', variables('resourceAbbreviations').workspaces)), format('-{0}', variables('serviceName')), ''), variables('locationAbbreviation'), variables('locations')[parameters('locationControlPlane')].abbreviation)]", - "workspaceFeedNetworkInterfaceName": "[replace(replace(replace(variables('namingConvention_Shared'), variables('resourceAbbreviation'), variables('resourceAbbreviations').networkInterfaces), variables('serviceName'), format('feed-{0}', variables('resourceAbbreviations').workspaces)), variables('locationAbbreviation'), variables('locations')[parameters('locationControlPlane')].abbreviation)]", - "workspaceFeedPrivateEndpointName": "[replace(replace(replace(variables('namingConvention_Shared'), variables('resourceAbbreviation'), variables('resourceAbbreviations').privateEndpoints), variables('serviceName'), format('feed-{0}', variables('resourceAbbreviations').workspaces)), variables('locationAbbreviation'), variables('locations')[parameters('locationControlPlane')].abbreviation)]", - "workspaceFriendlyName": "[replace(replace(replace(variables('namingConvention_Shared'), variables('resourceAbbreviation'), variables('resourceAbbreviations').workspaces), format('-{0}', variables('serviceName')), ''), variables('locationAbbreviation'), variables('locations')[parameters('locationControlPlane')].abbreviation)]", - "workspaceGlobalName": "[replace(replace(replace(variables('namingConvention_Global'), variables('resourceAbbreviation'), format('global-{0}', variables('resourceAbbreviations').workspaces)), format('-{0}', variables('serviceName')), ''), variables('locationAbbreviation'), variables('locations')[parameters('locationControlPlane')].abbreviation)]", - "workspaceGlobalNetworkInterfaceName": "[replace(replace(replace(variables('namingConvention_Global'), variables('resourceAbbreviation'), variables('resourceAbbreviations').networkInterfaces), variables('serviceName'), format('global-{0}', variables('resourceAbbreviations').workspaces)), variables('locationAbbreviation'), variables('locations')[parameters('locationControlPlane')].abbreviation)]", - "workspaceGlobalPrivateEndpointName": "[replace(replace(replace(variables('namingConvention_Global'), variables('resourceAbbreviation'), variables('resourceAbbreviations').privateEndpoints), variables('serviceName'), format('global-{0}', variables('resourceAbbreviations').workspaces)), variables('locationAbbreviation'), variables('locations')[parameters('locationControlPlane')].abbreviation)]" - } - }, - "resources": [], - "outputs": { - "locations": { - "type": "object", - "value": "[variables('locations')]" - }, - "networkName": { - "type": "string", - "value": "[variables('networkName')]" - }, - "resources": { - "type": "object", - "value": "[variables('resources')]" - }, - "serviceName": { - "type": "string", - "value": "[variables('serviceName')]" - } - } - } - } - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('Logic_{0}', parameters('timestamp'))]", - "location": "[deployment().location]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "activeDirectorySolution": { - "value": "[parameters('activeDirectorySolution')]" - }, - "deploymentLocations": { - "value": "[variables('deploymentLocations')]" - }, - "diskSku": { - "value": "[parameters('diskSku')]" - }, - "domainName": { - "value": "[parameters('domainName')]" - }, - "fileShareNames": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.fileShareNames]" - }, - "fslogixContainerType": { - "value": "[parameters('fslogixContainerType')]" - }, - "fslogixStorageService": { - "value": "[parameters('fslogixStorageService')]" - }, - "hostPoolType": { - "value": "[parameters('hostPoolType')]" - }, - "imageOffer": { - "value": "[parameters('imageOffer')]" - }, - "imagePublisher": { - "value": "[parameters('imagePublisher')]" - }, - "imageSku": { - "value": "[parameters('imageSku')]" - }, - "locations": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.locations.value]" - }, - "locationVirtualMachines": { - "value": "[parameters('locationVirtualMachines')]" - }, - "resourceGroupControlPlane": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.resourceGroupControlPlane]" - }, - "resourceGroupFeedWorkspace": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.resourceGroupFeedWorkspace]" - }, - "resourceGroupHosts": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.resourceGroupHosts]" - }, - "resourceGroupManagement": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.resourceGroupManagement]" - }, - "resourceGroupsNetwork": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.resourceGroupsNetwork]" - }, - "resourceGroupStorage": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.resourceGroupStorage]" - }, - "securityPrincipals": { - "value": "[parameters('securityPrincipals')]" - }, - "sessionHostCount": { - "value": "[parameters('sessionHostCount')]" - }, - "sessionHostIndex": { - "value": "[parameters('sessionHostIndex')]" - }, - "virtualMachineNamePrefix": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.virtualMachineNamePrefix]" - }, - "virtualMachineSize": { - "value": "[parameters('virtualMachineSize')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "6260587950048763741" - } - }, - "parameters": { - "activeDirectorySolution": { - "type": "string" - }, - "deploymentLocations": { - "type": "array" - }, - "diskSku": { - "type": "string" - }, - "domainName": { - "type": "string" - }, - "fileShareNames": { - "type": "object" - }, - "fslogixContainerType": { - "type": "string" - }, - "fslogixStorageService": { - "type": "string" - }, - "hostPoolType": { - "type": "string" - }, - "imageOffer": { - "type": "string" - }, - "imagePublisher": { - "type": "string" - }, - "imageSku": { - "type": "string" - }, - "locations": { - "type": "object" - }, - "locationVirtualMachines": { - "type": "string" - }, - "resourceGroupControlPlane": { - "type": "string" - }, - "resourceGroupFeedWorkspace": { - "type": "string" - }, - "resourceGroupHosts": { - "type": "string" - }, - "resourceGroupManagement": { - "type": "string" - }, - "resourceGroupsNetwork": { - "type": "array" - }, - "resourceGroupStorage": { - "type": "string" - }, - "securityPrincipals": { - "type": "array" - }, - "sessionHostCount": { - "type": "int" - }, - "sessionHostIndex": { - "type": "int" - }, - "virtualMachineNamePrefix": { - "type": "string" - }, - "virtualMachineSize": { - "type": "string" - } - }, - "variables": { - "maxResourcesPerTemplateDeployment": 88, - "divisionValue": "[div(parameters('sessionHostCount'), variables('maxResourcesPerTemplateDeployment'))]", - "divisionRemainderValue": "[mod(parameters('sessionHostCount'), variables('maxResourcesPerTemplateDeployment'))]", - "sessionHostBatchCount": "[if(greater(variables('divisionRemainderValue'), 0), add(variables('divisionValue'), 1), variables('divisionValue'))]", - "maxAvSetMembers": 200, - "beginAvSetRange": "[div(parameters('sessionHostIndex'), variables('maxAvSetMembers'))]", - "endAvSetRange": "[div(add(parameters('sessionHostCount'), parameters('sessionHostIndex')), variables('maxAvSetMembers'))]", - "availabilitySetsCount": "[length(range(variables('beginAvSetRange'), add(sub(variables('endAvSetRange'), variables('beginAvSetRange')), 1)))]", - "fileShares": "[parameters('fileShareNames')[parameters('fslogixContainerType')]]", - "fslogix": "[if(or(equals(parameters('fslogixStorageService'), 'None'), not(contains(parameters('activeDirectorySolution'), 'DomainServices'))), false(), true())]", - "netbios": "[split(parameters('domainName'), '.')[0]]", - "pooledHostPool": "[if(equals(split(parameters('hostPoolType'), ' ')[0], 'Pooled'), true(), false())]", - "resourceGroups": "[union(variables('resourceGroupsCommon'), variables('resourceGroupsNetworking'), variables('resourceGroupsStorage'))]", - "resourceGroupsCommon": [ - "[parameters('resourceGroupControlPlane')]", - "[parameters('resourceGroupFeedWorkspace')]", - "[parameters('resourceGroupHosts')]", - "[parameters('resourceGroupManagement')]" - ], - "resourceGroupsNetworking": "[if(equals(length(parameters('deploymentLocations')), 2), parameters('resourceGroupsNetwork'), createArray(parameters('resourceGroupsNetwork')[0]))]", - "resourceGroupsStorage": "[if(variables('fslogix'), createArray(parameters('resourceGroupStorage')), createArray())]", - "roleDefinitions": { - "DesktopVirtualizationPowerOnContributor": "489581de-a3bd-480d-9518-53dea7416b33", - "DesktopVirtualizationUser": "1d18fff3-a72a-46b5-b4a9-0b38a3cd7e63", - "Reader": "acdd72a7-3385-48ef-bd42-f606fba81ae7", - "VirtualMachineUserLogin": "fb879df8-f326-4884-b1cf-06f3ad86be52" - }, - "securityPrincipalsCount": "[length(parameters('securityPrincipals'))]", - "smbServerLocation": "[parameters('locations')[parameters('locationVirtualMachines')].abbreviation]", - "storageSku": "[if(equals(parameters('fslogixStorageService'), 'None'), 'None', split(parameters('fslogixStorageService'), ' ')[1])]", - "storageService": "[split(parameters('fslogixStorageService'), ' ')[0]]", - "storageSuffix": "[environment().suffixes.storage]", - "timeDifference": "[parameters('locations')[parameters('locationVirtualMachines')].timeDifference]", - "timeZone": "[parameters('locations')[parameters('locationVirtualMachines')].timeZone]", - "vmTemplate": "[format('{{\"domain\":\"{0}\",\"galleryImageOffer\":\"{1}\",\"galleryImagePublisher\":\"{2}\",\"galleryImageSKU\":\"{3}\",\"imageType\":\"Gallery\",\"imageUri\":null,\"customImageId\":null,\"namePrefix\":\"{4}\",\"osDiskType\":\"{5}\",\"useManagedDisks\":true,\"VirtualMachineSize\":{{\"id\":\"{6}\",\"cores\":null,\"ram\":null}},\"galleryItemId\":\"{7}.{8}{9}\"}}', parameters('domainName'), parameters('imageOffer'), parameters('imagePublisher'), parameters('imageSku'), parameters('virtualMachineNamePrefix'), parameters('diskSku'), parameters('virtualMachineSize'), parameters('imagePublisher'), parameters('imageOffer'), parameters('imageSku'))]" - }, - "resources": [], - "outputs": { - "availabilitySetsCount": { - "type": "int", - "value": "[variables('availabilitySetsCount')]" - }, - "beginAvSetRange": { - "type": "int", - "value": "[variables('beginAvSetRange')]" - }, - "divisionRemainderValue": { - "type": "int", - "value": "[variables('divisionRemainderValue')]" - }, - "fileShares": { - "type": "array", - "value": "[variables('fileShares')]" - }, - "fslogix": { - "type": "bool", - "value": "[variables('fslogix')]" - }, - "maxResourcesPerTemplateDeployment": { - "type": "int", - "value": "[variables('maxResourcesPerTemplateDeployment')]" - }, - "netbios": { - "type": "string", - "value": "[variables('netbios')]" - }, - "pooledHostPool": { - "type": "bool", - "value": "[variables('pooledHostPool')]" - }, - "resourceGroups": { - "type": "array", - "value": "[variables('resourceGroups')]" - }, - "roleDefinitions": { - "type": "object", - "value": "[variables('roleDefinitions')]" - }, - "sessionHostBatchCount": { - "type": "int", - "value": "[variables('sessionHostBatchCount')]" - }, - "securityPrincipalsCount": { - "type": "int", - "value": "[variables('securityPrincipalsCount')]" - }, - "smbServerLocation": { - "type": "string", - "value": "[variables('smbServerLocation')]" - }, - "storageSku": { - "type": "string", - "value": "[variables('storageSku')]" - }, - "storageService": { - "type": "string", - "value": "[variables('storageService')]" - }, - "storageSuffix": { - "type": "string", - "value": "[variables('storageSuffix')]" - }, - "timeDifference": { - "type": "string", - "value": "[variables('timeDifference')]" - }, - "timeZone": { - "type": "string", - "value": "[variables('timeZone')]" - }, - "vmTemplate": { - "type": "string", - "value": "[variables('vmTemplate')]" - } - } - } - }, - "dependsOn": [ - "[subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp')))]" - ] - }, - { - "copy": { - "name": "rgs", - "count": "[length(range(0, variables('resourceGroupsCount')))]" - }, - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('ResourceGroup_{0}_{1}', range(0, variables('resourceGroupsCount'))[copyIndex()], parameters('timestamp'))]", - "location": "[deployment().location]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "location": "[if(or(contains(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp'))), '2022-09-01').outputs.resourceGroups.value[range(0, variables('resourceGroupsCount'))[copyIndex()]], 'controlPlane'), contains(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp'))), '2022-09-01').outputs.resourceGroups.value[range(0, variables('resourceGroupsCount'))[copyIndex()]], 'feedWorkspace')), createObject('value', parameters('locationControlPlane')), createObject('value', parameters('locationVirtualMachines')))]", - "resourceGroupName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp'))), '2022-09-01').outputs.resourceGroups.value[range(0, variables('resourceGroupsCount'))[copyIndex()]]]" - }, - "tags": { - "value": "[parameters('tags')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "14500695625135566681" - } - }, - "parameters": { - "location": { - "type": "string" - }, - "resourceGroupName": { - "type": "string" - }, - "tags": { - "type": "object" - } - }, - "resources": [ - { - "type": "Microsoft.Resources/resourceGroups", - "apiVersion": "2020-10-01", - "name": "[parameters('resourceGroupName')]", - "location": "[parameters('location')]", - "tags": "[if(contains(parameters('tags'), 'Microsoft.Resources/resourceGroups'), parameters('tags')['Microsoft.Resources/resourceGroups'], createObject())]" - } - ] - } - }, - "dependsOn": [ - "[subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp')))]" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('Network_ControlPlane_{0}', parameters('timestamp'))]", - "location": "[deployment().location]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "azureNetAppFilesSubnetAddressPrefix": "[if(and(not(empty(parameters('azureNetAppFilesSubnetAddressPrefix'))), equals(length(variables('deploymentLocations')), 1)), createObject('value', parameters('azureNetAppFilesSubnetAddressPrefix')), createObject('value', ''))]", - "disableBgpRoutePropagation": { - "value": "[parameters('disableBgpRoutePropagation')]" - }, - "hubAzureFirewallResourceId": { - "value": "[parameters('hubAzureFirewallResourceId')]" - }, - "hubVirtualNetworkResourceId": { - "value": "[parameters('hubVirtualNetworkResourceId')]" - }, - "index": { - "value": 0 - }, - "location": { - "value": "[variables('deploymentLocations')[0]]" - }, - "networkSecurityGroupName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.networkSecurityGroupNames[0]]" - }, - "resourceGroupNetwork": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.resourceGroupsNetwork[0]]" - }, - "routeTableName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.routeTableNames[0]]" - }, - "subnetAddressPrefixes": { - "value": "[parameters('subnetAddressPrefixes')]" - }, - "timestamp": { - "value": "[parameters('timestamp')]" - }, - "virtualNetworkAddressPrefixes": { - "value": "[parameters('virtualNetworkAddressPrefixes')]" - }, - "virtualNetworkName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.virtualNetworkNames[0]]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "4854107194195472449" - } - }, - "parameters": { - "azureNetAppFilesSubnetAddressPrefix": { - "type": "string" - }, - "disableBgpRoutePropagation": { - "type": "bool" - }, - "hubAzureFirewallResourceId": { - "type": "string" - }, - "hubVirtualNetworkResourceId": { - "type": "string" - }, - "index": { - "type": "int" - }, - "location": { - "type": "string" - }, - "networkSecurityGroupName": { - "type": "string" - }, - "subnetAddressPrefixes": { - "type": "array" - }, - "resourceGroupNetwork": { - "type": "string" - }, - "routeTableName": { - "type": "string" - }, - "timestamp": { - "type": "string" - }, - "virtualNetworkAddressPrefixes": { - "type": "array" + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "15276628086161283630" + } + }, + "parameters": { + "blobsPrivateDnsZoneResourceId": { + "type": "string" + }, + "keyVaultUri": { + "type": "string" + }, + "logStorageSkuName": { + "type": "string" + }, + "location": { + "type": "string" + }, + "mlzTags": { + "type": "object" + }, + "network": { + "type": "object" + }, + "resourceGroupName": { + "type": "string" + }, + "serviceToken": { + "type": "string" + }, + "storageEncryptionKeyName": { + "type": "string" + }, + "subnetResourceId": { + "type": "string" + }, + "tablesPrivateDnsZoneResourceId": { + "type": "string" + }, + "tags": { + "type": "object" + }, + "userAssignedIdentityResourceId": { + "type": "string" + } + }, + "resources": [ + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "storage", + "subscriptionId": "[parameters('network').subscriptionId]", + "resourceGroup": "[parameters('resourceGroupName')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "blobsPrivateDnsZoneResourceId": { + "value": "[parameters('blobsPrivateDnsZoneResourceId')]" + }, + "keyVaultUri": { + "value": "[parameters('keyVaultUri')]" + }, + "location": { + "value": "[parameters('location')]" + }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, + "serviceToken": { + "value": "[parameters('serviceToken')]" + }, + "skuName": { + "value": "[parameters('logStorageSkuName')]" + }, + "storageAccountName": { + "value": "[parameters('network').namingConvention.storageAccount]" + }, + "storageAccountNetworkInterfaceNamePrefix": { + "value": "[parameters('network').namingConvention.storageAccountNetworkInterface]" + }, + "storageAccountPrivateEndpointNamePrefix": { + "value": "[parameters('network').namingConvention.storageAccountPrivateEndpoint]" + }, + "storageEncryptionKeyName": { + "value": "[parameters('storageEncryptionKeyName')]" + }, + "subnetResourceId": { + "value": "[parameters('subnetResourceId')]" + }, + "tablesPrivateDnsZoneResourceId": { + "value": "[parameters('tablesPrivateDnsZoneResourceId')]" + }, + "tags": { + "value": "[parameters('tags')]" + }, + "userAssignedIdentityResourceId": { + "value": "[parameters('userAssignedIdentityResourceId')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "6116693144339389145" + } + }, + "parameters": { + "blobsPrivateDnsZoneResourceId": { + "type": "string" + }, + "keyVaultUri": { + "type": "string" + }, + "location": { + "type": "string" + }, + "mlzTags": { + "type": "object" + }, + "serviceToken": { + "type": "string" + }, + "skuName": { + "type": "string" + }, + "storageAccountName": { + "type": "string" + }, + "storageAccountNetworkInterfaceNamePrefix": { + "type": "string" + }, + "storageAccountPrivateEndpointNamePrefix": { + "type": "string" + }, + "storageEncryptionKeyName": { + "type": "string" + }, + "subnetResourceId": { + "type": "string" + }, + "tablesPrivateDnsZoneResourceId": { + "type": "string" + }, + "tags": { + "type": "object" + }, + "userAssignedIdentityResourceId": { + "type": "string" + } + }, + "variables": { + "zones": [ + "[parameters('blobsPrivateDnsZoneResourceId')]", + "[parameters('tablesPrivateDnsZoneResourceId')]" + ] + }, + "resources": [ + { + "type": "Microsoft.Storage/storageAccounts", + "apiVersion": "2023-01-01", + "name": "[parameters('storageAccountName')]", + "location": "[parameters('location')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Storage/storageAccounts'), parameters('tags')['Microsoft.Storage/storageAccounts'], createObject()), parameters('mlzTags'))]", + "identity": { + "type": "UserAssigned", + "userAssignedIdentities": { + "[format('{0}', parameters('userAssignedIdentityResourceId'))]": {} + } + }, + "kind": "StorageV2", + "sku": { + "name": "[parameters('skuName')]" + }, + "properties": { + "accessTier": "Hot", + "allowBlobPublicAccess": false, + "allowCrossTenantReplication": false, + "allowedCopyScope": "PrivateLink", + "allowSharedKeyAccess": true, + "defaultToOAuthAuthentication": false, + "dnsEndpointType": "Standard", + "encryption": { + "identity": { + "userAssignedIdentity": "[parameters('userAssignedIdentityResourceId')]" + }, + "keySource": "Microsoft.KeyVault", + "keyvaultproperties": { + "keyvaulturi": "[parameters('keyVaultUri')]", + "keyname": "[parameters('storageEncryptionKeyName')]" + }, + "requireInfrastructureEncryption": true, + "services": { + "blob": { + "keyType": "Account", + "enabled": true + }, + "file": { + "keyType": "Account", + "enabled": true + }, + "queue": { + "keyType": "Account", + "enabled": true + }, + "table": { + "keyType": "Account", + "enabled": true + } + } + }, + "minimumTlsVersion": "TLS1_2", + "networkAcls": { + "bypass": "AzureServices", + "virtualNetworkRules": [], + "ipRules": [], + "defaultAction": "Deny" + }, + "publicNetworkAccess": "Disabled", + "supportsHttpsTrafficOnly": true + } + }, + { + "copy": { + "name": "privateEndpoints", + "count": "[length(variables('zones'))]" + }, + "type": "Microsoft.Network/privateEndpoints", + "apiVersion": "2023-04-01", + "name": "[replace(parameters('storageAccountPrivateEndpointNamePrefix'), parameters('serviceToken'), split(split(variables('zones')[copyIndex()], '/')[8], '.')[1])]", + "location": "[parameters('location')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Network/privateEndpoints'), parameters('tags')['Microsoft.Network/privateEndpoints'], createObject()), parameters('mlzTags'))]", + "properties": { + "customNetworkInterfaceName": "[replace(parameters('storageAccountNetworkInterfaceNamePrefix'), parameters('serviceToken'), split(split(variables('zones')[copyIndex()], '/')[8], '.')[1])]", + "privateLinkServiceConnections": [ + { + "name": "[replace(parameters('storageAccountPrivateEndpointNamePrefix'), parameters('serviceToken'), split(split(variables('zones')[copyIndex()], '/')[8], '.')[1])]", + "properties": { + "privateLinkServiceId": "[resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName'))]", + "groupIds": [ + "[split(split(variables('zones')[copyIndex()], '/')[8], '.')[1]]" + ] + } + } + ], + "subnet": { + "id": "[parameters('subnetResourceId')]" + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName'))]" + ] + }, + { + "copy": { + "name": "privateDnsZoneGroups", + "count": "[length(variables('zones'))]" + }, + "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups", + "apiVersion": "2021-08-01", + "name": "[format('{0}/{1}', replace(parameters('storageAccountPrivateEndpointNamePrefix'), parameters('serviceToken'), split(split(variables('zones')[copyIndex()], '/')[8], '.')[1]), parameters('storageAccountName'))]", + "properties": { + "privateDnsZoneConfigs": [ + { + "name": "ipconfig1", + "properties": { + "privateDnsZoneId": "[variables('zones')[copyIndex()]]" + } + } + ] + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/privateEndpoints', replace(parameters('storageAccountPrivateEndpointNamePrefix'), parameters('serviceToken'), split(split(variables('zones')[copyIndex()], '/')[8], '.')[1]))]" + ] + } + ], + "outputs": { + "id": { + "type": "string", + "value": "[resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName'))]" + } + } + } + } + } + ], + "outputs": { + "storageAccountResourceId": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('network').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'storage'), '2022-09-01').outputs.id.value]" + } + } + } + }, + "dependsOn": [ + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]" + ] }, - "virtualNetworkName": { - "type": "string" - } - }, - "variables": { - "hubSubscriptionId": "[split(parameters('hubVirtualNetworkResourceId'), '/')[2]]", - "hubVirtualNetworkName": "[split(parameters('hubVirtualNetworkResourceId'), '/')[8]]", - "hubVirtualNetworkResourceGroupName": "[split(parameters('hubVirtualNetworkResourceId'), '/')[4]]", - "networkSecurityGroupSecurityRules": [], - "spokeResourceGroup": "[parameters('resourceGroupNetwork')]", - "spokeSubscriptionId": "[subscription().subscriptionId]", - "subnets": "[union(variables('subnetWorkload'), variables('subnetAnf'))]", - "subnetAnf": "[if(empty(parameters('azureNetAppFilesSubnetAddressPrefix')), createArray(), createArray(createObject('name', 'AzureNetAppFiles', 'addressPrefix', parameters('azureNetAppFilesSubnetAddressPrefix'), 'delegations', createArray(createObject('name', 'Microsoft.Netapp.volumes', 'id', format('{0}/delegations/Microsoft.Netapp.volumes', resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), 'AzureNetAppFiles')), 'properties', createObject('serviceName', 'Microsoft.Netapp/volumes'), 'type', 'Microsoft.Network/virtualNetworks/subnets/delegations')), 'privateEndpointNetworkPolicies', 'Disabled', 'privateLinkServiceNetworkPolicies', 'Disabled', 'networkSecurityGroupName', parameters('networkSecurityGroupName'))))]", - "subnetWorkload": [ - { - "name": "AzureVirtualDesktop", - "addressPrefix": "[parameters('subnetAddressPrefixes')[parameters('index')]]", - "delegations": [], - "privateEndpointNetworkPolicies": "Disabled", - "privateLinkServiceNetworkPolicies": "Disabled", - "networkSecurityGroupName": "[parameters('networkSecurityGroupName')]" - } - ] - }, - "resources": [ { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('UserDefinedRoute_{0}_{1}', parameters('index'), parameters('timestamp'))]", - "subscriptionId": "[variables('spokeSubscriptionId')]", - "resourceGroup": "[variables('spokeResourceGroup')]", + "name": "[format('deploy-diagnostics-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))]", + "location": "[deployment().location]", "properties": { "expressionEvaluationOptions": { "scope": "inner" }, "mode": "Incremental", "parameters": { - "azureFirewallIpAddress": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('hubAzureFirewallResourceId'), '/')[2], split(parameters('hubAzureFirewallResourceId'), '/')[4]), 'Microsoft.Network/azureFirewalls', split(parameters('hubAzureFirewallResourceId'), '/')[8]), '2023-05-01').ipConfigurations[0].properties.privateIPAddress]" + "deployActivityLogDiagnosticSetting": { + "value": "[parameters('deployActivityLogDiagnosticSetting')]" + }, + "deploymentNameSuffix": { + "value": "[parameters('deploymentNameSuffix')]" }, - "disableBgpRoutePropagation": { - "value": "[parameters('disableBgpRoutePropagation')]" + "keyVaultDiagnosticLogs": { + "value": "[parameters('keyVaultDiagnosticsLogs')]" }, - "location": { - "value": "[parameters('location')]" + "keyVaultName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultName.value]" + }, + "logAnalyticsWorkspaceResourceId": { + "value": "[parameters('logAnalyticsWorkspaceResourceId')]" + }, + "networkSecurityGroupDiagnosticsLogs": { + "value": "[parameters('networkSecurityGroupDiagnosticsLogs')]" + }, + "networkSecurityGroupDiagnosticsMetrics": { + "value": "[parameters('networkSecurityGroupDiagnosticsMetrics')]" + }, + "networkSecurityGroupName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.networkSecurityGroupName.value]" + }, + "resourceGroupName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" + }, + "storageAccountResourceId": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-storage-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.storageAccountResourceId.value]" }, - "udrName": { - "value": "[parameters('routeTableName')]" + "tier": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value[0]]" + }, + "virtualNetworkDiagnosticsLogs": { + "value": "[parameters('virtualNetworkDiagnosticsLogs')]" + }, + "virtualNetworkDiagnosticsMetrics": { + "value": "[parameters('virtualNetworkDiagnosticsMetrics')]" + }, + "virtualNetworkName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.virtualNetworkName.value]" } }, "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "4935757515139091083" + "version": "0.27.1.19265", + "templateHash": "738419494311113164" } }, "parameters": { - "azureFirewallIpAddress": { + "deployActivityLogDiagnosticSetting": { + "type": "bool" + }, + "deploymentNameSuffix": { "type": "string" }, - "disableBgpRoutePropagation": { - "type": "bool" + "keyVaultDiagnosticLogs": { + "type": "array" }, - "location": { + "keyVaultName": { + "type": "string" + }, + "logAnalyticsWorkspaceResourceId": { + "type": "string" + }, + "networkSecurityGroupDiagnosticsLogs": { + "type": "array" + }, + "networkSecurityGroupDiagnosticsMetrics": { + "type": "array" + }, + "networkSecurityGroupName": { + "type": "string" + }, + "resourceGroupName": { + "type": "string" + }, + "storageAccountResourceId": { "type": "string" }, - "udrName": { + "tier": { + "type": "object" + }, + "virtualNetworkDiagnosticsLogs": { + "type": "array" + }, + "virtualNetworkDiagnosticsMetrics": { + "type": "array" + }, + "virtualNetworkName": { "type": "string" } }, "resources": [ { - "type": "Microsoft.Network/routeTables", - "apiVersion": "2021-05-01", - "name": "[parameters('udrName')]", - "location": "[parameters('location')]", + "condition": "[parameters('deployActivityLogDiagnosticSetting')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-activity-diags-{0}-{1}', parameters('tier').name, parameters('deploymentNameSuffix'))]", + "subscriptionId": "[parameters('tier').subscriptionId]", + "location": "[deployment().location]", "properties": { - "disableBgpRoutePropagation": "[parameters('disableBgpRoutePropagation')]", - "routes": [ - { - "name": "default", - "properties": { - "addressPrefix": "0.0.0.0/0", - "hasBgpOverride": false, - "nextHopIpAddress": "[parameters('azureFirewallIpAddress')]", - "nextHopType": "VirtualAppliance" + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "logAnalyticsWorkspaceId": { + "value": "[parameters('logAnalyticsWorkspaceResourceId')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "11148640012050316356" + } + }, + "parameters": { + "logAnalyticsWorkspaceId": { + "type": "string" + } + }, + "resources": [ + { + "type": "Microsoft.Insights/diagnosticSettings", + "apiVersion": "2017-05-01-preview", + "name": "[format('diag-activity-log-{0}', subscription().subscriptionId)]", + "properties": { + "workspaceId": "[parameters('logAnalyticsWorkspaceId')]", + "logs": [ + { + "category": "Administrative", + "enabled": true + }, + { + "category": "Security", + "enabled": true + }, + { + "category": "ServiceHealth", + "enabled": true + }, + { + "category": "Alert", + "enabled": true + }, + { + "category": "Recommendation", + "enabled": true + }, + { + "category": "Policy", + "enabled": true + }, + { + "category": "Autoscale", + "enabled": true + }, + { + "category": "ResourceHealth", + "enabled": true + } + ] + } + } + ] + } + } + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-kv-diags-{0}', parameters('deploymentNameSuffix'))]", + "subscriptionId": "[parameters('tier').subscriptionId]", + "resourceGroup": "[parameters('resourceGroupName')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "keyVaultDiagnosticSettingName": { + "value": "[parameters('tier').namingConvention.keyVaultDiagnosticSetting]" + }, + "keyVaultName": { + "value": "[parameters('keyVaultName')]" + }, + "keyVaultStorageAccountId": { + "value": "[parameters('storageAccountResourceId')]" + }, + "logAnalyticsWorkspaceResourceId": { + "value": "[parameters('logAnalyticsWorkspaceResourceId')]" + }, + "logs": { + "value": "[parameters('keyVaultDiagnosticLogs')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "11931053519285250235" + } + }, + "parameters": { + "keyVaultDiagnosticSettingName": { + "type": "string" + }, + "keyVaultName": { + "type": "string" + }, + "keyVaultStorageAccountId": { + "type": "string" + }, + "logAnalyticsWorkspaceResourceId": { + "type": "string" + }, + "logs": { + "type": "array" + } + }, + "resources": [ + { + "type": "Microsoft.Insights/diagnosticSettings", + "apiVersion": "2017-05-01-preview", + "scope": "[format('Microsoft.KeyVault/vaults/{0}', parameters('keyVaultName'))]", + "name": "[parameters('keyVaultDiagnosticSettingName')]", + "properties": { + "storageAccountId": "[parameters('keyVaultStorageAccountId')]", + "workspaceId": "[parameters('logAnalyticsWorkspaceResourceId')]", + "logs": "[parameters('logs')]" + } } + ] + } + } + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-nsg-diags-{0}-{1}', parameters('tier').name, parameters('deploymentNameSuffix'))]", + "subscriptionId": "[parameters('tier').subscriptionId]", + "resourceGroup": "[parameters('resourceGroupName')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "logAnalyticsWorkspaceResourceId": { + "value": "[parameters('logAnalyticsWorkspaceResourceId')]" + }, + "logs": { + "value": "[parameters('networkSecurityGroupDiagnosticsLogs')]" + }, + "logStorageAccountResourceId": { + "value": "[parameters('storageAccountResourceId')]" + }, + "metrics": { + "value": "[parameters('networkSecurityGroupDiagnosticsMetrics')]" + }, + "networkSecurityGroupDiagnosticSettingName": { + "value": "[parameters('tier').namingConvention.networkSecurityGroupDiagnosticSetting]" + }, + "networkSecurityGroupName": { + "value": "[parameters('networkSecurityGroupName')]" } - ] + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "12049539018034280966" + } + }, + "parameters": { + "logAnalyticsWorkspaceResourceId": { + "type": "string" + }, + "logs": { + "type": "array" + }, + "logStorageAccountResourceId": { + "type": "string" + }, + "metrics": { + "type": "array" + }, + "networkSecurityGroupDiagnosticSettingName": { + "type": "string" + }, + "networkSecurityGroupName": { + "type": "string" + } + }, + "resources": [ + { + "type": "Microsoft.Insights/diagnosticSettings", + "apiVersion": "2017-05-01-preview", + "scope": "[format('Microsoft.Network/networkSecurityGroups/{0}', parameters('networkSecurityGroupName'))]", + "name": "[parameters('networkSecurityGroupDiagnosticSettingName')]", + "properties": { + "storageAccountId": "[parameters('logStorageAccountResourceId')]", + "workspaceId": "[parameters('logAnalyticsWorkspaceResourceId')]", + "logs": "[parameters('logs')]", + "metrics": "[parameters('metrics')]" + } + } + ] + } } - } - ], - "outputs": { - "name": { - "type": "string", - "value": "[parameters('udrName')]" - }, - "id": { - "type": "string", - "value": "[resourceId('Microsoft.Network/routeTables', parameters('udrName'))]" - } - } - } - } - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('NetworkSecurityGroup_{0}_{1}', parameters('index'), parameters('timestamp'))]", - "subscriptionId": "[variables('spokeSubscriptionId')]", - "resourceGroup": "[variables('spokeResourceGroup')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "location": { - "value": "[parameters('location')]" - }, - "networkSecurityGroupName": { - "value": "[parameters('networkSecurityGroupName')]" - }, - "networkSecurityGroupSecurityRules": { - "value": "[variables('networkSecurityGroupSecurityRules')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "5292228865068295142" - } - }, - "parameters": { - "networkSecurityGroupSecurityRules": { - "type": "array" - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]" }, - "networkSecurityGroupName": { - "type": "string" - } - }, - "resources": [ { - "type": "Microsoft.Network/networkSecurityGroups", - "apiVersion": "2020-11-01", - "name": "[parameters('networkSecurityGroupName')]", - "location": "[parameters('location')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-vnet-diags-{0}-{1}', parameters('tier').name, parameters('deploymentNameSuffix'))]", + "subscriptionId": "[parameters('tier').subscriptionId]", + "resourceGroup": "[parameters('resourceGroupName')]", "properties": { - "copy": [ - { - "name": "securityRules", - "count": "[length(parameters('networkSecurityGroupSecurityRules'))]", - "input": { - "name": "[parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].name]", + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "logAnalyticsWorkspaceResourceId": { + "value": "[parameters('logAnalyticsWorkspaceResourceId')]" + }, + "logs": { + "value": "[parameters('virtualNetworkDiagnosticsLogs')]" + }, + "logStorageAccountResourceId": { + "value": "[parameters('storageAccountResourceId')]" + }, + "metrics": { + "value": "[parameters('virtualNetworkDiagnosticsMetrics')]" + }, + "virtualNetworkDiagnosticSettingName": { + "value": "[parameters('tier').namingConvention.virtualNetworkDiagnosticSetting]" + }, + "virtualNetworkName": { + "value": "[parameters('virtualNetworkName')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "13356625654141484072" + } + }, + "parameters": { + "logAnalyticsWorkspaceResourceId": { + "type": "string" + }, + "logs": { + "type": "array" + }, + "logStorageAccountResourceId": { + "type": "string" + }, + "metrics": { + "type": "array" + }, + "virtualNetworkDiagnosticSettingName": { + "type": "string" + }, + "virtualNetworkName": { + "type": "string" + } + }, + "resources": [ + { + "type": "Microsoft.Insights/diagnosticSettings", + "apiVersion": "2017-05-01-preview", + "scope": "[format('Microsoft.Network/virtualNetworks/{0}', parameters('virtualNetworkName'))]", + "name": "[parameters('virtualNetworkDiagnosticSettingName')]", "properties": { - "access": "[parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.access]", - "destinationAddressPrefix": "[if(equals(parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.destinationAddressPrefix, ''), null(), parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.destinationAddressPrefix)]", - "destinationAddressPrefixes": "[if(equals(length(parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.destinationAddressPrefixes), 0), null(), parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.destinationAddressPrefixes)]", - "destinationPortRanges": "[if(equals(length(parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.destinationPortRanges), 0), null(), parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.destinationPortRanges)]", - "destinationPortRange": "[if(equals(parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.destinationPortRange, ''), null(), parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.destinationPortRange)]", - "direction": "[parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.direction]", - "priority": "[int(parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.priority)]", - "protocol": "[parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.protocol]", - "sourceAddressPrefix": "[if(equals(parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.sourceAddressPrefix, ''), null(), parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.sourceAddressPrefix)]", - "sourcePortRanges": "[if(equals(length(parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.sourcePortRanges), 0), null(), parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.sourcePortRanges)]", - "sourcePortRange": "[parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.sourcePortRange]" + "storageAccountId": "[parameters('logStorageAccountResourceId')]", + "workspaceId": "[parameters('logAnalyticsWorkspaceResourceId')]", + "logs": "[parameters('logs')]", + "metrics": "[parameters('metrics')]" } } - } - ] + ] + } } } ] } - } + }, + "dependsOn": [ + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-storage-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]" + ] }, { + "condition": "[parameters('deployPolicy')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('VirtualNetwork_{0}_{1}', parameters('index'), parameters('timestamp'))]", - "subscriptionId": "[variables('spokeSubscriptionId')]", - "resourceGroup": "[variables('spokeResourceGroup')]", + "name": "[format('assign-policy-{0}-{1}', toLower(parameters('workloadName')), parameters('deploymentNameSuffix'))]", + "location": "[deployment().location]", "properties": { "expressionEvaluationOptions": { "scope": "inner" }, "mode": "Incremental", "parameters": { - "dnsServers": "[if(contains(reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hubSubscriptionId'), variables('hubVirtualNetworkResourceGroupName')), 'Microsoft.Network/virtualNetworks', variables('hubVirtualNetworkName')), '2023-05-01'), 'dhcpOptions'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hubSubscriptionId'), variables('hubVirtualNetworkResourceGroupName')), 'Microsoft.Network/virtualNetworks', variables('hubVirtualNetworkName')), '2023-05-01').dhcpOptions.dnsServers), createObject('value', createArray()))]", + "deploymentNameSuffix": { + "value": "[parameters('deploymentNameSuffix')]" + }, "location": { "value": "[parameters('location')]" }, - "subnets": { - "value": "[variables('subnets')]" + "logAnalyticsWorkspaceResourceId": { + "value": "[parameters('logAnalyticsWorkspaceResourceId')]" }, - "udrName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('spokeSubscriptionId'), variables('spokeResourceGroup')), 'Microsoft.Resources/deployments', format('UserDefinedRoute_{0}_{1}', parameters('index'), parameters('timestamp'))), '2022-09-01').outputs.name.value]" + "tiers": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value]" }, - "virtualNetworkName": { - "value": "[parameters('virtualNetworkName')]" + "policy": { + "value": "[parameters('policy')]" }, - "vNetAddressPrefixes": { + "resourceGroupNames": { "value": [ - "[parameters('virtualNetworkAddressPrefixes')[parameters('index')]]" + "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" ] } }, "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "916118672509994488" + "version": "0.27.1.19265", + "templateHash": "379956182717650153" } }, "parameters": { - "dnsServers": { - "type": "array" + "deploymentNameSuffix": { + "type": "string" }, "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]" - }, - "virtualNetworkName": { "type": "string" }, - "subnets": { - "type": "array" + "logAnalyticsWorkspaceResourceId": { + "type": "string" }, - "udrName": { + "policy": { "type": "string" }, - "vNetAddressPrefixes": { + "resourceGroupNames": { + "type": "array" + }, + "tiers": { "type": "array" } }, "resources": [ { - "type": "Microsoft.Network/virtualNetworks", - "apiVersion": "2020-11-01", - "name": "[parameters('virtualNetworkName')]", - "location": "[parameters('location')]", + "copy": { + "name": "policyAssignment", + "count": "[length(parameters('tiers'))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('assign-policy-{0}-{1}', parameters('tiers')[copyIndex()].name, parameters('deploymentNameSuffix'))]", + "subscriptionId": "[parameters('tiers')[copyIndex()].subscriptionId]", + "resourceGroup": "[parameters('resourceGroupNames')[copyIndex()]]", "properties": { - "copy": [ - { - "name": "subnets", - "count": "[length(parameters('subnets'))]", - "input": { - "name": "[parameters('subnets')[copyIndex('subnets')].name]", + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "builtInAssignment": { + "value": "[parameters('policy')]" + }, + "logAnalyticsWorkspaceResourceId": { + "value": "[parameters('logAnalyticsWorkspaceResourceId')]" + }, + "location": { + "value": "[parameters('location')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "9464536540108620518" + } + }, + "parameters": { + "builtInAssignment": { + "type": "string", + "defaultValue": "NISTRev4", + "allowedValues": [ + "NISTRev4", + "NISTRev5", + "IL5", + "CMMC" + ], + "metadata": { + "description": "[NISTRev4/NISTRev5/IL5/CMMC] Built-in policy assignments to assign, default is NISTRev4. IL5 is only available for AzureUsGovernment and will switch to NISTRev4 if tried in AzureCloud." + } + }, + "logAnalyticsWorkspaceResourceId": { + "type": "string" + }, + "deployRemediation": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Starts a policy remediation for the VM Agent policies in hub RG. Set to false by default since this is time consuming in deployment." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "The location of this resource" + } + } + }, + "variables": { + "$fxv#0": " {\r\n \"listOfMembersToExcludeFromWindowsVMAdministratorsGroup\": \r\n {\r\n \"value\": \"admin\"\r\n },\r\n \"listOfMembersToIncludeInWindowsVMAdministratorsGroup\": \r\n {\r\n \"value\": \"azureuser\"\r\n },\r\n \"logAnalyticsWorkspaceIdforVMReporting\": \r\n {\r\n \"value\": \"\"\r\n },\r\n \"IncludeArcMachines\": \r\n {\r\n \"value\": \"true\"\r\n },\r\n \"MinimumTLSVersion-5752e6d6-1206-46d8-8ab1-ecc2f71a8112\": \r\n {\r\n \"value\": \"1.2\"\r\n },\r\n \"NotAvailableMachineState-bed48b13-6647-468e-aa2f-1af1d3f4dd40\": \r\n {\r\n \"value\": \"Compliant\"\r\n },\r\n \"requiredRetentionDays\": \r\n {\r\n \"value\": \"365\"\r\n },\r\n \"resourceGroupName-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6\": \r\n {\r\n \"value\": \"NetworkWatcherRG\"\r\n }\r\n }", + "$fxv#1": " {\r\n \"IncludeArcMachines\": \r\n {\r\n \"value\": \"true\"\r\n },\r\n \"MinimumTLSVersion-5752e6d6-1206-46d8-8ab1-ecc2f71a8112\": \r\n {\r\n \"value\": \"1.2\"\r\n },\r\n \"NotAvailableMachineState-bed48b13-6647-468e-aa2f-1af1d3f4dd40\": \r\n {\r\n \"value\": \"Compliant\"\r\n },\r\n \"requiredRetentionDays\": \r\n {\r\n \"value\": \"365\"\r\n },\r\n \"resourceGroupName-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6\": \r\n {\r\n \"value\": \"NetworkWatcherRG\"\r\n }\r\n }", + "$fxv#2": "{\r\n \"IncludeArcMachines\" : { \r\n \"value\" : \"false\"\r\n },\r\n \"NotAvailableMachineState-bed48b13-6647-468e-aa2f-1af1d3f4dd40\" : { \r\n \"value\" : \"Compliant\"\r\n },\r\n \"MinimumTLSVersionForWindowsServers\" : { \r\n \"value\" : \"1.2\"\r\n },\r\n \"requiredRetentionDays\" : { \r\n \"value\" : \"365\"\r\n },\r\n \"effect-febd0533-8e55-448f-b837-bd0e06f16469\" : { \r\n \"value\" : \"audit\"\r\n },\r\n \"allowedContainerImagesRegex-febd0533-8e55-448f-b837-bd0e06f16469\" : { \r\n \"value\" : \"^(.+){0}$\"\r\n },\r\n \"effect-95edb821-ddaf-4404-9732-666045e056b4\" : { \r\n \"value\" : \"audit\"\r\n },\r\n \"effect-440b515e-a580-421e-abeb-b159a61ddcbc\" : { \r\n \"value\" : \"audit\"\r\n },\r\n \"effect-233a2a17-77ca-4fb1-9b6b-69223d272a44\" : { \r\n \"value\" : \"audit\"\r\n },\r\n \"effect-e345eecc-fa47-480f-9e88-67dcc122b164\" : { \r\n \"value\" : \"audit\"\r\n },\r\n \"cpuLimit-e345eecc-fa47-480f-9e88-67dcc122b164\" : { \r\n \"value\" : \"0\"\r\n },\r\n \"memoryLimit-e345eecc-fa47-480f-9e88-67dcc122b164\" : { \r\n \"value\" : \"0\"\r\n },\r\n \"effect-f06ddb64-5fa3-4b77-b166-acb36f7f6042\" : { \r\n \"value\" : \"audit\"\r\n },\r\n \"runAsUserRule-f06ddb64-5fa3-4b77-b166-acb36f7f6042\" : { \r\n \"value\" : \"MustRunAsNonRoot\"\r\n },\r\n \"runAsGroupRule-f06ddb64-5fa3-4b77-b166-acb36f7f6042\" : { \r\n \"value\" : \"RunAsAny\"\r\n },\r\n \"supplementalGroupsRule-f06ddb64-5fa3-4b77-b166-acb36f7f6042\" : { \r\n \"value\" : \"RunAsAny\"\r\n },\r\n \"fsGroupRule-f06ddb64-5fa3-4b77-b166-acb36f7f6042\" : { \r\n \"value\" : \"RunAsAny\"\r\n },\r\n \"effect-1c6e92c9-99f0-4e55-9cf2-0c234dc48f99\" : { \r\n \"value\" : \"audit\"\r\n },\r\n \"effect-47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8\" : { \r\n \"value\" : \"audit\"\r\n },\r\n \"effect-df49d893-a74c-421d-bc95-c663042e5b80\" : { \r\n \"value\" : \"audit\"\r\n },\r\n \"effect-1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\" : { \r\n \"value\" : \"audit\"\r\n },\r\n \"effect-c26596ff-4d70-4e6a-9a30-c2506bd2f80c\" : { \r\n \"value\" : \"audit\"\r\n },\r\n \"effect-511f5417-5d12-434d-ab2e-816901e72a5e\" : { \r\n \"value\" : \"audit\"\r\n },\r\n \"effect-82985f06-dc18-4a48-bc1c-b9f4f0098cfe\" : { \r\n \"value\" : \"audit\"\r\n },\r\n \"effect-098fc59e-46c7-4d99-9b16-64990e543d75\" : { \r\n \"value\" : \"audit\"\r\n },\r\n \"NetworkWatcherResourceGroupName\" : { \r\n \"value\" : \"NetworkWatcherRG\"\r\n },\r\n \"setting-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\" : { \r\n \"value\" : \"enabled\"\r\n },\r\n \"aadAuthenticationInServiceFabricMonitoringEffect\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-71ef260a-8f18-47b7-abcb-62d0673d94dc\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-055aa869-bc98-4af8-bafc-23f1ab6ffe2c\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-d9da03a1-f3c3-412a-9709-947156872263\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-617c02be-7f02-4efd-8836-3180d47b6c68\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-ec068d99-e9c7-401f-8cef-5bdde4e6ccf1\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-c349d81b-9985-44ae-a8da-ff98d108ede8\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-3657f5a0-770e-44a3-b44e-9431ba1e9735\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-b4ac1030-89c5-4697-8e00-28b5ba6a8811\" : { \r\n \"value\" : \"audit\"\r\n },\r\n \"effect-ea0dfaed-95fb-448c-934e-d6e713ce393d\" : { \r\n \"value\" : \"audit\"\r\n },\r\n \"effect-4733ea7b-a883-42fe-8cac-97454c2a9e4a\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-f4b53539-8df9-40e4-86c6-6b607703bd4e\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-41425d9f-d1a5-499a-9932-f8ed8453932c\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-fc4d8e41-e223-45ea-9bf5-eada37891d87\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-86efb160-8de7-451d-bc08-5d475b0aadae\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-4ec52d6d-beb7-40c4-9a9e-fe753254690e\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-64d314f6-6062-4780-a861-c23e8951bee5\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-1fd32ebd-e4c3-4e13-a54a-d7422d4d95f6\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-fa298e57-9444-42ba-bf04-86e8470e32c7\" : { \r\n \"value\" : \"audit\"\r\n },\r\n \"effect-67121cc7-ff39-4ab8-b7e3-95b84dab487d\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-1f905d99-2ab7-462c-a6b0-f709acca6c8f\" : { \r\n \"value\" : \"audit\"\r\n },\r\n \"effect-5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-ba769a63-b8cc-4b2d-abf6-ac33c7204be8\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-81e74cea-30fd-40d5-802f-d72103c2aaaa\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-0aa61e00-0a01-4a3c-9945-e93cffedf0e6\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-47031206-ce96-41f8-861b-6a915f3de284\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-87ba29ef-1ab3-4d82-b763-87fcd4f531f7\" : { \r\n \"value\" : \"audit\"\r\n },\r\n \"effect-51522a96-0869-4791-82f3-981000c2c67f\" : { \r\n \"value\" : \"audit\"\r\n },\r\n \"effect-b5ec538c-daa0-4006-8596-35468b9148e8\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-56a5ee18-2ae6-4810-86f7-18e39ce5629b\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-2e94d99a-8a36-4563-bc77-810d8893b671\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-1fafeaf6-7927-4059-a50a-8eb2a7a6f2b5\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-99e9ccd8-3db9-4592-b0d1-14b1715a4d8a\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-1f68a601-6e6d-4e42-babf-3f643a047ea2\" : { \r\n \"value\" : \"audit\"\r\n },\r\n \"effect-f7d52b2d-e161-4dfa-a82b-55e564167385\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-7d7be79c-23ba-4033-84dd-45e2a5ccdd67\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-ca91455f-eace-4f96-be59-e6e2c35b4816\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-702dd420-7fcc-42c5-afe8-4026edd20fe0\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"diagnosticsLogsInRedisCacheMonitoringEffect\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"secureTransferToStorageAccountMonitoringEffect\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-d0793b48-0edc-4296-a390-4c75d1bdfd71\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-7d092e0a-7acd-40d2-a975-dca21cae48c4\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-2a1a9cdf-e04d-429a-8416-3bfb72a1b26f\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"disableUnrestrictedNetworkToStorageAccountMonitoringEffect\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-55615ac9-af46-4a59-874e-391cc3dfb490\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-1b8ca024-1d5c-4dec-8995-b1a932b41780\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-037eea7a-bd0a-46c5-9a66-03aea78705d3\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-53503636-bcc9-4748-9663-5348217f160f\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-40cec1dd-a100-4920-b15b-3024fe8901ab\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-0725b4dd-7e76-479c-a735-68e7ee23d5ca\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-a049bf77-880b-470f-ba6d-9f21c530cf83\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-ee980b6d-0eca-4501-8d54-f6290fd512c3\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-1d84d5fb-01f6-4d12-ba4f-4a26081d403d\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-37e0d2fe-28a5-43d6-a273-67d37d1f5606\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"identityDesignateMoreThanOneOwnerMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"diskEncryptionMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"emailNotificationToSubscriptionOwnerHighSeverityAlertsEnabledEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"functionAppDisableRemoteDebuggingMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"sqlDbEncryptionMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"vulnerabilityAssessmentOnManagedInstanceMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"ensurePHPVersionLatestForAPIAppEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"aadAuthenticationInSqlServerMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"vmssEndpointProtectionMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"vmssOsVulnerabilitiesMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"adaptiveApplicationControlsMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"geoRedundantBackupShouldBeEnabledForAzureDatabaseForPostgreSQLEffect\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"ensureJavaVersionLatestForWebAppEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"identityDesignateLessThanOwnersMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"securityContactEmailAddressForSubscriptionEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"webAppRestrictCORSAccessMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithWritePermissionsMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithReadPermissionsMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveDeprecatedAccountMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"functionAppEnforceHttpsMonitoringEffect\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"ensurePythonVersionLatestForWebAppEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"ensurePythonVersionLatestForFunctionAppEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"ensurePHPVersionLatestForWebAppEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"ensurePythonVersionLatestForAPIAppEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMySQLEffect\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"systemUpdatesMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"ensureJavaVersionLatestForAPIAppEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"ensureHTTPVersionLatestForWebAppEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"apiAppRequireLatestTlsMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForWritePermissionsMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"ensureHTTPVersionLatestForAPIAppEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"ensureJavaVersionLatestForFunctionAppEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"nextGenerationFirewallMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"useRbacRulesMonitoringEffect\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"webAppEnforceHttpsMonitoringEffect\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"sqlServerAuditingMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"vnetEnableDDoSProtectionMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForOwnerPermissionsMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"sqlServerAdvancedDataSecurityMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"sqlManagedInstanceAdvancedDataSecurityMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"endpointProtectionMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"jitNetworkAccessMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"apiAppEnforceHttpsMonitoringEffect\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"geoRedundantStorageShouldBeEnabledForStorageAccountsEffect\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"vmssSystemUpdatesMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"webAppDisableRemoteDebuggingMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"longtermGeoRedundantBackupEnabledAzureSQLDatabasesEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"systemConfigurationsMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"ensureHTTPVersionLatestForFunctionAppEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"identityEnableMFAForReadPermissionsMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"containerBenchmarkMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"apiAppDisableRemoteDebuggingMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"vulnerabilityAssessmentOnServerMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"webAppRequireLatestTlsMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"functionAppRequireLatestTlsMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"kubernetesServiceVersionUpToDateMonitoringEffect\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"sqlDbVulnerabilityAssesmentMonitoringEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"membersToIncludeInLocalAdministratorsGroup\" : { \r\n \"value\" : \"\"\r\n },\r\n \"membersToExcludeInLocalAdministratorsGroup\" : { \r\n \"value\" : \"\"\r\n },\r\n \"logAnalyticsWorkspaceIDForVMAgents\" : { \r\n \"value\" : \"\"\r\n },\r\n \"PHPLatestVersionForAppServices\" : { \r\n \"value\" : \"7.4\"\r\n },\r\n \"JavaLatestVersionForAppServices\" : { \r\n \"value\" : \"11\"\r\n },\r\n \"WindowsPythonLatestVersionForAppServices\" : { \r\n \"value\" : \"3.6\"\r\n },\r\n \"LinuxPythonLatestVersionForAppServices\" : { \r\n \"value\" : \"3.9\"\r\n },\r\n \"ensureDotNetFrameworkLatestForFunctionAppEffect\" : { \r\n \"value\" : \"Disabled\"\r\n },\r\n \"sqlManagedInstanceAdvancedDataSecurityEmailsMonitoringEffect\" : { \r\n \"value\" : \"Disabled\"\r\n },\r\n \"vulnerabilityAssessmentMonitoringEffect\" : { \r\n \"value\" : \"Disabled\"\r\n },\r\n \"ensureDotNetFrameworkLatestForWebAppEffect\" : { \r\n \"value\" : \"Disabled\"\r\n },\r\n \"sqlServerAdvancedDataSecurityEmailsMonitoringEffect\" : { \r\n \"value\" : \"Disabled\"\r\n },\r\n \"microsoftIaaSAntimalwareExtensionShouldBeDeployedOnWindowsServersEffect\" : { \r\n \"value\" : \"Disabled\"\r\n },\r\n \"securityCenterStandardPricingTierShouldBeSelectedEffect\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"theLogAnalyticsAgentShouldBeInstalledOnVirtualMachinesEffect\" : { \r\n \"value\" : \"Disabled\"\r\n },\r\n \"ensurePHPVersionLatestForFunctionAppEffect\" : { \r\n \"value\" : \"Disabled\"\r\n },\r\n \"sqlManagedInstanceAdvancedDataSecurityEmailAdminsMonitoringEffect\" : { \r\n \"value\" : \"Disabled\"\r\n },\r\n \"securityContactPhoneNumberShouldBeProvidedForSubscriptionEffect\" : { \r\n \"value\" : \"Disabled\"\r\n },\r\n \"threatDetectionTypesOnManagedInstanceMonitoringEffect\" : { \r\n \"value\" : \"Disabled\"\r\n },\r\n \"ensureDotNetFrameworkLatestForAPIAppEffect\" : { \r\n \"value\" : \"Disabled\"\r\n },\r\n \"sqlServerAdvancedDataSecurityEmailAdminsMonitoringEffect\" : { \r\n \"value\" : \"Disabled\"\r\n },\r\n \"threatDetectionTypesOnServerMonitoringEffect\" : { \r\n \"value\" : \"Disabled\"\r\n },\r\n \"theLogAnalyticsAgentShouldBeInstalledOnVirtualMachineScaleSetsEffect\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n }\r\n}", + "$fxv#3": "{\r\n \"logAnalyticsWorkspaceId-f47b5582-33ec-4c5c-87c0-b010a6b2e917\" : { \r\n \"value\" : \"\"\r\n },\r\n \"effect-09024ccc-0c5f-475e-9457-b7c0d9ed487b\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"MembersToExclude-69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f\" :{\r\n \"value\": \"\"\r\n },\r\n \"MembersToInclude-30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7\": {\r\n \"value\": \"\"\r\n },\r\n \"effect-0961003e-5a0a-4549-abde-af6a37f2724d\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-0b15565f-aa9e-48ba-8619-45960f2c314d\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-0e60b895-3786-45da-8377-9c6b4b6ac5f9\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-17k78e20-9358-41c9-923c-fb736d382a12\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"PHPLatestVersion\" : { \r\n \"value\" : \"7.3\"\r\n },\r\n \"effect-22bee202-a82f-4305-9a2a-6d7f44d4dedb\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-26a828e1-e88f-464e-bbb3-c134a282b9de\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-34c877ad-507e-4c82-993e-3452a6e0ad3c\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-404c3081-a854-4457-ae30-26a93ef643f9\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-47a6b606-51aa-4496-8bb7-64b11cf66adc\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-496223c3-ad65-4ecd-878a-bae78737e9ed\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"JavaLatestVersion\" : { \r\n \"value\" : \"11\"\r\n },\r\n \"effect-4f11b553-d42e-4e3a-89be-32ca364cad4c\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-5c607a2e-c700-4744-8254-d77e7c9eb5e4\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-5f76cf89-fbf2-47fd-a3f4-b891fa780b60\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-6b1cbf55-e8b6-442f-ba4c-7246b6381474\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-7008174a-fd10-4ef0-817e-fc820a951d73\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"LinuxPythonLatestVersion\" : { \r\n \"value\" : \"3.8\"\r\n },\r\n \"effect-7238174a-fd10-4ef0-817e-fc820a951d73\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-7261b898-8a84-4db8-9e04-18527132abb3\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-74c3584d-afae-46f7-a20a-6f8adba71a16\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-86b3d65f-7626-441e-b690-81a8b71cff60\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-88999f4c-376a-45c8-bcb3-4058f713cf39\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-8c122334-9d20-4eb8-89ea-ac9a705b74ae\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-9297c21d-2ed6-4474-b48f-163f75654ce3\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-991310cd-e9f3-47bc-b7b6-f57b557d07db\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-9b597639-28e4-48eb-b506-56b05d366257\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-9daedab3-fb2d-461e-b861-71790eead4f6\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-a4af4a39-4135-47fb-b175-47fbdf85311d\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"setting-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\" : { \r\n \"value\" : \"enabled\"\r\n },\r\n \"effect-a70ca396-0a34-413a-88e1-b956c1e683be\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-aa633080-8b72-40c4-a2d7-d00c03e80bed\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-af6cd1bd-1635-48cb-bde7-5b15693900b9\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"resourceGroupName-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6\" : { \r\n \"value\" : \"NetworkWatcherRG\"\r\n },\r\n \"effect-b7ddfbdc-1260-477d-91fd-98bd9be789a6\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-c3f317a7-a95c-4547-b7e7-11017ebdf2fe\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-cb510bfd-1cba-4d9f-a230-cb0976f4bb71\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-e2c1c086-2d84-4019-bff3-c44ccd95113c\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-e3576e28-8b17-4677-84c3-db2990658d64\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-e8cbc669-f12d-49eb-93e7-9273119e9933\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-ebb62a0c-3560-49e1-89ed-27e074e9f8ad\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-efbde977-ba53-4479-b8e9-10b957924fbf\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-f6de0be7-9a8a-4b8a-b349-43cf02d22f7c\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-f8456c1c-aa66-4dfb-861a-25d127b775c9\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-f9d614c5-c173-4d56-95a7-b4437057d193\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-fb893a29-21bb-418c-a157-e99480ec364c\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-feedbf84-6b99-488c-acc2-71c829aa5ffc\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-3b980d31-7904-4bb7-8575-5665739a8052\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-6e2593d9-add6-4083-9c9b-4b7d2188c899\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-12430be1-6cc8-4527-a9a8-e3d38f250096\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"modeRequirement-12430be1-6cc8-4527-a9a8-e3d38f250096\" : { \r\n \"value\" : \"Detection\"\r\n },\r\n \"effect-425bea59-a659-4cbb-8d31-34499bd030b8\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"modeRequirement-425bea59-a659-4cbb-8d31-34499bd030b8\" : { \r\n \"value\" : \"Detection\"\r\n },\r\n \"effect-564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-055aa869-bc98-4af8-bafc-23f1ab6ffe2c\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-013e242c-8828-4970-87b3-ab247555486d\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-d38fc420-0735-4ef3-ac11-c806f651a570\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-a1181c5f-672a-477a-979a-7d58aa086233\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-308fbb08-4ab8-4e67-9b29-592e93fb94fa\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-4da35fc9-c9e7-4960-aec9-797fe7d9051d\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-523b5cd1-3e23-492f-a539-13118b6d1e3a\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-7fe3b40f-802b-4cdd-8bd4-fd799c948cc2\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-c25d9a16-bc35-4e15-a7e5-9db606bf9ed4\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-b0f33259-77d7-4c9e-aac6-3aabcfae693c\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-037eea7a-bd0a-46c5-9a66-03aea78705d3\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-0725b4dd-7e76-479c-a735-68e7ee23d5ca\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-0820b7b9-23aa-4725-a1ce-ae4558f718e5\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-2c89a2e5-7285-40fe-afe0-ae8654b92fab\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-5744710e-cc2f-4ee8-8809-3b11e89f4bc9\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-ac4a19c2-fa67-49b4-8ae5-0b2e78c49457\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-c9d007d0-c057-4772-b18c-01e546713bcd\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-d0793b48-0edc-4296-a390-4c75d1bdfd71\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-e372f825-a257-4fb8-9175-797a8a8627d6\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-d158790f-bfb0-486c-8631-2dc6b4e8e6af\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-e802a67a-daf5-4436-9ea6-f6d821dd0c5d\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-a451c1ef-c6ca-483d-87ed-f49761e3ffb5\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftSql-servers-firewallRules-delete\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-delete\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftClassicNetwork-networkSecurityGroups-delete\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-securityRules-delete\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftClassicNetwork-networkSecurityGroups-securityRules-delete\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-ae89ebca-1c92-4898-ac2c-9f63decb045c\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-d26f7642-7545-4e18-9b75-8c9bbdee3a9a\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-1a4e592a-6a6e-44a5-9814-e36264ca96e7\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-7796937f-307b-4598-941c-67d3a05ebfe7\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-c5447c04-a4d7-4ba8-a263-c9ee321a6858\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-41388f1c-2db0-4c25-95b2-35d7f5ccbfa9\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-b02aacc0-b073-424e-8298-42b22829ee0a\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-0ec47710-77ff-4a3d-9181-6aa50af424d0\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-48af4db5-9b8b-401c-8e74-076be876a430\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-82339799-d096-41ae-8538-b108becf0970\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-1b7aa243-30e4-4c9e-bca8-d0d3022b634a\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-bb91dfba-c30d-4263-9add-9c2384e659a6\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-e71308d3-144b-4262-b144-efdc3cc90517\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-2bdd0062-9d75-436e-89df-487dd8e4b3c7\" : { \r\n \"value\" : \"Disabled\"\r\n },\r\n \"effect-4733ea7b-a883-42fe-8cac-97454c2a9e4a\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-67121cc7-ff39-4ab8-b7e3-95b84dab487d\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-6fac406b-40ca-413b-bf8e-0bf964659c25\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-81e74cea-30fd-40d5-802f-d72103c2aaaa\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-c349d81b-9985-44ae-a8da-ff98d108ede8\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-f4b53539-8df9-40e4-86c6-6b607703bd4e\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-ec068d99-e9c7-401f-8cef-5bdde4e6ccf1\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-048248b0-55cd-46da-b1ff-39efd52db260\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-0d134df8-db83-46fb-ad72-fe0c9428c8dd\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-2c89a2e5-7285-40fe-afe0-ae8654b92fb2\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-3657f5a0-770e-44a3-b44e-9431ba1e9735\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-617c02be-7f02-4efd-8836-3180d47b6c68\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-7d7be79c-23ba-4033-84dd-45e2a5ccdd67\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-87ba29ef-1ab3-4d82-b763-87fcd4f531f7\" : { \r\n \"value\" : \"audit\"\r\n },\r\n \"effect-f7d52b2d-e161-4dfa-a82b-55e564167385\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-c43e4a30-77cb-48ab-a4dd-93f175c63b57\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\" : { \r\n \"value\" : \"Audit\"\r\n },\r\n \"effect-1f314764-cb73-4fc9-b863-8eca98ac36e9\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n },\r\n \"effect-123a3936-f020-408a-ba0c-47873faf1534\" : { \r\n \"value\" : \"AuditIfNotExists\"\r\n }\r\n}\r\n", + "modifiedAssignment": "[if(and(equals(toLower(environment().name), toLower('AzureCloud')), equals(toLower(parameters('builtInAssignment')), toLower('IL5'))), 'NISTRev4', parameters('builtInAssignment'))]", + "assignmentName": "[format('{0} {1}', variables('modifiedAssignment'), resourceGroup().name)]", + "agentVmssAssignmentName": "[format('Deploy VMSS Agents {0}', resourceGroup().name)]", + "agentVmAssignmentName": "[format('Deploy VM Agents {0}', resourceGroup().name)]", + "contributorRoleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", + "lawsReaderRoleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293')]" + }, + "resources": [ + { + "type": "Microsoft.Authorization/policyAssignments", + "apiVersion": "2020-09-01", + "name": "[variables('assignmentName')]", + "location": "[parameters('location')]", + "properties": { + "policyDefinitionId": "[createObject('NISTRev4', createObject('id', '/providers/Microsoft.Authorization/policySetDefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f', 'parameters', json(replace(variables('$fxv#0'), '', extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('logAnalyticsWorkspaceResourceId'), '/')[2], split(parameters('logAnalyticsWorkspaceResourceId'), '/')[4]), 'Microsoft.OperationalInsights/workspaces', split(parameters('logAnalyticsWorkspaceResourceId'), '/')[8])))), 'NISTRev5', createObject('id', '/providers/Microsoft.Authorization/policySetDefinitions/179d1daa-458f-4e47-8086-2a68d0d6c38f', 'parameters', json(variables('$fxv#1'))), 'IL5', createObject('id', '/providers/Microsoft.Authorization/policySetDefinitions/f9a961fa-3241-4b20-adc4-bbf8ad9d7197', 'parameters', json(replace(variables('$fxv#2'), '', extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('logAnalyticsWorkspaceResourceId'), '/')[2], split(parameters('logAnalyticsWorkspaceResourceId'), '/')[4]), 'Microsoft.OperationalInsights/workspaces', split(parameters('logAnalyticsWorkspaceResourceId'), '/')[8])))), 'CMMC', createObject('id', '/providers/Microsoft.Authorization/policySetDefinitions/b5629c75-5c77-4422-87b9-2509e680f8de', 'parameters', json(replace(variables('$fxv#3'), '', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('logAnalyticsWorkspaceResourceId'), '/')[2], split(parameters('logAnalyticsWorkspaceResourceId'), '/')[4]), 'Microsoft.OperationalInsights/workspaces', split(parameters('logAnalyticsWorkspaceResourceId'), '/')[8]), '2021-06-01').customerId))))[variables('modifiedAssignment')].id]", + "parameters": "[createObject('NISTRev4', createObject('id', '/providers/Microsoft.Authorization/policySetDefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f', 'parameters', json(replace(variables('$fxv#0'), '', extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('logAnalyticsWorkspaceResourceId'), '/')[2], split(parameters('logAnalyticsWorkspaceResourceId'), '/')[4]), 'Microsoft.OperationalInsights/workspaces', split(parameters('logAnalyticsWorkspaceResourceId'), '/')[8])))), 'NISTRev5', createObject('id', '/providers/Microsoft.Authorization/policySetDefinitions/179d1daa-458f-4e47-8086-2a68d0d6c38f', 'parameters', json(variables('$fxv#1'))), 'IL5', createObject('id', '/providers/Microsoft.Authorization/policySetDefinitions/f9a961fa-3241-4b20-adc4-bbf8ad9d7197', 'parameters', json(replace(variables('$fxv#2'), '', extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('logAnalyticsWorkspaceResourceId'), '/')[2], split(parameters('logAnalyticsWorkspaceResourceId'), '/')[4]), 'Microsoft.OperationalInsights/workspaces', split(parameters('logAnalyticsWorkspaceResourceId'), '/')[8])))), 'CMMC', createObject('id', '/providers/Microsoft.Authorization/policySetDefinitions/b5629c75-5c77-4422-87b9-2509e680f8de', 'parameters', json(replace(variables('$fxv#3'), '', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('logAnalyticsWorkspaceResourceId'), '/')[2], split(parameters('logAnalyticsWorkspaceResourceId'), '/')[4]), 'Microsoft.OperationalInsights/workspaces', split(parameters('logAnalyticsWorkspaceResourceId'), '/')[8]), '2021-06-01').customerId))))[variables('modifiedAssignment')].parameters]" + }, + "identity": { + "type": "SystemAssigned" + } + }, + { + "type": "Microsoft.Authorization/policyAssignments", + "apiVersion": "2020-09-01", + "name": "[variables('agentVmssAssignmentName')]", + "location": "[parameters('location')]", + "properties": { + "policyDefinitionId": "[tenantResourceId('Microsoft.Authorization/policySetDefinitions', '75714362-cae7-409e-9b99-a8e5075b7fad')]", + "parameters": { + "logAnalytics_1": { + "value": "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('logAnalyticsWorkspaceResourceId'), '/')[2], split(parameters('logAnalyticsWorkspaceResourceId'), '/')[4]), 'Microsoft.OperationalInsights/workspaces', split(parameters('logAnalyticsWorkspaceResourceId'), '/')[8])]" + } + } + }, + "identity": { + "type": "SystemAssigned" + } + }, + { + "type": "Microsoft.Authorization/policyAssignments", + "apiVersion": "2020-09-01", + "name": "[variables('agentVmAssignmentName')]", + "location": "[parameters('location')]", "properties": { - "addressPrefix": "[parameters('subnets')[copyIndex('subnets')].addressPrefix]", - "delegations": "[parameters('subnets')[copyIndex('subnets')].delegations]", - "networkSecurityGroup": "[if(empty(parameters('subnets')[copyIndex('subnets')].networkSecurityGroupName), null(), json(format('{{\"id\": \"{0}\"}}', resourceId('Microsoft.Network/networkSecurityGroups', parameters('subnets')[copyIndex('subnets')].networkSecurityGroupName))))]", - "privateEndpointNetworkPolicies": "[parameters('subnets')[copyIndex('subnets')].privateEndpointNetworkPolicies]", - "privateLinkServiceNetworkPolicies": "[parameters('subnets')[copyIndex('subnets')].privateLinkServiceNetworkPolicies]", - "routeTable": { - "id": "[resourceId('Microsoft.Network/routeTables', parameters('udrName'))]" + "policyDefinitionId": "[tenantResourceId('Microsoft.Authorization/policySetDefinitions', '55f3eceb-5573-4f18-9695-226972c6d74a')]", + "parameters": { + "logAnalytics_1": { + "value": "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('logAnalyticsWorkspaceResourceId'), '/')[2], split(parameters('logAnalyticsWorkspaceResourceId'), '/')[4]), 'Microsoft.OperationalInsights/workspaces', split(parameters('logAnalyticsWorkspaceResourceId'), '/')[8])]" + } } + }, + "identity": { + "type": "SystemAssigned" } + }, + { + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2020-04-01-preview", + "name": "[guid(variables('contributorRoleDefinitionId'), variables('assignmentName'))]", + "properties": { + "roleDefinitionId": "[variables('contributorRoleDefinitionId')]", + "principalId": "[if(empty(variables('modifiedAssignment')), '', reference(resourceId('Microsoft.Authorization/policyAssignments', variables('assignmentName')), '2020-09-01', 'full').identity.principalId)]", + "principalType": "ServicePrincipal" + }, + "dependsOn": [ + "[resourceId('Microsoft.Authorization/policyAssignments', variables('assignmentName'))]" + ] + }, + { + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2020-04-01-preview", + "name": "[guid(variables('contributorRoleDefinitionId'), variables('agentVmssAssignmentName'))]", + "properties": { + "roleDefinitionId": "[variables('contributorRoleDefinitionId')]", + "principalId": "[reference(resourceId('Microsoft.Authorization/policyAssignments', variables('agentVmssAssignmentName')), '2020-09-01', 'full').identity.principalId]", + "principalType": "ServicePrincipal" + }, + "dependsOn": [ + "[resourceId('Microsoft.Authorization/policyAssignments', variables('agentVmssAssignmentName'))]" + ] + }, + { + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2020-04-01-preview", + "name": "[guid(variables('contributorRoleDefinitionId'), variables('agentVmAssignmentName'))]", + "properties": { + "roleDefinitionId": "[variables('contributorRoleDefinitionId')]", + "principalId": "[reference(resourceId('Microsoft.Authorization/policyAssignments', variables('agentVmAssignmentName')), '2020-09-01', 'full').identity.principalId]", + "principalType": "ServicePrincipal" + }, + "dependsOn": [ + "[resourceId('Microsoft.Authorization/policyAssignments', variables('agentVmAssignmentName'))]" + ] + }, + { + "condition": "[parameters('deployRemediation')]", + "type": "Microsoft.PolicyInsights/remediations", + "apiVersion": "2019-07-01", + "name": "VM-Agent-Policy-Remediation", + "properties": { + "policyAssignmentId": "[resourceId('Microsoft.Authorization/policyAssignments', variables('agentVmAssignmentName'))]", + "resourceDiscoveryMode": "ReEvaluateCompliance" + }, + "dependsOn": [ + "[resourceId('Microsoft.Authorization/policyAssignments', variables('agentVmAssignmentName'))]" + ] + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('Assign-Laws-Role-Policy-{0}', resourceGroup().name)]", + "subscriptionId": "[split(parameters('logAnalyticsWorkspaceResourceId'), '/')[2]]", + "resourceGroup": "[split(parameters('logAnalyticsWorkspaceResourceId'), '/')[4]]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "targetResourceId": { + "value": "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('logAnalyticsWorkspaceResourceId'), '/')[2], split(parameters('logAnalyticsWorkspaceResourceId'), '/')[4]), 'Microsoft.OperationalInsights/workspaces', split(parameters('logAnalyticsWorkspaceResourceId'), '/')[8])]" + }, + "roleDefinitionId": { + "value": "[variables('lawsReaderRoleDefinitionId')]" + }, + "principalId": { + "value": "[reference(resourceId('Microsoft.Authorization/policyAssignments', variables('agentVmAssignmentName')), '2020-09-01', 'full').identity.principalId]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "6383470207031311407" + } + }, + "parameters": { + "targetResourceId": { + "type": "string" + }, + "roleDefinitionId": { + "type": "string" + }, + "principalId": { + "type": "string" + }, + "principalType": { + "type": "string", + "defaultValue": "ServicePrincipal", + "allowedValues": [ + "ForeignGroup", + "Group", + "ServicePrincipal", + "User" + ] + }, + "description": { + "type": "string", + "defaultValue": "" + } + }, + "resources": [ + { + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2020-04-01-preview", + "name": "[guid(parameters('targetResourceId'), parameters('roleDefinitionId'), parameters('principalId'))]", + "properties": { + "principalId": "[parameters('principalId')]", + "principalType": "[parameters('principalType')]", + "roleDefinitionId": "[parameters('roleDefinitionId')]", + "description": "[parameters('description')]" + } + } + ] + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Authorization/policyAssignments', variables('agentVmAssignmentName'))]" + ] } - } - ], - "addressSpace": { - "addressPrefixes": "[parameters('vNetAddressPrefixes')]" - }, - "dhcpOptions": "[if(not(empty(parameters('dnsServers'))), createObject('dnsServers', parameters('dnsServers')), null())]" - } - } - ], - "outputs": { - "virtualNetworkName": { - "type": "string", - "value": "[parameters('virtualNetworkName')]" - }, - "virtualNetworkResourceId": { - "type": "string", - "value": "[resourceId('Microsoft.Network/virtualNetworks', parameters('virtualNetworkName'))]" - }, - "subnetResourceId": { - "type": "string", - "value": "[reference(resourceId('Microsoft.Network/virtualNetworks', parameters('virtualNetworkName')), '2020-11-01').subnets[0].id]" - } - } - } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('spokeSubscriptionId'), variables('spokeResourceGroup')), 'Microsoft.Resources/deployments', format('UserDefinedRoute_{0}_{1}', parameters('index'), parameters('timestamp')))]" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('VirtualNetworkPeer_Hub_{0}_{1}', parameters('index'), parameters('timestamp'))]", - "subscriptionId": "[variables('spokeSubscriptionId')]", - "resourceGroup": "[variables('spokeResourceGroup')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "existingLocalVirtualNetworkName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('spokeSubscriptionId'), variables('spokeResourceGroup')), 'Microsoft.Resources/deployments', format('VirtualNetwork_{0}_{1}', parameters('index'), parameters('timestamp'))), '2022-09-01').outputs.virtualNetworkName.value]" - }, - "existingRemoteVirtualNetworkName": { - "value": "[variables('hubVirtualNetworkName')]" - }, - "existingRemoteVirtualNetworkResourceGroupName": { - "value": "[variables('hubVirtualNetworkResourceGroupName')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "179497505162655304" - } - }, - "parameters": { - "existingLocalVirtualNetworkName": { - "type": "string" - }, - "existingRemoteVirtualNetworkName": { - "type": "string" - }, - "existingRemoteVirtualNetworkResourceGroupName": { - "type": "string" - } - }, - "resources": [ - { - "type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings", - "apiVersion": "2021-02-01", - "name": "[format('{0}/{1}', parameters('existingLocalVirtualNetworkName'), parameters('existingRemoteVirtualNetworkName'))]", - "properties": { - "allowVirtualNetworkAccess": true, - "allowForwardedTraffic": true, - "allowGatewayTransit": false, - "useRemoteGateways": false, - "remoteVirtualNetwork": { - "id": "[resourceId(parameters('existingRemoteVirtualNetworkResourceGroupName'), 'Microsoft.Network/virtualNetworks', parameters('existingRemoteVirtualNetworkName'))]" + ] } } } @@ -22394,94 +17300,323 @@ } }, "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('spokeSubscriptionId'), variables('spokeResourceGroup')), 'Microsoft.Resources/deployments', format('VirtualNetwork_{0}_{1}', parameters('index'), parameters('timestamp')))]" + "[subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]" ] }, { + "condition": "[parameters('deployDefender')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('VirtualNetworkPeer_Spoke_{0}_{1}', parameters('index'), parameters('timestamp'))]", - "subscriptionId": "[variables('hubSubscriptionId')]", - "resourceGroup": "[variables('hubVirtualNetworkResourceGroupName')]", + "name": "[format('set-{0}-sub-defender', toLower(parameters('workloadName')))]", + "location": "[deployment().location]", "properties": { "expressionEvaluationOptions": { "scope": "inner" }, "mode": "Incremental", "parameters": { - "existingLocalVirtualNetworkName": { - "value": "[variables('hubVirtualNetworkName')]" - }, - "existingRemoteVirtualNetworkName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('spokeSubscriptionId'), variables('spokeResourceGroup')), 'Microsoft.Resources/deployments', format('VirtualNetwork_{0}_{1}', parameters('index'), parameters('timestamp'))), '2022-09-01').outputs.virtualNetworkName.value]" + "emailSecurityContact": { + "value": "[parameters('emailSecurityContact')]" }, - "existingRemoteVirtualNetworkResourceGroupName": { - "value": "[variables('spokeResourceGroup')]" + "logAnalyticsWorkspaceId": { + "value": "[parameters('logAnalyticsWorkspaceResourceId')]" } }, "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "179497505162655304" + "version": "0.27.1.19265", + "templateHash": "4615387508967890473" } }, "parameters": { - "existingLocalVirtualNetworkName": { - "type": "string" + "defenderPlans": { + "type": "array", + "defaultValue": [ + "VirtualMachines" + ], + "metadata": { + "description": "Defender Paid protection Plans. Even if a customer selects the free sku, at least 1 paid protection plan must be specified." + } }, - "existingRemoteVirtualNetworkName": { - "type": "string" + "enableAutoProvisioning": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Turn automatic deployment by Defender of the MMA (OMS VM extension) on or off" + } }, - "existingRemoteVirtualNetworkResourceGroupName": { - "type": "string" + "logAnalyticsWorkspaceId": { + "type": "string", + "metadata": { + "description": "Specify the ID of your custom Log Analytics workspace to collect Defender data." + } + }, + "emailSecurityContact": { + "type": "string", + "metadata": { + "description": "Email address of the contact, in the form of john@doe.com" + } + }, + "policySetDescription": { + "type": "string", + "defaultValue": "The Microsoft Cloud Security Benchmark initiative represents the policies and controls implementing security recommendations defined in Microsoft Cloud Security Benchmark v2, see https://aka.ms/azsecbm. This also serves as the Microsoft Defender for Cloud default policy initiative. You can directly assign this initiative, or manage its policies and compliance results within Microsoft Defender.", + "metadata": { + "description": "Policy Initiative description field" + } + }, + "defenderSkuTier": { + "type": "string", + "defaultValue": "Free", + "metadata": { + "description": "[Standard/Free] The SKU for Defender. It defaults to \"Free\"." + } + } + }, + "variables": { + "autoProvisioning": "[if(parameters('enableAutoProvisioning'), 'On', 'Off')]", + "defenderPaidPlanConfig": { + "AzureCloud": { + "Api": { + "subPlan": "P1" + }, + "appServices": {}, + "KeyVaults": { + "subPlan": "PerKeyVault" + }, + "Arm": { + "subPlan": "PerSubscription" + }, + "CloudPosture": { + "extensions": [ + { + "name": "SensitiveDataDiscovery", + "isEnabled": "True" + }, + { + "name": "ContainerRegistriesVulnerabilityAssessments", + "isEnabled": "True" + }, + { + "name": "AgentlessDiscoveryForKubernetes", + "isEnabled": "True" + }, + { + "name": "AgentlessVmScanning", + "isEnabled": "True" + }, + { + "name": "EntraPermissionsManagement", + "isEnabled": "True" + } + ] + }, + "Containers": { + "extensions": [ + { + "name": "ContainerRegistriesVulnerabilityAssessments", + "isEnabled": "True" + }, + { + "name": "AgentlessDiscoveryForKubernetes", + "isEnabled": "True" + } + ] + }, + "CosmosDbs": {}, + "StorageAccounts": { + "subPlan": "DefenderForStorageV2", + "extensions": [ + { + "name": "OnUploadMalwareScanning", + "isEnabled": "True", + "additionalExtensionProperties": { + "CapGBPerMonthPerStorageAccount": "5000" + } + }, + { + "name": "SensitiveDataDiscovery", + "isEnabled": "True" + } + ] + }, + "VirtualMachines": { + "subPlan": "P1" + }, + "SqlServerVirtualMachines": {}, + "SqlServers": {}, + "OpenSourceRelationalDatabases": {} + } } }, "resources": [ { - "type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings", - "apiVersion": "2021-02-01", - "name": "[format('{0}/{1}', parameters('existingLocalVirtualNetworkName'), parameters('existingRemoteVirtualNetworkName'))]", + "copy": { + "name": "defenderFreeAllClouds", + "count": "[length(parameters('defenderPlans'))]", + "mode": "serial", + "batchSize": 1 + }, + "condition": "[equals(parameters('defenderSkuTier'), 'Free')]", + "type": "Microsoft.Security/pricings", + "apiVersion": "2023-01-01", + "name": "[parameters('defenderPlans')[copyIndex()]]", "properties": { - "allowVirtualNetworkAccess": true, - "allowForwardedTraffic": true, - "allowGatewayTransit": false, - "useRemoteGateways": false, - "remoteVirtualNetwork": { - "id": "[resourceId(parameters('existingRemoteVirtualNetworkResourceGroupName'), 'Microsoft.Network/virtualNetworks', parameters('existingRemoteVirtualNetworkName'))]" - } + "pricingTier": "[parameters('defenderSkuTier')]" + } + }, + { + "copy": { + "name": "defenderStandardNoSubplanNoExtensions", + "count": "[length(parameters('defenderPlans'))]", + "mode": "serial", + "batchSize": 1 + }, + "condition": "[and(equals(parameters('defenderSkuTier'), 'Standard'), not(equals(environment().name, 'AzureCloud')))]", + "type": "Microsoft.Security/pricings", + "apiVersion": "2023-01-01", + "name": "[parameters('defenderPlans')[copyIndex()]]", + "properties": { + "pricingTier": "[parameters('defenderSkuTier')]" + } + }, + { + "copy": { + "name": "defenderStandardSubplanExtensionsAzureCloud", + "count": "[length(parameters('defenderPlans'))]", + "mode": "serial", + "batchSize": 1 + }, + "condition": "[and(equals(parameters('defenderSkuTier'), 'Standard'), equals(environment().name, 'AzureCloud'))]", + "type": "Microsoft.Security/pricings", + "apiVersion": "2023-01-01", + "name": "[parameters('defenderPlans')[copyIndex()]]", + "properties": { + "pricingTier": "[parameters('defenderSkuTier')]", + "subPlan": "[if(contains(variables('defenderPaidPlanConfig')[environment().name][parameters('defenderPlans')[copyIndex()]], 'subPlan'), variables('defenderPaidPlanConfig')[environment().name][parameters('defenderPlans')[copyIndex()]].subPlan, json('null'))]", + "extensions": "[if(contains(variables('defenderPaidPlanConfig')[environment().name][parameters('defenderPlans')[copyIndex()]], 'extensions'), variables('defenderPaidPlanConfig')[environment().name][parameters('defenderPlans')[copyIndex()]].extensions, json('null'))]" + } + }, + { + "type": "Microsoft.Security/autoProvisioningSettings", + "apiVersion": "2019-01-01", + "name": "default", + "properties": { + "autoProvision": "[variables('autoProvisioning')]" + } + }, + { + "type": "Microsoft.Security/workspaceSettings", + "apiVersion": "2019-01-01", + "name": "default", + "properties": { + "workspaceId": "[parameters('logAnalyticsWorkspaceId')]", + "scope": "[subscription().id]" + } + }, + { + "condition": "[not(empty(parameters('emailSecurityContact')))]", + "type": "Microsoft.Security/securityContacts", + "apiVersion": "2020-01-01-preview", + "name": "default", + "properties": { + "notificationsByRole": { + "roles": [ + "AccountAdmin", + "Contributor", + "Owner", + "ServiceAdmin" + ], + "state": "On" + }, + "alertNotifications": { + "state": "On" + }, + "emails": "[parameters('emailSecurityContact')]" + } + }, + { + "type": "Microsoft.Authorization/policyAssignments", + "apiVersion": "2022-06-01", + "name": "Microsoft Cloud Security Benchmark", + "properties": { + "displayName": "Defender Default", + "description": "[parameters('policySetDescription')]", + "enforcementMode": "DoNotEnforce", + "parameters": {}, + "policyDefinitionId": "[tenantResourceId('Microsoft.Authorization/policySetDefinitions', '1f3afdf9-d0c9-4c3d-847f-89da613e70a8')]" } } ] } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('spokeSubscriptionId'), variables('spokeResourceGroup')), 'Microsoft.Resources/deployments', format('VirtualNetwork_{0}_{1}', parameters('index'), parameters('timestamp')))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('spokeSubscriptionId'), variables('spokeResourceGroup')), 'Microsoft.Resources/deployments', format('VirtualNetworkPeer_Hub_{0}_{1}', parameters('index'), parameters('timestamp')))]" - ] + } } ], "outputs": { + "diskEncryptionSetResourceId": { + "type": "string", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.diskEncryptionSetResourceId.value]" + }, + "keyVaultUri": { + "type": "string", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultUri.value]" + }, + "locatonProperties": { + "type": "object", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.locationProperties.value]" + }, + "mlzTags": { + "type": "object", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.mlzTags.value]" + }, + "namingConvention": { + "type": "object", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value[0].namingConvention]" + }, + "privateDnsZones": { + "type": "array", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.privateDnsZones.value]" + }, + "resourcePrefix": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('firewallResourceId'), '/')[2], split(parameters('firewallResourceId'), '/')[4]), 'Microsoft.Network/azureFirewalls', split(parameters('firewallResourceId'), '/')[8]), '2020-11-01', 'full').tags.resourcePrefix]" + }, + "storageEncryptionKeyName": { + "type": "string", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.storageKeyName.value]" + }, "subnetResourceId": { "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('spokeSubscriptionId'), variables('spokeResourceGroup')), 'Microsoft.Resources/deployments', format('VirtualNetwork_{0}_{1}', parameters('index'), parameters('timestamp'))), '2022-09-01').outputs.subnetResourceId.value]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.subnetResourceId.value]" + }, + "tier": { + "type": "object", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value[0]]" + }, + "tokens": { + "type": "object", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value]" + }, + "userAssignedIdentityResourceId": { + "type": "string", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.userAssignedIdentityResourceId.value]" } } } - }, - "dependsOn": [ - "[subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp')))]", - "rgs" - ] + } }, { - "condition": "[equals(length(variables('deploymentLocations')), 2)]", + "copy": { + "name": "rgs", + "count": "[length(variables('resourceGroupServices'))]" + }, "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('Network_Hosts_{0}', parameters('timestamp'))]", + "name": "[format('deploy-rg-{0}-{1}', variables('resourceGroupServices')[copyIndex()], parameters('deploymentNameSuffix'))]", "location": "[deployment().location]", "properties": { "expressionEvaluationOptions": { @@ -22489,40 +17624,13 @@ }, "mode": "Incremental", "parameters": { - "azureNetAppFilesSubnetAddressPrefix": "[if(and(not(empty(parameters('azureNetAppFilesSubnetAddressPrefix'))), equals(length(variables('deploymentLocations')), 2)), createObject('value', parameters('azureNetAppFilesSubnetAddressPrefix')), createObject('value', ''))]", - "disableBgpRoutePropagation": { - "value": "[parameters('disableBgpRoutePropagation')]" + "location": "[if(or(equals(variables('resourceGroupServices')[copyIndex()], 'controlPlane'), equals(variables('resourceGroupServices')[copyIndex()], 'feedWorkspace')), createObject('value', parameters('locationControlPlane')), createObject('value', parameters('locationVirtualMachines')))]", + "mlzTags": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.mlzTags.value]" }, - "hubAzureFirewallResourceId": { - "value": "[parameters('hubAzureFirewallResourceId')]" - }, - "hubVirtualNetworkResourceId": { - "value": "[parameters('hubVirtualNetworkResourceId')]" - }, - "index": { - "value": 1 - }, - "location": { - "value": "[variables('deploymentLocations')[1]]" - }, - "networkSecurityGroupName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.networkSecurityGroupNames[1]]" - }, - "resourceGroupNetwork": "[if(equals(length(variables('deploymentLocations')), 1), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.resourceGroupsNetwork[0]), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.resourceGroupsNetwork[1]))]", - "routeTableName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.routeTableNames[1]]" - }, - "subnetAddressPrefixes": { - "value": "[parameters('subnetAddressPrefixes')]" - }, - "timestamp": { - "value": "[parameters('timestamp')]" - }, - "virtualNetworkAddressPrefixes": { - "value": "[parameters('virtualNetworkAddressPrefixes')]" - }, - "virtualNetworkName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.virtualNetworkNames[1]]" + "name": "[if(and(equals(length(variables('deploymentLocations')), 2), or(equals(variables('resourceGroupServices')[copyIndex()], 'controlPlane'), equals(variables('resourceGroupServices')[copyIndex()], 'feedWorkspace'))), createObject('value', replace(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-session-hosts-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.namingConvention.value.resourceGroup, reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-session-hosts-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value.service, variables('resourceGroupServices')[copyIndex()])), if(equals(variables('resourceGroupServices')[copyIndex()], 'globalWorkspace'), createObject('value', replace(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-session-hosts-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.namingConvention.value.resourceGroup, reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-session-hosts-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value.service, variables('resourceGroupServices')[copyIndex()])), createObject('value', replace(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.namingConvention.value.resourceGroup, reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value.service, variables('resourceGroupServices')[copyIndex()]))))]", + "tags": { + "value": "[parameters('tags')]" } }, "template": { @@ -22531,499 +17639,63 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "4854107194195472449" + "version": "0.27.1.19265", + "templateHash": "11578255285976861685" } }, "parameters": { - "azureNetAppFilesSubnetAddressPrefix": { - "type": "string" - }, - "disableBgpRoutePropagation": { - "type": "bool" - }, - "hubAzureFirewallResourceId": { - "type": "string" + "mlzTags": { + "type": "object" }, - "hubVirtualNetworkResourceId": { + "name": { "type": "string" }, - "index": { - "type": "int" - }, "location": { "type": "string" }, - "networkSecurityGroupName": { - "type": "string" - }, - "subnetAddressPrefixes": { - "type": "array" - }, - "resourceGroupNetwork": { - "type": "string" - }, - "routeTableName": { - "type": "string" - }, - "timestamp": { - "type": "string" - }, - "virtualNetworkAddressPrefixes": { - "type": "array" - }, - "virtualNetworkName": { - "type": "string" - } - }, - "variables": { - "hubSubscriptionId": "[split(parameters('hubVirtualNetworkResourceId'), '/')[2]]", - "hubVirtualNetworkName": "[split(parameters('hubVirtualNetworkResourceId'), '/')[8]]", - "hubVirtualNetworkResourceGroupName": "[split(parameters('hubVirtualNetworkResourceId'), '/')[4]]", - "networkSecurityGroupSecurityRules": [], - "spokeResourceGroup": "[parameters('resourceGroupNetwork')]", - "spokeSubscriptionId": "[subscription().subscriptionId]", - "subnets": "[union(variables('subnetWorkload'), variables('subnetAnf'))]", - "subnetAnf": "[if(empty(parameters('azureNetAppFilesSubnetAddressPrefix')), createArray(), createArray(createObject('name', 'AzureNetAppFiles', 'addressPrefix', parameters('azureNetAppFilesSubnetAddressPrefix'), 'delegations', createArray(createObject('name', 'Microsoft.Netapp.volumes', 'id', format('{0}/delegations/Microsoft.Netapp.volumes', resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), 'AzureNetAppFiles')), 'properties', createObject('serviceName', 'Microsoft.Netapp/volumes'), 'type', 'Microsoft.Network/virtualNetworks/subnets/delegations')), 'privateEndpointNetworkPolicies', 'Disabled', 'privateLinkServiceNetworkPolicies', 'Disabled', 'networkSecurityGroupName', parameters('networkSecurityGroupName'))))]", - "subnetWorkload": [ - { - "name": "AzureVirtualDesktop", - "addressPrefix": "[parameters('subnetAddressPrefixes')[parameters('index')]]", - "delegations": [], - "privateEndpointNetworkPolicies": "Disabled", - "privateLinkServiceNetworkPolicies": "Disabled", - "networkSecurityGroupName": "[parameters('networkSecurityGroupName')]" - } - ] - }, - "resources": [ - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('UserDefinedRoute_{0}_{1}', parameters('index'), parameters('timestamp'))]", - "subscriptionId": "[variables('spokeSubscriptionId')]", - "resourceGroup": "[variables('spokeResourceGroup')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "azureFirewallIpAddress": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('hubAzureFirewallResourceId'), '/')[2], split(parameters('hubAzureFirewallResourceId'), '/')[4]), 'Microsoft.Network/azureFirewalls', split(parameters('hubAzureFirewallResourceId'), '/')[8]), '2023-05-01').ipConfigurations[0].properties.privateIPAddress]" - }, - "disableBgpRoutePropagation": { - "value": "[parameters('disableBgpRoutePropagation')]" - }, - "location": { - "value": "[parameters('location')]" - }, - "udrName": { - "value": "[parameters('routeTableName')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "4935757515139091083" - } - }, - "parameters": { - "azureFirewallIpAddress": { - "type": "string" - }, - "disableBgpRoutePropagation": { - "type": "bool" - }, - "location": { - "type": "string" - }, - "udrName": { - "type": "string" - } - }, - "resources": [ - { - "type": "Microsoft.Network/routeTables", - "apiVersion": "2021-05-01", - "name": "[parameters('udrName')]", - "location": "[parameters('location')]", - "properties": { - "disableBgpRoutePropagation": "[parameters('disableBgpRoutePropagation')]", - "routes": [ - { - "name": "default", - "properties": { - "addressPrefix": "0.0.0.0/0", - "hasBgpOverride": false, - "nextHopIpAddress": "[parameters('azureFirewallIpAddress')]", - "nextHopType": "VirtualAppliance" - } - } - ] - } - } - ], - "outputs": { - "name": { - "type": "string", - "value": "[parameters('udrName')]" - }, - "id": { - "type": "string", - "value": "[resourceId('Microsoft.Network/routeTables', parameters('udrName'))]" - } - } - } - } - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('NetworkSecurityGroup_{0}_{1}', parameters('index'), parameters('timestamp'))]", - "subscriptionId": "[variables('spokeSubscriptionId')]", - "resourceGroup": "[variables('spokeResourceGroup')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "location": { - "value": "[parameters('location')]" - }, - "networkSecurityGroupName": { - "value": "[parameters('networkSecurityGroupName')]" - }, - "networkSecurityGroupSecurityRules": { - "value": "[variables('networkSecurityGroupSecurityRules')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "5292228865068295142" - } - }, - "parameters": { - "networkSecurityGroupSecurityRules": { - "type": "array" - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]" - }, - "networkSecurityGroupName": { - "type": "string" - } - }, - "resources": [ - { - "type": "Microsoft.Network/networkSecurityGroups", - "apiVersion": "2020-11-01", - "name": "[parameters('networkSecurityGroupName')]", - "location": "[parameters('location')]", - "properties": { - "copy": [ - { - "name": "securityRules", - "count": "[length(parameters('networkSecurityGroupSecurityRules'))]", - "input": { - "name": "[parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].name]", - "properties": { - "access": "[parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.access]", - "destinationAddressPrefix": "[if(equals(parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.destinationAddressPrefix, ''), null(), parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.destinationAddressPrefix)]", - "destinationAddressPrefixes": "[if(equals(length(parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.destinationAddressPrefixes), 0), null(), parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.destinationAddressPrefixes)]", - "destinationPortRanges": "[if(equals(length(parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.destinationPortRanges), 0), null(), parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.destinationPortRanges)]", - "destinationPortRange": "[if(equals(parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.destinationPortRange, ''), null(), parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.destinationPortRange)]", - "direction": "[parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.direction]", - "priority": "[int(parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.priority)]", - "protocol": "[parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.protocol]", - "sourceAddressPrefix": "[if(equals(parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.sourceAddressPrefix, ''), null(), parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.sourceAddressPrefix)]", - "sourcePortRanges": "[if(equals(length(parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.sourcePortRanges), 0), null(), parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.sourcePortRanges)]", - "sourcePortRange": "[parameters('networkSecurityGroupSecurityRules')[copyIndex('securityRules')].properties.sourcePortRange]" - } - } - } - ] - } - } - ] - } - } - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('VirtualNetwork_{0}_{1}', parameters('index'), parameters('timestamp'))]", - "subscriptionId": "[variables('spokeSubscriptionId')]", - "resourceGroup": "[variables('spokeResourceGroup')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "dnsServers": "[if(contains(reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hubSubscriptionId'), variables('hubVirtualNetworkResourceGroupName')), 'Microsoft.Network/virtualNetworks', variables('hubVirtualNetworkName')), '2023-05-01'), 'dhcpOptions'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hubSubscriptionId'), variables('hubVirtualNetworkResourceGroupName')), 'Microsoft.Network/virtualNetworks', variables('hubVirtualNetworkName')), '2023-05-01').dhcpOptions.dnsServers), createObject('value', createArray()))]", - "location": { - "value": "[parameters('location')]" - }, - "subnets": { - "value": "[variables('subnets')]" - }, - "udrName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('spokeSubscriptionId'), variables('spokeResourceGroup')), 'Microsoft.Resources/deployments', format('UserDefinedRoute_{0}_{1}', parameters('index'), parameters('timestamp'))), '2022-09-01').outputs.name.value]" - }, - "virtualNetworkName": { - "value": "[parameters('virtualNetworkName')]" - }, - "vNetAddressPrefixes": { - "value": [ - "[parameters('virtualNetworkAddressPrefixes')[parameters('index')]]" - ] - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "916118672509994488" - } - }, - "parameters": { - "dnsServers": { - "type": "array" - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]" - }, - "virtualNetworkName": { - "type": "string" - }, - "subnets": { - "type": "array" - }, - "udrName": { - "type": "string" - }, - "vNetAddressPrefixes": { - "type": "array" - } - }, - "resources": [ - { - "type": "Microsoft.Network/virtualNetworks", - "apiVersion": "2020-11-01", - "name": "[parameters('virtualNetworkName')]", - "location": "[parameters('location')]", - "properties": { - "copy": [ - { - "name": "subnets", - "count": "[length(parameters('subnets'))]", - "input": { - "name": "[parameters('subnets')[copyIndex('subnets')].name]", - "properties": { - "addressPrefix": "[parameters('subnets')[copyIndex('subnets')].addressPrefix]", - "delegations": "[parameters('subnets')[copyIndex('subnets')].delegations]", - "networkSecurityGroup": "[if(empty(parameters('subnets')[copyIndex('subnets')].networkSecurityGroupName), null(), json(format('{{\"id\": \"{0}\"}}', resourceId('Microsoft.Network/networkSecurityGroups', parameters('subnets')[copyIndex('subnets')].networkSecurityGroupName))))]", - "privateEndpointNetworkPolicies": "[parameters('subnets')[copyIndex('subnets')].privateEndpointNetworkPolicies]", - "privateLinkServiceNetworkPolicies": "[parameters('subnets')[copyIndex('subnets')].privateLinkServiceNetworkPolicies]", - "routeTable": { - "id": "[resourceId('Microsoft.Network/routeTables', parameters('udrName'))]" - } - } - } - } - ], - "addressSpace": { - "addressPrefixes": "[parameters('vNetAddressPrefixes')]" - }, - "dhcpOptions": "[if(not(empty(parameters('dnsServers'))), createObject('dnsServers', parameters('dnsServers')), null())]" - } - } - ], - "outputs": { - "virtualNetworkName": { - "type": "string", - "value": "[parameters('virtualNetworkName')]" - }, - "virtualNetworkResourceId": { - "type": "string", - "value": "[resourceId('Microsoft.Network/virtualNetworks', parameters('virtualNetworkName'))]" - }, - "subnetResourceId": { - "type": "string", - "value": "[reference(resourceId('Microsoft.Network/virtualNetworks', parameters('virtualNetworkName')), '2020-11-01').subnets[0].id]" - } - } - } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('spokeSubscriptionId'), variables('spokeResourceGroup')), 'Microsoft.Resources/deployments', format('UserDefinedRoute_{0}_{1}', parameters('index'), parameters('timestamp')))]" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('VirtualNetworkPeer_Hub_{0}_{1}', parameters('index'), parameters('timestamp'))]", - "subscriptionId": "[variables('spokeSubscriptionId')]", - "resourceGroup": "[variables('spokeResourceGroup')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "existingLocalVirtualNetworkName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('spokeSubscriptionId'), variables('spokeResourceGroup')), 'Microsoft.Resources/deployments', format('VirtualNetwork_{0}_{1}', parameters('index'), parameters('timestamp'))), '2022-09-01').outputs.virtualNetworkName.value]" - }, - "existingRemoteVirtualNetworkName": { - "value": "[variables('hubVirtualNetworkName')]" - }, - "existingRemoteVirtualNetworkResourceGroupName": { - "value": "[variables('hubVirtualNetworkResourceGroupName')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "179497505162655304" - } - }, - "parameters": { - "existingLocalVirtualNetworkName": { - "type": "string" - }, - "existingRemoteVirtualNetworkName": { - "type": "string" - }, - "existingRemoteVirtualNetworkResourceGroupName": { - "type": "string" - } - }, - "resources": [ - { - "type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings", - "apiVersion": "2021-02-01", - "name": "[format('{0}/{1}', parameters('existingLocalVirtualNetworkName'), parameters('existingRemoteVirtualNetworkName'))]", - "properties": { - "allowVirtualNetworkAccess": true, - "allowForwardedTraffic": true, - "allowGatewayTransit": false, - "useRemoteGateways": false, - "remoteVirtualNetwork": { - "id": "[resourceId(parameters('existingRemoteVirtualNetworkResourceGroupName'), 'Microsoft.Network/virtualNetworks', parameters('existingRemoteVirtualNetworkName'))]" - } - } - } - ] - } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('spokeSubscriptionId'), variables('spokeResourceGroup')), 'Microsoft.Resources/deployments', format('VirtualNetwork_{0}_{1}', parameters('index'), parameters('timestamp')))]" - ] - }, + "tags": { + "type": "object", + "defaultValue": {} + } + }, + "resources": [ { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('VirtualNetworkPeer_Spoke_{0}_{1}', parameters('index'), parameters('timestamp'))]", - "subscriptionId": "[variables('hubSubscriptionId')]", - "resourceGroup": "[variables('hubVirtualNetworkResourceGroupName')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "existingLocalVirtualNetworkName": { - "value": "[variables('hubVirtualNetworkName')]" - }, - "existingRemoteVirtualNetworkName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('spokeSubscriptionId'), variables('spokeResourceGroup')), 'Microsoft.Resources/deployments', format('VirtualNetwork_{0}_{1}', parameters('index'), parameters('timestamp'))), '2022-09-01').outputs.virtualNetworkName.value]" - }, - "existingRemoteVirtualNetworkResourceGroupName": { - "value": "[variables('spokeResourceGroup')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "179497505162655304" - } - }, - "parameters": { - "existingLocalVirtualNetworkName": { - "type": "string" - }, - "existingRemoteVirtualNetworkName": { - "type": "string" - }, - "existingRemoteVirtualNetworkResourceGroupName": { - "type": "string" - } - }, - "resources": [ - { - "type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings", - "apiVersion": "2021-02-01", - "name": "[format('{0}/{1}', parameters('existingLocalVirtualNetworkName'), parameters('existingRemoteVirtualNetworkName'))]", - "properties": { - "allowVirtualNetworkAccess": true, - "allowForwardedTraffic": true, - "allowGatewayTransit": false, - "useRemoteGateways": false, - "remoteVirtualNetwork": { - "id": "[resourceId(parameters('existingRemoteVirtualNetworkResourceGroupName'), 'Microsoft.Network/virtualNetworks', parameters('existingRemoteVirtualNetworkName'))]" - } - } - } - ] - } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('spokeSubscriptionId'), variables('spokeResourceGroup')), 'Microsoft.Resources/deployments', format('VirtualNetwork_{0}_{1}', parameters('index'), parameters('timestamp')))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('spokeSubscriptionId'), variables('spokeResourceGroup')), 'Microsoft.Resources/deployments', format('VirtualNetworkPeer_Hub_{0}_{1}', parameters('index'), parameters('timestamp')))]" - ] + "type": "Microsoft.Resources/resourceGroups", + "apiVersion": "2019-05-01", + "name": "[parameters('name')]", + "location": "[parameters('location')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Resources/resourceGroups'), parameters('tags')['Microsoft.Resources/resourceGroups'], createObject()), parameters('mlzTags'))]" } ], "outputs": { - "subnetResourceId": { + "id": { + "type": "string", + "value": "[subscriptionResourceId('Microsoft.Resources/resourceGroups', parameters('name'))]" + }, + "name": { + "type": "string", + "value": "[parameters('name')]" + }, + "location": { "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('spokeSubscriptionId'), variables('spokeResourceGroup')), 'Microsoft.Resources/deployments', format('VirtualNetwork_{0}_{1}', parameters('index'), parameters('timestamp'))), '2022-09-01').outputs.subnetResourceId.value]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/resourceGroups', parameters('name')), '2019-05-01', 'full').location]" + }, + "tags": { + "type": "object", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/resourceGroups', parameters('name')), '2019-05-01', 'full').tags]" } } } }, "dependsOn": [ - "[subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp')))]", - "rgs" + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-session-hosts-{0}', parameters('deploymentNameSuffix')))]" ] }, { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('Management_{0}', parameters('timestamp'))]", + "name": "[format('deploy-management-{0}', parameters('deploymentNameSuffix'))]", "location": "[deployment().location]", "properties": { "expressionEvaluationOptions": { @@ -23040,45 +17712,22 @@ "artifactsUri": { "value": "[variables('artifactsUri')]" }, - "automationAccountDiagnosticSettingName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.automationAccountDiagnosticSettingName]" - }, - "automationAccountName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.automationAccountName]" - }, - "automationAccountNetworkInterfaceName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.automationAccountNetworkInterfaceName]" - }, - "automationAccountPrivateDnsZoneResourceId": { - "value": "[format('{0}{1}', variables('privateDnsZoneResourceIdPrefix'), reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.azureAutomationPrivateDnsZoneName)]" - }, - "automationAccountPrivateEndpointName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.automationAccountPrivateEndpointName]" - }, "availability": { "value": "[parameters('availability')]" }, "avdObjectId": { "value": "[parameters('avdObjectId')]" }, - "azureBlobsPrivateDnsZoneResourceId": { - "value": "[format('{0}{1}', variables('privateDnsZoneResourceIdPrefix'), reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.blobPrivateDnsZoneName)]" - }, "azurePowerShellModuleMsiName": { "value": "[parameters('azurePowerShellModuleMsiName')]" }, - "azureQueueStoragePrivateDnsZoneResourceId": { - "value": "[format('{0}{1}', variables('privateDnsZoneResourceIdPrefix'), reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.queuePrivateDnsZoneName)]" + "deployFslogix": { + "value": "[variables('deployFslogix')]" }, - "dataCollectionRuleName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.dataCollectionRuleName]" - }, - "diskEncryptionSetName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.diskEncryptionSetName]" - }, - "diskNamePrefix": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.diskNamePrefix]" + "deploymentNameSuffix": { + "value": "[parameters('deploymentNameSuffix')]" }, + "diskEncryptionSetResourceId": "[if(equals(length(variables('deploymentLocations')), 2), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-session-hosts-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.diskEncryptionSetResourceId.value), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.diskEncryptionSetResourceId.value))]", "diskSku": { "value": "[parameters('diskSku')]" }, @@ -23094,124 +17743,77 @@ "enableMonitoring": { "value": "[parameters('monitoring')]" }, - "environmentAbbreviation": { - "value": "[parameters('environmentAbbreviation')]" - }, - "fslogix": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp'))), '2022-09-01').outputs.fslogix.value]" - }, "fslogixStorageService": { "value": "[parameters('fslogixStorageService')]" }, - "hostPoolName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.hostPoolName]" - }, "hostPoolType": { "value": "[parameters('hostPoolType')]" }, - "imageDefinitionResourceId": { - "value": "[parameters('imageDefinitionResourceId')]" - }, - "keyVaultName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.keyVaultName]" - }, - "keyVaultNetworkInterfaceName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.keyVaultNetworkInterfaceName]" - }, - "keyVaultPrivateDnsZoneResourceId": { - "value": "[format('{0}{1}', variables('privateDnsZoneResourceIdPrefix'), reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.keyVaultPrivateDnsZoneName)]" - }, - "keyVaultPrivateEndpointName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.keyVaultPrivateEndpointName]" + "imageVersionResourceId": { + "value": "[parameters('imageVersionResourceId')]" }, "locationVirtualMachines": { "value": "[parameters('locationVirtualMachines')]" }, - "logAnalyticsWorkspaceName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.logAnalyticsWorkspaceName]" - }, "logAnalyticsWorkspaceRetention": { "value": "[parameters('logAnalyticsWorkspaceRetention')]" }, "logAnalyticsWorkspaceSku": { "value": "[parameters('logAnalyticsWorkspaceSku')]" }, - "networkInterfaceNamePrefix": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.networkInterfaceNamePrefix]" - }, - "networkName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.networkName.value]" + "mlzTags": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.mlzTags.value]" }, + "namingConvention": "[if(equals(length(variables('deploymentLocations')), 2), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-session-hosts-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.namingConvention.value), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.namingConvention.value))]", "organizationalUnitPath": { "value": "[parameters('organizationalUnitPath')]" }, - "recoveryServices": { - "value": "[parameters('recoveryServices')]" - }, - "recoveryServicesPrivateDnsZoneResourceId": { - "value": "[format('{0}{1}', variables('privateDnsZoneResourceIdPrefix'), reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.backupPrivateDnsZoneName)]" - }, - "recoveryServicesVaultName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.recoveryServicesVaultName]" + "privateDnsZoneResourceIdPrefix": { + "value": "[variables('privateDnsZoneResourceIdPrefix')]" }, - "recoveryServicesVaultNetworkInterfaceName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.recoveryServicesVaultNetworkInterfaceName]" + "privateDnsZones": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.privateDnsZones.value]" }, - "recoveryServicesVaultPrivateEndpointName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.recoveryServicesVaultPrivateEndpointName]" + "recoveryServices": { + "value": "[parameters('recoveryServices')]" }, + "recoveryServicesGeo": "[if(equals(length(variables('deploymentLocations')), 2), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-session-hosts-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.locatonProperties.value.recoveryServicesGeo), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.locatonProperties.value.recoveryServicesGeo))]", "resourceGroupControlPlane": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.resourceGroupControlPlane]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', variables('resourceGroupServices')[0], parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" }, "resourceGroupFeedWorkspace": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.resourceGroupFeedWorkspace]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', variables('resourceGroupServices')[1], parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" }, "resourceGroupHosts": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.resourceGroupHosts]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', variables('resourceGroupServices')[2], parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" }, "resourceGroupManagement": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.resourceGroupManagement]" - }, - "resourceGroupStorage": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.resourceGroupStorage]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', variables('resourceGroupServices')[3], parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" }, + "resourceGroupStorage": "[if(variables('deployFslogix'), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', variables('resourceGroupServices')[4], parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value), createObject('value', ''))]", "roleDefinitions": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp'))), '2022-09-01').outputs.roleDefinitions.value]" + "value": "[variables('roleDefinitions')]" }, "scalingTool": { "value": "[parameters('scalingTool')]" }, - "securityLogAnalyticsWorkspaceResourceId": { - "value": "[parameters('securityLogAnalyticsWorkspaceResourceId')]" - }, - "serviceName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.serviceName.value]" + "serviceToken": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value.service]" }, "sessionHostCount": { "value": "[parameters('sessionHostCount')]" }, "storageService": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp'))), '2022-09-01').outputs.storageService.value]" + "value": "[variables('storageService')]" }, - "subnetResourceId": "[if(equals(length(variables('deploymentLocations')), 1), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Network_ControlPlane_{0}', parameters('timestamp'))), '2022-09-01').outputs.subnetResourceId.value), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Network_Hosts_{0}', parameters('timestamp'))), '2022-09-01').outputs.subnetResourceId.value))]", + "subnetResourceId": "[if(equals(length(variables('deploymentLocations')), 2), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-session-hosts-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.subnetResourceId.value), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.subnetResourceId.value))]", "tags": { "value": "[parameters('tags')]" }, - "timestamp": { - "value": "[parameters('timestamp')]" - }, - "timeZone": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp'))), '2022-09-01').outputs.timeZone.value]" - }, - "userAssignedIdentityNamePrefix": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.userAssignedIdentityNamePrefix]" - }, + "timeZone": "[if(equals(length(variables('deploymentLocations')), 2), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-session-hosts-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.locatonProperties.value.timeZone), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.locatonProperties.value.timeZone))]", "virtualMachineMonitoringAgent": { "value": "[parameters('virtualMachineMonitoringAgent')]" }, - "virtualMachineNamePrefix": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.virtualMachineNamePrefix]" - }, "virtualMachinePassword": { "value": "[parameters('virtualMachinePassword')]" }, @@ -23220,9 +17822,6 @@ }, "virtualMachineUsername": { "value": "[parameters('virtualMachineUsername')]" - }, - "workspaceFeedName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.workspaceFeedName]" } }, "template": { @@ -23231,8 +17830,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "6022508601857380127" + "version": "0.27.1.19265", + "templateHash": "16878648559668656577" } }, "parameters": { @@ -23245,43 +17844,16 @@ "artifactsStorageAccountResourceId": { "type": "string" }, - "automationAccountDiagnosticSettingName": { - "type": "string" - }, - "automationAccountName": { - "type": "string" - }, - "automationAccountNetworkInterfaceName": { - "type": "string" - }, - "automationAccountPrivateDnsZoneResourceId": { - "type": "string" - }, - "automationAccountPrivateEndpointName": { - "type": "string" - }, "availability": { "type": "string" }, "avdObjectId": { "type": "string" }, - "azureBlobsPrivateDnsZoneResourceId": { - "type": "string" - }, "azurePowerShellModuleMsiName": { "type": "string" }, - "azureQueueStoragePrivateDnsZoneResourceId": { - "type": "string" - }, - "dataCollectionRuleName": { - "type": "string" - }, - "diskNamePrefix": { - "type": "string" - }, - "diskEncryptionSetName": { + "deploymentNameSuffix": { "type": "string" }, "diskSku": { @@ -23299,70 +17871,49 @@ "enableMonitoring": { "type": "bool" }, - "environmentAbbreviation": { - "type": "string" - }, - "fslogix": { + "deployFslogix": { "type": "bool" }, - "fslogixStorageService": { + "diskEncryptionSetResourceId": { "type": "string" }, - "hostPoolName": { + "fslogixStorageService": { "type": "string" }, "hostPoolType": { "type": "string" }, - "imageDefinitionResourceId": { - "type": "string" - }, - "keyVaultName": { - "type": "string" - }, - "keyVaultNetworkInterfaceName": { - "type": "string" - }, - "keyVaultPrivateDnsZoneResourceId": { - "type": "string" - }, - "keyVaultPrivateEndpointName": { + "imageVersionResourceId": { "type": "string" }, "locationVirtualMachines": { "type": "string" }, - "logAnalyticsWorkspaceName": { - "type": "string" - }, "logAnalyticsWorkspaceRetention": { "type": "int" }, "logAnalyticsWorkspaceSku": { "type": "string" }, - "networkInterfaceNamePrefix": { - "type": "string" + "mlzTags": { + "type": "object" }, - "networkName": { - "type": "string" + "namingConvention": { + "type": "object" }, "organizationalUnitPath": { "type": "string" }, - "recoveryServices": { - "type": "bool" - }, - "recoveryServicesPrivateDnsZoneResourceId": { + "privateDnsZoneResourceIdPrefix": { "type": "string" }, - "recoveryServicesVaultName": { - "type": "string" + "privateDnsZones": { + "type": "array" }, - "recoveryServicesVaultNetworkInterfaceName": { - "type": "string" + "recoveryServices": { + "type": "bool" }, - "recoveryServicesVaultPrivateEndpointName": { + "recoveryServicesGeo": { "type": "string" }, "resourceGroupControlPlane": { @@ -23386,10 +17937,7 @@ "scalingTool": { "type": "bool" }, - "securityLogAnalyticsWorkspaceResourceId": { - "type": "string" - }, - "serviceName": { + "serviceToken": { "type": "string" }, "sessionHostCount": { @@ -23404,21 +17952,12 @@ "tags": { "type": "object" }, - "timestamp": { - "type": "string" - }, "timeZone": { "type": "string" }, - "userAssignedIdentityNamePrefix": { - "type": "string" - }, "virtualMachineMonitoringAgent": { "type": "string" }, - "virtualMachineNamePrefix": { - "type": "string" - }, "virtualMachinePassword": { "type": "securestring" }, @@ -23427,48 +17966,14 @@ }, "virtualMachineSize": { "type": "string" - }, - "workspaceFeedName": { - "type": "string" } }, "variables": { + "hostPoolName": "[parameters('namingConvention').hostPool]", + "userAssignedIdentityNamePrefix": "[parameters('namingConvention').userAssignedIdentity]", "CpuCountMax": "[if(contains(parameters('hostPoolType'), 'Pooled'), 32, 128)]", "CpuCountMin": "[if(contains(parameters('hostPoolType'), 'Pooled'), 4, 2)]", - "roleAssignments": "[union(variables('roleAssignmentsCommon'), variables('roleAssignmentStorage'))]", - "roleAssignmentsCommon": [ - { - "roleDefinitionId": "f353d9bd-d4a6-484e-a77a-8050b599b867", - "resourceGroup": "[parameters('resourceGroupManagement')]", - "subscription": "[subscription().subscriptionId]" - }, - { - "roleDefinitionId": "86240b0e-9422-4c43-887b-b61143f32ba8", - "resourceGroup": "[parameters('resourceGroupControlPlane')]", - "subscription": "[subscription().subscriptionId]" - }, - { - "roleDefinitionId": "2ad6aaab-ead9-4eaa-8ac5-da422f562408", - "resourceGroup": "[parameters('resourceGroupControlPlane')]", - "subscription": "[subscription().subscriptionId]" - }, - { - "roleDefinitionId": "a959dbd1-f747-45e3-8ba6-dd80f235f97c", - "resourceGroup": "[parameters('resourceGroupManagement')]", - "subscription": "[subscription().subscriptionId]" - }, - { - "roleDefinitionId": "21efdde3-836f-432b-bf3d-3e8e734d4b2b", - "resourceGroup": "[parameters('resourceGroupFeedWorkspace')]", - "subscription": "[subscription().subscriptionId]" - }, - { - "roleDefinitionId": "2a2b9908-6ea1-4ae2-8e65-a410df84e7d1", - "resourceGroup": "[split(parameters('artifactsStorageAccountResourceId'), '/')[4]]", - "subscription": "[split(parameters('artifactsStorageAccountResourceId'), '/')[2]]" - } - ], - "roleAssignmentStorage": "[if(parameters('fslogix'), createArray(createObject('roleDefinitionId', '17d1049b-9a84-46fb-8f53-869881c3d3ab', 'resourceGroup', parameters('resourceGroupStorage'), 'subscription', subscription().subscriptionId)), createArray())]", + "roleAssignments": "[union(createArray(createObject('roleDefinitionId', 'f353d9bd-d4a6-484e-a77a-8050b599b867', 'resourceGroup', parameters('resourceGroupManagement'), 'subscription', subscription().subscriptionId), createObject('roleDefinitionId', '86240b0e-9422-4c43-887b-b61143f32ba8', 'resourceGroup', parameters('resourceGroupControlPlane'), 'subscription', subscription().subscriptionId), createObject('roleDefinitionId', '2ad6aaab-ead9-4eaa-8ac5-da422f562408', 'resourceGroup', parameters('resourceGroupControlPlane'), 'subscription', subscription().subscriptionId), createObject('roleDefinitionId', 'a959dbd1-f747-45e3-8ba6-dd80f235f97c', 'resourceGroup', parameters('resourceGroupManagement'), 'subscription', subscription().subscriptionId), createObject('roleDefinitionId', '21efdde3-836f-432b-bf3d-3e8e734d4b2b', 'resourceGroup', parameters('resourceGroupFeedWorkspace'), 'subscription', subscription().subscriptionId), createObject('roleDefinitionId', '2a2b9908-6ea1-4ae2-8e65-a410df84e7d1', 'resourceGroup', split(parameters('artifactsStorageAccountResourceId'), '/')[4], 'subscription', split(parameters('artifactsStorageAccountResourceId'), '/')[2])), if(parameters('deployFslogix'), createArray(createObject('roleDefinitionId', '17d1049b-9a84-46fb-8f53-869881c3d3ab', 'resourceGroup', parameters('resourceGroupStorage'), 'subscription', subscription().subscriptionId)), createArray()))]", "VirtualNetworkName": "[split(parameters('subnetResourceId'), '/')[8]]", "VirtualNetworkResourceGroupName": "[split(parameters('subnetResourceId'), '/')[4]]" }, @@ -23476,14 +17981,14 @@ { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "name": "[guid(format('{0}-deployment', parameters('userAssignedIdentityNamePrefix')), parameters('roleDefinitions').Reader, subscription().id)]", + "name": "[guid(replace(variables('userAssignedIdentityNamePrefix'), parameters('serviceToken'), 'deployment'), parameters('roleDefinitions').Reader, subscription().id)]", "properties": { "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', parameters('roleDefinitions').Reader)]", - "principalId": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('UserAssignedIdentity_{0}', parameters('timestamp'))), '2022-09-01').outputs.principalId.value]", + "principalId": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-id-deployment-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.principalId.value]", "principalType": "ServicePrincipal" }, "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('UserAssignedIdentity_{0}', parameters('timestamp')))]" + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-id-deployment-{0}', parameters('deploymentNameSuffix')))]" ] }, { @@ -23499,7 +18004,7 @@ "condition": "[and(contains(parameters('hostPoolType'), 'Pooled'), parameters('recoveryServices'))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('Policy_{0}', parameters('timestamp'))]", + "name": "[format('deploy-policy-disks-{0}', parameters('deploymentNameSuffix'))]", "location": "[deployment().location]", "properties": { "expressionEvaluationOptions": { @@ -23520,8 +18025,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "5228143118731605715" + "version": "0.27.1.19265", + "templateHash": "17437938337622016202" } }, "parameters": { @@ -23601,8 +18106,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "18059007592692951032" + "version": "0.27.1.19265", + "templateHash": "9958180890314209726" } }, "parameters": { @@ -23647,7 +18152,7 @@ { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('UserAssignedIdentity_{0}', parameters('timestamp'))]", + "name": "[format('deploy-id-deployment-{0}', parameters('deploymentNameSuffix'))]", "resourceGroup": "[parameters('resourceGroupManagement')]", "properties": { "expressionEvaluationOptions": { @@ -23659,9 +18164,11 @@ "value": "[parameters('locationVirtualMachines')]" }, "name": { - "value": "[replace(parameters('userAssignedIdentityNamePrefix'), parameters('serviceName'), 'deployment')]" + "value": "[replace(variables('userAssignedIdentityNamePrefix'), parameters('serviceToken'), 'deployment')]" }, - "tags": "[if(contains(parameters('tags'), 'Microsoft.ManagedIdentity/userAssignedIdentities'), createObject('value', parameters('tags')['Microsoft.ManagedIdentity/userAssignedIdentities']), createObject('value', createObject()))]" + "tags": { + "value": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupControlPlane'), variables('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.ManagedIdentity/userAssignedIdentities'), parameters('tags')['Microsoft.ManagedIdentity/userAssignedIdentities'], createObject()), parameters('mlzTags'))]" + } }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", @@ -23669,8 +18176,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "16458244474307002592" + "version": "0.27.1.19265", + "templateHash": "17434071438759696167" } }, "parameters": { @@ -23717,7 +18224,7 @@ }, "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('RoleAssignment_{0}_{1}', range(0, length(variables('roleAssignments')))[copyIndex()], parameters('timestamp'))]", + "name": "[format('deploy-role-assignment-{0}-{1}', range(0, length(variables('roleAssignments')))[copyIndex()], parameters('deploymentNameSuffix'))]", "subscriptionId": "[variables('roleAssignments')[range(0, length(variables('roleAssignments')))[copyIndex()]].subscription]", "resourceGroup": "[variables('roleAssignments')[range(0, length(variables('roleAssignments')))[copyIndex()]].resourceGroup]", "properties": { @@ -23726,13 +18233,13 @@ }, "mode": "Incremental", "parameters": { - "PrincipalId": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('UserAssignedIdentity_{0}', parameters('timestamp'))), '2022-09-01').outputs.principalId.value]" + "principalId": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-id-deployment-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.principalId.value]" }, - "PrincipalType": { + "principalType": { "value": "ServicePrincipal" }, - "RoleDefinitionId": { + "roleDefinitionId": { "value": "[variables('roleAssignments')[range(0, length(variables('roleAssignments')))[copyIndex()]].roleDefinitionId]" } }, @@ -23742,18 +18249,18 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "12785629321959268271" + "version": "0.27.1.19265", + "templateHash": "936749082468094105" } }, "parameters": { - "PrincipalId": { + "principalId": { "type": "string" }, - "PrincipalType": { + "principalType": { "type": "string" }, - "RoleDefinitionId": { + "roleDefinitionId": { "type": "string" } }, @@ -23761,24 +18268,24 @@ { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "name": "[guid(parameters('PrincipalId'), parameters('RoleDefinitionId'), resourceGroup().id)]", + "name": "[guid(parameters('principalId'), parameters('roleDefinitionId'), resourceGroup().id)]", "properties": { - "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', parameters('RoleDefinitionId'))]", - "principalId": "[parameters('PrincipalId')]", - "principalType": "[parameters('PrincipalType')]" + "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', parameters('roleDefinitionId'))]", + "principalId": "[parameters('principalId')]", + "principalType": "[parameters('principalType')]" } } ] } }, "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('UserAssignedIdentity_{0}', parameters('timestamp')))]" + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-id-deployment-{0}', parameters('deploymentNameSuffix')))]" ] }, { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('Artifacts_{0}', parameters('timestamp'))]", + "name": "[format('deploy-artifacts-{0}', parameters('deploymentNameSuffix'))]", "subscriptionId": "[split(parameters('artifactsStorageAccountResourceId'), '/')[2]]", "resourceGroup": "[split(parameters('artifactsStorageAccountResourceId'), '/')[4]]", "properties": { @@ -23787,15 +18294,24 @@ }, "mode": "Incremental", "parameters": { + "deploymentNameSuffix": { + "value": "[parameters('deploymentNameSuffix')]" + }, + "hostPoolName": { + "value": "[variables('hostPoolName')]" + }, "location": { "value": "[parameters('locationVirtualMachines')]" }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, + "resourceGroupControlPlane": { + "value": "[parameters('resourceGroupControlPlane')]" + }, "resourceGroupManagement": { "value": "[parameters('resourceGroupManagement')]" }, - "serviceName": { - "value": "[parameters('serviceName')]" - }, "storageAccountName": { "value": "[split(parameters('artifactsStorageAccountResourceId'), '/')[8]]" }, @@ -23805,11 +18321,8 @@ "tags": { "value": "[parameters('tags')]" }, - "timestamp": { - "value": "[parameters('timestamp')]" - }, - "userAssignedIdentityNamePrefix": { - "value": "[parameters('userAssignedIdentityNamePrefix')]" + "userAssignedIdentityName": { + "value": "[replace(variables('userAssignedIdentityNamePrefix'), parameters('serviceToken'), 'artifacts')]" } }, "template": { @@ -23818,18 +18331,27 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "6877301614888836259" + "version": "0.27.1.19265", + "templateHash": "13780242225338357869" } }, "parameters": { + "deploymentNameSuffix": { + "type": "string" + }, + "hostPoolName": { + "type": "string" + }, "location": { "type": "string" }, - "resourceGroupManagement": { + "mlzTags": { + "type": "object" + }, + "resourceGroupControlPlane": { "type": "string" }, - "serviceName": { + "resourceGroupManagement": { "type": "string" }, "storageAccountName": { @@ -23841,15 +18363,11 @@ "tags": { "type": "object" }, - "timestamp": { - "type": "string" - }, - "userAssignedIdentityNamePrefix": { + "userAssignedIdentityName": { "type": "string" } }, "variables": { - "name": "[replace(parameters('userAssignedIdentityNamePrefix'), parameters('serviceName'), 'artifacts')]", "roleDefinitionId": "2a2b9908-6ea1-4ae2-8e65-a410df84e7d1" }, "resources": [ @@ -23857,20 +18375,20 @@ "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", "scope": "[format('Microsoft.Storage/storageAccounts/{0}', parameters('storageAccountName'))]", - "name": "[guid(variables('name'), variables('roleDefinitionId'), resourceGroup().id)]", + "name": "[guid(parameters('userAssignedIdentityName'), variables('roleDefinitionId'), resourceGroup().id)]", "properties": { "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', variables('roleDefinitionId'))]", - "principalId": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('UAI_Artifacts_{0}', parameters('timestamp'))), '2022-09-01').outputs.principalId.value]", + "principalId": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-id-artifacts-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.principalId.value]", "principalType": "ServicePrincipal" }, "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('UAI_Artifacts_{0}', parameters('timestamp')))]" + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-id-artifacts-{0}', parameters('deploymentNameSuffix')))]" ] }, { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('UAI_Artifacts_{0}', parameters('timestamp'))]", + "name": "[format('deploy-id-artifacts-{0}', parameters('deploymentNameSuffix'))]", "subscriptionId": "[parameters('subscriptionId')]", "resourceGroup": "[parameters('resourceGroupManagement')]", "properties": { @@ -23883,336 +18401,11 @@ "value": "[parameters('location')]" }, "name": { - "value": "[variables('name')]" - }, - "tags": "[if(contains(parameters('tags'), 'Microsoft.ManagedIdentity/userAssignedIdentities'), createObject('value', parameters('tags')['Microsoft.ManagedIdentity/userAssignedIdentities']), createObject('value', createObject()))]" - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "16458244474307002592" - } - }, - "parameters": { - "location": { - "type": "string" - }, - "name": { - "type": "string" - }, - "tags": { - "type": "object" - } + "value": "[parameters('userAssignedIdentityName')]" }, - "resources": [ - { - "type": "Microsoft.ManagedIdentity/userAssignedIdentities", - "apiVersion": "2018-11-30", - "name": "[parameters('name')]", - "location": "[parameters('location')]", - "tags": "[parameters('tags')]" - } - ], - "outputs": { - "clientId": { - "type": "string", - "value": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name')), '2018-11-30').clientId]" - }, - "resourceId": { - "type": "string", - "value": "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name'))]" - }, - "principalId": { - "type": "string", - "value": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name')), '2018-11-30').principalId]" - } - } - } - } - } - ], - "outputs": { - "userAssignedIdentityClientId": { - "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('UAI_Artifacts_{0}', parameters('timestamp'))), '2022-09-01').outputs.clientId.value]" - }, - "userAssignedIdentityPrincipalId": { - "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('UAI_Artifacts_{0}', parameters('timestamp'))), '2022-09-01').outputs.principalId.value]" - }, - "userAssignedIdentityResourceId": { - "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('UAI_Artifacts_{0}', parameters('timestamp'))), '2022-09-01').outputs.resourceId.value]" - } - } - } - } - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('CustomerManagedKeys_{0}', parameters('timestamp'))]", - "resourceGroup": "[parameters('resourceGroupManagement')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "environment": { - "value": "[parameters('environmentAbbreviation')]" - }, - "keyVaultName": { - "value": "[parameters('keyVaultName')]" - }, - "keyVaultNetworkInterfaceName": { - "value": "[parameters('keyVaultNetworkInterfaceName')]" - }, - "keyVaultPrivateDnsZoneResourceId": { - "value": "[parameters('keyVaultPrivateDnsZoneResourceId')]" - }, - "keyVaultPrivateEndpointName": { - "value": "[parameters('keyVaultPrivateEndpointName')]" - }, - "location": { - "value": "[parameters('locationVirtualMachines')]" - }, - "serviceName": { - "value": "[parameters('serviceName')]" - }, - "subnetResourceId": { - "value": "[parameters('subnetResourceId')]" - }, - "tags": { - "value": "[parameters('tags')]" - }, - "timestamp": { - "value": "[parameters('timestamp')]" - }, - "userAssignedIdentityNamePrefix": { - "value": "[parameters('userAssignedIdentityNamePrefix')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "16998966433222672309" - } - }, - "parameters": { - "diskEncryptionKeyExpirationInDays": { - "type": "int", - "defaultValue": 30 - }, - "environment": { - "type": "string" - }, - "keyVaultName": { - "type": "string" - }, - "keyVaultNetworkInterfaceName": { - "type": "string" - }, - "keyVaultPrivateEndpointName": { - "type": "string" - }, - "keyVaultPrivateDnsZoneResourceId": { - "type": "string" - }, - "location": { - "type": "string" - }, - "serviceName": { - "type": "string" - }, - "subnetResourceId": { - "type": "string" - }, - "tags": { - "type": "object" - }, - "timestamp": { - "type": "string" - }, - "userAssignedIdentityNamePrefix": { - "type": "string" - } - }, - "resources": [ - { - "type": "Microsoft.KeyVault/vaults", - "apiVersion": "2022-07-01", - "name": "[parameters('keyVaultName')]", - "location": "[parameters('location')]", - "tags": "[if(contains(parameters('tags'), 'Microsoft.KeyVault/vaults'), parameters('tags')['Microsoft.KeyVault/vaults'], createObject())]", - "properties": { - "enabledForDeployment": false, - "enabledForDiskEncryption": true, - "enabledForTemplateDeployment": false, - "enablePurgeProtection": true, - "enableRbacAuthorization": true, - "enableSoftDelete": true, - "networkAcls": { - "bypass": "AzureServices", - "defaultAction": "Deny", - "ipRules": [], - "virtualNetworkRules": [] - }, - "publicNetworkAccess": "Disabled", - "sku": { - "family": "A", - "name": "standard" - }, - "softDeleteRetentionInDays": "[if(or(equals(parameters('environment'), 'dev'), equals(parameters('environment'), 'test')), 7, 90)]", - "tenantId": "[subscription().tenantId]" - } - }, - { - "type": "Microsoft.Network/privateEndpoints", - "apiVersion": "2023-04-01", - "name": "[parameters('keyVaultPrivateEndpointName')]", - "location": "[parameters('location')]", - "tags": "[if(contains(parameters('tags'), 'Microsoft.Network/privateEndpoints'), parameters('tags')['Microsoft.Network/privateEndpoints'], createObject())]", - "properties": { - "customNetworkInterfaceName": "[parameters('keyVaultNetworkInterfaceName')]", - "privateLinkServiceConnections": [ - { - "name": "[parameters('keyVaultPrivateEndpointName')]", - "properties": { - "privateLinkServiceId": "[resourceId('Microsoft.KeyVault/vaults', parameters('keyVaultName'))]", - "groupIds": [ - "vault" - ] - } - } - ], - "subnet": { - "id": "[parameters('subnetResourceId')]" - } - }, - "dependsOn": [ - "[resourceId('Microsoft.KeyVault/vaults', parameters('keyVaultName'))]" - ] - }, - { - "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups", - "apiVersion": "2021-08-01", - "name": "[format('{0}/{1}', parameters('keyVaultPrivateEndpointName'), parameters('keyVaultName'))]", - "properties": { - "privateDnsZoneConfigs": [ - { - "name": "ipconfig1", - "properties": { - "privateDnsZoneId": "[parameters('keyVaultPrivateDnsZoneResourceId')]" - } + "tags": { + "value": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupControlPlane'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.ManagedIdentity/userAssignedIdentities'), parameters('tags')['Microsoft.ManagedIdentity/userAssignedIdentities'], createObject()), parameters('mlzTags'))]" } - ] - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/privateEndpoints', parameters('keyVaultPrivateEndpointName'))]" - ] - }, - { - "type": "Microsoft.KeyVault/vaults/keys", - "apiVersion": "2022-07-01", - "name": "[format('{0}/{1}', parameters('keyVaultName'), 'DiskEncryptionKey')]", - "properties": { - "attributes": { - "enabled": true - }, - "keySize": 4096, - "kty": "RSA", - "rotationPolicy": { - "attributes": { - "expiryTime": "[format('P{0}D', string(parameters('diskEncryptionKeyExpirationInDays')))]" - }, - "lifetimeActions": [ - { - "action": { - "type": "Notify" - }, - "trigger": { - "timeBeforeExpiry": "P10D" - } - }, - { - "action": { - "type": "Rotate" - }, - "trigger": { - "timeAfterCreate": "[format('P{0}D', string(sub(parameters('diskEncryptionKeyExpirationInDays'), 7)))]" - } - } - ] - } - }, - "dependsOn": [ - "[resourceId('Microsoft.KeyVault/vaults', parameters('keyVaultName'))]" - ] - }, - { - "type": "Microsoft.KeyVault/vaults/keys", - "apiVersion": "2022-07-01", - "name": "[format('{0}/{1}', parameters('keyVaultName'), 'StorageEncryptionKey')]", - "properties": { - "attributes": { - "enabled": true - }, - "keySize": 4096, - "kty": "RSA", - "rotationPolicy": { - "attributes": { - "expiryTime": "[format('P{0}D', string(parameters('diskEncryptionKeyExpirationInDays')))]" - }, - "lifetimeActions": [ - { - "action": { - "type": "Notify" - }, - "trigger": { - "timeBeforeExpiry": "P10D" - } - }, - { - "action": { - "type": "Rotate" - }, - "trigger": { - "timeAfterCreate": "[format('P{0}D', string(sub(parameters('diskEncryptionKeyExpirationInDays'), 7)))]" - } - } - ] - } - }, - "dependsOn": [ - "[resourceId('Microsoft.KeyVault/vaults', parameters('keyVaultName'))]" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('UAI_Encryption_{0}', parameters('timestamp'))]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "location": { - "value": "[parameters('location')]" - }, - "name": { - "value": "[replace(parameters('userAssignedIdentityNamePrefix'), parameters('serviceName'), 'encryption')]" - }, - "tags": "[if(contains(parameters('tags'), 'Microsoft.ManagedIdentity/userAssignedIdentities'), createObject('value', parameters('tags')['Microsoft.ManagedIdentity/userAssignedIdentities']), createObject('value', createObject()))]" }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", @@ -24220,8 +18413,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "16458244474307002592" + "version": "0.27.1.19265", + "templateHash": "17434071438759696167" } }, "parameters": { @@ -24260,95 +18453,20 @@ } } } - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('RoleAssignment_Encryption_{0}', parameters('timestamp'))]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "PrincipalId": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', format('UAI_Encryption_{0}', parameters('timestamp'))), '2022-09-01').outputs.principalId.value]" - }, - "PrincipalType": { - "value": "ServicePrincipal" - }, - "RoleDefinitionId": { - "value": "e147488a-f6f5-4113-8e2d-b22465e65bf6" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "12785629321959268271" - } - }, - "parameters": { - "PrincipalId": { - "type": "string" - }, - "PrincipalType": { - "type": "string" - }, - "RoleDefinitionId": { - "type": "string" - } - }, - "resources": [ - { - "type": "Microsoft.Authorization/roleAssignments", - "apiVersion": "2022-04-01", - "name": "[guid(parameters('PrincipalId'), parameters('RoleDefinitionId'), resourceGroup().id)]", - "properties": { - "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', parameters('RoleDefinitionId'))]", - "principalId": "[parameters('PrincipalId')]", - "principalType": "[parameters('PrincipalType')]" - } - } - ] - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Resources/deployments', format('UAI_Encryption_{0}', parameters('timestamp')))]" - ] } ], "outputs": { - "keyUriWithVersion": { - "type": "string", - "value": "[reference(resourceId('Microsoft.KeyVault/vaults/keys', parameters('keyVaultName'), 'DiskEncryptionKey'), '2022-07-01').keyUriWithVersion]" - }, - "keyVaultResourceId": { - "type": "string", - "value": "[resourceId('Microsoft.KeyVault/vaults', parameters('keyVaultName'))]" - }, - "keyVaultUri": { - "type": "string", - "value": "[reference(resourceId('Microsoft.KeyVault/vaults', parameters('keyVaultName')), '2022-07-01').vaultUri]" - }, - "storageKeyName": { - "type": "string", - "value": "StorageEncryptionKey" - }, - "encryptionUserAssignedIdentityClientId": { + "userAssignedIdentityClientId": { "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', format('UAI_Encryption_{0}', parameters('timestamp'))), '2022-09-01').outputs.clientId.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-id-artifacts-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.clientId.value]" }, - "encryptionUserAssignedIdentityPrincipalId": { + "userAssignedIdentityPrincipalId": { "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', format('UAI_Encryption_{0}', parameters('timestamp'))), '2022-09-01').outputs.principalId.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-id-artifacts-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.principalId.value]" }, - "encryptionUserAssignedIdentityResourceId": { + "userAssignedIdentityResourceId": { "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', format('UAI_Encryption_{0}', parameters('timestamp'))), '2022-09-01').outputs.resourceId.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-id-artifacts-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.resourceId.value]" } } } @@ -24357,158 +18475,7 @@ { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('DiskEncryptionSet_{0}', parameters('timestamp'))]", - "resourceGroup": "[parameters('resourceGroupManagement')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "diskEncryptionSetName": { - "value": "[parameters('diskEncryptionSetName')]" - }, - "keyUrl": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('CustomerManagedKeys_{0}', parameters('timestamp'))), '2022-09-01').outputs.keyUriWithVersion.value]" - }, - "keyVaultResourceId": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('CustomerManagedKeys_{0}', parameters('timestamp'))), '2022-09-01').outputs.keyVaultResourceId.value]" - }, - "location": { - "value": "[parameters('locationVirtualMachines')]" - }, - "tags": "[if(contains(parameters('tags'), 'Microsoft.Compute/diskEncryptionSets'), createObject('value', parameters('tags')['Microsoft.Compute/diskEncryptionSets']), createObject('value', createObject()))]", - "timestamp": { - "value": "[parameters('timestamp')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "7288273953559068799" - } - }, - "parameters": { - "diskEncryptionSetName": { - "type": "string" - }, - "keyVaultResourceId": { - "type": "string" - }, - "keyUrl": { - "type": "string" - }, - "location": { - "type": "string" - }, - "tags": { - "type": "object" - }, - "timestamp": { - "type": "string" - } - }, - "resources": [ - { - "type": "Microsoft.Compute/diskEncryptionSets", - "apiVersion": "2023-04-02", - "name": "[parameters('diskEncryptionSetName')]", - "location": "[parameters('location')]", - "tags": "[parameters('tags')]", - "identity": { - "type": "SystemAssigned" - }, - "properties": { - "activeKey": { - "sourceVault": { - "id": "[parameters('keyVaultResourceId')]" - }, - "keyUrl": "[parameters('keyUrl')]" - }, - "encryptionType": "EncryptionAtRestWithPlatformAndCustomerKeys", - "rotationToLatestKeyVersionEnabled": true - } - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('RoleAssignment_Encryption_{0}', parameters('timestamp'))]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "PrincipalId": { - "value": "[reference(resourceId('Microsoft.Compute/diskEncryptionSets', parameters('diskEncryptionSetName')), '2023-04-02', 'full').identity.principalId]" - }, - "PrincipalType": { - "value": "ServicePrincipal" - }, - "RoleDefinitionId": { - "value": "e147488a-f6f5-4113-8e2d-b22465e65bf6" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "12785629321959268271" - } - }, - "parameters": { - "PrincipalId": { - "type": "string" - }, - "PrincipalType": { - "type": "string" - }, - "RoleDefinitionId": { - "type": "string" - } - }, - "resources": [ - { - "type": "Microsoft.Authorization/roleAssignments", - "apiVersion": "2022-04-01", - "name": "[guid(parameters('PrincipalId'), parameters('RoleDefinitionId'), resourceGroup().id)]", - "properties": { - "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', parameters('RoleDefinitionId'))]", - "principalId": "[parameters('PrincipalId')]", - "principalType": "[parameters('PrincipalType')]" - } - } - ] - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Compute/diskEncryptionSets', parameters('diskEncryptionSetName'))]" - ] - } - ], - "outputs": { - "resourceId": { - "type": "string", - "value": "[resourceId('Microsoft.Compute/diskEncryptionSets', parameters('diskEncryptionSetName'))]" - } - } - } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('CustomerManagedKeys_{0}', parameters('timestamp')))]" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('ManagementVirtualMachine_{0}', parameters('timestamp'))]", + "name": "[format('deploy-mgmt-vm-{0}', parameters('deploymentNameSuffix'))]", "resourceGroup": "[parameters('resourceGroupManagement')]", "properties": { "expressionEvaluationOptions": { @@ -24523,16 +18490,16 @@ "value": "[parameters('azurePowerShellModuleMsiName')]" }, "deploymentUserAssignedIdentityClientId": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('UserAssignedIdentity_{0}', parameters('timestamp'))), '2022-09-01').outputs.clientId.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-id-deployment-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.clientId.value]" }, "deploymentUserAssignedIdentityResourceId": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('UserAssignedIdentity_{0}', parameters('timestamp'))), '2022-09-01').outputs.resourceId.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-id-deployment-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.resourceId.value]" }, "diskEncryptionSetResourceId": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('DiskEncryptionSet_{0}', parameters('timestamp'))), '2022-09-01').outputs.resourceId.value]" + "value": "[parameters('diskEncryptionSetResourceId')]" }, - "diskNamePrefix": { - "value": "[parameters('diskNamePrefix')]" + "diskName": { + "value": "[replace(parameters('namingConvention').virtualMachineDisk, parameters('serviceToken'), 'mgt')]" }, "diskSku": { "value": "[parameters('diskSku')]" @@ -24546,34 +18513,32 @@ "domainName": { "value": "[parameters('domainName')]" }, + "hostPoolName": { + "value": "[variables('hostPoolName')]" + }, "location": { "value": "[parameters('locationVirtualMachines')]" }, - "networkInterfaceNamePrefix": { - "value": "[parameters('networkInterfaceNamePrefix')]" + "mlzTags": { + "value": "[parameters('mlzTags')]" }, - "networkName": { - "value": "[parameters('networkName')]" + "networkInterfaceName": { + "value": "[replace(parameters('namingConvention').virtualMachineNetworkInterface, parameters('serviceToken'), 'mgt')]" }, "organizationalUnitPath": { "value": "[parameters('organizationalUnitPath')]" }, - "securityLogAnalyticsWorkspaceResourceId": { - "value": "[parameters('securityLogAnalyticsWorkspaceResourceId')]" - }, - "serviceName": { - "value": "[parameters('serviceName')]" + "resourceGroupControlPlane": { + "value": "[parameters('resourceGroupControlPlane')]" }, "subnet": { "value": "[split(parameters('subnetResourceId'), '/')[10]]" }, - "tagsNetworkInterfaces": "[if(contains(parameters('tags'), 'Microsoft.Network/networkInterfaces'), createObject('value', parameters('tags')['Microsoft.Network/networkInterfaces']), createObject('value', createObject()))]", - "tagsVirtualMachines": "[if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), createObject('value', parameters('tags')['Microsoft.Compute/virtualMachines']), createObject('value', createObject()))]", - "virtualMachineMonitoringAgent": { - "value": "[parameters('virtualMachineMonitoringAgent')]" + "tags": { + "value": "[parameters('tags')]" }, - "virtualMachineNamePrefix": { - "value": "[parameters('virtualMachineNamePrefix')]" + "virtualMachineName": { + "value": "[replace(parameters('namingConvention').virtualMachine, parameters('serviceToken'), 'mgt')]" }, "virtualMachinePassword": { "value": "[parameters('virtualMachinePassword')]" @@ -24594,8 +18559,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "14529054583899138328" + "version": "0.27.1.19265", + "templateHash": "17381147058150003123" } }, "parameters": { @@ -24614,7 +18579,7 @@ "diskEncryptionSetResourceId": { "type": "string" }, - "diskNamePrefix": { + "diskName": { "type": "string" }, "diskSku": { @@ -24629,31 +18594,28 @@ "domainName": { "type": "string" }, - "location": { + "hostPoolName": { "type": "string" }, - "networkInterfaceNamePrefix": { + "location": { "type": "string" }, - "networkName": { - "type": "string" + "mlzTags": { + "type": "object" }, - "organizationalUnitPath": { + "networkInterfaceName": { "type": "string" }, - "securityLogAnalyticsWorkspaceResourceId": { + "organizationalUnitPath": { "type": "string" }, - "serviceName": { + "resourceGroupControlPlane": { "type": "string" }, "subnet": { "type": "string" }, - "tagsNetworkInterfaces": { - "type": "object" - }, - "tagsVirtualMachines": { + "tags": { "type": "object" }, "timestamp": { @@ -24666,10 +18628,7 @@ "virtualNetworkResourceGroup": { "type": "string" }, - "virtualMachineMonitoringAgent": { - "type": "string" - }, - "virtualMachineNamePrefix": { + "virtualMachineName": { "type": "string" }, "virtualMachinePassword": { @@ -24680,20 +18639,15 @@ } }, "variables": { - "networkInterfaceName": "[replace(parameters('networkInterfaceNamePrefix'), parameters('serviceName'), 'mgt-vm')]", - "securitylogAnalyticsWorkspaceName": "[if(variables('securityMonitoring'), split(parameters('securityLogAnalyticsWorkspaceResourceId'), '/')[8], '')]", - "securityLogAnalyticsWorkspaceResourceGroupName": "[if(variables('securityMonitoring'), split(parameters('securityLogAnalyticsWorkspaceResourceId'), '/')[4], resourceGroup().name)]", - "securityLogAnalyticsWorkspaceSubscriptionId": "[if(variables('securityMonitoring'), split(parameters('securityLogAnalyticsWorkspaceResourceId'), '/')[2], subscription().subscriptionId)]", - "securityMonitoring": "[if(empty(parameters('securityLogAnalyticsWorkspaceResourceId')), false(), true())]", - "virtualMachineName": "[replace(replace(parameters('virtualMachineNamePrefix'), parameters('serviceName'), 'mgt'), parameters('networkName'), '')]" + "tagsVirtualMachines": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupControlPlane'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), parameters('tags')['Microsoft.Compute/virtualMachines'], createObject()), parameters('mlzTags'))]" }, "resources": [ { "type": "Microsoft.Network/networkInterfaces", "apiVersion": "2020-05-01", - "name": "[variables('networkInterfaceName')]", + "name": "[parameters('networkInterfaceName')]", "location": "[parameters('location')]", - "tags": "[parameters('tagsNetworkInterfaces')]", + "tags": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupControlPlane'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.Network/networkInterfaces'), parameters('tags')['Microsoft.Network/networkInterfaces'], createObject()), parameters('mlzTags'))]", "properties": { "ipConfigurations": [ { @@ -24715,9 +18669,9 @@ { "type": "Microsoft.Compute/virtualMachines", "apiVersion": "2021-11-01", - "name": "[variables('virtualMachineName')]", + "name": "[parameters('virtualMachineName')]", "location": "[parameters('location')]", - "tags": "[parameters('tagsVirtualMachines')]", + "tags": "[variables('tagsVirtualMachines')]", "properties": { "hardwareProfile": { "vmSize": "Standard_B2s" @@ -24740,12 +18694,12 @@ }, "storageAccountType": "[parameters('diskSku')]" }, - "name": "[replace(parameters('diskNamePrefix'), parameters('serviceName'), 'mgt-vm')]" + "name": "[parameters('diskName')]" }, "dataDisks": [] }, "osProfile": { - "computerName": "[variables('virtualMachineName')]", + "computerName": "[parameters('virtualMachineName')]", "adminUsername": "[parameters('virtualMachineUsername')]", "adminPassword": "[parameters('virtualMachinePassword')]", "windowsConfiguration": { @@ -24758,7 +18712,7 @@ "networkProfile": { "networkInterfaces": [ { - "id": "[resourceId('Microsoft.Network/networkInterfaces', variables('networkInterfaceName'))]", + "id": "[resourceId('Microsoft.Network/networkInterfaces', parameters('networkInterfaceName'))]", "properties": { "deleteOption": "Delete" } @@ -24787,15 +18741,15 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Network/networkInterfaces', variables('networkInterfaceName'))]" + "[resourceId('Microsoft.Network/networkInterfaces', parameters('networkInterfaceName'))]" ] }, { "type": "Microsoft.Compute/virtualMachines/extensions", "apiVersion": "2021-03-01", - "name": "[format('{0}/{1}', variables('virtualMachineName'), 'IaaSAntimalware')]", + "name": "[format('{0}/{1}', parameters('virtualMachineName'), 'IaaSAntimalware')]", "location": "[parameters('location')]", - "tags": "[parameters('tagsVirtualMachines')]", + "tags": "[variables('tagsVirtualMachines')]", "properties": { "publisher": "Microsoft.Azure.Security", "type": "IaaSAntimalware", @@ -24815,13 +18769,13 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachines', variables('virtualMachineName'))]" + "[resourceId('Microsoft.Compute/virtualMachines', parameters('virtualMachineName'))]" ] }, { "type": "Microsoft.Compute/virtualMachines/extensions", "apiVersion": "2021-03-01", - "name": "[format('{0}/{1}', variables('virtualMachineName'), 'GuestAttestation')]", + "name": "[format('{0}/{1}', parameters('virtualMachineName'), 'GuestAttestation')]", "location": "[parameters('location')]", "properties": { "publisher": "Microsoft.Azure.Security.WindowsAttestation", @@ -24844,39 +18798,15 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachines', variables('virtualMachineName'))]" - ] - }, - { - "condition": "[and(variables('securityMonitoring'), equals(parameters('virtualMachineMonitoringAgent'), 'LogAnalyticsAgent'))]", - "type": "Microsoft.Compute/virtualMachines/extensions", - "apiVersion": "2021-03-01", - "name": "[format('{0}/{1}', variables('virtualMachineName'), 'MicrosoftmonitoringAgent')]", - "location": "[parameters('location')]", - "tags": "[parameters('tagsVirtualMachines')]", - "properties": { - "publisher": "Microsoft.EnterpriseCloud.monitoring", - "type": "MicrosoftmonitoringAgent", - "typeHandlerVersion": "1.0", - "autoUpgradeMinorVersion": true, - "settings": { - "workspaceId": "[if(variables('securityMonitoring'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('securityLogAnalyticsWorkspaceSubscriptionId'), variables('securityLogAnalyticsWorkspaceResourceGroupName')), 'Microsoft.OperationalInsights/workspaces', variables('securitylogAnalyticsWorkspaceName')), '2022-10-01').customerId, null())]" - }, - "protectedSettings": { - "workspaceKey": "[if(variables('securityMonitoring'), listKeys(parameters('securityLogAnalyticsWorkspaceResourceId'), '2021-06-01').primarySharedKey, null())]" - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachines/extensions', variables('virtualMachineName'), 'IaaSAntimalware')]", - "[resourceId('Microsoft.Compute/virtualMachines', variables('virtualMachineName'))]" + "[resourceId('Microsoft.Compute/virtualMachines', parameters('virtualMachineName'))]" ] }, { "type": "Microsoft.Compute/virtualMachines/extensions", "apiVersion": "2019-07-01", - "name": "[format('{0}/{1}', variables('virtualMachineName'), 'JsonADDomainExtension')]", + "name": "[format('{0}/{1}', parameters('virtualMachineName'), 'JsonADDomainExtension')]", "location": "[parameters('location')]", - "tags": "[parameters('tagsVirtualMachines')]", + "tags": "[variables('tagsVirtualMachines')]", "properties": { "forceUpdateTag": "[parameters('timestamp')]", "publisher": "Microsoft.Compute", @@ -24896,7 +18826,7 @@ }, "dependsOn": [ "[resourceId('Microsoft.Resources/deployments', format('CSE_InstallAzurePowerShellAzModule_{0}', parameters('timestamp')))]", - "[resourceId('Microsoft.Compute/virtualMachines', variables('virtualMachineName'))]" + "[resourceId('Microsoft.Compute/virtualMachines', parameters('virtualMachineName'))]" ] }, { @@ -24925,10 +18855,10 @@ "value": "Install-AzurePowerShellAzModule.ps1" }, "tags": { - "value": "[parameters('tagsVirtualMachines')]" + "value": "[variables('tagsVirtualMachines')]" }, "virtualMachineName": { - "value": "[variables('virtualMachineName')]" + "value": "[parameters('virtualMachineName')]" }, "userAssignedIdentityClientId": { "value": "[parameters('deploymentUserAssignedIdentityClientId')]" @@ -24940,8 +18870,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "5322300289308830902" + "version": "0.27.1.19265", + "templateHash": "13331181864693511452" } }, "parameters": { @@ -25005,28 +18935,27 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Compute/virtualMachines/extensions', variables('virtualMachineName'), 'MicrosoftmonitoringAgent')]", - "[resourceId('Microsoft.Compute/virtualMachines', variables('virtualMachineName'))]" + "[resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), 'IaaSAntimalware')]", + "[resourceId('Microsoft.Compute/virtualMachines', parameters('virtualMachineName'))]" ] } ], "outputs": { "Name": { "type": "string", - "value": "[variables('virtualMachineName')]" + "value": "[parameters('virtualMachineName')]" } } } }, "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('UserAssignedIdentity_{0}', parameters('timestamp')))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('DiskEncryptionSet_{0}', parameters('timestamp')))]" + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-id-deployment-{0}', parameters('deploymentNameSuffix')))]" ] }, { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('Validations_{0}', parameters('timestamp'))]", + "name": "[format('validate-deployment-{0}', parameters('deploymentNameSuffix'))]", "resourceGroup": "[parameters('resourceGroupManagement')]", "properties": { "expressionEvaluationOptions": { @@ -25043,17 +18972,19 @@ "value": "[parameters('locationVirtualMachines')]" }, "parameters": { - "value": "[format('-ActiveDirectorySolution {0} -CpuCountMax {1} -CpuCountMin {2} -DomainName {3} -Environment {4} -ImageDefinitionResourceId {5} -Location {6} -SessionHostCount {7} -StorageService {8} -SubscriptionId {9} -TenantId {10} -UserAssignedIdentityClientId {11} -VirtualMachineSize {12} -VirtualNetworkName {13} -VirtualNetworkResourceGroupName {14} -WorkspaceFeedName {15} -WorkspaceResourceGroupName {16}', parameters('activeDirectorySolution'), variables('CpuCountMax'), variables('CpuCountMin'), if(empty(parameters('domainName')), 'NotApplicable', parameters('domainName')), environment().name, if(empty(parameters('imageDefinitionResourceId')), 'NotApplicable', parameters('imageDefinitionResourceId')), parameters('locationVirtualMachines'), parameters('sessionHostCount'), parameters('storageService'), subscription().subscriptionId, tenant().tenantId, reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('UserAssignedIdentity_{0}', parameters('timestamp'))), '2022-09-01').outputs.clientId.value, parameters('virtualMachineSize'), variables('VirtualNetworkName'), variables('VirtualNetworkResourceGroupName'), parameters('workspaceFeedName'), parameters('resourceGroupFeedWorkspace'))]" + "value": "[format('-ActiveDirectorySolution {0} -CpuCountMax {1} -CpuCountMin {2} -DomainName {3} -Environment {4} -imageVersionResourceId {5} -Location {6} -SessionHostCount {7} -StorageService {8} -SubscriptionId {9} -TenantId {10} -UserAssignedIdentityClientId {11} -VirtualMachineSize {12} -VirtualNetworkName {13} -VirtualNetworkResourceGroupName {14} -WorkspaceFeedName {15} -WorkspaceResourceGroupName {16}', parameters('activeDirectorySolution'), variables('CpuCountMax'), variables('CpuCountMin'), if(empty(parameters('domainName')), 'NotApplicable', parameters('domainName')), environment().name, if(empty(parameters('imageVersionResourceId')), 'NotApplicable', parameters('imageVersionResourceId')), parameters('locationVirtualMachines'), parameters('sessionHostCount'), parameters('storageService'), subscription().subscriptionId, tenant().tenantId, reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-id-deployment-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.clientId.value, parameters('virtualMachineSize'), variables('VirtualNetworkName'), variables('VirtualNetworkResourceGroupName'), parameters('namingConvention').workspaceFeed, parameters('resourceGroupFeedWorkspace'))]" }, "scriptFileName": { "value": "Get-Validations.ps1" }, - "tags": "[if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), createObject('value', parameters('tags')['Microsoft.Compute/virtualMachines']), createObject('value', createObject()))]", + "tags": { + "value": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupControlPlane'), variables('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), parameters('tags')['Microsoft.Compute/virtualMachines'], createObject()), parameters('mlzTags'))]" + }, "userAssignedIdentityClientId": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('UserAssignedIdentity_{0}', parameters('timestamp'))), '2022-09-01').outputs.clientId.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-id-deployment-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.clientId.value]" }, "virtualMachineName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('ManagementVirtualMachine_{0}', parameters('timestamp'))), '2022-09-01').outputs.Name.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-mgmt-vm-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.Name.value]" } }, "template": { @@ -25062,8 +18993,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "5322300289308830902" + "version": "0.27.1.19265", + "templateHash": "13331181864693511452" } }, "parameters": { @@ -25127,15 +19058,15 @@ } }, "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('UserAssignedIdentity_{0}', parameters('timestamp')))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('ManagementVirtualMachine_{0}', parameters('timestamp')))]" + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-id-deployment-{0}', parameters('deploymentNameSuffix')))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-mgmt-vm-{0}', parameters('deploymentNameSuffix')))]" ] }, { "condition": "[parameters('enableMonitoring')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('Monitoring_{0}', parameters('timestamp'))]", + "name": "[format('deploy-monitoring-{0}', parameters('deploymentNameSuffix'))]", "resourceGroup": "[parameters('resourceGroupManagement')]", "properties": { "expressionEvaluationOptions": { @@ -25144,16 +19075,16 @@ "mode": "Incremental", "parameters": { "dataCollectionRuleName": { - "value": "[parameters('dataCollectionRuleName')]" + "value": "[parameters('namingConvention').dataCollectionRule]" }, "hostPoolName": { - "value": "[parameters('hostPoolName')]" + "value": "[variables('hostPoolName')]" }, "location": { "value": "[parameters('locationVirtualMachines')]" }, "logAnalyticsWorkspaceName": { - "value": "[parameters('logAnalyticsWorkspaceName')]" + "value": "[parameters('namingConvention').logAnalyticsWorkspace]" }, "logAnalyticsWorkspaceRetention": { "value": "[parameters('logAnalyticsWorkspaceRetention')]" @@ -25161,6 +19092,9 @@ "logAnalyticsWorkspaceSku": { "value": "[parameters('logAnalyticsWorkspaceSku')]" }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, "resourceGroupControlPlane": { "value": "[parameters('resourceGroupControlPlane')]" }, @@ -25177,8 +19111,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "17373355811620539729" + "version": "0.27.1.19265", + "templateHash": "8046671928115311149" } }, "parameters": { @@ -25200,6 +19134,9 @@ "logAnalyticsWorkspaceSku": { "type": "string" }, + "mlzTags": { + "type": "object" + }, "resourceGroupControlPlane": { "type": "string" }, @@ -25600,7 +19537,7 @@ "apiVersion": "2021-06-01", "name": "[parameters('logAnalyticsWorkspaceName')]", "location": "[parameters('location')]", - "tags": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupControlPlane'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.OperationalInsights/workspaces'), parameters('tags')['Microsoft.OperationalInsights/workspaces'], createObject()))]", + "tags": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupControlPlane'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.OperationalInsights/workspaces'), parameters('tags')['Microsoft.OperationalInsights/workspaces'], createObject()), parameters('mlzTags'))]", "properties": { "sku": { "name": "[parameters('logAnalyticsWorkspaceSku')]" @@ -25624,7 +19561,7 @@ "type": "Microsoft.OperationalInsights/workspaces/dataSources", "apiVersion": "2020-08-01", "name": "[format('{0}/{1}', parameters('logAnalyticsWorkspaceName'), format('WindowsEvent{0}', copyIndex()))]", - "tags": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupControlPlane'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.OperationalInsights/workspaces'), parameters('tags')['Microsoft.OperationalInsights/workspaces'], createObject()))]", + "tags": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupControlPlane'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.OperationalInsights/workspaces'), parameters('tags')['Microsoft.OperationalInsights/workspaces'], createObject()), parameters('mlzTags'))]", "kind": "WindowsEvent", "properties": { "eventLogName": "[variables('WindowsEvents')[copyIndex()].name]", @@ -25645,7 +19582,7 @@ "type": "Microsoft.OperationalInsights/workspaces/dataSources", "apiVersion": "2020-08-01", "name": "[format('{0}/{1}', parameters('logAnalyticsWorkspaceName'), format('WindowsPerformanceCounter{0}', copyIndex()))]", - "tags": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupControlPlane'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.OperationalInsights/workspaces'), parameters('tags')['Microsoft.OperationalInsights/workspaces'], createObject()))]", + "tags": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupControlPlane'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.OperationalInsights/workspaces'), parameters('tags')['Microsoft.OperationalInsights/workspaces'], createObject()), parameters('mlzTags'))]", "kind": "WindowsPerformanceCounter", "properties": { "objectName": "[variables('WindowsPerformanceCounters')[copyIndex()].objectName]", @@ -25664,7 +19601,7 @@ "apiVersion": "2022-06-01", "name": "[parameters('dataCollectionRuleName')]", "location": "[parameters('location')]", - "tags": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupControlPlane'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.Insights/dataCollectionRules'), parameters('tags')['Microsoft.Insights/dataCollectionRules'], createObject()))]", + "tags": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupControlPlane'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.Insights/dataCollectionRules'), parameters('tags')['Microsoft.Insights/dataCollectionRules'], createObject()), parameters('mlzTags'))]", "kind": "Windows", "properties": { "dataSources": { @@ -25751,6 +19688,10 @@ } ], "outputs": { + "logAnalyticsWorkspaceName": { + "type": "string", + "value": "[parameters('logAnalyticsWorkspaceName')]" + }, "logAnalyticsWorkspaceResourceId": { "type": "string", "value": "[resourceId('Microsoft.OperationalInsights/workspaces', parameters('logAnalyticsWorkspaceName'))]" @@ -25767,7 +19708,7 @@ "condition": "[or(parameters('scalingTool'), equals(parameters('fslogixStorageService'), 'AzureFiles Premium'))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('AutomationAccount_{0}', parameters('timestamp'))]", + "name": "[format('deploy-aa-{0}', parameters('deploymentNameSuffix'))]", "resourceGroup": "[parameters('resourceGroupManagement')]", "properties": { "expressionEvaluationOptions": { @@ -25776,33 +19717,44 @@ "mode": "Incremental", "parameters": { "automationAccountDiagnosticSettingName": { - "value": "[parameters('automationAccountDiagnosticSettingName')]" + "value": "[parameters('namingConvention').automationAccountDiagnosticSetting]" }, "automationAccountName": { - "value": "[parameters('automationAccountName')]" + "value": "[parameters('namingConvention').automationAccount]" }, "automationAccountNetworkInterfaceName": { - "value": "[parameters('automationAccountNetworkInterfaceName')]" + "value": "[parameters('namingConvention').automationAccountNetworkInterface]" }, "automationAccountPrivateDnsZoneResourceId": { - "value": "[parameters('automationAccountPrivateDnsZoneResourceId')]" + "value": "[format('{0}{1}', parameters('privateDnsZoneResourceIdPrefix'), filter(parameters('privateDnsZones'), lambda('name', startsWith(lambdaVariables('name'), 'privatelink.azure-automation')))[0])]" }, "automationAccountPrivateEndpointName": { - "value": "[parameters('automationAccountPrivateEndpointName')]" + "value": "[parameters('namingConvention').automationAccountPrivateEndpoint]" + }, + "hostPoolName": { + "value": "[variables('hostPoolName')]" }, "location": { "value": "[parameters('locationVirtualMachines')]" }, - "logAnalyticsWorkspaceResourceId": "[if(parameters('enableMonitoring'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('Monitoring_{0}', parameters('timestamp'))), '2022-09-01').outputs.logAnalyticsWorkspaceResourceId.value), createObject('value', ''))]", + "logAnalyticsWorkspaceResourceId": "[if(parameters('enableMonitoring'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-monitoring-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.logAnalyticsWorkspaceResourceId.value), createObject('value', ''))]", + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, "monitoring": { "value": "[parameters('enableMonitoring')]" }, + "resourceGroupControlPlane": { + "value": "[parameters('resourceGroupControlPlane')]" + }, "subnetResourceId": { "value": "[parameters('subnetResourceId')]" }, - "tags": "[if(contains(parameters('tags'), 'Microsoft.Automation/automationAccounts'), createObject('value', parameters('tags')['Microsoft.Automation/automationAccounts']), createObject('value', createObject()))]", + "tags": { + "value": "[parameters('tags')]" + }, "virtualMachineName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('ManagementVirtualMachine_{0}', parameters('timestamp'))), '2022-09-01').outputs.Name.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-mgmt-vm-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.Name.value]" } }, "template": { @@ -25811,8 +19763,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "13848362074560112397" + "version": "0.27.1.19265", + "templateHash": "3634947269589572762" } }, "parameters": { @@ -25831,15 +19783,24 @@ "automationAccountPrivateEndpointName": { "type": "string" }, + "hostPoolName": { + "type": "string" + }, "location": { "type": "string" }, "logAnalyticsWorkspaceResourceId": { "type": "string" }, + "mlzTags": { + "type": "object" + }, "monitoring": { "type": "bool" }, + "resourceGroupControlPlane": { + "type": "string" + }, "subnetResourceId": { "type": "string" }, @@ -25856,7 +19817,7 @@ "apiVersion": "2021-06-22", "name": "[parameters('automationAccountName')]", "location": "[parameters('location')]", - "tags": "[if(contains(parameters('tags'), 'Microsoft.Automation/automationAccounts'), parameters('tags')['Microsoft.Automation/automationAccounts'], createObject())]", + "tags": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupControlPlane'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.Automation/automationAccounts'), parameters('tags')['Microsoft.Automation/automationAccounts'], createObject()), parameters('mlzTags'))]", "identity": { "type": "SystemAssigned" }, @@ -25871,7 +19832,7 @@ "apiVersion": "2023-04-01", "name": "[parameters('automationAccountPrivateEndpointName')]", "location": "[parameters('location')]", - "tags": "[if(contains(parameters('tags'), 'Microsoft.Network/privateEndpoints'), parameters('tags')['Microsoft.Network/privateEndpoints'], createObject())]", + "tags": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupControlPlane'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.Network/privateEndpoints'), parameters('tags')['Microsoft.Network/privateEndpoints'], createObject()), parameters('mlzTags'))]", "properties": { "customNetworkInterfaceName": "[parameters('automationAccountNetworkInterfaceName')]", "privateLinkServiceConnections": [ @@ -25935,7 +19896,7 @@ "apiVersion": "2022-03-01", "name": "[format('{0}/{1}', parameters('virtualMachineName'), 'HybridWorkerForWindows')]", "location": "[parameters('location')]", - "tags": "[if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), parameters('tags')['Microsoft.Compute/virtualMachines'], createObject())]", + "tags": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupControlPlane'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), parameters('tags')['Microsoft.Compute/virtualMachines'], createObject()), parameters('mlzTags'))]", "properties": { "publisher": "Microsoft.Azure.Automation.HybridWorker", "type": "HybridWorkerForWindows", @@ -25979,6 +19940,10 @@ } ], "outputs": { + "name": { + "type": "string", + "value": "[parameters('automationAccountName')]" + }, "hybridRunbookWorkerGroupName": { "type": "string", "value": "Scaling Tool" @@ -25987,15 +19952,15 @@ } }, "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('Monitoring_{0}', parameters('timestamp')))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('ManagementVirtualMachine_{0}', parameters('timestamp')))]" + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-monitoring-{0}', parameters('deploymentNameSuffix')))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-mgmt-vm-{0}', parameters('deploymentNameSuffix')))]" ] }, { "condition": "[and(parameters('recoveryServices'), or(and(and(contains(parameters('activeDirectorySolution'), 'DomainServices'), contains(parameters('hostPoolType'), 'Pooled')), contains(parameters('fslogixStorageService'), 'AzureFiles')), contains(parameters('hostPoolType'), 'Personal')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('RecoveryServicesVault_{0}', parameters('timestamp'))]", + "name": "[format('deploy-rsv-{0}', parameters('deploymentNameSuffix'))]", "resourceGroup": "[parameters('resourceGroupManagement')]", "properties": { "expressionEvaluationOptions": { @@ -26004,28 +19969,37 @@ "mode": "Incremental", "parameters": { "azureBlobsPrivateDnsZoneResourceId": { - "value": "[parameters('azureBlobsPrivateDnsZoneResourceId')]" + "value": "[format('{0}{1}', parameters('privateDnsZoneResourceIdPrefix'), filter(parameters('privateDnsZones'), lambda('name', contains(lambdaVariables('name'), 'blob')))[0])]" + }, + "azureQueueStoragePrivateDnsZoneResourceId": { + "value": "[format('{0}{1}', parameters('privateDnsZoneResourceIdPrefix'), filter(parameters('privateDnsZones'), lambda('name', contains(lambdaVariables('name'), 'queue')))[0])]" + }, + "deployFslogix": { + "value": "[parameters('deployFslogix')]" }, - "fslogix": { - "value": "[parameters('fslogix')]" + "hostPoolName": { + "value": "[variables('hostPoolName')]" }, "location": { "value": "[parameters('locationVirtualMachines')]" }, - "azureQueueStoragePrivateDnsZoneResourceId": { - "value": "[parameters('azureQueueStoragePrivateDnsZoneResourceId')]" + "mlzTags": { + "value": "[parameters('mlzTags')]" }, "recoveryServicesPrivateDnsZoneResourceId": { - "value": "[parameters('recoveryServicesPrivateDnsZoneResourceId')]" + "value": "[format('{0}{1}', parameters('privateDnsZoneResourceIdPrefix'), filter(parameters('privateDnsZones'), lambda('name', startsWith(lambdaVariables('name'), format('privatelink.{0}.backup.windowsazure', parameters('recoveryServicesGeo')))))[0])]" }, "recoveryServicesVaultName": { - "value": "[parameters('recoveryServicesVaultName')]" + "value": "[parameters('namingConvention').recoveryServicesVault]" }, "recoveryServicesVaultNetworkInterfaceName": { - "value": "[parameters('recoveryServicesVaultNetworkInterfaceName')]" + "value": "[parameters('namingConvention').recoveryServicesVaultNetworkInterface]" }, "recoveryServicesVaultPrivateEndpointName": { - "value": "[parameters('recoveryServicesVaultPrivateEndpointName')]" + "value": "[parameters('namingConvention').recoveryServicesVaultPrivateEndpoint]" + }, + "resourceGroupControlPlane": { + "value": "[parameters('resourceGroupControlPlane')]" }, "storageService": { "value": "[parameters('storageService')]" @@ -26046,8 +20020,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "6575468535502650100" + "version": "0.27.1.19265", + "templateHash": "17799245958625687053" } }, "parameters": { @@ -26057,12 +20031,18 @@ "azureQueueStoragePrivateDnsZoneResourceId": { "type": "string" }, - "fslogix": { + "deployFslogix": { "type": "bool" }, + "hostPoolName": { + "type": "string" + }, "location": { "type": "string" }, + "mlzTags": { + "type": "object" + }, "recoveryServicesPrivateDnsZoneResourceId": { "type": "string" }, @@ -26075,6 +20055,9 @@ "recoveryServicesVaultPrivateEndpointName": { "type": "string" }, + "resourceGroupControlPlane": { + "type": "string" + }, "storageService": { "type": "string" }, @@ -26094,7 +20077,7 @@ "apiVersion": "2022-03-01", "name": "[parameters('recoveryServicesVaultName')]", "location": "[parameters('location')]", - "tags": "[if(contains(parameters('tags'), 'Microsoft.RecoveryServices/vaults'), parameters('tags')['Microsoft.RecoveryServices/vaults'], createObject())]", + "tags": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupControlPlane'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.RecoveryServices/vaults'), parameters('tags')['Microsoft.RecoveryServices/vaults'], createObject()), parameters('mlzTags'))]", "sku": { "name": "RS0", "tier": "Standard" @@ -26102,12 +20085,12 @@ "properties": {} }, { - "condition": "[and(parameters('fslogix'), equals(parameters('storageService'), 'AzureFiles'))]", + "condition": "[and(parameters('deployFslogix'), equals(parameters('storageService'), 'AzureFiles'))]", "type": "Microsoft.RecoveryServices/vaults/backupPolicies", "apiVersion": "2022-03-01", "name": "[format('{0}/{1}', parameters('recoveryServicesVaultName'), 'AvdPolicyStorage')]", "location": "[parameters('location')]", - "tags": "[if(contains(parameters('tags'), 'Microsoft.RecoveryServices/vaults'), parameters('tags')['Microsoft.RecoveryServices/vaults'], createObject())]", + "tags": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupControlPlane'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.RecoveryServices/vaults'), parameters('tags')['Microsoft.RecoveryServices/vaults'], createObject()), parameters('mlzTags'))]", "properties": { "backupManagementType": "AzureStorage", "schedulePolicy": { @@ -26137,12 +20120,12 @@ ] }, { - "condition": "[not(parameters('fslogix'))]", + "condition": "[not(parameters('deployFslogix'))]", "type": "Microsoft.RecoveryServices/vaults/backupPolicies", "apiVersion": "2022-03-01", "name": "[format('{0}/{1}', parameters('recoveryServicesVaultName'), 'AvdPolicyVm')]", "location": "[parameters('location')]", - "tags": "[if(contains(parameters('tags'), 'Microsoft.RecoveryServices/vaults'), parameters('tags')['Microsoft.RecoveryServices/vaults'], createObject())]", + "tags": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupControlPlane'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.RecoveryServices/vaults'), parameters('tags')['Microsoft.RecoveryServices/vaults'], createObject()), parameters('mlzTags'))]", "properties": { "backupManagementType": "AzureIaasVM", "instantRpRetentionRangeInDays": 2, @@ -26179,7 +20162,7 @@ "apiVersion": "2023-04-01", "name": "[parameters('recoveryServicesVaultPrivateEndpointName')]", "location": "[parameters('location')]", - "tags": "[if(contains(parameters('tags'), 'Microsoft.Network/privateEndpoints'), parameters('tags')['Microsoft.Network/privateEndpoints'], createObject())]", + "tags": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupControlPlane'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.Network/privateEndpoints'), parameters('tags')['Microsoft.Network/privateEndpoints'], createObject()), parameters('mlzTags'))]", "properties": { "customNetworkInterfaceName": "[parameters('recoveryServicesVaultNetworkInterfaceName')]", "privateLinkServiceConnections": [ @@ -26232,7 +20215,13 @@ "[resourceId('Microsoft.RecoveryServices/vaults', parameters('recoveryServicesVaultName'))]" ] } - ] + ], + "outputs": { + "name": { + "type": "string", + "value": "[parameters('recoveryServicesVaultName')]" + } + } } } } @@ -26240,108 +20229,94 @@ "outputs": { "artifactsUserAssignedIdentityClientId": { "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('artifactsStorageAccountResourceId'), '/')[2], split(parameters('artifactsStorageAccountResourceId'), '/')[4]), 'Microsoft.Resources/deployments', format('Artifacts_{0}', parameters('timestamp'))), '2022-09-01').outputs.userAssignedIdentityClientId.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('artifactsStorageAccountResourceId'), '/')[2], split(parameters('artifactsStorageAccountResourceId'), '/')[4]), 'Microsoft.Resources/deployments', format('deploy-artifacts-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.userAssignedIdentityClientId.value]" }, "artifactsUserAssignedIdentityPrincipalId": { "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('artifactsStorageAccountResourceId'), '/')[2], split(parameters('artifactsStorageAccountResourceId'), '/')[4]), 'Microsoft.Resources/deployments', format('Artifacts_{0}', parameters('timestamp'))), '2022-09-01').outputs.userAssignedIdentityPrincipalId.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('artifactsStorageAccountResourceId'), '/')[2], split(parameters('artifactsStorageAccountResourceId'), '/')[4]), 'Microsoft.Resources/deployments', format('deploy-artifacts-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.userAssignedIdentityPrincipalId.value]" }, "artifactsUserAssignedIdentityResourceId": { "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('artifactsStorageAccountResourceId'), '/')[2], split(parameters('artifactsStorageAccountResourceId'), '/')[4]), 'Microsoft.Resources/deployments', format('Artifacts_{0}', parameters('timestamp'))), '2022-09-01').outputs.userAssignedIdentityResourceId.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('artifactsStorageAccountResourceId'), '/')[2], split(parameters('artifactsStorageAccountResourceId'), '/')[4]), 'Microsoft.Resources/deployments', format('deploy-artifacts-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.userAssignedIdentityResourceId.value]" + }, + "automationAccountName": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-aa-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" }, "dataCollectionRuleResourceId": { "type": "string", - "value": "[if(parameters('enableMonitoring'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('Monitoring_{0}', parameters('timestamp'))), '2022-09-01').outputs.dataCollectionRuleResourceId.value, '')]" + "value": "[if(parameters('enableMonitoring'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-monitoring-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.dataCollectionRuleResourceId.value, '')]" }, "deploymentUserAssignedIdentityClientId": { "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('UserAssignedIdentity_{0}', parameters('timestamp'))), '2022-09-01').outputs.clientId.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-id-deployment-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.clientId.value]" }, "deploymentUserAssignedIdentityPrincipalId": { "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('UserAssignedIdentity_{0}', parameters('timestamp'))), '2022-09-01').outputs.principalId.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-id-deployment-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.principalId.value]" }, "deploymentUserAssignedIdentityResourceId": { "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('UserAssignedIdentity_{0}', parameters('timestamp'))), '2022-09-01').outputs.resourceId.value]" - }, - "diskEncryptionSetResourceId": { - "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('DiskEncryptionSet_{0}', parameters('timestamp'))), '2022-09-01').outputs.resourceId.value]" - }, - "encryptionUserAssignedIdentityClientId": { - "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('CustomerManagedKeys_{0}', parameters('timestamp'))), '2022-09-01').outputs.encryptionUserAssignedIdentityClientId.value]" - }, - "encryptionUserAssignedIdentityPrincipalId": { - "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('CustomerManagedKeys_{0}', parameters('timestamp'))), '2022-09-01').outputs.encryptionUserAssignedIdentityPrincipalId.value]" - }, - "encryptionUserAssignedIdentityResourceId": { - "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('CustomerManagedKeys_{0}', parameters('timestamp'))), '2022-09-01').outputs.encryptionUserAssignedIdentityResourceId.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-id-deployment-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.resourceId.value]" }, "existingFeedWorkspace": { "type": "bool", - "value": "[if(equals(reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('Validations_{0}', parameters('timestamp'))), '2022-09-01').outputs.value.value.existingWorkspace, 'true'), true(), false())]" + "value": "[if(equals(reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('validate-deployment-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.value.value.existingWorkspace, 'true'), true(), false())]" }, "hybridRunbookWorkerGroupName": { "type": "string", - "value": "[if(or(parameters('scalingTool'), equals(parameters('fslogixStorageService'), 'AzureFiles Premium')), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('AutomationAccount_{0}', parameters('timestamp'))), '2022-09-01').outputs.hybridRunbookWorkerGroupName.value, '')]" + "value": "[if(or(parameters('scalingTool'), equals(parameters('fslogixStorageService'), 'AzureFiles Premium')), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-aa-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.hybridRunbookWorkerGroupName.value, '')]" }, - "keyVaultUri": { + "logAnalyticsWorkspaceName": { "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('CustomerManagedKeys_{0}', parameters('timestamp'))), '2022-09-01').outputs.keyVaultUri.value]" + "value": "[if(parameters('enableMonitoring'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-monitoring-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.logAnalyticsWorkspaceName.value, '')]" }, "logAnalyticsWorkspaceResourceId": { "type": "string", - "value": "[if(parameters('enableMonitoring'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('Monitoring_{0}', parameters('timestamp'))), '2022-09-01').outputs.logAnalyticsWorkspaceResourceId.value, '')]" + "value": "[if(parameters('enableMonitoring'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-monitoring-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.logAnalyticsWorkspaceResourceId.value, '')]" }, - "storageEncryptionKeyName": { + "recoveryServicesVaultName": { "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('CustomerManagedKeys_{0}', parameters('timestamp'))), '2022-09-01').outputs.storageKeyName.value]" + "value": "[if(and(parameters('recoveryServices'), or(and(and(contains(parameters('activeDirectorySolution'), 'DomainServices'), contains(parameters('hostPoolType'), 'Pooled')), contains(parameters('fslogixStorageService'), 'AzureFiles')), contains(parameters('hostPoolType'), 'Personal'))), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-rsv-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value, '')]" }, "validateAcceleratedNetworking": { "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('Validations_{0}', parameters('timestamp'))), '2022-09-01').outputs.value.value.acceleratedNetworking]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('validate-deployment-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.value.value.acceleratedNetworking]" }, "validateANFDnsServers": { "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('Validations_{0}', parameters('timestamp'))), '2022-09-01').outputs.value.value.anfDnsServers]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('validate-deployment-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.value.value.anfDnsServers]" }, "validateANFfActiveDirectory": { "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('Validations_{0}', parameters('timestamp'))), '2022-09-01').outputs.value.value.anfActiveDirectory]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('validate-deployment-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.value.value.anfActiveDirectory]" }, "validateANFSubnetId": { "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('Validations_{0}', parameters('timestamp'))), '2022-09-01').outputs.value.value.anfSubnetId]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('validate-deployment-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.value.value.anfSubnetId]" }, "validateAvailabilityZones": { "type": "array", - "value": "[if(equals(parameters('availability'), 'AvailabilityZones'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('Validations_{0}', parameters('timestamp'))), '2022-09-01').outputs.value.value.availabilityZones, createArray('1'))]" + "value": "[if(equals(parameters('availability'), 'AvailabilityZones'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('validate-deployment-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.value.value.availabilityZones, createArray('1'))]" }, "virtualMachineName": { "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('ManagementVirtualMachine_{0}', parameters('timestamp'))), '2022-09-01').outputs.Name.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-mgmt-vm-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.Name.value]" } } } }, "dependsOn": [ - "[subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp')))]", - "[subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp')))]", - "[subscriptionResourceId('Microsoft.Resources/deployments', format('Network_ControlPlane_{0}', parameters('timestamp')))]", - "[subscriptionResourceId('Microsoft.Resources/deployments', format('Network_Hosts_{0}', parameters('timestamp')))]", - "rgs" + "rgs", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-session-hosts-{0}', parameters('deploymentNameSuffix')))]" ] }, { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('Hub_{0}', parameters('timestamp'))]", - "subscriptionId": "[split(parameters('hubSubnetResourceId'), '/')[2]]", + "name": "[format('deploy-global-workspace-{0}', parameters('deploymentNameSuffix'))]", + "subscriptionId": "[split(parameters('sharedServicesSubnetResourceId'), '/')[2]]", "location": "[deployment().location]", "properties": { "expressionEvaluationOptions": { @@ -26349,29 +20324,32 @@ }, "mode": "Incremental", "parameters": { + "deploymentNameSuffix": { + "value": "[parameters('deploymentNameSuffix')]" + }, "existingWorkspace": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Management_{0}', parameters('timestamp'))), '2022-09-01').outputs.existingFeedWorkspace.value]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-management-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.existingFeedWorkspace.value]" }, "globalWorkspacePrivateDnsZoneResourceId": { - "value": "[format('{0}{1}', variables('privateDnsZoneResourceIdPrefix'), reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.avdGlobalPrivateDnsZoneName)]" + "value": "[format('{0}{1}', variables('privateDnsZoneResourceIdPrefix'), filter(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.privateDnsZones.value, lambda('name', startsWith(lambdaVariables('name'), 'privatelink-global.wvd')))[0])]" }, - "hubSubnetResourceId": { - "value": "[parameters('hubSubnetResourceId')]" + "sharedServicesSubnetResourceId": { + "value": "[parameters('sharedServicesSubnetResourceId')]" }, - "resourceGroupName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.resourceGroupGlobalWorkspace]" + "mlzTags": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.mlzTags.value]" }, - "timestamp": { - "value": "[parameters('timestamp')]" + "resourceGroupName": { + "value": "[replace(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.namingConvention.value.resourceGroup, reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value.service, 'globalWorkspace')]" }, "workspaceGlobalName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.workspaceGlobalName]" + "value": "[replace(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.namingConvention.value.workspaceGlobal, reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value.service, 'global')]" }, "workspaceGlobalNetworkInterfaceName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.workspaceGlobalNetworkInterfaceName]" + "value": "[replace(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.namingConvention.value.workspaceGlobalNetworkInterface, reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value.service, 'global')]" }, "workspaceGlobalPrivateEndpointName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.workspaceGlobalPrivateEndpointName]" + "value": "[replace(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.namingConvention.value.workspaceGlobalPrivateEndpoint, reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value.service, 'global')]" } }, "template": { @@ -26380,24 +20358,27 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "7007581849220022853" + "version": "0.27.1.19265", + "templateHash": "14369973629912257305" } }, "parameters": { + "deploymentNameSuffix": { + "type": "string" + }, "existingWorkspace": { "type": "bool" }, "globalWorkspacePrivateDnsZoneResourceId": { "type": "string" }, - "hubSubnetResourceId": { + "sharedServicesSubnetResourceId": { "type": "string" }, - "resourceGroupName": { - "type": "string" + "mlzTags": { + "type": "object" }, - "timestamp": { + "resourceGroupName": { "type": "string" }, "workspaceGlobalName": { @@ -26415,8 +20396,8 @@ "condition": "[not(parameters('existingWorkspace'))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('SharedServices_VirtualNetwork_{0}', parameters('timestamp'))]", - "resourceGroup": "[split(parameters('hubSubnetResourceId'), '/')[4]]", + "name": "[format('get-vnet-shared-services-{0}', parameters('deploymentNameSuffix'))]", + "resourceGroup": "[split(parameters('sharedServicesSubnetResourceId'), '/')[4]]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -26424,7 +20405,7 @@ "mode": "Incremental", "parameters": { "name": { - "value": "[split(parameters('hubSubnetResourceId'), '/')[8]]" + "value": "[split(parameters('sharedServicesSubnetResourceId'), '/')[8]]" } }, "template": { @@ -26433,8 +20414,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "8343323275640555439" + "version": "0.27.1.19265", + "templateHash": "17840047049187746135" } }, "parameters": { @@ -26456,8 +20437,8 @@ "condition": "[not(parameters('existingWorkspace'))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('ResourceGroup_WorkspaceGlobal_{0}', parameters('timestamp'))]", - "subscriptionId": "[split(parameters('hubSubnetResourceId'), '/')[2]]", + "name": "[format('deploy-rg-vdws-global-{0}', parameters('deploymentNameSuffix'))]", + "subscriptionId": "[split(parameters('sharedServicesSubnetResourceId'), '/')[2]]", "location": "[deployment().location]", "properties": { "expressionEvaluationOptions": { @@ -26465,8 +20446,11 @@ }, "mode": "Incremental", "parameters": { - "location": "[if(not(parameters('existingWorkspace')), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, split(parameters('hubSubnetResourceId'), '/')[4]), 'Microsoft.Resources/deployments', format('SharedServices_VirtualNetwork_{0}', parameters('timestamp'))), '2022-09-01').outputs.location.value), createObject('value', ''))]", - "resourceGroupName": { + "location": "[if(not(parameters('existingWorkspace')), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, split(parameters('sharedServicesSubnetResourceId'), '/')[4]), 'Microsoft.Resources/deployments', format('get-vnet-shared-services-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.location.value), createObject('value', ''))]", + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, + "name": { "value": "[parameters('resourceGroupName')]" }, "tags": { @@ -26479,41 +20463,63 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "14500695625135566681" + "version": "0.27.1.19265", + "templateHash": "11578255285976861685" } }, "parameters": { - "location": { + "mlzTags": { + "type": "object" + }, + "name": { "type": "string" }, - "resourceGroupName": { + "location": { "type": "string" }, "tags": { - "type": "object" + "type": "object", + "defaultValue": {} } }, "resources": [ { "type": "Microsoft.Resources/resourceGroups", - "apiVersion": "2020-10-01", - "name": "[parameters('resourceGroupName')]", + "apiVersion": "2019-05-01", + "name": "[parameters('name')]", "location": "[parameters('location')]", - "tags": "[if(contains(parameters('tags'), 'Microsoft.Resources/resourceGroups'), parameters('tags')['Microsoft.Resources/resourceGroups'], createObject())]" + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Resources/resourceGroups'), parameters('tags')['Microsoft.Resources/resourceGroups'], createObject()), parameters('mlzTags'))]" } - ] + ], + "outputs": { + "id": { + "type": "string", + "value": "[subscriptionResourceId('Microsoft.Resources/resourceGroups', parameters('name'))]" + }, + "name": { + "type": "string", + "value": "[parameters('name')]" + }, + "location": { + "type": "string", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/resourceGroups', parameters('name')), '2019-05-01', 'full').location]" + }, + "tags": { + "type": "object", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/resourceGroups', parameters('name')), '2019-05-01', 'full').tags]" + } + } } }, "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, split(parameters('hubSubnetResourceId'), '/')[4]), 'Microsoft.Resources/deployments', format('SharedServices_VirtualNetwork_{0}', parameters('timestamp')))]" + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, split(parameters('sharedServicesSubnetResourceId'), '/')[4]), 'Microsoft.Resources/deployments', format('get-vnet-shared-services-{0}', parameters('deploymentNameSuffix')))]" ] }, { "condition": "[not(parameters('existingWorkspace'))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('WorkspaceGlobal_{0}', parameters('timestamp'))]", + "name": "[format('deploy-vdws-global-{0}', parameters('deploymentNameSuffix'))]", "resourceGroup": "[parameters('resourceGroupName')]", "properties": { "expressionEvaluationOptions": { @@ -26524,9 +20530,12 @@ "globalWorkspacePrivateDnsZoneResourceId": { "value": "[parameters('globalWorkspacePrivateDnsZoneResourceId')]" }, - "location": "[if(not(parameters('existingWorkspace')), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, split(parameters('hubSubnetResourceId'), '/')[4]), 'Microsoft.Resources/deployments', format('SharedServices_VirtualNetwork_{0}', parameters('timestamp'))), '2022-09-01').outputs.location.value), createObject('value', ''))]", + "location": "[if(not(parameters('existingWorkspace')), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, split(parameters('sharedServicesSubnetResourceId'), '/')[4]), 'Microsoft.Resources/deployments', format('get-vnet-shared-services-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.location.value), createObject('value', ''))]", "subnetResourceId": { - "value": "[parameters('hubSubnetResourceId')]" + "value": "[parameters('sharedServicesSubnetResourceId')]" + }, + "tags": { + "value": "[parameters('mlzTags')]" }, "workspaceGlobalName": { "value": "[parameters('workspaceGlobalName')]" @@ -26544,8 +20553,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "7495532129610077876" + "version": "0.27.1.19265", + "templateHash": "13370532288717139142" } }, "parameters": { @@ -26558,6 +20567,9 @@ "subnetResourceId": { "type": "string" }, + "tags": { + "type": "object" + }, "workspaceGlobalName": { "type": "string" }, @@ -26574,7 +20586,7 @@ "apiVersion": "2023-09-05", "name": "[parameters('workspaceGlobalName')]", "location": "[parameters('location')]", - "tags": {}, + "tags": "[parameters('tags')]", "properties": {} }, { @@ -26582,7 +20594,7 @@ "apiVersion": "2023-04-01", "name": "[parameters('workspaceGlobalPrivateEndpointName')]", "location": "[parameters('location')]", - "tags": {}, + "tags": "[parameters('tags')]", "properties": { "customNetworkInterfaceName": "[parameters('workspaceGlobalNetworkInterfaceName')]", "privateLinkServiceConnections": [ @@ -26626,22 +20638,22 @@ } }, "dependsOn": [ - "[subscriptionResourceId(split(parameters('hubSubnetResourceId'), '/')[2], 'Microsoft.Resources/deployments', format('ResourceGroup_WorkspaceGlobal_{0}', parameters('timestamp')))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, split(parameters('hubSubnetResourceId'), '/')[4]), 'Microsoft.Resources/deployments', format('SharedServices_VirtualNetwork_{0}', parameters('timestamp')))]" + "[subscriptionResourceId(split(parameters('sharedServicesSubnetResourceId'), '/')[2], 'Microsoft.Resources/deployments', format('deploy-rg-vdws-global-{0}', parameters('deploymentNameSuffix')))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, split(parameters('sharedServicesSubnetResourceId'), '/')[4]), 'Microsoft.Resources/deployments', format('get-vnet-shared-services-{0}', parameters('deploymentNameSuffix')))]" ] } ] } }, "dependsOn": [ - "[subscriptionResourceId('Microsoft.Resources/deployments', format('Management_{0}', parameters('timestamp')))]", - "[subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp')))]" + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-management-{0}', parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix')))]" ] }, { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('ControlPlane_{0}', parameters('timestamp'))]", + "name": "[format('deploy-control-plane-{0}', parameters('deploymentNameSuffix'))]", "location": "[deployment().location]", "properties": { "expressionEvaluationOptions": { @@ -26656,32 +20668,29 @@ "value": "[variables('artifactsUri')]" }, "avdPrivateDnsZoneResourceId": { - "value": "[format('{0}{1}', variables('privateDnsZoneResourceIdPrefix'), reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.avdPrivateDnsZoneName)]" + "value": "[format('{0}{1}', variables('privateDnsZoneResourceIdPrefix'), filter(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.privateDnsZones.value, lambda('name', startsWith(lambdaVariables('name'), 'privatelink.wvd')))[0])]" + }, + "customImageId": { + "value": "[variables('customImageId')]" }, "customRdpProperty": { "value": "[parameters('customRdpProperty')]" }, - "deploymentUserAssignedIdentityClientId": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Management_{0}', parameters('timestamp'))), '2022-09-01').outputs.deploymentUserAssignedIdentityClientId.value]" + "deploymentNameSuffix": { + "value": "[parameters('deploymentNameSuffix')]" }, - "desktopApplicationGroupName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.desktopApplicationGroupName]" + "deploymentUserAssignedIdentityClientId": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-management-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.deploymentUserAssignedIdentityClientId.value]" }, "desktopFriendlyName": "[if(empty(parameters('desktopFriendlyName')), createObject('value', string(parameters('stampIndex'))), createObject('value', parameters('desktopFriendlyName')))]", - "existingFeedWorkspace": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Management_{0}', parameters('timestamp'))), '2022-09-01').outputs.existingFeedWorkspace.value]" - }, - "hostPoolDiagnosticSettingName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.hostPoolDiagnosticSettingName]" - }, - "hostPoolName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.hostPoolName]" + "diskSku": { + "value": "[parameters('diskSku')]" }, - "hostPoolNetworkInterfaceName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.hostPoolNetworkInterfaceName]" + "domainName": { + "value": "[parameters('domainName')]" }, - "hostPoolPrivateEndpointName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.hostPoolPrivateEndpointName]" + "existingFeedWorkspace": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-management-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.existingFeedWorkspace.value]" }, "hostPoolPublicNetworkAccess": { "value": "[parameters('hostPoolPublicNetworkAccess')]" @@ -26689,65 +20698,68 @@ "hostPoolType": { "value": "[parameters('hostPoolType')]" }, + "imageOffer": { + "value": "[parameters('imageOffer')]" + }, + "imagePublisher": { + "value": "[parameters('imagePublisher')]" + }, + "imageSku": { + "value": "[parameters('imageSku')]" + }, + "imageVersionResourceId": { + "value": "[parameters('imageVersionResourceId')]" + }, "locationControlPlane": { "value": "[parameters('locationControlPlane')]" }, "locationVirtualMachines": { "value": "[parameters('locationVirtualMachines')]" }, - "logAnalyticsWorkspaceResourceId": "[if(parameters('monitoring'), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Management_{0}', parameters('timestamp'))), '2022-09-01').outputs.logAnalyticsWorkspaceResourceId.value), createObject('value', ''))]", + "logAnalyticsWorkspaceResourceId": "[if(parameters('monitoring'), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-management-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.logAnalyticsWorkspaceResourceId.value), createObject('value', ''))]", "managementVirtualMachineName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Management_{0}', parameters('timestamp'))), '2022-09-01').outputs.virtualMachineName.value]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-management-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.virtualMachineName.value]" }, "maxSessionLimit": { "value": "[mul(parameters('usersPerCore'), parameters('virtualMachineVirtualCpuCount'))]" }, + "mlzTags": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.mlzTags.value]" + }, "monitoring": { "value": "[parameters('monitoring')]" }, - "resourceGroupControlPlane": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.resourceGroupControlPlane]" + "namingConvention": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.namingConvention.value]" }, - "resourceGroupFeedWorkspace": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.resourceGroupFeedWorkspace]" - }, - "resourceGroupManagement": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.resourceGroupManagement]" + "resourceGroups": { + "value": "[union(createArray(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', variables('resourceGroupServices')[0], parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value, reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', variables('resourceGroupServices')[1], parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value, reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', variables('resourceGroupServices')[2], parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value, reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', variables('resourceGroupServices')[3], parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value), if(variables('deployFslogix'), createArray(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', variables('resourceGroupServices')[4], parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value), createArray()))]" }, "roleDefinitions": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp'))), '2022-09-01').outputs.roleDefinitions.value]" + "value": "[variables('roleDefinitions')]" }, "securityPrincipalObjectIds": { "value": "[map(parameters('securityPrincipals'), lambda('item', lambdaVariables('item').objectId))]" }, + "serviceToken": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value.service]" + }, + "sessionHostNamePrefix": "[if(equals(length(variables('deploymentLocations')), 2), createObject('value', replace(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-session-hosts-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.namingConvention.value.virtualMachine, reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-session-hosts-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value.service, '')), createObject('value', replace(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.namingConvention.value.virtualMachine, reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value.service, '')))]", "subnetResourceId": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Network_ControlPlane_{0}', parameters('timestamp'))), '2022-09-01').outputs.subnetResourceId.value]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.subnetResourceId.value]" }, "tags": { "value": "[parameters('tags')]" }, - "timestamp": { - "value": "[parameters('timestamp')]" - }, "validationEnvironment": { "value": "[parameters('validationEnvironment')]" }, - "vmTemplate": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp'))), '2022-09-01').outputs.vmTemplate.value]" - }, - "workspaceFeedDiagnoticSettingName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.workspaceFeedDiagnosticSettingName]" - }, - "workspaceFeedName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.workspaceFeedName]" - }, - "workspaceFeedNetworkInterfaceName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.workspaceFeedNetworkInterfaceName]" + "virtualMachineSize": { + "value": "[parameters('virtualMachineSize')]" }, - "workspaceFeedPrivateEndpointName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.workspaceFeedPrivateEndpointName]" + "workspaceFriendlyName": { + "value": "[parameters('workspaceFriendlyName')]" }, - "workspaceFriendlyName": "[if(empty(parameters('workspaceFriendlyName')), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.workspaceFriendlyName), createObject('value', format('{0} ({1})', parameters('workspaceFriendlyName'), parameters('locationControlPlane'))))]", "workspacePublicNetworkAccess": { "value": "[parameters('workspacePublicNetworkAccess')]" } @@ -26758,8 +20770,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "1580607076343504927" + "version": "0.27.1.19265", + "templateHash": "487655146128994347" } }, "parameters": { @@ -26772,37 +20784,46 @@ "avdPrivateDnsZoneResourceId": { "type": "string" }, + "customImageId": { + "type": "string" + }, "customRdpProperty": { "type": "string" }, - "deploymentUserAssignedIdentityClientId": { + "deploymentNameSuffix": { "type": "string" }, - "desktopApplicationGroupName": { + "deploymentUserAssignedIdentityClientId": { "type": "string" }, "desktopFriendlyName": { "type": "string" }, + "diskSku": { + "type": "string" + }, + "domainName": { + "type": "string" + }, "existingFeedWorkspace": { "type": "bool" }, - "hostPoolDiagnosticSettingName": { + "hostPoolPublicNetworkAccess": { "type": "string" }, - "hostPoolName": { + "hostPoolType": { "type": "string" }, - "hostPoolNetworkInterfaceName": { + "imageOffer": { "type": "string" }, - "hostPoolPrivateEndpointName": { + "imagePublisher": { "type": "string" }, - "hostPoolPublicNetworkAccess": { + "imageSku": { "type": "string" }, - "hostPoolType": { + "imageVersionResourceId": { "type": "string" }, "locationControlPlane": { @@ -26820,17 +20841,17 @@ "maxSessionLimit": { "type": "int" }, + "mlzTags": { + "type": "object" + }, "monitoring": { "type": "bool" }, - "resourceGroupControlPlane": { - "type": "string" - }, - "resourceGroupFeedWorkspace": { - "type": "string" + "namingConvention": { + "type": "object" }, - "resourceGroupManagement": { - "type": "string" + "resourceGroups": { + "type": "array" }, "roleDefinitions": { "type": "object" @@ -26838,31 +20859,22 @@ "securityPrincipalObjectIds": { "type": "array" }, + "serviceToken": { + "type": "string" + }, + "sessionHostNamePrefix": { + "type": "string" + }, "subnetResourceId": { "type": "string" }, "tags": { "type": "object" }, - "timestamp": { - "type": "string" - }, "validationEnvironment": { "type": "bool" }, - "vmTemplate": { - "type": "string" - }, - "workspaceFeedDiagnoticSettingName": { - "type": "string" - }, - "workspaceFeedName": { - "type": "string" - }, - "workspaceFeedNetworkInterfaceName": { - "type": "string" - }, - "workspaceFeedPrivateEndpointName": { + "virtualMachineSize": { "type": "string" }, "workspaceFriendlyName": { @@ -26872,12 +20884,20 @@ "type": "string" } }, + "variables": { + "galleryImageOffer": "[if(empty(parameters('imageVersionResourceId')), format('\"{0}\"', parameters('imageOffer')), 'null')]", + "galleryImagePublisher": "[if(empty(parameters('imageVersionResourceId')), format('\"{0}\"', parameters('imagePublisher')), 'null')]", + "galleryImageSku": "[if(empty(parameters('imageVersionResourceId')), format('\"{0}\"', parameters('imageSku')), 'null')]", + "galleryItemId": "[if(empty(parameters('imageVersionResourceId')), format('\"{0}.{1}{2}\"', parameters('imagePublisher'), parameters('imageOffer'), parameters('imageSku')), 'null')]", + "hostPoolName": "[parameters('namingConvention').hostPool]", + "imageType": "[if(empty(parameters('imageVersionResourceId')), '\"Gallery\"', '\"CustomImage\"')]" + }, "resources": [ { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('HostPool_{0}', parameters('timestamp'))]", - "resourceGroup": "[parameters('resourceGroupControlPlane')]", + "name": "[format('deploy-vdpool-{0}', parameters('deploymentNameSuffix'))]", + "resourceGroup": "[parameters('resourceGroups')[0]]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -26890,20 +20910,41 @@ "avdPrivateDnsZoneResourceId": { "value": "[parameters('avdPrivateDnsZoneResourceId')]" }, + "customImageId": { + "value": "[parameters('customImageId')]" + }, "customRdpProperty": { "value": "[parameters('customRdpProperty')]" }, + "diskSku": { + "value": "[parameters('diskSku')]" + }, + "domainName": { + "value": "[parameters('domainName')]" + }, + "galleryImageOffer": { + "value": "[variables('galleryImageOffer')]" + }, + "galleryImagePublisher": { + "value": "[variables('galleryImagePublisher')]" + }, + "galleryImageSku": { + "value": "[variables('galleryImageSku')]" + }, + "galleryItemId": { + "value": "[variables('galleryItemId')]" + }, "hostPoolDiagnosticSettingName": { - "value": "[parameters('hostPoolDiagnosticSettingName')]" + "value": "[parameters('namingConvention').hostPoolDiagnosticSetting]" }, "hostPoolName": { - "value": "[parameters('hostPoolName')]" + "value": "[variables('hostPoolName')]" }, "hostPoolNetworkInterfaceName": { - "value": "[parameters('hostPoolNetworkInterfaceName')]" + "value": "[parameters('namingConvention').hostPoolNetworkInterface]" }, "hostPoolPrivateEndpointName": { - "value": "[parameters('hostPoolPrivateEndpointName')]" + "value": "[parameters('namingConvention').hostPoolPrivateEndpoint]" }, "hostPoolPublicNetworkAccess": { "value": "[parameters('hostPoolPublicNetworkAccess')]" @@ -26911,6 +20952,9 @@ "hostPoolType": { "value": "[parameters('hostPoolType')]" }, + "imageType": { + "value": "[variables('imageType')]" + }, "location": { "value": "[parameters('locationControlPlane')]" }, @@ -26920,9 +20964,15 @@ "maxSessionLimit": { "value": "[parameters('maxSessionLimit')]" }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, "monitoring": { "value": "[parameters('monitoring')]" }, + "sessionHostNamePrefix": { + "value": "[parameters('sessionHostNamePrefix')]" + }, "subnetResourceId": { "value": "[parameters('subnetResourceId')]" }, @@ -26932,8 +20982,8 @@ "validationEnvironment": { "value": "[parameters('validationEnvironment')]" }, - "vmTemplate": { - "value": "[parameters('vmTemplate')]" + "virtualMachineSize": { + "value": "[parameters('virtualMachineSize')]" } }, "template": { @@ -26942,8 +20992,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "8117243727401569931" + "version": "0.27.1.19265", + "templateHash": "9791414966080690969" } }, "parameters": { @@ -26953,9 +21003,30 @@ "avdPrivateDnsZoneResourceId": { "type": "string" }, + "customImageId": { + "type": "string" + }, "customRdpProperty": { "type": "string" }, + "diskSku": { + "type": "string" + }, + "domainName": { + "type": "string" + }, + "galleryImageOffer": { + "type": "string" + }, + "galleryImagePublisher": { + "type": "string" + }, + "galleryImageSku": { + "type": "string" + }, + "galleryItemId": { + "type": "string" + }, "hostPoolDiagnosticSettingName": { "type": "string" }, @@ -26974,6 +21045,9 @@ "hostPoolType": { "type": "string" }, + "imageType": { + "type": "string" + }, "location": { "type": "string" }, @@ -26983,9 +21057,15 @@ "maxSessionLimit": { "type": "int" }, + "mlzTags": { + "type": "object" + }, "monitoring": { "type": "bool" }, + "sessionHostNamePrefix": { + "type": "string" + }, "subnetResourceId": { "type": "string" }, @@ -26999,7 +21079,7 @@ "validationEnvironment": { "type": "bool" }, - "vmTemplate": { + "virtualMachineSize": { "type": "string" } }, @@ -27038,7 +21118,7 @@ "apiVersion": "2023-09-05", "name": "[parameters('hostPoolName')]", "location": "[parameters('location')]", - "tags": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, resourceGroup().name, parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.DesktopVirtualization/hostPools'), parameters('tags')['Microsoft.DesktopVirtualization/hostPools'], createObject()))]", + "tags": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, resourceGroup().name, parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.DesktopVirtualization/hostPools'), parameters('tags')['Microsoft.DesktopVirtualization/hostPools'], createObject()), parameters('mlzTags'))]", "properties": { "customRdpProperty": "[variables('customRdpProperty_Complete')]", "hostPoolType": "[split(parameters('hostPoolType'), ' ')[0]]", @@ -27053,7 +21133,7 @@ }, "startVMOnConnect": true, "validationEnvironment": "[parameters('validationEnvironment')]", - "vmTemplate": "[parameters('vmTemplate')]" + "vmTemplate": "[format('{{\"domain\":\"{0}\",\"galleryImageOffer\":{1},\"galleryImagePublisher\":{2},\"galleryImageSKU\":{3},\"imageType\":{4},\"customImageId\":{5},\"namePrefix\":\"{6}\",\"osDiskType\":\"{7}\",\"vmSize\":{{\"id\":\"{8}\",\"cores\":null,\"ram\":null,\"rdmaEnabled\": false,\"supportsMemoryPreservingMaintenance\": true}},\"galleryItemId\":{9},\"hibernate\":false,\"diskSizeGB\":0,\"securityType\":\"TrustedLaunch\",\"secureBoot\":true,\"vTPM\":true,\"vmInfrastructureType\":\"Cloud\",\"virtualProcessorCount\":null,\"memoryGB\":null,\"maximumMemoryGB\":null,\"minimumMemoryGB\":null,\"dynamicMemoryConfig\":false}}', parameters('domainName'), parameters('galleryImageOffer'), parameters('galleryImagePublisher'), parameters('galleryImageSku'), parameters('imageType'), parameters('customImageId'), parameters('sessionHostNamePrefix'), parameters('diskSku'), parameters('virtualMachineSize'), parameters('galleryItemId'))]" } }, { @@ -27061,7 +21141,7 @@ "apiVersion": "2023-04-01", "name": "[parameters('hostPoolPrivateEndpointName')]", "location": "[parameters('location')]", - "tags": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, resourceGroup().name, parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.Network/privateEndpoints'), parameters('tags')['Microsoft.Network/privateEndpoints'], createObject()))]", + "tags": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, resourceGroup().name, parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.Network/privateEndpoints'), parameters('tags')['Microsoft.Network/privateEndpoints'], createObject()), parameters('mlzTags'))]", "properties": { "customNetworkInterfaceName": "[parameters('hostPoolNetworkInterfaceName')]", "privateLinkServiceConnections": [ @@ -27117,7 +21197,11 @@ } ], "outputs": { - "ResourceId": { + "name": { + "type": "string", + "value": "[parameters('hostPoolName')]" + }, + "resourceId": { "type": "string", "value": "[resourceId('Microsoft.DesktopVirtualization/hostPools', parameters('hostPoolName'))]" } @@ -27128,8 +21212,8 @@ { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('ApplicationGroup_{0}', parameters('timestamp'))]", - "resourceGroup": "[parameters('resourceGroupControlPlane')]", + "name": "[format('deploy-vdag-{0}', parameters('deploymentNameSuffix'))]", + "resourceGroup": "[parameters('resourceGroups')[0]]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -27139,14 +21223,17 @@ "artifactsUri": { "value": "[parameters('artifactsUri')]" }, + "deploymentNameSuffix": { + "value": "[parameters('deploymentNameSuffix')]" + }, "deploymentUserAssignedIdentityClientId": { "value": "[parameters('deploymentUserAssignedIdentityClientId')]" }, "desktopApplicationGroupName": { - "value": "[parameters('desktopApplicationGroupName')]" + "value": "[replace(parameters('namingConvention').applicationGroup, parameters('serviceToken'), 'desktop')]" }, "hostPoolResourceId": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupControlPlane')), 'Microsoft.Resources/deployments', format('HostPool_{0}', parameters('timestamp'))), '2022-09-01').outputs.ResourceId.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroups')[0]), 'Microsoft.Resources/deployments', format('deploy-vdpool-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.resourceId.value]" }, "locationControlPlane": { "value": "[parameters('locationControlPlane')]" @@ -27154,8 +21241,11 @@ "locationVirtualMachines": { "value": "[parameters('locationVirtualMachines')]" }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, "resourceGroupManagement": { - "value": "[parameters('resourceGroupManagement')]" + "value": "[parameters('resourceGroups')[3]]" }, "roleDefinitions": { "value": "[parameters('roleDefinitions')]" @@ -27169,9 +21259,6 @@ "tags": { "value": "[parameters('tags')]" }, - "timestamp": { - "value": "[parameters('timestamp')]" - }, "virtualMachineName": { "value": "[parameters('managementVirtualMachineName')]" } @@ -27182,14 +21269,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "16505230916895982003" + "version": "0.27.1.19265", + "templateHash": "18353736919023594644" } }, "parameters": { "artifactsUri": { "type": "string" }, + "deploymentNameSuffix": { + "type": "string" + }, "deploymentUserAssignedIdentityClientId": { "type": "string" }, @@ -27208,6 +21298,9 @@ "locationVirtualMachines": { "type": "string" }, + "mlzTags": { + "type": "object" + }, "resourceGroupManagement": { "type": "string" }, @@ -27220,9 +21313,6 @@ "tags": { "type": "object" }, - "timestamp": { - "type": "string" - }, "virtualMachineName": { "type": "string" } @@ -27233,7 +21323,7 @@ "apiVersion": "2021-03-09-preview", "name": "[parameters('desktopApplicationGroupName')]", "location": "[parameters('locationControlPlane')]", - "tags": "[union(createObject('cm-resource-parent', parameters('hostPoolResourceId')), if(contains(parameters('tags'), 'Microsoft.DesktopVirtualization/applicationGroups'), parameters('tags')['Microsoft.DesktopVirtualization/applicationGroups'], createObject()))]", + "tags": "[union(createObject('cm-resource-parent', parameters('hostPoolResourceId')), if(contains(parameters('tags'), 'Microsoft.DesktopVirtualization/applicationGroups'), parameters('tags')['Microsoft.DesktopVirtualization/applicationGroups'], createObject()), parameters('mlzTags'))]", "properties": { "hostPoolArmPath": "[parameters('hostPoolResourceId')]", "applicationGroupType": "Desktop" @@ -27260,7 +21350,7 @@ "condition": "[not(empty(parameters('desktopFriendlyName')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('ApplicationFriendlyName_{0}', parameters('timestamp'))]", + "name": "[format('deploy-vdapp-friendly-name-{0}', parameters('deploymentNameSuffix'))]", "resourceGroup": "[parameters('resourceGroupManagement')]", "properties": { "expressionEvaluationOptions": { @@ -27283,7 +21373,7 @@ "value": "Update-AvdDesktop.ps1" }, "tags": { - "value": "[union(createObject('cm-resource-parent', parameters('hostPoolResourceId')), if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), parameters('tags')['Microsoft.Compute/virtualMachines'], createObject()))]" + "value": "[union(createObject('cm-resource-parent', parameters('hostPoolResourceId')), if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), parameters('tags')['Microsoft.Compute/virtualMachines'], createObject()), parameters('mlzTags'))]" }, "userAssignedIdentityClientId": { "value": "[parameters('deploymentUserAssignedIdentityClientId')]" @@ -27298,8 +21388,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "5322300289308830902" + "version": "0.27.1.19265", + "templateHash": "13331181864693511452" } }, "parameters": { @@ -27382,14 +21472,14 @@ } }, "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupControlPlane')), 'Microsoft.Resources/deployments', format('HostPool_{0}', parameters('timestamp')))]" + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroups')[0]), 'Microsoft.Resources/deployments', format('deploy-vdpool-{0}', parameters('deploymentNameSuffix')))]" ] }, { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('WorkspaceFeed_{0}', parameters('timestamp'))]", - "resourceGroup": "[parameters('resourceGroupFeedWorkspace')]", + "name": "[format('deploy-vdws-feed-{0}', parameters('deploymentNameSuffix'))]", + "resourceGroup": "[parameters('resourceGroups')[1]]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -27397,7 +21487,7 @@ "mode": "Incremental", "parameters": { "applicationGroupReferences": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupControlPlane')), 'Microsoft.Resources/deployments', format('ApplicationGroup_{0}', parameters('timestamp'))), '2022-09-01').outputs.applicationGroupReference.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroups')[0]), 'Microsoft.Resources/deployments', format('deploy-vdag-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.applicationGroupReference.value]" }, "artifactsUri": { "value": "[parameters('artifactsUri')]" @@ -27405,6 +21495,9 @@ "avdPrivateDnsZoneResourceId": { "value": "[parameters('avdPrivateDnsZoneResourceId')]" }, + "deploymentNameSuffix": { + "value": "[parameters('deploymentNameSuffix')]" + }, "deploymentUserAssignedIdentityClientId": { "value": "[parameters('deploymentUserAssignedIdentityClientId')]" }, @@ -27412,7 +21505,7 @@ "value": "[parameters('existingFeedWorkspace')]" }, "hostPoolName": { - "value": "[parameters('hostPoolName')]" + "value": "[variables('hostPoolName')]" }, "locationControlPlane": { "value": "[parameters('locationControlPlane')]" @@ -27423,11 +21516,14 @@ "logAnalyticsWorkspaceResourceId": { "value": "[parameters('logAnalyticsWorkspaceResourceId')]" }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, "monitoring": { "value": "[parameters('monitoring')]" }, "resourceGroupManagement": { - "value": "[parameters('resourceGroupManagement')]" + "value": "[parameters('resourceGroups')[3]]" }, "subnetResourceId": { "value": "[parameters('subnetResourceId')]" @@ -27435,27 +21531,22 @@ "tags": { "value": "[parameters('tags')]" }, - "timestamp": { - "value": "[parameters('timestamp')]" - }, "virtualMachineName": { "value": "[parameters('managementVirtualMachineName')]" }, "workspaceFeedDiagnoticSettingName": { - "value": "[parameters('workspaceFeedDiagnoticSettingName')]" + "value": "[replace(parameters('namingConvention').workspaceFeedDiagnosticSetting, parameters('serviceToken'), 'feed')]" }, "workspaceFeedName": { - "value": "[parameters('workspaceFeedName')]" + "value": "[replace(parameters('namingConvention').workspaceFeed, parameters('serviceToken'), 'feed')]" }, "workspaceFeedNetworkInterfaceName": { - "value": "[parameters('workspaceFeedNetworkInterfaceName')]" + "value": "[replace(parameters('namingConvention').workspaceFeedNetworkInterface, parameters('serviceToken'), 'feed')]" }, "workspaceFeedPrivateEndpointName": { - "value": "[parameters('workspaceFeedPrivateEndpointName')]" - }, - "workspaceFriendlyName": { - "value": "[parameters('workspaceFriendlyName')]" + "value": "[replace(parameters('namingConvention').workspaceFeedPrivateEndpoint, parameters('serviceToken'), 'feed')]" }, + "workspaceFriendlyName": "[if(empty(parameters('workspaceFriendlyName')), createObject('value', replace(parameters('namingConvention').workspaceFeed, parameters('serviceToken'), '')), createObject('value', format('{0} ({1})', parameters('workspaceFriendlyName'), parameters('locationControlPlane'))))]", "workspacePublicNetworkAccess": { "value": "[parameters('workspacePublicNetworkAccess')]" } @@ -27466,8 +21557,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "14863945302360957631" + "version": "0.27.1.19265", + "templateHash": "18015592018157852086" } }, "parameters": { @@ -27480,6 +21571,9 @@ "avdPrivateDnsZoneResourceId": { "type": "string" }, + "deploymentNameSuffix": { + "type": "string" + }, "deploymentUserAssignedIdentityClientId": { "type": "string" }, @@ -27498,6 +21592,9 @@ "logAnalyticsWorkspaceResourceId": { "type": "string" }, + "mlzTags": { + "type": "object" + }, "monitoring": { "type": "bool" }, @@ -27510,9 +21607,6 @@ "tags": { "type": "object" }, - "timestamp": { - "type": "string" - }, "virtualMachineName": { "type": "string" }, @@ -27542,7 +21636,7 @@ "apiVersion": "2023-09-05", "name": "[parameters('workspaceFeedName')]", "location": "[parameters('locationControlPlane')]", - "tags": {}, + "tags": "[parameters('mlzTags')]", "properties": { "applicationGroupReferences": "[parameters('applicationGroupReferences')]", "friendlyName": "[parameters('workspaceFriendlyName')]", @@ -27555,7 +21649,7 @@ "apiVersion": "2023-04-01", "name": "[parameters('workspaceFeedPrivateEndpointName')]", "location": "[parameters('locationControlPlane')]", - "tags": {}, + "tags": "[parameters('mlzTags')]", "properties": { "customNetworkInterfaceName": "[parameters('workspaceFeedNetworkInterfaceName')]", "privateLinkServiceConnections": [ @@ -27631,7 +21725,7 @@ "condition": "[parameters('existing')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('AddApplicationGroupReferences_{0}', parameters('timestamp'))]", + "name": "[format('add-vdag-references-{0}', parameters('deploymentNameSuffix'))]", "resourceGroup": "[parameters('resourceGroupManagement')]", "properties": { "expressionEvaluationOptions": { @@ -27654,7 +21748,7 @@ "value": "Update-AvdWorkspace.ps1" }, "tags": { - "value": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, resourceGroup().name, parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), parameters('tags')['Microsoft.Compute/virtualMachines'], createObject()))]" + "value": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, resourceGroup().name, parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), parameters('tags')['Microsoft.Compute/virtualMachines'], createObject()), parameters('mlzTags'))]" }, "userAssignedIdentityClientId": { "value": "[parameters('deploymentUserAssignedIdentityClientId')]" @@ -27669,8 +21763,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "5322300289308830902" + "version": "0.27.1.19265", + "templateHash": "13331181864693511452" } }, "parameters": { @@ -27738,24 +21832,29 @@ } }, "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupControlPlane')), 'Microsoft.Resources/deployments', format('ApplicationGroup_{0}', parameters('timestamp')))]" + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroups')[0]), 'Microsoft.Resources/deployments', format('deploy-vdag-{0}', parameters('deploymentNameSuffix')))]" ] } - ] + ], + "outputs": { + "hostPoolName": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroups')[0]), 'Microsoft.Resources/deployments', format('deploy-vdpool-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" + } + } } }, "dependsOn": [ - "[subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp')))]", - "[subscriptionResourceId('Microsoft.Resources/deployments', format('Management_{0}', parameters('timestamp')))]", - "[subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp')))]", - "[subscriptionResourceId('Microsoft.Resources/deployments', format('Network_ControlPlane_{0}', parameters('timestamp')))]", - "rgs" + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-management-{0}', parameters('deploymentNameSuffix')))]", + "rgs", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-session-hosts-{0}', parameters('deploymentNameSuffix')))]" ] }, { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('FSLogix_{0}', parameters('timestamp'))]", + "name": "[format('deploy-fslogix-{0}', parameters('deploymentNameSuffix'))]", "location": "[deployment().location]", "properties": { "expressionEvaluationOptions": { @@ -27764,7 +21863,7 @@ "mode": "Incremental", "parameters": { "activeDirectoryConnection": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Management_{0}', parameters('timestamp'))), '2022-09-01').outputs.validateANFfActiveDirectory.value]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-management-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.validateANFfActiveDirectory.value]" }, "activeDirectorySolution": { "value": "[parameters('activeDirectorySolution')]" @@ -27772,23 +21871,23 @@ "artifactsUri": { "value": "[variables('artifactsUri')]" }, - "automationAccountName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.automationAccountName]" - }, "availability": { "value": "[parameters('availability')]" }, "azureFilesPrivateDnsZoneResourceId": { - "value": "[format('{0}{1}', variables('privateDnsZoneResourceIdPrefix'), reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.filePrivateDnsZoneName)]" + "value": "[format('{0}{1}', variables('privateDnsZoneResourceIdPrefix'), filter(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.privateDnsZones.value, lambda('name', contains(lambdaVariables('name'), 'file')))[0])]" }, "delegatedSubnetId": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Management_{0}', parameters('timestamp'))), '2022-09-01').outputs.validateANFSubnetId.value]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-management-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.validateANFSubnetId.value]" + }, + "deploymentNameSuffix": { + "value": "[parameters('deploymentNameSuffix')]" }, "deploymentUserAssignedIdentityClientId": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Management_{0}', parameters('timestamp'))), '2022-09-01').outputs.deploymentUserAssignedIdentityClientId.value]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-management-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.deploymentUserAssignedIdentityClientId.value]" }, "dnsServers": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Management_{0}', parameters('timestamp'))), '2022-09-01').outputs.validateANFDnsServers.value]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-management-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.validateANFDnsServers.value]" }, "domainJoinPassword": { "value": "[parameters('domainJoinPassword')]" @@ -27799,11 +21898,9 @@ "domainName": { "value": "[parameters('domainName')]" }, - "encryptionUserAssignedIdentityResourceId": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Management_{0}', parameters('timestamp'))), '2022-09-01').outputs.encryptionUserAssignedIdentityResourceId.value]" - }, + "encryptionUserAssignedIdentityResourceId": "[if(equals(length(variables('deploymentLocations')), 2), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-session-hosts-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.userAssignedIdentityResourceId.value), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.userAssignedIdentityResourceId.value))]", "fileShares": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp'))), '2022-09-01').outputs.fileShares.value]" + "value": "[variables('fileShares')]" }, "fslogixContainerType": { "value": "[parameters('fslogixContainerType')]" @@ -27814,29 +21911,22 @@ "fslogixStorageService": { "value": "[parameters('fslogixStorageService')]" }, - "hostPoolName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.hostPoolName]" - }, "hostPoolType": { "value": "[parameters('hostPoolType')]" }, - "keyVaultUri": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Management_{0}', parameters('timestamp'))), '2022-09-01').outputs.keyVaultUri.value]" - }, + "keyVaultUri": "[if(equals(length(variables('deploymentLocations')), 2), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-session-hosts-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultUri.value), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultUri.value))]", "location": { "value": "[parameters('locationVirtualMachines')]" }, "managementVirtualMachineName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Management_{0}', parameters('timestamp'))), '2022-09-01').outputs.virtualMachineName.value]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-management-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.virtualMachineName.value]" }, - "netAppAccountName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.netAppAccountName]" - }, - "netAppCapacityPoolName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.netAppCapacityPoolName]" + "mlzTags": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.mlzTags.value]" }, + "namingConvention": "[if(equals(length(variables('deploymentLocations')), 2), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-session-hosts-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.namingConvention.value), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.namingConvention.value))]", "netbios": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp'))), '2022-09-01').outputs.netbios.value]" + "value": "[variables('netbios')]" }, "organizationalUnitPath": { "value": "[parameters('organizationalUnitPath')]" @@ -27844,66 +21934,41 @@ "recoveryServices": { "value": "[parameters('recoveryServices')]" }, - "recoveryServicesVaultName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.recoveryServicesVaultName]" - }, "resourceGroupControlPlane": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.resourceGroupControlPlane]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', variables('resourceGroupServices')[0], parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" }, "resourceGroupManagement": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.resourceGroupManagement]" - }, - "resourceGroupStorage": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.resourceGroupStorage]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', variables('resourceGroupServices')[3], parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" }, + "resourceGroupStorage": "[if(variables('deployFslogix'), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', variables('resourceGroupServices')[4], parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value), createObject('value', ''))]", "securityPrincipalNames": { "value": "[map(parameters('securityPrincipals'), lambda('item', lambdaVariables('item').name))]" }, "securityPrincipalObjectIds": { "value": "[map(parameters('securityPrincipals'), lambda('item', lambdaVariables('item').objectId))]" }, - "serviceName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.serviceName.value]" - }, - "smbServerLocation": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp'))), '2022-09-01').outputs.smbServerLocation.value]" - }, - "storageAccountNamePrefix": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.storageAccountNamePrefix]" - }, - "storageAccountNetworkInterfaceNamePrefix": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.storageAccountNetworkInterfaceNamePrefix]" - }, - "storageAccountPrivateEndpointNamePrefix": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.storageAccountPrivateEndpointNamePrefix]" + "serviceToken": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value.service]" }, + "smbServerLocation": "[if(equals(length(variables('deploymentLocations')), 2), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-session-hosts-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.locatonProperties.value.timeZone), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.locatonProperties.value.timeZone))]", "storageCount": { "value": "[parameters('storageCount')]" }, - "storageEncryptionKeyName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Management_{0}', parameters('timestamp'))), '2022-09-01').outputs.storageEncryptionKeyName.value]" - }, + "storageEncryptionKeyName": "[if(equals(length(variables('deploymentLocations')), 2), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-session-hosts-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.storageEncryptionKeyName.value), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.storageEncryptionKeyName.value))]", "storageIndex": { "value": "[parameters('storageIndex')]" }, "storageService": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp'))), '2022-09-01').outputs.storageService.value]" + "value": "[variables('storageService')]" }, "storageSku": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp'))), '2022-09-01').outputs.storageSku.value]" + "value": "[variables('storageSku')]" }, - "subnet": "[if(equals(length(variables('deploymentLocations')), 1), createObject('value', split(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Network_ControlPlane_{0}', parameters('timestamp'))), '2022-09-01').outputs.subnetResourceId.value, '/')[10]), createObject('value', split(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Network_Hosts_{0}', parameters('timestamp'))), '2022-09-01').outputs.subnetResourceId.value, '/')[10]))]", + "subnetResourceId": "[if(equals(length(variables('deploymentLocations')), 2), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-session-hosts-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.subnetResourceId.value), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.subnetResourceId.value))]", "tags": { "value": "[parameters('tags')]" }, - "timestamp": { - "value": "[parameters('timestamp')]" - }, - "timeZone": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp'))), '2022-09-01').outputs.timeZone.value]" - }, - "virtualNetwork": "[if(equals(length(variables('deploymentLocations')), 1), createObject('value', split(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Network_ControlPlane_{0}', parameters('timestamp'))), '2022-09-01').outputs.subnetResourceId.value, '/')[8]), createObject('value', split(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Network_Hosts_{0}', parameters('timestamp'))), '2022-09-01').outputs.subnetResourceId.value, '/')[8]))]", - "virtualNetworkResourceGroup": "[if(equals(length(variables('deploymentLocations')), 1), createObject('value', split(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Network_ControlPlane_{0}', parameters('timestamp'))), '2022-09-01').outputs.subnetResourceId.value, '/')[4]), createObject('value', split(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Network_Hosts_{0}', parameters('timestamp'))), '2022-09-01').outputs.subnetResourceId.value, '/')[4]))]" + "timeZone": "[if(equals(length(variables('deploymentLocations')), 2), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-session-hosts-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.locatonProperties.value.abbreviation), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.locatonProperties.value.abbreviation))]" }, "template": { "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", @@ -27911,8 +21976,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "13548514408482675760" + "version": "0.27.1.19265", + "templateHash": "6672729017023590455" } }, "parameters": { @@ -27925,9 +21990,6 @@ "activeDirectorySolution": { "type": "string" }, - "automationAccountName": { - "type": "string" - }, "availability": { "type": "string" }, @@ -27937,6 +21999,9 @@ "delegatedSubnetId": { "type": "string" }, + "deploymentNameSuffix": { + "type": "string" + }, "deploymentUserAssignedIdentityClientId": { "type": "string" }, @@ -27967,9 +22032,6 @@ "fslogixStorageService": { "type": "string" }, - "hostPoolName": { - "type": "string" - }, "hostPoolType": { "type": "string" }, @@ -27982,11 +22044,11 @@ "managementVirtualMachineName": { "type": "string" }, - "netAppAccountName": { - "type": "string" + "mlzTags": { + "type": "object" }, - "netAppCapacityPoolName": { - "type": "string" + "namingConvention": { + "type": "object" }, "netbios": { "type": "string" @@ -27997,9 +22059,6 @@ "recoveryServices": { "type": "bool" }, - "recoveryServicesVaultName": { - "type": "string" - }, "resourceGroupControlPlane": { "type": "string" }, @@ -28015,21 +22074,12 @@ "securityPrincipalNames": { "type": "array" }, - "serviceName": { + "serviceToken": { "type": "string" }, "smbServerLocation": { "type": "string" }, - "storageAccountNamePrefix": { - "type": "string" - }, - "storageAccountNetworkInterfaceNamePrefix": { - "type": "string" - }, - "storageAccountPrivateEndpointNamePrefix": { - "type": "string" - }, "storageCount": { "type": "int" }, @@ -28045,39 +22095,31 @@ "storageService": { "type": "string" }, - "subnet": { + "subnetResourceId": { "type": "string" }, "tags": { "type": "object" }, - "timestamp": { - "type": "string" - }, "timeZone": { "type": "string" - }, - "virtualNetwork": { - "type": "string" - }, - "virtualNetworkResourceGroup": { - "type": "string" } }, "variables": { - "tagsAutomationAccounts": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupControlPlane'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.Automation/automationAccounts'), parameters('tags')['Microsoft.Automation/automationAccounts'], createObject()))]", - "tagsNetAppAccount": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupControlPlane'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.NetApp/netAppAccounts'), parameters('tags')['Microsoft.NetApp/netAppAccounts'], createObject()))]", - "tagsPrivateEndpoints": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupControlPlane'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.Network/privateEndpoints'), parameters('tags')['Microsoft.Network/privateEndpoints'], createObject()))]", - "tagsStorageAccounts": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupControlPlane'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.Storage/storageAccounts'), parameters('tags')['Microsoft.Storage/storageAccounts'], createObject()))]", - "tagsRecoveryServicesVault": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupControlPlane'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.recoveryServices/vaults'), parameters('tags')['Microsoft.recoveryServices/vaults'], createObject()))]", - "tagsVirtualMachines": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupControlPlane'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), parameters('tags')['Microsoft.Compute/virtualMachines'], createObject()))]" + "hostPoolName": "[parameters('namingConvention').hostPool]", + "tagsAutomationAccounts": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupControlPlane'), variables('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.Automation/automationAccounts'), parameters('tags')['Microsoft.Automation/automationAccounts'], createObject()), parameters('mlzTags'))]", + "tagsNetAppAccount": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupControlPlane'), variables('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.NetApp/netAppAccounts'), parameters('tags')['Microsoft.NetApp/netAppAccounts'], createObject()), parameters('mlzTags'))]", + "tagsPrivateEndpoints": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupControlPlane'), variables('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.Network/privateEndpoints'), parameters('tags')['Microsoft.Network/privateEndpoints'], createObject()), parameters('mlzTags'))]", + "tagsStorageAccounts": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupControlPlane'), variables('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.Storage/storageAccounts'), parameters('tags')['Microsoft.Storage/storageAccounts'], createObject()), parameters('mlzTags'))]", + "tagsRecoveryServicesVault": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupControlPlane'), variables('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.recoveryServices/vaults'), parameters('tags')['Microsoft.recoveryServices/vaults'], createObject()), parameters('mlzTags'))]", + "tagsVirtualMachines": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupControlPlane'), variables('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), parameters('tags')['Microsoft.Compute/virtualMachines'], createObject()), parameters('mlzTags'))]" }, "resources": [ { "condition": "[and(equals(parameters('storageService'), 'AzureNetAppFiles'), contains(parameters('activeDirectorySolution'), 'DomainServices'))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('AzureNetAppFiles_{0}', parameters('timestamp'))]", + "name": "[format('deploy-anf-{0}', parameters('deploymentNameSuffix'))]", "resourceGroup": "[parameters('resourceGroupStorage')]", "properties": { "expressionEvaluationOptions": { @@ -28085,15 +22127,21 @@ }, "mode": "Incremental", "parameters": { - "artifactsUri": { - "value": "[parameters('artifactsUri')]" - }, "activeDirectoryConnection": { "value": "[parameters('activeDirectoryConnection')]" }, + "artifactsUri": { + "value": "[parameters('artifactsUri')]" + }, "delegatedSubnetId": { "value": "[parameters('delegatedSubnetId')]" }, + "deploymentNameSuffix": { + "value": "[parameters('deploymentNameSuffix')]" + }, + "deploymentUserAssignedIdentityClientId": { + "value": "[parameters('deploymentUserAssignedIdentityClientId')]" + }, "dnsServers": { "value": "[parameters('dnsServers')]" }, @@ -28119,10 +22167,10 @@ "value": "[parameters('managementVirtualMachineName')]" }, "netAppAccountName": { - "value": "[parameters('netAppAccountName')]" + "value": "[parameters('namingConvention').netAppAccount]" }, "netAppCapacityPoolName": { - "value": "[parameters('netAppCapacityPoolName')]" + "value": "[parameters('namingConvention').netAppAccountCapacityPool]" }, "organizationalUnitPath": { "value": "[parameters('organizationalUnitPath')]" @@ -28136,23 +22184,17 @@ "smbServerLocation": { "value": "[parameters('smbServerLocation')]" }, - "storageSku": { - "value": "[parameters('storageSku')]" - }, "storageService": { "value": "[parameters('storageService')]" }, + "storageSku": { + "value": "[parameters('storageSku')]" + }, "tagsNetAppAccount": { "value": "[variables('tagsNetAppAccount')]" }, "tagsVirtualMachines": { "value": "[variables('tagsVirtualMachines')]" - }, - "timestamp": { - "value": "[parameters('timestamp')]" - }, - "deploymentUserAssignedIdentityClientId": { - "value": "[parameters('deploymentUserAssignedIdentityClientId')]" } }, "template": { @@ -28161,8 +22203,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "2710514303551396035" + "version": "0.27.1.19265", + "templateHash": "17473524969724205665" } }, "parameters": { @@ -28175,6 +22217,9 @@ "delegatedSubnetId": { "type": "string" }, + "deploymentNameSuffix": { + "type": "string" + }, "deploymentUserAssignedIdentityClientId": { "type": "string" }, @@ -28231,9 +22276,6 @@ }, "tagsVirtualMachines": { "type": "object" - }, - "timestamp": { - "type": "string" } }, "resources": [ @@ -28306,7 +22348,7 @@ { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('FslogixNtfsPermissions_{0}', parameters('timestamp'))]", + "name": "[format('deploy-fslogix-ntfs-permissions-{0}', parameters('deploymentNameSuffix'))]", "resourceGroup": "[parameters('resourceGroupManagement')]", "properties": { "expressionEvaluationOptions": { @@ -28344,8 +22386,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "5322300289308830902" + "version": "0.27.1.19265", + "templateHash": "13331181864693511452" } }, "parameters": { @@ -28426,7 +22468,7 @@ "condition": "[and(equals(parameters('storageService'), 'AzureFiles'), contains(parameters('activeDirectorySolution'), 'DomainServices'))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('AzureFiles_{0}', parameters('timestamp'))]", + "name": "[format('deploy-azure-files-{0}', parameters('deploymentNameSuffix'))]", "resourceGroup": "[parameters('resourceGroupStorage')]", "properties": { "expressionEvaluationOptions": { @@ -28441,7 +22483,7 @@ "value": "[parameters('artifactsUri')]" }, "automationAccountName": { - "value": "[parameters('automationAccountName')]" + "value": "[parameters('namingConvention').automationAccount]" }, "availability": { "value": "[parameters('availability')]" @@ -28449,6 +22491,9 @@ "azureFilesPrivateDnsZoneResourceId": { "value": "[parameters('azureFilesPrivateDnsZoneResourceId')]" }, + "deploymentNameSuffix": { + "value": "[parameters('deploymentNameSuffix')]" + }, "deploymentUserAssignedIdentityClientId": { "value": "[parameters('deploymentUserAssignedIdentityClientId')]" }, @@ -28495,7 +22540,7 @@ "value": "[parameters('organizationalUnitPath')]" }, "recoveryServicesVaultName": { - "value": "[parameters('recoveryServicesVaultName')]" + "value": "[parameters('namingConvention').recoveryServicesVault]" }, "resourceGroupManagement": { "value": "[parameters('resourceGroupManagement')]" @@ -28510,16 +22555,16 @@ "value": "[parameters('securityPrincipalObjectIds')]" }, "serviceName": { - "value": "[parameters('serviceName')]" + "value": "[parameters('serviceToken')]" }, "storageAccountNamePrefix": { - "value": "[parameters('storageAccountNamePrefix')]" + "value": "[parameters('namingConvention').storageAccount]" }, "storageAccountNetworkInterfaceNamePrefix": { - "value": "[parameters('storageAccountNetworkInterfaceNamePrefix')]" + "value": "[parameters('namingConvention').storageAccountNetworkInterface]" }, "storageAccountPrivateEndpointNamePrefix": { - "value": "[parameters('storageAccountPrivateEndpointNamePrefix')]" + "value": "[parameters('namingConvention').storageAccountPrivateEndpoint]" }, "storageCount": { "value": "[parameters('storageCount')]" @@ -28536,8 +22581,8 @@ "storageSku": { "value": "[parameters('storageSku')]" }, - "subnet": { - "value": "[parameters('subnet')]" + "subnetResourceId": { + "value": "[parameters('subnetResourceId')]" }, "tagsAutomationAccounts": { "value": "[variables('tagsAutomationAccounts')]" @@ -28554,17 +22599,8 @@ "tagsVirtualMachines": { "value": "[variables('tagsVirtualMachines')]" }, - "timestamp": { - "value": "[parameters('timestamp')]" - }, "timeZone": { "value": "[parameters('timeZone')]" - }, - "virtualNetwork": { - "value": "[parameters('virtualNetwork')]" - }, - "virtualNetworkResourceGroup": { - "value": "[parameters('virtualNetworkResourceGroup')]" } }, "template": { @@ -28573,8 +22609,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "13316784024502839986" + "version": "0.27.1.19265", + "templateHash": "3191909333917557852" } }, "parameters": { @@ -28590,6 +22626,9 @@ "azureFilesPrivateDnsZoneResourceId": { "type": "string" }, + "deploymentNameSuffix": { + "type": "string" + }, "deploymentUserAssignedIdentityClientId": { "type": "string" }, @@ -28681,7 +22720,7 @@ "storageService": { "type": "string" }, - "subnet": { + "subnetResourceId": { "type": "string" }, "tagsAutomationAccounts": { @@ -28699,17 +22738,8 @@ "tagsVirtualMachines": { "type": "object" }, - "timestamp": { - "type": "string" - }, "timeZone": { "type": "string" - }, - "virtualNetwork": { - "type": "string" - }, - "virtualNetworkResourceGroup": { - "type": "string" } }, "variables": { @@ -28725,8 +22755,7 @@ "kerberosTicketEncryption": "AES-256;", "channelEncryption": "AES-128-GCM;AES-256-GCM;" }, - "storageRedundancy": "[if(equals(parameters('availability'), 'availabilityZones'), '_ZRS', '_LRS')]", - "subnetId": "[resourceId(parameters('virtualNetworkResourceGroup'), 'Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetwork'), parameters('subnet'))]" + "storageRedundancy": "[if(equals(parameters('availability'), 'availabilityZones'), '_ZRS', '_LRS')]" }, "resources": [ { @@ -28846,7 +22875,7 @@ } ], "subnet": { - "id": "[variables('subnetId')]" + "id": "[parameters('subnetResourceId')]" } }, "dependsOn": [ @@ -28883,7 +22912,7 @@ }, "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('fileShares_{0}_{1}', range(0, parameters('storageCount'))[copyIndex()], parameters('timestamp'))]", + "name": "[format('deploy-file-shares-{0}-{1}', range(0, parameters('storageCount'))[copyIndex()], parameters('deploymentNameSuffix'))]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -28909,8 +22938,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "10619096950710478702" + "version": "0.27.1.19265", + "templateHash": "15601002555507359086" } }, "parameters": { @@ -28954,7 +22983,7 @@ "condition": "[contains(parameters('activeDirectorySolution'), 'DomainServices')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('FslogixNtfsPermissions_{0}', parameters('timestamp'))]", + "name": "[format('deploy-fslogix-ntfs-permissions-{0}', parameters('deploymentNameSuffix'))]", "resourceGroup": "[parameters('resourceGroupManagement')]", "properties": { "expressionEvaluationOptions": { @@ -28992,8 +23021,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "5322300289308830902" + "version": "0.27.1.19265", + "templateHash": "13331181864693511452" } }, "parameters": { @@ -29066,7 +23095,7 @@ "condition": "[and(parameters('enableRecoveryServices'), contains(parameters('hostPoolType'), 'Pooled'))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('recoveryServices_AzureFiles_{0}', parameters('timestamp'))]", + "name": "[format('deploy-backup-azure-files-{0}', parameters('deploymentNameSuffix'))]", "resourceGroup": "[parameters('resourceGroupManagement')]", "properties": { "expressionEvaluationOptions": { @@ -29074,6 +23103,9 @@ }, "mode": "Incremental", "parameters": { + "deploymentNameSuffix": { + "value": "[parameters('deploymentNameSuffix')]" + }, "fileShares": { "value": "[parameters('fileShares')]" }, @@ -29097,9 +23129,6 @@ }, "tagsRecoveryServicesVault": { "value": "[parameters('tagsRecoveryServicesVault')]" - }, - "timestamp": { - "value": "[parameters('timestamp')]" } }, "template": { @@ -29108,11 +23137,14 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "12279473499111277652" + "version": "0.27.1.19265", + "templateHash": "6750501552554271907" } }, "parameters": { + "deploymentNameSuffix": { + "type": "string" + }, "fileShares": { "type": "array" }, @@ -29136,9 +23168,6 @@ }, "tagsRecoveryServicesVault": { "type": "object" - }, - "timestamp": { - "type": "string" } }, "resources": [ @@ -29163,7 +23192,7 @@ }, "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('BackupProtectedItems_fileShares_{0}_{1}', add(range(0, parameters('storageCount'))[copyIndex()], parameters('storageIndex')), parameters('timestamp'))]", + "name": "[format('backup-file-shares-{0}-{1}', add(range(0, parameters('storageCount'))[copyIndex()], parameters('storageIndex')), parameters('deploymentNameSuffix'))]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -29195,8 +23224,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "5778916271701476724" + "version": "0.27.1.19265", + "templateHash": "7028790124213185456" } }, "parameters": { @@ -29255,7 +23284,7 @@ "condition": "[and(equals(parameters('fslogixStorageService'), 'AzureFiles Premium'), greater(parameters('storageCount'), 0))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('AutoIncreasePremiumFileShareQuota_{0}', parameters('timestamp'))]", + "name": "[format('deploy-file-share-scaling-{0}', parameters('deploymentNameSuffix'))]", "resourceGroup": "[parameters('resourceGroupManagement')]", "properties": { "expressionEvaluationOptions": { @@ -29269,6 +23298,9 @@ "automationAccountName": { "value": "[parameters('automationAccountName')]" }, + "deploymentNameSuffix": { + "value": "[parameters('deploymentNameSuffix')]" + }, "deploymentUserAssignedIdentityClientId": { "value": "[parameters('deploymentUserAssignedIdentityClientId')]" }, @@ -29296,9 +23328,6 @@ "tags": { "value": "[parameters('tagsAutomationAccounts')]" }, - "timestamp": { - "value": "[parameters('timestamp')]" - }, "timeZone": { "value": "[parameters('timeZone')]" } @@ -29309,8 +23338,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "2831457635204434604" + "version": "0.27.1.19265", + "templateHash": "12325713485520980914" } }, "parameters": { @@ -29320,6 +23349,9 @@ "automationAccountName": { "type": "string" }, + "deploymentNameSuffix": { + "type": "string" + }, "deploymentUserAssignedIdentityClientId": { "type": "string" }, @@ -29347,9 +23379,6 @@ "tags": { "type": "object" }, - "timestamp": { - "type": "string" - }, "timeZone": { "type": "string" } @@ -29363,7 +23392,7 @@ { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('Runbook_QuotaScaling_{0}', parameters('timestamp'))]", + "name": "[format('deploy-runbook-{0}', parameters('deploymentNameSuffix'))]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -29385,7 +23414,9 @@ "scriptFileName": { "value": "[variables('scriptFileName')]" }, - "tags": "[if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), createObject('value', parameters('tags')['Microsoft.Compute/virtualMachines']), createObject('value', createObject()))]", + "tags": { + "value": "[parameters('tags')]" + }, "userAssignedIdentityClientId": { "value": "[parameters('deploymentUserAssignedIdentityClientId')]" }, @@ -29399,8 +23430,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "5322300289308830902" + "version": "0.27.1.19265", + "templateHash": "13331181864693511452" } }, "parameters": { @@ -29471,7 +23502,7 @@ }, "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('Schedules_{0}_{1}', range(parameters('storageIndex'), parameters('storageCount'))[copyIndex()], parameters('timestamp'))]", + "name": "[format('deploy-schedules-{0}-{1}', range(parameters('storageIndex'), parameters('storageCount'))[copyIndex()], parameters('deploymentNameSuffix'))]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -29497,8 +23528,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "10323387708297265407" + "version": "0.27.1.19265", + "templateHash": "17510467420352375307" } }, "parameters": { @@ -29568,7 +23599,7 @@ }, "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('JobSchedules_{0}_{1}', range(parameters('storageIndex'), parameters('storageCount'))[copyIndex()], parameters('timestamp'))]", + "name": "[format('deploy-job-schedules-{0}-{1}', range(parameters('storageIndex'), parameters('storageCount'))[copyIndex()], parameters('deploymentNameSuffix'))]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -29595,9 +23626,6 @@ }, "subscriptionId": { "value": "[variables('subscriptionId')]" - }, - "timestamp": { - "value": "[parameters('timestamp')]" } }, "template": { @@ -29606,8 +23634,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "6227937299408544503" + "version": "0.27.1.19265", + "templateHash": "9904782163728788859" } }, "parameters": { @@ -29633,7 +23661,8 @@ "type": "string" }, "timestamp": { - "type": "string" + "type": "string", + "defaultValue": "[utcNow('yyyyMMddHHmmss')]" } }, "resources": [ @@ -29692,14 +23721,14 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Resources/deployments', format('Runbook_QuotaScaling_{0}', parameters('timestamp')))]", + "[resourceId('Microsoft.Resources/deployments', format('deploy-runbook-{0}', parameters('deploymentNameSuffix')))]", "schedules" ] }, { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('RoleAssignment_Storage_{0}', parameters('timestamp'))]", + "name": "[format('deploy-role-assignment-storage-{0}', parameters('deploymentNameSuffix'))]", "resourceGroup": "[parameters('storageResourceGroupName')]", "properties": { "expressionEvaluationOptions": { @@ -29707,13 +23736,13 @@ }, "mode": "Incremental", "parameters": { - "PrincipalId": { + "principalId": { "value": "[reference(resourceId('Microsoft.Automation/automationAccounts', parameters('automationAccountName')), '2022-08-08', 'full').identity.principalId]" }, - "PrincipalType": { + "principalType": { "value": "ServicePrincipal" }, - "RoleDefinitionId": { + "roleDefinitionId": { "value": "17d1049b-9a84-46fb-8f53-869881c3d3ab" } }, @@ -29723,18 +23752,18 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "12785629321959268271" + "version": "0.27.1.19265", + "templateHash": "936749082468094105" } }, "parameters": { - "PrincipalId": { + "principalId": { "type": "string" }, - "PrincipalType": { + "principalType": { "type": "string" }, - "RoleDefinitionId": { + "roleDefinitionId": { "type": "string" } }, @@ -29742,11 +23771,11 @@ { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "name": "[guid(parameters('PrincipalId'), parameters('RoleDefinitionId'), resourceGroup().id)]", + "name": "[guid(parameters('principalId'), parameters('roleDefinitionId'), resourceGroup().id)]", "properties": { - "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', parameters('RoleDefinitionId'))]", - "principalId": "[parameters('PrincipalId')]", - "principalType": "[parameters('PrincipalType')]" + "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', parameters('roleDefinitionId'))]", + "principalId": "[parameters('principalId')]", + "principalType": "[parameters('principalType')]" } } ] @@ -29757,7 +23786,7 @@ } }, "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('FslogixNtfsPermissions_{0}', parameters('timestamp')))]" + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-fslogix-ntfs-permissions-{0}', parameters('deploymentNameSuffix')))]" ] } ] @@ -29768,25 +23797,23 @@ "outputs": { "netAppShares": { "type": "array", - "value": "[if(equals(parameters('storageService'), 'AzureNetAppFiles'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupStorage')), 'Microsoft.Resources/deployments', format('AzureNetAppFiles_{0}', parameters('timestamp'))), '2022-09-01').outputs.fileShares.value, createArray('None'))]" + "value": "[if(equals(parameters('storageService'), 'AzureNetAppFiles'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupStorage')), 'Microsoft.Resources/deployments', format('deploy-anf-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.fileShares.value, createArray('None'))]" } } } }, "dependsOn": [ - "[subscriptionResourceId('Microsoft.Resources/deployments', format('ControlPlane_{0}', parameters('timestamp')))]", - "[subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp')))]", - "[subscriptionResourceId('Microsoft.Resources/deployments', format('Management_{0}', parameters('timestamp')))]", - "[subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp')))]", - "[subscriptionResourceId('Microsoft.Resources/deployments', format('Network_ControlPlane_{0}', parameters('timestamp')))]", - "[subscriptionResourceId('Microsoft.Resources/deployments', format('Network_Hosts_{0}', parameters('timestamp')))]", - "rgs" + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-control-plane-{0}', parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-management-{0}', parameters('deploymentNameSuffix')))]", + "rgs", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-session-hosts-{0}', parameters('deploymentNameSuffix')))]" ] }, { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('SessionHosts_{0}', parameters('timestamp'))]", + "name": "[format('deploy-session-hosts-{0}', parameters('deploymentNameSuffix'))]", "location": "[deployment().location]", "properties": { "expressionEvaluationOptions": { @@ -29795,7 +23822,7 @@ "mode": "Incremental", "parameters": { "acceleratedNetworking": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Management_{0}', parameters('timestamp'))), '2022-09-01').outputs.validateAcceleratedNetworking.value]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-management-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.validateAcceleratedNetworking.value]" }, "activeDirectorySolution": { "value": "[parameters('activeDirectorySolution')]" @@ -29804,28 +23831,25 @@ "value": "[variables('artifactsUri')]" }, "artifactsUserAssignedIdentityClientId": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Management_{0}', parameters('timestamp'))), '2022-09-01').outputs.artifactsUserAssignedIdentityClientId.value]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-management-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.artifactsUserAssignedIdentityClientId.value]" }, "artifactsUserAssignedIdentityResourceId": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Management_{0}', parameters('timestamp'))), '2022-09-01').outputs.artifactsUserAssignedIdentityResourceId.value]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-management-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.artifactsUserAssignedIdentityResourceId.value]" }, "automationAccountName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.automationAccountName]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-management-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.automationAccountName.value]" }, "availability": { "value": "[parameters('availability')]" }, - "availabilitySetNamePrefix": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.availabilitySetNamePrefix]" - }, "availabilitySetsCount": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp'))), '2022-09-01').outputs.availabilitySetsCount.value]" + "value": "[variables('availabilitySetsCount')]" }, "availabilitySetsIndex": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp'))), '2022-09-01').outputs.beginAvSetRange.value]" + "value": "[variables('beginAvSetRange')]" }, "availabilityZones": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Management_{0}', parameters('timestamp'))), '2022-09-01').outputs.validateAvailabilityZones.value]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-management-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.validateAvailabilityZones.value]" }, "avdAgentBootLoaderMsiName": { "value": "[parameters('avdAgentBootLoaderMsiName')]" @@ -29833,26 +23857,21 @@ "avdAgentMsiName": { "value": "[parameters('avdAgentMsiName')]" }, - "dataCollectionRuleAssociationName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.dataCollectionRuleAssociationName]" - }, "dataCollectionRuleResourceId": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Management_{0}', parameters('timestamp'))), '2022-09-01').outputs.dataCollectionRuleResourceId.value]" - }, - "deploymentUserAssignedIdentityClientId": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Management_{0}', parameters('timestamp'))), '2022-09-01').outputs.deploymentUserAssignedIdentityClientId.value]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-management-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.dataCollectionRuleResourceId.value]" }, - "diskEncryptionSetResourceId": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Management_{0}', parameters('timestamp'))), '2022-09-01').outputs.diskEncryptionSetResourceId.value]" + "deploymentNameSuffix": { + "value": "[parameters('deploymentNameSuffix')]" }, - "diskNamePrefix": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.diskNamePrefix]" + "deploymentUserAssignedIdentityClientId": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-management-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.deploymentUserAssignedIdentityClientId.value]" }, + "diskEncryptionSetResourceId": "[if(equals(length(variables('deploymentLocations')), 2), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-session-hosts-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.diskEncryptionSetResourceId.value), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.diskEncryptionSetResourceId.value))]", "diskSku": { "value": "[parameters('diskSku')]" }, "divisionRemainderValue": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp'))), '2022-09-01').outputs.divisionRemainderValue.value]" + "value": "[variables('divisionRemainderValue')]" }, "domainJoinPassword": { "value": "[parameters('domainJoinPassword')]" @@ -29872,20 +23891,20 @@ "enableScalingTool": { "value": "[parameters('scalingTool')]" }, - "fslogix": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp'))), '2022-09-01').outputs.fslogix.value]" + "deployFslogix": { + "value": "[variables('deployFslogix')]" }, "fslogixContainerType": { "value": "[parameters('fslogixContainerType')]" }, "hostPoolName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.hostPoolName]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.hostPoolName.value]" }, "hostPoolType": { "value": "[parameters('hostPoolType')]" }, "hybridRunbookWorkerGroupName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Management_{0}', parameters('timestamp'))), '2022-09-01').outputs.hybridRunbookWorkerGroupName.value]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-management-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.hybridRunbookWorkerGroupName.value]" }, "imageOffer": { "value": "[parameters('imageOffer')]" @@ -29896,51 +23915,49 @@ "imageSku": { "value": "[parameters('imageSku')]" }, - "imageDefinitionResourceId": { - "value": "[parameters('imageDefinitionResourceId')]" + "imageVersionResourceId": { + "value": "[parameters('imageVersionResourceId')]" }, "location": { "value": "[parameters('locationVirtualMachines')]" }, "logAnalyticsWorkspaceName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.logAnalyticsWorkspaceName]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-management-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.logAnalyticsWorkspaceName.value]" }, "managementVirtualMachineName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Management_{0}', parameters('timestamp'))), '2022-09-01').outputs.virtualMachineName.value]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-management-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.virtualMachineName.value]" }, "maxResourcesPerTemplateDeployment": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp'))), '2022-09-01').outputs.maxResourcesPerTemplateDeployment.value]" + "value": "[variables('maxResourcesPerTemplateDeployment')]" + }, + "mlzTags": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.mlzTags.value]" }, "monitoring": { "value": "[parameters('monitoring')]" }, - "netAppFileShares": "[if(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp'))), '2022-09-01').outputs.fslogix.value, createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('FSLogix_{0}', parameters('timestamp'))), '2022-09-01').outputs.netAppShares.value), createObject('value', createArray('None')))]", - "networkInterfaceNamePrefix": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.networkInterfaceNamePrefix]" - }, - "networkName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.networkName.value]" - }, + "namingConvention": "[if(equals(length(variables('deploymentLocations')), 2), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-session-hosts-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.namingConvention.value), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.namingConvention.value))]", + "netAppFileShares": "[if(variables('deployFslogix'), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-fslogix-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.netAppShares.value), createObject('value', createArray('None')))]", "organizationalUnitPath": { "value": "[parameters('organizationalUnitPath')]" }, "pooledHostPool": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp'))), '2022-09-01').outputs.pooledHostPool.value]" + "value": "[variables('pooledHostPool')]" }, "recoveryServicesVaultName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.recoveryServicesVaultName]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-management-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.recoveryServicesVaultName.value]" }, "resourceGroupControlPlane": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.resourceGroupControlPlane]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', variables('resourceGroupServices')[0], parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" }, "resourceGroupHosts": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.resourceGroupHosts]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', variables('resourceGroupServices')[2], parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" }, "resourceGroupManagement": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.resourceGroupManagement]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', variables('resourceGroupServices')[3], parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" }, "roleDefinitions": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp'))), '2022-09-01').outputs.roleDefinitions.value]" + "value": "[variables('roleDefinitions')]" }, "scalingBeginPeakTime": { "value": "[parameters('scalingBeginPeakTime')]" @@ -29960,21 +23977,16 @@ "securityPrincipalObjectIds": { "value": "[map(parameters('securityPrincipals'), lambda('item', lambdaVariables('item').objectId))]" }, - "securityLogAnalyticsWorkspaceResourceId": { - "value": "[parameters('securityLogAnalyticsWorkspaceResourceId')]" - }, - "serviceName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.serviceName.value]" + "serviceToken": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value.service]" }, "sessionHostBatchCount": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp'))), '2022-09-01').outputs.sessionHostBatchCount.value]" + "value": "[variables('sessionHostBatchCount')]" }, "sessionHostIndex": { "value": "[parameters('sessionHostIndex')]" }, - "storageAccountPrefix": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.storageAccountNamePrefix]" - }, + "storageAccountPrefix": "[if(equals(length(variables('deploymentLocations')), 2), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-session-hosts-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.subnetResourceId.value), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.subnetResourceId.value))]", "storageCount": { "value": "[parameters('storageCount')]" }, @@ -29982,30 +23994,21 @@ "value": "[parameters('storageIndex')]" }, "storageService": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp'))), '2022-09-01').outputs.storageService.value]" + "value": "[variables('storageService')]" }, "storageSuffix": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp'))), '2022-09-01').outputs.storageSuffix.value]" + "value": "[variables('storageSuffix')]" }, - "subnet": "[if(equals(length(variables('deploymentLocations')), 1), createObject('value', split(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Network_ControlPlane_{0}', parameters('timestamp'))), '2022-09-01').outputs.subnetResourceId.value, '/')[10]), createObject('value', split(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Network_Hosts_{0}', parameters('timestamp'))), '2022-09-01').outputs.subnetResourceId.value, '/')[10]))]", + "subnetResourceId": "[if(equals(length(variables('deploymentLocations')), 2), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-session-hosts-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.subnetResourceId.value), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.subnetResourceId.value))]", "tags": { "value": "[parameters('tags')]" }, - "timeDifference": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp'))), '2022-09-01').outputs.timeDifference.value]" - }, - "timestamp": { - "value": "[parameters('timestamp')]" - }, - "timeZone": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp'))), '2022-09-01').outputs.timeZone.value]" - }, + "timeDifference": "[if(equals(length(variables('deploymentLocations')), 2), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-session-hosts-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.locatonProperties.value.timeDifference), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.locatonProperties.value.timeDifference))]", + "timeZone": "[if(equals(length(variables('deploymentLocations')), 2), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-session-hosts-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.locatonProperties.value.timeZone), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.locatonProperties.value.timeZone))]", "virtualMachineMonitoringAgent": { "value": "[parameters('virtualMachineMonitoringAgent')]" }, - "virtualMachineNamePrefix": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.virtualMachineNamePrefix]" - }, + "virtualMachineNamePrefix": "[if(equals(length(variables('deploymentLocations')), 2), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-session-hosts-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.namingConvention.value.virtualMachine), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.namingConvention.value.virtualMachine))]", "virtualMachinePassword": { "value": "[parameters('virtualMachinePassword')]" }, @@ -30014,9 +24017,7 @@ }, "virtualMachineUsername": { "value": "[parameters('virtualMachineUsername')]" - }, - "virtualNetwork": "[if(equals(length(variables('deploymentLocations')), 1), createObject('value', split(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Network_ControlPlane_{0}', parameters('timestamp'))), '2022-09-01').outputs.subnetResourceId.value, '/')[8]), createObject('value', split(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Network_Hosts_{0}', parameters('timestamp'))), '2022-09-01').outputs.subnetResourceId.value, '/')[8]))]", - "virtualNetworkResourceGroup": "[if(equals(length(variables('deploymentLocations')), 1), createObject('value', split(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Network_ControlPlane_{0}', parameters('timestamp'))), '2022-09-01').outputs.subnetResourceId.value, '/')[4]), createObject('value', split(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Network_Hosts_{0}', parameters('timestamp'))), '2022-09-01').outputs.subnetResourceId.value, '/')[4]))]" + } }, "template": { "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", @@ -30024,8 +24025,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "4316863222626577412" + "version": "0.27.1.19265", + "templateHash": "3120789403055569139" } }, "parameters": { @@ -30050,9 +24051,6 @@ "availability": { "type": "string" }, - "availabilitySetNamePrefix": { - "type": "string" - }, "availabilitySetsCount": { "type": "int" }, @@ -30068,10 +24066,13 @@ "avdAgentMsiName": { "type": "string" }, - "dataCollectionRuleAssociationName": { + "dataCollectionRuleResourceId": { "type": "string" }, - "dataCollectionRuleResourceId": { + "deployFslogix": { + "type": "bool" + }, + "deploymentNameSuffix": { "type": "string" }, "deploymentUserAssignedIdentityClientId": { @@ -30080,9 +24081,6 @@ "diskEncryptionSetResourceId": { "type": "string" }, - "diskNamePrefix": { - "type": "string" - }, "diskSku": { "type": "string" }, @@ -30101,9 +24099,6 @@ "drainMode": { "type": "bool" }, - "fslogix": { - "type": "bool" - }, "fslogixContainerType": { "type": "string" }, @@ -30116,9 +24111,6 @@ "hybridRunbookWorkerGroupName": { "type": "string" }, - "imageDefinitionResourceId": { - "type": "string" - }, "imageOffer": { "type": "string" }, @@ -30128,6 +24120,9 @@ "imageSku": { "type": "string" }, + "imageVersionResourceId": { + "type": "string" + }, "location": { "type": "string" }, @@ -30140,18 +24135,18 @@ "maxResourcesPerTemplateDeployment": { "type": "int" }, + "mlzTags": { + "type": "object" + }, "monitoring": { "type": "bool" }, + "namingConvention": { + "type": "object" + }, "netAppFileShares": { "type": "array" }, - "networkInterfaceNamePrefix": { - "type": "string" - }, - "networkName": { - "type": "string" - }, "organizationalUnitPath": { "type": "string" }, @@ -30197,10 +24192,7 @@ "securityPrincipalObjectIds": { "type": "array" }, - "securityLogAnalyticsWorkspaceResourceId": { - "type": "string" - }, - "serviceName": { + "serviceToken": { "type": "string" }, "sessionHostBatchCount": { @@ -30224,7 +24216,7 @@ "storageSuffix": { "type": "string" }, - "subnet": { + "subnetResourceId": { "type": "string" }, "tags": { @@ -30233,9 +24225,6 @@ "timeDifference": { "type": "string" }, - "timestamp": { - "type": "string" - }, "timeZone": { "type": "string" }, @@ -30253,27 +24242,22 @@ }, "virtualMachineUsername": { "type": "string" - }, - "virtualNetwork": { - "type": "string" - }, - "virtualNetworkResourceGroup": { - "type": "string" } }, "variables": { - "tagsAutomationAccounts": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupManagement'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.Automation/automationAccounts'), parameters('tags')['Microsoft.Automation/automationAccounts'], createObject()))]", - "tagsAvailabilitySets": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupManagement'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.Compute/availabilitySets'), parameters('tags')['Microsoft.Compute/availabilitySets'], createObject()))]", - "tagsNetworkInterfaces": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupManagement'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.Network/networkInterfaces'), parameters('tags')['Microsoft.Network/networkInterfaces'], createObject()))]", - "tagsRecoveryServicesVault": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupManagement'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.recoveryServices/vaults'), parameters('tags')['Microsoft.recoveryServices/vaults'], createObject()))]", - "tagsVirtualMachines": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupManagement'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), parameters('tags')['Microsoft.Compute/virtualMachines'], createObject()))]" + "availabilitySetNamePrefix": "[parameters('namingConvention').availabilitySet]", + "tagsAutomationAccounts": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupManagement'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.Automation/automationAccounts'), parameters('tags')['Microsoft.Automation/automationAccounts'], createObject()), parameters('mlzTags'))]", + "tagsAvailabilitySets": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupManagement'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.Compute/availabilitySets'), parameters('tags')['Microsoft.Compute/availabilitySets'], createObject()), parameters('mlzTags'))]", + "tagsNetworkInterfaces": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupManagement'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.Network/networkInterfaces'), parameters('tags')['Microsoft.Network/networkInterfaces'], createObject()), parameters('mlzTags'))]", + "tagsRecoveryServicesVault": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupManagement'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.recoveryServices/vaults'), parameters('tags')['Microsoft.recoveryServices/vaults'], createObject()), parameters('mlzTags'))]", + "tagsVirtualMachines": "[union(createObject('cm-resource-parent', format('{0}}}/resourceGroups/{1}/providers/Microsoft.DesktopVirtualization/hostpools/{2}', subscription().id, parameters('resourceGroupManagement'), parameters('hostPoolName'))), if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), parameters('tags')['Microsoft.Compute/virtualMachines'], createObject()), parameters('mlzTags'))]" }, "resources": [ { "condition": "[and(parameters('pooledHostPool'), equals(parameters('availability'), 'availabilitySets'))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('availabilitySets_{0}', parameters('timestamp'))]", + "name": "[format('deploy-avail-{0}', parameters('deploymentNameSuffix'))]", "resourceGroup": "[parameters('resourceGroupHosts')]", "properties": { "expressionEvaluationOptions": { @@ -30282,7 +24266,7 @@ "mode": "Incremental", "parameters": { "availabilitySetNamePrefix": { - "value": "[parameters('availabilitySetNamePrefix')]" + "value": "[variables('availabilitySetNamePrefix')]" }, "availabilitySetsCount": { "value": "[parameters('availabilitySetsCount')]" @@ -30303,8 +24287,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "14355390265754909100" + "version": "0.27.1.19265", + "templateHash": "277818289187459275" } }, "parameters": { @@ -30355,7 +24339,7 @@ "condition": "[not(contains(parameters('activeDirectorySolution'), 'DomainServices'))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('RoleAssignments_{0}_{1}', range(0, length(parameters('securityPrincipalObjectIds')))[copyIndex()], parameters('timestamp'))]", + "name": "[format('deploy-role-assignments-{0}-{1}', range(0, length(parameters('securityPrincipalObjectIds')))[copyIndex()], parameters('deploymentNameSuffix'))]", "resourceGroup": "[parameters('resourceGroupHosts')]", "properties": { "expressionEvaluationOptions": { @@ -30363,13 +24347,13 @@ }, "mode": "Incremental", "parameters": { - "PrincipalId": { + "principalId": { "value": "[parameters('securityPrincipalObjectIds')[range(0, length(parameters('securityPrincipalObjectIds')))[copyIndex()]]]" }, - "PrincipalType": { + "principalType": { "value": "Group" }, - "RoleDefinitionId": { + "roleDefinitionId": { "value": "[parameters('roleDefinitions').VirtualMachineUserLogin]" } }, @@ -30379,18 +24363,18 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "12785629321959268271" + "version": "0.27.1.19265", + "templateHash": "936749082468094105" } }, "parameters": { - "PrincipalId": { + "principalId": { "type": "string" }, - "PrincipalType": { + "principalType": { "type": "string" }, - "RoleDefinitionId": { + "roleDefinitionId": { "type": "string" } }, @@ -30398,11 +24382,11 @@ { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "name": "[guid(parameters('PrincipalId'), parameters('RoleDefinitionId'), resourceGroup().id)]", + "name": "[guid(parameters('principalId'), parameters('roleDefinitionId'), resourceGroup().id)]", "properties": { - "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', parameters('RoleDefinitionId'))]", - "principalId": "[parameters('PrincipalId')]", - "principalType": "[parameters('PrincipalType')]" + "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', parameters('roleDefinitionId'))]", + "principalId": "[parameters('principalId')]", + "principalType": "[parameters('principalType')]" } } ] @@ -30418,7 +24402,7 @@ }, "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('VirtualMachines_{0}_{1}', sub(range(1, parameters('sessionHostBatchCount'))[copyIndex()], 1), parameters('timestamp'))]", + "name": "[format('deploy-vms-{0}-{1}', sub(range(1, parameters('sessionHostBatchCount'))[copyIndex()], 1), parameters('deploymentNameSuffix'))]", "resourceGroup": "[parameters('resourceGroupHosts')]", "properties": { "expressionEvaluationOptions": { @@ -30445,7 +24429,7 @@ "value": "[parameters('availability')]" }, "availabilitySetNamePrefix": { - "value": "[parameters('availabilitySetNamePrefix')]" + "value": "[variables('availabilitySetNamePrefix')]" }, "availabilityZones": { "value": "[parameters('availabilityZones')]" @@ -30460,11 +24444,17 @@ "value": "[range(1, parameters('sessionHostBatchCount'))[copyIndex()]]" }, "dataCollectionRuleAssociationName": { - "value": "[parameters('dataCollectionRuleAssociationName')]" + "value": "[parameters('namingConvention').dataCollectionRuleAssociation]" }, "dataCollectionRuleResourceId": { "value": "[parameters('dataCollectionRuleResourceId')]" }, + "deployFslogix": { + "value": "[parameters('deployFslogix')]" + }, + "deploymentNameSuffix": { + "value": "[parameters('deploymentNameSuffix')]" + }, "deploymentUserAssignedidentityClientId": { "value": "[parameters('deploymentUserAssignedIdentityClientId')]" }, @@ -30472,7 +24462,7 @@ "value": "[parameters('diskEncryptionSetResourceId')]" }, "diskNamePrefix": { - "value": "[parameters('diskNamePrefix')]" + "value": "[parameters('namingConvention').disk]" }, "diskSku": { "value": "[parameters('diskSku')]" @@ -30489,9 +24479,6 @@ "enableDrainMode": { "value": "[parameters('drainMode')]" }, - "fslogix": { - "value": "[parameters('fslogix')]" - }, "fslogixContainerType": { "value": "[parameters('fslogixContainerType')]" }, @@ -30501,8 +24488,8 @@ "hostPoolType": { "value": "[parameters('hostPoolType')]" }, - "imageDefinitionResourceId": { - "value": "[parameters('imageDefinitionResourceId')]" + "imageVersionResourceId": { + "value": "[parameters('imageVersionResourceId')]" }, "imageOffer": { "value": "[parameters('imageOffer')]" @@ -30529,10 +24516,7 @@ "value": "[parameters('netAppFileShares')]" }, "networkInterfaceNamePrefix": { - "value": "[parameters('networkInterfaceNamePrefix')]" - }, - "networkName": { - "value": "[parameters('networkName')]" + "value": "[parameters('namingConvention').networkInterface]" }, "organizationalUnitPath": { "value": "[parameters('organizationalUnitPath')]" @@ -30543,11 +24527,8 @@ "resourceGroupManagement": { "value": "[parameters('resourceGroupManagement')]" }, - "securityLogAnalyticsWorkspaceResourceId": { - "value": "[parameters('securityLogAnalyticsWorkspaceResourceId')]" - }, - "serviceName": { - "value": "[parameters('serviceName')]" + "serviceToken": { + "value": "[parameters('serviceToken')]" }, "sessionHostCount": "[if(and(equals(range(1, parameters('sessionHostBatchCount'))[copyIndex()], parameters('sessionHostBatchCount')), greater(parameters('divisionRemainderValue'), 0)), createObject('value', parameters('divisionRemainderValue')), createObject('value', parameters('maxResourcesPerTemplateDeployment')))]", "sessionHostIndex": "[if(equals(range(1, parameters('sessionHostBatchCount'))[copyIndex()], 1), createObject('value', parameters('sessionHostIndex')), createObject('value', add(mul(sub(range(1, parameters('sessionHostBatchCount'))[copyIndex()], 1), parameters('maxResourcesPerTemplateDeployment')), parameters('sessionHostIndex'))))]", @@ -30566,8 +24547,8 @@ "storageSuffix": { "value": "[parameters('storageSuffix')]" }, - "subnet": { - "value": "[parameters('subnet')]" + "subnetResourceId": { + "value": "[parameters('subnetResourceId')]" }, "tagsNetworkInterfaces": { "value": "[variables('tagsNetworkInterfaces')]" @@ -30575,9 +24556,6 @@ "tagsVirtualMachines": { "value": "[variables('tagsVirtualMachines')]" }, - "timestamp": { - "value": "[parameters('timestamp')]" - }, "virtualMachineMonitoringAgent": { "value": "[parameters('virtualMachineMonitoringAgent')]" }, @@ -30592,12 +24570,6 @@ }, "virtualMachineUsername": { "value": "[parameters('virtualMachineUsername')]" - }, - "virtualNetwork": { - "value": "[parameters('virtualNetwork')]" - }, - "virtualNetworkResourceGroup": { - "value": "[parameters('virtualNetworkResourceGroup')]" } }, "template": { @@ -30606,8 +24578,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "5242830718173570915" + "version": "0.27.1.19265", + "templateHash": "14284858800802598137" } }, "parameters": { @@ -30650,6 +24622,12 @@ "dataCollectionRuleResourceId": { "type": "string" }, + "deployFslogix": { + "type": "bool" + }, + "deploymentNameSuffix": { + "type": "string" + }, "deploymentUserAssignedidentityClientId": { "type": "string" }, @@ -30674,9 +24652,6 @@ "enableDrainMode": { "type": "bool" }, - "fslogix": { - "type": "bool" - }, "fslogixContainerType": { "type": "string" }, @@ -30686,9 +24661,6 @@ "hostPoolType": { "type": "string" }, - "imageDefinitionResourceId": { - "type": "string" - }, "imageOffer": { "type": "string" }, @@ -30698,6 +24670,9 @@ "imageSku": { "type": "string" }, + "imageVersionResourceId": { + "type": "string" + }, "location": { "type": "string" }, @@ -30716,9 +24691,6 @@ "networkInterfaceNamePrefix": { "type": "string" }, - "networkName": { - "type": "string" - }, "organizationalUnitPath": { "type": "string" }, @@ -30728,10 +24700,7 @@ "resourceGroupManagement": { "type": "string" }, - "securityLogAnalyticsWorkspaceResourceId": { - "type": "string" - }, - "serviceName": { + "serviceToken": { "type": "string" }, "sessionHostCount": { @@ -30755,7 +24724,7 @@ "storageSuffix": { "type": "string" }, - "subnet": { + "subnetResourceId": { "type": "string" }, "tagsNetworkInterfaces": { @@ -30765,7 +24734,8 @@ "type": "object" }, "timestamp": { - "type": "string" + "type": "string", + "defaultValue": "[utcNow('yyyyMMddhhmmss')]" }, "virtualMachineMonitoringAgent": { "type": "string" @@ -30781,12 +24751,6 @@ }, "virtualMachineUsername": { "type": "string" - }, - "virtualNetwork": { - "type": "string" - }, - "virtualNetworkResourceGroup": { - "type": "string" } }, "variables": { @@ -30803,7 +24767,7 @@ "fslogixExclusionsProfileContainers": "[format(';\"{0}\";\"{1}.lock\";\"{2}.meta\";\"{3}.metadata\"', variables('fslogixProfileShare'), variables('fslogixProfileShare'), variables('fslogixProfileShare'), variables('fslogixProfileShare'))]", "fslogixOfficeShare": "[format('\\\\{0}??.file.{1}\\office-containers\\*\\*.VHDX', parameters('storageAccountPrefix'), parameters('storageSuffix'))]", "fslogixProfileShare": "[format('\\\\{0}??.file.{1}\\profile-containers\\*\\*.VHDX', parameters('storageAccountPrefix'), parameters('storageSuffix'))]", - "imageReference": "[if(empty(parameters('imageDefinitionResourceId')), createObject('publisher', parameters('imagePublisher'), 'offer', parameters('imageOffer'), 'sku', parameters('imageSku'), 'version', 'latest'), createObject('id', parameters('imageDefinitionResourceId')))]", + "imageReference": "[if(empty(parameters('imageVersionResourceId')), createObject('publisher', parameters('imagePublisher'), 'offer', parameters('imageOffer'), 'sku', parameters('imageSku'), 'version', 'latest'), createObject('id', parameters('imageVersionResourceId')))]", "intune": "[contains(parameters('activeDirectorySolution'), 'intuneEnrollment')]", "nvidiaVmSize": "[contains(variables('nvidiaVmSizes'), parameters('virtualMachineSize'))]", "nvidiaVmSizes": [ @@ -30825,11 +24789,7 @@ "Standard_NV72ads_A10_v5" ], "pooledHostPool": "[equals(split(parameters('hostPoolType'), ' ')[0], 'Pooled')]", - "securitylogAnalyticsWorkspaceName": "[if(variables('securityMonitoring'), split(parameters('securityLogAnalyticsWorkspaceResourceId'), '/')[8], '')]", - "securityLogAnalyticsWorkspaceResourceGroupName": "[if(variables('securityMonitoring'), split(parameters('securityLogAnalyticsWorkspaceResourceId'), '/')[4], resourceGroup().name)]", - "securityLogAnalyticsWorkspaceSubscriptionId": "[if(variables('securityMonitoring'), split(parameters('securityLogAnalyticsWorkspaceResourceId'), '/')[2], subscription().subscriptionId)]", - "securityMonitoring": "[if(empty(parameters('securityLogAnalyticsWorkspaceResourceId')), false(), true())]", - "sessionHostNamePrefix": "[replace(parameters('virtualMachineNamePrefix'), format('{0}{1}', parameters('serviceName'), parameters('networkName')), '')]" + "sessionHostNamePrefix": "[replace(parameters('virtualMachineNamePrefix'), parameters('serviceToken'), '')]" }, "resources": [ { @@ -30839,7 +24799,7 @@ }, "type": "Microsoft.Network/networkInterfaces", "apiVersion": "2020-05-01", - "name": "[format('{0}-{1}', replace(parameters('networkInterfaceNamePrefix'), format('-{0}', parameters('serviceName')), ''), padLeft(add(range(0, parameters('sessionHostCount'))[copyIndex()], parameters('sessionHostIndex')), 4, '0'))]", + "name": "[format('{0}-{1}', replace(parameters('networkInterfaceNamePrefix'), format('-{0}', parameters('serviceToken')), ''), padLeft(add(range(0, parameters('sessionHostCount'))[copyIndex()], parameters('sessionHostIndex')), 4, '0'))]", "location": "[parameters('location')]", "tags": "[parameters('tagsNetworkInterfaces')]", "properties": { @@ -30849,7 +24809,7 @@ "properties": { "privateIPAllocationMethod": "Dynamic", "subnet": { - "id": "[resourceId(subscription().subscriptionId, parameters('virtualNetworkResourceGroup'), 'Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetwork'), parameters('subnet'))]" + "id": "[parameters('subnetResourceId')]" }, "primary": true, "privateIPAddressVersion": "IPv4" @@ -30885,7 +24845,7 @@ "storageProfile": { "imageReference": "[variables('imageReference')]", "osDisk": { - "name": "[format('{0}-{1}', replace(parameters('diskNamePrefix'), format('-{0}', parameters('serviceName')), ''), padLeft(add(range(0, parameters('sessionHostCount'))[copyIndex()], parameters('sessionHostIndex')), 4, '0'))]", + "name": "[format('{0}-{1}', replace(parameters('diskNamePrefix'), format('-{0}', parameters('serviceToken')), ''), padLeft(add(range(0, parameters('sessionHostCount'))[copyIndex()], parameters('sessionHostIndex')), 4, '0'))]", "osType": "Windows", "createOption": "FromImage", "caching": "ReadWrite", @@ -30913,7 +24873,7 @@ "networkProfile": { "networkInterfaces": [ { - "id": "[resourceId('Microsoft.Network/networkInterfaces', format('{0}-{1}', replace(parameters('networkInterfaceNamePrefix'), format('-{0}', parameters('serviceName')), ''), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')))]", + "id": "[resourceId('Microsoft.Network/networkInterfaces', format('{0}-{1}', replace(parameters('networkInterfaceNamePrefix'), format('-{0}', parameters('serviceToken')), ''), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')))]", "properties": { "deleteOption": "Delete" } @@ -30964,7 +24924,7 @@ "time": "120", "scanType": "Quick" }, - "Exclusions": "[if(parameters('fslogix'), createObject('Paths', variables('fslogixExclusions')), createObject())]" + "Exclusions": "[if(parameters('deployFslogix'), createObject('Paths', variables('fslogixExclusions')), createObject())]" } }, "dependsOn": [ @@ -31097,7 +25057,7 @@ "timestamp": "[parameters('timestamp')]" }, "protectedSettings": { - "commandToExecute": "[format('powershell -ExecutionPolicy Unrestricted -File Set-SessionHostConfiguration.ps1 -activeDirectorySolution {0} -amdVmSize {1} -avdAgentBootLoaderMsiName \"{2}\" -avdAgentMsiName \"{3}\" -Environment {4} -fslogix {5} -fslogixContainerType {6} -hostPoolName {7} -HostPoolRegistrationToken \"{8}\" -imageOffer {9} -imagePublisher {10} -netAppFileShares {11} -nvidiaVmSize {12} -pooledHostPool {13} -securityMonitoring {14} -SecurityWorkspaceId {15} -securityWorkspaceKey \"{16}\" -storageAccountPrefix {17} -storageCount {18} -storageIndex {19} -storageService {20} -storageSuffix {21}', parameters('activeDirectorySolution'), variables('amdVmSize'), parameters('avdAgentBootLoaderMsiName'), parameters('avdAgentMsiName'), environment().name, parameters('fslogix'), parameters('fslogixContainerType'), parameters('hostPoolName'), reference(resourceId(parameters('resourceGroupControlPlane'), 'Microsoft.DesktopVirtualization/hostpools', parameters('hostPoolName')), '2019-12-10-preview').registrationInfo.token, parameters('imageOffer'), parameters('imagePublisher'), parameters('netAppFileShares'), variables('nvidiaVmSize'), variables('pooledHostPool'), variables('securityMonitoring'), if(variables('securityMonitoring'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('securityLogAnalyticsWorkspaceSubscriptionId'), variables('securityLogAnalyticsWorkspaceResourceGroupName')), 'Microsoft.OperationalInsights/workspaces', variables('securitylogAnalyticsWorkspaceName')), '2021-06-01').customerId, 'NotApplicable'), if(variables('securityMonitoring'), listKeys(parameters('securityLogAnalyticsWorkspaceResourceId'), '2021-06-01').primarySharedKey, 'NotApplicable'), parameters('storageAccountPrefix'), parameters('storageCount'), parameters('storageIndex'), parameters('storageService'), parameters('storageSuffix'))]", + "commandToExecute": "[format('powershell -ExecutionPolicy Unrestricted -File Set-SessionHostConfiguration.ps1 -activeDirectorySolution {0} -amdVmSize {1} -avdAgentBootLoaderMsiName \"{2}\" -avdAgentMsiName \"{3}\" -Environment {4} -fslogix {5} -fslogixContainerType {6} -hostPoolName {7} -HostPoolRegistrationToken \"{8}\" -imageOffer {9} -imagePublisher {10} -netAppFileShares {11} -nvidiaVmSize {12} -pooledHostPool {13} -storageAccountPrefix {14} -storageCount {15} -storageIndex {16} -storageService {17} -storageSuffix {18}', parameters('activeDirectorySolution'), variables('amdVmSize'), parameters('avdAgentBootLoaderMsiName'), parameters('avdAgentMsiName'), environment().name, parameters('deployFslogix'), parameters('fslogixContainerType'), parameters('hostPoolName'), reference(resourceId(parameters('resourceGroupControlPlane'), 'Microsoft.DesktopVirtualization/hostpools', parameters('hostPoolName')), '2019-12-10-preview').registrationInfo.token, parameters('imageOffer'), parameters('imagePublisher'), parameters('netAppFileShares'), variables('nvidiaVmSize'), variables('pooledHostPool'), parameters('storageAccountPrefix'), parameters('storageCount'), parameters('storageIndex'), parameters('storageService'), parameters('storageSuffix'))]", "managedidentity": { "clientId": "[parameters('artifactsUserAssignedIdentityClientId')]" } @@ -31138,7 +25098,7 @@ } }, "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('CSE_DrainMode_{0}_{1}', parameters('batchCount'), parameters('timestamp')))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-drain-mode-{0}-{1}', parameters('batchCount'), parameters('deploymentNameSuffix')))]", "[resourceId('Microsoft.Compute/virtualMachines', format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')))]" ] }, @@ -31161,7 +25121,7 @@ "settings": "[if(variables('intune'), createObject('mdmId', '0000000a-0000-0000-c000-000000000000'), null())]" }, "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('CSE_DrainMode_{0}_{1}', parameters('batchCount'), parameters('timestamp')))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-drain-mode-{0}-{1}', parameters('batchCount'), parameters('deploymentNameSuffix')))]", "[resourceId('Microsoft.Compute/virtualMachines', format('{0}{1}', variables('sessionHostNamePrefix'), padLeft(add(range(0, parameters('sessionHostCount'))[range(0, parameters('sessionHostCount'))[copyIndex()]], parameters('sessionHostIndex')), 4, '0')))]" ] }, @@ -31217,7 +25177,7 @@ "condition": "[parameters('enableDrainMode')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('CSE_DrainMode_{0}_{1}', parameters('batchCount'), parameters('timestamp'))]", + "name": "[format('deploy-drain-mode-{0}-{1}', parameters('batchCount'), parameters('deploymentNameSuffix'))]", "resourceGroup": "[parameters('resourceGroupManagement')]", "properties": { "expressionEvaluationOptions": { @@ -31255,8 +25215,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "5322300289308830902" + "version": "0.27.1.19265", + "templateHash": "13331181864693511452" } }, "parameters": { @@ -31327,14 +25287,14 @@ } }, "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupHosts')), 'Microsoft.Resources/deployments', format('availabilitySets_{0}', parameters('timestamp')))]" + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupHosts')), 'Microsoft.Resources/deployments', format('deploy-avail-{0}', parameters('deploymentNameSuffix')))]" ] }, { "condition": "[and(parameters('enableRecoveryServices'), contains(parameters('hostPoolType'), 'Personal'))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('RecoveryServices_VirtualMachines_{0}', parameters('timestamp'))]", + "name": "[format('deploy-recovery-services-{0}', parameters('deploymentNameSuffix'))]", "resourceGroup": "[parameters('resourceGroupManagement')]", "properties": { "expressionEvaluationOptions": { @@ -31342,12 +25302,15 @@ }, "mode": "Incremental", "parameters": { + "deployFslogix": { + "value": "[parameters('deployFslogix')]" + }, + "deploymentNameSuffix": { + "value": "[parameters('deploymentNameSuffix')]" + }, "divisionRemainderValue": { "value": "[parameters('divisionRemainderValue')]" }, - "fslogix": { - "value": "[parameters('fslogix')]" - }, "location": { "value": "[parameters('location')]" }, @@ -31372,9 +25335,6 @@ "tagsRecoveryServicesVault": { "value": "[variables('tagsRecoveryServicesVault')]" }, - "timestamp": { - "value": "[parameters('timestamp')]" - }, "virtualMachineNamePrefix": { "value": "[parameters('virtualMachineNamePrefix')]" } @@ -31385,17 +25345,20 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "9869456736552463179" + "version": "0.27.1.19265", + "templateHash": "17443009019263676585" } }, "parameters": { + "deployFslogix": { + "type": "bool" + }, + "deploymentNameSuffix": { + "type": "string" + }, "divisionRemainderValue": { "type": "int" }, - "fslogix": { - "type": "bool" - }, "location": { "type": "string" }, @@ -31420,9 +25383,6 @@ "tagsRecoveryServicesVault": { "type": "object" }, - "timestamp": { - "type": "string" - }, "virtualMachineNamePrefix": { "type": "string" } @@ -31433,10 +25393,10 @@ "name": "protectedItems_Vm", "count": "[length(range(1, parameters('sessionHostBatchCount')))]" }, - "condition": "[not(parameters('fslogix'))]", + "condition": "[not(parameters('deployFslogix'))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('BackupProtectedItems_VirtualMachines_{0}_{1}', sub(range(1, parameters('sessionHostBatchCount'))[copyIndex()], 1), parameters('timestamp'))]", + "name": "[format('deploy-backup-protected-items-{0}-{1}', sub(range(1, parameters('sessionHostBatchCount'))[copyIndex()], 1), parameters('deploymentNameSuffix'))]", "resourceGroup": "[parameters('resourceGroupManagement')]", "properties": { "expressionEvaluationOptions": { @@ -31471,8 +25431,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "3292317499387210660" + "version": "0.27.1.19265", + "templateHash": "9717044683271821230" } }, "parameters": { @@ -31537,7 +25497,7 @@ "condition": "[and(parameters('enableScalingTool'), parameters('pooledHostPool'))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('ScalingTool_{0}', parameters('timestamp'))]", + "name": "[format('deploy-scaling-tool-{0}', parameters('deploymentNameSuffix'))]", "resourceGroup": "[parameters('resourceGroupManagement')]", "properties": { "expressionEvaluationOptions": { @@ -31554,6 +25514,9 @@ "beginPeakTime": { "value": "[parameters('scalingBeginPeakTime')]" }, + "deploymentNameSuffix": { + "value": "[parameters('deploymentNameSuffix')]" + }, "endPeakTime": { "value": "[parameters('scalingEndPeakTime')]" }, @@ -31593,9 +25556,6 @@ "timeDifference": { "value": "[parameters('timeDifference')]" }, - "timestamp": { - "value": "[parameters('timestamp')]" - }, "timeZone": { "value": "[parameters('timeZone')]" }, @@ -31609,8 +25569,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "18165978877365317351" + "version": "0.27.1.19265", + "templateHash": "9484865698561891496" } }, "parameters": { @@ -31623,6 +25583,9 @@ "beginPeakTime": { "type": "string" }, + "deploymentNameSuffix": { + "type": "string" + }, "endPeakTime": { "type": "string" }, @@ -31659,14 +25622,11 @@ "tags": { "type": "object" }, - "timeDifference": { - "type": "string" - }, "time": { "type": "string", "defaultValue": "[utcNow('u')]" }, - "timestamp": { + "timeDifference": { "type": "string" }, "timeZone": { @@ -31737,14 +25697,14 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Resources/deployments', format('Runbook_{0}', parameters('timestamp')))]", + "[resourceId('Microsoft.Resources/deployments', format('deploy-runboook-{0}', parameters('deploymentNameSuffix')))]", "[resourceId('Microsoft.Automation/automationAccounts/schedules', parameters('automationAccountName'), format('{0}_{1}min', parameters('hostPoolName'), mul(add(range(0, 4)[range(0, 4)[copyIndex()]], 1), 15)))]" ] }, { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('Runbook_{0}', parameters('timestamp'))]", + "name": "[format('deploy-runboook-{0}', parameters('deploymentNameSuffix'))]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -31766,7 +25726,9 @@ "scriptFileName": { "value": "[variables('scriptFileName')]" }, - "tags": "[if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), createObject('value', parameters('tags')['Microsoft.Compute/virtualMachines']), createObject('value', createObject()))]", + "tags": { + "value": "[parameters('tags')]" + }, "userAssignedIdentityClientId": { "value": "[parameters('userAssignedIdentityClientId')]" }, @@ -31780,8 +25742,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "5322300289308830902" + "version": "0.27.1.19265", + "templateHash": "13331181864693511452" } }, "parameters": { @@ -31852,7 +25814,7 @@ }, "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('RoleAssignment_{0}_{1}', range(0, length(variables('roleAssignments')))[copyIndex()], variables('roleAssignments')[range(0, length(variables('roleAssignments')))[copyIndex()]])]", + "name": "[format('deploy-role-assignment-{0}-{1}', range(0, length(variables('roleAssignments')))[copyIndex()], parameters('deploymentNameSuffix'))]", "resourceGroup": "[variables('roleAssignments')[range(0, length(variables('roleAssignments')))[copyIndex()]]]", "properties": { "expressionEvaluationOptions": { @@ -31860,13 +25822,13 @@ }, "mode": "Incremental", "parameters": { - "PrincipalId": { + "principalId": { "value": "[reference(resourceId('Microsoft.Automation/automationAccounts', parameters('automationAccountName')), '2022-08-08', 'full').identity.principalId]" }, - "PrincipalType": { + "principalType": { "value": "ServicePrincipal" }, - "RoleDefinitionId": { + "roleDefinitionId": { "value": "40c5ff49-9181-41f8-ae61-143b0e78555e" } }, @@ -31876,18 +25838,18 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "12785629321959268271" + "version": "0.27.1.19265", + "templateHash": "936749082468094105" } }, "parameters": { - "PrincipalId": { + "principalId": { "type": "string" }, - "PrincipalType": { + "principalType": { "type": "string" }, - "RoleDefinitionId": { + "roleDefinitionId": { "type": "string" } }, @@ -31895,11 +25857,11 @@ { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "name": "[guid(parameters('PrincipalId'), parameters('RoleDefinitionId'), resourceGroup().id)]", + "name": "[guid(parameters('principalId'), parameters('roleDefinitionId'), resourceGroup().id)]", "properties": { - "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', parameters('RoleDefinitionId'))]", - "principalId": "[parameters('PrincipalId')]", - "principalType": "[parameters('PrincipalType')]" + "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', parameters('roleDefinitionId'))]", + "principalId": "[parameters('principalId')]", + "principalType": "[parameters('principalType')]" } } ] @@ -31910,26 +25872,25 @@ } }, "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('RecoveryServices_VirtualMachines_{0}', parameters('timestamp')))]" + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupManagement')), 'Microsoft.Resources/deployments', format('deploy-recovery-services-{0}', parameters('deploymentNameSuffix')))]" ] } ] } }, "dependsOn": [ - "[subscriptionResourceId('Microsoft.Resources/deployments', format('FSLogix_{0}', parameters('timestamp')))]", - "[subscriptionResourceId('Microsoft.Resources/deployments', format('Logic_{0}', parameters('timestamp')))]", - "[subscriptionResourceId('Microsoft.Resources/deployments', format('Management_{0}', parameters('timestamp')))]", - "[subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp')))]", - "[subscriptionResourceId('Microsoft.Resources/deployments', format('Network_ControlPlane_{0}', parameters('timestamp')))]", - "[subscriptionResourceId('Microsoft.Resources/deployments', format('Network_Hosts_{0}', parameters('timestamp')))]", - "rgs" + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-control-plane-{0}', parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-fslogix-{0}', parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-management-{0}', parameters('deploymentNameSuffix')))]", + "rgs", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-control-plane-{0}', parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-session-hosts-{0}', parameters('deploymentNameSuffix')))]" ] }, { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('CleanUp_{0}', parameters('timestamp'))]", + "name": "[format('deploy-clean-up-{0}', parameters('deploymentNameSuffix'))]", "location": "[deployment().location]", "properties": { "expressionEvaluationOptions": { @@ -31937,6 +25898,9 @@ }, "mode": "Incremental", "parameters": { + "deploymentNameSuffix": { + "value": "[parameters('deploymentNameSuffix')]" + }, "fslogixStorageService": { "value": "[parameters('fslogixStorageService')]" }, @@ -31944,19 +25908,16 @@ "value": "[parameters('locationVirtualMachines')]" }, "resourceGroupManagement": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp'))), '2022-09-01').outputs.resources.value.resourceGroupManagement]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', variables('resourceGroupServices')[3], parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" }, "scalingTool": { "value": "[parameters('scalingTool')]" }, - "timestamp": { - "value": "[parameters('timestamp')]" - }, "userAssignedIdentityClientId": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Management_{0}', parameters('timestamp'))), '2022-09-01').outputs.deploymentUserAssignedIdentityClientId.value]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-management-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.deploymentUserAssignedIdentityClientId.value]" }, "virtualMachineName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Management_{0}', parameters('timestamp'))), '2022-09-01').outputs.virtualMachineName.value]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-management-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.virtualMachineName.value]" } }, "template": { @@ -31965,11 +25926,14 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "14408164812996156104" + "version": "0.27.1.19265", + "templateHash": "6871302194535997879" } }, "parameters": { + "deploymentNameSuffix": { + "type": "string" + }, "fslogixStorageService": { "type": "string" }, @@ -31982,9 +25946,6 @@ "scalingTool": { "type": "bool" }, - "timestamp": { - "type": "string" - }, "userAssignedIdentityClientId": { "type": "string" }, @@ -31997,7 +25958,7 @@ "condition": "[and(not(parameters('scalingTool')), not(equals(parameters('fslogixStorageService'), 'AzureFiles Premium')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('RemoveManagementVirtualMachine_{0}', parameters('timestamp'))]", + "name": "[format('remove-mgmt-vm-{0}', parameters('deploymentNameSuffix'))]", "resourceGroup": "[parameters('resourceGroupManagement')]", "properties": { "expressionEvaluationOptions": { @@ -32021,8 +25982,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "12785568757146296480" + "version": "0.27.1.19265", + "templateHash": "1172456808080141121" } }, "parameters": { @@ -32084,18 +26045,16 @@ } }, "dependsOn": [ - "[subscriptionResourceId('Microsoft.Resources/deployments', format('FSLogix_{0}', parameters('timestamp')))]", - "[subscriptionResourceId('Microsoft.Resources/deployments', format('Management_{0}', parameters('timestamp')))]", - "[subscriptionResourceId('Microsoft.Resources/deployments', format('Names_{0}', parameters('timestamp')))]", - "[subscriptionResourceId('Microsoft.Resources/deployments', format('SessionHosts_{0}', parameters('timestamp')))]" + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-fslogix-{0}', parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-management-{0}', parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', variables('resourceGroupServices')[3], parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-session-hosts-{0}', parameters('deploymentNameSuffix')))]" ] } ] } }, "dependsOn": [ - "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-entra-domain-services-{0}', parameters('deploymentNameSuffix')))]", - "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-image-{0}', parameters('deploymentNameSuffix')))]", "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-mission-landing-zone-{0}', parameters('deploymentNameSuffix')))]" ] }, @@ -32237,8 +26196,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "1813883205934201037" + "version": "0.27.1.19265", + "templateHash": "11256897945817159924" } }, "parameters": { @@ -32256,7 +26215,7 @@ }, "applicationGatewaySubnetAddressPrefix": { "type": "string", - "defaultValue": "10.0.135.0/24", + "defaultValue": "10.0.136.0/24", "metadata": { "description": "The address prefix for the subnet of the application gateway." } @@ -32359,7 +26318,7 @@ }, "defaultSubnetAddressPrefix": { "type": "string", - "defaultValue": "10.0.136.0/24", + "defaultValue": "10.0.137.0/24", "metadata": { "description": "The address prefix for the subnet containing the ESRI Enterpise servers." } @@ -32786,7 +26745,7 @@ }, "virtualNetworkAddressPrefix": { "type": "string", - "defaultValue": "10.0.135.0/23", + "defaultValue": "10.0.136.0/23", "metadata": { "description": "The virtual network address prefix" } @@ -32941,8 +26900,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "13758339223885887518" + "version": "0.27.1.19265", + "templateHash": "15651868626478950860" } }, "parameters": { @@ -33065,8 +27024,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "2623986189587500516" + "version": "0.27.1.19265", + "templateHash": "15999380824695207569" } }, "parameters": { @@ -33232,8 +27191,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "3556296216752459961" + "version": "0.27.1.19265", + "templateHash": "17016669538410088882" } }, "parameters": { @@ -33389,8 +27348,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "3208799972746950006" + "version": "0.27.1.19265", + "templateHash": "11489505570850706214" } }, "parameters": { @@ -33523,8 +27482,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "15109711853711429239" + "version": "0.27.1.19265", + "templateHash": "9248760033135953433" } }, "parameters": { @@ -33592,8 +27551,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "13987612441032900755" + "version": "0.27.1.19265", + "templateHash": "2072756264947187478" } }, "parameters": { @@ -33638,8 +27597,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "10509951780144584720" + "version": "0.27.1.19265", + "templateHash": "4217213734063758013" } }, "parameters": { @@ -33705,8 +27664,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "5664108101366069473" + "version": "0.27.1.19265", + "templateHash": "17916706422341483204" } }, "parameters": { @@ -33735,11 +27694,14 @@ }, "mode": "Incremental", "parameters": { - "name": { - "value": "[format('{0}/to-{1}', parameters('hubVirtualNetworkName'), parameters('spokeVirtualNetworkName'))]" - }, "remoteVirtualNetworkResourceId": { "value": "[parameters('spokeVirtualNetworkResourceId')]" + }, + "virtualNetworkName": { + "value": "[parameters('hubVirtualNetworkName')]" + }, + "virtualNetworkPeerName": { + "value": "[format('to-{0}', parameters('spokeVirtualNetworkName'))]" } }, "template": { @@ -33748,15 +27710,18 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "10509951780144584720" + "version": "0.27.1.19265", + "templateHash": "4225396596043462595" } }, "parameters": { - "name": { + "remoteVirtualNetworkResourceId": { "type": "string" }, - "remoteVirtualNetworkResourceId": { + "virtualNetworkName": { + "type": "string" + }, + "virtualNetworkPeerName": { "type": "string" } }, @@ -33764,7 +27729,7 @@ { "type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings", "apiVersion": "2021-02-01", - "name": "[parameters('name')]", + "name": "[format('{0}/{1}', parameters('virtualNetworkName'), parameters('virtualNetworkPeerName'))]", "properties": { "allowForwardedTraffic": true, "remoteVirtualNetwork": { @@ -33811,8 +27776,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "2376507858724004427" + "version": "0.27.1.19265", + "templateHash": "4615387508967890473" } }, "parameters": { @@ -33861,14 +27826,77 @@ }, "variables": { "autoProvisioning": "[if(parameters('enableAutoProvisioning'), 'On', 'Off')]", - "defenderPaidPlansSpecialHandlingAzurePublicList": [ - "Api" - ], "defenderPaidPlanConfig": { "AzureCloud": { "Api": { "subPlan": "P1" - } + }, + "appServices": {}, + "KeyVaults": { + "subPlan": "PerKeyVault" + }, + "Arm": { + "subPlan": "PerSubscription" + }, + "CloudPosture": { + "extensions": [ + { + "name": "SensitiveDataDiscovery", + "isEnabled": "True" + }, + { + "name": "ContainerRegistriesVulnerabilityAssessments", + "isEnabled": "True" + }, + { + "name": "AgentlessDiscoveryForKubernetes", + "isEnabled": "True" + }, + { + "name": "AgentlessVmScanning", + "isEnabled": "True" + }, + { + "name": "EntraPermissionsManagement", + "isEnabled": "True" + } + ] + }, + "Containers": { + "extensions": [ + { + "name": "ContainerRegistriesVulnerabilityAssessments", + "isEnabled": "True" + }, + { + "name": "AgentlessDiscoveryForKubernetes", + "isEnabled": "True" + } + ] + }, + "CosmosDbs": {}, + "StorageAccounts": { + "subPlan": "DefenderForStorageV2", + "extensions": [ + { + "name": "OnUploadMalwareScanning", + "isEnabled": "True", + "additionalExtensionProperties": { + "CapGBPerMonthPerStorageAccount": "5000" + } + }, + { + "name": "SensitiveDataDiscovery", + "isEnabled": "True" + } + ] + }, + "VirtualMachines": { + "subPlan": "P1" + }, + "SqlServerVirtualMachines": {}, + "SqlServers": {}, + "OpenSourceRelationalDatabases": {} } } }, @@ -33880,7 +27908,7 @@ "mode": "serial", "batchSize": 1 }, - "condition": "[and(not(empty(parameters('defenderPlans'))), equals(parameters('defenderSkuTier'), 'Free'))]", + "condition": "[equals(parameters('defenderSkuTier'), 'Free')]", "type": "Microsoft.Security/pricings", "apiVersion": "2023-01-01", "name": "[parameters('defenderPlans')[copyIndex()]]", @@ -33895,7 +27923,7 @@ "mode": "serial", "batchSize": 1 }, - "condition": "[and(and(not(empty(parameters('defenderPlans'))), equals(parameters('defenderSkuTier'), 'Standard')), not(contains(variables('defenderPaidPlansSpecialHandlingAzurePublicList'), parameters('defenderPlans')[copyIndex()])))]", + "condition": "[and(equals(parameters('defenderSkuTier'), 'Standard'), not(equals(environment().name, 'AzureCloud')))]", "type": "Microsoft.Security/pricings", "apiVersion": "2023-01-01", "name": "[parameters('defenderPlans')[copyIndex()]]", @@ -33910,11 +27938,15 @@ "mode": "serial", "batchSize": 1 }, - "condition": "[and(and(and(not(empty(parameters('defenderPlans'))), equals(parameters('defenderSkuTier'), 'Standard')), contains(variables('defenderPaidPlansSpecialHandlingAzurePublicList'), parameters('defenderPlans')[copyIndex()])), equals(environment().name, 'AzureCloud'))]", + "condition": "[and(equals(parameters('defenderSkuTier'), 'Standard'), equals(environment().name, 'AzureCloud'))]", "type": "Microsoft.Security/pricings", "apiVersion": "2023-01-01", "name": "[parameters('defenderPlans')[copyIndex()]]", - "properties": "[if(not(contains(variables('defenderPaidPlanConfig')[environment().name][parameters('defenderPlans')[copyIndex()]], 'subPlan')), createObject('pricingTier', parameters('defenderSkuTier')), createObject('pricingTier', parameters('defenderSkuTier'), 'subPlan', variables('defenderPaidPlanConfig')[environment().name][parameters('defenderPlans')[copyIndex()]].subPlan))]" + "properties": { + "pricingTier": "[parameters('defenderSkuTier')]", + "subPlan": "[if(contains(variables('defenderPaidPlanConfig')[environment().name][parameters('defenderPlans')[copyIndex()]], 'subPlan'), variables('defenderPaidPlanConfig')[environment().name][parameters('defenderPlans')[copyIndex()]].subPlan, json('null'))]", + "extensions": "[if(contains(variables('defenderPaidPlanConfig')[environment().name][parameters('defenderPlans')[copyIndex()]], 'extensions'), variables('defenderPaidPlanConfig')[environment().name][parameters('defenderPlans')[copyIndex()]].extensions, json('null'))]" + } }, { "type": "Microsoft.Security/autoProvisioningSettings", @@ -34005,8 +28037,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "9906905578732634543" + "version": "0.27.1.19265", + "templateHash": "12561474152115930813" } }, "parameters": { @@ -34168,8 +28200,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "9749879718794757824" + "version": "0.27.1.19265", + "templateHash": "12550778375543150807" } }, "parameters": { @@ -34269,8 +28301,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "5576770691490877000" + "version": "0.27.1.19265", + "templateHash": "12866738940970314305" } }, "parameters": { @@ -34533,17 +28565,17 @@ } ], "outputs": { - "storageEndpoint": { + "cloudStorageAccountCredentialsUserName": { "type": "string", - "value": "[reference(resourceId('Microsoft.Storage/storageAccounts', format('{0}saesri{1}', parameters('resourcePrefix'), variables('uniqueStorageName'))), '2023-01-01').primaryEndpoints.blob]" + "value": "[format('{0}{1}', format('{0}saesri{1}', parameters('resourcePrefix'), variables('uniqueStorageName')), replace(split(reference(resourceId('Microsoft.Storage/storageAccounts', format('{0}saesri{1}', parameters('resourcePrefix'), variables('uniqueStorageName'))), '2023-01-01').primaryEndpoints.blob, format('https://{0}', format('{0}saesri{1}', parameters('resourcePrefix'), variables('uniqueStorageName'))))[1], '/', ''))]" }, "storageAccountName": { "type": "string", "value": "[format('{0}saesri{1}', parameters('resourcePrefix'), variables('uniqueStorageName'))]" }, - "cloudStorageAccountCredentialsUserName": { + "storageEndpoint": { "type": "string", - "value": "[format('{0}{1}', format('{0}saesri{1}', parameters('resourcePrefix'), variables('uniqueStorageName')), replace(split(reference(resourceId('Microsoft.Storage/storageAccounts', format('{0}saesri{1}', parameters('resourcePrefix'), variables('uniqueStorageName'))), '2023-01-01').primaryEndpoints.blob, format('https://{0}', format('{0}saesri{1}', parameters('resourcePrefix'), variables('uniqueStorageName'))))[1], '/', ''))]" + "value": "[reference(resourceId('Microsoft.Storage/storageAccounts', format('{0}saesri{1}', parameters('resourcePrefix'), variables('uniqueStorageName'))), '2023-01-01').primaryEndpoints.blob]" } } } @@ -34568,7 +28600,7 @@ "mode": "Incremental", "parameters": { "hostname": { - "value": "[format('esri-{0}{1}', parameters('resourcePrefix'), uniqueString(variables('resourceGroupName')))]" + "value": "[format('esri-{0}{1}', parameters('resourcePrefix'), uniqueString(variables('subscriptionId')))]" }, "location": { "value": "[parameters('location')]" @@ -34589,8 +28621,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "6156014875832287100" + "version": "0.27.1.19265", + "templateHash": "16762155754803444926" } }, "parameters": { @@ -34684,8 +28716,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "17093710300497942843" + "version": "0.27.1.19265", + "templateHash": "16790431462854165621" } }, "parameters": { @@ -34751,8 +28783,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "17093710300497942843" + "version": "0.27.1.19265", + "templateHash": "16790431462854165621" } }, "parameters": { @@ -34818,8 +28850,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "17093710300497942843" + "version": "0.27.1.19265", + "templateHash": "16790431462854165621" } }, "parameters": { @@ -34885,8 +28917,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "17093710300497942843" + "version": "0.27.1.19265", + "templateHash": "16790431462854165621" } }, "parameters": { @@ -34952,8 +28984,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "17093710300497942843" + "version": "0.27.1.19265", + "templateHash": "16790431462854165621" } }, "parameters": { @@ -35019,8 +29051,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "17093710300497942843" + "version": "0.27.1.19265", + "templateHash": "16790431462854165621" } }, "parameters": { @@ -35086,8 +29118,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "17093710300497942843" + "version": "0.27.1.19265", + "templateHash": "16790431462854165621" } }, "parameters": { @@ -35206,8 +29238,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "7579044595906678679" + "version": "0.27.1.19265", + "templateHash": "3824483062142866512" } }, "parameters": { @@ -35684,8 +29716,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "7579044595906678679" + "version": "0.27.1.19265", + "templateHash": "3824483062142866512" } }, "parameters": { @@ -36163,8 +30195,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "7579044595906678679" + "version": "0.27.1.19265", + "templateHash": "3824483062142866512" } }, "parameters": { @@ -36642,8 +30674,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "7579044595906678679" + "version": "0.27.1.19265", + "templateHash": "3824483062142866512" } }, "parameters": { @@ -37123,8 +31155,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "7579044595906678679" + "version": "0.27.1.19265", + "templateHash": "3824483062142866512" } }, "parameters": { @@ -37601,8 +31633,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "7579044595906678679" + "version": "0.27.1.19265", + "templateHash": "3824483062142866512" } }, "parameters": { @@ -38080,8 +32112,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "7579044595906678679" + "version": "0.27.1.19265", + "templateHash": "3824483062142866512" } }, "parameters": { @@ -38559,8 +32591,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "7579044595906678679" + "version": "0.27.1.19265", + "templateHash": "3824483062142866512" } }, "parameters": { @@ -39038,8 +33070,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "7579044595906678679" + "version": "0.27.1.19265", + "templateHash": "3824483062142866512" } }, "parameters": { @@ -39493,8 +33525,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "8376415160635004409" + "version": "0.27.1.19265", + "templateHash": "14675721522132258526" } }, "parameters": { @@ -39847,8 +33879,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "8411349545033436594" + "version": "0.27.1.19265", + "templateHash": "13634998059642988778" } }, "parameters": { @@ -39909,8 +33941,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "8411349545033436594" + "version": "0.27.1.19265", + "templateHash": "13634998059642988778" } }, "parameters": { @@ -39970,8 +34002,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "8843829551900952560" + "version": "0.27.1.19265", + "templateHash": "10474224665457674425" } }, "parameters": { @@ -40029,8 +34061,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "3020662803375983209" + "version": "0.27.1.19265", + "templateHash": "4874187391706625223" } }, "parameters": { @@ -40071,8 +34103,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "8968981336685248524" + "version": "0.27.1.19265", + "templateHash": "14645056599463144386" } }, "parameters": { @@ -40190,6 +34222,9 @@ }, "virtualMachineName": { "value": "[take(format('{0}-vmesrimgmt', parameters('resourcePrefix')), 15)]" + }, + "esriStorageAccountContainer": { + "value": "[variables('container')]" } }, "template": { @@ -40198,8 +34233,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "4677294163377019848" + "version": "0.27.1.19265", + "templateHash": "13955313188103501864" } }, "parameters": { @@ -40269,6 +34304,9 @@ "esriStorageAccountName": { "type": "string" }, + "esriStorageAccountContainer": { + "type": "string" + }, "resourcePrefix": { "type": "string" } @@ -40424,7 +34462,7 @@ "parameters": [ { "name": "ContainerName", - "value": "[parameters('artifactsContainerName')]" + "value": "[parameters('esriStorageAccountContainer')]" }, { "name": "Environment", @@ -40541,10 +34579,14 @@ { "name": "EsriStorageAccount", "value": "[parameters('esriStorageAccountName')]" + }, + { + "name": "esriStorageAccountContainer", + "value": "[parameters('esriStorageAccountContainer')]" } ], "source": { - "script": " param(\r\n [string]$ContainerName,\r\n [string]$CertificateFileName,\r\n [string]$CertificatePassword,\r\n [string]$StorageAccountName,\r\n [string]$StorageEndpoint,\r\n [string]$UserAssignedIdentityObjectId,\r\n [string]$UserAssignedIdentityClientId,\r\n [string]$PortalLicenseFileName,\r\n [string]$PortalLicenseFile,\r\n [string]$ServerLicensefile,\r\n [string]$ServerLicenseFileName,\r\n [string]$TenantId,\r\n [string]$Location,\r\n [string]$Fqdn,\r\n [string]$Subscription,\r\n [string]$KeyVaultName,\r\n [string]$EsriStorageAccount,\r\n [string]$Environment\r\n )\r\n New-Item -ItemType File \"$env:windir\\temp\\$portalLicenseFileName\"\r\n New-Item -ItemType File \"$env:windir\\temp\\$serverLicenseFileName\"\r\n\r\n $plf = \"$env:windir\\temp\\$portalLicenseFileName\"\r\n $slf = \"$env:windir\\temp\\$serverLicenseFileName\"\r\n\r\n\r\n $Utf8NoBomEncoding = New-Object System.Text.UTF8Encoding $False\r\n\r\n $portalLicense = [System.Text.UTF8Encoding]::UTF8.GetString([System.Convert]::FromBase64String($portalLicensefile))\r\n [System.IO.File]::WriteAllLines($plf, $portalLicense, $Utf8NoBomEncoding)\r\n\r\n $serverLicense = [System.Text.UTF8Encoding]::UTF8.GetString([System.Convert]::FromBase64String($serverLicensefile))\r\n [System.IO.File]::WriteAllLines($slf, $serverLicense, $Utf8NoBomEncoding)\r\n\r\n Import-Module az.keyvault\r\n Connect-AzAccount -Environment $Environment -Subscription $Subscription -Identity -AccountId $UserAssignedIdentityClientId | Out-Null\r\n $ctx = New-AzStorageContext -StorageAccountName $esriStorageAccount -UseConnectedAccount\r\n $StorageAccountUrl = \"https://\" + $StorageAccountName + \".blob.\" + $StorageEndpoint\r\n $TokenUri = \"http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=$StorageAccountUrl&object_id=$UserAssignedIdentityObjectId\"\r\n $AccessToken = ((Invoke-WebRequest -Headers @{Metadata=$true} -Uri $TokenUri -UseBasicParsing).Content | ConvertFrom-Json).access_token\r\n $BlobNames = @($certificateFileName)\r\n Invoke-WebRequest -Headers @{\"x-ms-version\"=\"2017-11-09\"; Authorization =\"Bearer $AccessToken\"} -Uri \"$StorageAccountUrl/$ContainerName/$BlobNames\" -OutFile $env:windir\\temp\\$certificateFileName -Verbose\r\n $pfx = \"$env:windir\\temp\\$CertificateFileName\"\r\n Set-AzStorageBlobContent -File $pfx -Container $containerName -Blob $CertificateFileName -Context $ctx -Force\r\n $base64 = [System.Convert]::ToBase64String([System.IO.File]::ReadAllBytes($pfx))\r\n $Password = ConvertTo-SecureString -String $CertificatePassword -AsPlainText -Force\r\n $cert = Import-AzKeyVaultCertificate -VaultName $keyVaultName -Name \"pfx$location\" -FilePath $pfx -Password $Password\r\n $azKeyVaultCert = Get-AzKeyVaultCertificate -VaultName $keyVaultName -Name \"pfx$location\"\r\n $azKeyVaultCertBytes = $azKeyVaultCert.Certificate.Export([System.Security.Cryptography.X509Certificates.X509ContentType]::Cert)\r\n $publicCertificateName = \"wildcard$fqdn-PublicKey.cer\"\r\n $cerCertFile = \"$env:windir\\temp\\$publicCertificateName\"\r\n Write-Output $cerCertFile\r\n [System.IO.File]::WriteAllBytes($cerCertFile, $azKeyVaultCertBytes)\r\n #$ctx = New-AzStorageContext -StorageAccountName $esriStorageAccount -UseConnectedAccount\r\n Set-AzStorageBlobContent -File $cerCertFile -Container $containerName -Blob $publicCertificateName -Context $ctx -Force\r\n #Set-AzStorageBlobContent -File $pfx -Container $containerName -Blob $CertificateFileName -Context $ctx -Force\r\n Set-AzStorageBlobContent -File $plf -Container $containerName -Properties @{\"ContentEncoding\" = \"UTF-8\"} -Blob $portalLicenseFileName -Context $ctx -Force\r\n Set-AzStorageBlobContent -File $slf -Container $containerName -Properties @{\"ContentEncoding\" = \"UTF-8\"} -Blob $serverLicenseFileName -Context $ctx -Force\r\n " + "script": " param(\r\n [string]$CertificateFileName,\r\n [string]$CertificatePassword,\r\n [string]$ContainerName,\r\n [string]$Environment,\r\n [string]$EsriStorageAccount,\r\n [string]$EsriStorageAccountContainer,\r\n [string]$Fqdn,\r\n [string]$KeyVaultName,\r\n [string]$Location,\r\n [string]$PortalLicenseFile,\r\n [string]$PortalLicenseFileName,\r\n [string]$ServerLicensefile,\r\n [string]$ServerLicenseFileName,\r\n [string]$StorageAccountName,\r\n [string]$StorageEndpoint,\r\n [string]$Subscription,\r\n [string]$TenantId,\r\n [string]$UserAssignedIdentityClientId,\r\n [string]$UserAssignedIdentityObjectId\r\n )\r\n New-Item -ItemType File \"$env:windir\\temp\\$portalLicenseFileName\"\r\n New-Item -ItemType File \"$env:windir\\temp\\$serverLicenseFileName\"\r\n\r\n $plf = \"$env:windir\\temp\\$portalLicenseFileName\"\r\n $slf = \"$env:windir\\temp\\$serverLicenseFileName\"\r\n\r\n $Utf8NoBomEncoding = New-Object System.Text.UTF8Encoding $False\r\n\r\n $portalLicense = [System.Text.UTF8Encoding]::UTF8.GetString([System.Convert]::FromBase64String($portalLicensefile))\r\n [System.IO.File]::WriteAllLines($plf, $portalLicense, $Utf8NoBomEncoding)\r\n\r\n $serverLicense = [System.Text.UTF8Encoding]::UTF8.GetString([System.Convert]::FromBase64String($serverLicensefile))\r\n [System.IO.File]::WriteAllLines($slf, $serverLicense, $Utf8NoBomEncoding)\r\n\r\n Import-Module az.keyvault\r\n Connect-AzAccount -Environment $Environment -Subscription $Subscription -Identity -AccountId $UserAssignedIdentityClientId | Out-Null\r\n $ctx = New-AzStorageContext -StorageAccountName $esriStorageAccount -UseConnectedAccount\r\n $StorageAccountUrl = \"https://\" + $StorageAccountName + \".blob.\" + $StorageEndpoint\r\n $TokenUri = \"http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=$StorageAccountUrl&object_id=$UserAssignedIdentityObjectId\"\r\n $AccessToken = ((Invoke-WebRequest -Headers @{Metadata=$true} -Uri $TokenUri -UseBasicParsing).Content | ConvertFrom-Json).access_token\r\n $BlobNames = @($certificateFileName)\r\n Invoke-WebRequest -Headers @{\"x-ms-version\"=\"2017-11-09\"; Authorization =\"Bearer $AccessToken\"} -Uri \"$StorageAccountUrl/$ContainerName/$BlobNames\" -OutFile $env:windir\\temp\\$certificateFileName -Verbose\r\n $pfx = \"$env:windir\\temp\\$CertificateFileName\"\r\n Set-AzStorageBlobContent -File $pfx -Container $esriStorageAccountContainer -Blob $CertificateFileName -Context $ctx -Force\r\n $base64 = [System.Convert]::ToBase64String([System.IO.File]::ReadAllBytes($pfx))\r\n $Password = ConvertTo-SecureString -String $CertificatePassword -AsPlainText -Force\r\n $cert = Import-AzKeyVaultCertificate -VaultName $keyVaultName -Name \"pfx$location\" -FilePath $pfx -Password $Password\r\n $azKeyVaultCert = Get-AzKeyVaultCertificate -VaultName $keyVaultName -Name \"pfx$location\"\r\n $azKeyVaultCertBytes = $azKeyVaultCert.Certificate.Export([System.Security.Cryptography.X509Certificates.X509ContentType]::Cert)\r\n $publicCertificateName = \"wildcard$fqdn-PublicKey.cer\"\r\n $cerCertFile = \"$env:windir\\temp\\$publicCertificateName\"\r\n Write-Output $cerCertFile\r\n [System.IO.File]::WriteAllBytes($cerCertFile, $azKeyVaultCertBytes)\r\n #$ctx = New-AzStorageContext -StorageAccountName $esriStorageAccount -UseConnectedAccount\r\n Set-AzStorageBlobContent -File $cerCertFile -Container $esriStorageAccountContainer -Blob $publicCertificateName -Context $ctx -Force\r\n #Set-AzStorageBlobContent -File $pfx -Container $esriStorageAccountContainer -Blob $CertificateFileName -Context $ctx -Force\r\n Set-AzStorageBlobContent -File $plf -Container $esriStorageAccountContainer -Properties @{\"ContentEncoding\" = \"UTF-8\"} -Blob $portalLicenseFileName -Context $ctx -Force\r\n Set-AzStorageBlobContent -File $slf -Container $esriStorageAccountContainer -Properties @{\"ContentEncoding\" = \"UTF-8\"} -Blob $serverLicenseFileName -Context $ctx -Force\r\n " } }, "dependsOn": [ @@ -40669,8 +34711,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "16303095877301641490" + "version": "0.27.1.19265", + "templateHash": "14251817001722999924" } }, "parameters": { @@ -41030,8 +35072,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "13179115516730625918" + "version": "0.27.1.19265", + "templateHash": "9773674484983530244" } }, "parameters": { @@ -41359,8 +35401,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "4811268326227267852" + "version": "0.27.1.19265", + "templateHash": "2541579722256443225" } }, "parameters": { @@ -41567,8 +35609,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "13366513209151885602" + "version": "0.27.1.19265", + "templateHash": "6027819688109116244" } }, "parameters": { @@ -42188,8 +36230,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "11214753598227343118" + "version": "0.27.1.19265", + "templateHash": "6929650399336338982" } }, "parameters": { @@ -42465,8 +36507,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "12201042815010593544" + "version": "0.27.1.19265", + "templateHash": "6412248038875800868" } }, "parameters": { @@ -42708,8 +36750,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "3516818735457343143" + "version": "0.27.1.19265", + "templateHash": "5678296389292544212" } }, "parameters": { @@ -42934,8 +36976,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "16093052119851457375" + "version": "0.27.1.19265", + "templateHash": "6229880427899429212" } }, "parameters": { @@ -43162,8 +37204,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "15926008132751897196" + "version": "0.27.1.19265", + "templateHash": "4986445153472918202" } }, "parameters": { @@ -43392,8 +37434,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "11051323292383584718" + "version": "0.27.1.19265", + "templateHash": "6137394781947972355" } }, "parameters": { @@ -43651,8 +37693,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "1666894846892138554" + "version": "0.27.1.19265", + "templateHash": "18175440212093169323" } }, "parameters": { @@ -44035,8 +38077,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "14779582043224308008" + "version": "0.27.1.19265", + "templateHash": "17576905959396051074" } }, "parameters": { @@ -44252,8 +38294,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "13366513209151885602" + "version": "0.27.1.19265", + "templateHash": "6027819688109116244" } }, "parameters": { @@ -44876,8 +38918,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "2650438546048809750" + "version": "0.27.1.19265", + "templateHash": "16239935486931945443" } }, "parameters": { diff --git a/src/bicep/add-ons/esri-enterprise/modules/hub-network-peering.bicep b/src/bicep/add-ons/esri-enterprise/modules/hub-network-peering.bicep index b8929310b..03efd6e81 100644 --- a/src/bicep/add-ons/esri-enterprise/modules/hub-network-peering.bicep +++ b/src/bicep/add-ons/esri-enterprise/modules/hub-network-peering.bicep @@ -14,7 +14,8 @@ module hubToSpokeVirtualNetworkPeering '../../../modules/virtual-network-peering scope: resourceGroup(hubResourceGroupName) name: 'hubToSpokeVirtualNetworkPeering' params: { - name: '${hubVirtualNetworkName}/to-${spokeVirtualNetworkName}' remoteVirtualNetworkResourceId: spokeVirtualNetworkResourceId + virtualNetworkName: hubVirtualNetworkName + virtualNetworkPeerName: 'to-${spokeVirtualNetworkName}' } } diff --git a/src/bicep/add-ons/esri-enterprise/modules/tier3.bicep b/src/bicep/add-ons/esri-enterprise/modules/tier3.bicep index add959f33..60bd7c3a7 100644 --- a/src/bicep/add-ons/esri-enterprise/modules/tier3.bicep +++ b/src/bicep/add-ons/esri-enterprise/modules/tier3.bicep @@ -171,7 +171,7 @@ module hubToWorkloadVirtualNetworkPeering './hub-network-peering.bicep' = { // } // } -module spokeDefender '../../../modules/defenderForCloud.bicep' = if (deployDefender) { +module spokeDefender '../../../modules/defender-for-cloud.bicep' = if (deployDefender) { name: 'set-${workloadName}-sub-defender' scope: subscription(workloadSubscriptionId) params: { diff --git a/src/bicep/add-ons/esri-enterprise/solution.json b/src/bicep/add-ons/esri-enterprise/solution.json index 6b9301d43..77e44ba42 100644 --- a/src/bicep/add-ons/esri-enterprise/solution.json +++ b/src/bicep/add-ons/esri-enterprise/solution.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "9100817995999971525" + "version": "0.27.1.19265", + "templateHash": "11256897945817159924" } }, "parameters": { @@ -708,8 +708,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "13758339223885887518" + "version": "0.27.1.19265", + "templateHash": "15651868626478950860" } }, "parameters": { @@ -832,8 +832,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "2623986189587500516" + "version": "0.27.1.19265", + "templateHash": "15999380824695207569" } }, "parameters": { @@ -999,8 +999,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "3556296216752459961" + "version": "0.27.1.19265", + "templateHash": "17016669538410088882" } }, "parameters": { @@ -1156,8 +1156,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "3208799972746950006" + "version": "0.27.1.19265", + "templateHash": "11489505570850706214" } }, "parameters": { @@ -1290,8 +1290,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "15109711853711429239" + "version": "0.27.1.19265", + "templateHash": "9248760033135953433" } }, "parameters": { @@ -1359,8 +1359,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "13987612441032900755" + "version": "0.27.1.19265", + "templateHash": "2072756264947187478" } }, "parameters": { @@ -1405,8 +1405,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "10509951780144584720" + "version": "0.27.1.19265", + "templateHash": "4217213734063758013" } }, "parameters": { @@ -1472,8 +1472,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "5664108101366069473" + "version": "0.27.1.19265", + "templateHash": "17916706422341483204" } }, "parameters": { @@ -1502,11 +1502,14 @@ }, "mode": "Incremental", "parameters": { - "name": { - "value": "[format('{0}/to-{1}', parameters('hubVirtualNetworkName'), parameters('spokeVirtualNetworkName'))]" - }, "remoteVirtualNetworkResourceId": { "value": "[parameters('spokeVirtualNetworkResourceId')]" + }, + "virtualNetworkName": { + "value": "[parameters('hubVirtualNetworkName')]" + }, + "virtualNetworkPeerName": { + "value": "[format('to-{0}', parameters('spokeVirtualNetworkName'))]" } }, "template": { @@ -1515,15 +1518,18 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "10509951780144584720" + "version": "0.27.1.19265", + "templateHash": "4225396596043462595" } }, "parameters": { - "name": { + "remoteVirtualNetworkResourceId": { "type": "string" }, - "remoteVirtualNetworkResourceId": { + "virtualNetworkName": { + "type": "string" + }, + "virtualNetworkPeerName": { "type": "string" } }, @@ -1531,7 +1537,7 @@ { "type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings", "apiVersion": "2021-02-01", - "name": "[parameters('name')]", + "name": "[format('{0}/{1}', parameters('virtualNetworkName'), parameters('virtualNetworkPeerName'))]", "properties": { "allowForwardedTraffic": true, "remoteVirtualNetwork": { @@ -1578,8 +1584,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "2376507858724004427" + "version": "0.27.1.19265", + "templateHash": "4615387508967890473" } }, "parameters": { @@ -1628,14 +1634,77 @@ }, "variables": { "autoProvisioning": "[if(parameters('enableAutoProvisioning'), 'On', 'Off')]", - "defenderPaidPlansSpecialHandlingAzurePublicList": [ - "Api" - ], "defenderPaidPlanConfig": { "AzureCloud": { "Api": { "subPlan": "P1" - } + }, + "appServices": {}, + "KeyVaults": { + "subPlan": "PerKeyVault" + }, + "Arm": { + "subPlan": "PerSubscription" + }, + "CloudPosture": { + "extensions": [ + { + "name": "SensitiveDataDiscovery", + "isEnabled": "True" + }, + { + "name": "ContainerRegistriesVulnerabilityAssessments", + "isEnabled": "True" + }, + { + "name": "AgentlessDiscoveryForKubernetes", + "isEnabled": "True" + }, + { + "name": "AgentlessVmScanning", + "isEnabled": "True" + }, + { + "name": "EntraPermissionsManagement", + "isEnabled": "True" + } + ] + }, + "Containers": { + "extensions": [ + { + "name": "ContainerRegistriesVulnerabilityAssessments", + "isEnabled": "True" + }, + { + "name": "AgentlessDiscoveryForKubernetes", + "isEnabled": "True" + } + ] + }, + "CosmosDbs": {}, + "StorageAccounts": { + "subPlan": "DefenderForStorageV2", + "extensions": [ + { + "name": "OnUploadMalwareScanning", + "isEnabled": "True", + "additionalExtensionProperties": { + "CapGBPerMonthPerStorageAccount": "5000" + } + }, + { + "name": "SensitiveDataDiscovery", + "isEnabled": "True" + } + ] + }, + "VirtualMachines": { + "subPlan": "P1" + }, + "SqlServerVirtualMachines": {}, + "SqlServers": {}, + "OpenSourceRelationalDatabases": {} } } }, @@ -1647,7 +1716,7 @@ "mode": "serial", "batchSize": 1 }, - "condition": "[and(not(empty(parameters('defenderPlans'))), equals(parameters('defenderSkuTier'), 'Free'))]", + "condition": "[equals(parameters('defenderSkuTier'), 'Free')]", "type": "Microsoft.Security/pricings", "apiVersion": "2023-01-01", "name": "[parameters('defenderPlans')[copyIndex()]]", @@ -1662,7 +1731,7 @@ "mode": "serial", "batchSize": 1 }, - "condition": "[and(and(not(empty(parameters('defenderPlans'))), equals(parameters('defenderSkuTier'), 'Standard')), not(contains(variables('defenderPaidPlansSpecialHandlingAzurePublicList'), parameters('defenderPlans')[copyIndex()])))]", + "condition": "[and(equals(parameters('defenderSkuTier'), 'Standard'), not(equals(environment().name, 'AzureCloud')))]", "type": "Microsoft.Security/pricings", "apiVersion": "2023-01-01", "name": "[parameters('defenderPlans')[copyIndex()]]", @@ -1677,11 +1746,15 @@ "mode": "serial", "batchSize": 1 }, - "condition": "[and(and(and(not(empty(parameters('defenderPlans'))), equals(parameters('defenderSkuTier'), 'Standard')), contains(variables('defenderPaidPlansSpecialHandlingAzurePublicList'), parameters('defenderPlans')[copyIndex()])), equals(environment().name, 'AzureCloud'))]", + "condition": "[and(equals(parameters('defenderSkuTier'), 'Standard'), equals(environment().name, 'AzureCloud'))]", "type": "Microsoft.Security/pricings", "apiVersion": "2023-01-01", "name": "[parameters('defenderPlans')[copyIndex()]]", - "properties": "[if(not(contains(variables('defenderPaidPlanConfig')[environment().name][parameters('defenderPlans')[copyIndex()]], 'subPlan')), createObject('pricingTier', parameters('defenderSkuTier')), createObject('pricingTier', parameters('defenderSkuTier'), 'subPlan', variables('defenderPaidPlanConfig')[environment().name][parameters('defenderPlans')[copyIndex()]].subPlan))]" + "properties": { + "pricingTier": "[parameters('defenderSkuTier')]", + "subPlan": "[if(contains(variables('defenderPaidPlanConfig')[environment().name][parameters('defenderPlans')[copyIndex()]], 'subPlan'), variables('defenderPaidPlanConfig')[environment().name][parameters('defenderPlans')[copyIndex()]].subPlan, json('null'))]", + "extensions": "[if(contains(variables('defenderPaidPlanConfig')[environment().name][parameters('defenderPlans')[copyIndex()]], 'extensions'), variables('defenderPaidPlanConfig')[environment().name][parameters('defenderPlans')[copyIndex()]].extensions, json('null'))]" + } }, { "type": "Microsoft.Security/autoProvisioningSettings", @@ -1772,8 +1845,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "9906905578732634543" + "version": "0.27.1.19265", + "templateHash": "12561474152115930813" } }, "parameters": { @@ -1935,8 +2008,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "9749879718794757824" + "version": "0.27.1.19265", + "templateHash": "12550778375543150807" } }, "parameters": { @@ -2036,8 +2109,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "3421184670812544832" + "version": "0.27.1.19265", + "templateHash": "12866738940970314305" } }, "parameters": { @@ -2356,8 +2429,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "6156014875832287100" + "version": "0.27.1.19265", + "templateHash": "16762155754803444926" } }, "parameters": { @@ -2451,8 +2524,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "17093710300497942843" + "version": "0.27.1.19265", + "templateHash": "16790431462854165621" } }, "parameters": { @@ -2518,8 +2591,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "17093710300497942843" + "version": "0.27.1.19265", + "templateHash": "16790431462854165621" } }, "parameters": { @@ -2585,8 +2658,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "17093710300497942843" + "version": "0.27.1.19265", + "templateHash": "16790431462854165621" } }, "parameters": { @@ -2652,8 +2725,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "17093710300497942843" + "version": "0.27.1.19265", + "templateHash": "16790431462854165621" } }, "parameters": { @@ -2719,8 +2792,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "17093710300497942843" + "version": "0.27.1.19265", + "templateHash": "16790431462854165621" } }, "parameters": { @@ -2786,8 +2859,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "17093710300497942843" + "version": "0.27.1.19265", + "templateHash": "16790431462854165621" } }, "parameters": { @@ -2853,8 +2926,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "17093710300497942843" + "version": "0.27.1.19265", + "templateHash": "16790431462854165621" } }, "parameters": { @@ -2973,8 +3046,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "7579044595906678679" + "version": "0.27.1.19265", + "templateHash": "3824483062142866512" } }, "parameters": { @@ -3451,8 +3524,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "7579044595906678679" + "version": "0.27.1.19265", + "templateHash": "3824483062142866512" } }, "parameters": { @@ -3930,8 +4003,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "7579044595906678679" + "version": "0.27.1.19265", + "templateHash": "3824483062142866512" } }, "parameters": { @@ -4409,8 +4482,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "7579044595906678679" + "version": "0.27.1.19265", + "templateHash": "3824483062142866512" } }, "parameters": { @@ -4890,8 +4963,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "7579044595906678679" + "version": "0.27.1.19265", + "templateHash": "3824483062142866512" } }, "parameters": { @@ -5368,8 +5441,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "7579044595906678679" + "version": "0.27.1.19265", + "templateHash": "3824483062142866512" } }, "parameters": { @@ -5847,8 +5920,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "7579044595906678679" + "version": "0.27.1.19265", + "templateHash": "3824483062142866512" } }, "parameters": { @@ -6326,8 +6399,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "7579044595906678679" + "version": "0.27.1.19265", + "templateHash": "3824483062142866512" } }, "parameters": { @@ -6805,8 +6878,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "7579044595906678679" + "version": "0.27.1.19265", + "templateHash": "3824483062142866512" } }, "parameters": { @@ -7260,8 +7333,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "8376415160635004409" + "version": "0.27.1.19265", + "templateHash": "14675721522132258526" } }, "parameters": { @@ -7614,8 +7687,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "8411349545033436594" + "version": "0.27.1.19265", + "templateHash": "13634998059642988778" } }, "parameters": { @@ -7676,8 +7749,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "8411349545033436594" + "version": "0.27.1.19265", + "templateHash": "13634998059642988778" } }, "parameters": { @@ -7737,8 +7810,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "8843829551900952560" + "version": "0.27.1.19265", + "templateHash": "10474224665457674425" } }, "parameters": { @@ -7796,8 +7869,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "3020662803375983209" + "version": "0.27.1.19265", + "templateHash": "4874187391706625223" } }, "parameters": { @@ -7838,8 +7911,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "8968981336685248524" + "version": "0.27.1.19265", + "templateHash": "14645056599463144386" } }, "parameters": { @@ -7968,8 +8041,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "15220953359455305824" + "version": "0.27.1.19265", + "templateHash": "13955313188103501864" } }, "parameters": { @@ -8446,8 +8519,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "16303095877301641490" + "version": "0.27.1.19265", + "templateHash": "14251817001722999924" } }, "parameters": { @@ -8807,8 +8880,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "13179115516730625918" + "version": "0.27.1.19265", + "templateHash": "9773674484983530244" } }, "parameters": { @@ -9136,8 +9209,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "4811268326227267852" + "version": "0.27.1.19265", + "templateHash": "2541579722256443225" } }, "parameters": { @@ -9344,8 +9417,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "13366513209151885602" + "version": "0.27.1.19265", + "templateHash": "6027819688109116244" } }, "parameters": { @@ -9965,8 +10038,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "11214753598227343118" + "version": "0.27.1.19265", + "templateHash": "6929650399336338982" } }, "parameters": { @@ -10242,8 +10315,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "12201042815010593544" + "version": "0.27.1.19265", + "templateHash": "6412248038875800868" } }, "parameters": { @@ -10485,8 +10558,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "3516818735457343143" + "version": "0.27.1.19265", + "templateHash": "5678296389292544212" } }, "parameters": { @@ -10711,8 +10784,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "16093052119851457375" + "version": "0.27.1.19265", + "templateHash": "6229880427899429212" } }, "parameters": { @@ -10939,8 +11012,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "15926008132751897196" + "version": "0.27.1.19265", + "templateHash": "4986445153472918202" } }, "parameters": { @@ -11169,8 +11242,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "11051323292383584718" + "version": "0.27.1.19265", + "templateHash": "6137394781947972355" } }, "parameters": { @@ -11428,8 +11501,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "1666894846892138554" + "version": "0.27.1.19265", + "templateHash": "18175440212093169323" } }, "parameters": { @@ -11812,8 +11885,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "14779582043224308008" + "version": "0.27.1.19265", + "templateHash": "17576905959396051074" } }, "parameters": { @@ -12029,8 +12102,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "13366513209151885602" + "version": "0.27.1.19265", + "templateHash": "6027819688109116244" } }, "parameters": { @@ -12653,8 +12726,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "2650438546048809750" + "version": "0.27.1.19265", + "templateHash": "16239935486931945443" } }, "parameters": { diff --git a/src/bicep/add-ons/imaging/solution.bicep b/src/bicep/add-ons/imaging/solution.bicep index 0d9ca2f0c..9121e983d 100644 --- a/src/bicep/add-ons/imaging/solution.bicep +++ b/src/bicep/add-ons/imaging/solution.bicep @@ -239,18 +239,9 @@ param virtualNetworkDiagnosticsMetrics array = [] @description('The WSUS Server Url if WSUS is specified. (i.e., https://wsus.corp.contoso.com:8531)') param wsusServer string = '' -var automationAccountPrivateDnsZoneResourceId = resourceId(split(hubVirtualNetworkResourceId, '/')[2], split(hubVirtualNetworkResourceId, '/')[4], 'Microsoft.Network/privateDnsZones','privatelink.azure-automation.${privateDnsZoneSuffixes_AzureAutomation[environment().name] ?? cloudSuffix}') -var cloudSuffix = replace(replace(environment().resourceManager, 'https://management.azure.', ''), '/', '') var keyVaultPrivateDnsZoneResourceId = resourceId(split(hubVirtualNetworkResourceId, '/')[2], split(hubVirtualNetworkResourceId, '/')[4], 'Microsoft.Network/privateDnsZones', replace('privatelink${environment().suffixes.keyvaultDns}', 'vault', 'vaultcore')) var imageDefinitionName = empty(computeGalleryImageResourceId) ? '${imageDefinitionNamePrefix}-${marketplaceImageSKU}' : '${imageDefinitionNamePrefix}-${split(computeGalleryImageResourceId, '/')[10]}' -var privateDnsZoneSuffixes_AzureAutomation = { - AzureCloud: 'net' - AzureUSGovernment: 'us' - USNat: null - USSec: null -} var subscriptionId = subscription().subscriptionId -var locations = (loadJsonContent('../../data/locations.json'))[environment().name] var workloadName = 'Imaging' var workloadShortName = 'img' @@ -287,28 +278,28 @@ module tier3 '../tier3/solution.bicep' = { module baseline 'modules/baseline.bicep' = { name: 'deploy-imaging-baseline-${deploymentNameSuffix}' params: { - computeGalleryName: tier3.outputs.network.computeGalleryName + computeGalleryName: tier3.outputs.namingConvention.computeGallery deploymentNameSuffix: deploymentNameSuffix diskEncryptionSetResourceId: tier3.outputs.diskEncryptionSetResourceId enableBuildAutomation: enableBuildAutomation exemptPolicyAssignmentIds: exemptPolicyAssignmentIds location: location mlzTags: tier3.outputs.mlzTags - resourceGroupName: tier3.outputs.network.resourceGroupName + resourceGroupName: tier3.outputs.namingConvention.resourceGroup storageAccountResourceId: storageAccountResourceId subscriptionId: subscriptionId tags: tags - userAssignedIdentityName: tier3.outputs.network.userAssignedIdentityName + userAssignedIdentityName: tier3.outputs.namingConvention.userAssignedIdentity } } module buildAutomation 'modules/buildAutomation.bicep' = if (enableBuildAutomation) { name: 'deploy-build-automation-${deploymentNameSuffix}' params: { - actionGroupName: tier3.outputs.network.actionGroupName + actionGroupName: tier3.outputs.namingConvention.actionGroup arcGisProInstaller: arcGisProInstaller - automationAccountName: tier3.outputs.network.automationAccountName - automationAccountPrivateDnsZoneResourceId: automationAccountPrivateDnsZoneResourceId + automationAccountName: tier3.outputs.namingConvention.automationAccount + automationAccountPrivateDnsZoneResourceId: resourceId(split(hubVirtualNetworkResourceId, '/')[2], split(hubVirtualNetworkResourceId, '/')[4], 'Microsoft.Network/privateDnsZones', filter(tier3.outputs.privateDnsZones, name => startsWith(name, 'privatelink.azure-automation'))[0]) computeGalleryImageResourceId: computeGalleryImageResourceId computeGalleryResourceId: baseline.outputs.computeGalleryResourceId containerName: containerName @@ -325,7 +316,7 @@ module buildAutomation 'modules/buildAutomation.bicep' = if (enableBuildAutomati imageDefinitionName: imageDefinitionName imageMajorVersion: imageMajorVersion imagePatchVersion: imagePatchVersion - imageVirtualMachineName: replace(tier3.outputs.network.virtualMachineName, tier3.outputs.tokens.service, 'b') + imageVirtualMachineName: replace(tier3.outputs.namingConvention.virtualMachine, tier3.outputs.tokens.service, 'b') installAccess: installAccess installArcGisPro: installArcGisPro installExcel: installExcel @@ -341,13 +332,13 @@ module buildAutomation 'modules/buildAutomation.bicep' = if (enableBuildAutomati installVirtualDesktopOptimizationTool: installVirtualDesktopOptimizationTool installVisio: installVisio installWord: installWord - keyVaultName: tier3.outputs.network.keyVaultName + keyVaultName: tier3.outputs.namingConvention.keyVault keyVaultPrivateDnsZoneResourceId: keyVaultPrivateDnsZoneResourceId localAdministratorPassword: localAdministratorPassword localAdministratorUsername: localAdministratorUsername location: location logAnalyticsWorkspaceResourceId: logAnalyticsWorkspaceResourceId - managementVirtualMachineName: replace(tier3.outputs.network.virtualMachineName, tier3.outputs.tokens.service, 'm') + managementVirtualMachineName: replace(tier3.outputs.namingConvention.virtualMachine, tier3.outputs.tokens.service, 'm') marketplaceImageOffer: marketplaceImageOffer marketplaceImagePublisher: marketplaceImagePublisher marketplaceImageSKU: marketplaceImageSKU @@ -356,14 +347,14 @@ module buildAutomation 'modules/buildAutomation.bicep' = if (enableBuildAutomati officeInstaller: officeInstaller oUPath: oUPath replicaCount: replicaCount - resourceGroupName: tier3.outputs.network.resourceGroupName + resourceGroupName: tier3.outputs.namingConvention.resourceGroup sourceImageType: sourceImageType storageAccountResourceId: storageAccountResourceId subnetResourceId: tier3.outputs.subnetResourceId subscriptionId: subscriptionId tags: tags teamsInstaller: teamsInstaller - timeZone: locations[location].timeZone + timeZone: tier3.outputs.locatonProperties.timeZone updateService: updateService userAssignedIdentityClientId: baseline.outputs.userAssignedIdentityClientId userAssignedIdentityPrincipalId: baseline.outputs.userAssignedIdentityPrincipalId @@ -373,9 +364,6 @@ module buildAutomation 'modules/buildAutomation.bicep' = if (enableBuildAutomati virtualMachineSize: virtualMachineSize wsusServer: wsusServer } - dependsOn: [ - tier3 - ] } module imageBuild 'modules/imageBuild.bicep' = { @@ -383,7 +371,7 @@ module imageBuild 'modules/imageBuild.bicep' = { params: { arcGisProInstaller: arcGisProInstaller computeGalleryImageResourceId: computeGalleryImageResourceId - computeGalleryName: tier3.outputs.network.computeGalleryName + computeGalleryName: tier3.outputs.namingConvention.computeGallery containerName: containerName customizations: customizations deploymentNameSuffix: deploymentNameSuffix @@ -394,7 +382,7 @@ module imageBuild 'modules/imageBuild.bicep' = { imageDefinitionName: imageDefinitionName imageMajorVersion: imageMajorVersion imagePatchVersion: imagePatchVersion - imageVirtualMachineName: replace(tier3.outputs.network.windowsVmName, tier3.outputs.tokens.service, 'b') + imageVirtualMachineName: replace(tier3.outputs.namingConvention.virtualMachine, tier3.outputs.tokens.service, 'b') installAccess: installAccess installArcGisPro: installArcGisPro installExcel: installExcel @@ -410,11 +398,11 @@ module imageBuild 'modules/imageBuild.bicep' = { installVirtualDesktopOptimizationTool: installVirtualDesktopOptimizationTool installVisio: installVisio installWord: installWord - keyVaultName: tier3.outputs.network.keyVaultName + keyVaultName: tier3.outputs.namingConvention.keyVault localAdministratorPassword: localAdministratorPassword localAdministratorUsername: localAdministratorUsername location: location - managementVirtualMachineName: replace(tier3.outputs.network.windowsVmName, tier3.outputs.tokens.service, 'm') + managementVirtualMachineName: replace(tier3.outputs.namingConvention.virtualMachine, tier3.outputs.tokens.service, 'm') marketplaceImageOffer: marketplaceImageOffer marketplaceImagePublisher: marketplaceImagePublisher marketplaceImageSKU: marketplaceImageSKU @@ -422,7 +410,7 @@ module imageBuild 'modules/imageBuild.bicep' = { msrdcwebrtcsvcInstaller: msrdcwebrtcsvcInstaller officeInstaller: officeInstaller replicaCount: replicaCount - resourceGroupName: tier3.outputs.network.resourceGroupName + resourceGroupName: tier3.outputs.namingConvention.resourceGroup sourceImageType: sourceImageType storageAccountResourceId: storageAccountResourceId subnetResourceId: tier3.outputs.subnetResourceId diff --git a/src/bicep/add-ons/imaging/solution.json b/src/bicep/add-ons/imaging/solution.json index 9429c0375..01adf32ee 100644 --- a/src/bicep/add-ons/imaging/solution.json +++ b/src/bicep/add-ons/imaging/solution.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "4098442217130518679" + "version": "0.27.1.19265", + "templateHash": "17553070626031741998" } }, "parameters": { @@ -497,402 +497,9 @@ } }, "variables": { - "$fxv#0": { - "AzureChina": { - "chinaeast": { - "abbreviation": "cne", - "recoveryServicesGeo": "sha", - "timeDifference": "+8:00", - "timeZone": "China Standard Time" - }, - "chinaeast2": { - "abbreviation": "cne2", - "recoveryServicesGeo": "sha2", - "timeDifference": "+8:00", - "timeZone": "China Standard Time" - }, - "chinanorth": { - "abbreviation": "cnn", - "recoveryServicesGeo": "bjb", - "timeDifference": "+8:00", - "timeZone": "China Standard Time" - }, - "chinanorth2": { - "abbreviation": "cnn2", - "recoveryServicesGeo": "bjb2", - "timeDifference": "+8:00", - "timeZone": "China Standard Time" - } - }, - "AzureCloud": { - "australiacentral": { - "abbreviation": "auc", - "recoveryServicesGeo": "acl", - "timeDifference": "+10:00", - "timeZone": "AUS Eastern Standard Time" - }, - "australiacentral2": { - "abbreviation": "auc2", - "recoveryServicesGeo": "acl2", - "timeDifference": "+10:00", - "timeZone": "AUS Eastern Standard Time" - }, - "australiaeast": { - "abbreviation": "aue", - "recoveryServicesGeo": "ae", - "timeDifference": "+10:00", - "timeZone": "AUS Eastern Standard Time" - }, - "australiasoutheast": { - "abbreviation": "ause", - "recoveryServicesGeo": "ase", - "timeDifference": "+10:00", - "timeZone": "AUS Eastern Standard Time" - }, - "brazilsouth": { - "abbreviation": "brs", - "recoveryServicesGeo": "brs", - "timeDifference": "-3:00", - "timeZone": "E. South America Standard Time" - }, - "brazilsoutheast": { - "abbreviation": "brse", - "recoveryServicesGeo": "bse", - "timeDifference": "-3:00", - "timeZone": "E. South America Standard Time" - }, - "canadacentral": { - "abbreviation": "cac", - "recoveryServicesGeo": "cnc", - "timeDifference": "-5:00", - "timeZone": "Eastern Standard Time" - }, - "canadaeast": { - "abbreviation": "cae", - "recoveryServicesGeo": "cne", - "timeDifference": "-5:00", - "timeZone": "Eastern Standard Time" - }, - "centralindia": { - "abbreviation": "inc", - "recoveryServicesGeo": "inc", - "timeDifference": "+5:30", - "timeZone": "India Standard Time" - }, - "centralus": { - "abbreviation": "usc", - "recoveryServicesGeo": "cus", - "timeDifference": "-6:00", - "timeZone": "Central Standard Time" - }, - "eastasia": { - "abbreviation": "ase", - "recoveryServicesGeo": "ea", - "timeDifference": "+8:00", - "timeZone": "China Standard Time" - }, - "eastus": { - "abbreviation": "use", - "recoveryServicesGeo": "eus", - "timeDifference": "-5:00", - "timeZone": "Eastern Standard Time" - }, - "eastus2": { - "abbreviation": "use2", - "recoveryServicesGeo": "eus2", - "timeDifference": "-5:00", - "timeZone": "Eastern Standard Time" - }, - "francecentral": { - "abbreviation": "frc", - "recoveryServicesGeo": "frc", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "francesouth": { - "abbreviation": "frs", - "recoveryServicesGeo": "frs", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "germanynorth": { - "abbreviation": "den", - "recoveryServicesGeo": "gn", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "germanywestcentral": { - "abbreviation": "dewc", - "recoveryServicesGeo": "gwc", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "israelcentral": { - "abbreviation": "ilc", - "recoveryServicesGeo": "ilc", - "timeDifference": "+2:00", - "timeZone": "Israel Standard Time" - }, - "italynorth": { - "abbreviation": "itn", - "recoveryServicesGeo": "itn", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "japaneast": { - "abbreviation": "jpe", - "recoveryServicesGeo": "jpe", - "timeDifference": "+9:00", - "timeZone": "Tokyo Standard Time" - }, - "japanwest": { - "abbreviation": "jpw", - "recoveryServicesGeo": "jpw", - "timeDifference": "+9:00", - "timeZone": "Tokyo Standard Time" - }, - "jioindiacentral": { - "abbreviation": "injc", - "recoveryServicesGeo": "jic", - "timeDifference": "+5:30", - "timeZone": "India Standard Time" - }, - "jioindiawest": { - "abbreviation": "injw", - "recoveryServicesGeo": "jiw", - "timeDifference": "+5:30", - "timeZone": "India Standard Time" - }, - "koreacentral": { - "abbreviation": "krc", - "recoveryServicesGeo": "krc", - "timeDifference": "+9:00", - "timeZone": "Korea Standard Time" - }, - "koreasouth": { - "abbreviation": "krs", - "recoveryServicesGeo": "krs", - "timeDifference": "+9:00", - "timeZone": "Korea Standard Time" - }, - "northcentralus": { - "abbreviation": "usnc", - "recoveryServicesGeo": "ncus", - "timeDifference": "-6:00", - "timeZone": "Central Standard Time" - }, - "northeurope": { - "abbreviation": "eun", - "recoveryServicesGeo": "ne", - "timeDifference": "0:00", - "timeZone": "GMT Standard Time" - }, - "norwayeast": { - "abbreviation": "noe", - "recoveryServicesGeo": "nwe", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "norwaywest": { - "abbreviation": "now", - "recoveryServicesGeo": "nww", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "polandcentral": { - "abbreviation": "plc", - "recoveryServicesGeo": "plc", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "qatarcentral": { - "abbreviation": "qac", - "recoveryServicesGeo": "qac", - "timeDifference": "+3:00", - "timeZone": "Arabian Standard Time" - }, - "southafricanorth": { - "abbreviation": "zan", - "recoveryServicesGeo": "san", - "timeDifference": "+2:00", - "timeZone": "South Africa Standard Time" - }, - "southafricawest": { - "abbreviation": "zaw", - "recoveryServicesGeo": "saw", - "timeDifference": "+2:00", - "timeZone": "South Africa Standard Time" - }, - "southcentralus": { - "abbreviation": "ussc", - "recoveryServicesGeo": "scus", - "timeDifference": "-6:00", - "timeZone": "Central Standard Time" - }, - "southeastasia": { - "abbreviation": "asse", - "recoveryServicesGeo": "sea", - "timeDifference": "+8:00", - "timeZone": "Singapore Standard Time" - }, - "southindia": { - "abbreviation": "ins", - "recoveryServicesGeo": "ins", - "timeDifference": "+5:30", - "timeZone": "India Standard Time" - }, - "swedencentral": { - "abbreviation": "sec", - "recoveryServicesGeo": "sdc", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "switzerlandnorth": { - "abbreviation": "chn", - "recoveryServicesGeo": "szn", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "switzerlandwest": { - "abbreviation": "chw", - "recoveryServicesGeo": "szw", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "uaecentral": { - "abbreviation": "aec", - "recoveryServicesGeo": "uac", - "timeDifference": "+3:00", - "timeZone": "Arabian Standard Time" - }, - "uaenorth": { - "abbreviation": "aen", - "recoveryServicesGeo": "uan", - "timeDifference": "+3:00", - "timeZone": "Arabian Standard Time" - }, - "uksouth": { - "abbreviation": "uks", - "recoveryServicesGeo": "uks", - "timeDifference": "0:00", - "timeZone": "GMT Standard Time" - }, - "ukwest": { - "abbreviation": "ukw", - "recoveryServicesGeo": "ukw", - "timeDifference": "0:00", - "timeZone": "GMT Standard Time" - }, - "westcentralus": { - "abbreviation": "uswc", - "recoveryServicesGeo": "wcus", - "timeDifference": "-7:00", - "timeZone": "Mountain Standard Time" - }, - "westeurope": { - "abbreviation": "euw", - "recoveryServicesGeo": "we", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "westindia": { - "abbreviation": "inw", - "recoveryServicesGeo": "inw", - "timeDifference": "+5:30", - "timeZone": "India Standard Time" - }, - "westus": { - "abbreviation": "usw", - "recoveryServicesGeo": "wus", - "timeDifference": "-8:00", - "timeZone": "Pacific Standard Time" - }, - "westus2": { - "abbreviation": "usw2", - "recoveryServicesGeo": "wus2", - "timeDifference": "-8:00", - "timeZone": "Pacific Standard Time" - }, - "westus3": { - "abbreviation": "usw3", - "recoveryServicesGeo": "wus3", - "timeDifference": "-7:00", - "timeZone": "Mountain Standard Time" - } - }, - "AzureUSGovernment": { - "usdodcentral": { - "abbreviation": "dodc", - "recoveryServicesGeo": "udc", - "timeDifference": "-6:00", - "timeZone": "Central Standard Time" - }, - "usdodeast": { - "abbreviation": "dode", - "recoveryServicesGeo": "ude", - "timeDifference": "-5:00", - "timeZone": "Eastern Standard Time" - }, - "usgovarizona": { - "abbreviation": "az", - "recoveryServicesGeo": "uga", - "timeDifference": "-7:00", - "timeZone": "Mountain Standard Time" - }, - "usgovtexas": { - "abbreviation": "tx", - "recoveryServicesGeo": "ugt", - "timeDifference": "-6:00", - "timeZone": "Central Standard Time" - }, - "usgovvirginia": { - "abbreviation": "va", - "recoveryServicesGeo": "ugv", - "timeDifference": "-5:00", - "timeZone": "Eastern Standard Time" - } - }, - "USNat": { - "usnateast": { - "abbreviation": "east", - "recoveryServicesGeo": "exe", - "timeDifference": "-5:00", - "timeZone": "Eastern Standard Time" - }, - "usnatwest": { - "abbreviation": "west", - "recoveryServicesGeo": "exw", - "timeDifference": "-8:00", - "timeZone": "Pacific Standard Time" - } - }, - "USSec": { - "usseceast": { - "abbreviation": "east", - "recoveryServicesGeo": "rxe", - "timeDifference": "-5:00", - "timeZone": "Eastern Standard Time" - }, - "ussecwest": { - "abbreviation": "west", - "recoveryServicesGeo": "rxw", - "timeDifference": "-8:00", - "timeZone": "Pacific Standard Time" - } - } - }, - "automationAccountPrivateDnsZoneResourceId": "[resourceId(split(parameters('hubVirtualNetworkResourceId'), '/')[2], split(parameters('hubVirtualNetworkResourceId'), '/')[4], 'Microsoft.Network/privateDnsZones', format('privatelink.azure-automation.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureAutomation')[environment().name], variables('cloudSuffix'))))]", - "cloudSuffix": "[replace(replace(environment().resourceManager, 'https://management.azure.', ''), '/', '')]", "keyVaultPrivateDnsZoneResourceId": "[resourceId(split(parameters('hubVirtualNetworkResourceId'), '/')[2], split(parameters('hubVirtualNetworkResourceId'), '/')[4], 'Microsoft.Network/privateDnsZones', replace(format('privatelink{0}', environment().suffixes.keyvaultDns), 'vault', 'vaultcore'))]", "imageDefinitionName": "[if(empty(parameters('computeGalleryImageResourceId')), format('{0}-{1}', parameters('imageDefinitionNamePrefix'), parameters('marketplaceImageSKU')), format('{0}-{1}', parameters('imageDefinitionNamePrefix'), split(parameters('computeGalleryImageResourceId'), '/')[10]))]", - "privateDnsZoneSuffixes_AzureAutomation": { - "AzureCloud": "net", - "AzureUSGovernment": "us", - "USNat": null, - "USSec": null - }, "subscriptionId": "[subscription().subscriptionId]", - "locations": "[variables('$fxv#0')[environment().name]]", "workloadName": "Imaging", "workloadShortName": "img" }, @@ -987,11 +594,18 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "15277826004755007051" + "version": "0.27.1.19265", + "templateHash": "6877974702104389401" } }, "parameters": { + "additionalSubnets": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "An array of additional subnets to support the tier3 workload." + } + }, "deployActivityLogDiagnosticSetting": { "type": "bool", "metadata": { @@ -1060,6 +674,22 @@ "description": "The identifier for the resource names. This value should represent the workload, project, or business unit." } }, + "keyVaultDiagnosticsLogs": { + "type": "array", + "defaultValue": [ + { + "category": "AuditEvent", + "enabled": true + }, + { + "category": "AzurePolicyEvaluationDetails", + "enabled": true + } + ], + "metadata": { + "description": "An array of Key Vault Diagnostic Logs categories to collect. See \"https://learn.microsoft.com/en-us/azure/key-vault/general/logging?tabs=Vault\" for valid values." + } + }, "location": { "type": "string", "defaultValue": "[deployment().location]", @@ -1112,10 +742,18 @@ }, "policy": { "type": "string", + "defaultValue": "NISTRev4", "metadata": { "description": "The policy to assign to the workload." } }, + "stampIndex": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "The stamp index allows for multiple AVD stamps with the same business unit or project to support different use cases." + } + }, "subnetAddressPrefix": { "type": "string", "metadata": { @@ -1151,7 +789,7 @@ }, "workloadName": { "type": "string", - "defaultValue": "Tier3", + "defaultValue": "tier3", "minLength": 1, "maxLength": 10, "metadata": { @@ -1169,18 +807,6 @@ } }, "variables": { - "$fxv#0": "1.0.0", - "environmentName": { - "dev": "Development", - "prod": "Production", - "test": "Test" - }, - "mlzTags": { - "environment": "[variables('environmentName')[parameters('environmentAbbreviation')]]", - "identifier": "[parameters('identifier')]", - "workloadName": "[format('MissionLandingZone-{0}', parameters('workloadName'))]", - "workloadVersion": "[variables('$fxv#0')]" - }, "hubResourceGroupName": "[split(parameters('hubVirtualNetworkResourceId'), '/')[4]]", "hubSubscriptionId": "[split(parameters('hubVirtualNetworkResourceId'), '/')[2]]", "subscriptionId": "[subscription().subscriptionId]" @@ -1189,7 +815,7 @@ { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('get-naming-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))]", + "name": "[format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))]", "location": "[deployment().location]", "properties": { "expressionEvaluationOptions": { @@ -1197,14 +823,37 @@ }, "mode": "Incremental", "parameters": { + "deploymentNameSuffix": { + "value": "[parameters('deploymentNameSuffix')]" + }, "environmentAbbreviation": { "value": "[parameters('environmentAbbreviation')]" }, "location": { "value": "[parameters('location')]" }, + "networks": { + "value": [ + { + "name": "[parameters('workloadName')]", + "shortName": "[parameters('workloadShortName')]", + "deployUniqueResources": false, + "subscriptionId": "[variables('subscriptionId')]", + "nsgDiagLogs": "[parameters('networkSecurityGroupDiagnosticsLogs')]", + "nsgDiagMetrics": "[parameters('networkSecurityGroupDiagnosticsMetrics')]", + "nsgRules": "[parameters('networkSecurityGroupRules')]", + "vnetAddressPrefix": "[parameters('virtualNetworkAddressPrefix')]", + "vnetDiagLogs": "[parameters('virtualNetworkDiagnosticsLogs')]", + "vnetDiagMetrics": "[parameters('virtualNetworkDiagnosticsMetrics')]", + "subnetAddressPrefix": "[parameters('subnetAddressPrefix')]" + } + ] + }, "resourcePrefix": { "value": "[parameters('identifier')]" + }, + "stampIndex": { + "value": "[parameters('stampIndex')]" } }, "template": { @@ -1213,22 +862,39 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "11837208542925912913" + "version": "0.27.1.19265", + "templateHash": "11171233226932915639" } }, "parameters": { + "deploymentNameSuffix": { + "type": "string" + }, "environmentAbbreviation": { "type": "string" }, "location": { "type": "string" }, + "networks": { + "type": "array" + }, "resourcePrefix": { "type": "string" + }, + "stampIndex": { + "type": "string", + "defaultValue": "" } }, "variables": { + "copy": [ + { + "name": "privateDnsZoneNames_Backup", + "count": "[length(items(variables('locations')))]", + "input": "[format('privatelink.{0}.backup.windowsazure.{1}', items(variables('locations'))[copyIndex('privateDnsZoneNames_Backup')].value.recoveryServicesGeo, coalesce(variables('privateDnsZoneSuffixes_Backup')[environment().name], variables('cloudSuffix')))]" + } + ], "$fxv#0": { "AzureChina": { "chinaeast": { @@ -1613,8 +1279,10 @@ } } }, - "$fxv#1": { + "$fxv#1": "1.0.0", + "$fxv#2": { "actionGroups": "ag", + "applicationGroups": "vdag", "automationAccounts": "aa", "availabilitySets": "avail", "azureFirewalls": "afw", @@ -1622,7 +1290,6 @@ "computeGallieries": "cg", "dataCollectionRuleAssociations": "dcra", "dataCollectionRules": "dcr", - "desktopApplicationGroups": "vdag", "diagnosticSettings": "diag", "diskAccesses": "da", "diskEncryptionSets": "des", @@ -1651,200 +1318,260 @@ "virtualNetworks": "vnet", "workspaces": "vdws" }, + "cloudSuffix": "[replace(replace(environment().resourceManager, 'https://management.', ''), '/', '')]", + "environmentName": { + "dev": "Development", + "prod": "Production", + "test": "Test" + }, "locations": "[variables('$fxv#0')[environment().name]]", - "locationAbbreviation": "[variables('locations')[parameters('location')].abbreviation]", - "resourceAbbreviations": "[variables('$fxv#1')]", - "resourceToken": "resource_token", - "serviceToken": "service_token", - "networkToken": "network_token", - "namingConvention": "[format('{0}-{1}-{2}-{3}-{4}-{5}', toLower(parameters('resourcePrefix')), variables('resourceToken'), variables('serviceToken'), variables('networkToken'), parameters('environmentAbbreviation'), variables('locationAbbreviation'))]", - "actionGroupNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').actionGroups)]", - "automationAccountNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').automationAccounts)]", - "bastionHostNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').bastionHosts)]", - "computeGalleryNamingConvention": "[replace(replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').computeGallieries), '-', '_')]", - "diskEncryptionSetNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').diskEncryptionSets)]", - "diskNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').disks)]", - "firewallNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').azureFirewalls)]", - "firewallPolicyNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').firewallPolicies)]", - "ipConfigurationNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').ipConfigurations)]", - "keyVaultNamingConvention": "[format('{0}unique_token', replace(replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').keyVaults), '-', ''))]", - "logAnalyticsWorkspaceNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').logAnalyticsWorkspaces)]", - "networkInterfaceNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').networkInterfaces)]", - "networkSecurityGroupNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').networkSecurityGroups)]", - "networkWatcherNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').networkWatchers)]", - "privateEndpointNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').privateEndpoints)]", - "privateLinkScopeName": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').privateLinkScopes)]", - "publicIpAddressNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').publicIPAddresses)]", - "resourceGroupNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').resourceGroups)]", - "routeTableNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').routeTables)]", - "storageAccountNamingConvention": "[toLower(format('{0}unique_token', replace(replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').storageAccounts), '-', '')))]", - "subnetNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').subnets)]", - "userAssignedIdentityNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').userAssignedIdentities)]", - "virtualMachineNamingConvention": "[replace(replace(replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').virtualMachines), '-', ''), parameters('environmentAbbreviation'), first(parameters('environmentAbbreviation')))]", - "virtualNetworkNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').virtualNetworks)]" - }, - "resources": [], - "outputs": { - "resources": { - "type": "object", - "value": { - "actionGroup": "[variables('actionGroupNamingConvention')]", - "automationAccount": "[variables('automationAccountNamingConvention')]", - "bastionHost": "[variables('bastionHostNamingConvention')]", - "computeGallery": "[variables('computeGalleryNamingConvention')]", - "diskEncryptionSet": "[variables('diskEncryptionSetNamingConvention')]", - "disk": "[variables('diskNamingConvention')]", - "firewall": "[variables('firewallNamingConvention')]", - "firewallPolicy": "[variables('firewallPolicyNamingConvention')]", - "ipConfiguration": "[variables('ipConfigurationNamingConvention')]", - "keyVault": "[variables('keyVaultNamingConvention')]", - "logAnalyticsWorkspace": "[variables('logAnalyticsWorkspaceNamingConvention')]", - "networkInterface": "[variables('networkInterfaceNamingConvention')]", - "networkSecurityGroup": "[variables('networkSecurityGroupNamingConvention')]", - "networkWatcher": "[variables('networkWatcherNamingConvention')]", - "privateEndpoint": "[variables('privateEndpointNamingConvention')]", - "privateLinkScope": "[variables('privateLinkScopeName')]", - "publicIpAddress": "[variables('publicIpAddressNamingConvention')]", - "resourceGroup": "[variables('resourceGroupNamingConvention')]", - "routeTable": "[variables('routeTableNamingConvention')]", - "storageAccount": "[variables('storageAccountNamingConvention')]", - "subnet": "[variables('subnetNamingConvention')]", - "userAssignedIdentity": "[variables('userAssignedIdentityNamingConvention')]", - "virtualMachine": "[variables('virtualMachineNamingConvention')]", - "virtualNetwork": "[variables('virtualNetworkNamingConvention')]" - } + "mlzTags": { + "environment": "[variables('environmentName')[parameters('environmentAbbreviation')]]", + "landingZoneName": "MissionLandingZone", + "landingZoneVersion": "[variables('$fxv#1')]", + "resourcePrefix": "[parameters('resourcePrefix')]" }, + "resourceAbbreviations": "[variables('$fxv#2')]", "tokens": { - "type": "object", - "value": { - "resource": "[variables('resourceToken')]", - "service": "[variables('serviceToken')]", - "network": "[variables('networkToken')]" - } + "resource": "resource_token", + "service": "service_token" + }, + "privateDnsZoneNames": "[union(createArray(format('privatelink.agentsvc.azure-automation.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureAutomation')[environment().name], variables('cloudSuffix'))), format('privatelink.azure-automation.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureAutomation')[environment().name], variables('cloudSuffix'))), format('privatelink.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureWebSites')[environment().name], format('appservice.{0}', variables('cloudSuffix')))), format('scm.privatelink.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureWebSites')[environment().name], format('appservice.{0}', variables('cloudSuffix')))), format('privatelink.wvd.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureVirtualDesktop')[environment().name], variables('cloudSuffix'))), format('privatelink-global.wvd.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureVirtualDesktop')[environment().name], variables('cloudSuffix'))), format('privatelink.file.{0}', environment().suffixes.storage), format('privatelink.queue.{0}', environment().suffixes.storage), format('privatelink.table.{0}', environment().suffixes.storage), format('privatelink.blob.{0}', environment().suffixes.storage), format('privatelink{0}', replace(environment().suffixes.keyvaultDns, 'vault', 'vaultcore')), format('privatelink.monitor.{0}', coalesce(variables('privateDnsZoneSuffixes_Monitor')[environment().name], variables('cloudSuffix'))), format('privatelink.ods.opinsights.{0}', coalesce(variables('privateDnsZoneSuffixes_Monitor')[environment().name], variables('cloudSuffix'))), format('privatelink.oms.opinsights.{0}', coalesce(variables('privateDnsZoneSuffixes_Monitor')[environment().name], variables('cloudSuffix')))), variables('privateDnsZoneNames_Backup'))]", + "privateDnsZoneSuffixes_AzureAutomation": { + "AzureCloud": "net", + "AzureUSGovernment": "us", + "USNat": null, + "USSec": null + }, + "privateDnsZoneSuffixes_AzureVirtualDesktop": { + "AzureCloud": "microsoft.com", + "AzureUSGovernment": "azure.us", + "USNat": null, + "USSec": null + }, + "privateDnsZoneSuffixes_AzureWebSites": { + "AzureCloud": "azurewebsites.net", + "AzureUSGovernment": "azurewebsites.us", + "USNat": null, + "USSec": null + }, + "privateDnsZoneSuffixes_Backup": { + "AzureCloud": "com", + "AzureUSGovernment": "us", + "USNat": null, + "USSec": null + }, + "privateDnsZoneSuffixes_Monitor": { + "AzureCloud": "azure.com", + "AzureUSGovernment": "azure.us", + "USNat": null, + "USSec": null } - } - } - } - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))]", - "location": "[deployment().location]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "environmentAbbreviation": { - "value": "[parameters('environmentAbbreviation')]" - }, - "resourcePrefix": { - "value": "[parameters('identifier')]" - }, - "resources": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-naming-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.resources.value]" - }, - "subscriptionId": { - "value": "[variables('subscriptionId')]" - }, - "tokens": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-naming-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value]" - }, - "workloadName": { - "value": "[toLower(parameters('workloadName'))]" }, - "workloadShortName": { - "value": "[parameters('workloadShortName')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "2888361491405108203" + "resources": [ + { + "copy": { + "name": "namingConventions", + "count": "[length(parameters('networks'))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('naming-convention-{0}-{1}', parameters('networks')[copyIndex()].name, parameters('deploymentNameSuffix'))]", + "location": "[deployment().location]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "locationAbbreviation": { + "value": "[variables('locations')[parameters('location')].abbreviation]" + }, + "environmentAbbreviation": { + "value": "[parameters('environmentAbbreviation')]" + }, + "networkName": { + "value": "[parameters('networks')[copyIndex()].name]" + }, + "networkShortName": { + "value": "[parameters('networks')[copyIndex()].shortName]" + }, + "resourceAbbreviations": { + "value": "[variables('resourceAbbreviations')]" + }, + "resourcePrefix": { + "value": "[parameters('resourcePrefix')]" + }, + "stampIndex": { + "value": "[parameters('stampIndex')]" + }, + "subscriptionId": { + "value": "[parameters('networks')[copyIndex()].subscriptionId]" + }, + "tokens": { + "value": "[variables('tokens')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "13218155481958331255" + } + }, + "parameters": { + "environmentAbbreviation": { + "type": "string" + }, + "locationAbbreviation": { + "type": "string" + }, + "networkName": { + "type": "string" + }, + "networkShortName": { + "type": "string" + }, + "resourceAbbreviations": { + "type": "object" + }, + "resourcePrefix": { + "type": "string" + }, + "stampIndex": { + "type": "string", + "defaultValue": "" + }, + "subscriptionId": { + "type": "string" + }, + "tokens": { + "type": "object" + } + }, + "variables": { + "namingConvention": "[format('{0}-{1}{2}-{3}-{4}-{5}', toLower(parameters('resourcePrefix')), if(empty(parameters('stampIndex')), '', format('{0}-', parameters('stampIndex'))), parameters('tokens').resource, parameters('networkName'), parameters('environmentAbbreviation'), parameters('locationAbbreviation'))]", + "namingConvention_Service": "[format('{0}-{1}{2}-{3}-{4}-{5}-{6}', toLower(parameters('resourcePrefix')), if(empty(parameters('stampIndex')), '', format('{0}-', parameters('stampIndex'))), parameters('tokens').resource, parameters('tokens').service, parameters('networkName'), parameters('environmentAbbreviation'), parameters('locationAbbreviation'))]", + "names": { + "actionGroup": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').actionGroups)]", + "applicationGroup": "[replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').applicationGroups)]", + "automationAccount": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').automationAccounts)]", + "automationAccountDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, parameters('resourceAbbreviations').automationAccounts)]", + "automationAccountNetworkInterface": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, parameters('resourceAbbreviations').automationAccounts)]", + "automationAccountPrivateEndpoint": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').privateEndpoints), parameters('tokens').service, parameters('resourceAbbreviations').automationAccounts)]", + "availabilitySet": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').availabilitySets)]", + "azureFirewall": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').azureFirewalls)]", + "azureFirewallClientPublicIPAddress": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').publicIpAddresses), parameters('tokens').service, format('client-{0}', parameters('resourceAbbreviations').azureFirewalls))]", + "azureFirewallClientPublicIPAddressDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, format('{0}-client-{1}', parameters('resourceAbbreviations').publicIpAddresses, parameters('resourceAbbreviations').azureFirewalls))]", + "azureFirewallDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, parameters('resourceAbbreviations').azureFirewalls)]", + "azureFirewallManagementPublicIPAddress": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').publicIpAddresses), parameters('tokens').service, format('mgmt-{0}', parameters('resourceAbbreviations').azureFirewalls))]", + "azureFirewallManagementPublicIPAddressDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, format('{0}-mgmt-{1}', parameters('resourceAbbreviations').publicIpAddresses, parameters('resourceAbbreviations').azureFirewalls))]", + "azureFirewallPolicy": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').firewallPolicies)]", + "bastionHost": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').bastionHosts)]", + "bastionHostPublicIPAddress": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').publicIpAddresses), parameters('tokens').service, parameters('resourceAbbreviations').bastionHosts)]", + "bastionHostPublicIPAddressDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, format('{0}-{1}', parameters('resourceAbbreviations').publicIpAddresses, parameters('resourceAbbreviations').bastionHosts))]", + "computeGallery": "[replace(replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').computeGallieries), '-', '_')]", + "dataCollectionRuleAssociation": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').dataCollectionRuleAssociations)]", + "dataCollectionRule": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').dataCollectionRules)]", + "diskAccess": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').diskAccesses)]", + "diskEncryptionSet": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').diskEncryptionSets)]", + "hostPool": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').hostPools)]", + "hostPoolDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, parameters('resourceAbbreviations').hostPools)]", + "hostPoolNetworkInterface": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, parameters('resourceAbbreviations').hostPools)]", + "hostPoolPrivateEndpoint": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').privateEndpoints), parameters('tokens').service, parameters('resourceAbbreviations').hostPools)]", + "keyVault": "[format('{0}{1}', replace(replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').keyVaults), '-', ''), parameters('networkName'), parameters('networkShortName')), uniqueString(parameters('resourcePrefix'), parameters('environmentAbbreviation'), parameters('subscriptionId')))]", + "keyVaultDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, format('{0}{1}', parameters('tokens').service, parameters('resourceAbbreviations').keyVaults))]", + "keyVaultNetworkInterface": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, format('{0}{1}', parameters('tokens').service, parameters('resourceAbbreviations').keyVaults))]", + "keyVaultPrivateEndpoint": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').privateEndpoints), parameters('tokens').service, format('{0}{1}', parameters('tokens').service, parameters('resourceAbbreviations').keyVaults))]", + "logAnalyticsWorkspace": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').logAnalyticsWorkspaces)]", + "logAnalyticsWorkspaceDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, parameters('resourceAbbreviations').logAnalyticsWorkspaces)]", + "netAppAccountCapacityPool": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').netAppCapacityPools)]", + "netAppAccount": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').netAppAccounts)]", + "networkSecurityGroup": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').networkSecurityGroups)]", + "networkSecurityGroupDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, parameters('resourceAbbreviations').networkSecurityGroups)]", + "networkWatcher": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').networkWatchers)]", + "privateLinkScope": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').privateLinkScopes)]", + "privateLinkScopeNetworkInterface": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, parameters('resourceAbbreviations').privateLinkScopes)]", + "privateLinkScopePrivateEndpoint": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').privateEndpoints), parameters('tokens').service, parameters('resourceAbbreviations').privateLinkScopes)]", + "recoveryServicesVault": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').recoveryServicesVaults)]", + "recoveryServicesNetworkInterface": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, parameters('resourceAbbreviations').recoveryServicesVaults)]", + "recoveryServicesPrivateEndpoint": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').privateEndpoints), parameters('tokens').service, parameters('resourceAbbreviations').recoveryServicesVaults)]", + "resourceGroup": "[replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').resourceGroups)]", + "routeTable": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').routeTables)]", + "storageAccount": "[toLower(take(format('{0}{1}', replace(replace(replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').storageAccounts), parameters('networkName'), parameters('networkShortName')), '-', ''), uniqueString(parameters('resourcePrefix'), parameters('environmentAbbreviation'), parameters('subscriptionId'))), 24))]", + "storageAccountNetworkInterface": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').storageAccounts))]", + "storageAccountPrivateEndpoint": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').privateEndpoints), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').storageAccounts))]", + "subnet": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').subnets)]", + "userAssignedIdentity": "[replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').userAssignedIdentities)]", + "virtualMachine": "[replace(replace(replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').virtualMachines), parameters('environmentAbbreviation'), first(parameters('environmentAbbreviation'))), parameters('networkName'), ''), '-', '')]", + "virtualMachineDisk": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').disks), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').virtualMachines))]", + "virtualMachineNetworkInterface": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').virtualMachines))]", + "virtualNetwork": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').virtualNetworks)]", + "virtualNetworkDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, parameters('resourceAbbreviations').virtualNetworks)]", + "workspaceFeed": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').workspaces), format('-{0}', parameters('stampIndex')), '')]", + "workspaceFeedDiagnosticSetting": "[replace(replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').workspaces)), format('-{0}', parameters('stampIndex')), '')]", + "workspaceFeedNetworkInterface": "[replace(replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').workspaces)), format('-{0}', parameters('stampIndex')), '')]", + "workspaceFeedPrivateEndpoint": "[replace(replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').privateEndpoints), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').workspaces)), format('-{0}', parameters('stampIndex')), '')]", + "workspaceGlobal": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').workspaces), format('-{0}', parameters('stampIndex')), '')]", + "workspaceGlobalDiagnosticSetting": "[replace(replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').workspaces)), format('-{0}', parameters('stampIndex')), '')]", + "workspaceGlobalNetworkInterface": "[replace(replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').workspaces)), format('-{0}', parameters('stampIndex')), '')]", + "workspaceGlobalPrivateEndpoint": "[replace(replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').privateEndpoints), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').workspaces)), format('-{0}', parameters('stampIndex')), '')]" + } + }, + "resources": [], + "outputs": { + "names": { + "type": "object", + "value": "[variables('names')]" + } + } + } + } } - }, - "parameters": { - "environmentAbbreviation": { - "type": "string" + ], + "outputs": { + "locationProperties": { + "type": "object", + "value": "[variables('locations')[parameters('location')]]" }, - "subscriptionId": { - "type": "string" + "mlzTags": { + "type": "object", + "value": "[variables('mlzTags')]" }, - "resourcePrefix": { - "type": "string" + "privateDnsZones": { + "type": "array", + "value": "[variables('privateDnsZoneNames')]" }, - "resources": { - "type": "object" + "tiers": { + "type": "array", + "copy": { + "count": "[length(parameters('networks'))]", + "input": { + "name": "[parameters('networks')[copyIndex()].name]", + "shortName": "[parameters('networks')[copyIndex()].shortName]", + "deployUniqueResources": "[parameters('networks')[copyIndex()].deployUniqueResources]", + "subscriptionId": "[parameters('networks')[copyIndex()].subscriptionId]", + "nsgDiagLogs": "[parameters('networks')[copyIndex()].nsgDiagLogs]", + "nsgDiagMetrics": "[parameters('networks')[copyIndex()].nsgDiagMetrics]", + "nsgRules": "[parameters('networks')[copyIndex()].nsgRules]", + "vnetAddressPrefix": "[parameters('networks')[copyIndex()].vnetAddressPrefix]", + "vnetDiagLogs": "[parameters('networks')[copyIndex()].vnetDiagLogs]", + "vnetDiagMetrics": "[parameters('networks')[copyIndex()].vnetDiagMetrics]", + "subnetAddressPrefix": "[parameters('networks')[copyIndex()].subnetAddressPrefix]", + "namingConvention": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('naming-convention-{0}-{1}', parameters('networks')[copyIndex()].name, parameters('deploymentNameSuffix'))), '2022-09-01').outputs.names.value]" + } + } }, "tokens": { - "type": "object" - }, - "workloadName": { - "type": "string" - }, - "workloadShortName": { - "type": "string" - } - }, - "variables": { - "network": { - "name": "[parameters('workloadName')]", - "subscriptionId": "[parameters('subscriptionId')]", - "resourceGroupName": "[replace(replace(parameters('resources').resourceGroup, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, parameters('workloadName'))]", - "deployUniqueResources": true, - "actionGroupName": "[replace(replace(parameters('resources').actionGroup, parameters('tokens').service, ''), parameters('tokens').network, parameters('workloadName'))]", - "automationAccountName": "[replace(replace(parameters('resources').automationAccount, parameters('tokens').service, ''), parameters('tokens').network, parameters('workloadName'))]", - "bastionHostIPConfigurationName": "[replace(replace(parameters('resources').ipConfiguration, parameters('tokens').service, 'bas'), parameters('tokens').network, parameters('workloadName'))]", - "bastionHostName": "[replace(replace(parameters('resources').bastionHost, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, parameters('workloadName'))]", - "bastionHostPublicIPAddressName": "[replace(replace(parameters('resources').publicIpAddress, parameters('tokens').service, 'bas'), parameters('tokens').network, parameters('workloadName'))]", - "computeGalleryName": "[replace(replace(parameters('resources').computeGallery, format('_{0}', parameters('tokens').service), ''), parameters('tokens').network, parameters('workloadName'))]", - "diskEncryptionSetName": "[replace(replace(parameters('resources').diskEncryptionSet, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, parameters('workloadName'))]", - "firewallClientIpConfigurationName": "[replace(replace(parameters('resources').ipConfiguration, parameters('tokens').service, 'client-afw'), parameters('tokens').network, parameters('workloadName'))]", - "firewallClientPublicIPAddressName": "[replace(replace(parameters('resources').publicIpAddress, parameters('tokens').service, 'client-afw'), parameters('tokens').network, parameters('workloadName'))]", - "firewallManagementIpConfigurationName": "[replace(replace(parameters('resources').ipConfiguration, parameters('tokens').service, 'mgmt-afw'), parameters('tokens').network, parameters('workloadName'))]", - "firewallManagementPublicIPAddressName": "[replace(replace(parameters('resources').publicIpAddress, parameters('tokens').service, 'mgmt-afw'), parameters('tokens').network, parameters('workloadName'))]", - "firewallName": "[replace(replace(parameters('resources').firewall, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, parameters('workloadName'))]", - "firewallPolicyName": "[replace(replace(parameters('resources').firewallPolicy, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, parameters('workloadName'))]", - "keyVaultName": "[take(replace(replace(replace(parameters('resources').keyVault, parameters('tokens').service, ''), parameters('tokens').network, parameters('workloadShortName')), 'unique_token', uniqueString(parameters('resourcePrefix'), parameters('environmentAbbreviation'), parameters('subscriptionId'))), 24)]", - "keyVaultNetworkInterfaceName": "[replace(replace(parameters('resources').networkInterface, parameters('tokens').service, 'kv'), parameters('tokens').network, parameters('workloadName'))]", - "keyVaultPrivateEndpointName": "[replace(replace(parameters('resources').privateEndpoint, parameters('tokens').service, 'kv'), parameters('tokens').network, parameters('workloadName'))]", - "linuxDiskName": "[replace(replace(parameters('resources').disk, parameters('tokens').service, 'linux'), parameters('tokens').network, parameters('workloadName'))]", - "linuxNetworkInterfaceIpConfigurationName": "[replace(replace(parameters('resources').ipConfiguration, parameters('tokens').service, 'linux'), parameters('tokens').network, parameters('workloadName'))]", - "linuxNetworkInterfaceName": "[replace(replace(parameters('resources').networkInterface, parameters('tokens').service, 'linux'), parameters('tokens').network, parameters('workloadName'))]", - "linuxVmName": "[replace(replace(parameters('resources').virtualMachine, parameters('tokens').service, format('l{0}', parameters('tokens').service)), parameters('tokens').network, parameters('workloadShortName'))]", - "logStorageAccountName": "[take(replace(replace(replace(parameters('resources').storageAccount, parameters('tokens').service, ''), parameters('tokens').network, parameters('workloadShortName')), 'unique_token', uniqueString(parameters('resourcePrefix'), parameters('environmentAbbreviation'), parameters('subscriptionId'))), 24)]", - "logStorageAccountNetworkInterfaceNamePrefix": "[replace(replace(parameters('resources').networkInterface, parameters('tokens').service, format('{0}-st', parameters('tokens').service)), parameters('tokens').network, parameters('workloadName'))]", - "logStorageAccountPrivateEndpointNamePrefix": "[replace(replace(parameters('resources').privateEndpoint, parameters('tokens').service, format('{0}-st', parameters('tokens').service)), parameters('tokens').network, parameters('workloadName'))]", - "networkSecurityGroupName": "[replace(replace(parameters('resources').networkSecurityGroup, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, parameters('workloadName'))]", - "networkWatcherName": "[replace(replace(parameters('resources').networkWatcher, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, parameters('workloadName'))]", - "routeTableName": "[replace(replace(parameters('resources').routeTable, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, parameters('workloadName'))]", - "subnetName": "[replace(replace(parameters('resources').subnet, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, parameters('workloadName'))]", - "userAssignedIdentityName": "[replace(replace(parameters('resources').userAssignedIdentity, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, parameters('workloadName'))]", - "virtualNetworkName": "[replace(replace(parameters('resources').virtualNetwork, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, parameters('workloadName'))]", - "windowsDiskName": "[replace(replace(parameters('resources').disk, parameters('tokens').service, 'windows'), parameters('tokens').network, parameters('workloadName'))]", - "windowsNetworkInterfaceIpConfigurationName": "[replace(replace(parameters('resources').ipConfiguration, parameters('tokens').service, 'windows'), parameters('tokens').network, parameters('workloadName'))]", - "windowsNetworkInterfaceName": "[replace(replace(parameters('resources').networkInterface, parameters('tokens').service, 'windows'), parameters('tokens').network, parameters('workloadName'))]", - "windowsVmName": "[replace(replace(parameters('resources').virtualMachine, parameters('tokens').service, format('w{0}', parameters('tokens').service)), parameters('tokens').network, parameters('workloadShortName'))]" - } - }, - "resources": [], - "outputs": { - "network": { "type": "object", - "value": "[variables('network')]" + "value": "[variables('tokens')]" } } } - }, - "dependsOn": [ - "[subscriptionResourceId('Microsoft.Resources/deployments', format('get-naming-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]" - ] + } }, { "type": "Microsoft.Resources/deployments", @@ -1861,10 +1588,10 @@ "value": "[parameters('location')]" }, "mlzTags": { - "value": "[variables('mlzTags')]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.mlzTags.value]" }, "name": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.network.value.resourceGroupName]" + "value": "[replace(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value[0].namingConvention.resourceGroup, reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value.service, 'network')]" }, "tags": { "value": "[parameters('tags')]" @@ -1876,8 +1603,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "15837787188813527331" + "version": "0.27.1.19265", + "templateHash": "11578255285976861685" } }, "parameters": { @@ -1939,6 +1666,9 @@ }, "mode": "Incremental", "parameters": { + "additionalSubnets": { + "value": "[parameters('additionalSubnets')]" + }, "deploymentNameSuffix": { "value": "[parameters('deploymentNameSuffix')]" }, @@ -1955,22 +1685,22 @@ "value": "[parameters('location')]" }, "mlzTags": { - "value": "[variables('mlzTags')]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.mlzTags.value]" }, "networkSecurityGroupName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.network.value.networkSecurityGroupName]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value[0].namingConvention.networkSecurityGroup]" }, "networkSecurityGroupRules": { "value": "[parameters('networkSecurityGroupRules')]" }, "networkWatcherName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.network.value.networkWatcherName]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value[0].namingConvention.networkWatcher]" }, "resourceGroupName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.network.value.resourceGroupName]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" }, "routeTableName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.network.value.routeTableName]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value[0].namingConvention.routeTable]" }, "routeTableRouteNextHopIpAddress": { "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('firewallResourceId'), '/')[2], split(parameters('firewallResourceId'), '/')[4]), 'Microsoft.Network/azureFirewalls', split(parameters('firewallResourceId'), '/')[8]), '2020-11-01').ipConfigurations[0].properties.privateIPAddress]" @@ -1979,7 +1709,7 @@ "value": "[parameters('subnetAddressPrefix')]" }, "subnetName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.network.value.subnetName]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value[0].namingConvention.subnet]" }, "subscriptionId": { "value": "[variables('subscriptionId')]" @@ -1991,7 +1721,7 @@ "value": "[parameters('virtualNetworkAddressPrefix')]" }, "virtualNetworkName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.network.value.virtualNetworkName]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value[0].namingConvention.virtualNetwork]" }, "vNetDnsServers": { "value": [ @@ -2011,11 +1741,14 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "5206820343027478458" + "version": "0.27.1.19265", + "templateHash": "3012486009507231873" } }, "parameters": { + "additionalSubnets": { + "type": "array" + }, "deploymentNameSuffix": { "type": "string" }, @@ -2085,14 +1818,16 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "spokeNetwork", - "subscriptionId": "[parameters('subscriptionId')]", - "resourceGroup": "[parameters('resourceGroupName')]", + "location": "[deployment().location]", "properties": { "expressionEvaluationOptions": { "scope": "inner" }, "mode": "Incremental", "parameters": { + "additionalSubnets": { + "value": "[parameters('additionalSubnets')]" + }, "deployNetworkWatcher": { "value": "[parameters('deployNetworkWatcher')]" }, @@ -2114,6 +1849,9 @@ "networkWatcherName": { "value": "[parameters('networkWatcherName')]" }, + "resourceGroupName": { + "value": "[parameters('resourceGroupName')]" + }, "routeTableName": { "value": "[parameters('routeTableName')]" }, @@ -2126,11 +1864,8 @@ "subnetName": { "value": "[parameters('subnetName')]" }, - "subnetPrivateEndpointNetworkPolicies": { - "value": "Disabled" - }, - "subnetPrivateLinkServiceNetworkPolicies": { - "value": "Disabled" + "subscriptionId": { + "value": "[parameters('subscriptionId')]" }, "tags": { "value": "[parameters('tags')]" @@ -2146,16 +1881,20 @@ } }, "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "9443806356306142434" + "version": "0.27.1.19265", + "templateHash": "4742978871908330688" } }, "parameters": { + "additionalSubnets": { + "type": "array", + "defaultValue": [] + }, "deployNetworkWatcher": { "type": "bool" }, @@ -2177,34 +1916,22 @@ "networkWatcherName": { "type": "string" }, - "routeTableName": { + "resourceGroupName": { "type": "string" }, - "routeTableRouteName": { - "type": "string", - "defaultValue": "default_route" - }, - "routeTableRouteAddressPrefix": { - "type": "string", - "defaultValue": "0.0.0.0/0" + "routeTableName": { + "type": "string" }, "routeTableRouteNextHopIpAddress": { "type": "string" }, - "routeTableRouteNextHopType": { - "type": "string", - "defaultValue": "VirtualAppliance" - }, "subnetAddressPrefix": { "type": "string" }, "subnetName": { "type": "string" }, - "subnetPrivateEndpointNetworkPolicies": { - "type": "string" - }, - "subnetPrivateLinkServiceNetworkPolicies": { + "subscriptionId": { "type": "string" }, "tags": { @@ -2220,11 +1947,28 @@ "type": "array" } }, + "variables": { + "delegations": { + "AzureNetAppFiles": [ + { + "name": "Microsoft.Netapp.volumes", + "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets/delegations', parameters('virtualNetworkName'), 'AzureNetAppFiles', 'Microsoft.Netapp.volumes')]", + "properties": { + "serviceName": "Microsoft.Netapp/volumes" + }, + "type": "Microsoft.Network/virtualNetworks/subnets/delegations" + } + ] + }, + "subnets": "[union(createArray(createObject('name', parameters('subnetName'), 'properties', createObject('addressPrefix', parameters('subnetAddressPrefix')))), parameters('additionalSubnets'))]" + }, "resources": [ { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "networkSecurityGroup", + "subscriptionId": "[parameters('subscriptionId')]", + "resourceGroup": "[parameters('resourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -2253,8 +1997,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "13414814252968710669" + "version": "0.27.1.19265", + "templateHash": "12935581119437417634" } }, "parameters": { @@ -2303,6 +2047,8 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "routeTable", + "subscriptionId": "[parameters('subscriptionId')]", + "resourceGroup": "[parameters('resourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -2321,18 +2067,9 @@ "name": { "value": "[parameters('routeTableName')]" }, - "routeAddressPrefix": { - "value": "[parameters('routeTableRouteAddressPrefix')]" - }, - "routeName": { - "value": "[parameters('routeTableRouteName')]" - }, "routeNextHopIpAddress": { "value": "[parameters('routeTableRouteNextHopIpAddress')]" }, - "routeNextHopType": { - "value": "[parameters('routeTableRouteNextHopType')]" - }, "tags": { "value": "[parameters('tags')]" } @@ -2343,8 +2080,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "8969815603564770173" + "version": "0.27.1.19265", + "templateHash": "18262399193161292353" } }, "parameters": { @@ -2361,16 +2098,19 @@ "type": "string" }, "routeAddressPrefix": { - "type": "string" + "type": "string", + "defaultValue": "0.0.0.0/0" }, "routeName": { - "type": "string" + "type": "string", + "defaultValue": "default_route" }, "routeNextHopIpAddress": { "type": "string" }, "routeNextHopType": { - "type": "string" + "type": "string", + "defaultValue": "VirtualAppliance" }, "tags": { "type": "object" @@ -2416,6 +2156,8 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "networkWatcher", + "subscriptionId": "[parameters('subscriptionId')]", + "resourceGroup": "[parameters('resourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -2441,8 +2183,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "6425343849060009850" + "version": "0.27.1.19265", + "templateHash": "13830033528097307473" } }, "parameters": { @@ -2476,6 +2218,8 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "virtualNetwork", + "subscriptionId": "[parameters('subscriptionId')]", + "resourceGroup": "[parameters('resourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -2495,20 +2239,11 @@ "value": "[parameters('virtualNetworkName')]" }, "subnets": { - "value": [ + "copy": [ { - "name": "[parameters('subnetName')]", - "properties": { - "addressPrefix": "[parameters('subnetAddressPrefix')]", - "networkSecurityGroup": { - "id": "[reference(resourceId('Microsoft.Resources/deployments', 'networkSecurityGroup'), '2022-09-01').outputs.id.value]" - }, - "routeTable": { - "id": "[reference(resourceId('Microsoft.Resources/deployments', 'routeTable'), '2022-09-01').outputs.id.value]" - }, - "privateEndpointNetworkPolicies": "[parameters('subnetPrivateEndpointNetworkPolicies')]", - "privateLinkServiceNetworkPolicies": "[parameters('subnetPrivateLinkServiceNetworkPolicies')]" - } + "name": "value", + "count": "[length(variables('subnets'))]", + "input": "[createObject('name', variables('subnets')[copyIndex('value')].name, 'properties', createObject('addressPrefix', variables('subnets')[copyIndex('value')].properties.addressPrefix, 'delegations', coalesce(tryGet(variables('delegations'), variables('subnets')[copyIndex('value')].name), createArray()), 'networkSecurityGroup', createObject('id', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'networkSecurityGroup'), '2022-09-01').outputs.id.value), 'routeTable', createObject('id', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'routeTable'), '2022-09-01').outputs.id.value), 'privateEndpointNetworkPolicies', 'Disabled', 'privateLinkServiceNetworkPolicies', 'Disabled'))]" } ] }, @@ -2528,8 +2263,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "6916781723220735567" + "version": "0.27.1.19265", + "templateHash": "4325479931624604061" } }, "parameters": { @@ -2597,44 +2332,44 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Resources/deployments', 'networkSecurityGroup')]", - "[resourceId('Microsoft.Resources/deployments', 'networkWatcher')]", - "[resourceId('Microsoft.Resources/deployments', 'routeTable')]" + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'networkSecurityGroup')]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'networkWatcher')]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'routeTable')]" ] } ], "outputs": { "virtualNetworkName": { "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.name.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.name.value]" }, "virtualNetworkResourceId": { "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.id.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.id.value]" }, "virtualNetworkAddressPrefix": { "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.addressPrefix.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.addressPrefix.value]" }, "subnetName": { "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.subnets.value[0].name]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.subnets.value[0].name]" }, "subnetAddressPrefix": { "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.subnets.value[0].properties.addressPrefix]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.subnets.value[0].properties.addressPrefix]" }, "subnetResourceId": { "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.subnets.value[0].id]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.subnets.value[0].id]" }, "networkSecurityGroupName": { "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'networkSecurityGroup'), '2022-09-01').outputs.name.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'networkSecurityGroup'), '2022-09-01').outputs.name.value]" }, "networkSecurityGroupResourceId": { "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'networkSecurityGroup'), '2022-09-01').outputs.id.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'networkSecurityGroup'), '2022-09-01').outputs.id.value]" } } } @@ -2651,20 +2386,20 @@ }, "mode": "Incremental", "parameters": { - "hubVirtualNetworkName": { - "value": "[split(parameters('hubVirtualNetworkResourceId'), '/')[8]]" - }, "hubVirtualNetworkResourceId": { "value": "[parameters('hubVirtualNetworkResourceId')]" }, + "resourceGroupName": { + "value": "[parameters('resourceGroupName')]" + }, "spokeName": { "value": "[parameters('workloadName')]" }, - "spokeResourceGroupName": { - "value": "[parameters('resourceGroupName')]" - }, "spokeVirtualNetworkName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'spokeNetwork'), '2022-09-01').outputs.virtualNetworkName.value]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', 'spokeNetwork'), '2022-09-01').outputs.virtualNetworkName.value]" + }, + "subscriptionId": { + "value": "[parameters('subscriptionId')]" } }, "template": { @@ -2673,24 +2408,24 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "3360096389164919794" + "version": "0.27.1.19265", + "templateHash": "1081420821337659529" } }, "parameters": { - "spokeName": { + "hubVirtualNetworkResourceId": { "type": "string" }, - "spokeResourceGroupName": { + "resourceGroupName": { "type": "string" }, - "spokeVirtualNetworkName": { + "spokeName": { "type": "string" }, - "hubVirtualNetworkName": { + "spokeVirtualNetworkName": { "type": "string" }, - "hubVirtualNetworkResourceId": { + "subscriptionId": { "type": "string" } }, @@ -2699,18 +2434,22 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('{0}-to-hub-vnet-peering', parameters('spokeName'))]", - "resourceGroup": "[parameters('spokeResourceGroupName')]", + "subscriptionId": "[parameters('subscriptionId')]", + "resourceGroup": "[parameters('resourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" }, "mode": "Incremental", "parameters": { - "name": { - "value": "[format('{0}/to-{1}', parameters('spokeVirtualNetworkName'), parameters('hubVirtualNetworkName'))]" - }, "remoteVirtualNetworkResourceId": { "value": "[parameters('hubVirtualNetworkResourceId')]" + }, + "virtualNetworkName": { + "value": "[parameters('spokeVirtualNetworkName')]" + }, + "virtualNetworkPeerName": { + "value": "[format('to-{0}', split(parameters('hubVirtualNetworkResourceId'), '/')[8])]" } }, "template": { @@ -2719,15 +2458,18 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "2973725866451109424" + "version": "0.27.1.19265", + "templateHash": "4225396596043462595" } }, "parameters": { - "name": { + "remoteVirtualNetworkResourceId": { "type": "string" }, - "remoteVirtualNetworkResourceId": { + "virtualNetworkName": { + "type": "string" + }, + "virtualNetworkPeerName": { "type": "string" } }, @@ -2735,7 +2477,7 @@ { "type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings", "apiVersion": "2021-02-01", - "name": "[parameters('name')]", + "name": "[format('{0}/{1}', parameters('virtualNetworkName'), parameters('virtualNetworkPeerName'))]", "properties": { "allowForwardedTraffic": true, "remoteVirtualNetwork": { @@ -2751,15 +2493,14 @@ } }, "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'spokeNetwork')]" + "[subscriptionResourceId('Microsoft.Resources/deployments', 'spokeNetwork')]" ] }, { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('deploy-vnet-peering-hub-{0}', parameters('deploymentNameSuffix'))]", - "subscriptionId": "[split(parameters('hubVirtualNetworkResourceId'), '/')[2]]", - "resourceGroup": "[split(parameters('hubVirtualNetworkResourceId'), '/')[4]]", + "location": "[deployment().location]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -2769,54 +2510,67 @@ "hubVirtualNetworkName": { "value": "[split(parameters('hubVirtualNetworkResourceId'), '/')[8]]" }, - "spokes": { - "value": [ - { - "type": "[parameters('workloadName')]", - "virtualNetworkName": "[parameters('virtualNetworkName')]", - "virtualNetworkResourceId": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'spokeNetwork'), '2022-09-01').outputs.virtualNetworkResourceId.value]" - } - ] + "resourceGroupName": { + "value": "[split(parameters('hubVirtualNetworkResourceId'), '/')[4]]" + }, + "spokeName": { + "value": "[parameters('workloadName')]" + }, + "spokeVirtualNetworkResourceId": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', 'spokeNetwork'), '2022-09-01').outputs.virtualNetworkResourceId.value]" + }, + "subscriptionId": { + "value": "[split(parameters('hubVirtualNetworkResourceId'), '/')[2]]" } }, "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "14482672325640396998" + "version": "0.27.1.19265", + "templateHash": "16991872399359859910" } }, "parameters": { "hubVirtualNetworkName": { "type": "string" }, - "spokes": { - "type": "array" + "resourceGroupName": { + "type": "string" + }, + "spokeName": { + "type": "string" + }, + "spokeVirtualNetworkResourceId": { + "type": "string" + }, + "subscriptionId": { + "type": "string" } }, "resources": [ { - "copy": { - "name": "hubToSpokePeering", - "count": "[length(parameters('spokes'))]" - }, "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('hub-to-{0}-vnet-peering', parameters('spokes')[copyIndex()].type)]", + "name": "[format('hub-to-{0}-vnet-peering', parameters('spokeName'))]", + "subscriptionId": "[parameters('subscriptionId')]", + "resourceGroup": "[parameters('resourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" }, "mode": "Incremental", "parameters": { - "name": { - "value": "[format('{0}/to-{1}', parameters('hubVirtualNetworkName'), parameters('spokes')[copyIndex()].virtualNetworkName)]" - }, "remoteVirtualNetworkResourceId": { - "value": "[parameters('spokes')[copyIndex()].virtualNetworkResourceId]" + "value": "[parameters('spokeVirtualNetworkResourceId')]" + }, + "virtualNetworkName": { + "value": "[parameters('hubVirtualNetworkName')]" + }, + "virtualNetworkPeerName": { + "value": "[format('to-{0}', split(parameters('spokeVirtualNetworkResourceId'), '/')[8])]" } }, "template": { @@ -2825,15 +2579,18 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "2973725866451109424" + "version": "0.27.1.19265", + "templateHash": "4225396596043462595" } }, "parameters": { - "name": { + "remoteVirtualNetworkResourceId": { "type": "string" }, - "remoteVirtualNetworkResourceId": { + "virtualNetworkName": { + "type": "string" + }, + "virtualNetworkPeerName": { "type": "string" } }, @@ -2841,7 +2598,7 @@ { "type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings", "apiVersion": "2021-02-01", - "name": "[parameters('name')]", + "name": "[format('{0}/{1}', parameters('virtualNetworkName'), parameters('virtualNetworkPeerName'))]", "properties": { "allowForwardedTraffic": true, "remoteVirtualNetwork": { @@ -2857,14 +2614,22 @@ } }, "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'spokeNetwork')]" + "[subscriptionResourceId('Microsoft.Resources/deployments', 'spokeNetwork')]" ] } ], "outputs": { + "networkSecurityGroupName": { + "type": "string", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', 'spokeNetwork'), '2022-09-01').outputs.networkSecurityGroupName.value]" + }, "subnetResourceId": { "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'spokeNetwork'), '2022-09-01').outputs.subnetResourceId.value]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', 'spokeNetwork'), '2022-09-01').outputs.subnetResourceId.value]" + }, + "virtualNetworkName": { + "type": "string", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', 'spokeNetwork'), '2022-09-01').outputs.virtualNetworkName.value]" } } } @@ -2895,16 +2660,22 @@ "value": "[parameters('location')]" }, "mlzTags": { - "value": "[variables('mlzTags')]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.mlzTags.value]" }, - "networkProperties": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.network.value]" + "resourceGroupName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" }, "subnetResourceId": { "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.subnetResourceId.value]" }, "tags": { "value": "[parameters('tags')]" + }, + "tier": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value[0]]" + }, + "tokens": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value]" } }, "template": { @@ -2913,8 +2684,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "8607068382992509094" + "version": "0.27.1.19265", + "templateHash": "7828233421610885078" } }, "parameters": { @@ -2930,14 +2701,20 @@ "mlzTags": { "type": "object" }, - "networkProperties": { - "type": "object" + "resourceGroupName": { + "type": "string" }, "subnetResourceId": { "type": "string" }, "tags": { "type": "object" + }, + "tier": { + "type": "object" + }, + "tokens": { + "type": "object" } }, "resources": [ @@ -2945,8 +2722,8 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))]", - "subscriptionId": "[parameters('networkProperties').subscriptionId]", - "resourceGroup": "[parameters('networkProperties').resourceGroupName]", + "subscriptionId": "[parameters('tier').subscriptionId]", + "resourceGroup": "[parameters('resourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -2954,16 +2731,16 @@ "mode": "Incremental", "parameters": { "keyVaultName": { - "value": "[parameters('networkProperties').keyVaultName]" + "value": "[take(replace(parameters('tier').namingConvention.keyVault, parameters('tokens').service, ''), 24)]" }, "keyVaultNetworkInterfaceName": { - "value": "[parameters('networkProperties').keyVaultNetworkInterfaceName]" + "value": "[replace(parameters('tier').namingConvention.keyVaultNetworkInterface, parameters('tokens').service, '')]" }, "keyVaultPrivateDnsZoneResourceId": { "value": "[parameters('keyVaultPrivateDnsZoneResourceId')]" }, "keyVaultPrivateEndpointName": { - "value": "[parameters('networkProperties').keyVaultPrivateEndpointName]" + "value": "[replace(parameters('tier').namingConvention.keyVaultPrivateEndpoint, parameters('tokens').service, '')]" }, "location": { "value": "[parameters('location')]" @@ -2984,8 +2761,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "2708305007283639705" + "version": "0.27.1.19265", + "templateHash": "12300580845424356573" } }, "parameters": { @@ -3198,8 +2975,8 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('deploy-disk-encryption-set-{0}', parameters('deploymentNameSuffix'))]", - "subscriptionId": "[parameters('networkProperties').subscriptionId]", - "resourceGroup": "[parameters('networkProperties').resourceGroupName]", + "subscriptionId": "[parameters('tier').subscriptionId]", + "resourceGroup": "[parameters('resourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -3210,13 +2987,13 @@ "value": "[parameters('deploymentNameSuffix')]" }, "diskEncryptionSetName": { - "value": "[parameters('networkProperties').diskEncryptionSetName]" + "value": "[parameters('tier').namingConvention.diskEncryptionSet]" }, "keyUrl": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('networkProperties').subscriptionId, parameters('networkProperties').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyUriWithVersion.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyUriWithVersion.value]" }, "keyVaultResourceId": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('networkProperties').subscriptionId, parameters('networkProperties').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultResourceId.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultResourceId.value]" }, "location": { "value": "[parameters('location')]" @@ -3232,8 +3009,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "2253498434473273498" + "version": "0.27.1.19265", + "templateHash": "15986878026863280024" } }, "parameters": { @@ -3309,8 +3086,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "9453050836674512129" + "version": "0.27.1.19265", + "templateHash": "6383470207031311407" } }, "parameters": { @@ -3367,32 +3144,35 @@ } }, "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('networkProperties').subscriptionId, parameters('networkProperties').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix')))]" + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix')))]" ] }, { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('deploy-user-assigned-identity-{0}', parameters('deploymentNameSuffix'))]", - "subscriptionId": "[parameters('networkProperties').subscriptionId]", - "resourceGroup": "[parameters('networkProperties').resourceGroupName]", + "subscriptionId": "[parameters('tier').subscriptionId]", + "resourceGroup": "[parameters('resourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" }, "mode": "Incremental", "parameters": { + "keyVaultName": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultName.value]" + }, "location": { "value": "[parameters('location')]" }, "mlzTags": { "value": "[parameters('mlzTags')]" }, - "name": { - "value": "[parameters('networkProperties').userAssignedIdentityName]" - }, "tags": { "value": "[parameters('tags')]" + }, + "userAssignedIdentityName": { + "value": "[replace(parameters('tier').namingConvention.userAssignedIdentity, format('-{0}', parameters('tokens').service), '')]" } }, "template": { @@ -3401,151 +3181,95 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "17180318248198488154" + "version": "0.27.1.19265", + "templateHash": "6007785905664733866" } }, "parameters": { + "keyVaultName": { + "type": "string" + }, "location": { "type": "string" }, "mlzTags": { "type": "object" }, - "name": { - "type": "string" - }, "tags": { "type": "object" + }, + "userAssignedIdentityName": { + "type": "string" } }, "resources": [ { "type": "Microsoft.ManagedIdentity/userAssignedIdentities", "apiVersion": "2018-11-30", - "name": "[parameters('name')]", + "name": "[parameters('userAssignedIdentityName')]", "location": "[parameters('location')]", "tags": "[union(if(contains(parameters('tags'), 'Microsoft.ManagedIdentity/userAssignedIdentities'), parameters('tags')['Microsoft.ManagedIdentity/userAssignedIdentities'], createObject()), parameters('mlzTags'))]" }, { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "roleAssignmentEncryption", + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2020-04-01-preview", + "scope": "[format('Microsoft.KeyVault/vaults/{0}', parameters('keyVaultName'))]", + "name": "[guid(parameters('userAssignedIdentityName'), 'e147488a-f6f5-4113-8e2d-b22465e65bf6', parameters('keyVaultName'))]", "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "principalId": { - "value": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name')), '2018-11-30').principalId]" - }, - "principalType": { - "value": "ServicePrincipal" - }, - "roleDefinitionId": { - "value": "[resourceId('Microsoft.Authorization/roleDefinitions', 'e147488a-f6f5-4113-8e2d-b22465e65bf6')]" - }, - "targetResourceId": { - "value": "[resourceGroup().id]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "9453050836674512129" - } - }, - "parameters": { - "targetResourceId": { - "type": "string" - }, - "roleDefinitionId": { - "type": "string" - }, - "principalId": { - "type": "string" - }, - "principalType": { - "type": "string", - "defaultValue": "ServicePrincipal", - "allowedValues": [ - "ForeignGroup", - "Group", - "ServicePrincipal", - "User" - ] - }, - "description": { - "type": "string", - "defaultValue": "" - } - }, - "resources": [ - { - "type": "Microsoft.Authorization/roleAssignments", - "apiVersion": "2020-04-01-preview", - "name": "[guid(parameters('targetResourceId'), parameters('roleDefinitionId'), parameters('principalId'))]", - "properties": { - "principalId": "[parameters('principalId')]", - "principalType": "[parameters('principalType')]", - "roleDefinitionId": "[parameters('roleDefinitionId')]", - "description": "[parameters('description')]" - } - } - ] - } + "principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('userAssignedIdentityName')), '2018-11-30').principalId]", + "principalType": "ServicePrincipal", + "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', 'e147488a-f6f5-4113-8e2d-b22465e65bf6')]" }, "dependsOn": [ - "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name'))]" + "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('userAssignedIdentityName'))]" ] } ], "outputs": { "resourceId": { "type": "string", - "value": "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name'))]" + "value": "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('userAssignedIdentityName'))]" } } } - } + }, + "dependsOn": [ + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix')))]" + ] } ], "outputs": { "diskEncryptionSetResourceId": { "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('networkProperties').subscriptionId, parameters('networkProperties').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-disk-encryption-set-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.resourceId.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-disk-encryption-set-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.resourceId.value]" }, - "KeyVaultName": { + "keyVaultName": { "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('networkProperties').subscriptionId, parameters('networkProperties').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultName.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultName.value]" }, "keyVaultUri": { "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('networkProperties').subscriptionId, parameters('networkProperties').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultUri.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultUri.value]" }, "keyVaultResourceId": { "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('networkProperties').subscriptionId, parameters('networkProperties').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultResourceId.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultResourceId.value]" }, "storageKeyName": { "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('networkProperties').subscriptionId, parameters('networkProperties').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.storageKeyName.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.storageKeyName.value]" }, "userAssignedIdentityResourceId": { "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('networkProperties').subscriptionId, parameters('networkProperties').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-user-assigned-identity-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.resourceId.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-user-assigned-identity-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.resourceId.value]" } } } }, "dependsOn": [ "[subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]", - "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]" + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]" ] }, { @@ -3572,13 +3296,16 @@ "value": "[parameters('logStorageSkuName')]" }, "mlzTags": { - "value": "[variables('mlzTags')]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.mlzTags.value]" }, "network": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.network.value]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value[0]]" + }, + "resourceGroupName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" }, "serviceToken": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-naming-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value.service]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value.service]" }, "storageEncryptionKeyName": { "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.storageKeyName.value]" @@ -3602,8 +3329,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "4236106586138373505" + "version": "0.27.1.19265", + "templateHash": "15276628086161283630" } }, "parameters": { @@ -3625,6 +3352,9 @@ "network": { "type": "object" }, + "resourceGroupName": { + "type": "string" + }, "serviceToken": { "type": "string" }, @@ -3650,7 +3380,7 @@ "apiVersion": "2022-09-01", "name": "storage", "subscriptionId": "[parameters('network').subscriptionId]", - "resourceGroup": "[parameters('network').resourceGroupName]", + "resourceGroup": "[parameters('resourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -3676,13 +3406,13 @@ "value": "[parameters('logStorageSkuName')]" }, "storageAccountName": { - "value": "[parameters('network').logStorageAccountName]" + "value": "[parameters('network').namingConvention.storageAccount]" }, "storageAccountNetworkInterfaceNamePrefix": { - "value": "[parameters('network').logStorageAccountNetworkInterfaceNamePrefix]" + "value": "[parameters('network').namingConvention.storageAccountNetworkInterface]" }, "storageAccountPrivateEndpointNamePrefix": { - "value": "[parameters('network').logStorageAccountPrivateEndpointNamePrefix]" + "value": "[parameters('network').namingConvention.storageAccountPrivateEndpoint]" }, "storageEncryptionKeyName": { "value": "[parameters('storageEncryptionKeyName')]" @@ -3706,8 +3436,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "2945887437755946902" + "version": "0.27.1.19265", + "templateHash": "6116693144339389145" } }, "parameters": { @@ -3892,7 +3622,7 @@ "outputs": { "storageAccountResourceId": { "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('network').subscriptionId, parameters('network').resourceGroupName), 'Microsoft.Resources/deployments', 'storage'), '2022-09-01').outputs.id.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('network').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'storage'), '2022-09-01').outputs.id.value]" } } } @@ -3900,8 +3630,8 @@ "dependsOn": [ "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]", "[subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]", - "[subscriptionResourceId('Microsoft.Resources/deployments', format('get-naming-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]", - "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]" + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]" ] }, { @@ -3921,26 +3651,41 @@ "deploymentNameSuffix": { "value": "[parameters('deploymentNameSuffix')]" }, + "keyVaultDiagnosticLogs": { + "value": "[parameters('keyVaultDiagnosticsLogs')]" + }, + "keyVaultName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultName.value]" + }, "logAnalyticsWorkspaceResourceId": { "value": "[parameters('logAnalyticsWorkspaceResourceId')]" }, - "network": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.network.value]" - }, "networkSecurityGroupDiagnosticsLogs": { "value": "[parameters('networkSecurityGroupDiagnosticsLogs')]" }, "networkSecurityGroupDiagnosticsMetrics": { "value": "[parameters('networkSecurityGroupDiagnosticsMetrics')]" }, + "networkSecurityGroupName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.networkSecurityGroupName.value]" + }, + "resourceGroupName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" + }, "storageAccountResourceId": { "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-storage-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.storageAccountResourceId.value]" }, + "tier": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value[0]]" + }, "virtualNetworkDiagnosticsLogs": { "value": "[parameters('virtualNetworkDiagnosticsLogs')]" }, "virtualNetworkDiagnosticsMetrics": { "value": "[parameters('virtualNetworkDiagnosticsMetrics')]" + }, + "virtualNetworkName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.virtualNetworkName.value]" } }, "template": { @@ -3949,8 +3694,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "17843709133926695075" + "version": "0.27.1.19265", + "templateHash": "738419494311113164" } }, "parameters": { @@ -3960,11 +3705,14 @@ "deploymentNameSuffix": { "type": "string" }, - "logAnalyticsWorkspaceResourceId": { + "keyVaultDiagnosticLogs": { + "type": "array" + }, + "keyVaultName": { "type": "string" }, - "network": { - "type": "object" + "logAnalyticsWorkspaceResourceId": { + "type": "string" }, "networkSecurityGroupDiagnosticsLogs": { "type": "array" @@ -3972,14 +3720,26 @@ "networkSecurityGroupDiagnosticsMetrics": { "type": "array" }, + "networkSecurityGroupName": { + "type": "string" + }, + "resourceGroupName": { + "type": "string" + }, "storageAccountResourceId": { "type": "string" }, + "tier": { + "type": "object" + }, "virtualNetworkDiagnosticsLogs": { "type": "array" }, "virtualNetworkDiagnosticsMetrics": { "type": "array" + }, + "virtualNetworkName": { + "type": "string" } }, "resources": [ @@ -3987,8 +3747,8 @@ "condition": "[parameters('deployActivityLogDiagnosticSetting')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('deploy-activity-diags-{0}-{1}', parameters('network').name, parameters('deploymentNameSuffix'))]", - "subscriptionId": "[parameters('network').subscriptionId]", + "name": "[format('deploy-activity-diags-{0}-{1}', parameters('tier').name, parameters('deploymentNameSuffix'))]", + "subscriptionId": "[parameters('tier').subscriptionId]", "location": "[deployment().location]", "properties": { "expressionEvaluationOptions": { @@ -4006,8 +3766,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "16067990757204095170" + "version": "0.27.1.19265", + "templateHash": "11148640012050316356" } }, "parameters": { @@ -4065,9 +3825,80 @@ { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('deploy-nsg-diags-{0}-{1}', parameters('network').name, parameters('deploymentNameSuffix'))]", - "subscriptionId": "[parameters('network').subscriptionId]", - "resourceGroup": "[parameters('network').resourceGroupName]", + "name": "[format('deploy-kv-diags-{0}', parameters('deploymentNameSuffix'))]", + "subscriptionId": "[parameters('tier').subscriptionId]", + "resourceGroup": "[parameters('resourceGroupName')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "keyVaultDiagnosticSettingName": { + "value": "[parameters('tier').namingConvention.keyVaultDiagnosticSetting]" + }, + "keyVaultName": { + "value": "[parameters('keyVaultName')]" + }, + "keyVaultStorageAccountId": { + "value": "[parameters('storageAccountResourceId')]" + }, + "logAnalyticsWorkspaceResourceId": { + "value": "[parameters('logAnalyticsWorkspaceResourceId')]" + }, + "logs": { + "value": "[parameters('keyVaultDiagnosticLogs')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "11931053519285250235" + } + }, + "parameters": { + "keyVaultDiagnosticSettingName": { + "type": "string" + }, + "keyVaultName": { + "type": "string" + }, + "keyVaultStorageAccountId": { + "type": "string" + }, + "logAnalyticsWorkspaceResourceId": { + "type": "string" + }, + "logs": { + "type": "array" + } + }, + "resources": [ + { + "type": "Microsoft.Insights/diagnosticSettings", + "apiVersion": "2017-05-01-preview", + "scope": "[format('Microsoft.KeyVault/vaults/{0}', parameters('keyVaultName'))]", + "name": "[parameters('keyVaultDiagnosticSettingName')]", + "properties": { + "storageAccountId": "[parameters('keyVaultStorageAccountId')]", + "workspaceId": "[parameters('logAnalyticsWorkspaceResourceId')]", + "logs": "[parameters('logs')]" + } + } + ] + } + } + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-nsg-diags-{0}-{1}', parameters('tier').name, parameters('deploymentNameSuffix'))]", + "subscriptionId": "[parameters('tier').subscriptionId]", + "resourceGroup": "[parameters('resourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -4086,8 +3917,11 @@ "metrics": { "value": "[parameters('networkSecurityGroupDiagnosticsMetrics')]" }, - "name": { - "value": "[parameters('network').networkSecurityGroupName]" + "networkSecurityGroupDiagnosticSettingName": { + "value": "[parameters('tier').namingConvention.networkSecurityGroupDiagnosticSetting]" + }, + "networkSecurityGroupName": { + "value": "[parameters('networkSecurityGroupName')]" } }, "template": { @@ -4096,14 +3930,11 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "9767149346014876086" + "version": "0.27.1.19265", + "templateHash": "12049539018034280966" } }, "parameters": { - "name": { - "type": "string" - }, "logAnalyticsWorkspaceResourceId": { "type": "string" }, @@ -4115,14 +3946,20 @@ }, "metrics": { "type": "array" + }, + "networkSecurityGroupDiagnosticSettingName": { + "type": "string" + }, + "networkSecurityGroupName": { + "type": "string" } }, "resources": [ { "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2017-05-01-preview", - "scope": "[format('Microsoft.Network/networkSecurityGroups/{0}', parameters('name'))]", - "name": "[format('{0}-diagnostics', parameters('name'))]", + "scope": "[format('Microsoft.Network/networkSecurityGroups/{0}', parameters('networkSecurityGroupName'))]", + "name": "[parameters('networkSecurityGroupDiagnosticSettingName')]", "properties": { "storageAccountId": "[parameters('logStorageAccountResourceId')]", "workspaceId": "[parameters('logAnalyticsWorkspaceResourceId')]", @@ -4137,9 +3974,9 @@ { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('deploy-vnet-diags-{0}-{1}', parameters('network').name, parameters('deploymentNameSuffix'))]", - "subscriptionId": "[parameters('network').subscriptionId]", - "resourceGroup": "[parameters('network').resourceGroupName]", + "name": "[format('deploy-vnet-diags-{0}-{1}', parameters('tier').name, parameters('deploymentNameSuffix'))]", + "subscriptionId": "[parameters('tier').subscriptionId]", + "resourceGroup": "[parameters('resourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -4158,8 +3995,11 @@ "metrics": { "value": "[parameters('virtualNetworkDiagnosticsMetrics')]" }, - "name": { - "value": "[parameters('network').virtualNetworkName]" + "virtualNetworkDiagnosticSettingName": { + "value": "[parameters('tier').namingConvention.virtualNetworkDiagnosticSetting]" + }, + "virtualNetworkName": { + "value": "[parameters('virtualNetworkName')]" } }, "template": { @@ -4168,8 +4008,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "5378372176274077006" + "version": "0.27.1.19265", + "templateHash": "13356625654141484072" } }, "parameters": { @@ -4185,7 +4025,10 @@ "metrics": { "type": "array" }, - "name": { + "virtualNetworkDiagnosticSettingName": { + "type": "string" + }, + "virtualNetworkName": { "type": "string" } }, @@ -4193,8 +4036,8 @@ { "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2017-05-01-preview", - "scope": "[format('Microsoft.Network/virtualNetworks/{0}', parameters('name'))]", - "name": "[format('{0}-diagnostics', parameters('name'))]", + "scope": "[format('Microsoft.Network/virtualNetworks/{0}', parameters('virtualNetworkName'))]", + "name": "[parameters('virtualNetworkDiagnosticSettingName')]", "properties": { "storageAccountId": "[parameters('logStorageAccountResourceId')]", "workspaceId": "[parameters('logAnalyticsWorkspaceResourceId')]", @@ -4210,7 +4053,10 @@ } }, "dependsOn": [ + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]", "[subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]", "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-storage-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]" ] }, @@ -4235,13 +4081,16 @@ "logAnalyticsWorkspaceResourceId": { "value": "[parameters('logAnalyticsWorkspaceResourceId')]" }, - "networks": { - "value": [ - "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.network.value]" - ] + "tiers": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value]" }, "policy": { "value": "[parameters('policy')]" + }, + "resourceGroupNames": { + "value": [ + "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" + ] } }, "template": { @@ -4250,8 +4099,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "8662249564598303366" + "version": "0.27.1.19265", + "templateHash": "379956182717650153" } }, "parameters": { @@ -4264,24 +4113,27 @@ "logAnalyticsWorkspaceResourceId": { "type": "string" }, - "networks": { - "type": "array" - }, "policy": { "type": "string" + }, + "resourceGroupNames": { + "type": "array" + }, + "tiers": { + "type": "array" } }, "resources": [ { "copy": { "name": "policyAssignment", - "count": "[length(parameters('networks'))]" + "count": "[length(parameters('tiers'))]" }, "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('assign-policy-{0}-{1}', parameters('networks')[copyIndex()].name, parameters('deploymentNameSuffix'))]", - "subscriptionId": "[parameters('networks')[copyIndex()].subscriptionId]", - "resourceGroup": "[parameters('networks')[copyIndex()].resourceGroupName]", + "name": "[format('assign-policy-{0}-{1}', parameters('tiers')[copyIndex()].name, parameters('deploymentNameSuffix'))]", + "subscriptionId": "[parameters('tiers')[copyIndex()].subscriptionId]", + "resourceGroup": "[parameters('resourceGroupNames')[copyIndex()]]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -4304,8 +4156,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "1672482425067053944" + "version": "0.27.1.19265", + "templateHash": "9464536540108620518" } }, "parameters": { @@ -4480,8 +4332,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "9453050836674512129" + "version": "0.27.1.19265", + "templateHash": "6383470207031311407" } }, "parameters": { @@ -4565,8 +4417,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "17296430727130356523" + "version": "0.27.1.19265", + "templateHash": "4615387508967890473" } }, "parameters": { @@ -4797,21 +4649,49 @@ "type": "string", "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.diskEncryptionSetResourceId.value]" }, + "keyVaultUri": { + "type": "string", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultUri.value]" + }, + "locatonProperties": { + "type": "object", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.locationProperties.value]" + }, "mlzTags": { "type": "object", - "value": "[variables('mlzTags')]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.mlzTags.value]" }, - "network": { + "namingConvention": { "type": "object", - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.network.value]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value[0].namingConvention]" + }, + "privateDnsZones": { + "type": "array", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.privateDnsZones.value]" + }, + "resourcePrefix": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('firewallResourceId'), '/')[2], split(parameters('firewallResourceId'), '/')[4]), 'Microsoft.Network/azureFirewalls', split(parameters('firewallResourceId'), '/')[8]), '2020-11-01', 'full').tags.resourcePrefix]" + }, + "storageEncryptionKeyName": { + "type": "string", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.storageKeyName.value]" }, "subnetResourceId": { "type": "string", "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.subnetResourceId.value]" }, + "tier": { + "type": "object", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value[0]]" + }, "tokens": { "type": "object", - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-naming-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value]" + }, + "userAssignedIdentityResourceId": { + "type": "string", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.userAssignedIdentityResourceId.value]" } } } @@ -4829,7 +4709,7 @@ "mode": "Incremental", "parameters": { "computeGalleryName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.network.value.computeGalleryName]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.namingConvention.value.computeGallery]" }, "deploymentNameSuffix": { "value": "[parameters('deploymentNameSuffix')]" @@ -4850,7 +4730,7 @@ "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.mlzTags.value]" }, "resourceGroupName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.network.value.resourceGroupName]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.namingConvention.value.resourceGroup]" }, "storageAccountResourceId": { "value": "[parameters('storageAccountResourceId')]" @@ -4862,7 +4742,7 @@ "value": "[parameters('tags')]" }, "userAssignedIdentityName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.network.value.userAssignedIdentityName]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.namingConvention.value.userAssignedIdentity]" } }, "template": { @@ -4871,8 +4751,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "7690073340382206658" + "version": "0.27.1.19265", + "templateHash": "8630605827791317526" } }, "parameters": { @@ -4945,8 +4825,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "6296883959770176834" + "version": "0.27.1.19265", + "templateHash": "13759626184114148432" } }, "parameters": { @@ -5011,8 +4891,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "1613196570045452117" + "version": "0.27.1.19265", + "templateHash": "17687598991768621670" } }, "parameters": { @@ -5075,8 +4955,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "16678314039986560835" + "version": "0.27.1.19265", + "templateHash": "9130216839897209969" } }, "parameters": { @@ -5134,8 +5014,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "17953983585809496662" + "version": "0.27.1.19265", + "templateHash": "17099342548900691404" } }, "parameters": { @@ -5205,8 +5085,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "17328117917467575507" + "version": "0.27.1.19265", + "templateHash": "3134856228976238865" } }, "parameters": { @@ -5295,8 +5175,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "4949441353974629907" + "version": "0.27.1.19265", + "templateHash": "1168271578929005824" } }, "parameters": { @@ -5363,16 +5243,16 @@ "mode": "Incremental", "parameters": { "actionGroupName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.network.value.actionGroupName]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.namingConvention.value.actionGroup]" }, "arcGisProInstaller": { "value": "[parameters('arcGisProInstaller')]" }, "automationAccountName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.network.value.automationAccountName]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.namingConvention.value.automationAccount]" }, "automationAccountPrivateDnsZoneResourceId": { - "value": "[variables('automationAccountPrivateDnsZoneResourceId')]" + "value": "[resourceId(split(parameters('hubVirtualNetworkResourceId'), '/')[2], split(parameters('hubVirtualNetworkResourceId'), '/')[4], 'Microsoft.Network/privateDnsZones', filter(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.privateDnsZones.value, lambda('name', startsWith(lambdaVariables('name'), 'privatelink.azure-automation')))[0])]" }, "computeGalleryImageResourceId": { "value": "[parameters('computeGalleryImageResourceId')]" @@ -5423,7 +5303,7 @@ "value": "[parameters('imagePatchVersion')]" }, "imageVirtualMachineName": { - "value": "[replace(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.network.value.virtualMachineName, reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value.service, 'b')]" + "value": "[replace(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.namingConvention.value.virtualMachine, reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value.service, 'b')]" }, "installAccess": { "value": "[parameters('installAccess')]" @@ -5471,7 +5351,7 @@ "value": "[parameters('installWord')]" }, "keyVaultName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.network.value.keyVaultName]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.namingConvention.value.keyVault]" }, "keyVaultPrivateDnsZoneResourceId": { "value": "[variables('keyVaultPrivateDnsZoneResourceId')]" @@ -5489,7 +5369,7 @@ "value": "[parameters('logAnalyticsWorkspaceResourceId')]" }, "managementVirtualMachineName": { - "value": "[replace(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.network.value.virtualMachineName, reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value.service, 'm')]" + "value": "[replace(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.namingConvention.value.virtualMachine, reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value.service, 'm')]" }, "marketplaceImageOffer": { "value": "[parameters('marketplaceImageOffer')]" @@ -5516,7 +5396,7 @@ "value": "[parameters('replicaCount')]" }, "resourceGroupName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.network.value.resourceGroupName]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.namingConvention.value.resourceGroup]" }, "sourceImageType": { "value": "[parameters('sourceImageType')]" @@ -5537,7 +5417,7 @@ "value": "[parameters('teamsInstaller')]" }, "timeZone": { - "value": "[variables('locations')[parameters('location')].timeZone]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.locatonProperties.value.timeZone]" }, "updateService": { "value": "[parameters('updateService')]" @@ -5570,8 +5450,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "4119811371263647101" + "version": "0.27.1.19265", + "templateHash": "11104203183456811915" } }, "parameters": { @@ -5822,8 +5702,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "5195701968567661875" + "version": "0.27.1.19265", + "templateHash": "4564997318133612334" } }, "parameters": { @@ -5908,8 +5788,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "17814077642366917627" + "version": "0.27.1.19265", + "templateHash": "5461299690063875958" } }, "parameters": { @@ -6118,8 +5998,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "15655695416078279043" + "version": "0.27.1.19265", + "templateHash": "13497026656634671294" } }, "parameters": { @@ -8212,8 +8092,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "8898522588803558538" + "version": "0.27.1.19265", + "templateHash": "18313089215192789399" } }, "parameters": { @@ -8617,8 +8497,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "17109972071763386466" + "version": "0.27.1.19265", + "templateHash": "2529599718800993112" } }, "parameters": { @@ -9159,8 +9039,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "16943257959653266739" + "version": "0.27.1.19265", + "templateHash": "2240423513039706342" } }, "parameters": { @@ -9365,7 +9245,7 @@ "value": "[parameters('computeGalleryImageResourceId')]" }, "computeGalleryName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.network.value.computeGalleryName]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.namingConvention.value.computeGallery]" }, "containerName": { "value": "[parameters('containerName')]" @@ -9398,7 +9278,7 @@ "value": "[parameters('imagePatchVersion')]" }, "imageVirtualMachineName": { - "value": "[replace(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.network.value.windowsVmName, reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value.service, 'b')]" + "value": "[replace(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.namingConvention.value.virtualMachine, reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value.service, 'b')]" }, "installAccess": { "value": "[parameters('installAccess')]" @@ -9446,7 +9326,7 @@ "value": "[parameters('installWord')]" }, "keyVaultName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.network.value.keyVaultName]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.namingConvention.value.keyVault]" }, "localAdministratorPassword": { "value": "[parameters('localAdministratorPassword')]" @@ -9458,7 +9338,7 @@ "value": "[parameters('location')]" }, "managementVirtualMachineName": { - "value": "[replace(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.network.value.windowsVmName, reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value.service, 'm')]" + "value": "[replace(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.namingConvention.value.virtualMachine, reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value.service, 'm')]" }, "marketplaceImageOffer": { "value": "[parameters('marketplaceImageOffer')]" @@ -9482,7 +9362,7 @@ "value": "[parameters('replicaCount')]" }, "resourceGroupName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.network.value.resourceGroupName]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-tier3-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.namingConvention.value.resourceGroup]" }, "sourceImageType": { "value": "[parameters('sourceImageType')]" @@ -9530,8 +9410,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "3135582023314630375" + "version": "0.27.1.19265", + "templateHash": "3043154765819979342" } }, "parameters": { @@ -9808,8 +9688,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "8898522588803558538" + "version": "0.27.1.19265", + "templateHash": "18313089215192789399" } }, "parameters": { @@ -10059,8 +9939,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "8557004379539182499" + "version": "0.27.1.19265", + "templateHash": "2429770344246940475" } }, "parameters": { @@ -10310,8 +10190,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "3676051126599760309" + "version": "0.27.1.19265", + "templateHash": "13360471770564755176" } }, "parameters": { @@ -10732,8 +10612,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "14414542062672835812" + "version": "0.27.1.19265", + "templateHash": "11383113088463030963" } }, "parameters": { @@ -10847,8 +10727,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "461917832205884645" + "version": "0.27.1.19265", + "templateHash": "18119176974738530329" } }, "parameters": { @@ -10933,8 +10813,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "14414542062672835812" + "version": "0.27.1.19265", + "templateHash": "11383113088463030963" } }, "parameters": { @@ -11041,8 +10921,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "7415404915420906908" + "version": "0.27.1.19265", + "templateHash": "5536241312462033174" } }, "parameters": { @@ -11122,8 +11002,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "15694908783439778041" + "version": "0.27.1.19265", + "templateHash": "10792230585696247813" } }, "parameters": { @@ -11255,8 +11135,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "673135601830674247" + "version": "0.27.1.19265", + "templateHash": "17548680377152926438" } }, "parameters": { @@ -11411,8 +11291,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "874338715058883059" + "version": "0.27.1.19265", + "templateHash": "6467358955768371447" } }, "parameters": { diff --git a/src/bicep/add-ons/tier3/modules/diagnostics.bicep b/src/bicep/add-ons/tier3/modules/diagnostics.bicep index 9cef2629c..1f71af29e 100644 --- a/src/bicep/add-ons/tier3/modules/diagnostics.bicep +++ b/src/bicep/add-ons/tier3/modules/diagnostics.bicep @@ -7,43 +7,62 @@ targetScope = 'subscription' param deployActivityLogDiagnosticSetting bool param deploymentNameSuffix string +param keyVaultDiagnosticLogs array +param keyVaultName string param logAnalyticsWorkspaceResourceId string -param network object param networkSecurityGroupDiagnosticsLogs array param networkSecurityGroupDiagnosticsMetrics array +param networkSecurityGroupName string +param resourceGroupName string param storageAccountResourceId string +param tier object param virtualNetworkDiagnosticsLogs array param virtualNetworkDiagnosticsMetrics array +param virtualNetworkName string module activityLogDiagnosticSettings '../../../modules/activity-log-diagnostic-settings.bicep' = if (deployActivityLogDiagnosticSetting) { - name: 'deploy-activity-diags-${network.name}-${deploymentNameSuffix}' - scope: subscription(network.subscriptionId) + name: 'deploy-activity-diags-${tier.name}-${deploymentNameSuffix}' + scope: subscription(tier.subscriptionId) params: { logAnalyticsWorkspaceId: logAnalyticsWorkspaceResourceId } } +module keyvaultDiagnostics '../../../modules/key-vault-diagnostics.bicep' = { + name: 'deploy-kv-diags-${deploymentNameSuffix}' + scope: resourceGroup(tier.subscriptionId, resourceGroupName) + params: { + keyVaultDiagnosticSettingName: tier.namingConvention.keyVaultDiagnosticSetting + keyVaultName: keyVaultName + keyVaultStorageAccountId: storageAccountResourceId + logAnalyticsWorkspaceResourceId: logAnalyticsWorkspaceResourceId + logs: keyVaultDiagnosticLogs + } +} + module networkSecurityGroupDiagnostics '../../../modules/network-security-group-diagnostics.bicep' = { - name: 'deploy-nsg-diags-${network.name}-${deploymentNameSuffix}' - scope: resourceGroup(network.subscriptionId, network.resourceGroupName) + name: 'deploy-nsg-diags-${tier.name}-${deploymentNameSuffix}' + scope: resourceGroup(tier.subscriptionId, resourceGroupName) params: { logAnalyticsWorkspaceResourceId: logAnalyticsWorkspaceResourceId logs: networkSecurityGroupDiagnosticsLogs logStorageAccountResourceId: storageAccountResourceId metrics: networkSecurityGroupDiagnosticsMetrics - name: network.networkSecurityGroupName + networkSecurityGroupDiagnosticSettingName: tier.namingConvention.networkSecurityGroupDiagnosticSetting + networkSecurityGroupName: networkSecurityGroupName } } module virtualNetworkDiagnostics '../../../modules/virtual-network-diagnostics.bicep' = { - name: 'deploy-vnet-diags-${network.name}-${deploymentNameSuffix}' - scope: resourceGroup(network.subscriptionId, network.resourceGroupName) + name: 'deploy-vnet-diags-${tier.name}-${deploymentNameSuffix}' + scope: resourceGroup(tier.subscriptionId, resourceGroupName) params: { logAnalyticsWorkspaceResourceId: logAnalyticsWorkspaceResourceId logs: virtualNetworkDiagnosticsLogs logStorageAccountResourceId: storageAccountResourceId metrics: virtualNetworkDiagnosticsMetrics - name: network.virtualNetworkName + virtualNetworkDiagnosticSettingName: tier.namingConvention.virtualNetworkDiagnosticSetting + virtualNetworkName: virtualNetworkName } } diff --git a/src/bicep/add-ons/tier3/modules/logic.bicep b/src/bicep/add-ons/tier3/modules/logic.bicep deleted file mode 100644 index 402625384..000000000 --- a/src/bicep/add-ons/tier3/modules/logic.bicep +++ /dev/null @@ -1,56 +0,0 @@ -/* -Copyright (c) Microsoft Corporation. -Licensed under the MIT License. -*/ - -targetScope = 'subscription' - -param environmentAbbreviation string -param subscriptionId string -param resourcePrefix string -param resources object -param tokens object -param workloadName string -param workloadShortName string - -var network = { - name: workloadName - subscriptionId: subscriptionId - resourceGroupName: replace(replace(resources.resourceGroup, '-${tokens.service}', ''), tokens.network, workloadName) - deployUniqueResources: true - actionGroupName: replace(replace(resources.actionGroup, tokens.service, ''), tokens.network, workloadName) - automationAccountName: replace(replace(resources.automationAccount, tokens.service, ''), tokens.network, workloadName) - bastionHostIPConfigurationName: replace(replace(resources.ipConfiguration, tokens.service, 'bas'), tokens.network, workloadName) - bastionHostName: replace(replace(resources.bastionHost, '-${tokens.service}', ''), tokens.network, workloadName) - bastionHostPublicIPAddressName: replace(replace(resources.publicIpAddress, tokens.service, 'bas'), tokens.network, workloadName) - computeGalleryName: replace(replace(resources.computeGallery, '_${tokens.service}', ''), tokens.network, workloadName) - diskEncryptionSetName: replace(replace(resources.diskEncryptionSet, '-${tokens.service}', ''), tokens.network, workloadName) - firewallClientIpConfigurationName: replace(replace(resources.ipConfiguration, tokens.service, 'client-afw'), tokens.network, workloadName) - firewallClientPublicIPAddressName: replace(replace(resources.publicIpAddress, tokens.service, 'client-afw'), tokens.network, workloadName) - firewallManagementIpConfigurationName: replace(replace(resources.ipConfiguration, tokens.service, 'mgmt-afw'), tokens.network, workloadName) - firewallManagementPublicIPAddressName: replace(replace(resources.publicIpAddress, tokens.service, 'mgmt-afw'), tokens.network, workloadName) - firewallName: replace(replace(resources.firewall, '-${tokens.service}', ''), tokens.network, workloadName) - firewallPolicyName: replace(replace(resources.firewallPolicy, '-${tokens.service}', ''), tokens.network, workloadName) - keyVaultName: take(replace(replace(replace(resources.keyVault, tokens.service, ''), tokens.network, workloadShortName), 'unique_token', uniqueString(resourcePrefix, environmentAbbreviation, subscriptionId)), 24) - keyVaultNetworkInterfaceName: replace(replace(resources.networkInterface, tokens.service, 'kv'), tokens.network, workloadName) - keyVaultPrivateEndpointName: replace(replace(resources.privateEndpoint, tokens.service, 'kv'), tokens.network, workloadName) - linuxDiskName: replace(replace(resources.disk, tokens.service, 'linux'), tokens.network, workloadName) - linuxNetworkInterfaceIpConfigurationName: replace(replace(resources.ipConfiguration, tokens.service, 'linux'), tokens.network, workloadName) - linuxNetworkInterfaceName: replace(replace(resources.networkInterface, tokens.service, 'linux'), tokens.network, workloadName) - linuxVmName: replace(replace(resources.virtualMachine, tokens.service, 'l${tokens.service}'), tokens.network, workloadShortName) - logStorageAccountName: take(replace(replace(replace(resources.storageAccount, tokens.service, ''), tokens.network, workloadShortName), 'unique_token', uniqueString(resourcePrefix, environmentAbbreviation, subscriptionId)), 24) - logStorageAccountNetworkInterfaceNamePrefix: replace(replace(resources.networkInterface, tokens.service, '${tokens.service}-st'), tokens.network, workloadName) - logStorageAccountPrivateEndpointNamePrefix: replace(replace(resources.privateEndpoint, tokens.service, '${tokens.service}-st'), tokens.network, workloadName) - networkSecurityGroupName: replace(replace(resources.networkSecurityGroup, '-${tokens.service}', ''), tokens.network, workloadName) - networkWatcherName: replace(replace(resources.networkWatcher, '-${tokens.service}', ''), tokens.network, workloadName) - routeTableName: replace(replace(resources.routeTable, '-${tokens.service}', ''), tokens.network, workloadName) - subnetName: replace(replace(resources.subnet, '-${tokens.service}', ''), tokens.network, workloadName) - userAssignedIdentityName: replace(replace(resources.userAssignedIdentity, '-${tokens.service}', ''), tokens.network, workloadName) - virtualNetworkName: replace(replace(resources.virtualNetwork, '-${tokens.service}', ''), tokens.network, workloadName) - windowsDiskName: replace(replace(resources.disk, tokens.service, 'windows'), tokens.network, workloadName) - windowsNetworkInterfaceIpConfigurationName: replace(replace(resources.ipConfiguration, tokens.service, 'windows'), tokens.network, workloadName) - windowsNetworkInterfaceName: replace(replace(resources.networkInterface, tokens.service, 'windows'), tokens.network, workloadName) - windowsVmName: replace(replace(resources.virtualMachine, tokens.service, 'w${tokens.service}'), tokens.network, workloadShortName) -} - -output network object = network diff --git a/src/bicep/add-ons/tier3/modules/networking.bicep b/src/bicep/add-ons/tier3/modules/networking.bicep index 458a4c41a..9c3e49739 100644 --- a/src/bicep/add-ons/tier3/modules/networking.bicep +++ b/src/bicep/add-ons/tier3/modules/networking.bicep @@ -5,6 +5,7 @@ Licensed under the MIT License. targetScope = 'subscription' +param additionalSubnets array param deploymentNameSuffix string param deployNetworkWatcher bool param firewallSkuTier string @@ -29,8 +30,8 @@ param workloadShortName string module spokeNetwork '../../../modules/spoke-network.bicep' = { name: 'spokeNetwork' - scope: resourceGroup(subscriptionId, resourceGroupName) params: { + additionalSubnets: additionalSubnets deployNetworkWatcher: deployNetworkWatcher firewallSkuTier: firewallSkuTier location: location @@ -38,12 +39,12 @@ module spokeNetwork '../../../modules/spoke-network.bicep' = { networkSecurityGroupName: networkSecurityGroupName networkSecurityGroupRules: networkSecurityGroupRules networkWatcherName: networkWatcherName + resourceGroupName: resourceGroupName routeTableName: routeTableName routeTableRouteNextHopIpAddress: routeTableRouteNextHopIpAddress subnetAddressPrefix: subnetAddressPrefix subnetName: subnetName - subnetPrivateEndpointNetworkPolicies: 'Disabled' - subnetPrivateLinkServiceNetworkPolicies: 'Disabled' + subscriptionId: subscriptionId tags: tags virtualNetworkAddressPrefix: virtualNetworkAddressPrefix virtualNetworkName: virtualNetworkName @@ -54,27 +55,25 @@ module spokeNetwork '../../../modules/spoke-network.bicep' = { module workloadVirtualNetworkPeerings '../../../modules/spoke-network-peering.bicep' = { name: 'deploy-vnet-peering-${workloadShortName}-${deploymentNameSuffix}' params: { - hubVirtualNetworkName: split(hubVirtualNetworkResourceId, '/')[8] hubVirtualNetworkResourceId: hubVirtualNetworkResourceId + resourceGroupName: resourceGroupName spokeName: workloadName - spokeResourceGroupName: resourceGroupName spokeVirtualNetworkName: spokeNetwork.outputs.virtualNetworkName + subscriptionId: subscriptionId } } module hubToWorkloadVirtualNetworkPeering '../../../modules/hub-network-peerings.bicep' = { name: 'deploy-vnet-peering-hub-${deploymentNameSuffix}' - scope: resourceGroup(split(hubVirtualNetworkResourceId, '/')[2], split(hubVirtualNetworkResourceId, '/')[4]) params: { hubVirtualNetworkName: split(hubVirtualNetworkResourceId, '/')[8] - spokes: [ - { - type: workloadName - virtualNetworkName: virtualNetworkName - virtualNetworkResourceId: spokeNetwork.outputs.virtualNetworkResourceId - } - ] + resourceGroupName: split(hubVirtualNetworkResourceId, '/')[4] + spokeName: workloadName + spokeVirtualNetworkResourceId: spokeNetwork.outputs.virtualNetworkResourceId + subscriptionId: split(hubVirtualNetworkResourceId, '/')[2] } } +output networkSecurityGroupName string = spokeNetwork.outputs.networkSecurityGroupName output subnetResourceId string = spokeNetwork.outputs.subnetResourceId +output virtualNetworkName string = spokeNetwork.outputs.virtualNetworkName diff --git a/src/bicep/add-ons/tier3/modules/storage.bicep b/src/bicep/add-ons/tier3/modules/storage.bicep index 5afffe067..1bc3e26c7 100644 --- a/src/bicep/add-ons/tier3/modules/storage.bicep +++ b/src/bicep/add-ons/tier3/modules/storage.bicep @@ -11,6 +11,7 @@ param logStorageSkuName string param location string param mlzTags object param network object +param resourceGroupName string param serviceToken string param storageEncryptionKeyName string param subnetResourceId string @@ -20,7 +21,7 @@ param userAssignedIdentityResourceId string module storageAccount '../../../modules/storage-account.bicep' = { name: 'storage' - scope: resourceGroup(network.subscriptionId, network.resourceGroupName) + scope: resourceGroup(network.subscriptionId, resourceGroupName) params: { blobsPrivateDnsZoneResourceId: blobsPrivateDnsZoneResourceId keyVaultUri: keyVaultUri @@ -28,9 +29,9 @@ module storageAccount '../../../modules/storage-account.bicep' = { mlzTags: mlzTags serviceToken: serviceToken skuName: logStorageSkuName - storageAccountName: network.logStorageAccountName - storageAccountNetworkInterfaceNamePrefix: network.logStorageAccountNetworkInterfaceNamePrefix - storageAccountPrivateEndpointNamePrefix: network.logStorageAccountPrivateEndpointNamePrefix + storageAccountName: network.namingConvention.storageAccount + storageAccountNetworkInterfaceNamePrefix: network.namingConvention.storageAccountNetworkInterface + storageAccountPrivateEndpointNamePrefix: network.namingConvention.storageAccountPrivateEndpoint storageEncryptionKeyName: storageEncryptionKeyName subnetResourceId: subnetResourceId tablesPrivateDnsZoneResourceId: tablesPrivateDnsZoneResourceId diff --git a/src/bicep/add-ons/tier3/solution.bicep b/src/bicep/add-ons/tier3/solution.bicep index f589f9b2c..e32f321d0 100644 --- a/src/bicep/add-ons/tier3/solution.bicep +++ b/src/bicep/add-ons/tier3/solution.bicep @@ -5,6 +5,9 @@ Licensed under the MIT License. targetScope = 'subscription' +@description('An array of additional subnets to support the tier3 workload.') +param additionalSubnets array = [] + @description('Choose whether to deploy a diagnostic setting for the Activity Log.') param deployActivityLogDiagnosticSetting bool @@ -41,6 +44,18 @@ param hubVirtualNetworkResourceId string @description('The identifier for the resource names. This value should represent the workload, project, or business unit.') param identifier string +@description('An array of Key Vault Diagnostic Logs categories to collect. See "https://learn.microsoft.com/en-us/azure/key-vault/general/logging?tabs=Vault" for valid values.') +param keyVaultDiagnosticsLogs array = [ + { + category: 'AuditEvent' + enabled: true + } + { + category: 'AzurePolicyEvaluationDetails' + enabled: true + } +] + @description('The location for the deployment. It defaults to the location of the deployment.') param location string = deployment().location @@ -69,7 +84,10 @@ param networkSecurityGroupDiagnosticsMetrics array = [] param networkSecurityGroupRules array = [] @description('The policy to assign to the workload.') -param policy string +param policy string = 'NISTRev4' + +@description('The stamp index allows for multiple AVD stamps with the same business unit or project to support different use cases.') +param stampIndex string = '' @description('The address prefix for the workload subnet.') param subnetAddressPrefix string @@ -89,24 +107,13 @@ param virtualNetworkDiagnosticsMetrics array = [] @minLength(1) @maxLength(10) @description('The name for the workload.') -param workloadName string = 'Tier3' +param workloadName string = 'tier3' @minLength(1) @maxLength(3) @description('The short name for the workload.') param workloadShortName string = 't3' -var environmentName = { - dev: 'Development' - prod: 'Production' - test: 'Test' -} -var mlzTags = { - environment: environmentName[environmentAbbreviation] - identifier: identifier - workloadName: 'MissionLandingZone-${workloadName}' - workloadVersion: loadTextContent('../../data/version.txt') -} var hubResourceGroupName = split(hubVirtualNetworkResourceId, '/')[4] var hubSubscriptionId = split(hubVirtualNetworkResourceId, '/')[2] var subscriptionId = subscription().subscriptionId @@ -116,25 +123,29 @@ resource azureFirewall 'Microsoft.Network/azureFirewalls@2020-11-01' existing = scope: resourceGroup(split(firewallResourceId, '/')[2], split(firewallResourceId, '/')[4]) } -module namingConvention '../../modules/naming-convention.bicep' = { - name: 'get-naming-${workloadShortName}-${deploymentNameSuffix}' - params: { - environmentAbbreviation: environmentAbbreviation - location: location - resourcePrefix: identifier - } -} - -module logic 'modules/logic.bicep' = { +module logic '../../modules/logic.bicep' = { name: 'get-logic-${workloadShortName}-${deploymentNameSuffix}' params: { + deploymentNameSuffix: deploymentNameSuffix environmentAbbreviation: environmentAbbreviation + location: location + networks: [ + { + name: workloadName + shortName: workloadShortName + deployUniqueResources: false + subscriptionId: subscriptionId + nsgDiagLogs: networkSecurityGroupDiagnosticsLogs + nsgDiagMetrics: networkSecurityGroupDiagnosticsMetrics + nsgRules: networkSecurityGroupRules + vnetAddressPrefix: virtualNetworkAddressPrefix + vnetDiagLogs: virtualNetworkDiagnosticsLogs + vnetDiagMetrics: virtualNetworkDiagnosticsMetrics + subnetAddressPrefix: subnetAddressPrefix + } + ] resourcePrefix: identifier - resources: namingConvention.outputs.resources - subscriptionId: subscriptionId - tokens: namingConvention.outputs.tokens - workloadName: toLower(workloadName) - workloadShortName: workloadShortName + stampIndex: stampIndex } } @@ -142,8 +153,8 @@ module rg '../../modules/resource-group.bicep' = { name: 'deploy-rg-${workloadShortName}-${deploymentNameSuffix}' params: { location: location - mlzTags: mlzTags - name: logic.outputs.network.resourceGroupName + mlzTags: logic.outputs.mlzTags + name: replace(logic.outputs.tiers[0].namingConvention.resourceGroup, logic.outputs.tokens.service, 'network') tags: tags } } @@ -151,24 +162,25 @@ module rg '../../modules/resource-group.bicep' = { module networking 'modules/networking.bicep' = { name: 'deploy-networking-${workloadShortName}-${deploymentNameSuffix}' params: { + additionalSubnets: additionalSubnets deploymentNameSuffix: deploymentNameSuffix deployNetworkWatcher: deployNetworkWatcher firewallSkuTier: azureFirewall.properties.sku.tier hubVirtualNetworkResourceId: hubVirtualNetworkResourceId location: location - mlzTags: mlzTags - networkSecurityGroupName: logic.outputs.network.networkSecurityGroupName + mlzTags: logic.outputs.mlzTags + networkSecurityGroupName: logic.outputs.tiers[0].namingConvention.networkSecurityGroup networkSecurityGroupRules: networkSecurityGroupRules - networkWatcherName: logic.outputs.network.networkWatcherName - resourceGroupName: logic.outputs.network.resourceGroupName - routeTableName: logic.outputs.network.routeTableName + networkWatcherName: logic.outputs.tiers[0].namingConvention.networkWatcher + resourceGroupName: rg.outputs.name + routeTableName: logic.outputs.tiers[0].namingConvention.routeTable routeTableRouteNextHopIpAddress: azureFirewall.properties.ipConfigurations[0].properties.privateIPAddress subnetAddressPrefix: subnetAddressPrefix - subnetName: logic.outputs.network.subnetName + subnetName: logic.outputs.tiers[0].namingConvention.subnet subscriptionId: subscriptionId tags: tags virtualNetworkAddressPrefix: virtualNetworkAddressPrefix - virtualNetworkName: logic.outputs.network.virtualNetworkName + virtualNetworkName: logic.outputs.tiers[0].namingConvention.virtualNetwork vNetDnsServers: [ azureFirewall.properties.ipConfigurations[0].properties.privateIPAddress ] @@ -191,10 +203,12 @@ module customerManagedKeys '../../modules/customer-managed-keys.bicep' = { replace('privatelink${environment().suffixes.keyvaultDns}', 'vault', 'vaultcore') ) location: location - mlzTags: mlzTags - networkProperties: logic.outputs.network + mlzTags: logic.outputs.mlzTags + resourceGroupName: rg.outputs.name subnetResourceId: networking.outputs.subnetResourceId tags: tags + tier: logic.outputs.tiers[0] + tokens: logic.outputs.tokens } } @@ -210,9 +224,10 @@ module storage 'modules/storage.bicep' = { keyVaultUri: customerManagedKeys.outputs.keyVaultUri location: location logStorageSkuName: logStorageSkuName - mlzTags: mlzTags - network: logic.outputs.network - serviceToken: namingConvention.outputs.tokens.service + mlzTags: logic.outputs.mlzTags + network: logic.outputs.tiers[0] + resourceGroupName: rg.outputs.name + serviceToken: logic.outputs.tokens.service storageEncryptionKeyName: customerManagedKeys.outputs.storageKeyName subnetResourceId: networking.outputs.subnetResourceId tablesPrivateDnsZoneResourceId: resourceId( @@ -231,13 +246,18 @@ module diagnostics 'modules/diagnostics.bicep' = { params: { deployActivityLogDiagnosticSetting: deployActivityLogDiagnosticSetting deploymentNameSuffix: deploymentNameSuffix + keyVaultDiagnosticLogs: keyVaultDiagnosticsLogs + keyVaultName: customerManagedKeys.outputs.keyVaultName logAnalyticsWorkspaceResourceId: logAnalyticsWorkspaceResourceId - network: logic.outputs.network networkSecurityGroupDiagnosticsLogs: networkSecurityGroupDiagnosticsLogs networkSecurityGroupDiagnosticsMetrics: networkSecurityGroupDiagnosticsMetrics + networkSecurityGroupName: networking.outputs.networkSecurityGroupName + resourceGroupName: rg.outputs.name storageAccountResourceId: storage.outputs.storageAccountResourceId + tier: logic.outputs.tiers[0] virtualNetworkDiagnosticsLogs: virtualNetworkDiagnosticsLogs virtualNetworkDiagnosticsMetrics: virtualNetworkDiagnosticsMetrics + virtualNetworkName: networking.outputs.virtualNetworkName } } @@ -248,17 +268,18 @@ module policyAssignments '../../modules/policy-assignments.bicep' = deploymentNameSuffix: deploymentNameSuffix location: location logAnalyticsWorkspaceResourceId: logAnalyticsWorkspaceResourceId - networks: [ - logic.outputs.network - ] + tiers: logic.outputs.tiers policy: policy + resourceGroupNames: [ + rg.outputs.name + ] } dependsOn: [ rg ] } -module defenderForCloud '../../modules/defenderForCloud.bicep' = +module defenderForCloud '../../modules/defender-for-cloud.bicep' = if (deployDefender) { name: 'set-${toLower(workloadName)}-sub-defender' params: { @@ -268,7 +289,14 @@ module defenderForCloud '../../modules/defenderForCloud.bicep' = } output diskEncryptionSetResourceId string = customerManagedKeys.outputs.diskEncryptionSetResourceId -output mlzTags object = mlzTags -output network object = logic.outputs.network +output keyVaultUri string = customerManagedKeys.outputs.keyVaultUri +output locatonProperties object = logic.outputs.locationProperties +output mlzTags object = logic.outputs.mlzTags +output namingConvention object = logic.outputs.tiers[0].namingConvention +output privateDnsZones array = logic.outputs.privateDnsZones +output resourcePrefix string = azureFirewall.tags.resourcePrefix +output storageEncryptionKeyName string = customerManagedKeys.outputs.storageKeyName output subnetResourceId string = networking.outputs.subnetResourceId -output tokens object = namingConvention.outputs.tokens +output tier object = logic.outputs.tiers[0] +output tokens object = logic.outputs.tokens +output userAssignedIdentityResourceId string = customerManagedKeys.outputs.userAssignedIdentityResourceId diff --git a/src/bicep/add-ons/tier3/solution.json b/src/bicep/add-ons/tier3/solution.json index 1e8f9bba5..eb2974d8f 100644 --- a/src/bicep/add-ons/tier3/solution.json +++ b/src/bicep/add-ons/tier3/solution.json @@ -4,11 +4,18 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "15277826004755007051" + "version": "0.27.1.19265", + "templateHash": "6877974702104389401" } }, "parameters": { + "additionalSubnets": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "An array of additional subnets to support the tier3 workload." + } + }, "deployActivityLogDiagnosticSetting": { "type": "bool", "metadata": { @@ -77,6 +84,22 @@ "description": "The identifier for the resource names. This value should represent the workload, project, or business unit." } }, + "keyVaultDiagnosticsLogs": { + "type": "array", + "defaultValue": [ + { + "category": "AuditEvent", + "enabled": true + }, + { + "category": "AzurePolicyEvaluationDetails", + "enabled": true + } + ], + "metadata": { + "description": "An array of Key Vault Diagnostic Logs categories to collect. See \"https://learn.microsoft.com/en-us/azure/key-vault/general/logging?tabs=Vault\" for valid values." + } + }, "location": { "type": "string", "defaultValue": "[deployment().location]", @@ -129,10 +152,18 @@ }, "policy": { "type": "string", + "defaultValue": "NISTRev4", "metadata": { "description": "The policy to assign to the workload." } }, + "stampIndex": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "The stamp index allows for multiple AVD stamps with the same business unit or project to support different use cases." + } + }, "subnetAddressPrefix": { "type": "string", "metadata": { @@ -168,7 +199,7 @@ }, "workloadName": { "type": "string", - "defaultValue": "Tier3", + "defaultValue": "tier3", "minLength": 1, "maxLength": 10, "metadata": { @@ -186,18 +217,6 @@ } }, "variables": { - "$fxv#0": "1.0.0", - "environmentName": { - "dev": "Development", - "prod": "Production", - "test": "Test" - }, - "mlzTags": { - "environment": "[variables('environmentName')[parameters('environmentAbbreviation')]]", - "identifier": "[parameters('identifier')]", - "workloadName": "[format('MissionLandingZone-{0}', parameters('workloadName'))]", - "workloadVersion": "[variables('$fxv#0')]" - }, "hubResourceGroupName": "[split(parameters('hubVirtualNetworkResourceId'), '/')[4]]", "hubSubscriptionId": "[split(parameters('hubVirtualNetworkResourceId'), '/')[2]]", "subscriptionId": "[subscription().subscriptionId]" @@ -206,7 +225,7 @@ { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('get-naming-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))]", + "name": "[format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))]", "location": "[deployment().location]", "properties": { "expressionEvaluationOptions": { @@ -214,14 +233,37 @@ }, "mode": "Incremental", "parameters": { + "deploymentNameSuffix": { + "value": "[parameters('deploymentNameSuffix')]" + }, "environmentAbbreviation": { "value": "[parameters('environmentAbbreviation')]" }, "location": { "value": "[parameters('location')]" }, + "networks": { + "value": [ + { + "name": "[parameters('workloadName')]", + "shortName": "[parameters('workloadShortName')]", + "deployUniqueResources": false, + "subscriptionId": "[variables('subscriptionId')]", + "nsgDiagLogs": "[parameters('networkSecurityGroupDiagnosticsLogs')]", + "nsgDiagMetrics": "[parameters('networkSecurityGroupDiagnosticsMetrics')]", + "nsgRules": "[parameters('networkSecurityGroupRules')]", + "vnetAddressPrefix": "[parameters('virtualNetworkAddressPrefix')]", + "vnetDiagLogs": "[parameters('virtualNetworkDiagnosticsLogs')]", + "vnetDiagMetrics": "[parameters('virtualNetworkDiagnosticsMetrics')]", + "subnetAddressPrefix": "[parameters('subnetAddressPrefix')]" + } + ] + }, "resourcePrefix": { "value": "[parameters('identifier')]" + }, + "stampIndex": { + "value": "[parameters('stampIndex')]" } }, "template": { @@ -230,22 +272,39 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "11837208542925912913" + "version": "0.27.1.19265", + "templateHash": "11171233226932915639" } }, "parameters": { + "deploymentNameSuffix": { + "type": "string" + }, "environmentAbbreviation": { "type": "string" }, "location": { "type": "string" }, + "networks": { + "type": "array" + }, "resourcePrefix": { "type": "string" + }, + "stampIndex": { + "type": "string", + "defaultValue": "" } }, "variables": { + "copy": [ + { + "name": "privateDnsZoneNames_Backup", + "count": "[length(items(variables('locations')))]", + "input": "[format('privatelink.{0}.backup.windowsazure.{1}', items(variables('locations'))[copyIndex('privateDnsZoneNames_Backup')].value.recoveryServicesGeo, coalesce(variables('privateDnsZoneSuffixes_Backup')[environment().name], variables('cloudSuffix')))]" + } + ], "$fxv#0": { "AzureChina": { "chinaeast": { @@ -630,8 +689,10 @@ } } }, - "$fxv#1": { + "$fxv#1": "1.0.0", + "$fxv#2": { "actionGroups": "ag", + "applicationGroups": "vdag", "automationAccounts": "aa", "availabilitySets": "avail", "azureFirewalls": "afw", @@ -639,7 +700,6 @@ "computeGallieries": "cg", "dataCollectionRuleAssociations": "dcra", "dataCollectionRules": "dcr", - "desktopApplicationGroups": "vdag", "diagnosticSettings": "diag", "diskAccesses": "da", "diskEncryptionSets": "des", @@ -668,200 +728,260 @@ "virtualNetworks": "vnet", "workspaces": "vdws" }, + "cloudSuffix": "[replace(replace(environment().resourceManager, 'https://management.', ''), '/', '')]", + "environmentName": { + "dev": "Development", + "prod": "Production", + "test": "Test" + }, "locations": "[variables('$fxv#0')[environment().name]]", - "locationAbbreviation": "[variables('locations')[parameters('location')].abbreviation]", - "resourceAbbreviations": "[variables('$fxv#1')]", - "resourceToken": "resource_token", - "serviceToken": "service_token", - "networkToken": "network_token", - "namingConvention": "[format('{0}-{1}-{2}-{3}-{4}-{5}', toLower(parameters('resourcePrefix')), variables('resourceToken'), variables('serviceToken'), variables('networkToken'), parameters('environmentAbbreviation'), variables('locationAbbreviation'))]", - "actionGroupNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').actionGroups)]", - "automationAccountNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').automationAccounts)]", - "bastionHostNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').bastionHosts)]", - "computeGalleryNamingConvention": "[replace(replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').computeGallieries), '-', '_')]", - "diskEncryptionSetNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').diskEncryptionSets)]", - "diskNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').disks)]", - "firewallNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').azureFirewalls)]", - "firewallPolicyNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').firewallPolicies)]", - "ipConfigurationNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').ipConfigurations)]", - "keyVaultNamingConvention": "[format('{0}unique_token', replace(replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').keyVaults), '-', ''))]", - "logAnalyticsWorkspaceNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').logAnalyticsWorkspaces)]", - "networkInterfaceNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').networkInterfaces)]", - "networkSecurityGroupNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').networkSecurityGroups)]", - "networkWatcherNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').networkWatchers)]", - "privateEndpointNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').privateEndpoints)]", - "privateLinkScopeName": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').privateLinkScopes)]", - "publicIpAddressNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').publicIPAddresses)]", - "resourceGroupNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').resourceGroups)]", - "routeTableNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').routeTables)]", - "storageAccountNamingConvention": "[toLower(format('{0}unique_token', replace(replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').storageAccounts), '-', '')))]", - "subnetNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').subnets)]", - "userAssignedIdentityNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').userAssignedIdentities)]", - "virtualMachineNamingConvention": "[replace(replace(replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').virtualMachines), '-', ''), parameters('environmentAbbreviation'), first(parameters('environmentAbbreviation')))]", - "virtualNetworkNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').virtualNetworks)]" - }, - "resources": [], - "outputs": { - "resources": { - "type": "object", - "value": { - "actionGroup": "[variables('actionGroupNamingConvention')]", - "automationAccount": "[variables('automationAccountNamingConvention')]", - "bastionHost": "[variables('bastionHostNamingConvention')]", - "computeGallery": "[variables('computeGalleryNamingConvention')]", - "diskEncryptionSet": "[variables('diskEncryptionSetNamingConvention')]", - "disk": "[variables('diskNamingConvention')]", - "firewall": "[variables('firewallNamingConvention')]", - "firewallPolicy": "[variables('firewallPolicyNamingConvention')]", - "ipConfiguration": "[variables('ipConfigurationNamingConvention')]", - "keyVault": "[variables('keyVaultNamingConvention')]", - "logAnalyticsWorkspace": "[variables('logAnalyticsWorkspaceNamingConvention')]", - "networkInterface": "[variables('networkInterfaceNamingConvention')]", - "networkSecurityGroup": "[variables('networkSecurityGroupNamingConvention')]", - "networkWatcher": "[variables('networkWatcherNamingConvention')]", - "privateEndpoint": "[variables('privateEndpointNamingConvention')]", - "privateLinkScope": "[variables('privateLinkScopeName')]", - "publicIpAddress": "[variables('publicIpAddressNamingConvention')]", - "resourceGroup": "[variables('resourceGroupNamingConvention')]", - "routeTable": "[variables('routeTableNamingConvention')]", - "storageAccount": "[variables('storageAccountNamingConvention')]", - "subnet": "[variables('subnetNamingConvention')]", - "userAssignedIdentity": "[variables('userAssignedIdentityNamingConvention')]", - "virtualMachine": "[variables('virtualMachineNamingConvention')]", - "virtualNetwork": "[variables('virtualNetworkNamingConvention')]" - } + "mlzTags": { + "environment": "[variables('environmentName')[parameters('environmentAbbreviation')]]", + "landingZoneName": "MissionLandingZone", + "landingZoneVersion": "[variables('$fxv#1')]", + "resourcePrefix": "[parameters('resourcePrefix')]" }, + "resourceAbbreviations": "[variables('$fxv#2')]", "tokens": { - "type": "object", - "value": { - "resource": "[variables('resourceToken')]", - "service": "[variables('serviceToken')]", - "network": "[variables('networkToken')]" - } - } - } - } - } - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))]", - "location": "[deployment().location]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "environmentAbbreviation": { - "value": "[parameters('environmentAbbreviation')]" - }, - "resourcePrefix": { - "value": "[parameters('identifier')]" - }, - "resources": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-naming-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.resources.value]" - }, - "subscriptionId": { - "value": "[variables('subscriptionId')]" - }, - "tokens": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-naming-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value]" - }, - "workloadName": { - "value": "[toLower(parameters('workloadName'))]" - }, - "workloadShortName": { - "value": "[parameters('workloadShortName')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "2888361491405108203" - } - }, - "parameters": { - "environmentAbbreviation": { - "type": "string" + "resource": "resource_token", + "service": "service_token" }, - "subscriptionId": { - "type": "string" + "privateDnsZoneNames": "[union(createArray(format('privatelink.agentsvc.azure-automation.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureAutomation')[environment().name], variables('cloudSuffix'))), format('privatelink.azure-automation.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureAutomation')[environment().name], variables('cloudSuffix'))), format('privatelink.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureWebSites')[environment().name], format('appservice.{0}', variables('cloudSuffix')))), format('scm.privatelink.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureWebSites')[environment().name], format('appservice.{0}', variables('cloudSuffix')))), format('privatelink.wvd.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureVirtualDesktop')[environment().name], variables('cloudSuffix'))), format('privatelink-global.wvd.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureVirtualDesktop')[environment().name], variables('cloudSuffix'))), format('privatelink.file.{0}', environment().suffixes.storage), format('privatelink.queue.{0}', environment().suffixes.storage), format('privatelink.table.{0}', environment().suffixes.storage), format('privatelink.blob.{0}', environment().suffixes.storage), format('privatelink{0}', replace(environment().suffixes.keyvaultDns, 'vault', 'vaultcore')), format('privatelink.monitor.{0}', coalesce(variables('privateDnsZoneSuffixes_Monitor')[environment().name], variables('cloudSuffix'))), format('privatelink.ods.opinsights.{0}', coalesce(variables('privateDnsZoneSuffixes_Monitor')[environment().name], variables('cloudSuffix'))), format('privatelink.oms.opinsights.{0}', coalesce(variables('privateDnsZoneSuffixes_Monitor')[environment().name], variables('cloudSuffix')))), variables('privateDnsZoneNames_Backup'))]", + "privateDnsZoneSuffixes_AzureAutomation": { + "AzureCloud": "net", + "AzureUSGovernment": "us", + "USNat": null, + "USSec": null }, - "resourcePrefix": { - "type": "string" + "privateDnsZoneSuffixes_AzureVirtualDesktop": { + "AzureCloud": "microsoft.com", + "AzureUSGovernment": "azure.us", + "USNat": null, + "USSec": null }, - "resources": { - "type": "object" + "privateDnsZoneSuffixes_AzureWebSites": { + "AzureCloud": "azurewebsites.net", + "AzureUSGovernment": "azurewebsites.us", + "USNat": null, + "USSec": null }, - "tokens": { - "type": "object" + "privateDnsZoneSuffixes_Backup": { + "AzureCloud": "com", + "AzureUSGovernment": "us", + "USNat": null, + "USSec": null }, - "workloadName": { - "type": "string" - }, - "workloadShortName": { - "type": "string" + "privateDnsZoneSuffixes_Monitor": { + "AzureCloud": "azure.com", + "AzureUSGovernment": "azure.us", + "USNat": null, + "USSec": null } }, - "variables": { - "network": { - "name": "[parameters('workloadName')]", - "subscriptionId": "[parameters('subscriptionId')]", - "resourceGroupName": "[replace(replace(parameters('resources').resourceGroup, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, parameters('workloadName'))]", - "deployUniqueResources": true, - "actionGroupName": "[replace(replace(parameters('resources').actionGroup, parameters('tokens').service, ''), parameters('tokens').network, parameters('workloadName'))]", - "automationAccountName": "[replace(replace(parameters('resources').automationAccount, parameters('tokens').service, ''), parameters('tokens').network, parameters('workloadName'))]", - "bastionHostIPConfigurationName": "[replace(replace(parameters('resources').ipConfiguration, parameters('tokens').service, 'bas'), parameters('tokens').network, parameters('workloadName'))]", - "bastionHostName": "[replace(replace(parameters('resources').bastionHost, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, parameters('workloadName'))]", - "bastionHostPublicIPAddressName": "[replace(replace(parameters('resources').publicIpAddress, parameters('tokens').service, 'bas'), parameters('tokens').network, parameters('workloadName'))]", - "computeGalleryName": "[replace(replace(parameters('resources').computeGallery, format('_{0}', parameters('tokens').service), ''), parameters('tokens').network, parameters('workloadName'))]", - "diskEncryptionSetName": "[replace(replace(parameters('resources').diskEncryptionSet, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, parameters('workloadName'))]", - "firewallClientIpConfigurationName": "[replace(replace(parameters('resources').ipConfiguration, parameters('tokens').service, 'client-afw'), parameters('tokens').network, parameters('workloadName'))]", - "firewallClientPublicIPAddressName": "[replace(replace(parameters('resources').publicIpAddress, parameters('tokens').service, 'client-afw'), parameters('tokens').network, parameters('workloadName'))]", - "firewallManagementIpConfigurationName": "[replace(replace(parameters('resources').ipConfiguration, parameters('tokens').service, 'mgmt-afw'), parameters('tokens').network, parameters('workloadName'))]", - "firewallManagementPublicIPAddressName": "[replace(replace(parameters('resources').publicIpAddress, parameters('tokens').service, 'mgmt-afw'), parameters('tokens').network, parameters('workloadName'))]", - "firewallName": "[replace(replace(parameters('resources').firewall, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, parameters('workloadName'))]", - "firewallPolicyName": "[replace(replace(parameters('resources').firewallPolicy, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, parameters('workloadName'))]", - "keyVaultName": "[take(replace(replace(replace(parameters('resources').keyVault, parameters('tokens').service, ''), parameters('tokens').network, parameters('workloadShortName')), 'unique_token', uniqueString(parameters('resourcePrefix'), parameters('environmentAbbreviation'), parameters('subscriptionId'))), 24)]", - "keyVaultNetworkInterfaceName": "[replace(replace(parameters('resources').networkInterface, parameters('tokens').service, 'kv'), parameters('tokens').network, parameters('workloadName'))]", - "keyVaultPrivateEndpointName": "[replace(replace(parameters('resources').privateEndpoint, parameters('tokens').service, 'kv'), parameters('tokens').network, parameters('workloadName'))]", - "linuxDiskName": "[replace(replace(parameters('resources').disk, parameters('tokens').service, 'linux'), parameters('tokens').network, parameters('workloadName'))]", - "linuxNetworkInterfaceIpConfigurationName": "[replace(replace(parameters('resources').ipConfiguration, parameters('tokens').service, 'linux'), parameters('tokens').network, parameters('workloadName'))]", - "linuxNetworkInterfaceName": "[replace(replace(parameters('resources').networkInterface, parameters('tokens').service, 'linux'), parameters('tokens').network, parameters('workloadName'))]", - "linuxVmName": "[replace(replace(parameters('resources').virtualMachine, parameters('tokens').service, format('l{0}', parameters('tokens').service)), parameters('tokens').network, parameters('workloadShortName'))]", - "logStorageAccountName": "[take(replace(replace(replace(parameters('resources').storageAccount, parameters('tokens').service, ''), parameters('tokens').network, parameters('workloadShortName')), 'unique_token', uniqueString(parameters('resourcePrefix'), parameters('environmentAbbreviation'), parameters('subscriptionId'))), 24)]", - "logStorageAccountNetworkInterfaceNamePrefix": "[replace(replace(parameters('resources').networkInterface, parameters('tokens').service, format('{0}-st', parameters('tokens').service)), parameters('tokens').network, parameters('workloadName'))]", - "logStorageAccountPrivateEndpointNamePrefix": "[replace(replace(parameters('resources').privateEndpoint, parameters('tokens').service, format('{0}-st', parameters('tokens').service)), parameters('tokens').network, parameters('workloadName'))]", - "networkSecurityGroupName": "[replace(replace(parameters('resources').networkSecurityGroup, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, parameters('workloadName'))]", - "networkWatcherName": "[replace(replace(parameters('resources').networkWatcher, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, parameters('workloadName'))]", - "routeTableName": "[replace(replace(parameters('resources').routeTable, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, parameters('workloadName'))]", - "subnetName": "[replace(replace(parameters('resources').subnet, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, parameters('workloadName'))]", - "userAssignedIdentityName": "[replace(replace(parameters('resources').userAssignedIdentity, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, parameters('workloadName'))]", - "virtualNetworkName": "[replace(replace(parameters('resources').virtualNetwork, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, parameters('workloadName'))]", - "windowsDiskName": "[replace(replace(parameters('resources').disk, parameters('tokens').service, 'windows'), parameters('tokens').network, parameters('workloadName'))]", - "windowsNetworkInterfaceIpConfigurationName": "[replace(replace(parameters('resources').ipConfiguration, parameters('tokens').service, 'windows'), parameters('tokens').network, parameters('workloadName'))]", - "windowsNetworkInterfaceName": "[replace(replace(parameters('resources').networkInterface, parameters('tokens').service, 'windows'), parameters('tokens').network, parameters('workloadName'))]", - "windowsVmName": "[replace(replace(parameters('resources').virtualMachine, parameters('tokens').service, format('w{0}', parameters('tokens').service)), parameters('tokens').network, parameters('workloadShortName'))]" + "resources": [ + { + "copy": { + "name": "namingConventions", + "count": "[length(parameters('networks'))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('naming-convention-{0}-{1}', parameters('networks')[copyIndex()].name, parameters('deploymentNameSuffix'))]", + "location": "[deployment().location]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "locationAbbreviation": { + "value": "[variables('locations')[parameters('location')].abbreviation]" + }, + "environmentAbbreviation": { + "value": "[parameters('environmentAbbreviation')]" + }, + "networkName": { + "value": "[parameters('networks')[copyIndex()].name]" + }, + "networkShortName": { + "value": "[parameters('networks')[copyIndex()].shortName]" + }, + "resourceAbbreviations": { + "value": "[variables('resourceAbbreviations')]" + }, + "resourcePrefix": { + "value": "[parameters('resourcePrefix')]" + }, + "stampIndex": { + "value": "[parameters('stampIndex')]" + }, + "subscriptionId": { + "value": "[parameters('networks')[copyIndex()].subscriptionId]" + }, + "tokens": { + "value": "[variables('tokens')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "13218155481958331255" + } + }, + "parameters": { + "environmentAbbreviation": { + "type": "string" + }, + "locationAbbreviation": { + "type": "string" + }, + "networkName": { + "type": "string" + }, + "networkShortName": { + "type": "string" + }, + "resourceAbbreviations": { + "type": "object" + }, + "resourcePrefix": { + "type": "string" + }, + "stampIndex": { + "type": "string", + "defaultValue": "" + }, + "subscriptionId": { + "type": "string" + }, + "tokens": { + "type": "object" + } + }, + "variables": { + "namingConvention": "[format('{0}-{1}{2}-{3}-{4}-{5}', toLower(parameters('resourcePrefix')), if(empty(parameters('stampIndex')), '', format('{0}-', parameters('stampIndex'))), parameters('tokens').resource, parameters('networkName'), parameters('environmentAbbreviation'), parameters('locationAbbreviation'))]", + "namingConvention_Service": "[format('{0}-{1}{2}-{3}-{4}-{5}-{6}', toLower(parameters('resourcePrefix')), if(empty(parameters('stampIndex')), '', format('{0}-', parameters('stampIndex'))), parameters('tokens').resource, parameters('tokens').service, parameters('networkName'), parameters('environmentAbbreviation'), parameters('locationAbbreviation'))]", + "names": { + "actionGroup": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').actionGroups)]", + "applicationGroup": "[replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').applicationGroups)]", + "automationAccount": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').automationAccounts)]", + "automationAccountDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, parameters('resourceAbbreviations').automationAccounts)]", + "automationAccountNetworkInterface": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, parameters('resourceAbbreviations').automationAccounts)]", + "automationAccountPrivateEndpoint": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').privateEndpoints), parameters('tokens').service, parameters('resourceAbbreviations').automationAccounts)]", + "availabilitySet": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').availabilitySets)]", + "azureFirewall": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').azureFirewalls)]", + "azureFirewallClientPublicIPAddress": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').publicIpAddresses), parameters('tokens').service, format('client-{0}', parameters('resourceAbbreviations').azureFirewalls))]", + "azureFirewallClientPublicIPAddressDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, format('{0}-client-{1}', parameters('resourceAbbreviations').publicIpAddresses, parameters('resourceAbbreviations').azureFirewalls))]", + "azureFirewallDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, parameters('resourceAbbreviations').azureFirewalls)]", + "azureFirewallManagementPublicIPAddress": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').publicIpAddresses), parameters('tokens').service, format('mgmt-{0}', parameters('resourceAbbreviations').azureFirewalls))]", + "azureFirewallManagementPublicIPAddressDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, format('{0}-mgmt-{1}', parameters('resourceAbbreviations').publicIpAddresses, parameters('resourceAbbreviations').azureFirewalls))]", + "azureFirewallPolicy": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').firewallPolicies)]", + "bastionHost": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').bastionHosts)]", + "bastionHostPublicIPAddress": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').publicIpAddresses), parameters('tokens').service, parameters('resourceAbbreviations').bastionHosts)]", + "bastionHostPublicIPAddressDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, format('{0}-{1}', parameters('resourceAbbreviations').publicIpAddresses, parameters('resourceAbbreviations').bastionHosts))]", + "computeGallery": "[replace(replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').computeGallieries), '-', '_')]", + "dataCollectionRuleAssociation": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').dataCollectionRuleAssociations)]", + "dataCollectionRule": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').dataCollectionRules)]", + "diskAccess": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').diskAccesses)]", + "diskEncryptionSet": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').diskEncryptionSets)]", + "hostPool": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').hostPools)]", + "hostPoolDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, parameters('resourceAbbreviations').hostPools)]", + "hostPoolNetworkInterface": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, parameters('resourceAbbreviations').hostPools)]", + "hostPoolPrivateEndpoint": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').privateEndpoints), parameters('tokens').service, parameters('resourceAbbreviations').hostPools)]", + "keyVault": "[format('{0}{1}', replace(replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').keyVaults), '-', ''), parameters('networkName'), parameters('networkShortName')), uniqueString(parameters('resourcePrefix'), parameters('environmentAbbreviation'), parameters('subscriptionId')))]", + "keyVaultDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, format('{0}{1}', parameters('tokens').service, parameters('resourceAbbreviations').keyVaults))]", + "keyVaultNetworkInterface": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, format('{0}{1}', parameters('tokens').service, parameters('resourceAbbreviations').keyVaults))]", + "keyVaultPrivateEndpoint": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').privateEndpoints), parameters('tokens').service, format('{0}{1}', parameters('tokens').service, parameters('resourceAbbreviations').keyVaults))]", + "logAnalyticsWorkspace": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').logAnalyticsWorkspaces)]", + "logAnalyticsWorkspaceDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, parameters('resourceAbbreviations').logAnalyticsWorkspaces)]", + "netAppAccountCapacityPool": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').netAppCapacityPools)]", + "netAppAccount": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').netAppAccounts)]", + "networkSecurityGroup": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').networkSecurityGroups)]", + "networkSecurityGroupDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, parameters('resourceAbbreviations').networkSecurityGroups)]", + "networkWatcher": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').networkWatchers)]", + "privateLinkScope": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').privateLinkScopes)]", + "privateLinkScopeNetworkInterface": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, parameters('resourceAbbreviations').privateLinkScopes)]", + "privateLinkScopePrivateEndpoint": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').privateEndpoints), parameters('tokens').service, parameters('resourceAbbreviations').privateLinkScopes)]", + "recoveryServicesVault": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').recoveryServicesVaults)]", + "recoveryServicesNetworkInterface": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, parameters('resourceAbbreviations').recoveryServicesVaults)]", + "recoveryServicesPrivateEndpoint": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').privateEndpoints), parameters('tokens').service, parameters('resourceAbbreviations').recoveryServicesVaults)]", + "resourceGroup": "[replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').resourceGroups)]", + "routeTable": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').routeTables)]", + "storageAccount": "[toLower(take(format('{0}{1}', replace(replace(replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').storageAccounts), parameters('networkName'), parameters('networkShortName')), '-', ''), uniqueString(parameters('resourcePrefix'), parameters('environmentAbbreviation'), parameters('subscriptionId'))), 24))]", + "storageAccountNetworkInterface": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').storageAccounts))]", + "storageAccountPrivateEndpoint": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').privateEndpoints), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').storageAccounts))]", + "subnet": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').subnets)]", + "userAssignedIdentity": "[replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').userAssignedIdentities)]", + "virtualMachine": "[replace(replace(replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').virtualMachines), parameters('environmentAbbreviation'), first(parameters('environmentAbbreviation'))), parameters('networkName'), ''), '-', '')]", + "virtualMachineDisk": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').disks), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').virtualMachines))]", + "virtualMachineNetworkInterface": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').virtualMachines))]", + "virtualNetwork": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').virtualNetworks)]", + "virtualNetworkDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, parameters('resourceAbbreviations').virtualNetworks)]", + "workspaceFeed": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').workspaces), format('-{0}', parameters('stampIndex')), '')]", + "workspaceFeedDiagnosticSetting": "[replace(replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').workspaces)), format('-{0}', parameters('stampIndex')), '')]", + "workspaceFeedNetworkInterface": "[replace(replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').workspaces)), format('-{0}', parameters('stampIndex')), '')]", + "workspaceFeedPrivateEndpoint": "[replace(replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').privateEndpoints), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').workspaces)), format('-{0}', parameters('stampIndex')), '')]", + "workspaceGlobal": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').workspaces), format('-{0}', parameters('stampIndex')), '')]", + "workspaceGlobalDiagnosticSetting": "[replace(replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').workspaces)), format('-{0}', parameters('stampIndex')), '')]", + "workspaceGlobalNetworkInterface": "[replace(replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').workspaces)), format('-{0}', parameters('stampIndex')), '')]", + "workspaceGlobalPrivateEndpoint": "[replace(replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').privateEndpoints), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').workspaces)), format('-{0}', parameters('stampIndex')), '')]" + } + }, + "resources": [], + "outputs": { + "names": { + "type": "object", + "value": "[variables('names')]" + } + } + } + } } - }, - "resources": [], + ], "outputs": { - "network": { + "locationProperties": { "type": "object", - "value": "[variables('network')]" + "value": "[variables('locations')[parameters('location')]]" + }, + "mlzTags": { + "type": "object", + "value": "[variables('mlzTags')]" + }, + "privateDnsZones": { + "type": "array", + "value": "[variables('privateDnsZoneNames')]" + }, + "tiers": { + "type": "array", + "copy": { + "count": "[length(parameters('networks'))]", + "input": { + "name": "[parameters('networks')[copyIndex()].name]", + "shortName": "[parameters('networks')[copyIndex()].shortName]", + "deployUniqueResources": "[parameters('networks')[copyIndex()].deployUniqueResources]", + "subscriptionId": "[parameters('networks')[copyIndex()].subscriptionId]", + "nsgDiagLogs": "[parameters('networks')[copyIndex()].nsgDiagLogs]", + "nsgDiagMetrics": "[parameters('networks')[copyIndex()].nsgDiagMetrics]", + "nsgRules": "[parameters('networks')[copyIndex()].nsgRules]", + "vnetAddressPrefix": "[parameters('networks')[copyIndex()].vnetAddressPrefix]", + "vnetDiagLogs": "[parameters('networks')[copyIndex()].vnetDiagLogs]", + "vnetDiagMetrics": "[parameters('networks')[copyIndex()].vnetDiagMetrics]", + "subnetAddressPrefix": "[parameters('networks')[copyIndex()].subnetAddressPrefix]", + "namingConvention": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('naming-convention-{0}-{1}', parameters('networks')[copyIndex()].name, parameters('deploymentNameSuffix'))), '2022-09-01').outputs.names.value]" + } + } + }, + "tokens": { + "type": "object", + "value": "[variables('tokens')]" } } } - }, - "dependsOn": [ - "[subscriptionResourceId('Microsoft.Resources/deployments', format('get-naming-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]" - ] + } }, { "type": "Microsoft.Resources/deployments", @@ -878,10 +998,10 @@ "value": "[parameters('location')]" }, "mlzTags": { - "value": "[variables('mlzTags')]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.mlzTags.value]" }, "name": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.network.value.resourceGroupName]" + "value": "[replace(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value[0].namingConvention.resourceGroup, reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value.service, 'network')]" }, "tags": { "value": "[parameters('tags')]" @@ -893,8 +1013,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "15837787188813527331" + "version": "0.27.1.19265", + "templateHash": "11578255285976861685" } }, "parameters": { @@ -956,6 +1076,9 @@ }, "mode": "Incremental", "parameters": { + "additionalSubnets": { + "value": "[parameters('additionalSubnets')]" + }, "deploymentNameSuffix": { "value": "[parameters('deploymentNameSuffix')]" }, @@ -972,22 +1095,22 @@ "value": "[parameters('location')]" }, "mlzTags": { - "value": "[variables('mlzTags')]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.mlzTags.value]" }, "networkSecurityGroupName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.network.value.networkSecurityGroupName]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value[0].namingConvention.networkSecurityGroup]" }, "networkSecurityGroupRules": { "value": "[parameters('networkSecurityGroupRules')]" }, "networkWatcherName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.network.value.networkWatcherName]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value[0].namingConvention.networkWatcher]" }, "resourceGroupName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.network.value.resourceGroupName]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" }, "routeTableName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.network.value.routeTableName]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value[0].namingConvention.routeTable]" }, "routeTableRouteNextHopIpAddress": { "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('firewallResourceId'), '/')[2], split(parameters('firewallResourceId'), '/')[4]), 'Microsoft.Network/azureFirewalls', split(parameters('firewallResourceId'), '/')[8]), '2020-11-01').ipConfigurations[0].properties.privateIPAddress]" @@ -996,7 +1119,7 @@ "value": "[parameters('subnetAddressPrefix')]" }, "subnetName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.network.value.subnetName]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value[0].namingConvention.subnet]" }, "subscriptionId": { "value": "[variables('subscriptionId')]" @@ -1008,7 +1131,7 @@ "value": "[parameters('virtualNetworkAddressPrefix')]" }, "virtualNetworkName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.network.value.virtualNetworkName]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value[0].namingConvention.virtualNetwork]" }, "vNetDnsServers": { "value": [ @@ -1028,11 +1151,14 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "5206820343027478458" + "version": "0.27.1.19265", + "templateHash": "3012486009507231873" } }, "parameters": { + "additionalSubnets": { + "type": "array" + }, "deploymentNameSuffix": { "type": "string" }, @@ -1102,14 +1228,16 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "spokeNetwork", - "subscriptionId": "[parameters('subscriptionId')]", - "resourceGroup": "[parameters('resourceGroupName')]", + "location": "[deployment().location]", "properties": { "expressionEvaluationOptions": { "scope": "inner" }, "mode": "Incremental", "parameters": { + "additionalSubnets": { + "value": "[parameters('additionalSubnets')]" + }, "deployNetworkWatcher": { "value": "[parameters('deployNetworkWatcher')]" }, @@ -1131,6 +1259,9 @@ "networkWatcherName": { "value": "[parameters('networkWatcherName')]" }, + "resourceGroupName": { + "value": "[parameters('resourceGroupName')]" + }, "routeTableName": { "value": "[parameters('routeTableName')]" }, @@ -1143,11 +1274,8 @@ "subnetName": { "value": "[parameters('subnetName')]" }, - "subnetPrivateEndpointNetworkPolicies": { - "value": "Disabled" - }, - "subnetPrivateLinkServiceNetworkPolicies": { - "value": "Disabled" + "subscriptionId": { + "value": "[parameters('subscriptionId')]" }, "tags": { "value": "[parameters('tags')]" @@ -1163,16 +1291,20 @@ } }, "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "9443806356306142434" + "version": "0.27.1.19265", + "templateHash": "4742978871908330688" } }, "parameters": { + "additionalSubnets": { + "type": "array", + "defaultValue": [] + }, "deployNetworkWatcher": { "type": "bool" }, @@ -1194,34 +1326,22 @@ "networkWatcherName": { "type": "string" }, - "routeTableName": { + "resourceGroupName": { "type": "string" }, - "routeTableRouteName": { - "type": "string", - "defaultValue": "default_route" - }, - "routeTableRouteAddressPrefix": { - "type": "string", - "defaultValue": "0.0.0.0/0" + "routeTableName": { + "type": "string" }, "routeTableRouteNextHopIpAddress": { "type": "string" }, - "routeTableRouteNextHopType": { - "type": "string", - "defaultValue": "VirtualAppliance" - }, "subnetAddressPrefix": { "type": "string" }, "subnetName": { "type": "string" }, - "subnetPrivateEndpointNetworkPolicies": { - "type": "string" - }, - "subnetPrivateLinkServiceNetworkPolicies": { + "subscriptionId": { "type": "string" }, "tags": { @@ -1237,11 +1357,28 @@ "type": "array" } }, + "variables": { + "delegations": { + "AzureNetAppFiles": [ + { + "name": "Microsoft.Netapp.volumes", + "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets/delegations', parameters('virtualNetworkName'), 'AzureNetAppFiles', 'Microsoft.Netapp.volumes')]", + "properties": { + "serviceName": "Microsoft.Netapp/volumes" + }, + "type": "Microsoft.Network/virtualNetworks/subnets/delegations" + } + ] + }, + "subnets": "[union(createArray(createObject('name', parameters('subnetName'), 'properties', createObject('addressPrefix', parameters('subnetAddressPrefix')))), parameters('additionalSubnets'))]" + }, "resources": [ { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "networkSecurityGroup", + "subscriptionId": "[parameters('subscriptionId')]", + "resourceGroup": "[parameters('resourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -1270,8 +1407,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "13414814252968710669" + "version": "0.27.1.19265", + "templateHash": "12935581119437417634" } }, "parameters": { @@ -1320,6 +1457,8 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "routeTable", + "subscriptionId": "[parameters('subscriptionId')]", + "resourceGroup": "[parameters('resourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -1338,18 +1477,9 @@ "name": { "value": "[parameters('routeTableName')]" }, - "routeAddressPrefix": { - "value": "[parameters('routeTableRouteAddressPrefix')]" - }, - "routeName": { - "value": "[parameters('routeTableRouteName')]" - }, "routeNextHopIpAddress": { "value": "[parameters('routeTableRouteNextHopIpAddress')]" }, - "routeNextHopType": { - "value": "[parameters('routeTableRouteNextHopType')]" - }, "tags": { "value": "[parameters('tags')]" } @@ -1360,8 +1490,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "8969815603564770173" + "version": "0.27.1.19265", + "templateHash": "18262399193161292353" } }, "parameters": { @@ -1378,16 +1508,19 @@ "type": "string" }, "routeAddressPrefix": { - "type": "string" + "type": "string", + "defaultValue": "0.0.0.0/0" }, "routeName": { - "type": "string" + "type": "string", + "defaultValue": "default_route" }, "routeNextHopIpAddress": { "type": "string" }, "routeNextHopType": { - "type": "string" + "type": "string", + "defaultValue": "VirtualAppliance" }, "tags": { "type": "object" @@ -1433,6 +1566,8 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "networkWatcher", + "subscriptionId": "[parameters('subscriptionId')]", + "resourceGroup": "[parameters('resourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -1458,8 +1593,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "6425343849060009850" + "version": "0.27.1.19265", + "templateHash": "13830033528097307473" } }, "parameters": { @@ -1493,6 +1628,8 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "virtualNetwork", + "subscriptionId": "[parameters('subscriptionId')]", + "resourceGroup": "[parameters('resourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -1512,20 +1649,11 @@ "value": "[parameters('virtualNetworkName')]" }, "subnets": { - "value": [ + "copy": [ { - "name": "[parameters('subnetName')]", - "properties": { - "addressPrefix": "[parameters('subnetAddressPrefix')]", - "networkSecurityGroup": { - "id": "[reference(resourceId('Microsoft.Resources/deployments', 'networkSecurityGroup'), '2022-09-01').outputs.id.value]" - }, - "routeTable": { - "id": "[reference(resourceId('Microsoft.Resources/deployments', 'routeTable'), '2022-09-01').outputs.id.value]" - }, - "privateEndpointNetworkPolicies": "[parameters('subnetPrivateEndpointNetworkPolicies')]", - "privateLinkServiceNetworkPolicies": "[parameters('subnetPrivateLinkServiceNetworkPolicies')]" - } + "name": "value", + "count": "[length(variables('subnets'))]", + "input": "[createObject('name', variables('subnets')[copyIndex('value')].name, 'properties', createObject('addressPrefix', variables('subnets')[copyIndex('value')].properties.addressPrefix, 'delegations', coalesce(tryGet(variables('delegations'), variables('subnets')[copyIndex('value')].name), createArray()), 'networkSecurityGroup', createObject('id', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'networkSecurityGroup'), '2022-09-01').outputs.id.value), 'routeTable', createObject('id', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'routeTable'), '2022-09-01').outputs.id.value), 'privateEndpointNetworkPolicies', 'Disabled', 'privateLinkServiceNetworkPolicies', 'Disabled'))]" } ] }, @@ -1545,8 +1673,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "6916781723220735567" + "version": "0.27.1.19265", + "templateHash": "4325479931624604061" } }, "parameters": { @@ -1614,44 +1742,44 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Resources/deployments', 'networkSecurityGroup')]", - "[resourceId('Microsoft.Resources/deployments', 'networkWatcher')]", - "[resourceId('Microsoft.Resources/deployments', 'routeTable')]" + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'networkSecurityGroup')]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'networkWatcher')]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'routeTable')]" ] } ], "outputs": { "virtualNetworkName": { "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.name.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.name.value]" }, "virtualNetworkResourceId": { "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.id.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.id.value]" }, "virtualNetworkAddressPrefix": { "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.addressPrefix.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.addressPrefix.value]" }, "subnetName": { "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.subnets.value[0].name]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.subnets.value[0].name]" }, "subnetAddressPrefix": { "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.subnets.value[0].properties.addressPrefix]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.subnets.value[0].properties.addressPrefix]" }, "subnetResourceId": { "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.subnets.value[0].id]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.subnets.value[0].id]" }, "networkSecurityGroupName": { "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'networkSecurityGroup'), '2022-09-01').outputs.name.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'networkSecurityGroup'), '2022-09-01').outputs.name.value]" }, "networkSecurityGroupResourceId": { "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'networkSecurityGroup'), '2022-09-01').outputs.id.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'networkSecurityGroup'), '2022-09-01').outputs.id.value]" } } } @@ -1668,20 +1796,20 @@ }, "mode": "Incremental", "parameters": { - "hubVirtualNetworkName": { - "value": "[split(parameters('hubVirtualNetworkResourceId'), '/')[8]]" - }, "hubVirtualNetworkResourceId": { "value": "[parameters('hubVirtualNetworkResourceId')]" }, + "resourceGroupName": { + "value": "[parameters('resourceGroupName')]" + }, "spokeName": { "value": "[parameters('workloadName')]" }, - "spokeResourceGroupName": { - "value": "[parameters('resourceGroupName')]" - }, "spokeVirtualNetworkName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'spokeNetwork'), '2022-09-01').outputs.virtualNetworkName.value]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', 'spokeNetwork'), '2022-09-01').outputs.virtualNetworkName.value]" + }, + "subscriptionId": { + "value": "[parameters('subscriptionId')]" } }, "template": { @@ -1690,24 +1818,24 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "3360096389164919794" + "version": "0.27.1.19265", + "templateHash": "1081420821337659529" } }, "parameters": { - "spokeName": { + "hubVirtualNetworkResourceId": { "type": "string" }, - "spokeResourceGroupName": { + "resourceGroupName": { "type": "string" }, - "spokeVirtualNetworkName": { + "spokeName": { "type": "string" }, - "hubVirtualNetworkName": { + "spokeVirtualNetworkName": { "type": "string" }, - "hubVirtualNetworkResourceId": { + "subscriptionId": { "type": "string" } }, @@ -1716,18 +1844,22 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('{0}-to-hub-vnet-peering', parameters('spokeName'))]", - "resourceGroup": "[parameters('spokeResourceGroupName')]", + "subscriptionId": "[parameters('subscriptionId')]", + "resourceGroup": "[parameters('resourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" }, "mode": "Incremental", "parameters": { - "name": { - "value": "[format('{0}/to-{1}', parameters('spokeVirtualNetworkName'), parameters('hubVirtualNetworkName'))]" - }, "remoteVirtualNetworkResourceId": { "value": "[parameters('hubVirtualNetworkResourceId')]" + }, + "virtualNetworkName": { + "value": "[parameters('spokeVirtualNetworkName')]" + }, + "virtualNetworkPeerName": { + "value": "[format('to-{0}', split(parameters('hubVirtualNetworkResourceId'), '/')[8])]" } }, "template": { @@ -1736,15 +1868,18 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "2973725866451109424" + "version": "0.27.1.19265", + "templateHash": "4225396596043462595" } }, "parameters": { - "name": { + "remoteVirtualNetworkResourceId": { "type": "string" }, - "remoteVirtualNetworkResourceId": { + "virtualNetworkName": { + "type": "string" + }, + "virtualNetworkPeerName": { "type": "string" } }, @@ -1752,7 +1887,7 @@ { "type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings", "apiVersion": "2021-02-01", - "name": "[parameters('name')]", + "name": "[format('{0}/{1}', parameters('virtualNetworkName'), parameters('virtualNetworkPeerName'))]", "properties": { "allowForwardedTraffic": true, "remoteVirtualNetwork": { @@ -1768,15 +1903,14 @@ } }, "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'spokeNetwork')]" + "[subscriptionResourceId('Microsoft.Resources/deployments', 'spokeNetwork')]" ] }, { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('deploy-vnet-peering-hub-{0}', parameters('deploymentNameSuffix'))]", - "subscriptionId": "[split(parameters('hubVirtualNetworkResourceId'), '/')[2]]", - "resourceGroup": "[split(parameters('hubVirtualNetworkResourceId'), '/')[4]]", + "location": "[deployment().location]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -1786,54 +1920,67 @@ "hubVirtualNetworkName": { "value": "[split(parameters('hubVirtualNetworkResourceId'), '/')[8]]" }, - "spokes": { - "value": [ - { - "type": "[parameters('workloadName')]", - "virtualNetworkName": "[parameters('virtualNetworkName')]", - "virtualNetworkResourceId": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'spokeNetwork'), '2022-09-01').outputs.virtualNetworkResourceId.value]" - } - ] + "resourceGroupName": { + "value": "[split(parameters('hubVirtualNetworkResourceId'), '/')[4]]" + }, + "spokeName": { + "value": "[parameters('workloadName')]" + }, + "spokeVirtualNetworkResourceId": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', 'spokeNetwork'), '2022-09-01').outputs.virtualNetworkResourceId.value]" + }, + "subscriptionId": { + "value": "[split(parameters('hubVirtualNetworkResourceId'), '/')[2]]" } }, "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "14482672325640396998" + "version": "0.27.1.19265", + "templateHash": "16991872399359859910" } }, "parameters": { "hubVirtualNetworkName": { "type": "string" }, - "spokes": { - "type": "array" + "resourceGroupName": { + "type": "string" + }, + "spokeName": { + "type": "string" + }, + "spokeVirtualNetworkResourceId": { + "type": "string" + }, + "subscriptionId": { + "type": "string" } }, "resources": [ { - "copy": { - "name": "hubToSpokePeering", - "count": "[length(parameters('spokes'))]" - }, "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('hub-to-{0}-vnet-peering', parameters('spokes')[copyIndex()].type)]", + "name": "[format('hub-to-{0}-vnet-peering', parameters('spokeName'))]", + "subscriptionId": "[parameters('subscriptionId')]", + "resourceGroup": "[parameters('resourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" }, "mode": "Incremental", - "parameters": { - "name": { - "value": "[format('{0}/to-{1}', parameters('hubVirtualNetworkName'), parameters('spokes')[copyIndex()].virtualNetworkName)]" - }, + "parameters": { "remoteVirtualNetworkResourceId": { - "value": "[parameters('spokes')[copyIndex()].virtualNetworkResourceId]" + "value": "[parameters('spokeVirtualNetworkResourceId')]" + }, + "virtualNetworkName": { + "value": "[parameters('hubVirtualNetworkName')]" + }, + "virtualNetworkPeerName": { + "value": "[format('to-{0}', split(parameters('spokeVirtualNetworkResourceId'), '/')[8])]" } }, "template": { @@ -1842,15 +1989,18 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "2973725866451109424" + "version": "0.27.1.19265", + "templateHash": "4225396596043462595" } }, "parameters": { - "name": { + "remoteVirtualNetworkResourceId": { "type": "string" }, - "remoteVirtualNetworkResourceId": { + "virtualNetworkName": { + "type": "string" + }, + "virtualNetworkPeerName": { "type": "string" } }, @@ -1858,7 +2008,7 @@ { "type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings", "apiVersion": "2021-02-01", - "name": "[parameters('name')]", + "name": "[format('{0}/{1}', parameters('virtualNetworkName'), parameters('virtualNetworkPeerName'))]", "properties": { "allowForwardedTraffic": true, "remoteVirtualNetwork": { @@ -1874,14 +2024,22 @@ } }, "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'spokeNetwork')]" + "[subscriptionResourceId('Microsoft.Resources/deployments', 'spokeNetwork')]" ] } ], "outputs": { + "networkSecurityGroupName": { + "type": "string", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', 'spokeNetwork'), '2022-09-01').outputs.networkSecurityGroupName.value]" + }, "subnetResourceId": { "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'spokeNetwork'), '2022-09-01').outputs.subnetResourceId.value]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', 'spokeNetwork'), '2022-09-01').outputs.subnetResourceId.value]" + }, + "virtualNetworkName": { + "type": "string", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', 'spokeNetwork'), '2022-09-01').outputs.virtualNetworkName.value]" } } } @@ -1912,16 +2070,22 @@ "value": "[parameters('location')]" }, "mlzTags": { - "value": "[variables('mlzTags')]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.mlzTags.value]" }, - "networkProperties": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.network.value]" + "resourceGroupName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" }, "subnetResourceId": { "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.subnetResourceId.value]" }, "tags": { "value": "[parameters('tags')]" + }, + "tier": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value[0]]" + }, + "tokens": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value]" } }, "template": { @@ -1930,8 +2094,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "8607068382992509094" + "version": "0.27.1.19265", + "templateHash": "7828233421610885078" } }, "parameters": { @@ -1947,14 +2111,20 @@ "mlzTags": { "type": "object" }, - "networkProperties": { - "type": "object" + "resourceGroupName": { + "type": "string" }, "subnetResourceId": { "type": "string" }, "tags": { "type": "object" + }, + "tier": { + "type": "object" + }, + "tokens": { + "type": "object" } }, "resources": [ @@ -1962,8 +2132,8 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))]", - "subscriptionId": "[parameters('networkProperties').subscriptionId]", - "resourceGroup": "[parameters('networkProperties').resourceGroupName]", + "subscriptionId": "[parameters('tier').subscriptionId]", + "resourceGroup": "[parameters('resourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -1971,16 +2141,16 @@ "mode": "Incremental", "parameters": { "keyVaultName": { - "value": "[parameters('networkProperties').keyVaultName]" + "value": "[take(replace(parameters('tier').namingConvention.keyVault, parameters('tokens').service, ''), 24)]" }, "keyVaultNetworkInterfaceName": { - "value": "[parameters('networkProperties').keyVaultNetworkInterfaceName]" + "value": "[replace(parameters('tier').namingConvention.keyVaultNetworkInterface, parameters('tokens').service, '')]" }, "keyVaultPrivateDnsZoneResourceId": { "value": "[parameters('keyVaultPrivateDnsZoneResourceId')]" }, "keyVaultPrivateEndpointName": { - "value": "[parameters('networkProperties').keyVaultPrivateEndpointName]" + "value": "[replace(parameters('tier').namingConvention.keyVaultPrivateEndpoint, parameters('tokens').service, '')]" }, "location": { "value": "[parameters('location')]" @@ -2001,8 +2171,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "2708305007283639705" + "version": "0.27.1.19265", + "templateHash": "12300580845424356573" } }, "parameters": { @@ -2215,8 +2385,8 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('deploy-disk-encryption-set-{0}', parameters('deploymentNameSuffix'))]", - "subscriptionId": "[parameters('networkProperties').subscriptionId]", - "resourceGroup": "[parameters('networkProperties').resourceGroupName]", + "subscriptionId": "[parameters('tier').subscriptionId]", + "resourceGroup": "[parameters('resourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -2227,13 +2397,13 @@ "value": "[parameters('deploymentNameSuffix')]" }, "diskEncryptionSetName": { - "value": "[parameters('networkProperties').diskEncryptionSetName]" + "value": "[parameters('tier').namingConvention.diskEncryptionSet]" }, "keyUrl": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('networkProperties').subscriptionId, parameters('networkProperties').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyUriWithVersion.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyUriWithVersion.value]" }, "keyVaultResourceId": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('networkProperties').subscriptionId, parameters('networkProperties').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultResourceId.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultResourceId.value]" }, "location": { "value": "[parameters('location')]" @@ -2249,8 +2419,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "2253498434473273498" + "version": "0.27.1.19265", + "templateHash": "15986878026863280024" } }, "parameters": { @@ -2326,8 +2496,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "9453050836674512129" + "version": "0.27.1.19265", + "templateHash": "6383470207031311407" } }, "parameters": { @@ -2384,32 +2554,35 @@ } }, "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('networkProperties').subscriptionId, parameters('networkProperties').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix')))]" + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix')))]" ] }, { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('deploy-user-assigned-identity-{0}', parameters('deploymentNameSuffix'))]", - "subscriptionId": "[parameters('networkProperties').subscriptionId]", - "resourceGroup": "[parameters('networkProperties').resourceGroupName]", + "subscriptionId": "[parameters('tier').subscriptionId]", + "resourceGroup": "[parameters('resourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" }, "mode": "Incremental", "parameters": { + "keyVaultName": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultName.value]" + }, "location": { "value": "[parameters('location')]" }, "mlzTags": { "value": "[parameters('mlzTags')]" }, - "name": { - "value": "[parameters('networkProperties').userAssignedIdentityName]" - }, "tags": { "value": "[parameters('tags')]" + }, + "userAssignedIdentityName": { + "value": "[replace(parameters('tier').namingConvention.userAssignedIdentity, format('-{0}', parameters('tokens').service), '')]" } }, "template": { @@ -2418,151 +2591,95 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "17180318248198488154" + "version": "0.27.1.19265", + "templateHash": "6007785905664733866" } }, "parameters": { + "keyVaultName": { + "type": "string" + }, "location": { "type": "string" }, "mlzTags": { "type": "object" }, - "name": { - "type": "string" - }, "tags": { "type": "object" + }, + "userAssignedIdentityName": { + "type": "string" } }, "resources": [ { "type": "Microsoft.ManagedIdentity/userAssignedIdentities", "apiVersion": "2018-11-30", - "name": "[parameters('name')]", + "name": "[parameters('userAssignedIdentityName')]", "location": "[parameters('location')]", "tags": "[union(if(contains(parameters('tags'), 'Microsoft.ManagedIdentity/userAssignedIdentities'), parameters('tags')['Microsoft.ManagedIdentity/userAssignedIdentities'], createObject()), parameters('mlzTags'))]" }, { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "roleAssignmentEncryption", + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2020-04-01-preview", + "scope": "[format('Microsoft.KeyVault/vaults/{0}', parameters('keyVaultName'))]", + "name": "[guid(parameters('userAssignedIdentityName'), 'e147488a-f6f5-4113-8e2d-b22465e65bf6', parameters('keyVaultName'))]", "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "principalId": { - "value": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name')), '2018-11-30').principalId]" - }, - "principalType": { - "value": "ServicePrincipal" - }, - "roleDefinitionId": { - "value": "[resourceId('Microsoft.Authorization/roleDefinitions', 'e147488a-f6f5-4113-8e2d-b22465e65bf6')]" - }, - "targetResourceId": { - "value": "[resourceGroup().id]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "9453050836674512129" - } - }, - "parameters": { - "targetResourceId": { - "type": "string" - }, - "roleDefinitionId": { - "type": "string" - }, - "principalId": { - "type": "string" - }, - "principalType": { - "type": "string", - "defaultValue": "ServicePrincipal", - "allowedValues": [ - "ForeignGroup", - "Group", - "ServicePrincipal", - "User" - ] - }, - "description": { - "type": "string", - "defaultValue": "" - } - }, - "resources": [ - { - "type": "Microsoft.Authorization/roleAssignments", - "apiVersion": "2020-04-01-preview", - "name": "[guid(parameters('targetResourceId'), parameters('roleDefinitionId'), parameters('principalId'))]", - "properties": { - "principalId": "[parameters('principalId')]", - "principalType": "[parameters('principalType')]", - "roleDefinitionId": "[parameters('roleDefinitionId')]", - "description": "[parameters('description')]" - } - } - ] - } + "principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('userAssignedIdentityName')), '2018-11-30').principalId]", + "principalType": "ServicePrincipal", + "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', 'e147488a-f6f5-4113-8e2d-b22465e65bf6')]" }, "dependsOn": [ - "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name'))]" + "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('userAssignedIdentityName'))]" ] } ], "outputs": { "resourceId": { "type": "string", - "value": "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name'))]" + "value": "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('userAssignedIdentityName'))]" } } } - } + }, + "dependsOn": [ + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix')))]" + ] } ], "outputs": { "diskEncryptionSetResourceId": { "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('networkProperties').subscriptionId, parameters('networkProperties').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-disk-encryption-set-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.resourceId.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-disk-encryption-set-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.resourceId.value]" }, - "KeyVaultName": { + "keyVaultName": { "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('networkProperties').subscriptionId, parameters('networkProperties').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultName.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultName.value]" }, "keyVaultUri": { "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('networkProperties').subscriptionId, parameters('networkProperties').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultUri.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultUri.value]" }, "keyVaultResourceId": { "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('networkProperties').subscriptionId, parameters('networkProperties').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultResourceId.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultResourceId.value]" }, "storageKeyName": { "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('networkProperties').subscriptionId, parameters('networkProperties').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.storageKeyName.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.storageKeyName.value]" }, "userAssignedIdentityResourceId": { "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('networkProperties').subscriptionId, parameters('networkProperties').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-user-assigned-identity-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.resourceId.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-user-assigned-identity-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.resourceId.value]" } } } }, "dependsOn": [ "[subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]", - "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]" + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]" ] }, { @@ -2589,13 +2706,16 @@ "value": "[parameters('logStorageSkuName')]" }, "mlzTags": { - "value": "[variables('mlzTags')]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.mlzTags.value]" }, "network": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.network.value]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value[0]]" + }, + "resourceGroupName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" }, "serviceToken": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-naming-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value.service]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value.service]" }, "storageEncryptionKeyName": { "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.storageKeyName.value]" @@ -2619,8 +2739,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "4236106586138373505" + "version": "0.27.1.19265", + "templateHash": "15276628086161283630" } }, "parameters": { @@ -2642,6 +2762,9 @@ "network": { "type": "object" }, + "resourceGroupName": { + "type": "string" + }, "serviceToken": { "type": "string" }, @@ -2667,7 +2790,7 @@ "apiVersion": "2022-09-01", "name": "storage", "subscriptionId": "[parameters('network').subscriptionId]", - "resourceGroup": "[parameters('network').resourceGroupName]", + "resourceGroup": "[parameters('resourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -2693,13 +2816,13 @@ "value": "[parameters('logStorageSkuName')]" }, "storageAccountName": { - "value": "[parameters('network').logStorageAccountName]" + "value": "[parameters('network').namingConvention.storageAccount]" }, "storageAccountNetworkInterfaceNamePrefix": { - "value": "[parameters('network').logStorageAccountNetworkInterfaceNamePrefix]" + "value": "[parameters('network').namingConvention.storageAccountNetworkInterface]" }, "storageAccountPrivateEndpointNamePrefix": { - "value": "[parameters('network').logStorageAccountPrivateEndpointNamePrefix]" + "value": "[parameters('network').namingConvention.storageAccountPrivateEndpoint]" }, "storageEncryptionKeyName": { "value": "[parameters('storageEncryptionKeyName')]" @@ -2723,8 +2846,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "2945887437755946902" + "version": "0.27.1.19265", + "templateHash": "6116693144339389145" } }, "parameters": { @@ -2909,7 +3032,7 @@ "outputs": { "storageAccountResourceId": { "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('network').subscriptionId, parameters('network').resourceGroupName), 'Microsoft.Resources/deployments', 'storage'), '2022-09-01').outputs.id.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('network').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'storage'), '2022-09-01').outputs.id.value]" } } } @@ -2917,8 +3040,8 @@ "dependsOn": [ "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]", "[subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]", - "[subscriptionResourceId('Microsoft.Resources/deployments', format('get-naming-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]", - "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]" + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]" ] }, { @@ -2938,26 +3061,41 @@ "deploymentNameSuffix": { "value": "[parameters('deploymentNameSuffix')]" }, + "keyVaultDiagnosticLogs": { + "value": "[parameters('keyVaultDiagnosticsLogs')]" + }, + "keyVaultName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultName.value]" + }, "logAnalyticsWorkspaceResourceId": { "value": "[parameters('logAnalyticsWorkspaceResourceId')]" }, - "network": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.network.value]" - }, "networkSecurityGroupDiagnosticsLogs": { "value": "[parameters('networkSecurityGroupDiagnosticsLogs')]" }, "networkSecurityGroupDiagnosticsMetrics": { "value": "[parameters('networkSecurityGroupDiagnosticsMetrics')]" }, + "networkSecurityGroupName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.networkSecurityGroupName.value]" + }, + "resourceGroupName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" + }, "storageAccountResourceId": { "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-storage-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.storageAccountResourceId.value]" }, + "tier": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value[0]]" + }, "virtualNetworkDiagnosticsLogs": { "value": "[parameters('virtualNetworkDiagnosticsLogs')]" }, "virtualNetworkDiagnosticsMetrics": { "value": "[parameters('virtualNetworkDiagnosticsMetrics')]" + }, + "virtualNetworkName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.virtualNetworkName.value]" } }, "template": { @@ -2966,8 +3104,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "17843709133926695075" + "version": "0.27.1.19265", + "templateHash": "738419494311113164" } }, "parameters": { @@ -2977,11 +3115,14 @@ "deploymentNameSuffix": { "type": "string" }, - "logAnalyticsWorkspaceResourceId": { + "keyVaultDiagnosticLogs": { + "type": "array" + }, + "keyVaultName": { "type": "string" }, - "network": { - "type": "object" + "logAnalyticsWorkspaceResourceId": { + "type": "string" }, "networkSecurityGroupDiagnosticsLogs": { "type": "array" @@ -2989,14 +3130,26 @@ "networkSecurityGroupDiagnosticsMetrics": { "type": "array" }, + "networkSecurityGroupName": { + "type": "string" + }, + "resourceGroupName": { + "type": "string" + }, "storageAccountResourceId": { "type": "string" }, + "tier": { + "type": "object" + }, "virtualNetworkDiagnosticsLogs": { "type": "array" }, "virtualNetworkDiagnosticsMetrics": { "type": "array" + }, + "virtualNetworkName": { + "type": "string" } }, "resources": [ @@ -3004,8 +3157,8 @@ "condition": "[parameters('deployActivityLogDiagnosticSetting')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('deploy-activity-diags-{0}-{1}', parameters('network').name, parameters('deploymentNameSuffix'))]", - "subscriptionId": "[parameters('network').subscriptionId]", + "name": "[format('deploy-activity-diags-{0}-{1}', parameters('tier').name, parameters('deploymentNameSuffix'))]", + "subscriptionId": "[parameters('tier').subscriptionId]", "location": "[deployment().location]", "properties": { "expressionEvaluationOptions": { @@ -3023,8 +3176,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "16067990757204095170" + "version": "0.27.1.19265", + "templateHash": "11148640012050316356" } }, "parameters": { @@ -3082,9 +3235,80 @@ { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('deploy-nsg-diags-{0}-{1}', parameters('network').name, parameters('deploymentNameSuffix'))]", - "subscriptionId": "[parameters('network').subscriptionId]", - "resourceGroup": "[parameters('network').resourceGroupName]", + "name": "[format('deploy-kv-diags-{0}', parameters('deploymentNameSuffix'))]", + "subscriptionId": "[parameters('tier').subscriptionId]", + "resourceGroup": "[parameters('resourceGroupName')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "keyVaultDiagnosticSettingName": { + "value": "[parameters('tier').namingConvention.keyVaultDiagnosticSetting]" + }, + "keyVaultName": { + "value": "[parameters('keyVaultName')]" + }, + "keyVaultStorageAccountId": { + "value": "[parameters('storageAccountResourceId')]" + }, + "logAnalyticsWorkspaceResourceId": { + "value": "[parameters('logAnalyticsWorkspaceResourceId')]" + }, + "logs": { + "value": "[parameters('keyVaultDiagnosticLogs')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "11931053519285250235" + } + }, + "parameters": { + "keyVaultDiagnosticSettingName": { + "type": "string" + }, + "keyVaultName": { + "type": "string" + }, + "keyVaultStorageAccountId": { + "type": "string" + }, + "logAnalyticsWorkspaceResourceId": { + "type": "string" + }, + "logs": { + "type": "array" + } + }, + "resources": [ + { + "type": "Microsoft.Insights/diagnosticSettings", + "apiVersion": "2017-05-01-preview", + "scope": "[format('Microsoft.KeyVault/vaults/{0}', parameters('keyVaultName'))]", + "name": "[parameters('keyVaultDiagnosticSettingName')]", + "properties": { + "storageAccountId": "[parameters('keyVaultStorageAccountId')]", + "workspaceId": "[parameters('logAnalyticsWorkspaceResourceId')]", + "logs": "[parameters('logs')]" + } + } + ] + } + } + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-nsg-diags-{0}-{1}', parameters('tier').name, parameters('deploymentNameSuffix'))]", + "subscriptionId": "[parameters('tier').subscriptionId]", + "resourceGroup": "[parameters('resourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -3103,8 +3327,11 @@ "metrics": { "value": "[parameters('networkSecurityGroupDiagnosticsMetrics')]" }, - "name": { - "value": "[parameters('network').networkSecurityGroupName]" + "networkSecurityGroupDiagnosticSettingName": { + "value": "[parameters('tier').namingConvention.networkSecurityGroupDiagnosticSetting]" + }, + "networkSecurityGroupName": { + "value": "[parameters('networkSecurityGroupName')]" } }, "template": { @@ -3113,14 +3340,11 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "9767149346014876086" + "version": "0.27.1.19265", + "templateHash": "12049539018034280966" } }, "parameters": { - "name": { - "type": "string" - }, "logAnalyticsWorkspaceResourceId": { "type": "string" }, @@ -3132,14 +3356,20 @@ }, "metrics": { "type": "array" + }, + "networkSecurityGroupDiagnosticSettingName": { + "type": "string" + }, + "networkSecurityGroupName": { + "type": "string" } }, "resources": [ { "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2017-05-01-preview", - "scope": "[format('Microsoft.Network/networkSecurityGroups/{0}', parameters('name'))]", - "name": "[format('{0}-diagnostics', parameters('name'))]", + "scope": "[format('Microsoft.Network/networkSecurityGroups/{0}', parameters('networkSecurityGroupName'))]", + "name": "[parameters('networkSecurityGroupDiagnosticSettingName')]", "properties": { "storageAccountId": "[parameters('logStorageAccountResourceId')]", "workspaceId": "[parameters('logAnalyticsWorkspaceResourceId')]", @@ -3154,9 +3384,9 @@ { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('deploy-vnet-diags-{0}-{1}', parameters('network').name, parameters('deploymentNameSuffix'))]", - "subscriptionId": "[parameters('network').subscriptionId]", - "resourceGroup": "[parameters('network').resourceGroupName]", + "name": "[format('deploy-vnet-diags-{0}-{1}', parameters('tier').name, parameters('deploymentNameSuffix'))]", + "subscriptionId": "[parameters('tier').subscriptionId]", + "resourceGroup": "[parameters('resourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -3175,8 +3405,11 @@ "metrics": { "value": "[parameters('virtualNetworkDiagnosticsMetrics')]" }, - "name": { - "value": "[parameters('network').virtualNetworkName]" + "virtualNetworkDiagnosticSettingName": { + "value": "[parameters('tier').namingConvention.virtualNetworkDiagnosticSetting]" + }, + "virtualNetworkName": { + "value": "[parameters('virtualNetworkName')]" } }, "template": { @@ -3185,8 +3418,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "5378372176274077006" + "version": "0.27.1.19265", + "templateHash": "13356625654141484072" } }, "parameters": { @@ -3202,7 +3435,10 @@ "metrics": { "type": "array" }, - "name": { + "virtualNetworkDiagnosticSettingName": { + "type": "string" + }, + "virtualNetworkName": { "type": "string" } }, @@ -3210,8 +3446,8 @@ { "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2017-05-01-preview", - "scope": "[format('Microsoft.Network/virtualNetworks/{0}', parameters('name'))]", - "name": "[format('{0}-diagnostics', parameters('name'))]", + "scope": "[format('Microsoft.Network/virtualNetworks/{0}', parameters('virtualNetworkName'))]", + "name": "[parameters('virtualNetworkDiagnosticSettingName')]", "properties": { "storageAccountId": "[parameters('logStorageAccountResourceId')]", "workspaceId": "[parameters('logAnalyticsWorkspaceResourceId')]", @@ -3227,7 +3463,10 @@ } }, "dependsOn": [ + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]", "[subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]", "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-storage-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix')))]" ] }, @@ -3252,13 +3491,16 @@ "logAnalyticsWorkspaceResourceId": { "value": "[parameters('logAnalyticsWorkspaceResourceId')]" }, - "networks": { - "value": [ - "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.network.value]" - ] + "tiers": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value]" }, "policy": { "value": "[parameters('policy')]" + }, + "resourceGroupNames": { + "value": [ + "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" + ] } }, "template": { @@ -3267,8 +3509,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "8662249564598303366" + "version": "0.27.1.19265", + "templateHash": "379956182717650153" } }, "parameters": { @@ -3281,24 +3523,27 @@ "logAnalyticsWorkspaceResourceId": { "type": "string" }, - "networks": { - "type": "array" - }, "policy": { "type": "string" + }, + "resourceGroupNames": { + "type": "array" + }, + "tiers": { + "type": "array" } }, "resources": [ { "copy": { "name": "policyAssignment", - "count": "[length(parameters('networks'))]" + "count": "[length(parameters('tiers'))]" }, "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('assign-policy-{0}-{1}', parameters('networks')[copyIndex()].name, parameters('deploymentNameSuffix'))]", - "subscriptionId": "[parameters('networks')[copyIndex()].subscriptionId]", - "resourceGroup": "[parameters('networks')[copyIndex()].resourceGroupName]", + "name": "[format('assign-policy-{0}-{1}', parameters('tiers')[copyIndex()].name, parameters('deploymentNameSuffix'))]", + "subscriptionId": "[parameters('tiers')[copyIndex()].subscriptionId]", + "resourceGroup": "[parameters('resourceGroupNames')[copyIndex()]]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -3321,8 +3566,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "1672482425067053944" + "version": "0.27.1.19265", + "templateHash": "9464536540108620518" } }, "parameters": { @@ -3497,8 +3742,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "9453050836674512129" + "version": "0.27.1.19265", + "templateHash": "6383470207031311407" } }, "parameters": { @@ -3582,8 +3827,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "17296430727130356523" + "version": "0.27.1.19265", + "templateHash": "4615387508967890473" } }, "parameters": { @@ -3814,21 +4059,49 @@ "type": "string", "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.diskEncryptionSetResourceId.value]" }, + "keyVaultUri": { + "type": "string", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultUri.value]" + }, + "locatonProperties": { + "type": "object", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.locationProperties.value]" + }, "mlzTags": { "type": "object", - "value": "[variables('mlzTags')]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.mlzTags.value]" }, - "network": { + "namingConvention": { "type": "object", - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.network.value]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value[0].namingConvention]" + }, + "privateDnsZones": { + "type": "array", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.privateDnsZones.value]" + }, + "resourcePrefix": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('firewallResourceId'), '/')[2], split(parameters('firewallResourceId'), '/')[4]), 'Microsoft.Network/azureFirewalls', split(parameters('firewallResourceId'), '/')[8]), '2020-11-01', 'full').tags.resourcePrefix]" + }, + "storageEncryptionKeyName": { + "type": "string", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.storageKeyName.value]" }, "subnetResourceId": { "type": "string", "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.subnetResourceId.value]" }, + "tier": { + "type": "object", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value[0]]" + }, "tokens": { "type": "object", - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-naming-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value]" + }, + "userAssignedIdentityResourceId": { + "type": "string", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-{0}-{1}', parameters('workloadShortName'), parameters('deploymentNameSuffix'))), '2022-09-01').outputs.userAssignedIdentityResourceId.value]" } } } \ No newline at end of file diff --git a/src/bicep/artifacts/Get-PreReqs.ps1 b/src/bicep/artifacts/Get-PreReqs.ps1 index 2f151956c..8cd16189b 100644 --- a/src/bicep/artifacts/Get-PreReqs.ps1 +++ b/src/bicep/artifacts/Get-PreReqs.ps1 @@ -130,16 +130,16 @@ do { $urls = @( "https://github.com/Azure/azure-powershell/releases/download/v10.2.0-August2023/Az-Cmdlets-10.2.0.37547-x64.msi" - "https://raw.githubusercontent.com/Azure/missionlz/main/src/bicep/add-ons/azureVirtualDesktop/artifacts/Get-Validations.ps1" - "https://github.com/Azure/missionlz/blob/main/src/bicep/add-ons/azureVirtualDesktop/artifacts/Install-AzurePowerShellAzModule.ps1" - "https://github.com/Azure/missionlz/blob/main/src/bicep/add-ons/azureVirtualDesktop/artifacts/Set-AutomationRunbook.ps1" - "https://github.com/Azure/missionlz/blob/main/src/bicep/add-ons/azureVirtualDesktop/artifacts/Set-AvdDrainMode.ps1" - "https://github.com/Azure/missionlz/blob/main/src/bicep/add-ons/azureVirtualDesktop/artifacts/Set-FileShareScaling.ps1" - "https://github.com/Azure/missionlz/blob/main/src/bicep/add-ons/azureVirtualDesktop/artifacts/Set-HostPoolScaling.ps1" - "https://github.com/Azure/missionlz/blob/main/src/bicep/add-ons/azureVirtualDesktop/artifacts/Set-NtfsPermissions.ps1" - "https://github.com/Azure/missionlz/blob/main/src/bicep/add-ons/azureVirtualDesktop/artifacts/Set-SessionHostConfiguration.ps1" - "https://github.com/Azure/missionlz/blob/main/src/bicep/add-ons/azureVirtualDesktop/artifacts/Update-AvdDesktop.ps1" - "https://github.com/Azure/missionlz/blob/main/src/bicep/add-ons/azureVirtualDesktop/artifacts/Update-AvdWorkspace.ps1" + "https://raw.githubusercontent.com/Azure/missionlz/main/src/bicep/add-ons/azure-virtual-desktop/artifacts/Get-Validations.ps1" + "https://github.com/Azure/missionlz/blob/main/src/bicep/add-ons/azure-virtual-desktop/artifacts/Install-AzurePowerShellAzModule.ps1" + "https://github.com/Azure/missionlz/blob/main/src/bicep/add-ons/azure-virtual-desktop/artifacts/Set-AutomationRunbook.ps1" + "https://github.com/Azure/missionlz/blob/main/src/bicep/add-ons/azure-virtual-desktop/artifacts/Set-AvdDrainMode.ps1" + "https://github.com/Azure/missionlz/blob/main/src/bicep/add-ons/azure-virtual-desktop/artifacts/Set-FileShareScaling.ps1" + "https://github.com/Azure/missionlz/blob/main/src/bicep/add-ons/azure-virtual-desktop/artifacts/Set-HostPoolScaling.ps1" + "https://github.com/Azure/missionlz/blob/main/src/bicep/add-ons/azure-virtual-desktop/artifacts/Set-NtfsPermissions.ps1" + "https://github.com/Azure/missionlz/blob/main/src/bicep/add-ons/azure-virtual-desktop/artifacts/Set-SessionHostConfiguration.ps1" + "https://github.com/Azure/missionlz/blob/main/src/bicep/add-ons/azure-virtual-desktop/artifacts/Update-AvdDesktop.ps1" + "https://github.com/Azure/missionlz/blob/main/src/bicep/add-ons/azure-virtual-desktop/artifacts/Update-AvdWorkspace.ps1" "https://www.powershellgallery.com/api/v2/package/az.accounts/2.12.1" "https://www.powershellgallery.com/api/v2/package/az.automation/1.9.0" "https://www.powershellgallery.com/api/v2/package/az.compute/5.7.0" diff --git a/src/bicep/data/resourceAbbreviations.json b/src/bicep/data/resourceAbbreviations.json index b050c3fc8..040fcf0f2 100644 --- a/src/bicep/data/resourceAbbreviations.json +++ b/src/bicep/data/resourceAbbreviations.json @@ -1,5 +1,6 @@ { "actionGroups": "ag", + "applicationGroups": "vdag", "automationAccounts": "aa", "availabilitySets": "avail", "azureFirewalls": "afw", @@ -7,7 +8,6 @@ "computeGallieries": "cg", "dataCollectionRuleAssociations": "dcra", "dataCollectionRules": "dcr", - "desktopApplicationGroups": "vdag", "diagnosticSettings": "diag", "diskAccesses": "da", "diskEncryptionSets": "des", diff --git a/src/bicep/mlz.bicep b/src/bicep/mlz.bicep index 127f49282..6e781e5fa 100644 --- a/src/bicep/mlz.bicep +++ b/src/bicep/mlz.bicep @@ -113,7 +113,7 @@ param firewallThreatIntelMode string = 'Alert' @description('[Alert/Deny/Off] The Azure Firewall Intrusion Detection mode. Valid values are "Alert", "Deny", or "Off". The default value is "Alert".') param firewallIntrusionDetectionMode string = 'Alert' -@description('[true/false] The Azure Firewall DNS Proxy will forward all DNS traffic. When this value is set to true, you must provide a value for "servers"') +@description('[true/false] The Azure Firewall DNS Proxy will forward all DNS traffic. When this value is set to true, you must provide a value for "dnsServers"') param enableProxy bool = true @description('''['168.63.129.16'] The Azure Firewall DNS Proxy will forward all DNS traffic. When this value is set to true, you must provide a value for "servers". This should be a comma separated list of IP addresses to forward DNS traffic''') @@ -131,7 +131,7 @@ param firewallDiagnosticsLogs array = [ } { category: 'AzureFirewallDnsProxy' - enabled: true + enabled: enableProxy } ] @@ -230,7 +230,7 @@ param identityNetworkSecurityGroupDiagnosticsMetrics array = [] // KEY VAULT PARAMETERS @description('An array of Key Vault Diagnostic Logs categories to collect. See "https://learn.microsoft.com/en-us/azure/key-vault/general/logging?tabs=Vault" for valid values.') -param KeyVaultDiagnosticsLogs array = [ +param keyVaultDiagnosticsLogs array = [ { category: 'AuditEvent' enabled: true @@ -475,17 +475,7 @@ param emailSecurityContact string = '' @description('Paid Workload Protection plans for Defender for Cloud') param deployDefenderPlans array = ['VirtualMachines'] -var environmentName = { - dev: 'Development' - prod: 'Production' - test: 'Test' -} -var mlzTags = { - environment: environmentName[environmentAbbreviation] - landingZoneName: 'MissionLandingZone' - landingZoneVersion: loadTextContent('data/version.txt') - resourcePrefix: resourcePrefix -} + var firewallClientPrivateIpAddress = firewallClientUsableIpAddresses[3] var firewallClientUsableIpAddresses = [for i in range(0, 4): cidrHost(firewallClientSubnetAddressPrefix, i)] @@ -493,52 +483,72 @@ var logAnalyticsWorkspaceRetentionInDays = deploySentinel ? logAnalyticsSentinelWorkspaceRetentionInDays : logAnalyticsWorkspaceNoSentinelRetentionInDays -// NAMING CONVENTION - -module namingConvention 'modules/naming-convention.bicep' = { - name: 'get-naming-convention-${deploymentNameSuffix}' - params: { - environmentAbbreviation: environmentAbbreviation - location: location - resourcePrefix: resourcePrefix +var networks = union([ + { + name: 'hub' + shortName: 'hub' + deployUniqueResources: true + subscriptionId: hubSubscriptionId + nsgDiagLogs: hubNetworkSecurityGroupDiagnosticsLogs + nsgDiagMetrics: hubNetworkSecurityGroupDiagnosticsMetrics + nsgRules: hubNetworkSecurityGroupRules + vnetAddressPrefix: hubVirtualNetworkAddressPrefix + vnetDiagLogs: hubVirtualNetworkDiagnosticsLogs + vnetDiagMetrics: hubVirtualNetworkDiagnosticsMetrics + subnetAddressPrefix: hubSubnetAddressPrefix } -} + { + name: 'operations' + shortName: 'ops' + deployUniqueResources: contains([ hubSubscriptionId ], operationsSubscriptionId) ? false : true + subscriptionId: operationsSubscriptionId + nsgDiagLogs: operationsNetworkSecurityGroupDiagnosticsLogs + nsgDiagMetrics: operationsNetworkSecurityGroupDiagnosticsMetrics + nsgRules: operationsNetworkSecurityGroupRules + vnetAddressPrefix: operationsVirtualNetworkAddressPrefix + vnetDiagLogs: operationsVirtualNetworkDiagnosticsLogs + vnetDiagMetrics: operationsVirtualNetworkDiagnosticsMetrics + subnetAddressPrefix: operationsSubnetAddressPrefix + } + { + name: 'sharedServices' + shortName: 'svcs' + deployUniqueResources: contains([ hubSubscriptionId, operationsSubscriptionId ], sharedServicesSubscriptionId) ? false : true + subscriptionId: sharedServicesSubscriptionId + nsgDiagLogs: sharedServicesNetworkSecurityGroupDiagnosticsLogs + nsgDiagMetrics: sharedServicesNetworkSecurityGroupDiagnosticsMetrics + nsgRules: sharedServicesNetworkSecurityGroupRules + vnetAddressPrefix: sharedServicesVirtualNetworkAddressPrefix + vnetDiagLogs: sharedServicesVirtualNetworkDiagnosticsLogs + vnetDiagMetrics: sharedServicesVirtualNetworkDiagnosticsMetrics + subnetAddressPrefix: sharedServicesSubnetAddressPrefix + } +], deployIdentity ? [ + { + name: 'identity' + shortName: 'id' + deployUniqueResources: contains([ hubSubscriptionId, operationsSubscriptionId, sharedServicesSubscriptionId ], identitySubscriptionId) ? false : true + subscriptionId: sharedServicesSubscriptionId + nsgDiagLogs: identityNetworkSecurityGroupDiagnosticsLogs + nsgDiagMetrics: identityNetworkSecurityGroupDiagnosticsMetrics + nsgRules: identityNetworkSecurityGroupRules + vnetAddressPrefix: identityVirtualNetworkAddressPrefix + vnetDiagLogs: identityVirtualNetworkDiagnosticsLogs + vnetDiagMetrics: identityVirtualNetworkDiagnosticsMetrics + subnetAddressPrefix: identitySubnetAddressPrefix + } +] : []) // LOGIC FOR DEPLOYMENTS module logic 'modules/logic.bicep' = { name: 'get-logic-${deploymentNameSuffix}' params: { - deployIdentity: deployIdentity + deploymentNameSuffix: deploymentNameSuffix environmentAbbreviation: environmentAbbreviation - hubSubscriptionId: hubSubscriptionId - identitySubnetAddressPrefix: identitySubnetAddressPrefix - identitySubscriptionId: identitySubscriptionId - operationsSubnetAddressPrefix: operationsSubnetAddressPrefix - operationsSubscriptionId: operationsSubscriptionId + location: location + networks: networks resourcePrefix: resourcePrefix - resources: namingConvention.outputs.resources - sharedServicesSubscriptionId: sharedServicesSubscriptionId - tokens: namingConvention.outputs.tokens - identityNetworkSecurityGroupDiagnosticsLogs: identityNetworkSecurityGroupDiagnosticsLogs - identityNetworkSecurityGroupDiagnosticsMetrics: identityNetworkSecurityGroupDiagnosticsMetrics - identityNetworkSecurityGroupRules: identityNetworkSecurityGroupRules - identityVirtualNetworkAddressPrefix: identityVirtualNetworkAddressPrefix - identityVirtualNetworkDiagnosticsLogs: identityVirtualNetworkDiagnosticsLogs - identityVirtualNetworkDiagnosticsMetrics: identityVirtualNetworkDiagnosticsMetrics - operationsNetworkSecurityGroupDiagnosticsLogs: operationsNetworkSecurityGroupDiagnosticsLogs - operationsNetworkSecurityGroupDiagnosticsMetrics: operationsNetworkSecurityGroupDiagnosticsMetrics - operationsNetworkSecurityGroupRules: operationsNetworkSecurityGroupRules - operationsVirtualNetworkAddressPrefix: operationsVirtualNetworkAddressPrefix - operationsVirtualNetworkDiagnosticsLogs: operationsVirtualNetworkDiagnosticsLogs - operationsVirtualNetworkDiagnosticsMetrics: operationsVirtualNetworkDiagnosticsMetrics - sharedServicesNetworkSecurityGroupDiagnosticsLogs: sharedServicesNetworkSecurityGroupDiagnosticsLogs - sharedServicesNetworkSecurityGroupDiagnosticsMetrics: sharedServicesNetworkSecurityGroupDiagnosticsMetrics - sharedServicesNetworkSecurityGroupRules: sharedServicesNetworkSecurityGroupRules - sharedServicesSubnetAddressPrefix: sharedServicesSubnetAddressPrefix - sharedServicesVirtualNetworkAddressPrefix: sharedServicesVirtualNetworkAddressPrefix - sharedServicesVirtualNetworkDiagnosticsLogs: sharedServicesVirtualNetworkDiagnosticsLogs - sharedServicesVirtualNetworkDiagnosticsMetrics: sharedServicesVirtualNetworkDiagnosticsMetrics } } @@ -549,8 +559,9 @@ module resourceGroups 'modules/resource-groups.bicep' = { params: { deploymentNameSuffix: deploymentNameSuffix location: location - mlzTags: mlzTags - networks: logic.outputs.networks + mlzTags: logic.outputs.mlzTags + serviceToken: logic.outputs.tokens.service + tiers: logic.outputs.tiers tags: tags } } @@ -574,23 +585,17 @@ module networking 'modules/networking.bicep' = { intrusionDetectionMode: firewallIntrusionDetectionMode managementPublicIPAddressAvailabilityZones: firewallManagementPublicIPAddressAvailabilityZones managementSubnetAddressPrefix: firewallManagementSubnetAddressPrefix - publicIpAddressAllocationMethod: 'Static' - publicIpAddressSkuName: 'Standard' skuTier: firewallSkuTier supernetIPAddress: firewallSupernetIPAddress threatIntelMode: firewallThreatIntelMode } - hubNetworkSecurityGroupRules: hubNetworkSecurityGroupRules - hubSubnetAddressPrefix: hubSubnetAddressPrefix - hubVirtualNetworkAddressPrefix: hubVirtualNetworkAddressPrefix location: location - mlzTags: mlzTags - networks: logic.outputs.networks + mlzTags: logic.outputs.mlzTags + privateDnsZoneNames: logic.outputs.privateDnsZones + resourceGroupNames: resourceGroups.outputs.names tags: tags + tiers: logic.outputs.tiers } - dependsOn: [ - resourceGroups - ] } // CUSTOMER MANAGED KEYS @@ -599,12 +604,14 @@ module customerManagedKeys 'modules/customer-managed-keys.bicep' = { name: 'deploy-cmk-hub-${deploymentNameSuffix}' params: { deploymentNameSuffix: deploymentNameSuffix + tier: filter(logic.outputs.tiers, tier => tier.name == 'hub')[0] + resourceGroupName: filter(resourceGroups.outputs.names, name => contains(name, 'hub'))[0] keyVaultPrivateDnsZoneResourceId: networking.outputs.privateDnsZoneResourceIds.keyVault location: location - mlzTags: mlzTags - networkProperties: first(filter(logic.outputs.networks, network => network.name == 'hub')) + mlzTags: logic.outputs.mlzTags subnetResourceId: networking.outputs.hubSubnetResourceId tags: tags + tokens: logic.outputs.tokens } } @@ -619,15 +626,13 @@ module monitoring 'modules/monitoring.bicep' = { logAnalyticsWorkspaceCappingDailyQuotaGb: logAnalyticsWorkspaceCappingDailyQuotaGb logAnalyticsWorkspaceRetentionInDays: logAnalyticsWorkspaceRetentionInDays logAnalyticsWorkspaceSkuName: logAnalyticsWorkspaceSkuName - mlzTags: mlzTags - operationsProperties: first(filter(logic.outputs.networks, network => network.name == 'operations')) + mlzTags: logic.outputs.mlzTags + ops: filter(logic.outputs.tiers, tier => tier.name == 'operations')[0] + opsResourceGroupName: filter(resourceGroups.outputs.names, name => contains(name, 'operations'))[0] privateDnsZoneResourceIds: networking.outputs.privateDnsZoneResourceIds subnetResourceId: networking.outputs.operationsSubnetResourceId tags: tags } - dependsOn: [ - networking - ] } // REMOTE ACCESS @@ -643,8 +648,9 @@ module remoteAccess 'modules/remote-access.bicep' = { deployLinuxVirtualMachine: deployLinuxVirtualMachine deployWindowsVirtualMachine: deployWindowsVirtualMachine diskEncryptionSetResourceId: customerManagedKeys.outputs.diskEncryptionSetResourceId + hub: filter(logic.outputs.tiers, tier => tier.name == 'hub')[0] hubNetworkSecurityGroupResourceId: networking.outputs.hubNetworkSecurityGroupResourceId - hubProperties: first(filter(logic.outputs.networks, network => network.name == 'hub')) + hubResourceGroupName: filter(resourceGroups.outputs.names, name => contains(name, 'hub'))[0] hubSubnetResourceId: networking.outputs.hubSubnetResourceId hybridUseBenefit: hybridUseBenefit linuxNetworkInterfacePrivateIPAddressAllocationMethod: linuxNetworkInterfacePrivateIPAddressAllocationMethod @@ -660,7 +666,8 @@ module remoteAccess 'modules/remote-access.bicep' = { linuxVmSize: linuxVmSize location: location logAnalyticsWorkspaceId: monitoring.outputs.logAnalyticsWorkspaceResourceId - mlzTags: mlzTags + mlzTags: logic.outputs.mlzTags + serviceToken: logic.outputs.tokens.service tags: tags windowsNetworkInterfacePrivateIPAddressAllocationMethod: windowsNetworkInterfacePrivateIPAddressAllocationMethod windowsVmAdminPassword: windowsVmAdminPassword @@ -689,12 +696,13 @@ module storage 'modules/storage.bicep' = { keyVaultUri: customerManagedKeys.outputs.keyVaultUri location: location logStorageSkuName: logStorageSkuName - mlzTags: mlzTags - networks: logic.outputs.networks - serviceToken: namingConvention.outputs.tokens.service + mlzTags: logic.outputs.mlzTags + resourceGroupNames: resourceGroups.outputs.names + serviceToken: logic.outputs.tokens.service storageEncryptionKeyName: customerManagedKeys.outputs.storageKeyName tablesPrivateDnsZoneResourceId: networking.outputs.privateDnsZoneResourceIds.table tags: tags + tiers: logic.outputs.tiers userAssignedIdentityResourceId: customerManagedKeys.outputs.userAssignedIdentityResourceId } dependsOn: [ @@ -707,21 +715,20 @@ module storage 'modules/storage.bicep' = { module diagnostics 'modules/diagnostics.bicep' = { name: 'deploy-resource-diag-${deploymentNameSuffix}' params: { + deployBastion: deployBastion deploymentNameSuffix: deploymentNameSuffix firewallDiagnosticsLogs: firewallDiagnosticsLogs firewallDiagnosticsMetrics: firewallDiagnosticsMetrics - KeyVaultName: customerManagedKeys.outputs.KeyVaultName - keyVaultDiagnosticLogs: KeyVaultDiagnosticsLogs + keyVaultName: customerManagedKeys.outputs.keyVaultName + keyVaultDiagnosticLogs: keyVaultDiagnosticsLogs logAnalyticsWorkspaceResourceId: monitoring.outputs.logAnalyticsWorkspaceResourceId - networks: logic.outputs.networks - networkSecurityGroupDiagnosticsLogs: hubNetworkSecurityGroupDiagnosticsLogs - networkSecurityGroupDiagnosticsMetrics: hubNetworkSecurityGroupDiagnosticsMetrics publicIPAddressDiagnosticsLogs: publicIPAddressDiagnosticsLogs publicIPAddressDiagnosticsMetrics: publicIPAddressDiagnosticsMetrics + resourceGroupNames: resourceGroups.outputs.names + serviceToken: logic.outputs.tokens.service storageAccountResourceIds: storage.outputs.storageAccountResourceIds supportedClouds: supportedClouds - virtualNetworkDiagnosticsLogs: hubVirtualNetworkDiagnosticsLogs - virtualNetworkDiagnosticsMetrics: hubVirtualNetworkDiagnosticsMetrics + tiers: logic.outputs.tiers } dependsOn: [ networking @@ -737,30 +744,32 @@ module policyAssignments 'modules/policy-assignments.bicep' = deploymentNameSuffix: deploymentNameSuffix location: location logAnalyticsWorkspaceResourceId: monitoring.outputs.logAnalyticsWorkspaceResourceId - networks: logic.outputs.networks policy: policy + resourceGroupNames: resourceGroups.outputs.names + tiers: logic.outputs.tiers } } // MICROSOFT DEFENDER FOR CLOUD -module defenderforClouds 'modules/defenderforClouds.bicep' = +module defenderforClouds 'modules/defender-for-clouds.bicep' = if (deployDefender) { name: 'deploy-defender-${deploymentNameSuffix}' params: { + defenderPlans: deployDefenderPlans defenderSkuTier: defenderSkuTier deploymentNameSuffix: deploymentNameSuffix emailSecurityContact: emailSecurityContact logAnalyticsWorkspaceResourceId: monitoring.outputs.logAnalyticsWorkspaceResourceId - networks: logic.outputs.networks - defenderPlans: deployDefenderPlans + tiers: logic.outputs.tiers } } output azureFirewallResourceId string = networking.outputs.azureFirewallResourceId output diskEncryptionSetResourceId string = customerManagedKeys.outputs.diskEncryptionSetResourceId -output hubSubnetResourceId string = networking.outputs.hubSubnetResourceId output hubVirtualNetworkResourceId string = networking.outputs.hubVirtualNetworkResourceId output identitySubnetResourceId string = networking.outputs.identitySubnetResourceId +output locationProperties object = logic.outputs.locationProperties output logAnalyticsWorkspaceResourceId string = monitoring.outputs.logAnalyticsWorkspaceResourceId -output networks array = logic.outputs.networks +output sharedServicesSubnetResourceId string = networking.outputs.sharedServicesSubnetResourceId +output tiers array = logic.outputs.tiers diff --git a/src/bicep/mlz.json b/src/bicep/mlz.json index 420beb200..ada3d8ed1 100644 --- a/src/bicep/mlz.json +++ b/src/bicep/mlz.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.27.1.19265", - "templateHash": "15944616530523193260" + "templateHash": "9272074813136712214" } }, "parameters": { @@ -210,7 +210,7 @@ "type": "bool", "defaultValue": true, "metadata": { - "description": "[true/false] The Azure Firewall DNS Proxy will forward all DNS traffic. When this value is set to true, you must provide a value for \"servers\"" + "description": "[true/false] The Azure Firewall DNS Proxy will forward all DNS traffic. When this value is set to true, you must provide a value for \"dnsServers\"" } }, "dnsServers": { @@ -235,7 +235,7 @@ }, { "category": "AzureFirewallDnsProxy", - "enabled": true + "enabled": "[parameters('enableProxy')]" } ], "metadata": { @@ -395,7 +395,7 @@ "description": "An array of Network Security Group Metrics to apply to enable for the Identity Virtual Network. See https://docs.microsoft.com/en-us/azure/azure-monitor/essentials/diagnostic-settings?tabs=CMD#metrics for valid settings." } }, - "KeyVaultDiagnosticsLogs": { + "keyVaultDiagnosticsLogs": { "type": "array", "defaultValue": [ { @@ -829,26 +829,15 @@ "input": "[cidrHost(parameters('firewallClientSubnetAddressPrefix'), range(0, 4)[copyIndex('firewallClientUsableIpAddresses')])]" } ], - "$fxv#0": "1.0.0", - "environmentName": { - "dev": "Development", - "prod": "Production", - "test": "Test" - }, - "mlzTags": { - "environment": "[variables('environmentName')[parameters('environmentAbbreviation')]]", - "landingZoneName": "MissionLandingZone", - "landingZoneVersion": "[variables('$fxv#0')]", - "resourcePrefix": "[parameters('resourcePrefix')]" - }, "firewallClientPrivateIpAddress": "[variables('firewallClientUsableIpAddresses')[3]]", - "logAnalyticsWorkspaceRetentionInDays": "[if(parameters('deploySentinel'), parameters('logAnalyticsSentinelWorkspaceRetentionInDays'), parameters('logAnalyticsWorkspaceNoSentinelRetentionInDays'))]" + "logAnalyticsWorkspaceRetentionInDays": "[if(parameters('deploySentinel'), parameters('logAnalyticsSentinelWorkspaceRetentionInDays'), parameters('logAnalyticsWorkspaceNoSentinelRetentionInDays'))]", + "networks": "[union(createArray(createObject('name', 'hub', 'shortName', 'hub', 'deployUniqueResources', true(), 'subscriptionId', parameters('hubSubscriptionId'), 'nsgDiagLogs', parameters('hubNetworkSecurityGroupDiagnosticsLogs'), 'nsgDiagMetrics', parameters('hubNetworkSecurityGroupDiagnosticsMetrics'), 'nsgRules', parameters('hubNetworkSecurityGroupRules'), 'vnetAddressPrefix', parameters('hubVirtualNetworkAddressPrefix'), 'vnetDiagLogs', parameters('hubVirtualNetworkDiagnosticsLogs'), 'vnetDiagMetrics', parameters('hubVirtualNetworkDiagnosticsMetrics'), 'subnetAddressPrefix', parameters('hubSubnetAddressPrefix')), createObject('name', 'operations', 'shortName', 'ops', 'deployUniqueResources', if(contains(createArray(parameters('hubSubscriptionId')), parameters('operationsSubscriptionId')), false(), true()), 'subscriptionId', parameters('operationsSubscriptionId'), 'nsgDiagLogs', parameters('operationsNetworkSecurityGroupDiagnosticsLogs'), 'nsgDiagMetrics', parameters('operationsNetworkSecurityGroupDiagnosticsMetrics'), 'nsgRules', parameters('operationsNetworkSecurityGroupRules'), 'vnetAddressPrefix', parameters('operationsVirtualNetworkAddressPrefix'), 'vnetDiagLogs', parameters('operationsVirtualNetworkDiagnosticsLogs'), 'vnetDiagMetrics', parameters('operationsVirtualNetworkDiagnosticsMetrics'), 'subnetAddressPrefix', parameters('operationsSubnetAddressPrefix')), createObject('name', 'sharedServices', 'shortName', 'svcs', 'deployUniqueResources', if(contains(createArray(parameters('hubSubscriptionId'), parameters('operationsSubscriptionId')), parameters('sharedServicesSubscriptionId')), false(), true()), 'subscriptionId', parameters('sharedServicesSubscriptionId'), 'nsgDiagLogs', parameters('sharedServicesNetworkSecurityGroupDiagnosticsLogs'), 'nsgDiagMetrics', parameters('sharedServicesNetworkSecurityGroupDiagnosticsMetrics'), 'nsgRules', parameters('sharedServicesNetworkSecurityGroupRules'), 'vnetAddressPrefix', parameters('sharedServicesVirtualNetworkAddressPrefix'), 'vnetDiagLogs', parameters('sharedServicesVirtualNetworkDiagnosticsLogs'), 'vnetDiagMetrics', parameters('sharedServicesVirtualNetworkDiagnosticsMetrics'), 'subnetAddressPrefix', parameters('sharedServicesSubnetAddressPrefix'))), if(parameters('deployIdentity'), createArray(createObject('name', 'identity', 'shortName', 'id', 'deployUniqueResources', if(contains(createArray(parameters('hubSubscriptionId'), parameters('operationsSubscriptionId'), parameters('sharedServicesSubscriptionId')), parameters('identitySubscriptionId')), false(), true()), 'subscriptionId', parameters('sharedServicesSubscriptionId'), 'nsgDiagLogs', parameters('identityNetworkSecurityGroupDiagnosticsLogs'), 'nsgDiagMetrics', parameters('identityNetworkSecurityGroupDiagnosticsMetrics'), 'nsgRules', parameters('identityNetworkSecurityGroupRules'), 'vnetAddressPrefix', parameters('identityVirtualNetworkAddressPrefix'), 'vnetDiagLogs', parameters('identityVirtualNetworkDiagnosticsLogs'), 'vnetDiagMetrics', parameters('identityVirtualNetworkDiagnosticsMetrics'), 'subnetAddressPrefix', parameters('identitySubnetAddressPrefix'))), createArray()))]" }, "resources": [ { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('get-naming-convention-{0}', parameters('deploymentNameSuffix'))]", + "name": "[format('get-logic-{0}', parameters('deploymentNameSuffix'))]", "location": "[deployment().location]", "properties": { "expressionEvaluationOptions": { @@ -856,12 +845,18 @@ }, "mode": "Incremental", "parameters": { + "deploymentNameSuffix": { + "value": "[parameters('deploymentNameSuffix')]" + }, "environmentAbbreviation": { "value": "[parameters('environmentAbbreviation')]" }, "location": { "value": "[parameters('location')]" }, + "networks": { + "value": "[variables('networks')]" + }, "resourcePrefix": { "value": "[parameters('resourcePrefix')]" } @@ -873,21 +868,38 @@ "_generator": { "name": "bicep", "version": "0.27.1.19265", - "templateHash": "14479460846238471606" + "templateHash": "16881625523433024595" } }, "parameters": { + "deploymentNameSuffix": { + "type": "string" + }, "environmentAbbreviation": { "type": "string" }, "location": { "type": "string" }, + "networks": { + "type": "array" + }, "resourcePrefix": { "type": "string" + }, + "stampIndex": { + "type": "string", + "defaultValue": "" } }, "variables": { + "copy": [ + { + "name": "privateDnsZoneNames_Backup", + "count": "[length(items(variables('locations')))]", + "input": "[format('privatelink.{0}.backup.windowsazure.{1}', items(variables('locations'))[copyIndex('privateDnsZoneNames_Backup')].value.recoveryServicesGeo, coalesce(variables('privateDnsZoneSuffixes_Backup')[environment().name], variables('cloudSuffix')))]" + } + ], "$fxv#0": { "AzureChina": { "chinaeast": { @@ -1272,8 +1284,10 @@ } } }, - "$fxv#1": { + "$fxv#1": "1.0.0", + "$fxv#2": { "actionGroups": "ag", + "applicationGroups": "vdag", "automationAccounts": "aa", "availabilitySets": "avail", "azureFirewalls": "afw", @@ -1281,7 +1295,6 @@ "computeGallieries": "cg", "dataCollectionRuleAssociations": "dcra", "dataCollectionRules": "dcr", - "desktopApplicationGroups": "vdag", "diagnosticSettings": "diag", "diskAccesses": "da", "diskEncryptionSets": "des", @@ -1310,397 +1323,260 @@ "virtualNetworks": "vnet", "workspaces": "vdws" }, + "cloudSuffix": "[replace(replace(environment().resourceManager, 'https://management.', ''), '/', '')]", + "environmentName": { + "dev": "Development", + "prod": "Production", + "test": "Test" + }, "locations": "[variables('$fxv#0')[environment().name]]", - "locationAbbreviation": "[variables('locations')[parameters('location')].abbreviation]", - "resourceAbbreviations": "[variables('$fxv#1')]", - "resourceToken": "resource_token", - "serviceToken": "service_token", - "networkToken": "network_token", - "namingConvention": "[format('{0}-{1}-{2}-{3}-{4}-{5}', toLower(parameters('resourcePrefix')), variables('resourceToken'), variables('serviceToken'), variables('networkToken'), parameters('environmentAbbreviation'), variables('locationAbbreviation'))]", - "actionGroupNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').actionGroups)]", - "automationAccountNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').automationAccounts)]", - "bastionHostNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').bastionHosts)]", - "computeGalleryNamingConvention": "[replace(replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').computeGallieries), '-', '_')]", - "diskEncryptionSetNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').diskEncryptionSets)]", - "diskNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').disks)]", - "firewallNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').azureFirewalls)]", - "firewallPolicyNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').firewallPolicies)]", - "ipConfigurationNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').ipConfigurations)]", - "keyVaultNamingConvention": "[format('{0}unique_token', replace(replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').keyVaults), '-', ''))]", - "logAnalyticsWorkspaceNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').logAnalyticsWorkspaces)]", - "networkInterfaceNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').networkInterfaces)]", - "networkSecurityGroupNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').networkSecurityGroups)]", - "networkWatcherNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').networkWatchers)]", - "privateEndpointNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').privateEndpoints)]", - "privateLinkScopeName": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').privateLinkScopes)]", - "publicIpAddressNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').publicIPAddresses)]", - "resourceGroupNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').resourceGroups)]", - "routeTableNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').routeTables)]", - "storageAccountNamingConvention": "[toLower(format('{0}unique_token', replace(replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').storageAccounts), '-', '')))]", - "subnetNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').subnets)]", - "userAssignedIdentityNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').userAssignedIdentities)]", - "virtualMachineNamingConvention": "[replace(replace(replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').virtualMachines), '-', ''), parameters('environmentAbbreviation'), first(parameters('environmentAbbreviation')))]", - "virtualNetworkNamingConvention": "[replace(variables('namingConvention'), variables('resourceToken'), variables('resourceAbbreviations').virtualNetworks)]" - }, - "resources": [], - "outputs": { - "resources": { - "type": "object", - "value": { - "actionGroup": "[variables('actionGroupNamingConvention')]", - "automationAccount": "[variables('automationAccountNamingConvention')]", - "bastionHost": "[variables('bastionHostNamingConvention')]", - "computeGallery": "[variables('computeGalleryNamingConvention')]", - "diskEncryptionSet": "[variables('diskEncryptionSetNamingConvention')]", - "disk": "[variables('diskNamingConvention')]", - "firewall": "[variables('firewallNamingConvention')]", - "firewallPolicy": "[variables('firewallPolicyNamingConvention')]", - "ipConfiguration": "[variables('ipConfigurationNamingConvention')]", - "keyVault": "[variables('keyVaultNamingConvention')]", - "logAnalyticsWorkspace": "[variables('logAnalyticsWorkspaceNamingConvention')]", - "networkInterface": "[variables('networkInterfaceNamingConvention')]", - "networkSecurityGroup": "[variables('networkSecurityGroupNamingConvention')]", - "networkWatcher": "[variables('networkWatcherNamingConvention')]", - "privateEndpoint": "[variables('privateEndpointNamingConvention')]", - "privateLinkScope": "[variables('privateLinkScopeName')]", - "publicIpAddress": "[variables('publicIpAddressNamingConvention')]", - "resourceGroup": "[variables('resourceGroupNamingConvention')]", - "routeTable": "[variables('routeTableNamingConvention')]", - "storageAccount": "[variables('storageAccountNamingConvention')]", - "subnet": "[variables('subnetNamingConvention')]", - "userAssignedIdentity": "[variables('userAssignedIdentityNamingConvention')]", - "virtualMachine": "[variables('virtualMachineNamingConvention')]", - "virtualNetwork": "[variables('virtualNetworkNamingConvention')]" - } + "mlzTags": { + "environment": "[variables('environmentName')[parameters('environmentAbbreviation')]]", + "landingZoneName": "MissionLandingZone", + "landingZoneVersion": "[variables('$fxv#1')]", + "resourcePrefix": "[parameters('resourcePrefix')]" }, + "resourceAbbreviations": "[variables('$fxv#2')]", "tokens": { - "type": "object", - "value": { - "resource": "[variables('resourceToken')]", - "service": "[variables('serviceToken')]", - "network": "[variables('networkToken')]" - } + "resource": "resource_token", + "service": "service_token" + }, + "privateDnsZoneNames": "[union(createArray(format('privatelink.agentsvc.azure-automation.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureAutomation')[environment().name], variables('cloudSuffix'))), format('privatelink.azure-automation.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureAutomation')[environment().name], variables('cloudSuffix'))), format('privatelink.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureWebSites')[environment().name], format('appservice.{0}', variables('cloudSuffix')))), format('scm.privatelink.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureWebSites')[environment().name], format('appservice.{0}', variables('cloudSuffix')))), format('privatelink.wvd.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureVirtualDesktop')[environment().name], variables('cloudSuffix'))), format('privatelink-global.wvd.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureVirtualDesktop')[environment().name], variables('cloudSuffix'))), format('privatelink.file.{0}', environment().suffixes.storage), format('privatelink.queue.{0}', environment().suffixes.storage), format('privatelink.table.{0}', environment().suffixes.storage), format('privatelink.blob.{0}', environment().suffixes.storage), format('privatelink{0}', replace(environment().suffixes.keyvaultDns, 'vault', 'vaultcore')), format('privatelink.monitor.{0}', coalesce(variables('privateDnsZoneSuffixes_Monitor')[environment().name], variables('cloudSuffix'))), format('privatelink.ods.opinsights.{0}', coalesce(variables('privateDnsZoneSuffixes_Monitor')[environment().name], variables('cloudSuffix'))), format('privatelink.oms.opinsights.{0}', coalesce(variables('privateDnsZoneSuffixes_Monitor')[environment().name], variables('cloudSuffix')))), variables('privateDnsZoneNames_Backup'))]", + "privateDnsZoneSuffixes_AzureAutomation": { + "AzureCloud": "net", + "AzureUSGovernment": "us", + "USNat": null, + "USSec": null + }, + "privateDnsZoneSuffixes_AzureVirtualDesktop": { + "AzureCloud": "microsoft.com", + "AzureUSGovernment": "azure.us", + "USNat": null, + "USSec": null + }, + "privateDnsZoneSuffixes_AzureWebSites": { + "AzureCloud": "azurewebsites.net", + "AzureUSGovernment": "azurewebsites.us", + "USNat": null, + "USSec": null + }, + "privateDnsZoneSuffixes_Backup": { + "AzureCloud": "com", + "AzureUSGovernment": "us", + "USNat": null, + "USSec": null + }, + "privateDnsZoneSuffixes_Monitor": { + "AzureCloud": "azure.com", + "AzureUSGovernment": "azure.us", + "USNat": null, + "USSec": null } - } - } - } - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('get-logic-{0}', parameters('deploymentNameSuffix'))]", - "location": "[deployment().location]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "deployIdentity": { - "value": "[parameters('deployIdentity')]" - }, - "environmentAbbreviation": { - "value": "[parameters('environmentAbbreviation')]" - }, - "hubSubscriptionId": { - "value": "[parameters('hubSubscriptionId')]" - }, - "identitySubnetAddressPrefix": { - "value": "[parameters('identitySubnetAddressPrefix')]" - }, - "identitySubscriptionId": { - "value": "[parameters('identitySubscriptionId')]" - }, - "operationsSubnetAddressPrefix": { - "value": "[parameters('operationsSubnetAddressPrefix')]" - }, - "operationsSubscriptionId": { - "value": "[parameters('operationsSubscriptionId')]" - }, - "resourcePrefix": { - "value": "[parameters('resourcePrefix')]" - }, - "resources": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-naming-convention-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.resources.value]" - }, - "sharedServicesSubscriptionId": { - "value": "[parameters('sharedServicesSubscriptionId')]" - }, - "tokens": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-naming-convention-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value]" - }, - "identityNetworkSecurityGroupDiagnosticsLogs": { - "value": "[parameters('identityNetworkSecurityGroupDiagnosticsLogs')]" - }, - "identityNetworkSecurityGroupDiagnosticsMetrics": { - "value": "[parameters('identityNetworkSecurityGroupDiagnosticsMetrics')]" - }, - "identityNetworkSecurityGroupRules": { - "value": "[parameters('identityNetworkSecurityGroupRules')]" - }, - "identityVirtualNetworkAddressPrefix": { - "value": "[parameters('identityVirtualNetworkAddressPrefix')]" - }, - "identityVirtualNetworkDiagnosticsLogs": { - "value": "[parameters('identityVirtualNetworkDiagnosticsLogs')]" }, - "identityVirtualNetworkDiagnosticsMetrics": { - "value": "[parameters('identityVirtualNetworkDiagnosticsMetrics')]" - }, - "operationsNetworkSecurityGroupDiagnosticsLogs": { - "value": "[parameters('operationsNetworkSecurityGroupDiagnosticsLogs')]" - }, - "operationsNetworkSecurityGroupDiagnosticsMetrics": { - "value": "[parameters('operationsNetworkSecurityGroupDiagnosticsMetrics')]" - }, - "operationsNetworkSecurityGroupRules": { - "value": "[parameters('operationsNetworkSecurityGroupRules')]" - }, - "operationsVirtualNetworkAddressPrefix": { - "value": "[parameters('operationsVirtualNetworkAddressPrefix')]" - }, - "operationsVirtualNetworkDiagnosticsLogs": { - "value": "[parameters('operationsVirtualNetworkDiagnosticsLogs')]" - }, - "operationsVirtualNetworkDiagnosticsMetrics": { - "value": "[parameters('operationsVirtualNetworkDiagnosticsMetrics')]" - }, - "sharedServicesNetworkSecurityGroupDiagnosticsLogs": { - "value": "[parameters('sharedServicesNetworkSecurityGroupDiagnosticsLogs')]" - }, - "sharedServicesNetworkSecurityGroupDiagnosticsMetrics": { - "value": "[parameters('sharedServicesNetworkSecurityGroupDiagnosticsMetrics')]" - }, - "sharedServicesNetworkSecurityGroupRules": { - "value": "[parameters('sharedServicesNetworkSecurityGroupRules')]" - }, - "sharedServicesSubnetAddressPrefix": { - "value": "[parameters('sharedServicesSubnetAddressPrefix')]" - }, - "sharedServicesVirtualNetworkAddressPrefix": { - "value": "[parameters('sharedServicesVirtualNetworkAddressPrefix')]" - }, - "sharedServicesVirtualNetworkDiagnosticsLogs": { - "value": "[parameters('sharedServicesVirtualNetworkDiagnosticsLogs')]" - }, - "sharedServicesVirtualNetworkDiagnosticsMetrics": { - "value": "[parameters('sharedServicesVirtualNetworkDiagnosticsMetrics')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "10047600494962654201" + "resources": [ + { + "copy": { + "name": "namingConventions", + "count": "[length(parameters('networks'))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('naming-convention-{0}-{1}', parameters('networks')[copyIndex()].name, parameters('deploymentNameSuffix'))]", + "location": "[deployment().location]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "locationAbbreviation": { + "value": "[variables('locations')[parameters('location')].abbreviation]" + }, + "environmentAbbreviation": { + "value": "[parameters('environmentAbbreviation')]" + }, + "networkName": { + "value": "[parameters('networks')[copyIndex()].name]" + }, + "networkShortName": { + "value": "[parameters('networks')[copyIndex()].shortName]" + }, + "resourceAbbreviations": { + "value": "[variables('resourceAbbreviations')]" + }, + "resourcePrefix": { + "value": "[parameters('resourcePrefix')]" + }, + "stampIndex": { + "value": "[parameters('stampIndex')]" + }, + "subscriptionId": { + "value": "[parameters('networks')[copyIndex()].subscriptionId]" + }, + "tokens": { + "value": "[variables('tokens')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "2390405762046931912" + } + }, + "parameters": { + "environmentAbbreviation": { + "type": "string" + }, + "locationAbbreviation": { + "type": "string" + }, + "networkName": { + "type": "string" + }, + "networkShortName": { + "type": "string" + }, + "resourceAbbreviations": { + "type": "object" + }, + "resourcePrefix": { + "type": "string" + }, + "stampIndex": { + "type": "string", + "defaultValue": "" + }, + "subscriptionId": { + "type": "string" + }, + "tokens": { + "type": "object" + } + }, + "variables": { + "namingConvention": "[format('{0}-{1}{2}-{3}-{4}-{5}', toLower(parameters('resourcePrefix')), if(empty(parameters('stampIndex')), '', format('{0}-', parameters('stampIndex'))), parameters('tokens').resource, parameters('networkName'), parameters('environmentAbbreviation'), parameters('locationAbbreviation'))]", + "namingConvention_Service": "[format('{0}-{1}{2}-{3}-{4}-{5}-{6}', toLower(parameters('resourcePrefix')), if(empty(parameters('stampIndex')), '', format('{0}-', parameters('stampIndex'))), parameters('tokens').resource, parameters('tokens').service, parameters('networkName'), parameters('environmentAbbreviation'), parameters('locationAbbreviation'))]", + "names": { + "actionGroup": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').actionGroups)]", + "applicationGroup": "[replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').applicationGroups)]", + "automationAccount": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').automationAccounts)]", + "automationAccountDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, parameters('resourceAbbreviations').automationAccounts)]", + "automationAccountNetworkInterface": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, parameters('resourceAbbreviations').automationAccounts)]", + "automationAccountPrivateEndpoint": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').privateEndpoints), parameters('tokens').service, parameters('resourceAbbreviations').automationAccounts)]", + "availabilitySet": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').availabilitySets)]", + "azureFirewall": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').azureFirewalls)]", + "azureFirewallClientPublicIPAddress": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').publicIpAddresses), parameters('tokens').service, format('client-{0}', parameters('resourceAbbreviations').azureFirewalls))]", + "azureFirewallClientPublicIPAddressDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, format('{0}-client-{1}', parameters('resourceAbbreviations').publicIpAddresses, parameters('resourceAbbreviations').azureFirewalls))]", + "azureFirewallDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, parameters('resourceAbbreviations').azureFirewalls)]", + "azureFirewallManagementPublicIPAddress": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').publicIpAddresses), parameters('tokens').service, format('mgmt-{0}', parameters('resourceAbbreviations').azureFirewalls))]", + "azureFirewallManagementPublicIPAddressDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, format('{0}-mgmt-{1}', parameters('resourceAbbreviations').publicIpAddresses, parameters('resourceAbbreviations').azureFirewalls))]", + "azureFirewallPolicy": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').firewallPolicies)]", + "bastionHost": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').bastionHosts)]", + "bastionHostPublicIPAddress": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').publicIpAddresses), parameters('tokens').service, parameters('resourceAbbreviations').bastionHosts)]", + "bastionHostPublicIPAddressDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, format('{0}-{1}', parameters('resourceAbbreviations').publicIpAddresses, parameters('resourceAbbreviations').bastionHosts))]", + "computeGallery": "[replace(replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').computeGallieries), '-', '_')]", + "dataCollectionRuleAssociation": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').dataCollectionRuleAssociations)]", + "dataCollectionRule": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').dataCollectionRules)]", + "diskAccess": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').diskAccesses)]", + "diskEncryptionSet": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').diskEncryptionSets)]", + "hostPool": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').hostPools)]", + "hostPoolDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, parameters('resourceAbbreviations').hostPools)]", + "hostPoolNetworkInterface": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, parameters('resourceAbbreviations').hostPools)]", + "hostPoolPrivateEndpoint": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').privateEndpoints), parameters('tokens').service, parameters('resourceAbbreviations').hostPools)]", + "keyVault": "[format('{0}{1}', replace(replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').keyVaults), '-', ''), parameters('networkName'), parameters('networkShortName')), uniqueString(parameters('resourcePrefix'), parameters('environmentAbbreviation'), parameters('subscriptionId')))]", + "keyVaultDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, format('{0}{1}', parameters('tokens').service, parameters('resourceAbbreviations').keyVaults))]", + "keyVaultNetworkInterface": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, format('{0}{1}', parameters('tokens').service, parameters('resourceAbbreviations').keyVaults))]", + "keyVaultPrivateEndpoint": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').privateEndpoints), parameters('tokens').service, format('{0}{1}', parameters('tokens').service, parameters('resourceAbbreviations').keyVaults))]", + "logAnalyticsWorkspace": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').logAnalyticsWorkspaces)]", + "logAnalyticsWorkspaceDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, parameters('resourceAbbreviations').logAnalyticsWorkspaces)]", + "netAppAccountCapacityPool": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').netAppCapacityPools)]", + "netAppAccount": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').netAppAccounts)]", + "networkSecurityGroup": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').networkSecurityGroups)]", + "networkSecurityGroupDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, parameters('resourceAbbreviations').networkSecurityGroups)]", + "networkWatcher": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').networkWatchers)]", + "privateLinkScope": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').privateLinkScopes)]", + "privateLinkScopeNetworkInterface": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, parameters('resourceAbbreviations').privateLinkScopes)]", + "privateLinkScopePrivateEndpoint": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').privateEndpoints), parameters('tokens').service, parameters('resourceAbbreviations').privateLinkScopes)]", + "recoveryServicesVault": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').recoveryServicesVaults)]", + "recoveryServicesNetworkInterface": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, parameters('resourceAbbreviations').recoveryServicesVaults)]", + "recoveryServicesPrivateEndpoint": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').privateEndpoints), parameters('tokens').service, parameters('resourceAbbreviations').recoveryServicesVaults)]", + "resourceGroup": "[replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').resourceGroups)]", + "routeTable": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').routeTables)]", + "storageAccount": "[toLower(replace(replace(replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').storageAccounts), parameters('networkName'), parameters('networkShortName')), '-', ''))]", + "storageAccountNetworkInterface": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').storageAccounts))]", + "storageAccountPrivateEndpoint": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').privateEndpoints), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').storageAccounts))]", + "subnet": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').subnets)]", + "userAssignedIdentity": "[replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').userAssignedIdentities)]", + "virtualMachine": "[replace(replace(replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').virtualMachines), parameters('environmentAbbreviation'), first(parameters('environmentAbbreviation'))), parameters('networkName'), ''), '-', '')]", + "virtualMachineDisk": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').disks), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').virtualMachines))]", + "virtualMachineNetworkInterface": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').virtualMachines))]", + "virtualNetwork": "[replace(variables('namingConvention'), parameters('tokens').resource, parameters('resourceAbbreviations').virtualNetworks)]", + "virtualNetworkDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, parameters('resourceAbbreviations').virtualNetworks)]", + "workspaceFeed": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').workspaces), format('-{0}', parameters('stampIndex')), '')]", + "workspaceFeedDiagnosticSetting": "[replace(replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').workspaces)), format('-{0}', parameters('stampIndex')), '')]", + "workspaceFeedNetworkInterface": "[replace(replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').workspaces)), format('-{0}', parameters('stampIndex')), '')]", + "workspaceFeedPrivateEndpoint": "[replace(replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').privateEndpoints), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').workspaces)), format('-{0}', parameters('stampIndex')), '')]", + "workspaceGlobal": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').workspaces), format('-{0}', parameters('stampIndex')), '')]", + "workspaceGlobalDiagnosticSetting": "[replace(replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').workspaces)), format('-{0}', parameters('stampIndex')), '')]", + "workspaceGlobalNetworkInterface": "[replace(replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').networkInterfaces), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').workspaces)), format('-{0}', parameters('stampIndex')), '')]", + "workspaceGlobalPrivateEndpoint": "[replace(replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, parameters('resourceAbbreviations').privateEndpoints), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, parameters('resourceAbbreviations').workspaces)), format('-{0}', parameters('stampIndex')), '')]" + } + }, + "resources": [], + "outputs": { + "names": { + "type": "object", + "value": "[variables('names')]" + } + } + } + } } - }, - "parameters": { - "deployIdentity": { - "type": "bool" - }, - "environmentAbbreviation": { - "type": "string" - }, - "hubSubscriptionId": { - "type": "string" - }, - "identityNetworkSecurityGroupDiagnosticsLogs": { - "type": "array" - }, - "identityNetworkSecurityGroupDiagnosticsMetrics": { - "type": "array" - }, - "identityNetworkSecurityGroupRules": { - "type": "array" - }, - "identitySubnetAddressPrefix": { - "type": "string" - }, - "identitySubscriptionId": { - "type": "string" - }, - "identityVirtualNetworkAddressPrefix": { - "type": "string" - }, - "identityVirtualNetworkDiagnosticsLogs": { - "type": "array" - }, - "identityVirtualNetworkDiagnosticsMetrics": { - "type": "array" - }, - "operationsNetworkSecurityGroupDiagnosticsLogs": { - "type": "array" - }, - "operationsNetworkSecurityGroupDiagnosticsMetrics": { - "type": "array" - }, - "operationsNetworkSecurityGroupRules": { - "type": "array" - }, - "operationsSubnetAddressPrefix": { - "type": "string" - }, - "operationsSubscriptionId": { - "type": "string" - }, - "operationsVirtualNetworkAddressPrefix": { - "type": "string" - }, - "operationsVirtualNetworkDiagnosticsLogs": { - "type": "array" - }, - "operationsVirtualNetworkDiagnosticsMetrics": { - "type": "array" - }, - "resourcePrefix": { - "type": "string" - }, - "resources": { - "type": "object" - }, - "sharedServicesNetworkSecurityGroupDiagnosticsLogs": { - "type": "array" - }, - "sharedServicesNetworkSecurityGroupDiagnosticsMetrics": { - "type": "array" - }, - "sharedServicesNetworkSecurityGroupRules": { - "type": "array" - }, - "sharedServicesSubnetAddressPrefix": { - "type": "string" - }, - "sharedServicesSubscriptionId": { - "type": "string" + ], + "outputs": { + "locationProperties": { + "type": "object", + "value": "[variables('locations')[parameters('location')]]" }, - "sharedServicesVirtualNetworkAddressPrefix": { - "type": "string" + "mlzTags": { + "type": "object", + "value": "[variables('mlzTags')]" }, - "sharedServicesVirtualNetworkDiagnosticsLogs": { - "type": "array" + "privateDnsZones": { + "type": "array", + "value": "[variables('privateDnsZoneNames')]" }, - "sharedServicesVirtualNetworkDiagnosticsMetrics": { - "type": "array" + "tiers": { + "type": "array", + "copy": { + "count": "[length(parameters('networks'))]", + "input": { + "name": "[parameters('networks')[copyIndex()].name]", + "shortName": "[parameters('networks')[copyIndex()].shortName]", + "deployUniqueResources": "[parameters('networks')[copyIndex()].deployUniqueResources]", + "subscriptionId": "[parameters('networks')[copyIndex()].subscriptionId]", + "nsgDiagLogs": "[parameters('networks')[copyIndex()].nsgDiagLogs]", + "nsgDiagMetrics": "[parameters('networks')[copyIndex()].nsgDiagMetrics]", + "nsgRules": "[parameters('networks')[copyIndex()].nsgRules]", + "vnetAddressPrefix": "[parameters('networks')[copyIndex()].vnetAddressPrefix]", + "vnetDiagLogs": "[parameters('networks')[copyIndex()].vnetDiagLogs]", + "vnetDiagMetrics": "[parameters('networks')[copyIndex()].vnetDiagMetrics]", + "subnetAddressPrefix": "[parameters('networks')[copyIndex()].subnetAddressPrefix]", + "namingConvention": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('naming-convention-{0}-{1}', parameters('networks')[copyIndex()].name, parameters('deploymentNameSuffix'))), '2022-09-01').outputs.names.value]" + } + } }, "tokens": { - "type": "object" - } - }, - "variables": { - "hubName": "hub", - "hubShortName": "hub", - "identityName": "identity", - "identityShortName": "id", - "operationsName": "operations", - "operationsShortName": "ops", - "sharedServicesName": "sharedServices", - "sharedServicesShortName": "svcs", - "hub": { - "name": "[variables('hubName')]", - "subscriptionId": "[parameters('hubSubscriptionId')]", - "resourceGroupName": "[replace(replace(parameters('resources').resourceGroup, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, variables('hubName'))]", - "deployUniqueResources": true, - "bastionHostIPConfigurationName": "[replace(replace(parameters('resources').ipConfiguration, parameters('tokens').service, 'bas'), parameters('tokens').network, variables('hubName'))]", - "bastionHostName": "[replace(replace(parameters('resources').bastionHost, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, variables('hubName'))]", - "bastionHostPublicIPAddressName": "[replace(replace(parameters('resources').publicIpAddress, parameters('tokens').service, 'bas'), parameters('tokens').network, variables('hubName'))]", - "diskEncryptionSetName": "[replace(replace(parameters('resources').diskEncryptionSet, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, variables('hubName'))]", - "firewallClientIpConfigurationName": "[replace(replace(parameters('resources').ipConfiguration, parameters('tokens').service, 'client-afw'), parameters('tokens').network, variables('hubName'))]", - "firewallClientPublicIPAddressName": "[replace(replace(parameters('resources').publicIpAddress, parameters('tokens').service, 'client-afw'), parameters('tokens').network, variables('hubName'))]", - "firewallManagementIpConfigurationName": "[replace(replace(parameters('resources').ipConfiguration, parameters('tokens').service, 'mgmt-afw'), parameters('tokens').network, variables('hubName'))]", - "firewallManagementPublicIPAddressName": "[replace(replace(parameters('resources').publicIpAddress, parameters('tokens').service, 'mgmt-afw'), parameters('tokens').network, variables('hubName'))]", - "firewallName": "[replace(replace(parameters('resources').firewall, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, variables('hubName'))]", - "firewallPolicyName": "[replace(replace(parameters('resources').firewallPolicy, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, variables('hubName'))]", - "keyVaultName": "[take(replace(replace(replace(parameters('resources').keyVault, parameters('tokens').service, ''), parameters('tokens').network, variables('hubShortName')), 'unique_token', uniqueString(parameters('resourcePrefix'), parameters('environmentAbbreviation'), parameters('hubSubscriptionId'))), 24)]", - "keyVaultNetworkInterfaceName": "[replace(replace(parameters('resources').networkInterface, parameters('tokens').service, 'kv'), parameters('tokens').network, variables('hubName'))]", - "keyVaultPrivateEndpointName": "[replace(replace(parameters('resources').privateEndpoint, parameters('tokens').service, 'kv'), parameters('tokens').network, variables('hubName'))]", - "linuxDiskName": "[replace(replace(parameters('resources').disk, parameters('tokens').service, 'linux'), parameters('tokens').network, variables('hubName'))]", - "linuxNetworkInterfaceIpConfigurationName": "[replace(replace(parameters('resources').ipConfiguration, parameters('tokens').service, 'linux'), parameters('tokens').network, variables('hubName'))]", - "linuxNetworkInterfaceName": "[replace(replace(parameters('resources').networkInterface, parameters('tokens').service, 'linux'), parameters('tokens').network, variables('hubName'))]", - "linuxVmName": "[replace(replace(parameters('resources').virtualMachine, parameters('tokens').service, 'lra'), parameters('tokens').network, variables('hubName'))]", - "logStorageAccountName": "[take(replace(replace(replace(parameters('resources').storageAccount, parameters('tokens').service, ''), parameters('tokens').network, variables('hubShortName')), 'unique_token', uniqueString(parameters('resourcePrefix'), parameters('environmentAbbreviation'), parameters('hubSubscriptionId'))), 24)]", - "logStorageAccountNetworkInterfaceNamePrefix": "[replace(replace(parameters('resources').networkInterface, parameters('tokens').service, format('{0}-st', parameters('tokens').service)), parameters('tokens').network, variables('hubName'))]", - "logStorageAccountPrivateEndpointNamePrefix": "[replace(replace(parameters('resources').privateEndpoint, parameters('tokens').service, format('{0}-st', parameters('tokens').service)), parameters('tokens').network, variables('hubName'))]", - "networkSecurityGroupName": "[replace(replace(parameters('resources').networkSecurityGroup, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, variables('hubName'))]", - "networkWatcherName": "[replace(replace(parameters('resources').networkWatcher, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, variables('hubName'))]", - "routeTableName": "[replace(replace(parameters('resources').routeTable, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, variables('hubName'))]", - "subnetName": "[replace(replace(parameters('resources').subnet, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, variables('hubName'))]", - "userAssignedIdentityName": "[replace(replace(parameters('resources').userAssignedIdentity, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, variables('hubName'))]", - "virtualNetworkName": "[replace(replace(parameters('resources').virtualNetwork, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, variables('hubName'))]", - "windowsDiskName": "[replace(replace(parameters('resources').disk, parameters('tokens').service, 'windows'), parameters('tokens').network, variables('hubName'))]", - "windowsNetworkInterfaceIpConfigurationName": "[replace(replace(parameters('resources').ipConfiguration, parameters('tokens').service, 'windows'), parameters('tokens').network, variables('hubName'))]", - "windowsNetworkInterfaceName": "[replace(replace(parameters('resources').networkInterface, parameters('tokens').service, 'windows'), parameters('tokens').network, variables('hubName'))]", - "windowsVmName": "[replace(replace(parameters('resources').virtualMachine, parameters('tokens').service, 'wra'), parameters('tokens').network, variables('hubName'))]" - }, - "spokes": "[union(variables('spokesCommon'), variables('spokesIdentity'))]", - "spokesCommon": [ - { - "name": "[variables('operationsName')]", - "subscriptionId": "[parameters('operationsSubscriptionId')]", - "resourceGroupName": "[replace(replace(parameters('resources').resourceGroup, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, variables('operationsName'))]", - "deployUniqueResources": "[if(contains(createArray(parameters('hubSubscriptionId')), parameters('operationsSubscriptionId')), false(), true())]", - "logAnalyticsWorkspaceName": "[replace(replace(parameters('resources').logAnalyticsWorkspace, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, variables('operationsName'))]", - "logStorageAccountName": "[take(replace(replace(replace(parameters('resources').storageAccount, parameters('tokens').service, ''), parameters('tokens').network, variables('operationsShortName')), 'unique_token', uniqueString(parameters('resourcePrefix'), parameters('environmentAbbreviation'), parameters('operationsSubscriptionId'))), 24)]", - "logStorageAccountNetworkInterfaceNamePrefix": "[replace(replace(parameters('resources').networkInterface, parameters('tokens').service, format('{0}-st', parameters('tokens').service)), parameters('tokens').network, variables('operationsName'))]", - "logStorageAccountPrivateEndpointNamePrefix": "[replace(replace(parameters('resources').privateEndpoint, parameters('tokens').service, format('{0}-st', parameters('tokens').service)), parameters('tokens').network, variables('operationsName'))]", - "networkSecurityGroupDiagnosticsLogs": "[parameters('operationsNetworkSecurityGroupDiagnosticsLogs')]", - "networkSecurityGroupDiagnosticsMetrics": "[parameters('operationsNetworkSecurityGroupDiagnosticsMetrics')]", - "networkSecurityGroupName": "[replace(replace(parameters('resources').networkSecurityGroup, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, variables('operationsName'))]", - "networkSecurityGroupRules": "[parameters('operationsNetworkSecurityGroupRules')]", - "networkWatcherName": "[replace(replace(parameters('resources').networkWatcher, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, variables('operationsName'))]", - "privateLinkScopeName": "[replace(replace(parameters('resources').privateLinkScope, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, variables('operationsName'))]", - "privateLinkScopeNetworkInterfaceName": "[replace(replace(parameters('resources').networkInterface, parameters('tokens').service, 'pls'), parameters('tokens').network, variables('operationsName'))]", - "privateLinkScopePrivateEndpointName": "[replace(replace(parameters('resources').privateEndpoint, parameters('tokens').service, 'pls'), parameters('tokens').network, variables('operationsName'))]", - "routeTableName": "[replace(replace(parameters('resources').routeTable, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, variables('operationsName'))]", - "subnetAddressPrefix": "[parameters('operationsSubnetAddressPrefix')]", - "subnetName": "[replace(replace(parameters('resources').subnet, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, variables('operationsName'))]", - "subnetPrivateEndpointNetworkPolicies": "Disabled", - "subnetPrivateLinkServiceNetworkPolicies": "Disabled", - "virtualNetworkAddressPrefix": "[parameters('operationsVirtualNetworkAddressPrefix')]", - "virtualNetworkDiagnosticsLogs": "[parameters('operationsVirtualNetworkDiagnosticsLogs')]", - "virtualNetworkDiagnosticsMetrics": "[parameters('operationsVirtualNetworkDiagnosticsMetrics')]", - "virtualNetworkName": "[replace(replace(parameters('resources').virtualNetwork, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, variables('operationsName'))]" - }, - { - "name": "[variables('sharedServicesName')]", - "subscriptionId": "[parameters('sharedServicesSubscriptionId')]", - "resourceGroupName": "[replace(replace(parameters('resources').resourceGroup, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, variables('sharedServicesName'))]", - "deployUniqueResources": "[if(contains(createArray(parameters('hubSubscriptionId'), parameters('operationsSubscriptionId')), parameters('sharedServicesSubscriptionId')), false(), true())]", - "logStorageAccountName": "[take(replace(replace(replace(parameters('resources').storageAccount, parameters('tokens').service, ''), parameters('tokens').network, variables('sharedServicesShortName')), 'unique_token', uniqueString(parameters('resourcePrefix'), parameters('environmentAbbreviation'), parameters('sharedServicesSubscriptionId'))), 24)]", - "logStorageAccountNetworkInterfaceNamePrefix": "[replace(replace(parameters('resources').networkInterface, parameters('tokens').service, format('{0}-st', parameters('tokens').service)), parameters('tokens').network, variables('sharedServicesName'))]", - "logStorageAccountPrivateEndpointNamePrefix": "[replace(replace(parameters('resources').privateEndpoint, parameters('tokens').service, format('{0}-st', parameters('tokens').service)), parameters('tokens').network, variables('sharedServicesName'))]", - "networkSecurityGroupDiagnosticsLogs": "[parameters('sharedServicesNetworkSecurityGroupDiagnosticsLogs')]", - "networkSecurityGroupDiagnosticsMetrics": "[parameters('sharedServicesNetworkSecurityGroupDiagnosticsMetrics')]", - "networkSecurityGroupName": "[replace(replace(parameters('resources').networkSecurityGroup, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, variables('sharedServicesName'))]", - "networkSecurityGroupRules": "[parameters('sharedServicesNetworkSecurityGroupRules')]", - "networkWatcherName": "[replace(replace(parameters('resources').networkWatcher, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, variables('sharedServicesName'))]", - "routeTableName": "[replace(replace(parameters('resources').routeTable, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, variables('sharedServicesName'))]", - "subnetAddressPrefix": "[parameters('sharedServicesSubnetAddressPrefix')]", - "subnetName": "[replace(replace(parameters('resources').subnet, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, variables('sharedServicesName'))]", - "subnetPrivateEndpointNetworkPolicies": "Disabled", - "subnetPrivateLinkServiceNetworkPolicies": "Disabled", - "virtualNetworkAddressPrefix": "[parameters('sharedServicesVirtualNetworkAddressPrefix')]", - "virtualNetworkDiagnosticsLogs": "[parameters('sharedServicesVirtualNetworkDiagnosticsLogs')]", - "virtualNetworkDiagnosticsMetrics": "[parameters('sharedServicesVirtualNetworkDiagnosticsMetrics')]", - "virtualNetworkName": "[replace(replace(parameters('resources').virtualNetwork, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, variables('sharedServicesName'))]" - } - ], - "spokesIdentity": "[if(parameters('deployIdentity'), createArray(createObject('name', variables('identityName'), 'subscriptionId', parameters('identitySubscriptionId'), 'resourceGroupName', replace(replace(parameters('resources').resourceGroup, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, variables('identityName')), 'deployUniqueResources', if(contains(createArray(parameters('hubSubscriptionId'), parameters('operationsSubscriptionId'), parameters('sharedServicesSubscriptionId')), parameters('identitySubscriptionId')), false(), true()), 'logStorageAccountName', take(replace(replace(replace(parameters('resources').storageAccount, parameters('tokens').service, ''), parameters('tokens').network, variables('identityShortName')), 'unique_token', uniqueString(parameters('resourcePrefix'), parameters('environmentAbbreviation'), parameters('identitySubscriptionId'))), 24), 'logStorageAccountNetworkInterfaceNamePrefix', replace(replace(parameters('resources').networkInterface, parameters('tokens').service, format('{0}-st', parameters('tokens').service)), parameters('tokens').network, variables('identityName')), 'logStorageAccountPrivateEndpointNamePrefix', replace(replace(parameters('resources').privateEndpoint, parameters('tokens').service, format('{0}-st', parameters('tokens').service)), parameters('tokens').network, variables('identityName')), 'networkSecurityGroupDiagnosticsLogs', parameters('identityNetworkSecurityGroupDiagnosticsLogs'), 'networkSecurityGroupDiagnosticsMetrics', parameters('identityNetworkSecurityGroupDiagnosticsMetrics'), 'networkSecurityGroupName', replace(replace(parameters('resources').networkSecurityGroup, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, variables('identityName')), 'networkSecurityGroupRules', parameters('identityNetworkSecurityGroupRules'), 'networkWatcherName', replace(replace(parameters('resources').networkWatcher, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, variables('identityName')), 'routeTableName', replace(replace(parameters('resources').routeTable, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, variables('identityName')), 'subnetAddressPrefix', parameters('identitySubnetAddressPrefix'), 'subnetName', replace(replace(parameters('resources').subnet, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, variables('identityName')), 'subnetPrivateEndpointNetworkPolicies', 'Disabled', 'subnetPrivateLinkServiceNetworkPolicies', 'Disabled', 'virtualNetworkAddressPrefix', parameters('identityVirtualNetworkAddressPrefix'), 'virtualNetworkDiagnosticsLogs', parameters('identityVirtualNetworkDiagnosticsLogs'), 'virtualNetworkDiagnosticsMetrics', parameters('identityVirtualNetworkDiagnosticsMetrics'), 'virtualNetworkName', replace(replace(parameters('resources').virtualNetwork, format('-{0}', parameters('tokens').service), ''), parameters('tokens').network, variables('identityName')))), createArray())]" - }, - "resources": [], - "outputs": { - "networks": { - "type": "array", - "value": "[union(createArray(variables('hub')), variables('spokes'))]" + "type": "object", + "value": "[variables('tokens')]" } } } - }, - "dependsOn": [ - "[subscriptionResourceId('Microsoft.Resources/deployments', format('get-naming-convention-{0}', parameters('deploymentNameSuffix')))]" - ] + } }, { "type": "Microsoft.Resources/deployments", @@ -1720,10 +1596,13 @@ "value": "[parameters('location')]" }, "mlzTags": { - "value": "[variables('mlzTags')]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.mlzTags.value]" }, - "networks": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.networks.value]" + "serviceToken": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value.service]" + }, + "tiers": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value]" }, "tags": { "value": "[parameters('tags')]" @@ -1736,7 +1615,7 @@ "_generator": { "name": "bicep", "version": "0.27.1.19265", - "templateHash": "11746229783964712736" + "templateHash": "7960487143105550148" } }, "parameters": { @@ -1749,7 +1628,10 @@ "mlzTags": { "type": "object" }, - "networks": { + "serviceToken": { + "type": "string" + }, + "tiers": { "type": "array" }, "tags": { @@ -1760,12 +1642,12 @@ { "copy": { "name": "resourceGroups", - "count": "[length(parameters('networks'))]" + "count": "[length(parameters('tiers'))]" }, "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('deploy-rg-{0}-{1}', parameters('networks')[copyIndex()].name, parameters('deploymentNameSuffix'))]", - "subscriptionId": "[parameters('networks')[copyIndex()].subscriptionId]", + "name": "[format('deploy-rg-{0}-{1}', parameters('tiers')[copyIndex()].name, parameters('deploymentNameSuffix'))]", + "subscriptionId": "[parameters('tiers')[copyIndex()].subscriptionId]", "location": "[deployment().location]", "properties": { "expressionEvaluationOptions": { @@ -1777,7 +1659,7 @@ "value": "[parameters('mlzTags')]" }, "name": { - "value": "[parameters('networks')[copyIndex()].resourceGroupName]" + "value": "[replace(parameters('tiers')[copyIndex()].namingConvention.resourceGroup, parameters('serviceToken'), 'network')]" }, "location": { "value": "[parameters('location')]" @@ -1841,7 +1723,16 @@ } } } - ] + ], + "outputs": { + "names": { + "type": "array", + "copy": { + "count": "[length(parameters('tiers'))]", + "input": "[reference(subscriptionResourceId(parameters('tiers')[copyIndex()].subscriptionId, 'Microsoft.Resources/deployments', format('deploy-rg-{0}-{1}', parameters('tiers')[copyIndex()].name, parameters('deploymentNameSuffix'))), '2022-09-01').outputs.name.value]" + } + } + } } }, "dependsOn": [ @@ -1888,33 +1779,28 @@ "intrusionDetectionMode": "[parameters('firewallIntrusionDetectionMode')]", "managementPublicIPAddressAvailabilityZones": "[parameters('firewallManagementPublicIPAddressAvailabilityZones')]", "managementSubnetAddressPrefix": "[parameters('firewallManagementSubnetAddressPrefix')]", - "publicIpAddressAllocationMethod": "Static", - "publicIpAddressSkuName": "Standard", "skuTier": "[parameters('firewallSkuTier')]", "supernetIPAddress": "[parameters('firewallSupernetIPAddress')]", "threatIntelMode": "[parameters('firewallThreatIntelMode')]" } }, - "hubNetworkSecurityGroupRules": { - "value": "[parameters('hubNetworkSecurityGroupRules')]" - }, - "hubSubnetAddressPrefix": { - "value": "[parameters('hubSubnetAddressPrefix')]" - }, - "hubVirtualNetworkAddressPrefix": { - "value": "[parameters('hubVirtualNetworkAddressPrefix')]" - }, "location": { "value": "[parameters('location')]" }, "mlzTags": { - "value": "[variables('mlzTags')]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.mlzTags.value]" }, - "networks": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.networks.value]" + "privateDnsZoneNames": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.privateDnsZones.value]" + }, + "resourceGroupNames": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-resource-groups-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.names.value]" }, "tags": { "value": "[parameters('tags')]" + }, + "tiers": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value]" } }, "template": { @@ -1924,7 +1810,7 @@ "_generator": { "name": "bicep", "version": "0.27.1.19265", - "templateHash": "14208639280327700913" + "templateHash": "893825226169234564" } }, "parameters": { @@ -1952,22 +1838,19 @@ "firewallSettings": { "type": "object" }, - "hubNetworkSecurityGroupRules": { - "type": "array" - }, - "hubSubnetAddressPrefix": { - "type": "string" - }, - "hubVirtualNetworkAddressPrefix": { - "type": "string" - }, "location": { "type": "string" }, "mlzTags": { "type": "object" }, - "networks": { + "privateDnsZoneNames": { + "type": "array" + }, + "resourceGroupNames": { + "type": "array" + }, + "tiers": { "type": "array" }, "tags": { @@ -1975,9 +1858,10 @@ } }, "variables": { - "hub": "[first(filter(parameters('networks'), lambda('network', equals(lambdaVariables('network').name, 'hub'))))]", - "identity": "[if(parameters('deployIdentity'), first(filter(parameters('networks'), lambda('network', equals(lambdaVariables('network').name, 'identity')))), createObject())]", - "spokes": "[filter(parameters('networks'), lambda('network', not(equals(lambdaVariables('network').name, 'hub'))))]" + "hub": "[filter(parameters('tiers'), lambda('tier', equals(lambdaVariables('tier').name, 'hub')))[0]]", + "hubResourceGroupName": "[filter(parameters('resourceGroupNames'), lambda('name', contains(lambdaVariables('name'), 'hub')))[0]]", + "spokes": "[filter(parameters('tiers'), lambda('tier', not(equals(lambdaVariables('tier').name, 'hub'))))]", + "spokeResourceGroupNames": "[filter(parameters('resourceGroupNames'), lambda('name', not(contains(lambdaVariables('name'), 'hub'))))]" }, "resources": [ { @@ -1985,7 +1869,7 @@ "apiVersion": "2022-09-01", "name": "[format('deploy-vnet-hub-{0}', parameters('deploymentNameSuffix'))]", "subscriptionId": "[variables('hub').subscriptionId]", - "resourceGroup": "[variables('hub').resourceGroupName]", + "resourceGroup": "[variables('hubResourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -2007,9 +1891,6 @@ "enableProxy": { "value": "[parameters('enableProxy')]" }, - "firewallClientIpConfigurationName": { - "value": "[variables('hub').firewallClientIpConfigurationName]" - }, "firewallClientPrivateIpAddress": { "value": "[parameters('firewallSettings').clientPrivateIpAddress]" }, @@ -2017,49 +1898,28 @@ "value": "[parameters('firewallSettings').clientPublicIPAddressAvailabilityZones]" }, "firewallClientPublicIPAddressName": { - "value": "[variables('hub').firewallClientPublicIPAddressName]" - }, - "firewallClientPublicIPAddressSkuName": { - "value": "Standard" - }, - "firewallClientPublicIpAllocationMethod": { - "value": "Static" + "value": "[variables('hub').namingConvention.azureFirewallClientPublicIPAddress]" }, "firewallClientSubnetAddressPrefix": { "value": "[parameters('firewallSettings').clientSubnetAddressPrefix]" }, - "firewallClientSubnetName": { - "value": "AzureFirewallSubnet" - }, "firewallIntrusionDetectionMode": { "value": "[parameters('firewallSettings').intrusionDetectionMode]" }, - "firewallManagementIpConfigurationName": { - "value": "[variables('hub').firewallManagementIpConfigurationName]" - }, "firewallManagementPublicIPAddressAvailabilityZones": { "value": "[parameters('firewallSettings').managementPublicIPAddressAvailabilityZones]" }, "firewallManagementPublicIPAddressName": { - "value": "[variables('hub').firewallManagementPublicIPAddressName]" - }, - "firewallManagementPublicIPAddressSkuName": { - "value": "[parameters('firewallSettings').publicIpAddressSkuName]" - }, - "firewallManagementPublicIpAllocationMethod": { - "value": "[parameters('firewallSettings').publicIpAddressAllocationMethod]" + "value": "[variables('hub').namingConvention.azureFirewallManagementPublicIPAddress]" }, "firewallManagementSubnetAddressPrefix": { "value": "[parameters('firewallSettings').managementSubnetAddressPrefix]" }, - "firewallManagementSubnetName": { - "value": "AzureFirewallManagementSubnet" - }, "firewallName": { - "value": "[variables('hub').firewallName]" + "value": "[variables('hub').namingConvention.azureFirewall]" }, "firewallPolicyName": { - "value": "[variables('hub').firewallPolicyName]" + "value": "[variables('hub').namingConvention.azureFirewallPolicy]" }, "firewallSkuTier": { "value": "[parameters('firewallSettings').skuTier]" @@ -2077,31 +1937,31 @@ "value": "[parameters('mlzTags')]" }, "networkSecurityGroupName": { - "value": "[variables('hub').networkSecurityGroupName]" + "value": "[variables('hub').namingConvention.networkSecurityGroup]" }, "networkSecurityGroupRules": { - "value": "[parameters('hubNetworkSecurityGroupRules')]" + "value": "[variables('hub').nsgRules]" }, "networkWatcherName": { - "value": "[variables('hub').networkWatcherName]" + "value": "[variables('hub').namingConvention.networkWatcher]" }, "routeTableName": { - "value": "[variables('hub').routeTableName]" + "value": "[variables('hub').namingConvention.routeTable]" }, "subnetAddressPrefix": { - "value": "[parameters('hubSubnetAddressPrefix')]" + "value": "[variables('hub').subnetAddressPrefix]" }, "subnetName": { - "value": "[variables('hub').subnetName]" + "value": "[variables('hub').namingConvention.subnet]" }, "tags": { "value": "[parameters('tags')]" }, "virtualNetworkAddressPrefix": { - "value": "[parameters('hubVirtualNetworkAddressPrefix')]" + "value": "[variables('hub').vnetAddressPrefix]" }, "virtualNetworkName": { - "value": "[variables('hub').virtualNetworkName]" + "value": "[variables('hub').namingConvention.virtualNetwork]" }, "vNetDnsServers": { "value": [ @@ -2116,7 +1976,7 @@ "_generator": { "name": "bicep", "version": "0.27.1.19265", - "templateHash": "9022853375598957389" + "templateHash": "16727244682030781582" } }, "parameters": { @@ -2135,9 +1995,6 @@ "enableProxy": { "type": "bool" }, - "firewallClientIpConfigurationName": { - "type": "string" - }, "firewallClientPrivateIpAddress": { "type": "string" }, @@ -2147,18 +2004,9 @@ "firewallClientPublicIPAddressName": { "type": "string" }, - "firewallClientPublicIPAddressSkuName": { - "type": "string" - }, - "firewallClientPublicIpAllocationMethod": { - "type": "string" - }, "firewallClientSubnetAddressPrefix": { "type": "string" }, - "firewallClientSubnetName": { - "type": "string" - }, "firewallIntrusionDetectionMode": { "type": "string", "allowedValues": [ @@ -2167,27 +2015,15 @@ "Off" ] }, - "firewallManagementIpConfigurationName": { - "type": "string" - }, "firewallManagementPublicIPAddressAvailabilityZones": { "type": "array" }, "firewallManagementPublicIPAddressName": { "type": "string" }, - "firewallManagementPublicIPAddressSkuName": { - "type": "string" - }, - "firewallManagementPublicIpAllocationMethod": { - "type": "string" - }, "firewallManagementSubnetAddressPrefix": { "type": "string" }, - "firewallManagementSubnetName": { - "type": "string" - }, "firewallName": { "type": "string" }, @@ -2226,18 +2062,6 @@ "routeTableName": { "type": "string" }, - "routeTableRouteAddressPrefix": { - "type": "string", - "defaultValue": "0.0.0.0/0" - }, - "routeTableRouteName": { - "type": "string", - "defaultValue": "default_route" - }, - "routeTableRouteNextHopType": { - "type": "string", - "defaultValue": "VirtualAppliance" - }, "subnetAddressPrefix": { "type": "string" }, @@ -2257,9 +2081,6 @@ "type": "array" } }, - "variables": { - "subnetsBastion": "[if(parameters('deployBastion'), createArray(createObject('name', 'AzureBastionSubnet', 'properties', createObject('addressPrefix', parameters('bastionHostSubnetAddressPrefix')))), createArray())]" - }, "resources": [ { "type": "Microsoft.Resources/deployments", @@ -2361,18 +2182,9 @@ "name": { "value": "[parameters('routeTableName')]" }, - "routeAddressPrefix": { - "value": "[parameters('routeTableRouteAddressPrefix')]" - }, - "routeName": { - "value": "[parameters('routeTableRouteName')]" - }, "routeNextHopIpAddress": { "value": "[parameters('firewallClientPrivateIpAddress')]" }, - "routeNextHopType": { - "value": "[parameters('routeTableRouteNextHopType')]" - }, "tags": { "value": "[parameters('tags')]" } @@ -2384,7 +2196,7 @@ "_generator": { "name": "bicep", "version": "0.27.1.19265", - "templateHash": "6291545918575918146" + "templateHash": "18262399193161292353" } }, "parameters": { @@ -2401,16 +2213,19 @@ "type": "string" }, "routeAddressPrefix": { - "type": "string" + "type": "string", + "defaultValue": "0.0.0.0/0" }, "routeName": { - "type": "string" + "type": "string", + "defaultValue": "default_route" }, "routeNextHopIpAddress": { "type": "string" }, "routeNextHopType": { - "type": "string" + "type": "string", + "defaultValue": "VirtualAppliance" }, "tags": { "type": "object" @@ -2535,7 +2350,7 @@ "value": "[parameters('virtualNetworkName')]" }, "subnets": { - "value": "[union(createArray(createObject('name', 'AzureFirewallSubnet', 'properties', createObject('addressPrefix', parameters('firewallClientSubnetAddressPrefix'))), createObject('name', 'AzureFirewallManagementSubnet', 'properties', createObject('addressPrefix', parameters('firewallManagementSubnetAddressPrefix'))), createObject('name', parameters('subnetName'), 'properties', createObject('addressPrefix', parameters('subnetAddressPrefix'), 'networkSecurityGroup', createObject('id', reference(resourceId('Microsoft.Resources/deployments', 'networkSecurityGroup'), '2022-09-01').outputs.id.value), 'privateEndpointNetworkPolicies', 'Disabled', 'privateLinkServiceNetworkPolicies', 'Disabled', 'routeTable', createObject('id', reference(resourceId('Microsoft.Resources/deployments', 'routeTable'), '2022-09-01').outputs.id.value)))), variables('subnetsBastion'))]" + "value": "[union(createArray(createObject('name', 'AzureFirewallSubnet', 'properties', createObject('addressPrefix', parameters('firewallClientSubnetAddressPrefix'))), createObject('name', 'AzureFirewallManagementSubnet', 'properties', createObject('addressPrefix', parameters('firewallManagementSubnetAddressPrefix'))), createObject('name', parameters('subnetName'), 'properties', createObject('addressPrefix', parameters('subnetAddressPrefix'), 'networkSecurityGroup', createObject('id', reference(resourceId('Microsoft.Resources/deployments', 'networkSecurityGroup'), '2022-09-01').outputs.id.value), 'privateEndpointNetworkPolicies', 'Disabled', 'privateLinkServiceNetworkPolicies', 'Disabled', 'routeTable', createObject('id', reference(resourceId('Microsoft.Resources/deployments', 'routeTable'), '2022-09-01').outputs.id.value)))), if(parameters('deployBastion'), createArray(createObject('name', 'AzureBastionSubnet', 'properties', createObject('addressPrefix', parameters('bastionHostSubnetAddressPrefix')))), createArray()))]" }, "tags": { "value": "[parameters('tags')]" @@ -2650,10 +2465,10 @@ "value": "[parameters('firewallClientPublicIPAddressName')]" }, "publicIpAllocationMethod": { - "value": "[parameters('firewallClientPublicIpAllocationMethod')]" + "value": "Static" }, "skuName": { - "value": "[parameters('firewallClientPublicIPAddressSkuName')]" + "value": "Standard" }, "tags": { "value": "[parameters('tags')]" @@ -2740,10 +2555,10 @@ "value": "[parameters('firewallManagementPublicIPAddressName')]" }, "publicIpAllocationMethod": { - "value": "[parameters('firewallManagementPublicIpAllocationMethod')]" + "value": "Static" }, "skuName": { - "value": "[parameters('firewallManagementPublicIPAddressSkuName')]" + "value": "Standard" }, "tags": { "value": "[parameters('tags')]" @@ -2817,14 +2632,11 @@ }, "mode": "Incremental", "parameters": { - "clientIpConfigurationName": { - "value": "[parameters('firewallClientIpConfigurationName')]" - }, "clientIpConfigurationPublicIPAddressResourceId": { "value": "[reference(resourceId('Microsoft.Resources/deployments', 'firewallClientPublicIPAddress'), '2022-09-01').outputs.id.value]" }, "clientIpConfigurationSubnetResourceId": { - "value": "[format('{0}/subnets/{1}', reference(resourceId('Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.id.value, parameters('firewallClientSubnetName'))]" + "value": "[format('{0}/subnets/AzureFirewallSubnet', reference(resourceId('Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.id.value)]" }, "dnsServers": { "value": "[parameters('dnsServers')]" @@ -2844,14 +2656,11 @@ "location": { "value": "[parameters('location')]" }, - "managementIpConfigurationName": { - "value": "[parameters('firewallManagementIpConfigurationName')]" - }, "managementIpConfigurationPublicIPAddressResourceId": { "value": "[reference(resourceId('Microsoft.Resources/deployments', 'firewallManagementPublicIPAddress'), '2022-09-01').outputs.id.value]" }, "managementIpConfigurationSubnetResourceId": { - "value": "[format('{0}/subnets/{1}', reference(resourceId('Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.id.value, parameters('firewallManagementSubnetName'))]" + "value": "[format('{0}/subnets/AzureFirewallManagementSubnet', reference(resourceId('Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.id.value)]" }, "mlzTags": { "value": "[parameters('mlzTags')]" @@ -2876,13 +2685,10 @@ "_generator": { "name": "bicep", "version": "0.27.1.19265", - "templateHash": "2726667677428202923" + "templateHash": "17134325627551427989" } }, "parameters": { - "clientIpConfigurationName": { - "type": "string" - }, "clientIpConfigurationSubnetResourceId": { "type": "string" }, @@ -2912,9 +2718,6 @@ "location": { "type": "string" }, - "managementIpConfigurationName": { - "type": "string" - }, "managementIpConfigurationSubnetResourceId": { "type": "string" }, @@ -3100,7 +2903,7 @@ "properties": { "ipConfigurations": [ { - "name": "[parameters('clientIpConfigurationName')]", + "name": "ipconfig-client", "properties": { "subnet": { "id": "[parameters('clientIpConfigurationSubnetResourceId')]" @@ -3112,7 +2915,7 @@ } ], "managementIpConfiguration": { - "name": "[parameters('managementIpConfigurationName')]", + "name": "ipconfig-management", "properties": { "subnet": { "id": "[parameters('managementIpConfigurationSubnetResourceId')]" @@ -3216,8 +3019,7 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('deploy-vnet-{0}-{1}', variables('spokes')[copyIndex()].name, parameters('deploymentNameSuffix'))]", - "subscriptionId": "[variables('spokes')[copyIndex()].subscriptionId]", - "resourceGroup": "[variables('spokes')[copyIndex()].resourceGroupName]", + "location": "[deployment().location]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -3237,16 +3039,19 @@ "value": "[parameters('mlzTags')]" }, "networkSecurityGroupName": { - "value": "[variables('spokes')[copyIndex()].networkSecurityGroupName]" + "value": "[variables('spokes')[copyIndex()].namingConvention.networkSecurityGroup]" }, "networkSecurityGroupRules": { - "value": "[variables('spokes')[copyIndex()].networkSecurityGroupRules]" + "value": "[variables('spokes')[copyIndex()].nsgRules]" }, "networkWatcherName": { - "value": "[variables('spokes')[copyIndex()].networkWatcherName]" + "value": "[variables('spokes')[copyIndex()].namingConvention.networkWatcher]" + }, + "resourceGroupName": { + "value": "[variables('spokeResourceGroupNames')[copyIndex()]]" }, "routeTableName": { - "value": "[variables('spokes')[copyIndex()].routeTableName]" + "value": "[variables('spokes')[copyIndex()].namingConvention.routeTable]" }, "routeTableRouteNextHopIpAddress": { "value": "[parameters('firewallSettings').clientPrivateIpAddress]" @@ -3255,40 +3060,41 @@ "value": "[variables('spokes')[copyIndex()].subnetAddressPrefix]" }, "subnetName": { - "value": "[variables('spokes')[copyIndex()].subnetName]" - }, - "subnetPrivateEndpointNetworkPolicies": { - "value": "[variables('spokes')[copyIndex()].subnetPrivateEndpointNetworkPolicies]" + "value": "[variables('spokes')[copyIndex()].namingConvention.subnet]" }, - "subnetPrivateLinkServiceNetworkPolicies": { - "value": "[variables('spokes')[copyIndex()].subnetPrivateLinkServiceNetworkPolicies]" + "subscriptionId": { + "value": "[variables('spokes')[copyIndex()].subscriptionId]" }, "tags": { "value": "[parameters('tags')]" }, "virtualNetworkAddressPrefix": { - "value": "[variables('spokes')[copyIndex()].virtualNetworkAddressPrefix]" + "value": "[variables('spokes')[copyIndex()].vnetAddressPrefix]" }, "virtualNetworkName": { - "value": "[variables('spokes')[copyIndex()].virtualNetworkName]" + "value": "[variables('spokes')[copyIndex()].namingConvention.virtualNetwork]" }, "vNetDnsServers": { "value": [ - "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hub').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.firewallPrivateIPAddress.value]" + "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.firewallPrivateIPAddress.value]" ] } }, "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.27.1.19265", - "templateHash": "16908845839525692286" + "templateHash": "4742978871908330688" } }, "parameters": { + "additionalSubnets": { + "type": "array", + "defaultValue": [] + }, "deployNetworkWatcher": { "type": "bool" }, @@ -3310,34 +3116,22 @@ "networkWatcherName": { "type": "string" }, - "routeTableName": { + "resourceGroupName": { "type": "string" }, - "routeTableRouteName": { - "type": "string", - "defaultValue": "default_route" - }, - "routeTableRouteAddressPrefix": { - "type": "string", - "defaultValue": "0.0.0.0/0" + "routeTableName": { + "type": "string" }, "routeTableRouteNextHopIpAddress": { "type": "string" }, - "routeTableRouteNextHopType": { - "type": "string", - "defaultValue": "VirtualAppliance" - }, "subnetAddressPrefix": { "type": "string" }, "subnetName": { "type": "string" }, - "subnetPrivateEndpointNetworkPolicies": { - "type": "string" - }, - "subnetPrivateLinkServiceNetworkPolicies": { + "subscriptionId": { "type": "string" }, "tags": { @@ -3353,11 +3147,28 @@ "type": "array" } }, + "variables": { + "delegations": { + "AzureNetAppFiles": [ + { + "name": "Microsoft.Netapp.volumes", + "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets/delegations', parameters('virtualNetworkName'), 'AzureNetAppFiles', 'Microsoft.Netapp.volumes')]", + "properties": { + "serviceName": "Microsoft.Netapp/volumes" + }, + "type": "Microsoft.Network/virtualNetworks/subnets/delegations" + } + ] + }, + "subnets": "[union(createArray(createObject('name', parameters('subnetName'), 'properties', createObject('addressPrefix', parameters('subnetAddressPrefix')))), parameters('additionalSubnets'))]" + }, "resources": [ { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "networkSecurityGroup", + "subscriptionId": "[parameters('subscriptionId')]", + "resourceGroup": "[parameters('resourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -3436,6 +3247,8 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "routeTable", + "subscriptionId": "[parameters('subscriptionId')]", + "resourceGroup": "[parameters('resourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -3454,18 +3267,9 @@ "name": { "value": "[parameters('routeTableName')]" }, - "routeAddressPrefix": { - "value": "[parameters('routeTableRouteAddressPrefix')]" - }, - "routeName": { - "value": "[parameters('routeTableRouteName')]" - }, "routeNextHopIpAddress": { "value": "[parameters('routeTableRouteNextHopIpAddress')]" }, - "routeNextHopType": { - "value": "[parameters('routeTableRouteNextHopType')]" - }, "tags": { "value": "[parameters('tags')]" } @@ -3477,7 +3281,7 @@ "_generator": { "name": "bicep", "version": "0.27.1.19265", - "templateHash": "6291545918575918146" + "templateHash": "18262399193161292353" } }, "parameters": { @@ -3494,16 +3298,19 @@ "type": "string" }, "routeAddressPrefix": { - "type": "string" + "type": "string", + "defaultValue": "0.0.0.0/0" }, "routeName": { - "type": "string" + "type": "string", + "defaultValue": "default_route" }, "routeNextHopIpAddress": { "type": "string" }, "routeNextHopType": { - "type": "string" + "type": "string", + "defaultValue": "VirtualAppliance" }, "tags": { "type": "object" @@ -3549,6 +3356,8 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "networkWatcher", + "subscriptionId": "[parameters('subscriptionId')]", + "resourceGroup": "[parameters('resourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -3609,6 +3418,8 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "virtualNetwork", + "subscriptionId": "[parameters('subscriptionId')]", + "resourceGroup": "[parameters('resourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -3628,20 +3439,11 @@ "value": "[parameters('virtualNetworkName')]" }, "subnets": { - "value": [ + "copy": [ { - "name": "[parameters('subnetName')]", - "properties": { - "addressPrefix": "[parameters('subnetAddressPrefix')]", - "networkSecurityGroup": { - "id": "[reference(resourceId('Microsoft.Resources/deployments', 'networkSecurityGroup'), '2022-09-01').outputs.id.value]" - }, - "routeTable": { - "id": "[reference(resourceId('Microsoft.Resources/deployments', 'routeTable'), '2022-09-01').outputs.id.value]" - }, - "privateEndpointNetworkPolicies": "[parameters('subnetPrivateEndpointNetworkPolicies')]", - "privateLinkServiceNetworkPolicies": "[parameters('subnetPrivateLinkServiceNetworkPolicies')]" - } + "name": "value", + "count": "[length(variables('subnets'))]", + "input": "[createObject('name', variables('subnets')[copyIndex('value')].name, 'properties', createObject('addressPrefix', variables('subnets')[copyIndex('value')].properties.addressPrefix, 'delegations', coalesce(tryGet(variables('delegations'), variables('subnets')[copyIndex('value')].name), createArray()), 'networkSecurityGroup', createObject('id', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'networkSecurityGroup'), '2022-09-01').outputs.id.value), 'routeTable', createObject('id', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'routeTable'), '2022-09-01').outputs.id.value), 'privateEndpointNetworkPolicies', 'Disabled', 'privateLinkServiceNetworkPolicies', 'Disabled'))]" } ] }, @@ -3730,58 +3532,61 @@ } }, "dependsOn": [ - "[resourceId('Microsoft.Resources/deployments', 'networkSecurityGroup')]", - "[resourceId('Microsoft.Resources/deployments', 'networkWatcher')]", - "[resourceId('Microsoft.Resources/deployments', 'routeTable')]" + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'networkSecurityGroup')]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'networkWatcher')]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'routeTable')]" ] } ], "outputs": { "virtualNetworkName": { "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.name.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.name.value]" }, "virtualNetworkResourceId": { "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.id.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.id.value]" }, "virtualNetworkAddressPrefix": { "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.addressPrefix.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.addressPrefix.value]" }, "subnetName": { "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.subnets.value[0].name]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.subnets.value[0].name]" }, "subnetAddressPrefix": { "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.subnets.value[0].properties.addressPrefix]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.subnets.value[0].properties.addressPrefix]" }, "subnetResourceId": { "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.subnets.value[0].id]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'virtualNetwork'), '2022-09-01').outputs.subnets.value[0].id]" }, "networkSecurityGroupName": { "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'networkSecurityGroup'), '2022-09-01').outputs.name.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'networkSecurityGroup'), '2022-09-01').outputs.name.value]" }, "networkSecurityGroupResourceId": { "type": "string", - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'networkSecurityGroup'), '2022-09-01').outputs.id.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'networkSecurityGroup'), '2022-09-01').outputs.id.value]" } } } }, "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hub').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('deploymentNameSuffix')))]" + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('deploymentNameSuffix')))]" ] }, { + "copy": { + "name": "hubVirtualNetworkPeerings", + "count": "[length(variables('spokes'))]" + }, "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('deploy-vnet-peerings-hub-{0}', parameters('deploymentNameSuffix'))]", - "subscriptionId": "[variables('hub').subscriptionId]", - "resourceGroup": "[variables('hub').resourceGroupName]", + "name": "[format('deploy-vnet-peerings-hub-{0}-{1}', copyIndex(), parameters('deploymentNameSuffix'))]", + "location": "[deployment().location]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -3789,56 +3594,69 @@ "mode": "Incremental", "parameters": { "hubVirtualNetworkName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hub').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.virtualNetworkName.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.virtualNetworkName.value]" }, - "spokes": { - "copy": [ - { - "name": "value", - "count": "[length(variables('spokes'))]", - "input": "[createObject('type', variables('spokes')[copyIndex('value')].name, 'virtualNetworkName', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('spokes')[copyIndex('value')].subscriptionId, variables('spokes')[copyIndex('value')].resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-vnet-{0}-{1}', variables('spokes')[copyIndex('value')].name, parameters('deploymentNameSuffix'))), '2022-09-01').outputs.virtualNetworkName.value, 'virtualNetworkResourceId', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('spokes')[copyIndex('value')].subscriptionId, variables('spokes')[copyIndex('value')].resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-vnet-{0}-{1}', variables('spokes')[copyIndex('value')].name, parameters('deploymentNameSuffix'))), '2022-09-01').outputs.virtualNetworkResourceId.value)]" - } - ] + "resourceGroupName": { + "value": "[variables('hubResourceGroupName')]" + }, + "spokeName": { + "value": "[variables('spokes')[copyIndex()].name]" + }, + "spokeVirtualNetworkResourceId": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-vnet-{0}-{1}', variables('spokes')[copyIndex()].name, parameters('deploymentNameSuffix'))), '2022-09-01').outputs.virtualNetworkResourceId.value]" + }, + "subscriptionId": { + "value": "[variables('hub').subscriptionId]" } }, "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.27.1.19265", - "templateHash": "8359168485351251723" + "templateHash": "16991872399359859910" } }, "parameters": { "hubVirtualNetworkName": { "type": "string" }, - "spokes": { - "type": "array" + "resourceGroupName": { + "type": "string" + }, + "spokeName": { + "type": "string" + }, + "spokeVirtualNetworkResourceId": { + "type": "string" + }, + "subscriptionId": { + "type": "string" } }, "resources": [ { - "copy": { - "name": "hubToSpokePeering", - "count": "[length(parameters('spokes'))]" - }, "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('hub-to-{0}-vnet-peering', parameters('spokes')[copyIndex()].type)]", + "name": "[format('hub-to-{0}-vnet-peering', parameters('spokeName'))]", + "subscriptionId": "[parameters('subscriptionId')]", + "resourceGroup": "[parameters('resourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" }, "mode": "Incremental", "parameters": { - "name": { - "value": "[format('{0}/to-{1}', parameters('hubVirtualNetworkName'), parameters('spokes')[copyIndex()].virtualNetworkName)]" - }, "remoteVirtualNetworkResourceId": { - "value": "[parameters('spokes')[copyIndex()].virtualNetworkResourceId]" + "value": "[parameters('spokeVirtualNetworkResourceId')]" + }, + "virtualNetworkName": { + "value": "[parameters('hubVirtualNetworkName')]" + }, + "virtualNetworkPeerName": { + "value": "[format('to-{0}', split(parameters('spokeVirtualNetworkResourceId'), '/')[8])]" } }, "template": { @@ -3848,14 +3666,17 @@ "_generator": { "name": "bicep", "version": "0.27.1.19265", - "templateHash": "4217213734063758013" + "templateHash": "4225396596043462595" } }, "parameters": { - "name": { + "remoteVirtualNetworkResourceId": { "type": "string" }, - "remoteVirtualNetworkResourceId": { + "virtualNetworkName": { + "type": "string" + }, + "virtualNetworkPeerName": { "type": "string" } }, @@ -3863,7 +3684,7 @@ { "type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings", "apiVersion": "2021-02-01", - "name": "[parameters('name')]", + "name": "[format('{0}/{1}', parameters('virtualNetworkName'), parameters('virtualNetworkPeerName'))]", "properties": { "allowForwardedTraffic": true, "remoteVirtualNetwork": { @@ -3879,8 +3700,8 @@ } }, "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hub').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('deploymentNameSuffix')))]", - "spokeNetworks" + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-vnet-{0}-{1}', variables('spokes')[copyIndex()].name, parameters('deploymentNameSuffix')))]" ] }, { @@ -3891,7 +3712,6 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('deploy-vnet-peerings-{0}-{1}', variables('spokes')[copyIndex()].name, parameters('deploymentNameSuffix'))]", - "subscriptionId": "[variables('spokes')[copyIndex()].subscriptionId]", "location": "[deployment().location]", "properties": { "expressionEvaluationOptions": { @@ -3899,20 +3719,20 @@ }, "mode": "Incremental", "parameters": { + "hubVirtualNetworkResourceId": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.virtualNetworkResourceId.value]" + }, + "resourceGroupName": { + "value": "[variables('spokeResourceGroupNames')[copyIndex()]]" + }, "spokeName": { "value": "[variables('spokes')[copyIndex()].name]" }, - "spokeResourceGroupName": { - "value": "[variables('spokes')[copyIndex()].resourceGroupName]" - }, "spokeVirtualNetworkName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('spokes')[copyIndex()].subscriptionId, variables('spokes')[copyIndex()].resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-vnet-{0}-{1}', variables('spokes')[copyIndex()].name, parameters('deploymentNameSuffix'))), '2022-09-01').outputs.virtualNetworkName.value]" - }, - "hubVirtualNetworkName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hub').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.virtualNetworkName.value]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-vnet-{0}-{1}', variables('spokes')[copyIndex()].name, parameters('deploymentNameSuffix'))), '2022-09-01').outputs.virtualNetworkName.value]" }, - "hubVirtualNetworkResourceId": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hub').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.virtualNetworkResourceId.value]" + "subscriptionId": { + "value": "[variables('spokes')[copyIndex()].subscriptionId]" } }, "template": { @@ -3922,23 +3742,23 @@ "_generator": { "name": "bicep", "version": "0.27.1.19265", - "templateHash": "2072756264947187478" + "templateHash": "1081420821337659529" } }, "parameters": { - "spokeName": { + "hubVirtualNetworkResourceId": { "type": "string" }, - "spokeResourceGroupName": { + "resourceGroupName": { "type": "string" }, - "spokeVirtualNetworkName": { + "spokeName": { "type": "string" }, - "hubVirtualNetworkName": { + "spokeVirtualNetworkName": { "type": "string" }, - "hubVirtualNetworkResourceId": { + "subscriptionId": { "type": "string" } }, @@ -3947,18 +3767,22 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('{0}-to-hub-vnet-peering', parameters('spokeName'))]", - "resourceGroup": "[parameters('spokeResourceGroupName')]", + "subscriptionId": "[parameters('subscriptionId')]", + "resourceGroup": "[parameters('resourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" }, "mode": "Incremental", "parameters": { - "name": { - "value": "[format('{0}/to-{1}', parameters('spokeVirtualNetworkName'), parameters('hubVirtualNetworkName'))]" - }, "remoteVirtualNetworkResourceId": { "value": "[parameters('hubVirtualNetworkResourceId')]" + }, + "virtualNetworkName": { + "value": "[parameters('spokeVirtualNetworkName')]" + }, + "virtualNetworkPeerName": { + "value": "[format('to-{0}', split(parameters('hubVirtualNetworkResourceId'), '/')[8])]" } }, "template": { @@ -3968,14 +3792,17 @@ "_generator": { "name": "bicep", "version": "0.27.1.19265", - "templateHash": "4217213734063758013" + "templateHash": "4225396596043462595" } }, "parameters": { - "name": { + "remoteVirtualNetworkResourceId": { "type": "string" }, - "remoteVirtualNetworkResourceId": { + "virtualNetworkName": { + "type": "string" + }, + "virtualNetworkPeerName": { "type": "string" } }, @@ -3983,7 +3810,7 @@ { "type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings", "apiVersion": "2021-02-01", - "name": "[parameters('name')]", + "name": "[format('{0}/{1}', parameters('virtualNetworkName'), parameters('virtualNetworkPeerName'))]", "properties": { "allowForwardedTraffic": true, "remoteVirtualNetwork": { @@ -3999,8 +3826,8 @@ } }, "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hub').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('deploymentNameSuffix')))]", - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('spokes')[copyIndex()].subscriptionId, variables('spokes')[copyIndex()].resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-vnet-{0}-{1}', variables('spokes')[copyIndex()].name, parameters('deploymentNameSuffix')))]" + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-vnet-{0}-{1}', variables('spokes')[copyIndex()].name, parameters('deploymentNameSuffix')))]" ] }, { @@ -4008,7 +3835,7 @@ "apiVersion": "2022-09-01", "name": "[format('deploy-private-dns-zones-{0}', parameters('deploymentNameSuffix'))]", "subscriptionId": "[variables('hub').subscriptionId]", - "resourceGroup": "[variables('hub').resourceGroupName]", + "resourceGroup": "[variables('hubResourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -4021,21 +3848,16 @@ "deploymentNameSuffix": { "value": "[parameters('deploymentNameSuffix')]" }, - "hubVirtualNetworkName": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hub').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.virtualNetworkName.value]" - }, - "hubVirtualNetworkResourceGroupName": { - "value": "[variables('hub').resourceGroupName]" - }, - "hubVirtualNetworkSubscriptionId": { - "value": "[variables('hub').subscriptionId]" + "hubVirtualNetworkResourceId": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.virtualNetworkResourceId.value]" }, - "identityVirtualNetworkName": "[if(parameters('deployIdentity'), createObject('value', variables('identity').virtualNetworkName), createObject('value', ''))]", - "identityVirtualNetworkResourceGroupName": "[if(parameters('deployIdentity'), createObject('value', variables('identity').resourceGroupName), createObject('value', ''))]", - "identityVirtualNetworkSubscriptionId": "[if(parameters('deployIdentity'), createObject('value', variables('identity').subscriptionId), createObject('value', ''))]", + "identityVirtualNetworkResourceId": "[if(parameters('deployIdentity'), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-vnet-{0}-{1}', variables('spokes')[2].name, parameters('deploymentNameSuffix'))), '2022-09-01').outputs.virtualNetworkResourceId.value), createObject('value', ''))]", "mlzTags": { "value": "[parameters('mlzTags')]" }, + "privateDnsZoneNames": { + "value": "[parameters('privateDnsZoneNames')]" + }, "tags": { "value": "[parameters('tags')]" } @@ -4047,7 +3869,7 @@ "_generator": { "name": "bicep", "version": "0.27.1.19265", - "templateHash": "11743442230338523701" + "templateHash": "14936438908863774818" } }, "parameters": { @@ -4057,492 +3879,65 @@ "deploymentNameSuffix": { "type": "string" }, - "hubVirtualNetworkName": { - "type": "string" - }, - "hubVirtualNetworkResourceGroupName": { - "type": "string" - }, - "hubVirtualNetworkSubscriptionId": { - "type": "string" - }, - "identityVirtualNetworkName": { - "type": "string" - }, - "identityVirtualNetworkResourceGroupName": { + "hubVirtualNetworkResourceId": { "type": "string" }, - "identityVirtualNetworkSubscriptionId": { + "identityVirtualNetworkResourceId": { "type": "string" }, "mlzTags": { "type": "object" }, + "privateDnsZoneNames": { + "type": "array" + }, "tags": { "type": "object" } }, "variables": { - "copy": [ - { - "name": "privateDnsZoneNames_Backup", - "count": "[length(items(variables('locations')))]", - "input": "[format('privatelink.{0}.backup.windowsazure.{1}', items(variables('locations'))[copyIndex('privateDnsZoneNames_Backup')].value.recoveryServicesGeo, coalesce(variables('privateDnsZoneSuffixes_Backup')[environment().name], variables('cloudSuffix')))]" - } - ], - "$fxv#0": { - "AzureChina": { - "chinaeast": { - "abbreviation": "cne", - "recoveryServicesGeo": "sha", - "timeDifference": "+8:00", - "timeZone": "China Standard Time" - }, - "chinaeast2": { - "abbreviation": "cne2", - "recoveryServicesGeo": "sha2", - "timeDifference": "+8:00", - "timeZone": "China Standard Time" - }, - "chinanorth": { - "abbreviation": "cnn", - "recoveryServicesGeo": "bjb", - "timeDifference": "+8:00", - "timeZone": "China Standard Time" - }, - "chinanorth2": { - "abbreviation": "cnn2", - "recoveryServicesGeo": "bjb2", - "timeDifference": "+8:00", - "timeZone": "China Standard Time" - } + "virtualNetworks": "[union(createArray(createObject('name', split(parameters('hubVirtualNetworkResourceId'), '/')[8], 'resourceGroupName', split(parameters('hubVirtualNetworkResourceId'), '/')[4], 'subscriptionId', split(parameters('hubVirtualNetworkResourceId'), '/')[2])), if(parameters('deployIdentity'), createArray(createObject('name', split(parameters('identityVirtualNetworkResourceId'), '/')[8], 'resourceGroupName', split(parameters('identityVirtualNetworkResourceId'), '/')[4], 'subscriptionId', split(parameters('identityVirtualNetworkResourceId'), '/')[2])), createArray()))]" + }, + "resources": [ + { + "copy": { + "name": "privateDnsZones", + "count": "[length(parameters('privateDnsZoneNames'))]" }, - "AzureCloud": { - "australiacentral": { - "abbreviation": "auc", - "recoveryServicesGeo": "acl", - "timeDifference": "+10:00", - "timeZone": "AUS Eastern Standard Time" - }, - "australiacentral2": { - "abbreviation": "auc2", - "recoveryServicesGeo": "acl2", - "timeDifference": "+10:00", - "timeZone": "AUS Eastern Standard Time" - }, - "australiaeast": { - "abbreviation": "aue", - "recoveryServicesGeo": "ae", - "timeDifference": "+10:00", - "timeZone": "AUS Eastern Standard Time" - }, - "australiasoutheast": { - "abbreviation": "ause", - "recoveryServicesGeo": "ase", - "timeDifference": "+10:00", - "timeZone": "AUS Eastern Standard Time" - }, - "brazilsouth": { - "abbreviation": "brs", - "recoveryServicesGeo": "brs", - "timeDifference": "-3:00", - "timeZone": "E. South America Standard Time" - }, - "brazilsoutheast": { - "abbreviation": "brse", - "recoveryServicesGeo": "bse", - "timeDifference": "-3:00", - "timeZone": "E. South America Standard Time" - }, - "canadacentral": { - "abbreviation": "cac", - "recoveryServicesGeo": "cnc", - "timeDifference": "-5:00", - "timeZone": "Eastern Standard Time" - }, - "canadaeast": { - "abbreviation": "cae", - "recoveryServicesGeo": "cne", - "timeDifference": "-5:00", - "timeZone": "Eastern Standard Time" - }, - "centralindia": { - "abbreviation": "inc", - "recoveryServicesGeo": "inc", - "timeDifference": "+5:30", - "timeZone": "India Standard Time" - }, - "centralus": { - "abbreviation": "usc", - "recoveryServicesGeo": "cus", - "timeDifference": "-6:00", - "timeZone": "Central Standard Time" - }, - "eastasia": { - "abbreviation": "ase", - "recoveryServicesGeo": "ea", - "timeDifference": "+8:00", - "timeZone": "China Standard Time" - }, - "eastus": { - "abbreviation": "use", - "recoveryServicesGeo": "eus", - "timeDifference": "-5:00", - "timeZone": "Eastern Standard Time" - }, - "eastus2": { - "abbreviation": "use2", - "recoveryServicesGeo": "eus2", - "timeDifference": "-5:00", - "timeZone": "Eastern Standard Time" - }, - "francecentral": { - "abbreviation": "frc", - "recoveryServicesGeo": "frc", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "francesouth": { - "abbreviation": "frs", - "recoveryServicesGeo": "frs", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "germanynorth": { - "abbreviation": "den", - "recoveryServicesGeo": "gn", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "germanywestcentral": { - "abbreviation": "dewc", - "recoveryServicesGeo": "gwc", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "israelcentral": { - "abbreviation": "ilc", - "recoveryServicesGeo": "ilc", - "timeDifference": "+2:00", - "timeZone": "Israel Standard Time" - }, - "italynorth": { - "abbreviation": "itn", - "recoveryServicesGeo": "itn", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "japaneast": { - "abbreviation": "jpe", - "recoveryServicesGeo": "jpe", - "timeDifference": "+9:00", - "timeZone": "Tokyo Standard Time" - }, - "japanwest": { - "abbreviation": "jpw", - "recoveryServicesGeo": "jpw", - "timeDifference": "+9:00", - "timeZone": "Tokyo Standard Time" - }, - "jioindiacentral": { - "abbreviation": "injc", - "recoveryServicesGeo": "jic", - "timeDifference": "+5:30", - "timeZone": "India Standard Time" - }, - "jioindiawest": { - "abbreviation": "injw", - "recoveryServicesGeo": "jiw", - "timeDifference": "+5:30", - "timeZone": "India Standard Time" - }, - "koreacentral": { - "abbreviation": "krc", - "recoveryServicesGeo": "krc", - "timeDifference": "+9:00", - "timeZone": "Korea Standard Time" - }, - "koreasouth": { - "abbreviation": "krs", - "recoveryServicesGeo": "krs", - "timeDifference": "+9:00", - "timeZone": "Korea Standard Time" - }, - "northcentralus": { - "abbreviation": "usnc", - "recoveryServicesGeo": "ncus", - "timeDifference": "-6:00", - "timeZone": "Central Standard Time" + "type": "Microsoft.Network/privateDnsZones", + "apiVersion": "2018-09-01", + "name": "[parameters('privateDnsZoneNames')[copyIndex()]]", + "location": "global", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Network/privateDnsZones'), parameters('tags')['Microsoft.Network/privateDnsZones'], createObject()), parameters('mlzTags'))]" + }, + { + "copy": { + "name": "virtualNetworkLinks", + "count": "[length(variables('virtualNetworks'))]", + "mode": "serial", + "batchSize": 1 + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('deploy-virtual-network-links-{0}-{1}', copyIndex(), parameters('deploymentNameSuffix'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" }, - "northeurope": { - "abbreviation": "eun", - "recoveryServicesGeo": "ne", - "timeDifference": "0:00", - "timeZone": "GMT Standard Time" - }, - "norwayeast": { - "abbreviation": "noe", - "recoveryServicesGeo": "nwe", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "norwaywest": { - "abbreviation": "now", - "recoveryServicesGeo": "nww", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "polandcentral": { - "abbreviation": "plc", - "recoveryServicesGeo": "plc", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "qatarcentral": { - "abbreviation": "qac", - "recoveryServicesGeo": "qac", - "timeDifference": "+3:00", - "timeZone": "Arabian Standard Time" - }, - "southafricanorth": { - "abbreviation": "zan", - "recoveryServicesGeo": "san", - "timeDifference": "+2:00", - "timeZone": "South Africa Standard Time" - }, - "southafricawest": { - "abbreviation": "zaw", - "recoveryServicesGeo": "saw", - "timeDifference": "+2:00", - "timeZone": "South Africa Standard Time" - }, - "southcentralus": { - "abbreviation": "ussc", - "recoveryServicesGeo": "scus", - "timeDifference": "-6:00", - "timeZone": "Central Standard Time" - }, - "southeastasia": { - "abbreviation": "asse", - "recoveryServicesGeo": "sea", - "timeDifference": "+8:00", - "timeZone": "Singapore Standard Time" - }, - "southindia": { - "abbreviation": "ins", - "recoveryServicesGeo": "ins", - "timeDifference": "+5:30", - "timeZone": "India Standard Time" - }, - "swedencentral": { - "abbreviation": "sec", - "recoveryServicesGeo": "sdc", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "switzerlandnorth": { - "abbreviation": "chn", - "recoveryServicesGeo": "szn", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "switzerlandwest": { - "abbreviation": "chw", - "recoveryServicesGeo": "szw", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "uaecentral": { - "abbreviation": "aec", - "recoveryServicesGeo": "uac", - "timeDifference": "+3:00", - "timeZone": "Arabian Standard Time" - }, - "uaenorth": { - "abbreviation": "aen", - "recoveryServicesGeo": "uan", - "timeDifference": "+3:00", - "timeZone": "Arabian Standard Time" - }, - "uksouth": { - "abbreviation": "uks", - "recoveryServicesGeo": "uks", - "timeDifference": "0:00", - "timeZone": "GMT Standard Time" - }, - "ukwest": { - "abbreviation": "ukw", - "recoveryServicesGeo": "ukw", - "timeDifference": "0:00", - "timeZone": "GMT Standard Time" - }, - "westcentralus": { - "abbreviation": "uswc", - "recoveryServicesGeo": "wcus", - "timeDifference": "-7:00", - "timeZone": "Mountain Standard Time" - }, - "westeurope": { - "abbreviation": "euw", - "recoveryServicesGeo": "we", - "timeDifference": "+1:00", - "timeZone": "Central Europe Standard Time" - }, - "westindia": { - "abbreviation": "inw", - "recoveryServicesGeo": "inw", - "timeDifference": "+5:30", - "timeZone": "India Standard Time" - }, - "westus": { - "abbreviation": "usw", - "recoveryServicesGeo": "wus", - "timeDifference": "-8:00", - "timeZone": "Pacific Standard Time" - }, - "westus2": { - "abbreviation": "usw2", - "recoveryServicesGeo": "wus2", - "timeDifference": "-8:00", - "timeZone": "Pacific Standard Time" - }, - "westus3": { - "abbreviation": "usw3", - "recoveryServicesGeo": "wus3", - "timeDifference": "-7:00", - "timeZone": "Mountain Standard Time" - } - }, - "AzureUSGovernment": { - "usdodcentral": { - "abbreviation": "dodc", - "recoveryServicesGeo": "udc", - "timeDifference": "-6:00", - "timeZone": "Central Standard Time" - }, - "usdodeast": { - "abbreviation": "dode", - "recoveryServicesGeo": "ude", - "timeDifference": "-5:00", - "timeZone": "Eastern Standard Time" - }, - "usgovarizona": { - "abbreviation": "az", - "recoveryServicesGeo": "uga", - "timeDifference": "-7:00", - "timeZone": "Mountain Standard Time" - }, - "usgovtexas": { - "abbreviation": "tx", - "recoveryServicesGeo": "ugt", - "timeDifference": "-6:00", - "timeZone": "Central Standard Time" - }, - "usgovvirginia": { - "abbreviation": "va", - "recoveryServicesGeo": "ugv", - "timeDifference": "-5:00", - "timeZone": "Eastern Standard Time" - } - }, - "USNat": { - "usnateast": { - "abbreviation": "east", - "recoveryServicesGeo": "exe", - "timeDifference": "-5:00", - "timeZone": "Eastern Standard Time" - }, - "usnatwest": { - "abbreviation": "west", - "recoveryServicesGeo": "exw", - "timeDifference": "-8:00", - "timeZone": "Pacific Standard Time" - } - }, - "USSec": { - "usseceast": { - "abbreviation": "east", - "recoveryServicesGeo": "rxe", - "timeDifference": "-5:00", - "timeZone": "Eastern Standard Time" - }, - "ussecwest": { - "abbreviation": "west", - "recoveryServicesGeo": "rxw", - "timeDifference": "-8:00", - "timeZone": "Pacific Standard Time" - } - } - }, - "cloudSuffix": "[replace(replace(environment().resourceManager, 'https://management.azure.', ''), '/', '')]", - "locations": "[variables('$fxv#0')[environment().name]]", - "privateDnsZoneNames": "[union(createArray(format('privatelink.agentsvc.azure-automation.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureAutomation')[environment().name], variables('cloudSuffix'))), format('privatelink.azure-automation.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureAutomation')[environment().name], variables('cloudSuffix'))), format('privatelink.wvd.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureVirtualDesktop')[environment().name], variables('cloudSuffix'))), format('privatelink-global.wvd.{0}', coalesce(variables('privateDnsZoneSuffixes_AzureVirtualDesktop')[environment().name], variables('cloudSuffix'))), format('privatelink.file.{0}', environment().suffixes.storage), format('privatelink.queue.{0}', environment().suffixes.storage), format('privatelink.table.{0}', environment().suffixes.storage), format('privatelink.blob.{0}', environment().suffixes.storage), replace(format('privatelink{0}', environment().suffixes.keyvaultDns), 'vault', 'vaultcore'), format('privatelink.monitor.{0}', coalesce(variables('privateDnsZoneSuffixes_Monitor')[environment().name], variables('cloudSuffix'))), format('privatelink.ods.opinsights.{0}', coalesce(variables('privateDnsZoneSuffixes_Monitor')[environment().name], variables('cloudSuffix'))), format('privatelink.oms.opinsights.{0}', coalesce(variables('privateDnsZoneSuffixes_Monitor')[environment().name], variables('cloudSuffix')))), variables('privateDnsZoneNames_Backup'))]", - "privateDnsZoneSuffixes_AzureAutomation": { - "AzureCloud": "net", - "AzureUSGovernment": "us", - "USNat": null, - "USSec": null - }, - "privateDnsZoneSuffixes_AzureVirtualDesktop": { - "AzureCloud": "microsoft.com", - "AzureUSGovernment": "azure.us", - "USNat": null, - "USSec": null - }, - "privateDnsZoneSuffixes_Backup": { - "AzureCloud": "com", - "AzureUSGovernment": "us", - "USNat": null, - "USSec": null - }, - "privateDnsZoneSuffixes_Monitor": { - "AzureCloud": "azure.com", - "AzureUSGovernment": "azure.us", - "USNat": null, - "USSec": null - }, - "virtualNetworks": "[union(createArray(createObject('name', parameters('hubVirtualNetworkName'), 'resourceGroupName', parameters('hubVirtualNetworkResourceGroupName'), 'subscriptionId', parameters('hubVirtualNetworkSubscriptionId'))), if(parameters('deployIdentity'), createArray(createObject('name', parameters('identityVirtualNetworkName'), 'resourceGroupName', parameters('identityVirtualNetworkResourceGroupName'), 'subscriptionId', parameters('identityVirtualNetworkSubscriptionId'))), createArray()))]" - }, - "resources": [ - { - "copy": { - "name": "privateDnsZones", - "count": "[length(variables('privateDnsZoneNames'))]" - }, - "type": "Microsoft.Network/privateDnsZones", - "apiVersion": "2018-09-01", - "name": "[variables('privateDnsZoneNames')[copyIndex()]]", - "location": "global", - "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Network/privateDnsZones'), parameters('tags')['Microsoft.Network/privateDnsZones'], createObject()), parameters('mlzTags'))]" - }, - { - "copy": { - "name": "virtualNetworkLinks", - "count": "[length(variables('virtualNetworks'))]", - "mode": "serial", - "batchSize": 1 - }, - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('deploy-virtual-network-links-{0}-{1}', copyIndex(), parameters('deploymentNameSuffix'))]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "privateDnsZoneNames": { - "value": "[variables('privateDnsZoneNames')]" - }, - "virtualNetworkName": { - "value": "[variables('virtualNetworks')[copyIndex()].name]" - }, - "virtualNetworkResourceGroupName": { - "value": "[variables('virtualNetworks')[copyIndex()].resourceGroupName]" - }, - "virtualNetworkSubscriptionId": { - "value": "[variables('virtualNetworks')[copyIndex()].subscriptionId]" - } + "mode": "Incremental", + "parameters": { + "privateDnsZoneNames": { + "value": "[parameters('privateDnsZoneNames')]" + }, + "virtualNetworkName": { + "value": "[variables('virtualNetworks')[copyIndex()].name]" + }, + "virtualNetworkResourceGroupName": { + "value": "[variables('virtualNetworks')[copyIndex()].resourceGroupName]" + }, + "virtualNetworkSubscriptionId": { + "value": "[variables('virtualNetworks')[copyIndex()].subscriptionId]" + } }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", @@ -4594,66 +3989,25 @@ } ], "outputs": { - "agentsvcPrivateDnsZoneId": { - "type": "string", - "value": "[resourceId('Microsoft.Network/privateDnsZones', filter(variables('privateDnsZoneNames'), lambda('name', contains(lambdaVariables('name'), 'privatelink.agentsvc.azure-automation')))[0])]" - }, - "automationPrivateDnsZoneId": { - "type": "string", - "value": "[resourceId('Microsoft.Network/privateDnsZones', filter(variables('privateDnsZoneNames'), lambda('name', contains(lambdaVariables('name'), 'privatelink.azure-automation')))[0])]" - }, - "avdGlobalPrivateDnsZoneId": { - "type": "string", - "value": "[resourceId('Microsoft.Network/privateDnsZones', filter(variables('privateDnsZoneNames'), lambda('name', contains(lambdaVariables('name'), 'privatelink-global.wvd')))[0])]" - }, - "avdPrivateDnsZoneId": { - "type": "string", - "value": "[resourceId('Microsoft.Network/privateDnsZones', filter(variables('privateDnsZoneNames'), lambda('name', contains(lambdaVariables('name'), 'privatelink.wvd')))[0])]" - }, - "backupPrivateDnsZoneIds": { - "type": "array", - "copy": { - "count": "[length(variables('privateDnsZoneNames_Backup'))]", - "input": "[resourceId('Microsoft.Network/privateDnsZones', variables('privateDnsZoneNames_Backup')[copyIndex()])]" + "privateDnsZoneResourceIds": { + "type": "object", + "value": { + "agentSvc": "[resourceId('Microsoft.Network/privateDnsZones', filter(parameters('privateDnsZoneNames'), lambda('name', startsWith(lambdaVariables('name'), 'privatelink.agentsvc')))[0])]", + "blob": "[resourceId('Microsoft.Network/privateDnsZones', filter(parameters('privateDnsZoneNames'), lambda('name', contains(lambdaVariables('name'), 'blob')))[0])]", + "file": "[resourceId('Microsoft.Network/privateDnsZones', filter(parameters('privateDnsZoneNames'), lambda('name', contains(lambdaVariables('name'), 'file')))[0])]", + "keyVault": "[resourceId('Microsoft.Network/privateDnsZones', filter(parameters('privateDnsZoneNames'), lambda('name', contains(lambdaVariables('name'), 'vaultcore')))[0])]", + "monitor": "[resourceId('Microsoft.Network/privateDnsZones', filter(parameters('privateDnsZoneNames'), lambda('name', contains(lambdaVariables('name'), 'monitor')))[0])]", + "ods": "[resourceId('Microsoft.Network/privateDnsZones', filter(parameters('privateDnsZoneNames'), lambda('name', contains(lambdaVariables('name'), 'ods.opinsights')))[0])]", + "oms": "[resourceId('Microsoft.Network/privateDnsZones', filter(parameters('privateDnsZoneNames'), lambda('name', contains(lambdaVariables('name'), 'oms.opinsights')))[0])]", + "queue": "[resourceId('Microsoft.Network/privateDnsZones', filter(parameters('privateDnsZoneNames'), lambda('name', contains(lambdaVariables('name'), 'queue')))[0])]", + "table": "[resourceId('Microsoft.Network/privateDnsZones', filter(parameters('privateDnsZoneNames'), lambda('name', contains(lambdaVariables('name'), 'table')))[0])]" } - }, - "blobPrivateDnsZoneId": { - "type": "string", - "value": "[resourceId('Microsoft.Network/privateDnsZones', filter(variables('privateDnsZoneNames'), lambda('name', contains(lambdaVariables('name'), 'privatelink.blob')))[0])]" - }, - "filePrivateDnsZoneId": { - "type": "string", - "value": "[resourceId('Microsoft.Network/privateDnsZones', filter(variables('privateDnsZoneNames'), lambda('name', contains(lambdaVariables('name'), 'privatelink.file')))[0])]" - }, - "keyvaultDnsPrivateDnsZoneId": { - "type": "string", - "value": "[resourceId('Microsoft.Network/privateDnsZones', filter(variables('privateDnsZoneNames'), lambda('name', contains(lambdaVariables('name'), 'privatelink.vaultcore')))[0])]" - }, - "monitorPrivateDnsZoneId": { - "type": "string", - "value": "[resourceId('Microsoft.Network/privateDnsZones', filter(variables('privateDnsZoneNames'), lambda('name', contains(lambdaVariables('name'), 'privatelink.monitor')))[0])]" - }, - "odsPrivateDnsZoneId": { - "type": "string", - "value": "[resourceId('Microsoft.Network/privateDnsZones', filter(variables('privateDnsZoneNames'), lambda('name', contains(lambdaVariables('name'), 'privatelink.ods.opinsights')))[0])]" - }, - "omsPrivateDnsZoneId": { - "type": "string", - "value": "[resourceId('Microsoft.Network/privateDnsZones', filter(variables('privateDnsZoneNames'), lambda('name', contains(lambdaVariables('name'), 'privatelink.oms.opinsights')))[0])]" - }, - "queuePrivateDnsZoneId": { - "type": "string", - "value": "[resourceId('Microsoft.Network/privateDnsZones', filter(variables('privateDnsZoneNames'), lambda('name', contains(lambdaVariables('name'), 'privatelink.queue')))[0])]" - }, - "tablePrivateDnsZoneId": { - "type": "string", - "value": "[resourceId('Microsoft.Network/privateDnsZones', filter(variables('privateDnsZoneNames'), lambda('name', contains(lambdaVariables('name'), 'privatelink.table')))[0])]" } } } }, "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hub').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('deploymentNameSuffix')))]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('deploymentNameSuffix')))]", "spokeNetworks" ] } @@ -4661,49 +4015,39 @@ "outputs": { "azureFirewallResourceId": { "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hub').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.firewallResourceId.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.firewallResourceId.value]" }, "bastionHostSubnetResourceId": { "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hub').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.bastionHostSubnetResourceId.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.bastionHostSubnetResourceId.value]" }, - "hubSubnetResourceId": { + "sharedServicesSubnetResourceId": { "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hub').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.subnetResourceId.value]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-vnet-{0}-{1}', variables('spokes')[1].name, parameters('deploymentNameSuffix'))), '2022-09-01').outputs.subnetResourceId.value]" }, "hubNetworkSecurityGroupResourceId": { "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hub').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.networkSecurityGroupResourceId.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.networkSecurityGroupResourceId.value]" + }, + "hubSubnetResourceId": { + "type": "string", + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.subnetResourceId.value]" }, "hubVirtualNetworkResourceId": { "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hub').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.virtualNetworkResourceId.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-vnet-hub-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.virtualNetworkResourceId.value]" }, "identitySubnetResourceId": { "type": "string", - "value": "[if(parameters('deployIdentity'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('spokes')[2].subscriptionId, variables('spokes')[2].resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-vnet-{0}-{1}', variables('spokes')[2].name, parameters('deploymentNameSuffix'))), '2022-09-01').outputs.subnetResourceId.value, '')]" + "value": "[if(parameters('deployIdentity'), reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-vnet-{0}-{1}', variables('spokes')[2].name, parameters('deploymentNameSuffix'))), '2022-09-01').outputs.subnetResourceId.value, '')]" }, "operationsSubnetResourceId": { "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('spokes')[0].subscriptionId, variables('spokes')[0].resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-vnet-{0}-{1}', variables('spokes')[0].name, parameters('deploymentNameSuffix'))), '2022-09-01').outputs.subnetResourceId.value]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-vnet-{0}-{1}', variables('spokes')[0].name, parameters('deploymentNameSuffix'))), '2022-09-01').outputs.subnetResourceId.value]" }, "privateDnsZoneResourceIds": { "type": "object", - "value": { - "agentsvc": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hub').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-private-dns-zones-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.agentsvcPrivateDnsZoneId.value]", - "automation": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hub').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-private-dns-zones-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.automationPrivateDnsZoneId.value]", - "avdGlobal": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hub').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-private-dns-zones-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.avdGlobalPrivateDnsZoneId.value]", - "avd": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hub').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-private-dns-zones-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.avdPrivateDnsZoneId.value]", - "backups": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hub').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-private-dns-zones-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.backupPrivateDnsZoneIds.value]", - "blob": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hub').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-private-dns-zones-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.blobPrivateDnsZoneId.value]", - "file": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hub').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-private-dns-zones-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.filePrivateDnsZoneId.value]", - "keyvault": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hub').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-private-dns-zones-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyvaultDnsPrivateDnsZoneId.value]", - "monitor": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hub').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-private-dns-zones-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.monitorPrivateDnsZoneId.value]", - "ods": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hub').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-private-dns-zones-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.odsPrivateDnsZoneId.value]", - "oms": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hub').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-private-dns-zones-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.omsPrivateDnsZoneId.value]", - "queue": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hub').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-private-dns-zones-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.queuePrivateDnsZoneId.value]", - "table": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hub').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-private-dns-zones-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tablePrivateDnsZoneId.value]" - } + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('hub').subscriptionId, variables('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-private-dns-zones-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.privateDnsZoneResourceIds.value]" } } } @@ -4727,6 +4071,12 @@ "deploymentNameSuffix": { "value": "[parameters('deploymentNameSuffix')]" }, + "tier": { + "value": "[filter(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value, lambda('tier', equals(lambdaVariables('tier').name, 'hub')))[0]]" + }, + "resourceGroupName": { + "value": "[filter(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-resource-groups-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.names.value, lambda('name', contains(lambdaVariables('name'), 'hub')))[0]]" + }, "keyVaultPrivateDnsZoneResourceId": { "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.privateDnsZoneResourceIds.value.keyVault]" }, @@ -4734,16 +4084,16 @@ "value": "[parameters('location')]" }, "mlzTags": { - "value": "[variables('mlzTags')]" - }, - "networkProperties": { - "value": "[first(filter(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.networks.value, lambda('network', equals(lambdaVariables('network').name, 'hub'))))]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.mlzTags.value]" }, "subnetResourceId": { "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.hubSubnetResourceId.value]" }, "tags": { "value": "[parameters('tags')]" + }, + "tokens": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value]" } }, "template": { @@ -4753,7 +4103,7 @@ "_generator": { "name": "bicep", "version": "0.27.1.19265", - "templateHash": "5396474088400855299" + "templateHash": "7828233421610885078" } }, "parameters": { @@ -4769,14 +4119,20 @@ "mlzTags": { "type": "object" }, - "networkProperties": { - "type": "object" + "resourceGroupName": { + "type": "string" }, "subnetResourceId": { "type": "string" }, "tags": { "type": "object" + }, + "tier": { + "type": "object" + }, + "tokens": { + "type": "object" } }, "resources": [ @@ -4784,8 +4140,8 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))]", - "subscriptionId": "[parameters('networkProperties').subscriptionId]", - "resourceGroup": "[parameters('networkProperties').resourceGroupName]", + "subscriptionId": "[parameters('tier').subscriptionId]", + "resourceGroup": "[parameters('resourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -4793,16 +4149,16 @@ "mode": "Incremental", "parameters": { "keyVaultName": { - "value": "[parameters('networkProperties').keyVaultName]" + "value": "[take(replace(parameters('tier').namingConvention.keyVault, parameters('tokens').service, ''), 24)]" }, "keyVaultNetworkInterfaceName": { - "value": "[parameters('networkProperties').keyVaultNetworkInterfaceName]" + "value": "[replace(parameters('tier').namingConvention.keyVaultNetworkInterface, parameters('tokens').service, '')]" }, "keyVaultPrivateDnsZoneResourceId": { "value": "[parameters('keyVaultPrivateDnsZoneResourceId')]" }, "keyVaultPrivateEndpointName": { - "value": "[parameters('networkProperties').keyVaultPrivateEndpointName]" + "value": "[replace(parameters('tier').namingConvention.keyVaultPrivateEndpoint, parameters('tokens').service, '')]" }, "location": { "value": "[parameters('location')]" @@ -5037,8 +4393,8 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('deploy-disk-encryption-set-{0}', parameters('deploymentNameSuffix'))]", - "subscriptionId": "[parameters('networkProperties').subscriptionId]", - "resourceGroup": "[parameters('networkProperties').resourceGroupName]", + "subscriptionId": "[parameters('tier').subscriptionId]", + "resourceGroup": "[parameters('resourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -5049,13 +4405,13 @@ "value": "[parameters('deploymentNameSuffix')]" }, "diskEncryptionSetName": { - "value": "[parameters('networkProperties').diskEncryptionSetName]" + "value": "[parameters('tier').namingConvention.diskEncryptionSet]" }, "keyUrl": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('networkProperties').subscriptionId, parameters('networkProperties').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyUriWithVersion.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyUriWithVersion.value]" }, "keyVaultResourceId": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('networkProperties').subscriptionId, parameters('networkProperties').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultResourceId.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultResourceId.value]" }, "location": { "value": "[parameters('location')]" @@ -5206,32 +4562,35 @@ } }, "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('networkProperties').subscriptionId, parameters('networkProperties').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix')))]" + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix')))]" ] }, { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('deploy-user-assigned-identity-{0}', parameters('deploymentNameSuffix'))]", - "subscriptionId": "[parameters('networkProperties').subscriptionId]", - "resourceGroup": "[parameters('networkProperties').resourceGroupName]", + "subscriptionId": "[parameters('tier').subscriptionId]", + "resourceGroup": "[parameters('resourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" }, "mode": "Incremental", "parameters": { + "keyVaultName": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultName.value]" + }, "location": { "value": "[parameters('location')]" }, "mlzTags": { "value": "[parameters('mlzTags')]" }, - "name": { - "value": "[parameters('networkProperties').userAssignedIdentityName]" - }, "tags": { "value": "[parameters('tags')]" + }, + "userAssignedIdentityName": { + "value": "[replace(parameters('tier').namingConvention.userAssignedIdentity, format('-{0}', parameters('tokens').service), '')]" } }, "template": { @@ -5241,150 +4600,94 @@ "_generator": { "name": "bicep", "version": "0.27.1.19265", - "templateHash": "18444034659283031294" + "templateHash": "6007785905664733866" } }, "parameters": { + "keyVaultName": { + "type": "string" + }, "location": { "type": "string" }, "mlzTags": { "type": "object" }, - "name": { - "type": "string" - }, "tags": { "type": "object" + }, + "userAssignedIdentityName": { + "type": "string" } }, "resources": [ { "type": "Microsoft.ManagedIdentity/userAssignedIdentities", "apiVersion": "2018-11-30", - "name": "[parameters('name')]", + "name": "[parameters('userAssignedIdentityName')]", "location": "[parameters('location')]", "tags": "[union(if(contains(parameters('tags'), 'Microsoft.ManagedIdentity/userAssignedIdentities'), parameters('tags')['Microsoft.ManagedIdentity/userAssignedIdentities'], createObject()), parameters('mlzTags'))]" }, { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "roleAssignmentEncryption", + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2020-04-01-preview", + "scope": "[format('Microsoft.KeyVault/vaults/{0}', parameters('keyVaultName'))]", + "name": "[guid(parameters('userAssignedIdentityName'), 'e147488a-f6f5-4113-8e2d-b22465e65bf6', parameters('keyVaultName'))]", "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "principalId": { - "value": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name')), '2018-11-30').principalId]" - }, - "principalType": { - "value": "ServicePrincipal" - }, - "roleDefinitionId": { - "value": "[resourceId('Microsoft.Authorization/roleDefinitions', 'e147488a-f6f5-4113-8e2d-b22465e65bf6')]" - }, - "targetResourceId": { - "value": "[resourceGroup().id]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "6383470207031311407" - } - }, - "parameters": { - "targetResourceId": { - "type": "string" - }, - "roleDefinitionId": { - "type": "string" - }, - "principalId": { - "type": "string" - }, - "principalType": { - "type": "string", - "defaultValue": "ServicePrincipal", - "allowedValues": [ - "ForeignGroup", - "Group", - "ServicePrincipal", - "User" - ] - }, - "description": { - "type": "string", - "defaultValue": "" - } - }, - "resources": [ - { - "type": "Microsoft.Authorization/roleAssignments", - "apiVersion": "2020-04-01-preview", - "name": "[guid(parameters('targetResourceId'), parameters('roleDefinitionId'), parameters('principalId'))]", - "properties": { - "principalId": "[parameters('principalId')]", - "principalType": "[parameters('principalType')]", - "roleDefinitionId": "[parameters('roleDefinitionId')]", - "description": "[parameters('description')]" - } - } - ] - } + "principalId": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('userAssignedIdentityName')), '2018-11-30').principalId]", + "principalType": "ServicePrincipal", + "roleDefinitionId": "[resourceId('Microsoft.Authorization/roleDefinitions', 'e147488a-f6f5-4113-8e2d-b22465e65bf6')]" }, "dependsOn": [ - "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name'))]" + "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('userAssignedIdentityName'))]" ] } ], "outputs": { "resourceId": { "type": "string", - "value": "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('name'))]" + "value": "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('userAssignedIdentityName'))]" } } } - } + }, + "dependsOn": [ + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix')))]" + ] } ], "outputs": { "diskEncryptionSetResourceId": { "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('networkProperties').subscriptionId, parameters('networkProperties').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-disk-encryption-set-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.resourceId.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-disk-encryption-set-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.resourceId.value]" }, - "KeyVaultName": { + "keyVaultName": { "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('networkProperties').subscriptionId, parameters('networkProperties').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultName.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultName.value]" }, "keyVaultUri": { "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('networkProperties').subscriptionId, parameters('networkProperties').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultUri.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultUri.value]" }, "keyVaultResourceId": { "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('networkProperties').subscriptionId, parameters('networkProperties').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultResourceId.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultResourceId.value]" }, "storageKeyName": { "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('networkProperties').subscriptionId, parameters('networkProperties').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.storageKeyName.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-key-vault-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.storageKeyName.value]" }, "userAssignedIdentityResourceId": { "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('networkProperties').subscriptionId, parameters('networkProperties').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-user-assigned-identity-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.resourceId.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('tier').subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-user-assigned-identity-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.resourceId.value]" } } } }, "dependsOn": [ "[subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix')))]", - "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}', parameters('deploymentNameSuffix')))]" + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}', parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-resource-groups-{0}', parameters('deploymentNameSuffix')))]" ] }, { @@ -5417,10 +4720,13 @@ "value": "[parameters('logAnalyticsWorkspaceSkuName')]" }, "mlzTags": { - "value": "[variables('mlzTags')]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.mlzTags.value]" + }, + "ops": { + "value": "[filter(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value, lambda('tier', equals(lambdaVariables('tier').name, 'operations')))[0]]" }, - "operationsProperties": { - "value": "[first(filter(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.networks.value, lambda('network', equals(lambdaVariables('network').name, 'operations'))))]" + "opsResourceGroupName": { + "value": "[filter(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-resource-groups-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.names.value, lambda('name', contains(lambdaVariables('name'), 'operations')))[0]]" }, "privateDnsZoneResourceIds": { "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.privateDnsZoneResourceIds.value]" @@ -5439,7 +4745,7 @@ "_generator": { "name": "bicep", "version": "0.27.1.19265", - "templateHash": "11989229705083422603" + "templateHash": "6307821004764006385" } }, "parameters": { @@ -5464,9 +4770,12 @@ "mlzTags": { "type": "object" }, - "operationsProperties": { + "ops": { "type": "object" }, + "opsResourceGroupName": { + "type": "string" + }, "privateDnsZoneResourceIds": { "type": "object" }, @@ -5482,8 +4791,8 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('deploy-law-{0}', parameters('deploymentNameSuffix'))]", - "subscriptionId": "[parameters('operationsProperties').subscriptionId]", - "resourceGroup": "[parameters('operationsProperties').resourceGroupName]", + "subscriptionId": "[parameters('ops').subscriptionId]", + "resourceGroup": "[parameters('opsResourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -5500,7 +4809,7 @@ "value": "[parameters('mlzTags')]" }, "name": { - "value": "[parameters('operationsProperties').logAnalyticsWorkspaceName]" + "value": "[parameters('ops').namingConvention.logAnalyticsWorkspace]" }, "retentionInDays": { "value": "[parameters('logAnalyticsWorkspaceRetentionInDays')]" @@ -5668,8 +4977,8 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('deploy-private-link-scope-{0}', parameters('deploymentNameSuffix'))]", - "subscriptionId": "[parameters('operationsProperties').subscriptionId]", - "resourceGroup": "[parameters('operationsProperties').resourceGroupName]", + "subscriptionId": "[parameters('ops').subscriptionId]", + "resourceGroup": "[parameters('opsResourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -5677,10 +4986,10 @@ "mode": "Incremental", "parameters": { "logAnalyticsWorkspaceResourceId": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsProperties').subscriptionId, parameters('operationsProperties').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-law-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.resourceId.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('ops').subscriptionId, parameters('opsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-law-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.resourceId.value]" }, "name": { - "value": "[parameters('operationsProperties').privateLinkScopeName]" + "value": "[parameters('ops').namingConvention.privateLinkScope]" } }, "template": { @@ -5690,7 +4999,7 @@ "_generator": { "name": "bicep", "version": "0.27.1.19265", - "templateHash": "14160890386365930561" + "templateHash": "12769672183239579434" } }, "parameters": { @@ -5709,8 +5018,8 @@ "location": "global", "properties": { "accessModeSettings": { - "ingestionAccessMode": "Private", - "queryAccessMode": "Private" + "ingestionAccessMode": "PrivateOnly", + "queryAccessMode": "PrivateOnly" } } }, @@ -5735,15 +5044,15 @@ } }, "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsProperties').subscriptionId, parameters('operationsProperties').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-law-{0}', parameters('deploymentNameSuffix')))]" + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('ops').subscriptionId, parameters('opsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-law-{0}', parameters('deploymentNameSuffix')))]" ] }, { "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('deploy-private-endpoint-{0}', parameters('deploymentNameSuffix'))]", - "subscriptionId": "[parameters('operationsProperties').subscriptionId]", - "resourceGroup": "[parameters('operationsProperties').resourceGroupName]", + "subscriptionId": "[parameters('ops').subscriptionId]", + "resourceGroup": "[parameters('opsResourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -5762,10 +5071,10 @@ "value": "[parameters('mlzTags')]" }, "name": { - "value": "[parameters('operationsProperties').privateLinkScopePrivateEndpointName]" + "value": "[parameters('ops').namingConvention.privateLinkScopePrivateEndpoint]" }, "networkInterfaceName": { - "value": "[parameters('operationsProperties').privateLinkScopeNetworkInterfaceName]" + "value": "[parameters('ops').namingConvention.privateLinkScopeNetworkInterface]" }, "privateDnsZoneConfigs": { "value": [ @@ -5802,7 +5111,7 @@ ] }, "privateLinkServiceId": { - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsProperties').subscriptionId, parameters('operationsProperties').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-private-link-scope-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.resourceId.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('ops').subscriptionId, parameters('opsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-private-link-scope-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.resourceId.value]" }, "subnetResourceId": { "value": "[parameters('subnetResourceId')]" @@ -5888,21 +5197,22 @@ } }, "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsProperties').subscriptionId, parameters('operationsProperties').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-private-link-scope-{0}', parameters('deploymentNameSuffix')))]" + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('ops').subscriptionId, parameters('opsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-private-link-scope-{0}', parameters('deploymentNameSuffix')))]" ] } ], "outputs": { "logAnalyticsWorkspaceResourceId": { "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsProperties').subscriptionId, parameters('operationsProperties').resourceGroupName), 'Microsoft.Resources/deployments', format('deploy-law-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.resourceId.value]" + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('ops').subscriptionId, parameters('opsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-law-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.resourceId.value]" } } } }, "dependsOn": [ "[subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix')))]", - "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}', parameters('deploymentNameSuffix')))]" + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}', parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-resource-groups-{0}', parameters('deploymentNameSuffix')))]" ] }, { @@ -5940,11 +5250,14 @@ "diskEncryptionSetResourceId": { "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-hub-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.diskEncryptionSetResourceId.value]" }, + "hub": { + "value": "[filter(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value, lambda('tier', equals(lambdaVariables('tier').name, 'hub')))[0]]" + }, "hubNetworkSecurityGroupResourceId": { "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.hubNetworkSecurityGroupResourceId.value]" }, - "hubProperties": { - "value": "[first(filter(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.networks.value, lambda('network', equals(lambdaVariables('network').name, 'hub'))))]" + "hubResourceGroupName": { + "value": "[filter(reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-resource-groups-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.names.value, lambda('name', contains(lambdaVariables('name'), 'hub')))[0]]" }, "hubSubnetResourceId": { "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.hubSubnetResourceId.value]" @@ -5992,7 +5305,10 @@ "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-monitoring-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.logAnalyticsWorkspaceResourceId.value]" }, "mlzTags": { - "value": "[variables('mlzTags')]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.mlzTags.value]" + }, + "serviceToken": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value.service]" }, "tags": { "value": "[parameters('tags')]" @@ -6035,7 +5351,7 @@ "_generator": { "name": "bicep", "version": "0.27.1.19265", - "templateHash": "5291592145845995956" + "templateHash": "6988657277317429041" } }, "parameters": { @@ -6063,11 +5379,14 @@ "diskEncryptionSetResourceId": { "type": "string" }, + "hub": { + "type": "object" + }, "hubNetworkSecurityGroupResourceId": { "type": "string" }, - "hubProperties": { - "type": "object" + "hubResourceGroupName": { + "type": "string" }, "hubSubnetResourceId": { "type": "string" @@ -6122,6 +5441,9 @@ "mlzTags": { "type": "object" }, + "serviceToken": { + "type": "string" + }, "tags": { "type": "object" }, @@ -6163,8 +5485,8 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "remoteAccess-bastionHost", - "subscriptionId": "[parameters('hubProperties').subscriptionId]", - "resourceGroup": "[parameters('hubProperties').resourceGroupName]", + "subscriptionId": "[parameters('hub').subscriptionId]", + "resourceGroup": "[parameters('hubResourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -6174,9 +5496,6 @@ "bastionHostSubnetResourceId": { "value": "[parameters('bastionHostSubnetResourceId')]" }, - "ipConfigurationName": { - "value": "[parameters('hubProperties').bastionHostIPConfigurationName]" - }, "location": { "value": "[parameters('location')]" }, @@ -6184,7 +5503,7 @@ "value": "[parameters('mlzTags')]" }, "name": { - "value": "[parameters('hubProperties').bastionHostName]" + "value": "[parameters('hub').namingConvention.bastionHost]" }, "publicIPAddressAllocationMethod": { "value": "[parameters('bastionHostPublicIPAddressAllocationMethod')]" @@ -6193,7 +5512,7 @@ "value": "[parameters('bastionHostPublicIPAddressAvailabilityZones')]" }, "publicIPAddressName": { - "value": "[parameters('hubProperties').bastionHostPublicIPAddressName]" + "value": "[parameters('hub').namingConvention.bastionHostPublicIPAddress]" }, "publicIPAddressSkuName": { "value": "[parameters('bastionHostPublicIPAddressSkuName')]" @@ -6209,16 +5528,13 @@ "_generator": { "name": "bicep", "version": "0.27.1.19265", - "templateHash": "6020015951408111241" + "templateHash": "3883997117333639435" } }, "parameters": { "bastionHostSubnetResourceId": { "type": "string" }, - "ipConfigurationName": { - "type": "string" - }, "location": { "type": "string" }, @@ -6268,7 +5584,7 @@ "properties": { "ipConfigurations": [ { - "name": "[parameters('ipConfigurationName')]", + "name": "ipconfig", "properties": { "subnet": { "id": "[parameters('bastionHostSubnetResourceId')]" @@ -6292,163 +5608,60 @@ "condition": "[parameters('deployLinuxVirtualMachine')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "remoteAccess-linuxNetworkInterface", - "subscriptionId": "[parameters('hubProperties').subscriptionId]", - "resourceGroup": "[parameters('hubProperties').resourceGroupName]", + "name": "remoteAccess-linuxVirtualMachine", + "subscriptionId": "[parameters('hub').subscriptionId]", + "resourceGroup": "[parameters('hubResourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" }, "mode": "Incremental", "parameters": { - "ipConfigurationName": { - "value": "[parameters('hubProperties').linuxNetworkInterfaceIpConfigurationName]" + "adminPasswordOrKey": { + "value": "[parameters('linuxVmAdminPasswordOrKey')]" + }, + "adminUsername": { + "value": "[parameters('linuxVmAdminUsername')]" + }, + "authenticationType": { + "value": "[parameters('linuxVmAuthenticationType')]" + }, + "diskEncryptionSetResourceId": { + "value": "[parameters('diskEncryptionSetResourceId')]" + }, + "diskName": { + "value": "[replace(parameters('hub').namingConvention.virtualMachineDisk, parameters('serviceToken'), 'remoteAccess-linux')]" }, "location": { "value": "[parameters('location')]" }, + "logAnalyticsWorkspaceId": { + "value": "[parameters('logAnalyticsWorkspaceId')]" + }, "mlzTags": { "value": "[parameters('mlzTags')]" }, "name": { - "value": "[parameters('hubProperties').linuxNetworkInterfaceName]" + "value": "[replace(parameters('hub').namingConvention.virtualMachine, parameters('serviceToken'), 'ral')]" + }, + "networkInterfaceName": { + "value": "[replace(parameters('hub').namingConvention.virtualMachineNetworkInterface, parameters('serviceToken'), 'remoteAccess-linux')]" }, - "networkSecurityGroupId": { + "networkSecurityGroupResourceId": { "value": "[parameters('hubNetworkSecurityGroupResourceId')]" }, + "osDiskCreateOption": { + "value": "[parameters('linuxVmOsDiskCreateOption')]" + }, + "osDiskType": { + "value": "[parameters('linuxVmOsDiskType')]" + }, "privateIPAddressAllocationMethod": { "value": "[parameters('linuxNetworkInterfacePrivateIPAddressAllocationMethod')]" }, - "subnetId": { + "subnetResourceId": { "value": "[parameters('hubSubnetResourceId')]" }, - "tags": { - "value": "[parameters('tags')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "438947595009177848" - } - }, - "parameters": { - "ipConfigurationName": { - "type": "string" - }, - "location": { - "type": "string" - }, - "mlzTags": { - "type": "object", - "defaultValue": {} - }, - "name": { - "type": "string" - }, - "networkSecurityGroupId": { - "type": "string" - }, - "privateIPAddressAllocationMethod": { - "type": "string" - }, - "subnetId": { - "type": "string" - }, - "tags": { - "type": "object", - "defaultValue": {} - } - }, - "resources": [ - { - "type": "Microsoft.Network/networkInterfaces", - "apiVersion": "2021-02-01", - "name": "[parameters('name')]", - "location": "[parameters('location')]", - "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Network/networkInterfaces'), parameters('tags')['Microsoft.Network/networkInterfaces'], createObject()), parameters('mlzTags'))]", - "properties": { - "ipConfigurations": [ - { - "name": "[parameters('ipConfigurationName')]", - "properties": { - "subnet": { - "id": "[parameters('subnetId')]" - }, - "privateIPAllocationMethod": "[parameters('privateIPAddressAllocationMethod')]" - } - } - ], - "networkSecurityGroup": { - "id": "[parameters('networkSecurityGroupId')]" - } - } - } - ], - "outputs": { - "id": { - "type": "string", - "value": "[resourceId('Microsoft.Network/networkInterfaces', parameters('name'))]" - }, - "name": { - "type": "string", - "value": "[parameters('name')]" - } - } - } - } - }, - { - "condition": "[parameters('deployLinuxVirtualMachine')]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "remoteAccess-linuxVirtualMachine", - "subscriptionId": "[parameters('hubProperties').subscriptionId]", - "resourceGroup": "[parameters('hubProperties').resourceGroupName]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "adminPasswordOrKey": { - "value": "[parameters('linuxVmAdminPasswordOrKey')]" - }, - "adminUsername": { - "value": "[parameters('linuxVmAdminUsername')]" - }, - "authenticationType": { - "value": "[parameters('linuxVmAuthenticationType')]" - }, - "diskEncryptionSetResourceId": { - "value": "[parameters('diskEncryptionSetResourceId')]" - }, - "diskName": { - "value": "[parameters('hubProperties').linuxDiskName]" - }, - "location": { - "value": "[parameters('location')]" - }, - "logAnalyticsWorkspaceId": { - "value": "[parameters('logAnalyticsWorkspaceId')]" - }, - "mlzTags": { - "value": "[parameters('mlzTags')]" - }, - "name": { - "value": "[parameters('hubProperties').linuxVmName]" - }, - "networkInterfaceName": "[if(parameters('deployLinuxVirtualMachine'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('hubProperties').subscriptionId, parameters('hubProperties').resourceGroupName), 'Microsoft.Resources/deployments', 'remoteAccess-linuxNetworkInterface'), '2022-09-01').outputs.name.value), createObject('value', ''))]", - "osDiskCreateOption": { - "value": "[parameters('linuxVmOsDiskCreateOption')]" - }, - "osDiskType": { - "value": "[parameters('linuxVmOsDiskType')]" - }, "tags": { "value": "[parameters('tags')]" }, @@ -6475,7 +5688,7 @@ "_generator": { "name": "bicep", "version": "0.27.1.19265", - "templateHash": "1204003513623198452" + "templateHash": "5326114636620544955" } }, "parameters": { @@ -6514,12 +5727,21 @@ "networkInterfaceName": { "type": "string" }, + "networkSecurityGroupResourceId": { + "type": "string" + }, "osDiskCreateOption": { "type": "string" }, "osDiskType": { "type": "string" }, + "privateIPAddressAllocationMethod": { + "type": "string" + }, + "subnetResourceId": { + "type": "string" + }, "tags": { "type": "object" }, @@ -6571,7 +5793,7 @@ "networkProfile": { "networkInterfaces": [ { - "id": "[resourceId('Microsoft.Network/networkInterfaces', parameters('networkInterfaceName'))]", + "id": "[reference(resourceId('Microsoft.Resources/deployments', 'remoteAccess-linuxNetworkInterface'), '2022-09-01').outputs.id.value]", "properties": { "deleteOption": "Delete" } @@ -6614,7 +5836,10 @@ } }, "licenseType": null - } + }, + "dependsOn": [ + "[resourceId('Microsoft.Resources/deployments', 'remoteAccess-linuxNetworkInterface')]" + ] }, { "type": "Microsoft.Compute/virtualMachines/extensions", @@ -6713,133 +5938,121 @@ "[resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('name'), 'OMSExtension')]", "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]" ] - } - ], - "outputs": { - "adminUsername": { - "type": "string", - "value": "[parameters('adminUsername')]" }, - "authenticationType": { - "type": "string", - "value": "[parameters('authenticationType')]" - } - } - } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('hubProperties').subscriptionId, parameters('hubProperties').resourceGroupName), 'Microsoft.Resources/deployments', 'remoteAccess-linuxNetworkInterface')]" - ] - }, - { - "condition": "[parameters('deployWindowsVirtualMachine')]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "remoteAccess-windowsNetworkInterface", - "subscriptionId": "[parameters('hubProperties').subscriptionId]", - "resourceGroup": "[parameters('hubProperties').resourceGroupName]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "ipConfigurationName": { - "value": "[parameters('hubProperties').windowsNetworkInterfaceIpConfigurationName]" - }, - "location": { - "value": "[parameters('location')]" - }, - "mlzTags": { - "value": "[parameters('mlzTags')]" - }, - "name": { - "value": "[parameters('hubProperties').windowsNetworkInterfaceName]" - }, - "networkSecurityGroupId": { - "value": "[parameters('hubNetworkSecurityGroupResourceId')]" - }, - "privateIPAddressAllocationMethod": { - "value": "[parameters('windowsNetworkInterfacePrivateIPAddressAllocationMethod')]" - }, - "subnetId": { - "value": "[parameters('hubSubnetResourceId')]" - }, - "tags": { - "value": "[parameters('tags')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "438947595009177848" - } - }, - "parameters": { - "ipConfigurationName": { - "type": "string" - }, - "location": { - "type": "string" - }, - "mlzTags": { - "type": "object", - "defaultValue": {} - }, - "name": { - "type": "string" - }, - "networkSecurityGroupId": { - "type": "string" - }, - "privateIPAddressAllocationMethod": { - "type": "string" - }, - "subnetId": { - "type": "string" - }, - "tags": { - "type": "object", - "defaultValue": {} - } - }, - "resources": [ { - "type": "Microsoft.Network/networkInterfaces", - "apiVersion": "2021-02-01", - "name": "[parameters('name')]", - "location": "[parameters('location')]", - "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Network/networkInterfaces'), parameters('tags')['Microsoft.Network/networkInterfaces'], createObject()), parameters('mlzTags'))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "remoteAccess-linuxNetworkInterface", "properties": { - "ipConfigurations": [ - { - "name": "[parameters('ipConfigurationName')]", - "properties": { - "subnet": { - "id": "[parameters('subnetId')]" - }, - "privateIPAllocationMethod": "[parameters('privateIPAddressAllocationMethod')]" + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "location": { + "value": "[parameters('location')]" + }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, + "name": { + "value": "[parameters('networkInterfaceName')]" + }, + "networkSecurityGroupResourceId": { + "value": "[parameters('networkSecurityGroupResourceId')]" + }, + "privateIPAddressAllocationMethod": { + "value": "[parameters('privateIPAddressAllocationMethod')]" + }, + "subnetResourceId": { + "value": "[parameters('subnetResourceId')]" + }, + "tags": { + "value": "[parameters('tags')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "10681682753551959771" + } + }, + "parameters": { + "location": { + "type": "string" + }, + "mlzTags": { + "type": "object", + "defaultValue": {} + }, + "name": { + "type": "string" + }, + "networkSecurityGroupResourceId": { + "type": "string" + }, + "privateIPAddressAllocationMethod": { + "type": "string" + }, + "subnetResourceId": { + "type": "string" + }, + "tags": { + "type": "object", + "defaultValue": {} + } + }, + "resources": [ + { + "type": "Microsoft.Network/networkInterfaces", + "apiVersion": "2021-02-01", + "name": "[parameters('name')]", + "location": "[parameters('location')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Network/networkInterfaces'), parameters('tags')['Microsoft.Network/networkInterfaces'], createObject()), parameters('mlzTags'))]", + "properties": { + "ipConfigurations": [ + { + "name": "ipconfig", + "properties": { + "subnet": { + "id": "[parameters('subnetResourceId')]" + }, + "privateIPAllocationMethod": "[parameters('privateIPAddressAllocationMethod')]" + } + } + ], + "networkSecurityGroup": { + "id": "[parameters('networkSecurityGroupResourceId')]" + } + } + } + ], + "outputs": { + "id": { + "type": "string", + "value": "[resourceId('Microsoft.Network/networkInterfaces', parameters('name'))]" + }, + "name": { + "type": "string", + "value": "[parameters('name')]" } } - ], - "networkSecurityGroup": { - "id": "[parameters('networkSecurityGroupId')]" } } } ], "outputs": { - "id": { + "adminUsername": { "type": "string", - "value": "[resourceId('Microsoft.Network/networkInterfaces', parameters('name'))]" + "value": "[parameters('adminUsername')]" }, - "name": { + "authenticationType": { "type": "string", - "value": "[parameters('name')]" + "value": "[parameters('authenticationType')]" } } } @@ -6850,8 +6063,8 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "remoteAccess-windowsVirtualMachine", - "subscriptionId": "[parameters('hubProperties').subscriptionId]", - "resourceGroup": "[parameters('hubProperties').resourceGroupName]", + "subscriptionId": "[parameters('hub').subscriptionId]", + "resourceGroup": "[parameters('hubResourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -6871,7 +6084,7 @@ "value": "[parameters('diskEncryptionSetResourceId')]" }, "diskName": { - "value": "[parameters('hubProperties').windowsDiskName]" + "value": "[replace(parameters('hub').namingConvention.virtualMachineDisk, parameters('serviceToken'), 'remoteAccess-windows')]" }, "hybridUseBenefit": { "value": "[parameters('hybridUseBenefit')]" @@ -6886,12 +6099,20 @@ "value": "[parameters('mlzTags')]" }, "name": { - "value": "[parameters('hubProperties').windowsVmName]" + "value": "[replace(parameters('hub').namingConvention.virtualMachine, parameters('serviceToken'), 'raw')]" + }, + "networkInterfaceName": { + "value": "[replace(parameters('hub').namingConvention.virtualMachineNetworkInterface, parameters('serviceToken'), 'remoteAccess-windows')]" + }, + "networkSecurityGroupResourceId": { + "value": "[parameters('hubNetworkSecurityGroupResourceId')]" }, - "networkInterfaceName": "[if(parameters('deployWindowsVirtualMachine'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('hubProperties').subscriptionId, parameters('hubProperties').resourceGroupName), 'Microsoft.Resources/deployments', 'remoteAccess-windowsNetworkInterface'), '2022-09-01').outputs.name.value), createObject('value', ''))]", "offer": { "value": "[parameters('windowsVmOffer')]" }, + "privateIPAddressAllocationMethod": { + "value": "[parameters('windowsNetworkInterfacePrivateIPAddressAllocationMethod')]" + }, "publisher": { "value": "[parameters('windowsVmPublisher')]" }, @@ -6904,6 +6125,9 @@ "storageAccountType": { "value": "[parameters('windowsVmStorageAccountType')]" }, + "subnetResourceId": { + "value": "[parameters('hubSubnetResourceId')]" + }, "tags": { "value": "[parameters('tags')]" }, @@ -6918,7 +6142,7 @@ "_generator": { "name": "bicep", "version": "0.27.1.19265", - "templateHash": "11144440230827394471" + "templateHash": "12051440793252806008" } }, "parameters": { @@ -6961,9 +6185,15 @@ "networkInterfaceName": { "type": "string" }, + "networkSecurityGroupResourceId": { + "type": "string" + }, "offer": { "type": "string" }, + "privateIPAddressAllocationMethod": { + "type": "string" + }, "publisher": { "type": "string" }, @@ -6976,6 +6206,9 @@ "storageAccountType": { "type": "string" }, + "subnetResourceId": { + "type": "string" + }, "tags": { "type": "object", "defaultValue": {} @@ -7006,7 +6239,7 @@ "networkProfile": { "networkInterfaces": [ { - "id": "[resourceId('Microsoft.Network/networkInterfaces', parameters('networkInterfaceName'))]", + "id": "[reference(resourceId('Microsoft.Resources/deployments', 'remoteAccess-windowsNetworkInterface'), '2022-09-01').outputs.id.value]", "properties": { "deleteOption": "Delete" } @@ -7049,7 +6282,10 @@ "dataDisks": "[parameters('dataDisks')]" }, "licenseType": "[if(parameters('hybridUseBenefit'), 'Windows_Server', null())]" - } + }, + "dependsOn": [ + "[resourceId('Microsoft.Resources/deployments', 'remoteAccess-windowsNetworkInterface')]" + ] }, { "type": "Microsoft.Compute/virtualMachines/extensions", @@ -7145,13 +6381,115 @@ "dependsOn": [ "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]" ] + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "remoteAccess-windowsNetworkInterface", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "location": { + "value": "[parameters('location')]" + }, + "mlzTags": { + "value": "[parameters('mlzTags')]" + }, + "name": { + "value": "[parameters('networkInterfaceName')]" + }, + "networkSecurityGroupResourceId": { + "value": "[parameters('networkSecurityGroupResourceId')]" + }, + "privateIPAddressAllocationMethod": { + "value": "[parameters('privateIPAddressAllocationMethod')]" + }, + "subnetResourceId": { + "value": "[parameters('subnetResourceId')]" + }, + "tags": { + "value": "[parameters('tags')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "10681682753551959771" + } + }, + "parameters": { + "location": { + "type": "string" + }, + "mlzTags": { + "type": "object", + "defaultValue": {} + }, + "name": { + "type": "string" + }, + "networkSecurityGroupResourceId": { + "type": "string" + }, + "privateIPAddressAllocationMethod": { + "type": "string" + }, + "subnetResourceId": { + "type": "string" + }, + "tags": { + "type": "object", + "defaultValue": {} + } + }, + "resources": [ + { + "type": "Microsoft.Network/networkInterfaces", + "apiVersion": "2021-02-01", + "name": "[parameters('name')]", + "location": "[parameters('location')]", + "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Network/networkInterfaces'), parameters('tags')['Microsoft.Network/networkInterfaces'], createObject()), parameters('mlzTags'))]", + "properties": { + "ipConfigurations": [ + { + "name": "ipconfig", + "properties": { + "subnet": { + "id": "[parameters('subnetResourceId')]" + }, + "privateIPAllocationMethod": "[parameters('privateIPAddressAllocationMethod')]" + } + } + ], + "networkSecurityGroup": { + "id": "[parameters('networkSecurityGroupResourceId')]" + } + } + } + ], + "outputs": { + "id": { + "type": "string", + "value": "[resourceId('Microsoft.Network/networkInterfaces', parameters('name'))]" + }, + "name": { + "type": "string", + "value": "[parameters('name')]" + } + } + } + } } ] } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('hubProperties').subscriptionId, parameters('hubProperties').resourceGroupName), 'Microsoft.Resources/deployments', 'remoteAccess-windowsNetworkInterface')]" - ] + } } ] } @@ -7160,7 +6498,8 @@ "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-hub-{0}', parameters('deploymentNameSuffix')))]", "[subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix')))]", "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-monitoring-{0}', parameters('deploymentNameSuffix')))]", - "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}', parameters('deploymentNameSuffix')))]" + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}', parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-resource-groups-{0}', parameters('deploymentNameSuffix')))]" ] }, { @@ -7193,13 +6532,13 @@ "value": "[parameters('logStorageSkuName')]" }, "mlzTags": { - "value": "[variables('mlzTags')]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.mlzTags.value]" }, - "networks": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.networks.value]" + "resourceGroupNames": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-resource-groups-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.names.value]" }, "serviceToken": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-naming-convention-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value.service]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value.service]" }, "storageEncryptionKeyName": { "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-hub-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.storageKeyName.value]" @@ -7210,6 +6549,9 @@ "tags": { "value": "[parameters('tags')]" }, + "tiers": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value]" + }, "userAssignedIdentityResourceId": { "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-hub-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.userAssignedIdentityResourceId.value]" } @@ -7221,7 +6563,7 @@ "_generator": { "name": "bicep", "version": "0.27.1.19265", - "templateHash": "13265980970397591955" + "templateHash": "14815858899021771781" } }, "parameters": { @@ -7237,16 +6579,16 @@ "keyVaultUri": { "type": "string" }, - "logStorageSkuName": { + "location": { "type": "string" }, - "location": { + "logStorageSkuName": { "type": "string" }, "mlzTags": { "type": "object" }, - "networks": { + "resourceGroupNames": { "type": "array" }, "serviceToken": { @@ -7261,6 +6603,9 @@ "tags": { "type": "object" }, + "tiers": { + "type": "array" + }, "userAssignedIdentityResourceId": { "type": "string" } @@ -7269,13 +6614,13 @@ { "copy": { "name": "storageAccount", - "count": "[length(parameters('networks'))]" + "count": "[length(parameters('tiers'))]" }, "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('deploy-storage-account-{0}-{1}', parameters('networks')[copyIndex()].name, parameters('deploymentNameSuffix'))]", - "subscriptionId": "[parameters('networks')[copyIndex()].subscriptionId]", - "resourceGroup": "[parameters('networks')[copyIndex()].resourceGroupName]", + "name": "[format('deploy-storage-account-{0}-{1}', parameters('tiers')[copyIndex()].name, parameters('deploymentNameSuffix'))]", + "subscriptionId": "[parameters('tiers')[copyIndex()].subscriptionId]", + "resourceGroup": "[parameters('resourceGroupNames')[copyIndex()]]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -7301,19 +6646,19 @@ "value": "[parameters('logStorageSkuName')]" }, "storageAccountName": { - "value": "[parameters('networks')[copyIndex()].logStorageAccountName]" + "value": "[parameters('tiers')[copyIndex()].namingConvention.storageAccount]" }, "storageAccountNetworkInterfaceNamePrefix": { - "value": "[parameters('networks')[copyIndex()].logStorageAccountNetworkInterfaceNamePrefix]" + "value": "[parameters('tiers')[copyIndex()].namingConvention.storageAccountNetworkInterface]" }, "storageAccountPrivateEndpointNamePrefix": { - "value": "[parameters('networks')[copyIndex()].logStorageAccountPrivateEndpointNamePrefix]" + "value": "[parameters('tiers')[copyIndex()].namingConvention.storageAccountPrivateEndpoint]" }, "storageEncryptionKeyName": { "value": "[parameters('storageEncryptionKeyName')]" }, "subnetResourceId": { - "value": "[resourceId(parameters('networks')[copyIndex()].subscriptionId, parameters('networks')[copyIndex()].resourceGroupName, 'Microsoft.Network/virtualNetworks/subnets', parameters('networks')[copyIndex()].virtualNetworkName, parameters('networks')[copyIndex()].subnetName)]" + "value": "[resourceId(parameters('tiers')[copyIndex()].subscriptionId, parameters('resourceGroupNames')[copyIndex()], 'Microsoft.Network/virtualNetworks/subnets', parameters('tiers')[copyIndex()].namingConvention.virtualNetwork, parameters('tiers')[copyIndex()].namingConvention.subnet)]" }, "tablesPrivateDnsZoneResourceId": { "value": "[parameters('tablesPrivateDnsZoneResourceId')]" @@ -7517,7 +6862,7 @@ "outputs": { "storageAccountResourceIds": { "type": "array", - "value": "[union(createArray(resourceId(parameters('networks')[0].subscriptionId, parameters('networks')[0].resourceGroupName, 'Microsoft.Storage/storageAccounts', parameters('networks')[0].logStorageAccountName), resourceId(parameters('networks')[1].subscriptionId, parameters('networks')[1].resourceGroupName, 'Microsoft.Storage/storageAccounts', parameters('networks')[1].logStorageAccountName), resourceId(parameters('networks')[2].subscriptionId, parameters('networks')[2].resourceGroupName, 'Microsoft.Storage/storageAccounts', parameters('networks')[2].logStorageAccountName)), if(parameters('deployIdentity'), createArray(resourceId(parameters('networks')[3].subscriptionId, parameters('networks')[3].resourceGroupName, 'Microsoft.Storage/storageAccounts', parameters('networks')[3].logStorageAccountName)), createArray()))]" + "value": "[union(createArray(resourceId(parameters('tiers')[0].subscriptionId, parameters('resourceGroupNames')[0], 'Microsoft.Storage/storageAccounts', parameters('tiers')[0].namingConvention.storageAccount), resourceId(parameters('tiers')[1].subscriptionId, parameters('resourceGroupNames')[1], 'Microsoft.Storage/storageAccounts', parameters('tiers')[1].namingConvention.storageAccount), resourceId(parameters('tiers')[2].subscriptionId, parameters('resourceGroupNames')[2], 'Microsoft.Storage/storageAccounts', parameters('tiers')[2].namingConvention.storageAccount)), if(parameters('deployIdentity'), createArray(resourceId(parameters('tiers')[3].subscriptionId, parameters('resourceGroupNames')[3], 'Microsoft.Storage/storageAccounts', parameters('tiers')[3].namingConvention.storageAccount)), createArray()))]" } } } @@ -7525,9 +6870,9 @@ "dependsOn": [ "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-hub-{0}', parameters('deploymentNameSuffix')))]", "[subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix')))]", - "[subscriptionResourceId('Microsoft.Resources/deployments', format('get-naming-convention-{0}', parameters('deploymentNameSuffix')))]", "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}', parameters('deploymentNameSuffix')))]", - "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-remote-access-{0}', parameters('deploymentNameSuffix')))]" + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-remote-access-{0}', parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-resource-groups-{0}', parameters('deploymentNameSuffix')))]" ] }, { @@ -7541,6 +6886,9 @@ }, "mode": "Incremental", "parameters": { + "deployBastion": { + "value": "[parameters('deployBastion')]" + }, "deploymentNameSuffix": { "value": "[parameters('deploymentNameSuffix')]" }, @@ -7550,41 +6898,35 @@ "firewallDiagnosticsMetrics": { "value": "[parameters('firewallDiagnosticsMetrics')]" }, - "KeyVaultName": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-hub-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.KeyVaultName.value]" + "keyVaultName": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-hub-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultName.value]" }, "keyVaultDiagnosticLogs": { - "value": "[parameters('KeyVaultDiagnosticsLogs')]" + "value": "[parameters('keyVaultDiagnosticsLogs')]" }, "logAnalyticsWorkspaceResourceId": { "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-monitoring-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.logAnalyticsWorkspaceResourceId.value]" }, - "networks": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.networks.value]" - }, - "networkSecurityGroupDiagnosticsLogs": { - "value": "[parameters('hubNetworkSecurityGroupDiagnosticsLogs')]" - }, - "networkSecurityGroupDiagnosticsMetrics": { - "value": "[parameters('hubNetworkSecurityGroupDiagnosticsMetrics')]" - }, "publicIPAddressDiagnosticsLogs": { "value": "[parameters('publicIPAddressDiagnosticsLogs')]" }, "publicIPAddressDiagnosticsMetrics": { "value": "[parameters('publicIPAddressDiagnosticsMetrics')]" }, + "resourceGroupNames": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-resource-groups-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.names.value]" + }, + "serviceToken": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tokens.value.service]" + }, "storageAccountResourceIds": { "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-log-storage-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.storageAccountResourceIds.value]" }, "supportedClouds": { "value": "[parameters('supportedClouds')]" }, - "virtualNetworkDiagnosticsLogs": { - "value": "[parameters('hubVirtualNetworkDiagnosticsLogs')]" - }, - "virtualNetworkDiagnosticsMetrics": { - "value": "[parameters('hubVirtualNetworkDiagnosticsMetrics')]" + "tiers": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value]" } }, "template": { @@ -7594,10 +6936,13 @@ "_generator": { "name": "bicep", "version": "0.27.1.19265", - "templateHash": "13564100680991707434" + "templateHash": "13913551355436490268" } }, "parameters": { + "deployBastion": { + "type": "bool" + }, "deploymentNameSuffix": { "type": "string" }, @@ -7607,29 +6952,26 @@ "firewallDiagnosticsMetrics": { "type": "array" }, - "KeyVaultName": { - "type": "string" - }, "keyVaultDiagnosticLogs": { "type": "array" }, - "logAnalyticsWorkspaceResourceId": { + "keyVaultName": { "type": "string" }, - "networks": { - "type": "array" + "logAnalyticsWorkspaceResourceId": { + "type": "string" }, - "networkSecurityGroupDiagnosticsLogs": { + "publicIPAddressDiagnosticsLogs": { "type": "array" }, - "networkSecurityGroupDiagnosticsMetrics": { + "publicIPAddressDiagnosticsMetrics": { "type": "array" }, - "publicIPAddressDiagnosticsLogs": { + "resourceGroupNames": { "type": "array" }, - "publicIPAddressDiagnosticsMetrics": { - "type": "array" + "serviceToken": { + "type": "string" }, "storageAccountResourceIds": { "type": "array" @@ -7637,34 +6979,28 @@ "supportedClouds": { "type": "array" }, - "virtualNetworkDiagnosticsLogs": { - "type": "array" - }, - "virtualNetworkDiagnosticsMetrics": { + "tiers": { "type": "array" } }, "variables": { - "hub": "[first(filter(parameters('networks'), lambda('network', equals(lambdaVariables('network').name, 'hub'))))]", - "hubResourceGroupName": "[variables('hub').resourceGroupName]", - "hubSubscriptionId": "[variables('hub').subscriptionId]", - "operations": "[first(filter(parameters('networks'), lambda('network', equals(lambdaVariables('network').name, 'operations'))))]", - "publicIPAddressNames": [ - "[variables('hub').firewallClientPublicIPAddressName]", - "[variables('hub').firewallManagementPublicIPAddressName]" - ] + "hub": "[filter(parameters('tiers'), lambda('tier', equals(lambdaVariables('tier').name, 'hub')))[0]]", + "hubResourceGroupName": "[filter(parameters('resourceGroupNames'), lambda('name', contains(lambdaVariables('name'), 'hub')))[0]]", + "operations": "[first(filter(parameters('tiers'), lambda('tier', equals(lambdaVariables('tier').name, 'operations'))))]", + "operationsResourceGroupName": "[filter(parameters('resourceGroupNames'), lambda('name', contains(lambdaVariables('name'), 'operations')))[0]]", + "publicIPAddresses": "[union(createArray(createObject('name', variables('hub').namingConvention.azureFirewallClientPublicIPAddress, 'diagName', variables('hub').namingConvention.azureFirewallClientPublicIPAddressDiagnosticSetting), createObject('name', variables('hub').namingConvention.azureFirewallManagementPublicIPAddress, 'diagName', variables('hub').namingConvention.azureFirewallManagementPublicIPAddressDiagnosticSetting)), if(parameters('deployBastion'), createArray(createObject('name', variables('hub').namingConvention.bastionHostPublicIPAddress, 'diagName', variables('hub').namingConvention.bastionHostPublicIPAddressDiagnosticSetting)), createArray()))]" }, "resources": [ { "copy": { "name": "activityLogDiagnosticSettings", - "count": "[length(parameters('networks'))]" + "count": "[length(parameters('tiers'))]" }, - "condition": "[parameters('networks')[copyIndex()].deployUniqueResources]", + "condition": "[parameters('tiers')[copyIndex()].deployUniqueResources]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('deploy-activity-diags-{0}-{1}', parameters('networks')[copyIndex()].name, parameters('deploymentNameSuffix'))]", - "subscriptionId": "[parameters('networks')[copyIndex()].subscriptionId]", + "name": "[format('deploy-activity-diags-{0}-{1}', parameters('tiers')[copyIndex()].name, parameters('deploymentNameSuffix'))]", + "subscriptionId": "[parameters('tiers')[copyIndex()].subscriptionId]", "location": "[deployment().location]", "properties": { "expressionEvaluationOptions": { @@ -7743,7 +7079,7 @@ "apiVersion": "2022-09-01", "name": "[format('deploy-law-diag-{0}', parameters('deploymentNameSuffix'))]", "subscriptionId": "[variables('operations').subscriptionId]", - "resourceGroup": "[variables('operations').resourceGroupName]", + "resourceGroup": "[variables('operationsResourceGroupName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -7751,7 +7087,10 @@ "mode": "Incremental", "parameters": { "diagnosticStorageAccountName": { - "value": "[variables('operations').logStorageAccountName]" + "value": "[variables('operations').namingConvention.storageAccount]" + }, + "logAnalyticsWorkspaceDiagnosticSettingName": { + "value": "[variables('operations').namingConvention.logAnalyticsWorkspaceDiagnosticSetting]" }, "logAnalyticsWorkspaceName": { "value": "[split(parameters('logAnalyticsWorkspaceResourceId'), '/')[8]]" @@ -7767,13 +7106,16 @@ "_generator": { "name": "bicep", "version": "0.27.1.19265", - "templateHash": "11712410170328172005" + "templateHash": "18083714839459110812" } }, "parameters": { "diagnosticStorageAccountName": { "type": "string" }, + "logAnalyticsWorkspaceDiagnosticSettingName": { + "type": "string" + }, "logAnalyticsWorkspaceName": { "type": "string" }, @@ -7787,7 +7129,7 @@ "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2017-05-01-preview", "scope": "[format('Microsoft.OperationalInsights/workspaces/{0}', parameters('logAnalyticsWorkspaceName'))]", - "name": "[format('diag-{0}', parameters('logAnalyticsWorkspaceName'))]", + "name": "[parameters('logAnalyticsWorkspaceDiagnosticSettingName')]", "properties": { "workspaceId": "[resourceId('Microsoft.OperationalInsights/workspaces', parameters('logAnalyticsWorkspaceName'))]", "storageAccountId": "[resourceId('Microsoft.Storage/storageAccounts', parameters('diagnosticStorageAccountName'))]", @@ -7812,13 +7154,13 @@ { "copy": { "name": "networkSecurityGroupDiagnostics", - "count": "[length(parameters('networks'))]" + "count": "[length(parameters('tiers'))]" }, "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('deploy-nsg-diags-{0}-{1}', parameters('networks')[copyIndex()].name, parameters('deploymentNameSuffix'))]", - "subscriptionId": "[parameters('networks')[copyIndex()].subscriptionId]", - "resourceGroup": "[parameters('networks')[copyIndex()].resourceGroupName]", + "name": "[format('deploy-nsg-diags-{0}-{1}', parameters('tiers')[copyIndex()].name, parameters('deploymentNameSuffix'))]", + "subscriptionId": "[parameters('tiers')[copyIndex()].subscriptionId]", + "resourceGroup": "[parameters('resourceGroupNames')[copyIndex()]]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -7829,16 +7171,19 @@ "value": "[parameters('logAnalyticsWorkspaceResourceId')]" }, "logs": { - "value": "[parameters('networkSecurityGroupDiagnosticsLogs')]" + "value": "[parameters('tiers')[copyIndex()].nsgDiagLogs]" }, "logStorageAccountResourceId": { "value": "[parameters('storageAccountResourceIds')[copyIndex()]]" }, "metrics": { - "value": "[parameters('networkSecurityGroupDiagnosticsMetrics')]" + "value": "[parameters('tiers')[copyIndex()].nsgDiagMetrics]" }, - "name": { - "value": "[parameters('networks')[copyIndex()].networkSecurityGroupName]" + "networkSecurityGroupDiagnosticSettingName": { + "value": "[parameters('tiers')[copyIndex()].namingConvention.networkSecurityGroupDiagnosticSetting]" + }, + "networkSecurityGroupName": { + "value": "[parameters('tiers')[copyIndex()].namingConvention.networkSecurityGroup]" } }, "template": { @@ -7848,13 +7193,10 @@ "_generator": { "name": "bicep", "version": "0.27.1.19265", - "templateHash": "17574917306879377899" + "templateHash": "12049539018034280966" } }, "parameters": { - "name": { - "type": "string" - }, "logAnalyticsWorkspaceResourceId": { "type": "string" }, @@ -7866,14 +7208,20 @@ }, "metrics": { "type": "array" + }, + "networkSecurityGroupDiagnosticSettingName": { + "type": "string" + }, + "networkSecurityGroupName": { + "type": "string" } }, "resources": [ { "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2017-05-01-preview", - "scope": "[format('Microsoft.Network/networkSecurityGroups/{0}', parameters('name'))]", - "name": "[format('{0}-diagnostics', parameters('name'))]", + "scope": "[format('Microsoft.Network/networkSecurityGroups/{0}', parameters('networkSecurityGroupName'))]", + "name": "[parameters('networkSecurityGroupDiagnosticSettingName')]", "properties": { "storageAccountId": "[parameters('logStorageAccountResourceId')]", "workspaceId": "[parameters('logAnalyticsWorkspaceResourceId')]", @@ -7888,13 +7236,13 @@ { "copy": { "name": "virtualNetworkDiagnostics", - "count": "[length(parameters('networks'))]" + "count": "[length(parameters('tiers'))]" }, "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('deploy-vnet-diags-{0}-{1}', parameters('networks')[copyIndex()].name, parameters('deploymentNameSuffix'))]", - "subscriptionId": "[parameters('networks')[copyIndex()].subscriptionId]", - "resourceGroup": "[parameters('networks')[copyIndex()].resourceGroupName]", + "name": "[format('deploy-vnet-diags-{0}-{1}', parameters('tiers')[copyIndex()].name, parameters('deploymentNameSuffix'))]", + "subscriptionId": "[parameters('tiers')[copyIndex()].subscriptionId]", + "resourceGroup": "[parameters('resourceGroupNames')[copyIndex()]]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -7905,16 +7253,19 @@ "value": "[parameters('logAnalyticsWorkspaceResourceId')]" }, "logs": { - "value": "[parameters('virtualNetworkDiagnosticsLogs')]" + "value": "[parameters('tiers')[copyIndex()].vnetDiagLogs]" }, "logStorageAccountResourceId": { "value": "[parameters('storageAccountResourceIds')[copyIndex()]]" }, "metrics": { - "value": "[parameters('virtualNetworkDiagnosticsMetrics')]" + "value": "[parameters('tiers')[copyIndex()].vnetDiagMetrics]" }, - "name": { - "value": "[parameters('networks')[copyIndex()].virtualNetworkName]" + "virtualNetworkDiagnosticSettingName": { + "value": "[parameters('tiers')[copyIndex()].namingConvention.virtualNetworkDiagnosticSetting]" + }, + "virtualNetworkName": { + "value": "[parameters('tiers')[copyIndex()].namingConvention.virtualNetwork]" } }, "template": { @@ -7924,7 +7275,7 @@ "_generator": { "name": "bicep", "version": "0.27.1.19265", - "templateHash": "17022277323540309911" + "templateHash": "13356625654141484072" } }, "parameters": { @@ -7940,7 +7291,10 @@ "metrics": { "type": "array" }, - "name": { + "virtualNetworkDiagnosticSettingName": { + "type": "string" + }, + "virtualNetworkName": { "type": "string" } }, @@ -7948,8 +7302,8 @@ { "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2017-05-01-preview", - "scope": "[format('Microsoft.Network/virtualNetworks/{0}', parameters('name'))]", - "name": "[format('{0}-diagnostics', parameters('name'))]", + "scope": "[format('Microsoft.Network/virtualNetworks/{0}', parameters('virtualNetworkName'))]", + "name": "[parameters('virtualNetworkDiagnosticSettingName')]", "properties": { "storageAccountId": "[parameters('logStorageAccountResourceId')]", "workspaceId": "[parameters('logAnalyticsWorkspaceResourceId')]", @@ -7964,12 +7318,12 @@ { "copy": { "name": "publicIpAddressDiagnostics", - "count": "[length(variables('publicIPAddressNames'))]" + "count": "[length(variables('publicIPAddresses'))]" }, "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('deploy-pip-diags-{0}-{1}-{2}', split(variables('publicIPAddressNames')[copyIndex()], '-')[2], split(variables('publicIPAddressNames')[copyIndex()], '-')[3], parameters('deploymentNameSuffix'))]", - "subscriptionId": "[variables('hubSubscriptionId')]", + "name": "[format('deploy-pip-diags-{0}-{1}-{2}', split(variables('publicIPAddresses')[copyIndex()].name, '-')[2], split(variables('publicIPAddresses')[copyIndex()].name, '-')[3], parameters('deploymentNameSuffix'))]", + "subscriptionId": "[variables('hub').subscriptionId]", "resourceGroup": "[variables('hubResourceGroupName')]", "properties": { "expressionEvaluationOptions": { @@ -7983,14 +7337,17 @@ "logAnalyticsWorkspaceResourceId": { "value": "[parameters('logAnalyticsWorkspaceResourceId')]" }, - "name": { - "value": "[variables('publicIPAddressNames')[copyIndex()]]" + "publicIPAddressDiagnosticSettingName": { + "value": "[variables('publicIPAddresses')[copyIndex()].diagName]" }, "publicIPAddressDiagnosticsLogs": { "value": "[parameters('publicIPAddressDiagnosticsLogs')]" }, "publicIPAddressDiagnosticsMetrics": { "value": "[parameters('publicIPAddressDiagnosticsMetrics')]" + }, + "publicIPAddressName": { + "value": "[variables('publicIPAddresses')[copyIndex()].name]" } }, "template": { @@ -8000,7 +7357,7 @@ "_generator": { "name": "bicep", "version": "0.27.1.19265", - "templateHash": "17517788364018363580" + "templateHash": "5486243867531845253" } }, "parameters": { @@ -8010,7 +7367,7 @@ "logAnalyticsWorkspaceResourceId": { "type": "string" }, - "name": { + "publicIPAddressDiagnosticSettingName": { "type": "string" }, "publicIPAddressDiagnosticsLogs": { @@ -8018,14 +7375,17 @@ }, "publicIPAddressDiagnosticsMetrics": { "type": "array" + }, + "publicIPAddressName": { + "type": "string" } }, "resources": [ { "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2017-05-01-preview", - "scope": "[format('Microsoft.Network/publicIPAddresses/{0}', parameters('name'))]", - "name": "[format('{0}-diagnostics', parameters('name'))]", + "scope": "[format('Microsoft.Network/publicIPAddresses/{0}', parameters('publicIPAddressName'))]", + "name": "[parameters('publicIPAddressDiagnosticSettingName')]", "properties": { "storageAccountId": "[parameters('hubStorageAccountResourceId')]", "workspaceId": "[parameters('logAnalyticsWorkspaceResourceId')]", @@ -8041,7 +7401,7 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('deploy-afw-diags-{0}', parameters('deploymentNameSuffix'))]", - "subscriptionId": "[variables('hubSubscriptionId')]", + "subscriptionId": "[variables('hub').subscriptionId]", "resourceGroup": "[variables('hubResourceGroupName')]", "properties": { "expressionEvaluationOptions": { @@ -8049,6 +7409,12 @@ }, "mode": "Incremental", "parameters": { + "firewallDiagnosticSettingsName": { + "value": "[variables('hub').namingConvention.azureFirewallDiagnosticSetting]" + }, + "firewallName": { + "value": "[variables('hub').namingConvention.azureFirewall]" + }, "logAnalyticsWorkspaceResourceId": { "value": "[parameters('logAnalyticsWorkspaceResourceId')]" }, @@ -8060,9 +7426,6 @@ }, "metrics": { "value": "[parameters('firewallDiagnosticsMetrics')]" - }, - "name": { - "value": "[variables('hub').firewallName]" } }, "template": { @@ -8072,10 +7435,16 @@ "_generator": { "name": "bicep", "version": "0.27.1.19265", - "templateHash": "9910322564976160147" + "templateHash": "14138036785238952784" } }, "parameters": { + "firewallDiagnosticSettingsName": { + "type": "string" + }, + "firewallName": { + "type": "string" + }, "logAnalyticsWorkspaceResourceId": { "type": "string" }, @@ -8087,17 +7456,14 @@ }, "metrics": { "type": "array" - }, - "name": { - "type": "string" } }, "resources": [ { "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2017-05-01-preview", - "scope": "[format('Microsoft.Network/azureFirewalls/{0}', parameters('name'))]", - "name": "[format('{0}-diagnostics', parameters('name'))]", + "scope": "[format('Microsoft.Network/azureFirewalls/{0}', parameters('firewallName'))]", + "name": "[parameters('firewallDiagnosticSettingsName')]", "properties": { "storageAccountId": "[parameters('logStorageAccountResourceId')]", "workspaceId": "[parameters('logAnalyticsWorkspaceResourceId')]", @@ -8109,7 +7475,7 @@ "outputs": { "privateIPAddress": { "type": "string", - "value": "[reference(resourceId('Microsoft.Network/azureFirewalls', parameters('name')), '2021-02-01').ipConfigurations[0].properties.privateIPAddress]" + "value": "[reference(resourceId('Microsoft.Network/azureFirewalls', parameters('firewallName')), '2021-02-01').ipConfigurations[0].properties.privateIPAddress]" } } } @@ -8119,7 +7485,7 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('deploy-kv-diags-{0}', parameters('deploymentNameSuffix'))]", - "subscriptionId": "[variables('hubSubscriptionId')]", + "subscriptionId": "[variables('hub').subscriptionId]", "resourceGroup": "[variables('hubResourceGroupName')]", "properties": { "expressionEvaluationOptions": { @@ -8127,17 +7493,20 @@ }, "mode": "Incremental", "parameters": { + "keyVaultDiagnosticSettingName": { + "value": "[replace(variables('hub').namingConvention.keyVaultDiagnosticSetting, parameters('serviceToken'), '')]" + }, + "keyVaultName": { + "value": "[parameters('keyVaultName')]" + }, + "keyVaultStorageAccountId": { + "value": "[parameters('storageAccountResourceIds')[0]]" + }, "logAnalyticsWorkspaceResourceId": { "value": "[parameters('logAnalyticsWorkspaceResourceId')]" }, "logs": { "value": "[parameters('keyVaultDiagnosticLogs')]" - }, - "keyVaultstorageAccountId": { - "value": "[parameters('storageAccountResourceIds')[0]]" - }, - "name": { - "value": "[parameters('KeyVaultName')]" } }, "template": { @@ -8147,31 +7516,34 @@ "_generator": { "name": "bicep", "version": "0.27.1.19265", - "templateHash": "7484969174915829356" + "templateHash": "11931053519285250235" } }, "parameters": { - "logAnalyticsWorkspaceResourceId": { + "keyVaultDiagnosticSettingName": { "type": "string" }, - "logs": { - "type": "array" + "keyVaultName": { + "type": "string" }, - "name": { + "keyVaultStorageAccountId": { "type": "string" }, - "keyVaultstorageAccountId": { + "logAnalyticsWorkspaceResourceId": { "type": "string" + }, + "logs": { + "type": "array" } }, "resources": [ { "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2017-05-01-preview", - "scope": "[format('Microsoft.KeyVault/vaults/{0}', parameters('name'))]", - "name": "[format('{0}-diagnostics', parameters('name'))]", + "scope": "[format('Microsoft.KeyVault/vaults/{0}', parameters('keyVaultName'))]", + "name": "[parameters('keyVaultDiagnosticSettingName')]", "properties": { - "storageAccountId": "[parameters('keyVaultstorageAccountId')]", + "storageAccountId": "[parameters('keyVaultStorageAccountId')]", "workspaceId": "[parameters('logAnalyticsWorkspaceResourceId')]", "logs": "[parameters('logs')]" } @@ -8188,6 +7560,7 @@ "[subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix')))]", "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-monitoring-{0}', parameters('deploymentNameSuffix')))]", "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}', parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-resource-groups-{0}', parameters('deploymentNameSuffix')))]", "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-log-storage-{0}', parameters('deploymentNameSuffix')))]" ] }, @@ -8212,11 +7585,14 @@ "logAnalyticsWorkspaceResourceId": { "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-monitoring-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.logAnalyticsWorkspaceResourceId.value]" }, - "networks": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.networks.value]" - }, "policy": { "value": "[parameters('policy')]" + }, + "resourceGroupNames": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-resource-groups-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.names.value]" + }, + "tiers": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value]" } }, "template": { @@ -8226,7 +7602,7 @@ "_generator": { "name": "bicep", "version": "0.27.1.19265", - "templateHash": "18352303562183670014" + "templateHash": "3051253647042281743" } }, "parameters": { @@ -8239,24 +7615,27 @@ "logAnalyticsWorkspaceResourceId": { "type": "string" }, - "networks": { - "type": "array" - }, "policy": { "type": "string" + }, + "resourceGroupNames": { + "type": "array" + }, + "tiers": { + "type": "array" } }, "resources": [ { "copy": { "name": "policyAssignment", - "count": "[length(parameters('networks'))]" + "count": "[length(parameters('tiers'))]" }, "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('assign-policy-{0}-{1}', parameters('networks')[copyIndex()].name, parameters('deploymentNameSuffix'))]", - "subscriptionId": "[parameters('networks')[copyIndex()].subscriptionId]", - "resourceGroup": "[parameters('networks')[copyIndex()].resourceGroupName]", + "name": "[format('assign-policy-{0}-{1}', parameters('tiers')[copyIndex()].name, parameters('deploymentNameSuffix'))]", + "subscriptionId": "[parameters('tiers')[copyIndex()].subscriptionId]", + "resourceGroup": "[parameters('resourceGroupNames')[copyIndex()]]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -8512,7 +7891,8 @@ }, "dependsOn": [ "[subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix')))]", - "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-monitoring-{0}', parameters('deploymentNameSuffix')))]" + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-monitoring-{0}', parameters('deploymentNameSuffix')))]", + "[subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-resource-groups-{0}', parameters('deploymentNameSuffix')))]" ] }, { @@ -8527,6 +7907,9 @@ }, "mode": "Incremental", "parameters": { + "defenderPlans": { + "value": "[parameters('deployDefenderPlans')]" + }, "defenderSkuTier": { "value": "[parameters('defenderSkuTier')]" }, @@ -8539,11 +7922,8 @@ "logAnalyticsWorkspaceResourceId": { "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-monitoring-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.logAnalyticsWorkspaceResourceId.value]" }, - "networks": { - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.networks.value]" - }, - "defenderPlans": { - "value": "[parameters('deployDefenderPlans')]" + "tiers": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value]" } }, "template": { @@ -8553,10 +7933,16 @@ "_generator": { "name": "bicep", "version": "0.27.1.19265", - "templateHash": "8123008071018852221" + "templateHash": "7356216205468542805" } }, "parameters": { + "defenderPlans": { + "type": "array", + "defaultValue": [ + "VirtualMachines" + ] + }, "defenderSkuTier": { "type": "string" }, @@ -8569,27 +7955,21 @@ "logAnalyticsWorkspaceResourceId": { "type": "string" }, - "networks": { + "tiers": { "type": "array" - }, - "defenderPlans": { - "type": "array", - "defaultValue": [ - "VirtualMachines" - ] } }, "resources": [ { "copy": { "name": "defenderForCloud", - "count": "[length(parameters('networks'))]" + "count": "[length(parameters('tiers'))]" }, - "condition": "[parameters('networks')[copyIndex()].deployUniqueResources]", + "condition": "[parameters('tiers')[copyIndex()].deployUniqueResources]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('set-defender-{0}-{1}', parameters('networks')[copyIndex()].name, parameters('deploymentNameSuffix'))]", - "subscriptionId": "[parameters('networks')[copyIndex()].subscriptionId]", + "name": "[format('set-defender-{0}-{1}', parameters('tiers')[copyIndex()].name, parameters('deploymentNameSuffix'))]", + "subscriptionId": "[parameters('tiers')[copyIndex()].subscriptionId]", "location": "[deployment().location]", "properties": { "expressionEvaluationOptions": { @@ -8860,10 +8240,6 @@ "type": "string", "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-hub-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.diskEncryptionSetResourceId.value]" }, - "hubSubnetResourceId": { - "type": "string", - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.hubSubnetResourceId.value]" - }, "hubVirtualNetworkResourceId": { "type": "string", "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.hubVirtualNetworkResourceId.value]" @@ -8872,13 +8248,21 @@ "type": "string", "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.identitySubnetResourceId.value]" }, + "locationProperties": { + "type": "object", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.locationProperties.value]" + }, "logAnalyticsWorkspaceResourceId": { "type": "string", "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-monitoring-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.logAnalyticsWorkspaceResourceId.value]" }, - "networks": { + "sharedServicesSubnetResourceId": { + "type": "string", + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.sharedServicesSubnetResourceId.value]" + }, + "tiers": { "type": "array", - "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.networks.value]" + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.tiers.value]" } } } \ No newline at end of file diff --git a/src/bicep/modules/bastion-host.bicep b/src/bicep/modules/bastion-host.bicep index e8245328e..29606f41b 100644 --- a/src/bicep/modules/bastion-host.bicep +++ b/src/bicep/modules/bastion-host.bicep @@ -4,7 +4,6 @@ Licensed under the MIT License. */ param bastionHostSubnetResourceId string -param ipConfigurationName string param location string param mlzTags object param name string @@ -34,7 +33,7 @@ resource bastionHost 'Microsoft.Network/bastionHosts@2021-02-01' = { properties: { ipConfigurations: [ { - name: ipConfigurationName + name: 'ipconfig' properties: { subnet: { id: bastionHostSubnetResourceId diff --git a/src/bicep/modules/customer-managed-keys.bicep b/src/bicep/modules/customer-managed-keys.bicep index 0f6a3e09b..1786c15fa 100644 --- a/src/bicep/modules/customer-managed-keys.bicep +++ b/src/bicep/modules/customer-managed-keys.bicep @@ -9,18 +9,20 @@ param deploymentNameSuffix string param keyVaultPrivateDnsZoneResourceId string param location string param mlzTags object -param networkProperties object +param resourceGroupName string param subnetResourceId string param tags object +param tier object +param tokens object module keyVault 'key-vault.bicep' = { name: 'deploy-key-vault-${deploymentNameSuffix}' - scope: resourceGroup(networkProperties.subscriptionId, networkProperties.resourceGroupName) + scope: resourceGroup(tier.subscriptionId, resourceGroupName) params: { - keyVaultName: networkProperties.keyVaultName - keyVaultNetworkInterfaceName: networkProperties.keyVaultNetworkInterfaceName + keyVaultName: take(replace(tier.namingConvention.keyVault, tokens.service, ''), 24) + keyVaultNetworkInterfaceName: replace(tier.namingConvention.keyVaultNetworkInterface, tokens.service, '') keyVaultPrivateDnsZoneResourceId: keyVaultPrivateDnsZoneResourceId - keyVaultPrivateEndpointName: networkProperties.keyVaultPrivateEndpointName + keyVaultPrivateEndpointName: replace(tier.namingConvention.keyVaultPrivateEndpoint, tokens.service, '') location: location mlzTags: mlzTags subnetResourceId: subnetResourceId @@ -30,10 +32,10 @@ module keyVault 'key-vault.bicep' = { module diskEncryptionSet 'disk-encryption-set.bicep' = { name: 'deploy-disk-encryption-set-${deploymentNameSuffix}' - scope: resourceGroup(networkProperties.subscriptionId, networkProperties.resourceGroupName) + scope: resourceGroup(tier.subscriptionId, resourceGroupName) params: { deploymentNameSuffix: deploymentNameSuffix - diskEncryptionSetName: networkProperties.diskEncryptionSetName + diskEncryptionSetName: tier.namingConvention.diskEncryptionSet keyUrl: keyVault.outputs.keyUriWithVersion keyVaultResourceId: keyVault.outputs.keyVaultResourceId location: location @@ -44,17 +46,18 @@ module diskEncryptionSet 'disk-encryption-set.bicep' = { module userAssignedIdentity 'user-assigned-identity.bicep' = { name: 'deploy-user-assigned-identity-${deploymentNameSuffix}' - scope: resourceGroup(networkProperties.subscriptionId, networkProperties.resourceGroupName) + scope: resourceGroup(tier.subscriptionId, resourceGroupName) params: { + keyVaultName: keyVault.outputs.keyVaultName location: location mlzTags: mlzTags - name: networkProperties.userAssignedIdentityName tags: tags + userAssignedIdentityName: replace(tier.namingConvention.userAssignedIdentity, '-${tokens.service}', '') } } output diskEncryptionSetResourceId string = diskEncryptionSet.outputs.resourceId -output KeyVaultName string = keyVault.outputs.keyVaultName +output keyVaultName string = keyVault.outputs.keyVaultName output keyVaultUri string = keyVault.outputs.keyVaultUri output keyVaultResourceId string = keyVault.outputs.keyVaultResourceId output storageKeyName string = keyVault.outputs.storageKeyName diff --git a/src/bicep/modules/defenderForCloud.bicep b/src/bicep/modules/defender-for-cloud.bicep similarity index 100% rename from src/bicep/modules/defenderForCloud.bicep rename to src/bicep/modules/defender-for-cloud.bicep diff --git a/src/bicep/modules/defenderforClouds.bicep b/src/bicep/modules/defender-for-clouds.bicep similarity index 66% rename from src/bicep/modules/defenderforClouds.bicep rename to src/bicep/modules/defender-for-clouds.bicep index f739030eb..52f32801c 100644 --- a/src/bicep/modules/defenderforClouds.bicep +++ b/src/bicep/modules/defender-for-clouds.bicep @@ -5,16 +5,16 @@ Licensed under the MIT License. targetScope = 'subscription' +param defenderPlans array = ['VirtualMachines'] param defenderSkuTier string param deploymentNameSuffix string param emailSecurityContact string param logAnalyticsWorkspaceResourceId string -param networks array -param defenderPlans array = ['VirtualMachines'] +param tiers array -module defenderForCloud 'defenderForCloud.bicep' = [for network in networks: if (network.deployUniqueResources) { - name: 'set-defender-${network.name}-${deploymentNameSuffix}' - scope: subscription(network.subscriptionId) +module defenderForCloud 'defender-for-cloud.bicep' = [for tier in tiers: if (tier.deployUniqueResources) { + name: 'set-defender-${tier.name}-${deploymentNameSuffix}' + scope: subscription(tier.subscriptionId) params: { logAnalyticsWorkspaceId: logAnalyticsWorkspaceResourceId emailSecurityContact: emailSecurityContact diff --git a/src/bicep/modules/diagnostics.bicep b/src/bicep/modules/diagnostics.bicep index 60c8d65bc..51ec92fe7 100644 --- a/src/bicep/modules/diagnostics.bicep +++ b/src/bicep/modules/diagnostics.bicep @@ -5,34 +5,44 @@ Licensed under the MIT License. targetScope = 'subscription' +param deployBastion bool param deploymentNameSuffix string param firewallDiagnosticsLogs array param firewallDiagnosticsMetrics array -param KeyVaultName string param keyVaultDiagnosticLogs array +param keyVaultName string param logAnalyticsWorkspaceResourceId string -param networks array -param networkSecurityGroupDiagnosticsLogs array -param networkSecurityGroupDiagnosticsMetrics array param publicIPAddressDiagnosticsLogs array param publicIPAddressDiagnosticsMetrics array +param resourceGroupNames array +param serviceToken string param storageAccountResourceIds array param supportedClouds array -param virtualNetworkDiagnosticsLogs array -param virtualNetworkDiagnosticsMetrics array +param tiers array -var hub = first(filter(networks, network => network.name == 'hub')) -var hubResourceGroupName = hub.resourceGroupName -var hubSubscriptionId = hub.subscriptionId -var operations = first(filter(networks, network => network.name == 'operations')) -var publicIPAddressNames = [ - hub.firewallClientPublicIPAddressName - hub.firewallManagementPublicIPAddressName -] +var hub = (filter(tiers, tier => tier.name == 'hub'))[0] +var hubResourceGroupName = filter(resourceGroupNames, name => contains(name, 'hub'))[0] +var operations = first(filter(tiers, tier => tier.name == 'operations')) +var operationsResourceGroupName = filter(resourceGroupNames, name => contains(name, 'operations'))[0] +var publicIPAddresses = union([ + { + name: hub.namingConvention.azureFirewallClientPublicIPAddress + diagName: hub.namingConvention.azureFirewallClientPublicIPAddressDiagnosticSetting + } + { + name: hub.namingConvention.azureFirewallManagementPublicIPAddress + diagName: hub.namingConvention.azureFirewallManagementPublicIPAddressDiagnosticSetting + } +], deployBastion ? [ + { + name: hub.namingConvention.bastionHostPublicIPAddress + diagName: hub.namingConvention.bastionHostPublicIPAddressDiagnosticSetting + } +] : []) -module activityLogDiagnosticSettings 'activity-log-diagnostic-settings.bicep' = [for (network, i) in networks: if (network.deployUniqueResources) { - name: 'deploy-activity-diags-${network.name}-${deploymentNameSuffix}' - scope: subscription(network.subscriptionId) +module activityLogDiagnosticSettings 'activity-log-diagnostic-settings.bicep' = [for (tier, i) in tiers: if (tier.deployUniqueResources) { + name: 'deploy-activity-diags-${tier.name}-${deploymentNameSuffix}' + scope: subscription(tier.subscriptionId) params: { logAnalyticsWorkspaceId: logAnalyticsWorkspaceResourceId } @@ -40,69 +50,75 @@ module activityLogDiagnosticSettings 'activity-log-diagnostic-settings.bicep' = module logAnalyticsWorkspaceDiagnosticSetting 'log-analytics-diagnostic-setting.bicep' = { name: 'deploy-law-diag-${deploymentNameSuffix}' - scope: resourceGroup(operations.subscriptionId, operations.resourceGroupName) + scope: resourceGroup(operations.subscriptionId, operationsResourceGroupName) params: { - diagnosticStorageAccountName: operations.logStorageAccountName + diagnosticStorageAccountName: operations.namingConvention.storageAccount + logAnalyticsWorkspaceDiagnosticSettingName: operations.namingConvention.logAnalyticsWorkspaceDiagnosticSetting logAnalyticsWorkspaceName: split(logAnalyticsWorkspaceResourceId, '/')[8] supportedClouds: supportedClouds } } -module networkSecurityGroupDiagnostics '../modules/network-security-group-diagnostics.bicep' = [for (network, i) in networks: { - name: 'deploy-nsg-diags-${network.name}-${deploymentNameSuffix}' - scope: resourceGroup(network.subscriptionId, network.resourceGroupName) +module networkSecurityGroupDiagnostics '../modules/network-security-group-diagnostics.bicep' = [for (tier, i) in tiers: { + name: 'deploy-nsg-diags-${tier.name}-${deploymentNameSuffix}' + scope: resourceGroup(tier.subscriptionId, resourceGroupNames[i]) params: { logAnalyticsWorkspaceResourceId: logAnalyticsWorkspaceResourceId - logs: networkSecurityGroupDiagnosticsLogs + logs: tier.nsgDiagLogs logStorageAccountResourceId: storageAccountResourceIds[i] - metrics: networkSecurityGroupDiagnosticsMetrics - name: network.networkSecurityGroupName + metrics: tier.nsgDiagMetrics + networkSecurityGroupDiagnosticSettingName: tier.namingConvention.networkSecurityGroupDiagnosticSetting + networkSecurityGroupName: tier.namingConvention.networkSecurityGroup } }] -module virtualNetworkDiagnostics '../modules/virtual-network-diagnostics.bicep' = [for (network, i) in networks: { - name: 'deploy-vnet-diags-${network.name}-${deploymentNameSuffix}' - scope: resourceGroup(network.subscriptionId, network.resourceGroupName) +module virtualNetworkDiagnostics '../modules/virtual-network-diagnostics.bicep' = [for (tier, i) in tiers: { + name: 'deploy-vnet-diags-${tier.name}-${deploymentNameSuffix}' + scope: resourceGroup(tier.subscriptionId, resourceGroupNames[i]) params: { logAnalyticsWorkspaceResourceId: logAnalyticsWorkspaceResourceId - logs: virtualNetworkDiagnosticsLogs + logs: tier.vnetDiagLogs logStorageAccountResourceId: storageAccountResourceIds[i] - metrics: virtualNetworkDiagnosticsMetrics - name: network.virtualNetworkName + metrics: tier.vnetDiagMetrics + virtualNetworkDiagnosticSettingName: tier.namingConvention.virtualNetworkDiagnosticSetting + virtualNetworkName: tier.namingConvention.virtualNetwork } }] -module publicIpAddressDiagnostics '../modules/public-ip-address-diagnostics.bicep' = [for publicIPAddressName in publicIPAddressNames: { - name: 'deploy-pip-diags-${split(publicIPAddressName, '-')[2]}-${split(publicIPAddressName, '-')[3]}-${deploymentNameSuffix}' - scope: resourceGroup(hubSubscriptionId, hubResourceGroupName) +module publicIpAddressDiagnostics '../modules/public-ip-address-diagnostics.bicep' = [for publicIPAddress in publicIPAddresses: { + name: 'deploy-pip-diags-${split(publicIPAddress.name, '-')[2]}-${split(publicIPAddress.name, '-')[3]}-${deploymentNameSuffix}' + scope: resourceGroup(hub.subscriptionId, hubResourceGroupName) params: { hubStorageAccountResourceId: storageAccountResourceIds[0] logAnalyticsWorkspaceResourceId: logAnalyticsWorkspaceResourceId - name: publicIPAddressName + publicIPAddressDiagnosticSettingName: publicIPAddress.diagName publicIPAddressDiagnosticsLogs: publicIPAddressDiagnosticsLogs publicIPAddressDiagnosticsMetrics: publicIPAddressDiagnosticsMetrics + publicIPAddressName: publicIPAddress.name } }] module firewallDiagnostics '../modules/firewall-diagnostics.bicep' = { name: 'deploy-afw-diags-${deploymentNameSuffix}' - scope: resourceGroup(hubSubscriptionId, hubResourceGroupName) + scope: resourceGroup(hub.subscriptionId, hubResourceGroupName) params: { + firewallDiagnosticSettingsName: hub.namingConvention.azureFirewallDiagnosticSetting + firewallName: hub.namingConvention.azureFirewall logAnalyticsWorkspaceResourceId: logAnalyticsWorkspaceResourceId logs: firewallDiagnosticsLogs logStorageAccountResourceId: storageAccountResourceIds[0] metrics: firewallDiagnosticsMetrics - name: hub.firewallName } } module keyvaultDiagnostics '../modules/key-vault-diagnostics.bicep' = { name: 'deploy-kv-diags-${deploymentNameSuffix}' - scope: resourceGroup(hubSubscriptionId, hubResourceGroupName) + scope: resourceGroup(hub.subscriptionId, hubResourceGroupName) params: { + keyVaultDiagnosticSettingName: replace(hub.namingConvention.keyVaultDiagnosticSetting, serviceToken, '') + keyVaultName: keyVaultName + keyVaultStorageAccountId: storageAccountResourceIds[0] logAnalyticsWorkspaceResourceId: logAnalyticsWorkspaceResourceId logs: keyVaultDiagnosticLogs - keyVaultstorageAccountId: storageAccountResourceIds[0] - name: KeyVaultName } } diff --git a/src/bicep/modules/firewall-diagnostics.bicep b/src/bicep/modules/firewall-diagnostics.bicep index 77c45b69d..6142d138c 100644 --- a/src/bicep/modules/firewall-diagnostics.bicep +++ b/src/bicep/modules/firewall-diagnostics.bicep @@ -3,19 +3,20 @@ Copyright (c) Microsoft Corporation. Licensed under the MIT License. */ +param firewallDiagnosticSettingsName string +param firewallName string param logAnalyticsWorkspaceResourceId string param logs array param logStorageAccountResourceId string param metrics array -param name string resource firewall 'Microsoft.Network/azureFirewalls@2021-02-01' existing = { - name: name + name: firewallName } resource diagnostics 'Microsoft.Insights/diagnosticSettings@2017-05-01-preview' = { scope: firewall - name: '${firewall.name}-diagnostics' + name: firewallDiagnosticSettingsName properties: { storageAccountId: logStorageAccountResourceId workspaceId: logAnalyticsWorkspaceResourceId diff --git a/src/bicep/modules/firewall.bicep b/src/bicep/modules/firewall.bicep index 273713ac9..eb903356b 100644 --- a/src/bicep/modules/firewall.bicep +++ b/src/bicep/modules/firewall.bicep @@ -3,7 +3,6 @@ Copyright (c) Microsoft Corporation. Licensed under the MIT License. */ -param clientIpConfigurationName string param clientIpConfigurationSubnetResourceId string param clientIpConfigurationPublicIPAddressResourceId string param dnsServers array @@ -17,7 +16,6 @@ param firewallSupernetIPAddress string ]) param intrusionDetectionMode string param location string -param managementIpConfigurationName string param managementIpConfigurationSubnetResourceId string param managementIpConfigurationPublicIPAddressResourceId string param mlzTags object @@ -184,7 +182,7 @@ resource firewall 'Microsoft.Network/azureFirewalls@2021-02-01' = { properties: { ipConfigurations: [ { - name: clientIpConfigurationName + name: 'ipconfig-client' properties: { subnet: { id: clientIpConfigurationSubnetResourceId @@ -196,7 +194,7 @@ resource firewall 'Microsoft.Network/azureFirewalls@2021-02-01' = { } ] managementIpConfiguration: { - name: managementIpConfigurationName + name: 'ipconfig-management' properties: { subnet: { id: managementIpConfigurationSubnetResourceId diff --git a/src/bicep/modules/hub-network-peerings.bicep b/src/bicep/modules/hub-network-peerings.bicep index 4dcf6d6bc..54a079b41 100644 --- a/src/bicep/modules/hub-network-peerings.bicep +++ b/src/bicep/modules/hub-network-peerings.bicep @@ -3,13 +3,23 @@ Copyright (c) Microsoft Corporation. Licensed under the MIT License. */ +targetScope = 'subscription' + param hubVirtualNetworkName string -param spokes array +param resourceGroupName string +param spokeName string +param spokeVirtualNetworkResourceId string +param subscriptionId string -module hubToSpokePeering '../modules/virtual-network-peering.bicep' = [ for spoke in spokes: { - name: 'hub-to-${spoke.type}-vnet-peering' +module hubToSpokePeering '../modules/virtual-network-peering.bicep' = { + name: 'hub-to-${spokeName}-vnet-peering' + scope: resourceGroup(subscriptionId, resourceGroupName) params: { - name: '${hubVirtualNetworkName}/to-${spoke.virtualNetworkName}' - remoteVirtualNetworkResourceId: spoke.virtualNetworkResourceId + remoteVirtualNetworkResourceId: spokeVirtualNetworkResourceId + virtualNetworkName: hubVirtualNetworkName + virtualNetworkPeerName: 'to-${split(spokeVirtualNetworkResourceId, '/')[8]}' } -}] +} + + + diff --git a/src/bicep/modules/hub-network.bicep b/src/bicep/modules/hub-network.bicep index 417b70a96..a65e41e38 100644 --- a/src/bicep/modules/hub-network.bicep +++ b/src/bicep/modules/hub-network.bicep @@ -8,27 +8,19 @@ param deployNetworkWatcher bool param deployBastion bool param dnsServers array param enableProxy bool -param firewallClientIpConfigurationName string param firewallClientPrivateIpAddress string param firewallClientPublicIPAddressAvailabilityZones array param firewallClientPublicIPAddressName string -param firewallClientPublicIPAddressSkuName string -param firewallClientPublicIpAllocationMethod string param firewallClientSubnetAddressPrefix string -param firewallClientSubnetName string @allowed([ 'Alert' 'Deny' 'Off' ]) param firewallIntrusionDetectionMode string -param firewallManagementIpConfigurationName string param firewallManagementPublicIPAddressAvailabilityZones array param firewallManagementPublicIPAddressName string -param firewallManagementPublicIPAddressSkuName string -param firewallManagementPublicIpAllocationMethod string param firewallManagementSubnetAddressPrefix string -param firewallManagementSubnetName string param firewallName string param firewallPolicyName string param firewallSkuTier string @@ -45,9 +37,6 @@ param networkSecurityGroupName string param networkSecurityGroupRules array param networkWatcherName string param routeTableName string -param routeTableRouteAddressPrefix string = '0.0.0.0/0' -param routeTableRouteName string = 'default_route' -param routeTableRouteNextHopType string = 'VirtualAppliance' param subnetAddressPrefix string param subnetName string param tags object @@ -55,16 +44,7 @@ param virtualNetworkAddressPrefix string param virtualNetworkName string param vNetDnsServers array -var subnets = union(subnetsCommon, subnetsBastion) -var subnetsBastion = deployBastion ? [ - { - name: 'AzureBastionSubnet' - properties: { - addressPrefix: bastionHostSubnetAddressPrefix - } - } -] : [] -var subnetsCommon = [ +var subnets = union([ { name: 'AzureFirewallSubnet' properties: { @@ -91,7 +71,14 @@ var subnetsCommon = [ } } } -] +], deployBastion ? [ + { + name: 'AzureBastionSubnet' + properties: { + addressPrefix: bastionHostSubnetAddressPrefix + } + } +] : []) module networkSecurityGroup '../modules/network-security-group.bicep' = { name: 'networkSecurityGroup' @@ -111,10 +98,7 @@ module routeTable '../modules/route-table.bicep' = { location: location mlzTags: mlzTags name: routeTableName - routeAddressPrefix: routeTableRouteAddressPrefix - routeName: routeTableRouteName routeNextHopIpAddress: firewallClientPrivateIpAddress - routeNextHopType: routeTableRouteNextHopType tags: tags } } @@ -153,8 +137,8 @@ module firewallClientPublicIPAddress '../modules/public-ip-address.bicep' = { location: location mlzTags: mlzTags name: firewallClientPublicIPAddressName - publicIpAllocationMethod: firewallClientPublicIpAllocationMethod - skuName: firewallClientPublicIPAddressSkuName + publicIpAllocationMethod: 'Static' + skuName: 'Standard' tags: tags } } @@ -166,8 +150,8 @@ module firewallManagementPublicIPAddress '../modules/public-ip-address.bicep' = location: location mlzTags: mlzTags name: firewallManagementPublicIPAddressName - publicIpAllocationMethod: firewallManagementPublicIpAllocationMethod - skuName: firewallManagementPublicIPAddressSkuName + publicIpAllocationMethod: 'Static' + skuName: 'Standard' tags: tags } } @@ -175,18 +159,16 @@ module firewallManagementPublicIPAddress '../modules/public-ip-address.bicep' = module firewall '../modules/firewall.bicep' = { name: 'firewall' params: { - clientIpConfigurationName: firewallClientIpConfigurationName clientIpConfigurationPublicIPAddressResourceId: firewallClientPublicIPAddress.outputs.id - clientIpConfigurationSubnetResourceId: '${virtualNetwork.outputs.id}/subnets/${firewallClientSubnetName}' + clientIpConfigurationSubnetResourceId: '${virtualNetwork.outputs.id}/subnets/AzureFirewallSubnet' dnsServers: dnsServers enableProxy: enableProxy firewallPolicyName: firewallPolicyName firewallSupernetIPAddress: firewallSupernetIPAddress intrusionDetectionMode: firewallIntrusionDetectionMode location: location - managementIpConfigurationName: firewallManagementIpConfigurationName managementIpConfigurationPublicIPAddressResourceId: firewallManagementPublicIPAddress.outputs.id - managementIpConfigurationSubnetResourceId: '${virtualNetwork.outputs.id}/subnets/${firewallManagementSubnetName}' + managementIpConfigurationSubnetResourceId: '${virtualNetwork.outputs.id}/subnets/AzureFirewallManagementSubnet' mlzTags: mlzTags name: firewallName skuTier: firewallSkuTier diff --git a/src/bicep/modules/key-vault-diagnostics.bicep b/src/bicep/modules/key-vault-diagnostics.bicep index e6ae2174f..1bd41fd9c 100644 --- a/src/bicep/modules/key-vault-diagnostics.bicep +++ b/src/bicep/modules/key-vault-diagnostics.bicep @@ -3,20 +3,21 @@ Copyright (c) Microsoft Corporation. Licensed under the MIT License. */ +param keyVaultDiagnosticSettingName string +param keyVaultName string +param keyVaultStorageAccountId string param logAnalyticsWorkspaceResourceId string param logs array -param name string -param keyVaultstorageAccountId string resource keyvault 'Microsoft.KeyVault/vaults@2022-07-01' existing = { - name: name + name: keyVaultName } resource diagnostics 'Microsoft.Insights/diagnosticSettings@2017-05-01-preview' = { scope: keyvault - name: '${keyvault.name}-diagnostics' + name: keyVaultDiagnosticSettingName properties: { - storageAccountId: keyVaultstorageAccountId + storageAccountId: keyVaultStorageAccountId workspaceId: logAnalyticsWorkspaceResourceId logs: logs } diff --git a/src/bicep/modules/linux-virtual-machine.bicep b/src/bicep/modules/linux-virtual-machine.bicep index 10db7c024..da5233fd1 100644 --- a/src/bicep/modules/linux-virtual-machine.bicep +++ b/src/bicep/modules/linux-virtual-machine.bicep @@ -19,8 +19,11 @@ param logAnalyticsWorkspaceId string param mlzTags object param name string param networkInterfaceName string +param networkSecurityGroupResourceId string param osDiskCreateOption string param osDiskType string +param privateIPAddressAllocationMethod string +param subnetResourceId string param tags object param vmImageOffer string param vmImagePublisher string @@ -40,9 +43,18 @@ var linuxConfiguration = { } } -resource networkInterface 'Microsoft.Network/networkInterfaces@2021-02-01' existing = { - name: networkInterfaceName -} +module networkInterface '../modules/network-interface.bicep' = { + name: 'remoteAccess-linuxNetworkInterface' + params: { + location: location + mlzTags: mlzTags + name: networkInterfaceName + networkSecurityGroupResourceId: networkSecurityGroupResourceId + privateIPAddressAllocationMethod: privateIPAddressAllocationMethod + subnetResourceId: subnetResourceId + tags: tags + } + } resource virtualMachine 'Microsoft.Compute/virtualMachines@2021-04-01' = { name: name @@ -60,7 +72,7 @@ resource virtualMachine 'Microsoft.Compute/virtualMachines@2021-04-01' = { networkProfile: { networkInterfaces: [ { - id: networkInterface.id + id: networkInterface.outputs.id properties: { deleteOption: 'Delete' } diff --git a/src/bicep/modules/log-analytics-diagnostic-setting.bicep b/src/bicep/modules/log-analytics-diagnostic-setting.bicep index 8f4af2637..5e023c6e6 100644 --- a/src/bicep/modules/log-analytics-diagnostic-setting.bicep +++ b/src/bicep/modules/log-analytics-diagnostic-setting.bicep @@ -4,6 +4,7 @@ Licensed under the MIT License. */ param diagnosticStorageAccountName string +param logAnalyticsWorkspaceDiagnosticSettingName string param logAnalyticsWorkspaceName string param supportedClouds array @@ -17,7 +18,7 @@ resource stg 'Microsoft.Storage/storageAccounts@2021-02-01' existing = { // Setting log analytics to collect its own diagnostics to itself and to storage resource diagnosticSetting 'Microsoft.Insights/diagnosticSettings@2017-05-01-preview' = if (contains(supportedClouds, environment().name)) { - name: 'diag-${logAnalyticsWorkspaceName}' + name: logAnalyticsWorkspaceDiagnosticSettingName scope: logAnalyticsWorkspace properties: { workspaceId: logAnalyticsWorkspace.id diff --git a/src/bicep/modules/logic.bicep b/src/bicep/modules/logic.bicep index b84e08b6f..0ad18aec6 100644 --- a/src/bicep/modules/logic.bicep +++ b/src/bicep/modules/logic.bicep @@ -5,166 +5,122 @@ Licensed under the MIT License. targetScope = 'subscription' -param deployIdentity bool +param deploymentNameSuffix string param environmentAbbreviation string -param hubSubscriptionId string -param identityNetworkSecurityGroupDiagnosticsLogs array -param identityNetworkSecurityGroupDiagnosticsMetrics array -param identityNetworkSecurityGroupRules array -param identitySubnetAddressPrefix string -param identitySubscriptionId string -param identityVirtualNetworkAddressPrefix string -param identityVirtualNetworkDiagnosticsLogs array -param identityVirtualNetworkDiagnosticsMetrics array -param operationsNetworkSecurityGroupDiagnosticsLogs array -param operationsNetworkSecurityGroupDiagnosticsMetrics array -param operationsNetworkSecurityGroupRules array -param operationsSubnetAddressPrefix string -param operationsSubscriptionId string -param operationsVirtualNetworkAddressPrefix string -param operationsVirtualNetworkDiagnosticsLogs array -param operationsVirtualNetworkDiagnosticsMetrics array +param location string +param networks array param resourcePrefix string -param resources object -param sharedServicesNetworkSecurityGroupDiagnosticsLogs array -param sharedServicesNetworkSecurityGroupDiagnosticsMetrics array -param sharedServicesNetworkSecurityGroupRules array -param sharedServicesSubnetAddressPrefix string -param sharedServicesSubscriptionId string -param sharedServicesVirtualNetworkAddressPrefix string -param sharedServicesVirtualNetworkDiagnosticsLogs array -param sharedServicesVirtualNetworkDiagnosticsMetrics array -param tokens object +param stampIndex string = '' -// NETWORK NAMES & SHORT NAMES +var cloudSuffix = replace(replace(environment().resourceManager, 'https://management.', ''), '/', '') +var environmentName = { + dev: 'Development' + prod: 'Production' + test: 'Test' +} +var locations = loadJsonContent('../data/locations.json')[environment().name] +var mlzTags = { + environment: environmentName[environmentAbbreviation] + landingZoneName: 'MissionLandingZone' + landingZoneVersion: loadTextContent('../data/version.txt') + resourcePrefix: resourcePrefix +} +var resourceAbbreviations = loadJsonContent('../data/resourceAbbreviations.json') +var tokens = { + resource: 'resource_token' + service: 'service_token' +} -var hubName = 'hub' -var hubShortName = 'hub' -var identityName = 'identity' -var identityShortName = 'id' -var operationsName = 'operations' -var operationsShortName = 'ops' -var sharedServicesName = 'sharedServices' -var sharedServicesShortName = 'svcs' +/* -var hub = { - name: hubName - subscriptionId: hubSubscriptionId - resourceGroupName: replace(replace(resources.resourceGroup, '-${tokens.service}', ''), tokens.network, hubName) - deployUniqueResources: true - bastionHostIPConfigurationName: replace(replace(resources.ipConfiguration, tokens.service, 'bas'), tokens.network, hubName) - bastionHostName: replace(replace(resources.bastionHost, '-${tokens.service}', ''), tokens.network, hubName) - bastionHostPublicIPAddressName: replace(replace(resources.publicIpAddress, tokens.service, 'bas'), tokens.network, hubName) - diskEncryptionSetName: replace(replace(resources.diskEncryptionSet, '-${tokens.service}', ''), tokens.network, hubName) - firewallClientIpConfigurationName: replace(replace(resources.ipConfiguration, tokens.service, 'client-afw'), tokens.network, hubName) - firewallClientPublicIPAddressName: replace(replace(resources.publicIpAddress, tokens.service, 'client-afw'), tokens.network, hubName) - firewallManagementIpConfigurationName: replace(replace(resources.ipConfiguration, tokens.service, 'mgmt-afw'), tokens.network, hubName) - firewallManagementPublicIPAddressName: replace(replace(resources.publicIpAddress, tokens.service, 'mgmt-afw'), tokens.network, hubName) - firewallName: replace(replace(resources.firewall, '-${tokens.service}', ''), tokens.network, hubName) - firewallPolicyName: replace(replace(resources.firewallPolicy, '-${tokens.service}', ''), tokens.network, hubName) - keyVaultName: take(replace(replace(replace(resources.keyVault, tokens.service, ''), tokens.network, hubShortName), 'unique_token', uniqueString(resourcePrefix, environmentAbbreviation, hubSubscriptionId)), 24) - keyVaultNetworkInterfaceName: replace(replace(resources.networkInterface, tokens.service, 'kv'), tokens.network, hubName) - keyVaultPrivateEndpointName: replace(replace(resources.privateEndpoint, tokens.service, 'kv'), tokens.network, hubName) - linuxDiskName: replace(replace(resources.disk, tokens.service, 'linux'), tokens.network, hubName) - linuxNetworkInterfaceIpConfigurationName: replace(replace(resources.ipConfiguration, tokens.service, 'linux'), tokens.network, hubName) - linuxNetworkInterfaceName: replace(replace(resources.networkInterface, tokens.service, 'linux'), tokens.network, hubName) - linuxVmName: replace(replace(resources.virtualMachine, tokens.service, 'lra'), tokens.network, hubName) - logStorageAccountName: take(replace(replace(replace(resources.storageAccount, tokens.service, ''), tokens.network, hubShortName), 'unique_token', uniqueString(resourcePrefix, environmentAbbreviation, hubSubscriptionId)), 24) - logStorageAccountNetworkInterfaceNamePrefix: replace(replace(resources.networkInterface, tokens.service, '${tokens.service}-st'), tokens.network, hubName) - logStorageAccountPrivateEndpointNamePrefix: replace(replace(resources.privateEndpoint, tokens.service, '${tokens.service}-st'), tokens.network, hubName) - networkSecurityGroupName: replace(replace(resources.networkSecurityGroup, '-${tokens.service}', ''), tokens.network, hubName) - networkWatcherName: replace(replace(resources.networkWatcher, '-${tokens.service}', ''), tokens.network, hubName) - routeTableName: replace(replace(resources.routeTable, '-${tokens.service}', ''), tokens.network, hubName) - subnetName: replace(replace(resources.subnet, '-${tokens.service}', ''), tokens.network, hubName) - userAssignedIdentityName: replace(replace(resources.userAssignedIdentity, '-${tokens.service}', ''), tokens.network, hubName) - virtualNetworkName: replace(replace(resources.virtualNetwork, '-${tokens.service}', ''), tokens.network, hubName) - windowsDiskName: replace(replace(resources.disk, tokens.service, 'windows'), tokens.network, hubName) - windowsNetworkInterfaceIpConfigurationName: replace(replace(resources.ipConfiguration, tokens.service, 'windows'), tokens.network, hubName) - windowsNetworkInterfaceName: replace(replace(resources.networkInterface, tokens.service, 'windows'), tokens.network, hubName) - windowsVmName: replace(replace(resources.virtualMachine, tokens.service, 'wra'), tokens.network, hubName) -} + RESOURCE NAMES -// SPOKES +*/ -var spokes = union(spokesCommon, spokesIdentity) -var spokesCommon = [ - { - name: operationsName - subscriptionId: operationsSubscriptionId - resourceGroupName: replace(replace(resources.resourceGroup, '-${tokens.service}', ''), tokens.network, operationsName) - deployUniqueResources: contains([ hubSubscriptionId ], operationsSubscriptionId) ? false : true - logAnalyticsWorkspaceName: replace(replace(resources.logAnalyticsWorkspace, '-${tokens.service}', ''), tokens.network, operationsName) - logStorageAccountName: take(replace(replace(replace(resources.storageAccount, tokens.service, ''), tokens.network, operationsShortName), 'unique_token', uniqueString(resourcePrefix, environmentAbbreviation, operationsSubscriptionId)), 24) - logStorageAccountNetworkInterfaceNamePrefix: replace(replace(resources.networkInterface, tokens.service, '${tokens.service}-st'), tokens.network, operationsName) - logStorageAccountPrivateEndpointNamePrefix: replace(replace(resources.privateEndpoint, tokens.service, '${tokens.service}-st'), tokens.network, operationsName) - networkSecurityGroupDiagnosticsLogs: operationsNetworkSecurityGroupDiagnosticsLogs - networkSecurityGroupDiagnosticsMetrics: operationsNetworkSecurityGroupDiagnosticsMetrics - networkSecurityGroupName: replace(replace(resources.networkSecurityGroup, '-${tokens.service}', ''), tokens.network, operationsName) - networkSecurityGroupRules: operationsNetworkSecurityGroupRules - networkWatcherName: replace(replace(resources.networkWatcher, '-${tokens.service}', ''), tokens.network, operationsName) - privateLinkScopeName: replace(replace(resources.privateLinkScope, '-${tokens.service}', ''), tokens.network, operationsName) - privateLinkScopeNetworkInterfaceName: replace(replace(resources.networkInterface, tokens.service, 'pls'), tokens.network, operationsName) - privateLinkScopePrivateEndpointName: replace(replace(resources.privateEndpoint, tokens.service, 'pls'), tokens.network, operationsName) - routeTableName: replace(replace(resources.routeTable, '-${tokens.service}', ''), tokens.network, operationsName) - subnetAddressPrefix: operationsSubnetAddressPrefix - subnetName: replace(replace(resources.subnet, '-${tokens.service}', ''), tokens.network, operationsName) - subnetPrivateEndpointNetworkPolicies: 'Disabled' - subnetPrivateLinkServiceNetworkPolicies: 'Disabled' - virtualNetworkAddressPrefix: operationsVirtualNetworkAddressPrefix - virtualNetworkDiagnosticsLogs: operationsVirtualNetworkDiagnosticsLogs - virtualNetworkDiagnosticsMetrics: operationsVirtualNetworkDiagnosticsMetrics - virtualNetworkName: replace(replace(resources.virtualNetwork, '-${tokens.service}', ''), tokens.network, operationsName) - } - { - name: sharedServicesName - subscriptionId: sharedServicesSubscriptionId - resourceGroupName: replace(replace(resources.resourceGroup, '-${tokens.service}', ''), tokens.network, sharedServicesName) - deployUniqueResources: contains([ hubSubscriptionId, operationsSubscriptionId ], sharedServicesSubscriptionId) ? false : true - logStorageAccountName: take(replace(replace(replace(resources.storageAccount, tokens.service, ''), tokens.network, sharedServicesShortName), 'unique_token', uniqueString(resourcePrefix, environmentAbbreviation, sharedServicesSubscriptionId)), 24) - logStorageAccountNetworkInterfaceNamePrefix: replace(replace(resources.networkInterface, tokens.service, '${tokens.service}-st'), tokens.network, sharedServicesName) - logStorageAccountPrivateEndpointNamePrefix: replace(replace(resources.privateEndpoint, tokens.service, '${tokens.service}-st'), tokens.network, sharedServicesName) - networkSecurityGroupDiagnosticsLogs: sharedServicesNetworkSecurityGroupDiagnosticsLogs - networkSecurityGroupDiagnosticsMetrics: sharedServicesNetworkSecurityGroupDiagnosticsMetrics - networkSecurityGroupName: replace(replace(resources.networkSecurityGroup, '-${tokens.service}', ''), tokens.network, sharedServicesName) - networkSecurityGroupRules: sharedServicesNetworkSecurityGroupRules - networkWatcherName: replace(replace(resources.networkWatcher, '-${tokens.service}', ''), tokens.network, sharedServicesName) - routeTableName: replace(replace(resources.routeTable, '-${tokens.service}', ''), tokens.network, sharedServicesName) - subnetAddressPrefix: sharedServicesSubnetAddressPrefix - subnetName: replace(replace(resources.subnet, '-${tokens.service}', ''), tokens.network, sharedServicesName) - subnetPrivateEndpointNetworkPolicies: 'Disabled' - subnetPrivateLinkServiceNetworkPolicies: 'Disabled' - virtualNetworkAddressPrefix: sharedServicesVirtualNetworkAddressPrefix - virtualNetworkDiagnosticsLogs: sharedServicesVirtualNetworkDiagnosticsLogs - virtualNetworkDiagnosticsMetrics: sharedServicesVirtualNetworkDiagnosticsMetrics - virtualNetworkName: replace(replace(resources.virtualNetwork, '-${tokens.service}', ''), tokens.network, sharedServicesName) - } -] -var spokesIdentity = deployIdentity ? [ - { - name: identityName - subscriptionId: identitySubscriptionId - resourceGroupName: replace(replace(resources.resourceGroup, '-${tokens.service}', ''), tokens.network, identityName) - deployUniqueResources: contains([ hubSubscriptionId, operationsSubscriptionId, sharedServicesSubscriptionId ], identitySubscriptionId) ? false : true - logStorageAccountName: take(replace(replace(replace(resources.storageAccount, tokens.service, ''), tokens.network, identityShortName), 'unique_token', uniqueString(resourcePrefix, environmentAbbreviation, identitySubscriptionId)), 24) - logStorageAccountNetworkInterfaceNamePrefix: replace(replace(resources.networkInterface, tokens.service, '${tokens.service}-st'), tokens.network, identityName) - logStorageAccountPrivateEndpointNamePrefix: replace(replace(resources.privateEndpoint, tokens.service, '${tokens.service}-st'), tokens.network, identityName) - networkSecurityGroupDiagnosticsLogs: identityNetworkSecurityGroupDiagnosticsLogs - networkSecurityGroupDiagnosticsMetrics: identityNetworkSecurityGroupDiagnosticsMetrics - networkSecurityGroupName: replace(replace(resources.networkSecurityGroup, '-${tokens.service}', ''), tokens.network, identityName) - networkSecurityGroupRules: identityNetworkSecurityGroupRules - networkWatcherName: replace(replace(resources.networkWatcher, '-${tokens.service}', ''), tokens.network, identityName) - routeTableName: replace(replace(resources.routeTable, '-${tokens.service}', ''), tokens.network, identityName) - subnetAddressPrefix: identitySubnetAddressPrefix - subnetName: replace(replace(resources.subnet, '-${tokens.service}', ''), tokens.network, identityName) - subnetPrivateEndpointNetworkPolicies: 'Disabled' - subnetPrivateLinkServiceNetworkPolicies: 'Disabled' - virtualNetworkAddressPrefix: identityVirtualNetworkAddressPrefix - virtualNetworkDiagnosticsLogs: identityVirtualNetworkDiagnosticsLogs - virtualNetworkDiagnosticsMetrics: identityVirtualNetworkDiagnosticsMetrics - virtualNetworkName: replace(replace(resources.virtualNetwork, '-${tokens.service}', ''), tokens.network, identityName) +module namingConventions 'naming-convention.bicep' = [for network in networks: { + name: 'naming-convention-${network.name}-${deploymentNameSuffix}' + params: { + locationAbbreviation: locations[location].abbreviation + environmentAbbreviation: environmentAbbreviation + networkName: network.name + networkShortName: network.shortName + resourceAbbreviations: resourceAbbreviations + resourcePrefix: resourcePrefix + stampIndex: stampIndex + subscriptionId: network.subscriptionId + tokens: tokens } -] : [] +}] + +/* + + PRIVATE DNS ZONE NAMES + +*/ + +var privateDnsZoneNames = union([ + 'privatelink.agentsvc.azure-automation.${privateDnsZoneSuffixes_AzureAutomation[environment().name] ?? cloudSuffix}' // Automation + 'privatelink.azure-automation.${privateDnsZoneSuffixes_AzureAutomation[environment().name] ?? cloudSuffix}' // Automation + 'privatelink.${privateDnsZoneSuffixes_AzureWebSites[environment().name] ?? 'appservice.${cloudSuffix}'}' // Web Apps & Function Apps + 'scm.privatelink.${privateDnsZoneSuffixes_AzureWebSites[environment().name] ?? 'appservice.${cloudSuffix}'}' // Web Apps & Function Apps + 'privatelink.wvd.${privateDnsZoneSuffixes_AzureVirtualDesktop[environment().name] ?? cloudSuffix}' // Azure Virtual Desktop + 'privatelink-global.wvd.${privateDnsZoneSuffixes_AzureVirtualDesktop[environment().name] ?? cloudSuffix}' // Azure Virtual Desktop + 'privatelink.file.${environment().suffixes.storage}' // Azure Files + 'privatelink.queue.${environment().suffixes.storage}' // Azure Queues + 'privatelink.table.${environment().suffixes.storage}' // Azure Tables + 'privatelink.blob.${environment().suffixes.storage}' // Azure Blobs + 'privatelink${replace(environment().suffixes.keyvaultDns, 'vault', 'vaultcore')}' // Key Vault + 'privatelink.monitor.${privateDnsZoneSuffixes_Monitor[environment().name] ?? cloudSuffix}' // Azure Monitor + 'privatelink.ods.opinsights.${privateDnsZoneSuffixes_Monitor[environment().name] ?? cloudSuffix}' // Azure Monitor + 'privatelink.oms.opinsights.${privateDnsZoneSuffixes_Monitor[environment().name] ?? cloudSuffix}' // Azure Monitor +], privateDnsZoneNames_Backup) // Recovery Services +var privateDnsZoneNames_Backup = [for location in items(locations): 'privatelink.${location.value.recoveryServicesGeo}.backup.windowsazure.${privateDnsZoneSuffixes_Backup[environment().name] ?? cloudSuffix}'] +var privateDnsZoneSuffixes_AzureAutomation = { + AzureCloud: 'net' + AzureUSGovernment: 'us' + USNat: null + USSec: null +} +var privateDnsZoneSuffixes_AzureVirtualDesktop = { + AzureCloud: 'microsoft.com' + AzureUSGovernment: 'azure.us' + USNat: null + USSec: null +} +var privateDnsZoneSuffixes_AzureWebSites = { + AzureCloud: 'azurewebsites.net' + AzureUSGovernment: 'azurewebsites.us' + USNat: null + USSec: null +} +var privateDnsZoneSuffixes_Backup = { + AzureCloud: 'com' + AzureUSGovernment: 'us' + USNat: null + USSec: null +} +var privateDnsZoneSuffixes_Monitor = { + AzureCloud: 'azure.com' + AzureUSGovernment: 'azure.us' + USNat: null + USSec: null +} -output networks array = union([ - hub -], spokes) +output locationProperties object = locations[location] +output mlzTags object = mlzTags +output privateDnsZones array = privateDnsZoneNames +output tiers array = [for (network, i) in networks: { + name: network.name + shortName: network.shortName + deployUniqueResources: network.deployUniqueResources + subscriptionId: network.subscriptionId + nsgDiagLogs: network.nsgDiagLogs + nsgDiagMetrics: network.nsgDiagMetrics + nsgRules: network.nsgRules + vnetAddressPrefix: network.vnetAddressPrefix + vnetDiagLogs: network.vnetDiagLogs + vnetDiagMetrics: network.vnetDiagMetrics + subnetAddressPrefix: network.subnetAddressPrefix + namingConvention: namingConventions[i].outputs.names +}] +output tokens object = tokens diff --git a/src/bicep/modules/monitoring.bicep b/src/bicep/modules/monitoring.bicep index c5af6575c..1b55ae9e7 100644 --- a/src/bicep/modules/monitoring.bicep +++ b/src/bicep/modules/monitoring.bicep @@ -12,19 +12,20 @@ param logAnalyticsWorkspaceCappingDailyQuotaGb int param logAnalyticsWorkspaceRetentionInDays int param logAnalyticsWorkspaceSkuName string param mlzTags object -param operationsProperties object +param ops object +param opsResourceGroupName string param privateDnsZoneResourceIds object param subnetResourceId string param tags object module logAnalyticsWorkspace 'log-analytics-workspace.bicep' = { name: 'deploy-law-${deploymentNameSuffix}' - scope: resourceGroup(operationsProperties.subscriptionId, operationsProperties.resourceGroupName) + scope: resourceGroup(ops.subscriptionId, opsResourceGroupName) params: { deploySentinel: deploySentinel location: location mlzTags: mlzTags - name: operationsProperties.logAnalyticsWorkspaceName + name: ops.namingConvention.logAnalyticsWorkspace retentionInDays: logAnalyticsWorkspaceRetentionInDays skuName: logAnalyticsWorkspaceSkuName tags: tags @@ -35,24 +36,24 @@ module logAnalyticsWorkspace 'log-analytics-workspace.bicep' = { module privateLinkScope 'private-link-scope.bicep' = { name: 'deploy-private-link-scope-${deploymentNameSuffix}' - scope: resourceGroup(operationsProperties.subscriptionId, operationsProperties.resourceGroupName) + scope: resourceGroup(ops.subscriptionId, opsResourceGroupName) params: { logAnalyticsWorkspaceResourceId: logAnalyticsWorkspace.outputs.resourceId - name: operationsProperties.privateLinkScopeName + name: ops.namingConvention.privateLinkScope } } module privateEndpoint 'private-endpoint.bicep' = { name: 'deploy-private-endpoint-${deploymentNameSuffix}' - scope: resourceGroup(operationsProperties.subscriptionId, operationsProperties.resourceGroupName) + scope: resourceGroup(ops.subscriptionId, opsResourceGroupName) params: { groupIds: [ 'azuremonitor' ] location: location mlzTags: mlzTags - name: operationsProperties.privateLinkScopePrivateEndpointName - networkInterfaceName: operationsProperties.privateLinkScopeNetworkInterfaceName + name: ops.namingConvention.privateLinkScopePrivateEndpoint + networkInterfaceName: ops.namingConvention.privateLinkScopeNetworkInterface privateDnsZoneConfigs: [ { name: 'monitor' diff --git a/src/bicep/modules/naming-convention.bicep b/src/bicep/modules/naming-convention.bicep index b3d003cfc..395a286ae 100644 --- a/src/bicep/modules/naming-convention.bicep +++ b/src/bicep/modules/naming-convention.bicep @@ -6,8 +6,14 @@ Licensed under the MIT License. targetScope = 'subscription' param environmentAbbreviation string -param location string +param locationAbbreviation string +param networkName string +param networkShortName string +param resourceAbbreviations object param resourcePrefix string +param stampIndex string = '' // Optional: Added to support AVD deployments +param subscriptionId string +param tokens object /* @@ -18,86 +24,89 @@ param resourcePrefix string First, we take `resourcePrefix` and `environmentAbbreviation` by params. Then, using string interpolation "${}", we insert those values into a naming convention. + The stampIndex is only used for AVD deployments. Refer to the AVD Add-On readme file for more information. + */ -var locations = (loadJsonContent('../data/locations.json'))[environment().name] -var locationAbbreviation = locations[location].abbreviation -var resourceAbbreviations = (loadJsonContent('../data/resourceAbbreviations.json')) -var resourceToken = 'resource_token' -var serviceToken = 'service_token' -var networkToken = 'network_token' -var namingConvention = '${toLower(resourcePrefix)}-${resourceToken}-${serviceToken}-${networkToken}-${environmentAbbreviation}-${locationAbbreviation}' +var namingConvention = '${toLower(resourcePrefix)}-${empty(stampIndex) ? '' : '${stampIndex}-'}${tokens.resource}-${networkName}-${environmentAbbreviation}-${locationAbbreviation}' +var namingConvention_Service = '${toLower(resourcePrefix)}-${empty(stampIndex) ? '' : '${stampIndex}-'}${tokens.resource}-${tokens.service}-${networkName}-${environmentAbbreviation}-${locationAbbreviation}' /* - CALCULATED VALUES + CALCULATED NAME VALUES Here we reference the naming conventions described above, then use the "replace()" function to insert unique resource abbreviations and name values into the naming convention. - `storageAccountNamingConvention` is a unique naming convention: - - In an effort to reduce the likelihood of naming collisions, - we replace `unique_token` with a uniqueString() calculated by resourcePrefix, environmentAbbreviation, and the subscription ID + `storageAccount` and `keyVault` names have a unique naming convention: + In an effort to reduce the likelihood of naming collisions, the uniqueString function calculates a value based on the resourcePrefix, environmentAbbreviation, and subscription ID. */ -// RESOURCE NAME CONVENTIONS WITH ABBREVIATIONS - -var actionGroupNamingConvention = replace(namingConvention, resourceToken, resourceAbbreviations.actionGroups) -var automationAccountNamingConvention = replace(namingConvention, resourceToken, resourceAbbreviations.automationAccounts) -var bastionHostNamingConvention = replace(namingConvention, resourceToken, resourceAbbreviations.bastionHosts) -var computeGalleryNamingConvention = replace(replace(namingConvention, resourceToken, resourceAbbreviations.computeGallieries), '-', '_') -var diskEncryptionSetNamingConvention = replace(namingConvention, resourceToken, resourceAbbreviations.diskEncryptionSets) -var diskNamingConvention = replace(namingConvention, resourceToken, resourceAbbreviations.disks) -var firewallNamingConvention = replace(namingConvention, resourceToken, resourceAbbreviations.azureFirewalls) -var firewallPolicyNamingConvention = replace(namingConvention, resourceToken, resourceAbbreviations.firewallPolicies) -var ipConfigurationNamingConvention = replace(namingConvention, resourceToken, resourceAbbreviations.ipConfigurations) -var keyVaultNamingConvention = '${replace(replace(namingConvention, resourceToken, resourceAbbreviations.keyVaults), '-', '')}unique_token' -var logAnalyticsWorkspaceNamingConvention = replace(namingConvention, resourceToken, resourceAbbreviations.logAnalyticsWorkspaces) -var networkInterfaceNamingConvention = replace(namingConvention, resourceToken, resourceAbbreviations.networkInterfaces) -var networkSecurityGroupNamingConvention = replace(namingConvention, resourceToken, resourceAbbreviations.networkSecurityGroups) -var networkWatcherNamingConvention = replace(namingConvention, resourceToken, resourceAbbreviations.networkWatchers) -var privateEndpointNamingConvention = replace(namingConvention, resourceToken, resourceAbbreviations.privateEndpoints) -var privateLinkScopeName = replace(namingConvention, resourceToken, resourceAbbreviations.privateLinkScopes) -var publicIpAddressNamingConvention = replace(namingConvention, resourceToken, resourceAbbreviations.publicIPAddresses) -var resourceGroupNamingConvention = replace(namingConvention, resourceToken, resourceAbbreviations.resourceGroups) -var routeTableNamingConvention = replace(namingConvention, resourceToken, resourceAbbreviations.routeTables) -var storageAccountNamingConvention = toLower('${replace(replace(namingConvention, resourceToken, resourceAbbreviations.storageAccounts), '-', '')}unique_token') -var subnetNamingConvention = replace(namingConvention, resourceToken, resourceAbbreviations.subnets) -var userAssignedIdentityNamingConvention = replace(namingConvention, resourceToken, resourceAbbreviations.userAssignedIdentities) -var virtualMachineNamingConvention = replace(replace(replace(namingConvention, resourceToken, resourceAbbreviations.virtualMachines), '-', ''), environmentAbbreviation, first(environmentAbbreviation)) -var virtualNetworkNamingConvention = replace(namingConvention, resourceToken, resourceAbbreviations.virtualNetworks) - -output resources object = { - actionGroup: actionGroupNamingConvention - automationAccount: automationAccountNamingConvention - bastionHost: bastionHostNamingConvention - computeGallery: computeGalleryNamingConvention - diskEncryptionSet: diskEncryptionSetNamingConvention - disk: diskNamingConvention - firewall: firewallNamingConvention - firewallPolicy: firewallPolicyNamingConvention - ipConfiguration: ipConfigurationNamingConvention - keyVault: keyVaultNamingConvention - logAnalyticsWorkspace: logAnalyticsWorkspaceNamingConvention - networkInterface: networkInterfaceNamingConvention - networkSecurityGroup: networkSecurityGroupNamingConvention - networkWatcher: networkWatcherNamingConvention - privateEndpoint: privateEndpointNamingConvention - privateLinkScope: privateLinkScopeName - publicIpAddress: publicIpAddressNamingConvention - resourceGroup: resourceGroupNamingConvention - routeTable: routeTableNamingConvention - storageAccount: storageAccountNamingConvention - subnet: subnetNamingConvention - userAssignedIdentity: userAssignedIdentityNamingConvention - virtualMachine: virtualMachineNamingConvention - virtualNetwork: virtualNetworkNamingConvention +var names = { + actionGroup: replace(namingConvention, tokens.resource, resourceAbbreviations.actionGroups) + applicationGroup: replace(namingConvention_Service, tokens.resource, resourceAbbreviations.applicationGroups) + automationAccount: replace(namingConvention, tokens.resource, resourceAbbreviations.automationAccounts) + automationAccountDiagnosticSetting: replace(replace(namingConvention_Service, tokens.resource, resourceAbbreviations.diagnosticSettings), tokens.service, resourceAbbreviations.automationAccounts) + automationAccountNetworkInterface: replace(replace(namingConvention_Service, tokens.resource, resourceAbbreviations.networkInterfaces), tokens.service, resourceAbbreviations.automationAccounts) + automationAccountPrivateEndpoint: replace(replace(namingConvention_Service, tokens.resource, resourceAbbreviations.privateEndpoints), tokens.service, resourceAbbreviations.automationAccounts) + availabilitySet: replace(namingConvention, tokens.resource, resourceAbbreviations.availabilitySets) + azureFirewall: replace(namingConvention, tokens.resource, resourceAbbreviations.azureFirewalls) + azureFirewallClientPublicIPAddress: replace(replace(namingConvention_Service, tokens.resource, resourceAbbreviations.publicIpAddresses), tokens.service, 'client-${resourceAbbreviations.azureFirewalls}') + azureFirewallClientPublicIPAddressDiagnosticSetting: replace(replace(namingConvention_Service, tokens.resource, resourceAbbreviations.diagnosticSettings), tokens.service, '${resourceAbbreviations.publicIpAddresses}-client-${resourceAbbreviations.azureFirewalls}') + azureFirewallDiagnosticSetting: replace(replace(namingConvention_Service, tokens.resource, resourceAbbreviations.diagnosticSettings), tokens.service, resourceAbbreviations.azureFirewalls) + azureFirewallManagementPublicIPAddress: replace(replace(namingConvention_Service, tokens.resource, resourceAbbreviations.publicIpAddresses), tokens.service, 'mgmt-${resourceAbbreviations.azureFirewalls}') + azureFirewallManagementPublicIPAddressDiagnosticSetting: replace(replace(namingConvention_Service, tokens.resource, resourceAbbreviations.diagnosticSettings), tokens.service, '${resourceAbbreviations.publicIpAddresses}-mgmt-${resourceAbbreviations.azureFirewalls}') + azureFirewallPolicy: replace(namingConvention, tokens.resource, resourceAbbreviations.firewallPolicies) + bastionHost: replace(namingConvention, tokens.resource, resourceAbbreviations.bastionHosts) + bastionHostPublicIPAddress: replace(replace(namingConvention_Service, tokens.resource, resourceAbbreviations.publicIpAddresses), tokens.service, resourceAbbreviations.bastionHosts) + bastionHostPublicIPAddressDiagnosticSetting: replace(replace(namingConvention_Service, tokens.resource, resourceAbbreviations.diagnosticSettings), tokens.service, '${resourceAbbreviations.publicIpAddresses}-${resourceAbbreviations.bastionHosts}') + computeGallery: replace(replace(namingConvention, tokens.resource, resourceAbbreviations.computeGallieries), '-', '_') // Compute Galleries do not support hyphens + dataCollectionRuleAssociation: replace(namingConvention, tokens.resource, resourceAbbreviations.dataCollectionRuleAssociations) + dataCollectionRule: replace(namingConvention, tokens.resource, resourceAbbreviations.dataCollectionRules) + diskAccess: replace(namingConvention, tokens.resource, resourceAbbreviations.diskAccesses) + diskEncryptionSet: replace(namingConvention, tokens.resource, resourceAbbreviations.diskEncryptionSets) + hostPool: replace(namingConvention, tokens.resource, resourceAbbreviations.hostPools) + hostPoolDiagnosticSetting: replace(replace(namingConvention_Service, tokens.resource, resourceAbbreviations.diagnosticSettings), tokens.service, resourceAbbreviations.hostPools) + hostPoolNetworkInterface: replace(replace(namingConvention_Service, tokens.resource, resourceAbbreviations.networkInterfaces), tokens.service, resourceAbbreviations.hostPools) + hostPoolPrivateEndpoint: replace(replace(namingConvention_Service, tokens.resource, resourceAbbreviations.privateEndpoints), tokens.service, resourceAbbreviations.hostPools) + keyVault: '${replace(replace(replace(namingConvention_Service, tokens.resource, resourceAbbreviations.keyVaults), '-', ''), networkName, networkShortName)}${uniqueString(resourcePrefix, environmentAbbreviation, subscriptionId)}' + keyVaultDiagnosticSetting: replace(replace(namingConvention_Service, tokens.resource, resourceAbbreviations.diagnosticSettings), tokens.service, '${tokens.service}${resourceAbbreviations.keyVaults}') + keyVaultNetworkInterface: replace(replace(namingConvention_Service, tokens.resource, resourceAbbreviations.networkInterfaces), tokens.service, '${tokens.service}${resourceAbbreviations.keyVaults}') + keyVaultPrivateEndpoint: replace(replace(namingConvention_Service, tokens.resource, resourceAbbreviations.privateEndpoints), tokens.service, '${tokens.service}${resourceAbbreviations.keyVaults}') + logAnalyticsWorkspace: replace(namingConvention, tokens.resource, resourceAbbreviations.logAnalyticsWorkspaces) + logAnalyticsWorkspaceDiagnosticSetting: replace(replace(namingConvention_Service, tokens.resource, resourceAbbreviations.diagnosticSettings), tokens.service, resourceAbbreviations.logAnalyticsWorkspaces) + netAppAccountCapacityPool: replace(namingConvention, tokens.resource, resourceAbbreviations.netAppCapacityPools) + netAppAccount: replace(namingConvention, tokens.resource, resourceAbbreviations.netAppAccounts) + networkSecurityGroup: replace(namingConvention, tokens.resource, resourceAbbreviations.networkSecurityGroups) + networkSecurityGroupDiagnosticSetting: replace(replace(namingConvention_Service, tokens.resource, resourceAbbreviations.diagnosticSettings), tokens.service, resourceAbbreviations.networkSecurityGroups) + networkWatcher: replace(namingConvention, tokens.resource, resourceAbbreviations.networkWatchers) + privateLinkScope: replace(namingConvention, tokens.resource, resourceAbbreviations.privateLinkScopes) + privateLinkScopeNetworkInterface: replace(replace(namingConvention_Service, tokens.resource, resourceAbbreviations.networkInterfaces), tokens.service, resourceAbbreviations.privateLinkScopes) + privateLinkScopePrivateEndpoint: replace(replace(namingConvention_Service, tokens.resource, resourceAbbreviations.privateEndpoints), tokens.service, resourceAbbreviations.privateLinkScopes) + recoveryServicesVault: replace(namingConvention, tokens.resource, resourceAbbreviations.recoveryServicesVaults) + recoveryServicesNetworkInterface: replace(replace(namingConvention_Service, tokens.resource, resourceAbbreviations.networkInterfaces), tokens.service, resourceAbbreviations.recoveryServicesVaults) + recoveryServicesPrivateEndpoint: replace(replace(namingConvention_Service, tokens.resource, resourceAbbreviations.privateEndpoints), tokens.service, resourceAbbreviations.recoveryServicesVaults) + resourceGroup: replace(namingConvention_Service, tokens.resource, resourceAbbreviations.resourceGroups) + routeTable: replace(namingConvention, tokens.resource, resourceAbbreviations.routeTables) + storageAccount: toLower(replace(replace(replace(namingConvention, tokens.resource, resourceAbbreviations.storageAccounts), networkName, networkShortName), '-', '')) + storageAccountNetworkInterface: replace(replace(namingConvention_Service, tokens.resource, resourceAbbreviations.networkInterfaces), tokens.service, '${tokens.service}-${resourceAbbreviations.storageAccounts}') + storageAccountPrivateEndpoint: replace(replace(namingConvention_Service, tokens.resource, resourceAbbreviations.privateEndpoints), tokens.service, '${tokens.service}-${resourceAbbreviations.storageAccounts}') + subnet: replace(namingConvention, tokens.resource, resourceAbbreviations.subnets) + userAssignedIdentity: replace(namingConvention_Service, tokens.resource, resourceAbbreviations.userAssignedIdentities) + virtualMachine: replace(replace(replace(replace(namingConvention_Service, tokens.resource, resourceAbbreviations.virtualMachines), environmentAbbreviation, first(environmentAbbreviation)), networkName, ''), '-', '') + virtualMachineDisk: replace(replace(namingConvention_Service, tokens.resource, resourceAbbreviations.disks), tokens.service, '${tokens.service}-${resourceAbbreviations.virtualMachines}') + virtualMachineNetworkInterface: replace(replace(namingConvention_Service, tokens.resource, resourceAbbreviations.networkInterfaces), tokens.service, '${tokens.service}-${resourceAbbreviations.virtualMachines}') + virtualNetwork: replace(namingConvention, tokens.resource, resourceAbbreviations.virtualNetworks) + virtualNetworkDiagnosticSetting: replace(replace(namingConvention_Service, tokens.resource, resourceAbbreviations.diagnosticSettings), tokens.service, resourceAbbreviations.virtualNetworks) + workspaceFeed: replace(replace(namingConvention_Service, tokens.resource, resourceAbbreviations.workspaces), '-${stampIndex}', '') + workspaceFeedDiagnosticSetting: replace(replace(replace(namingConvention_Service, tokens.resource, resourceAbbreviations.diagnosticSettings), tokens.service, '${tokens.service}-${resourceAbbreviations.workspaces}'), '-${stampIndex}', '') + workspaceFeedNetworkInterface: replace(replace(replace(namingConvention_Service, tokens.resource, resourceAbbreviations.networkInterfaces), tokens.service, '${tokens.service}-${resourceAbbreviations.workspaces}'), '-${stampIndex}', '') + workspaceFeedPrivateEndpoint: replace(replace(replace(namingConvention_Service, tokens.resource, resourceAbbreviations.privateEndpoints), tokens.service, '${tokens.service}-${resourceAbbreviations.workspaces}'), '-${stampIndex}', '') + workspaceGlobal: replace(replace(namingConvention_Service, tokens.resource, resourceAbbreviations.workspaces), '-${stampIndex}', '') + workspaceGlobalDiagnosticSetting: replace(replace(replace(namingConvention_Service, tokens.resource, resourceAbbreviations.diagnosticSettings), tokens.service, '${tokens.service}-${resourceAbbreviations.workspaces}'), '-${stampIndex}', '') + workspaceGlobalNetworkInterface: replace(replace(replace(namingConvention_Service, tokens.resource, resourceAbbreviations.networkInterfaces), tokens.service, '${tokens.service}-${resourceAbbreviations.workspaces}'), '-${stampIndex}', '') + workspaceGlobalPrivateEndpoint: replace(replace(replace(namingConvention_Service, tokens.resource, resourceAbbreviations.privateEndpoints), tokens.service, '${tokens.service}-${resourceAbbreviations.workspaces}'), '-${stampIndex}', '') } -output tokens object = { - resource: resourceToken - service: serviceToken - network: networkToken -} +output names object = names diff --git a/src/bicep/modules/network-interface.bicep b/src/bicep/modules/network-interface.bicep index 92014f793..663ac0179 100644 --- a/src/bicep/modules/network-interface.bicep +++ b/src/bicep/modules/network-interface.bicep @@ -3,13 +3,12 @@ Copyright (c) Microsoft Corporation. Licensed under the MIT License. */ -param ipConfigurationName string param location string param mlzTags object = {} param name string -param networkSecurityGroupId string +param networkSecurityGroupResourceId string param privateIPAddressAllocationMethod string -param subnetId string +param subnetResourceId string param tags object = {} resource networkInterface 'Microsoft.Network/networkInterfaces@2021-02-01' = { @@ -19,17 +18,17 @@ resource networkInterface 'Microsoft.Network/networkInterfaces@2021-02-01' = { properties: { ipConfigurations: [ { - name: ipConfigurationName + name: 'ipconfig' properties: { subnet: { - id: subnetId + id: subnetResourceId } privateIPAllocationMethod: privateIPAddressAllocationMethod } } ] networkSecurityGroup: { - id: networkSecurityGroupId + id: networkSecurityGroupResourceId } } } diff --git a/src/bicep/modules/network-security-group-diagnostics.bicep b/src/bicep/modules/network-security-group-diagnostics.bicep index 1fff4d97c..5fab66b17 100644 --- a/src/bicep/modules/network-security-group-diagnostics.bicep +++ b/src/bicep/modules/network-security-group-diagnostics.bicep @@ -3,20 +3,20 @@ Copyright (c) Microsoft Corporation. Licensed under the MIT License. */ -param name string - param logAnalyticsWorkspaceResourceId string param logs array param logStorageAccountResourceId string param metrics array +param networkSecurityGroupDiagnosticSettingName string +param networkSecurityGroupName string resource networkSecurityGroup 'Microsoft.Network/networkSecurityGroups@2021-02-01' existing = { - name: name + name: networkSecurityGroupName } resource diagnostics 'Microsoft.Insights/diagnosticSettings@2017-05-01-preview' = { scope: networkSecurityGroup - name: '${networkSecurityGroup.name}-diagnostics' + name: networkSecurityGroupDiagnosticSettingName properties: { storageAccountId: logStorageAccountResourceId workspaceId: logAnalyticsWorkspaceResourceId diff --git a/src/bicep/modules/networking.bicep b/src/bicep/modules/networking.bicep index 83be1a73c..088ab0d08 100644 --- a/src/bicep/modules/networking.bicep +++ b/src/bicep/modules/networking.bicep @@ -13,113 +13,101 @@ param deployBastion bool param dnsServers array param enableProxy bool param firewallSettings object -param hubNetworkSecurityGroupRules array -param hubSubnetAddressPrefix string -param hubVirtualNetworkAddressPrefix string param location string param mlzTags object -param networks array +param privateDnsZoneNames array +param resourceGroupNames array +param tiers array param tags object -var hub = first(filter(networks, network => network.name == 'hub')) -var identity = deployIdentity ? first(filter(networks, network => network.name == 'identity')) : {} -var spokes = filter(networks, network => network.name != 'hub') +var hub = filter(tiers, tier => tier.name == 'hub')[0] +var hubResourceGroupName = filter(resourceGroupNames, name => contains(name, 'hub'))[0] +var spokes = filter(tiers, tier => tier.name != 'hub') +var spokeResourceGroupNames = filter(resourceGroupNames, name => !contains(name, 'hub')) module hubNetwork 'hub-network.bicep' = { name: 'deploy-vnet-hub-${deploymentNameSuffix}' - scope: resourceGroup(hub.subscriptionId, hub.resourceGroupName) + scope: resourceGroup(hub.subscriptionId, hubResourceGroupName) params: { bastionHostSubnetAddressPrefix: bastionHostSubnetAddressPrefix deployNetworkWatcher: deployNetworkWatcher deployBastion: deployBastion dnsServers: dnsServers enableProxy: enableProxy - firewallClientIpConfigurationName: hub.firewallClientIpConfigurationName firewallClientPrivateIpAddress: firewallSettings.clientPrivateIpAddress firewallClientPublicIPAddressAvailabilityZones: firewallSettings.clientPublicIPAddressAvailabilityZones - firewallClientPublicIPAddressName: hub.firewallClientPublicIPAddressName - firewallClientPublicIPAddressSkuName: 'Standard' - firewallClientPublicIpAllocationMethod: 'Static' + firewallClientPublicIPAddressName: hub.namingConvention.azureFirewallClientPublicIPAddress firewallClientSubnetAddressPrefix: firewallSettings.clientSubnetAddressPrefix - firewallClientSubnetName: 'AzureFirewallSubnet' // this value is required firewallIntrusionDetectionMode: firewallSettings.intrusionDetectionMode - firewallManagementIpConfigurationName: hub.firewallManagementIpConfigurationName firewallManagementPublicIPAddressAvailabilityZones: firewallSettings.managementPublicIPAddressAvailabilityZones - firewallManagementPublicIPAddressName: hub.firewallManagementPublicIPAddressName - firewallManagementPublicIPAddressSkuName: firewallSettings.publicIpAddressSkuName - firewallManagementPublicIpAllocationMethod: firewallSettings.publicIpAddressAllocationMethod + firewallManagementPublicIPAddressName: hub.namingConvention.azureFirewallManagementPublicIPAddress firewallManagementSubnetAddressPrefix: firewallSettings.managementSubnetAddressPrefix - firewallManagementSubnetName: 'AzureFirewallManagementSubnet' // this value is required - firewallName: hub.firewallName - firewallPolicyName: hub.firewallPolicyName + firewallName: hub.namingConvention.azureFirewall + firewallPolicyName: hub.namingConvention.azureFirewallPolicy firewallSkuTier: firewallSettings.skuTier firewallSupernetIPAddress: firewallSettings.supernetIPAddress firewallThreatIntelMode: firewallSettings.threatIntelMode location: location mlzTags: mlzTags - networkSecurityGroupName: hub.networkSecurityGroupName - networkSecurityGroupRules: hubNetworkSecurityGroupRules - networkWatcherName: hub.networkWatcherName - routeTableName: hub.routeTableName - subnetAddressPrefix: hubSubnetAddressPrefix - subnetName: hub.subnetName + networkSecurityGroupName: hub.namingConvention.networkSecurityGroup + networkSecurityGroupRules: hub.nsgRules + networkWatcherName: hub.namingConvention.networkWatcher + routeTableName: hub.namingConvention.routeTable + subnetAddressPrefix: hub.subnetAddressPrefix + subnetName: hub.namingConvention.subnet tags: tags - virtualNetworkAddressPrefix: hubVirtualNetworkAddressPrefix - virtualNetworkName: hub.virtualNetworkName + virtualNetworkAddressPrefix: hub.vnetAddressPrefix + virtualNetworkName: hub.namingConvention.virtualNetwork vNetDnsServers: [ firewallSettings.clientPrivateIpAddress ] } } -module spokeNetworks 'spoke-network.bicep' = [for spoke in spokes: { +module spokeNetworks 'spoke-network.bicep' = [for (spoke, i) in spokes: { name: 'deploy-vnet-${spoke.name}-${deploymentNameSuffix}' - scope: resourceGroup(spoke.subscriptionId, spoke.resourceGroupName) params: { deployNetworkWatcher: deployNetworkWatcher && spoke.deployUniqueResources firewallSkuTier: firewallSettings.skuTier location: location mlzTags: mlzTags - networkSecurityGroupName: spoke.networkSecurityGroupName - networkSecurityGroupRules: spoke.networkSecurityGroupRules - networkWatcherName: spoke.networkWatcherName - routeTableName: spoke.routeTableName + networkSecurityGroupName: spoke.namingConvention.networkSecurityGroup + networkSecurityGroupRules: spoke.nsgRules + networkWatcherName: spoke.namingConvention.networkWatcher + resourceGroupName: spokeResourceGroupNames[i] + routeTableName: spoke.namingConvention.routeTable routeTableRouteNextHopIpAddress: firewallSettings.clientPrivateIpAddress subnetAddressPrefix: spoke.subnetAddressPrefix - subnetName: spoke.subnetName - subnetPrivateEndpointNetworkPolicies: spoke.subnetPrivateEndpointNetworkPolicies - subnetPrivateLinkServiceNetworkPolicies: spoke.subnetPrivateLinkServiceNetworkPolicies + subnetName: spoke.namingConvention.subnet + subscriptionId: spoke.subscriptionId tags: tags - virtualNetworkAddressPrefix: spoke.virtualNetworkAddressPrefix - virtualNetworkName: spoke.virtualNetworkName + virtualNetworkAddressPrefix: spoke.vnetAddressPrefix + virtualNetworkName: spoke.namingConvention.virtualNetwork vNetDnsServers: [ hubNetwork.outputs.firewallPrivateIPAddress ] } }] // VIRTUAL NETWORK PEERINGS -module hubVirtualNetworkPeerings 'hub-network-peerings.bicep' = { - name: 'deploy-vnet-peerings-hub-${deploymentNameSuffix}' - scope: resourceGroup(hub.subscriptionId, hub.resourceGroupName) +module hubVirtualNetworkPeerings 'hub-network-peerings.bicep' = [for (spoke, i) in spokes: { + name: 'deploy-vnet-peerings-hub-${i}-${deploymentNameSuffix}' params: { hubVirtualNetworkName: hubNetwork.outputs.virtualNetworkName - spokes: [for (spoke, i) in spokes: { - type: spoke.name - virtualNetworkName: spokeNetworks[i].outputs.virtualNetworkName - virtualNetworkResourceId: spokeNetworks[i].outputs.virtualNetworkResourceId - }] + resourceGroupName: hubResourceGroupName + spokeName: spoke.name + spokeVirtualNetworkResourceId: spokeNetworks[i].outputs.virtualNetworkResourceId + subscriptionId: hub.subscriptionId } -} +}] module spokeVirtualNetworkPeerings 'spoke-network-peering.bicep' = [for (spoke, i) in spokes: { name: 'deploy-vnet-peerings-${spoke.name}-${deploymentNameSuffix}' - scope: subscription(spoke.subscriptionId) params: { + hubVirtualNetworkResourceId: hubNetwork.outputs.virtualNetworkResourceId + resourceGroupName: spokeResourceGroupNames[i] spokeName: spoke.name - spokeResourceGroupName: spoke.resourceGroupName spokeVirtualNetworkName: spokeNetworks[i].outputs.virtualNetworkName - hubVirtualNetworkName: hubNetwork.outputs.virtualNetworkName - hubVirtualNetworkResourceId: hubNetwork.outputs.virtualNetworkResourceId + subscriptionId: spoke.subscriptionId } }] @@ -127,17 +115,14 @@ module spokeVirtualNetworkPeerings 'spoke-network-peering.bicep' = [for (spoke, module privateDnsZones 'private-dns.bicep' = { name: 'deploy-private-dns-zones-${deploymentNameSuffix}' - scope: resourceGroup(hub.subscriptionId, hub.resourceGroupName) + scope: resourceGroup(hub.subscriptionId, hubResourceGroupName) params: { deployIdentity: deployIdentity deploymentNameSuffix: deploymentNameSuffix - hubVirtualNetworkName: hubNetwork.outputs.virtualNetworkName - hubVirtualNetworkResourceGroupName: hub.resourceGroupName - hubVirtualNetworkSubscriptionId: hub.subscriptionId - identityVirtualNetworkName: deployIdentity ? identity.virtualNetworkName : '' - identityVirtualNetworkResourceGroupName: deployIdentity ? identity.resourceGroupName : '' - identityVirtualNetworkSubscriptionId: deployIdentity ? identity.subscriptionId : '' + hubVirtualNetworkResourceId: hubNetwork.outputs.virtualNetworkResourceId + identityVirtualNetworkResourceId: deployIdentity ? spokeNetworks[2].outputs.virtualNetworkResourceId : '' mlzTags: mlzTags + privateDnsZoneNames: privateDnsZoneNames tags: tags } dependsOn: [ @@ -147,23 +132,10 @@ module privateDnsZones 'private-dns.bicep' = { output azureFirewallResourceId string = hubNetwork.outputs.firewallResourceId output bastionHostSubnetResourceId string = hubNetwork.outputs.bastionHostSubnetResourceId -output hubSubnetResourceId string = hubNetwork.outputs.subnetResourceId +output sharedServicesSubnetResourceId string = spokeNetworks[1].outputs.subnetResourceId output hubNetworkSecurityGroupResourceId string = hubNetwork.outputs.networkSecurityGroupResourceId +output hubSubnetResourceId string = hubNetwork.outputs.subnetResourceId output hubVirtualNetworkResourceId string = hubNetwork.outputs.virtualNetworkResourceId output identitySubnetResourceId string = deployIdentity ? spokeNetworks[2].outputs.subnetResourceId : '' output operationsSubnetResourceId string = spokeNetworks[0].outputs.subnetResourceId -output privateDnsZoneResourceIds object = { - agentsvc: privateDnsZones.outputs.agentsvcPrivateDnsZoneId - automation: privateDnsZones.outputs.automationPrivateDnsZoneId - avdGlobal: privateDnsZones.outputs.avdGlobalPrivateDnsZoneId - avd: privateDnsZones.outputs.avdPrivateDnsZoneId - backups: privateDnsZones.outputs.backupPrivateDnsZoneIds - blob: privateDnsZones.outputs.blobPrivateDnsZoneId - file: privateDnsZones.outputs.filePrivateDnsZoneId - keyvault: privateDnsZones.outputs.keyvaultDnsPrivateDnsZoneId - monitor: privateDnsZones.outputs.monitorPrivateDnsZoneId - ods: privateDnsZones.outputs.odsPrivateDnsZoneId - oms: privateDnsZones.outputs.omsPrivateDnsZoneId - queue: privateDnsZones.outputs.queuePrivateDnsZoneId - table: privateDnsZones.outputs.tablePrivateDnsZoneId -} +output privateDnsZoneResourceIds object = privateDnsZones.outputs.privateDnsZoneResourceIds diff --git a/src/bicep/modules/policy-assignments.bicep b/src/bicep/modules/policy-assignments.bicep index a0eb8132f..15a7611fa 100644 --- a/src/bicep/modules/policy-assignments.bicep +++ b/src/bicep/modules/policy-assignments.bicep @@ -8,12 +8,13 @@ targetScope = 'subscription' param deploymentNameSuffix string param location string param logAnalyticsWorkspaceResourceId string -param networks array param policy string +param resourceGroupNames array +param tiers array -module policyAssignment 'policy-assignment.bicep' = [for network in networks: { - name: 'assign-policy-${network.name}-${deploymentNameSuffix}' - scope: resourceGroup(network.subscriptionId, network.resourceGroupName) +module policyAssignment 'policy-assignment.bicep' = [for (tier, i) in tiers: { + name: 'assign-policy-${tier.name}-${deploymentNameSuffix}' + scope: resourceGroup(tier.subscriptionId, resourceGroupNames[i]) params: { builtInAssignment: policy logAnalyticsWorkspaceResourceId: logAnalyticsWorkspaceResourceId diff --git a/src/bicep/modules/private-dns.bicep b/src/bicep/modules/private-dns.bicep index 86422481c..5e6756dd7 100644 --- a/src/bicep/modules/private-dns.bicep +++ b/src/bicep/modules/private-dns.bicep @@ -5,67 +5,23 @@ Licensed under the MIT License. param deployIdentity bool param deploymentNameSuffix string -param hubVirtualNetworkName string -param hubVirtualNetworkResourceGroupName string -param hubVirtualNetworkSubscriptionId string -param identityVirtualNetworkName string -param identityVirtualNetworkResourceGroupName string -param identityVirtualNetworkSubscriptionId string +param hubVirtualNetworkResourceId string +param identityVirtualNetworkResourceId string param mlzTags object +param privateDnsZoneNames array param tags object -var cloudSuffix = replace(replace(environment().resourceManager, 'https://management.azure.', ''), '/', '') -var locations = (loadJsonContent('../data/locations.json'))[environment().name] -var privateDnsZoneNames = union([ - 'privatelink.agentsvc.azure-automation.${privateDnsZoneSuffixes_AzureAutomation[environment().name] ?? cloudSuffix}' - 'privatelink.azure-automation.${privateDnsZoneSuffixes_AzureAutomation[environment().name] ?? cloudSuffix}' - 'privatelink.wvd.${privateDnsZoneSuffixes_AzureVirtualDesktop[environment().name] ?? cloudSuffix}' - 'privatelink-global.wvd.${privateDnsZoneSuffixes_AzureVirtualDesktop[environment().name] ?? cloudSuffix}' - 'privatelink.file.${environment().suffixes.storage}' - 'privatelink.queue.${environment().suffixes.storage}' - 'privatelink.table.${environment().suffixes.storage}' - 'privatelink.blob.${environment().suffixes.storage}' - replace('privatelink${environment().suffixes.keyvaultDns}', 'vault', 'vaultcore') - 'privatelink.monitor.${privateDnsZoneSuffixes_Monitor[environment().name] ?? cloudSuffix}' - 'privatelink.ods.opinsights.${privateDnsZoneSuffixes_Monitor[environment().name] ?? cloudSuffix}' - 'privatelink.oms.opinsights.${privateDnsZoneSuffixes_Monitor[environment().name] ?? cloudSuffix}' -], privateDnsZoneNames_Backup) -var privateDnsZoneNames_Backup = [for location in items(locations): 'privatelink.${location.value.recoveryServicesGeo}.backup.windowsazure.${privateDnsZoneSuffixes_Backup[environment().name] ?? cloudSuffix}'] -var privateDnsZoneSuffixes_AzureAutomation = { - AzureCloud: 'net' - AzureUSGovernment: 'us' - USNat: null - USSec: null -} -var privateDnsZoneSuffixes_AzureVirtualDesktop = { - AzureCloud: 'microsoft.com' - AzureUSGovernment: 'azure.us' - USNat: null - USSec: null -} -var privateDnsZoneSuffixes_Backup = { - AzureCloud: 'com' - AzureUSGovernment: 'us' - USNat: null - USSec: null -} -var privateDnsZoneSuffixes_Monitor = { - AzureCloud: 'azure.com' - AzureUSGovernment: 'azure.us' - USNat: null - USSec: null -} var virtualNetworks = union([ { - name: hubVirtualNetworkName - resourceGroupName: hubVirtualNetworkResourceGroupName - subscriptionId: hubVirtualNetworkSubscriptionId + name: split(hubVirtualNetworkResourceId, '/')[8] + resourceGroupName: split(hubVirtualNetworkResourceId, '/')[4] + subscriptionId: split(hubVirtualNetworkResourceId, '/')[2] } ], deployIdentity ? [ { - name: identityVirtualNetworkName - resourceGroupName: identityVirtualNetworkResourceGroupName - subscriptionId: identityVirtualNetworkSubscriptionId + name: split(identityVirtualNetworkResourceId, '/')[8] + resourceGroupName: split(identityVirtualNetworkResourceId, '/')[4] + subscriptionId: split(identityVirtualNetworkResourceId, '/')[2] } ] : []) @@ -89,16 +45,14 @@ module virtualNetworkLinks 'virtual-network-link.bicep' = [for (virtualNetwork, ] }] -output agentsvcPrivateDnsZoneId string = resourceId('Microsoft.Network/privateDnsZones', filter(privateDnsZoneNames, name => contains(name, 'privatelink.agentsvc.azure-automation'))[0]) -output automationPrivateDnsZoneId string = resourceId('Microsoft.Network/privateDnsZones', filter(privateDnsZoneNames, name => contains(name, 'privatelink.azure-automation'))[0]) -output avdGlobalPrivateDnsZoneId string = resourceId('Microsoft.Network/privateDnsZones', filter(privateDnsZoneNames, name => contains(name, 'privatelink-global.wvd'))[0]) -output avdPrivateDnsZoneId string = resourceId('Microsoft.Network/privateDnsZones', filter(privateDnsZoneNames, name => contains(name, 'privatelink.wvd'))[0]) -output backupPrivateDnsZoneIds array = [for name in privateDnsZoneNames_Backup: resourceId('Microsoft.Network/privateDnsZones', name)] -output blobPrivateDnsZoneId string = resourceId('Microsoft.Network/privateDnsZones', filter(privateDnsZoneNames, name => contains(name, 'privatelink.blob'))[0]) -output filePrivateDnsZoneId string = resourceId('Microsoft.Network/privateDnsZones', filter(privateDnsZoneNames, name => contains(name, 'privatelink.file'))[0]) -output keyvaultDnsPrivateDnsZoneId string = resourceId('Microsoft.Network/privateDnsZones', filter(privateDnsZoneNames, name => contains(name, 'privatelink.vaultcore'))[0]) -output monitorPrivateDnsZoneId string = resourceId('Microsoft.Network/privateDnsZones', filter(privateDnsZoneNames, name => contains(name, 'privatelink.monitor'))[0]) -output odsPrivateDnsZoneId string = resourceId('Microsoft.Network/privateDnsZones', filter(privateDnsZoneNames, name => contains(name, 'privatelink.ods.opinsights'))[0]) -output omsPrivateDnsZoneId string = resourceId('Microsoft.Network/privateDnsZones', filter(privateDnsZoneNames, name => contains(name, 'privatelink.oms.opinsights'))[0]) -output queuePrivateDnsZoneId string = resourceId('Microsoft.Network/privateDnsZones', filter(privateDnsZoneNames, name => contains(name, 'privatelink.queue'))[0]) -output tablePrivateDnsZoneId string = resourceId('Microsoft.Network/privateDnsZones', filter(privateDnsZoneNames, name => contains(name, 'privatelink.table'))[0]) +output privateDnsZoneResourceIds object = { + agentSvc: resourceId('Microsoft.Network/privateDnsZones', filter(privateDnsZoneNames, name => startsWith(name, 'privatelink.agentsvc'))[0]) + blob: resourceId('Microsoft.Network/privateDnsZones', filter(privateDnsZoneNames, name => contains(name, 'blob'))[0]) + file: resourceId('Microsoft.Network/privateDnsZones', filter(privateDnsZoneNames, name => contains(name, 'file'))[0]) + keyVault: resourceId('Microsoft.Network/privateDnsZones', filter(privateDnsZoneNames, name => contains(name, 'vaultcore'))[0]) + monitor: resourceId('Microsoft.Network/privateDnsZones', filter(privateDnsZoneNames, name => contains(name, 'monitor'))[0]) + ods: resourceId('Microsoft.Network/privateDnsZones', filter(privateDnsZoneNames, name => contains(name, 'ods.opinsights'))[0]) + oms: resourceId('Microsoft.Network/privateDnsZones', filter(privateDnsZoneNames, name => contains(name, 'oms.opinsights'))[0]) + queue: resourceId('Microsoft.Network/privateDnsZones', filter(privateDnsZoneNames, name => contains(name, 'queue'))[0]) + table: resourceId('Microsoft.Network/privateDnsZones', filter(privateDnsZoneNames, name => contains(name, 'table'))[0]) +} diff --git a/src/bicep/modules/private-link-scope.bicep b/src/bicep/modules/private-link-scope.bicep index d4e4677a6..0dd53cbfc 100644 --- a/src/bicep/modules/private-link-scope.bicep +++ b/src/bicep/modules/private-link-scope.bicep @@ -12,8 +12,8 @@ resource privateLinkScope 'microsoft.insights/privateLinkScopes@2021-09-01' = { location: 'global' properties: { accessModeSettings: { - ingestionAccessMode: 'Private' - queryAccessMode: 'Private' + ingestionAccessMode: 'PrivateOnly' + queryAccessMode: 'PrivateOnly' } } } diff --git a/src/bicep/modules/public-ip-address-diagnostics.bicep b/src/bicep/modules/public-ip-address-diagnostics.bicep index ca84868b7..919de0270 100644 --- a/src/bicep/modules/public-ip-address-diagnostics.bicep +++ b/src/bicep/modules/public-ip-address-diagnostics.bicep @@ -5,17 +5,18 @@ Licensed under the MIT License. param hubStorageAccountResourceId string param logAnalyticsWorkspaceResourceId string -param name string +param publicIPAddressDiagnosticSettingName string param publicIPAddressDiagnosticsLogs array param publicIPAddressDiagnosticsMetrics array +param publicIPAddressName string resource publicIPAddress 'Microsoft.Network/publicIPAddresses@2021-02-01' existing = { - name: name + name: publicIPAddressName } resource publicIpAddressDiagnostics 'Microsoft.Insights/diagnosticSettings@2017-05-01-preview' = { scope: publicIPAddress - name: '${publicIPAddress.name}-diagnostics' + name: publicIPAddressDiagnosticSettingName properties: { storageAccountId: hubStorageAccountResourceId workspaceId: logAnalyticsWorkspaceResourceId diff --git a/src/bicep/modules/remote-access.bicep b/src/bicep/modules/remote-access.bicep index f5360ee30..601d605ad 100644 --- a/src/bicep/modules/remote-access.bicep +++ b/src/bicep/modules/remote-access.bicep @@ -13,8 +13,9 @@ param deployBastion bool param deployLinuxVirtualMachine bool param deployWindowsVirtualMachine bool param diskEncryptionSetResourceId string +param hub object param hubNetworkSecurityGroupResourceId string -param hubProperties object +param hubResourceGroupName string param hubSubnetResourceId string param hybridUseBenefit bool param linuxNetworkInterfacePrivateIPAddressAllocationMethod string @@ -37,6 +38,7 @@ param linuxVmSize string param location string param logAnalyticsWorkspaceId string param mlzTags object +param serviceToken string param tags object param windowsNetworkInterfacePrivateIPAddressAllocationMethod string @secure() @@ -54,54 +56,40 @@ param windowsVmVersion string module bastionHost '../modules/bastion-host.bicep' = if (deployBastion) { name: 'remoteAccess-bastionHost' - scope: resourceGroup(hubProperties.subscriptionId, hubProperties.resourceGroupName) + scope: resourceGroup(hub.subscriptionId, hubResourceGroupName) params: { bastionHostSubnetResourceId: bastionHostSubnetResourceId - ipConfigurationName: hubProperties.bastionHostIPConfigurationName location: location mlzTags: mlzTags - name: hubProperties.bastionHostName + name: hub.namingConvention.bastionHost publicIPAddressAllocationMethod: bastionHostPublicIPAddressAllocationMethod publicIPAddressAvailabilityZones: bastionHostPublicIPAddressAvailabilityZones - publicIPAddressName: hubProperties.bastionHostPublicIPAddressName + publicIPAddressName: hub.namingConvention.bastionHostPublicIPAddress publicIPAddressSkuName: bastionHostPublicIPAddressSkuName tags: tags } } -module linuxNetworkInterface '../modules/network-interface.bicep' = - if (deployLinuxVirtualMachine) { - name: 'remoteAccess-linuxNetworkInterface' - scope: resourceGroup(hubProperties.subscriptionId, hubProperties.resourceGroupName) - params: { - ipConfigurationName: hubProperties.linuxNetworkInterfaceIpConfigurationName - location: location - mlzTags: mlzTags - name: hubProperties.linuxNetworkInterfaceName - networkSecurityGroupId: hubNetworkSecurityGroupResourceId - privateIPAddressAllocationMethod: linuxNetworkInterfacePrivateIPAddressAllocationMethod - subnetId: hubSubnetResourceId - tags: tags - } - } - module linuxVirtualMachine '../modules/linux-virtual-machine.bicep' = if (deployLinuxVirtualMachine) { name: 'remoteAccess-linuxVirtualMachine' - scope: resourceGroup(hubProperties.subscriptionId, hubProperties.resourceGroupName) + scope: resourceGroup(hub.subscriptionId, hubResourceGroupName) params: { adminPasswordOrKey: linuxVmAdminPasswordOrKey adminUsername: linuxVmAdminUsername authenticationType: linuxVmAuthenticationType diskEncryptionSetResourceId: diskEncryptionSetResourceId - diskName: hubProperties.linuxDiskName + diskName: replace(hub.namingConvention.virtualMachineDisk, serviceToken, 'remoteAccess-linux') location: location logAnalyticsWorkspaceId: logAnalyticsWorkspaceId mlzTags: mlzTags - name: hubProperties.linuxVmName - networkInterfaceName: deployLinuxVirtualMachine ? linuxNetworkInterface.outputs.name : '' + name: replace(hub.namingConvention.virtualMachine, serviceToken, 'ral') + networkInterfaceName: replace(hub.namingConvention.virtualMachineNetworkInterface, serviceToken, 'remoteAccess-linux') + networkSecurityGroupResourceId: hubNetworkSecurityGroupResourceId osDiskCreateOption: linuxVmOsDiskCreateOption osDiskType: linuxVmOsDiskType + privateIPAddressAllocationMethod: linuxNetworkInterfacePrivateIPAddressAllocationMethod + subnetResourceId: hubSubnetResourceId tags: tags vmImageOffer: linuxVmImageOffer vmImagePublisher: linuxVmImagePublisher @@ -111,43 +99,30 @@ module linuxVirtualMachine '../modules/linux-virtual-machine.bicep' = } } -module windowsNetworkInterface '../modules/network-interface.bicep' = - if (deployWindowsVirtualMachine) { - name: 'remoteAccess-windowsNetworkInterface' - scope: resourceGroup(hubProperties.subscriptionId, hubProperties.resourceGroupName) - params: { - ipConfigurationName: hubProperties.windowsNetworkInterfaceIpConfigurationName - location: location - mlzTags: mlzTags - name: hubProperties.windowsNetworkInterfaceName - networkSecurityGroupId: hubNetworkSecurityGroupResourceId - privateIPAddressAllocationMethod: windowsNetworkInterfacePrivateIPAddressAllocationMethod - subnetId: hubSubnetResourceId - tags: tags - } - } - module windowsVirtualMachine '../modules/windows-virtual-machine.bicep' = if (deployWindowsVirtualMachine) { name: 'remoteAccess-windowsVirtualMachine' - scope: resourceGroup(hubProperties.subscriptionId, hubProperties.resourceGroupName) + scope: resourceGroup(hub.subscriptionId, hubResourceGroupName) params: { adminPassword: windowsVmAdminPassword adminUsername: windowsVmAdminUsername createOption: windowsVmCreateOption diskEncryptionSetResourceId: diskEncryptionSetResourceId - diskName: hubProperties.windowsDiskName + diskName: replace(hub.namingConvention.virtualMachineDisk, serviceToken, 'remoteAccess-windows') hybridUseBenefit: hybridUseBenefit location: location logAnalyticsWorkspaceId: logAnalyticsWorkspaceId mlzTags: mlzTags - name: hubProperties.windowsVmName - networkInterfaceName: deployWindowsVirtualMachine ? windowsNetworkInterface.outputs.name : '' + name: replace(hub.namingConvention.virtualMachine, serviceToken, 'raw') + networkInterfaceName: replace(hub.namingConvention.virtualMachineNetworkInterface, serviceToken, 'remoteAccess-windows') + networkSecurityGroupResourceId: hubNetworkSecurityGroupResourceId offer: windowsVmOffer + privateIPAddressAllocationMethod: windowsNetworkInterfacePrivateIPAddressAllocationMethod publisher: windowsVmPublisher size: windowsVmSize sku: windowsVmSku storageAccountType: windowsVmStorageAccountType + subnetResourceId: hubSubnetResourceId tags: tags version: windowsVmVersion } diff --git a/src/bicep/modules/resource-groups.bicep b/src/bicep/modules/resource-groups.bicep index 3f56b5ebc..6696252fc 100644 --- a/src/bicep/modules/resource-groups.bicep +++ b/src/bicep/modules/resource-groups.bicep @@ -8,16 +8,19 @@ targetScope = 'subscription' param deploymentNameSuffix string param location string param mlzTags object -param networks array +param serviceToken string +param tiers array param tags object -module resourceGroups 'resource-group.bicep' = [for network in networks: { - name: 'deploy-rg-${network.name}-${deploymentNameSuffix}' - scope: subscription(network.subscriptionId) +module resourceGroups 'resource-group.bicep' = [for tier in tiers: { + name: 'deploy-rg-${tier.name}-${deploymentNameSuffix}' + scope: subscription(tier.subscriptionId) params: { mlzTags: mlzTags - name: network.resourceGroupName + name: replace(tier.namingConvention.resourceGroup, serviceToken, 'network') location: location tags: tags } }] + +output names array = [for (tier, i) in tiers: resourceGroups[i].outputs.name] diff --git a/src/bicep/modules/role-assignment.bicep b/src/bicep/modules/role-assignment.bicep index a3882c36e..2c425c2d5 100644 --- a/src/bicep/modules/role-assignment.bicep +++ b/src/bicep/modules/role-assignment.bicep @@ -16,7 +16,7 @@ param principalType string = 'ServicePrincipal' param description string = '' resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = { - name: guid(targetResourceId,roleDefinitionId,principalId) + name: guid(targetResourceId, roleDefinitionId, principalId) properties: { principalId: principalId principalType: principalType diff --git a/src/bicep/modules/route-table.bicep b/src/bicep/modules/route-table.bicep index bc5da73c2..228fdea7a 100644 --- a/src/bicep/modules/route-table.bicep +++ b/src/bicep/modules/route-table.bicep @@ -7,10 +7,10 @@ param disableBgpRoutePropagation bool param location string param mlzTags object param name string -param routeAddressPrefix string -param routeName string +param routeAddressPrefix string = '0.0.0.0/0' +param routeName string = 'default_route' param routeNextHopIpAddress string -param routeNextHopType string +param routeNextHopType string = 'VirtualAppliance' param tags object resource routeTable 'Microsoft.Network/routeTables@2021-02-01' = { diff --git a/src/bicep/modules/spoke-network-peering.bicep b/src/bicep/modules/spoke-network-peering.bicep index e04bfd22f..6b576ab5d 100644 --- a/src/bicep/modules/spoke-network-peering.bicep +++ b/src/bicep/modules/spoke-network-peering.bicep @@ -5,18 +5,18 @@ Licensed under the MIT License. targetScope = 'subscription' +param hubVirtualNetworkResourceId string +param resourceGroupName string param spokeName string -param spokeResourceGroupName string param spokeVirtualNetworkName string - -param hubVirtualNetworkName string -param hubVirtualNetworkResourceId string +param subscriptionId string module spokeNetworkPeering '../modules/virtual-network-peering.bicep' = { name: '${spokeName}-to-hub-vnet-peering' - scope: resourceGroup(spokeResourceGroupName) + scope: resourceGroup(subscriptionId, resourceGroupName) params: { - name: '${spokeVirtualNetworkName}/to-${hubVirtualNetworkName}' remoteVirtualNetworkResourceId: hubVirtualNetworkResourceId + virtualNetworkName: spokeVirtualNetworkName + virtualNetworkPeerName: 'to-${split(hubVirtualNetworkResourceId, '/')[8]}' } } diff --git a/src/bicep/modules/spoke-network.bicep b/src/bicep/modules/spoke-network.bicep index 2cfcfa0c6..7a23d2f3c 100644 --- a/src/bicep/modules/spoke-network.bicep +++ b/src/bicep/modules/spoke-network.bicep @@ -3,6 +3,9 @@ Copyright (c) Microsoft Corporation. Licensed under the MIT License. */ +targetScope = 'subscription' + +param additionalSubnets array = [] param deployNetworkWatcher bool param firewallSkuTier string param location string @@ -10,22 +13,41 @@ param mlzTags object param networkSecurityGroupName string param networkSecurityGroupRules array param networkWatcherName string +param resourceGroupName string param routeTableName string -param routeTableRouteName string = 'default_route' -param routeTableRouteAddressPrefix string = '0.0.0.0/0' param routeTableRouteNextHopIpAddress string -param routeTableRouteNextHopType string = 'VirtualAppliance' param subnetAddressPrefix string param subnetName string -param subnetPrivateEndpointNetworkPolicies string -param subnetPrivateLinkServiceNetworkPolicies string +param subscriptionId string param tags object param virtualNetworkAddressPrefix string param virtualNetworkName string param vNetDnsServers array +var delegations = { + AzureNetAppFiles: [ + { + name: 'Microsoft.Netapp.volumes' + id: resourceId('Microsoft.Network/virtualNetworks/subnets/delegations', virtualNetworkName, 'AzureNetAppFiles', 'Microsoft.Netapp.volumes') + properties: { + serviceName: 'Microsoft.Netapp/volumes' + } + type: 'Microsoft.Network/virtualNetworks/subnets/delegations' + } + ] +} +var subnets = union([ + { + name: subnetName + properties: { + addressPrefix: subnetAddressPrefix + } + } +], additionalSubnets) + module networkSecurityGroup '../modules/network-security-group.bicep' = { name: 'networkSecurityGroup' + scope: resourceGroup(subscriptionId, resourceGroupName) params: { location: location mlzTags: mlzTags @@ -37,21 +59,20 @@ module networkSecurityGroup '../modules/network-security-group.bicep' = { module routeTable '../modules/route-table.bicep' = { name: 'routeTable' + scope: resourceGroup(subscriptionId, resourceGroupName) params: { disableBgpRoutePropagation: true location: location mlzTags: mlzTags name: routeTableName - routeAddressPrefix: routeTableRouteAddressPrefix - routeName: routeTableRouteName routeNextHopIpAddress: routeTableRouteNextHopIpAddress - routeNextHopType: routeTableRouteNextHopType tags: tags } } module networkWatcher '../modules/network-watcher.bicep' = if (deployNetworkWatcher) { name: 'networkWatcher' + scope: resourceGroup(subscriptionId, resourceGroupName) params: { location: location mlzTags: mlzTags @@ -62,27 +83,27 @@ module networkWatcher '../modules/network-watcher.bicep' = if (deployNetworkWatc module virtualNetwork '../modules/virtual-network.bicep' = { name: 'virtualNetwork' + scope: resourceGroup(subscriptionId, resourceGroupName) params: { addressPrefix: virtualNetworkAddressPrefix location: location mlzTags: mlzTags name: virtualNetworkName - subnets: [ - { - name: subnetName - properties: { - addressPrefix: subnetAddressPrefix - networkSecurityGroup: { - id: networkSecurityGroup.outputs.id - } - routeTable: { - id: routeTable.outputs.id - } - privateEndpointNetworkPolicies: subnetPrivateEndpointNetworkPolicies - privateLinkServiceNetworkPolicies: subnetPrivateLinkServiceNetworkPolicies + subnets: [for subnet in subnets: { + name: subnet.name + properties: { + addressPrefix: subnet.properties.addressPrefix + delegations: delegations[?subnet.name] ?? [] + networkSecurityGroup: { + id: networkSecurityGroup.outputs.id + } + routeTable: { + id: routeTable.outputs.id } + privateEndpointNetworkPolicies: 'Disabled' + privateLinkServiceNetworkPolicies: 'Disabled' } - ] + }] tags: tags vNetDnsServers: vNetDnsServers firewallSkuTier: firewallSkuTier diff --git a/src/bicep/modules/storage.bicep b/src/bicep/modules/storage.bicep index f1c4b1060..d3550e4d7 100644 --- a/src/bicep/modules/storage.bicep +++ b/src/bicep/modules/storage.bicep @@ -9,19 +9,20 @@ param blobsPrivateDnsZoneResourceId string param deployIdentity bool param deploymentNameSuffix string param keyVaultUri string -param logStorageSkuName string param location string +param logStorageSkuName string param mlzTags object -param networks array +param resourceGroupNames array param serviceToken string param storageEncryptionKeyName string param tablesPrivateDnsZoneResourceId string param tags object +param tiers array param userAssignedIdentityResourceId string -module storageAccount 'storage-account.bicep' = [for (network, i) in networks: { - name: 'deploy-storage-account-${network.name}-${deploymentNameSuffix}' - scope: resourceGroup(network.subscriptionId, network.resourceGroupName) +module storageAccount 'storage-account.bicep' = [for (tier, i) in tiers: { + name: 'deploy-storage-account-${tier.name}-${deploymentNameSuffix}' + scope: resourceGroup(tier.subscriptionId, resourceGroupNames[i]) params: { blobsPrivateDnsZoneResourceId: blobsPrivateDnsZoneResourceId keyVaultUri: keyVaultUri @@ -29,11 +30,11 @@ module storageAccount 'storage-account.bicep' = [for (network, i) in networks: { mlzTags: mlzTags serviceToken: serviceToken skuName: logStorageSkuName - storageAccountName: network.logStorageAccountName - storageAccountNetworkInterfaceNamePrefix: network.logStorageAccountNetworkInterfaceNamePrefix - storageAccountPrivateEndpointNamePrefix: network.logStorageAccountPrivateEndpointNamePrefix + storageAccountName: tier.namingConvention.storageAccount + storageAccountNetworkInterfaceNamePrefix: tier.namingConvention.storageAccountNetworkInterface + storageAccountPrivateEndpointNamePrefix: tier.namingConvention.storageAccountPrivateEndpoint storageEncryptionKeyName: storageEncryptionKeyName - subnetResourceId: resourceId(network.subscriptionId, network.resourceGroupName, 'Microsoft.Network/virtualNetworks/subnets', network.virtualNetworkName, network.subnetName) + subnetResourceId: resourceId(tier.subscriptionId, resourceGroupNames[i], 'Microsoft.Network/virtualNetworks/subnets', tier.namingConvention.virtualNetwork, tier.namingConvention.subnet) tablesPrivateDnsZoneResourceId: tablesPrivateDnsZoneResourceId tags: tags userAssignedIdentityResourceId: userAssignedIdentityResourceId @@ -41,11 +42,11 @@ module storageAccount 'storage-account.bicep' = [for (network, i) in networks: { }] output storageAccountResourceIds array = union([ - resourceId(networks[0].subscriptionId, networks[0].resourceGroupName, 'Microsoft.Storage/storageAccounts', networks[0].logStorageAccountName) - resourceId(networks[1].subscriptionId, networks[1].resourceGroupName, 'Microsoft.Storage/storageAccounts', networks[1].logStorageAccountName) - resourceId(networks[2].subscriptionId, networks[2].resourceGroupName, 'Microsoft.Storage/storageAccounts', networks[2].logStorageAccountName) + resourceId(tiers[0].subscriptionId, resourceGroupNames[0], 'Microsoft.Storage/storageAccounts', tiers[0].namingConvention.storageAccount) + resourceId(tiers[1].subscriptionId, resourceGroupNames[1], 'Microsoft.Storage/storageAccounts', tiers[1].namingConvention.storageAccount) + resourceId(tiers[2].subscriptionId, resourceGroupNames[2], 'Microsoft.Storage/storageAccounts', tiers[2].namingConvention.storageAccount) ], deployIdentity ? [ - resourceId(networks[3].subscriptionId, networks[3].resourceGroupName, 'Microsoft.Storage/storageAccounts', networks[3].logStorageAccountName) + resourceId(tiers[3].subscriptionId, resourceGroupNames[3], 'Microsoft.Storage/storageAccounts', tiers[3].namingConvention.storageAccount) ] : [] ) diff --git a/src/bicep/modules/user-assigned-identity.bicep b/src/bicep/modules/user-assigned-identity.bicep index 1473236ac..eafc8172a 100644 --- a/src/bicep/modules/user-assigned-identity.bicep +++ b/src/bicep/modules/user-assigned-identity.bicep @@ -3,24 +3,29 @@ Copyright (c) Microsoft Corporation. Licensed under the MIT License. */ +param keyVaultName string param location string param mlzTags object -param name string param tags object +param userAssignedIdentityName string resource userAssignedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = { - name: name + name: userAssignedIdentityName location: location tags: union(contains(tags, 'Microsoft.ManagedIdentity/userAssignedIdentities') ? tags['Microsoft.ManagedIdentity/userAssignedIdentities'] : {}, mlzTags) } -module roleAssignment 'role-assignment.bicep' = { - name: 'roleAssignmentEncryption' - params: { +resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' existing = { + name: keyVaultName +} + +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = { + name: guid(userAssignedIdentityName, 'e147488a-f6f5-4113-8e2d-b22465e65bf6', keyVaultName) + scope: keyVault + properties: { principalId: userAssignedIdentity.properties.principalId principalType: 'ServicePrincipal' roleDefinitionId: resourceId('Microsoft.Authorization/roleDefinitions', 'e147488a-f6f5-4113-8e2d-b22465e65bf6') // Key Vault Crypto Service Encryption User - targetResourceId: resourceGroup().id } } diff --git a/src/bicep/modules/virtual-network-diagnostics.bicep b/src/bicep/modules/virtual-network-diagnostics.bicep index 8c48743d9..e8db716af 100644 --- a/src/bicep/modules/virtual-network-diagnostics.bicep +++ b/src/bicep/modules/virtual-network-diagnostics.bicep @@ -7,15 +7,16 @@ param logAnalyticsWorkspaceResourceId string param logs array param logStorageAccountResourceId string param metrics array -param name string +param virtualNetworkDiagnosticSettingName string +param virtualNetworkName string resource virtualNetwork 'Microsoft.Network/virtualNetworks@2021-02-01' existing = { - name: name + name: virtualNetworkName } resource diagnostics 'Microsoft.Insights/diagnosticSettings@2017-05-01-preview' = { scope: virtualNetwork - name: '${virtualNetwork.name}-diagnostics' + name: virtualNetworkDiagnosticSettingName properties: { storageAccountId: logStorageAccountResourceId workspaceId: logAnalyticsWorkspaceResourceId diff --git a/src/bicep/modules/virtual-network-peering.bicep b/src/bicep/modules/virtual-network-peering.bicep index 8f2117600..3767ba140 100644 --- a/src/bicep/modules/virtual-network-peering.bicep +++ b/src/bicep/modules/virtual-network-peering.bicep @@ -3,11 +3,17 @@ Copyright (c) Microsoft Corporation. Licensed under the MIT License. */ -param name string param remoteVirtualNetworkResourceId string +param virtualNetworkName string +param virtualNetworkPeerName string + +resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-11-01' existing = { + name: virtualNetworkName +} resource virtualNetworkPeering 'Microsoft.Network/virtualNetworks/virtualNetworkPeerings@2021-02-01' = { - name: name + parent: virtualNetwork + name: virtualNetworkPeerName properties: { allowForwardedTraffic: true remoteVirtualNetwork: { diff --git a/src/bicep/modules/windows-virtual-machine.bicep b/src/bicep/modules/windows-virtual-machine.bicep index fe195192e..21769be0d 100644 --- a/src/bicep/modules/windows-virtual-machine.bicep +++ b/src/bicep/modules/windows-virtual-machine.bicep @@ -17,17 +17,29 @@ param logAnalyticsWorkspaceId string param mlzTags object = {} param name string param networkInterfaceName string +param networkSecurityGroupResourceId string param offer string +param privateIPAddressAllocationMethod string param publisher string param size string param sku string param storageAccountType string +param subnetResourceId string param tags object = {} param version string -resource networkInterface 'Microsoft.Network/networkInterfaces@2021-02-01' existing = { - name: networkInterfaceName -} +module networkInterface '../modules/network-interface.bicep' = { + name: 'remoteAccess-windowsNetworkInterface' + params: { + location: location + mlzTags: mlzTags + name: networkInterfaceName + networkSecurityGroupResourceId: networkSecurityGroupResourceId + privateIPAddressAllocationMethod: privateIPAddressAllocationMethod + subnetResourceId: subnetResourceId + tags: tags + } + } resource virtualMachine 'Microsoft.Compute/virtualMachines@2021-04-01' = { name: name @@ -48,7 +60,7 @@ resource virtualMachine 'Microsoft.Compute/virtualMachines@2021-04-01' = { networkProfile: { networkInterfaces: [ { - id: networkInterface.id + id: networkInterface.outputs.id properties: { deleteOption: 'Delete' }