diff --git a/eslzArm/eslz-portal.json b/eslzArm/eslz-portal.json index 66e651d25e..1e3365cd0c 100644 --- a/eslzArm/eslz-portal.json +++ b/eslzArm/eslz-portal.json @@ -1064,42 +1064,6 @@ ] }, "visible": "[equals(steps('management').enableAsc,'Yes')]" - }, - { - "name": "alzPreReqRgCustomName", - "type": "Microsoft.Common.TextBox", - "label": "ALZ prerequisite resource group name", - "toolTip": "Name for the Azure Landing Zone prerequisite resource group", - "defaultValue": "rg-alz-prereq-prod", - "visible": "[equals(steps('core').namingConvention, 'custom')]", - "constraints": { - "regex": "^[a-zA-Z0-9][a-zA-Z0-9-_.()]{0,89}[a-zA-Z0-9_]$", - "validationMessage": "Resource group name must be 1-90 characters long and can contain alphanumeric characters, hyphens, underscores, periods, and parentheses. Cannot start or end with period." - } - }, - { - "name": "alzPreReqUAMICustomName", - "type": "Microsoft.Common.TextBox", - "label": "ALZ prerequisite User Assigned Identity name", - "toolTip": "Name for the Azure Landing Zone prerequisite User Assigned Managed Identity", - "defaultValue": "id-alz-prereq-prod", - "visible": "[equals(steps('core').namingConvention, 'custom')]", - "constraints": { - "regex": "^[a-zA-Z0-9][a-zA-Z0-9-_.]{0,126}[a-zA-Z0-9_]$", - "validationMessage": "User Assigned Identity name must be 3-128 characters long and can contain alphanumeric characters, hyphens, underscores, and periods." - } - }, - { - "name": "alzPreReqScriptCustomName", - "type": "Microsoft.Common.TextBox", - "label": "ALZ prerequisite script name", - "toolTip": "Name for the Azure Landing Zone prerequisite deployment script", - "defaultValue": "script-alz-prereq-prod", - "visible": "[equals(steps('core').namingConvention, 'custom')]", - "constraints": { - "regex": "^[a-zA-Z0-9][a-zA-Z0-9-_.]{0,88}[a-zA-Z0-9_]$", - "validationMessage": "Deployment script name must be 2-90 characters long and can contain alphanumeric characters, hyphens, underscores, and periods." - } } ] }, @@ -11129,9 +11093,6 @@ "azFwPolicyNameSecondary": "[steps('connectivity').esNetworkSecondarySubSection.azFwPolicySecondaryCustomName]", "routeTableName": "[steps('connectivity').routeTableCustomName]", "routeTableNameSecondary": "[steps('connectivity').esNetworkSecondarySubSection.routeTableSecondaryCustomName]", - "alzPreReqRg": "[steps('management').alzPreReqRgCustomName]", - "alzPreReqUAMIName": "[steps('management').alzPreReqUAMICustomName]", - "alzPreReqScriptName": "[steps('management').alzPreReqScriptCustomName]", "avnmName": "[steps('connectivity').avnmCustomName]", "avnmRgName": "[steps('connectivity').avnmRgCustomName]", "avnmUserAssignedIdentityName": "[steps('connectivity').avnmUserAssignedIdentityCustomName]", diff --git a/eslzArm/eslzArm.json b/eslzArm/eslzArm.json index cd9b65bc3c..5222619d33 100644 --- a/eslzArm/eslzArm.json +++ b/eslzArm/eslzArm.json @@ -1813,9 +1813,6 @@ "azFwPolicyNameSecondary": "[if(and(contains(parameters('customResourceNames'), 'azFwPolicyNameSecondary'), not(empty(parameters('customResourceNames').azFwPolicyNameSecondary))), parameters('customResourceNames').azFwPolicyNameSecondary, concat('afwp-', parameters('enterpriseScaleCompanyPrefix'), '-prod-', parameters('connectivityLocationSecondary')))]", "routeTableName": "[if(and(contains(parameters('customResourceNames'), 'routeTableName'), not(empty(parameters('customResourceNames').routeTableName))), parameters('customResourceNames').routeTableName, concat('rt-hub-', parameters('enterpriseScaleCompanyPrefix'), '-prod-', parameters('connectivityLocation')))]", "routeTableNameSecondary": "[if(and(contains(parameters('customResourceNames'), 'routeTableNameSecondary'), not(empty(parameters('customResourceNames').routeTableNameSecondary))), parameters('customResourceNames').routeTableNameSecondary, concat('rt-hub-', parameters('enterpriseScaleCompanyPrefix'), '-prod-', parameters('connectivityLocationSecondary')))]", - "alzPreReqRg": "[if(and(contains(parameters('customResourceNames'), 'alzPreReqRg'), not(empty(parameters('customResourceNames').alzPreReqRg))), parameters('customResourceNames').alzPreReqRg, concat('rg-alz-prereq-prod-', parameters('connectivityLocation')))]", - "alzPreReqUAMIName": "[if(and(contains(parameters('customResourceNames'), 'alzPreReqUAMIName'), not(empty(parameters('customResourceNames').alzPreReqUAMIName))), parameters('customResourceNames').alzPreReqUAMIName, concat('id-alz-prereq-prod-', parameters('connectivityLocation')))]", - "alzPreReqScriptName": "[if(and(contains(parameters('customResourceNames'), 'alzPreReqScriptName'), not(empty(parameters('customResourceNames').alzPreReqScriptName))), parameters('customResourceNames').alzPreReqScriptName, concat('script-alz-prereq-prod-', parameters('connectivityLocation')))]", "avnmName": "[if(and(contains(parameters('customResourceNames'), 'avnmName'), not(empty(parameters('customResourceNames').avnmName))), parameters('customResourceNames').avnmName, concat('vnm-', parameters('enterpriseScaleCompanyPrefix'), '-prod-', parameters('connectivityLocation')))]", "avnmRgName": "[if(and(contains(parameters('customResourceNames'), 'avnmRgName'), not(empty(parameters('customResourceNames').avnmRgName))), parameters('customResourceNames').avnmRgName, concat('rg-vnm-prod-', parameters('connectivityLocation')))]", "avnmUserAssignedIdentityName": "[if(and(contains(parameters('customResourceNames'), 'avnmUserAssignedIdentityName'), not(empty(parameters('customResourceNames').avnmUserAssignedIdentityName))), parameters('customResourceNames').avnmUserAssignedIdentityName, concat('id-vnm-prod-', parameters('connectivityLocation')))]", @@ -1895,7 +1892,6 @@ "roleDefinitions": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/roleDefinitions/customRoleDefinitions.json')]", "policyDefinitions": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyDefinitions/policies.json')]", "initiativeDefinitions": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyDefinitions/initiatives.json')]", - "preRequisites": "[uri(deployment().properties.templateLink.uri, 'prerequisites/deployPrerequisites.json')]", "avnmConnectivityHub": "[uri(deployment().properties.templateLink.uri, 'subscriptionTemplates/avnmConfiguration.json')]", "avnmPolicy": "[uri(deployment().properties.templateLink.uri, 'subscriptionTemplates/avnmPolicy.json')]", "vnetConnectivityHub": "[uri(deployment().properties.templateLink.uri, 'subscriptionTemplates/hubspoke-connectivity.json')]", @@ -2443,8 +2439,7 @@ "scope": "[concat('Microsoft.Management/managementGroups/', parameters('enterpriseScaleCompanyPrefix'))]", "dependsOn": [ "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').mgmtGroupDeploymentName)]", - "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').mgmtGroupLiteDeploymentName)]", - "alz-prerequisites" + "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').mgmtGroupLiteDeploymentName)]" ], "properties": { "mode": "Incremental", @@ -2546,8 +2541,7 @@ "location": "[deployment().location]", "scope": "[concat('Microsoft.Management/managementGroups/', parameters('enterpriseScaleCompanyPrefix'))]", "dependsOn": [ - "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').mgmtGroupLiteDeploymentName)]", - "alz-prerequisites" + "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').mgmtGroupLiteDeploymentName)]" ], "properties": { "mode": "Incremental", @@ -2640,86 +2634,10 @@ } } }, - { - // ALZ Pre-Requisites and Azure's Untold Story... - "condition": "[not(empty(parameters('managementSubscriptionId')))]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2024-11-01", - "name": "alz-prerequisites", - "scope": "[variables('scopes').eslzRootManagementGroup]", - "location": "[deployment().location]", - "dependsOn": [ - "[variables('deploymentNames').initiativeDeploymentName]", - "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').mgmtSubscriptionPlacement)]" - ], - "properties": { - "mode": "Incremental", - "templateLink": { - "contentVersion": "1.0.0.0", - "uri": "[variables('deploymentUris').preRequisites]" - }, - "parameters": { - "location": { - "value": "[deployment().location]" - }, - "eslzRootName": { - "value": "[parameters('enterpriseScaleCompanyPrefix')]" - }, - "managementSubscriptionId": { - "value": "[parameters('managementSubscriptionId')]" - }, - "resourceGroupName": { - "value": "[parameters('resourceNames').alzPreReqRg]" - }, - "userAssignedIdentityName": { - "value": "[parameters('resourceNames').alzPreReqUAMIName]" - }, - "deploymentScriptName": { - "value": "[parameters('resourceNames').alzPreReqScriptName]" - } - } - } - }, - { - // ALZ Pre-Requisites and Azure's Untold Story... LITE - "condition": "[not(empty(parameters('singlePlatformSubscriptionId')))]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2024-11-01", - "name": "alz-prerequisites", - "scope": "[variables('scopes').eslzRootManagementGroup]", - "location": "[deployment().location]", - "dependsOn": [ - "[variables('deploymentNames').initiativeDeploymentName]", - "[variables('esLiteDeploymentNames').mgmtGroupLiteDeploymentName]" - ], - "properties": { - "mode": "Incremental", - "templateLink": { - "contentVersion": "1.0.0.0", - "uri": "[variables('deploymentUris').preRequisites]" - }, - "parameters": { - "location": { - "value": "[deployment().location]" - }, - "eslzRootName": { - "value": "[parameters('enterpriseScaleCompanyPrefix')]" - }, - "managementSubscriptionId": { - "value": "[parameters('singlePlatformSubscriptionId')]" - }, - "resourceGroupName": { - "value": "[parameters('resourceNames').alzPreReqRg]" - }, - "userAssignedIdentityName": { - "value": "[parameters('resourceNames').alzPreReqUAMIName]" - }, - "deploymentScriptName": { - "value": "[parameters('resourceNames').alzPreReqScriptName]" - } - } - } - }, + /* + ALZ Pre-Requisites removed - policy assignment templates now use retryOn (languageVersion 2.0) + to handle eventual consistency for policy definitions and initiatives. + */ /* The following deployments will organize the dedicated platform subscriptions into their respective management groups */ @@ -2843,8 +2761,7 @@ "location": "[deployment().location]", "subscriptionId": "[parameters('managementSubscriptionId')]", "dependsOn": [ - "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').mgmtSubscriptionPlacement)]", - "alz-prerequisites" + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').mgmtSubscriptionPlacement)]" ], "properties": { "mode": "Incremental", @@ -3060,7 +2977,6 @@ "location": "[deployment().location]", "dependsOn": [ "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').mgmtSubscriptionPlacement)]", - "alz-prerequisites", "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').monitoringDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').monitoringLiteDeploymentName)]" ], @@ -3083,7 +2999,6 @@ "location": "[deployment().location]", "dependsOn": [ "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').mgmtSubscriptionPlacement)]", - "alz-prerequisites", "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').monitoringDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').monitoringLiteDeploymentName)]" ], @@ -3109,8 +3024,7 @@ "scope": "[variables('scopes').eslzRootManagementGroup]", "location": "[deployment().location]", "dependsOn": [ - "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').mgmtSubscriptionPlacement)]", - "alz-prerequisites" + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').mgmtSubscriptionPlacement)]" ], "properties": { "mode": "Incremental", @@ -3164,7 +3078,6 @@ "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').vnetConnectivityHubLiteDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').nvaConnectivityHubLiteDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').monitoringDeploymentName)]", - "alz-prerequisites", "corpConnectedMoveLzs" ], "copy": { @@ -3214,7 +3127,6 @@ "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').vnetConnectivityHubLiteDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').nvaConnectivityHubLiteDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').monitoringDeploymentName)]", - "alz-prerequisites", "corpConnectedMoveLzs" ], "copy": { @@ -3264,7 +3176,6 @@ "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').vnetConnectivityHubLiteDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').nvaConnectivityHubLiteDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').monitoringDeploymentName)]", - "alz-prerequisites", "corpConnectedMoveLzs" ], "copy": { @@ -3314,7 +3225,6 @@ "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').vnetConnectivityHubLiteDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').nvaConnectivityHubLiteDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').monitoringDeploymentName)]", - "alz-prerequisites", "corpConnectedMoveLzs" ], "copy": { @@ -3364,7 +3274,6 @@ "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').vnetConnectivityHubLiteDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').nvaConnectivityHubLiteDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').monitoringDeploymentName)]", - "alz-prerequisites", "corpConnectedMoveLzs" ], "copy": { @@ -3414,7 +3323,6 @@ "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').vnetConnectivityHubLiteDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').nvaConnectivityHubLiteDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').monitoringDeploymentName)]", - "alz-prerequisites", "corpConnectedMoveLzs" ], "copy": { @@ -3464,7 +3372,6 @@ "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').vnetConnectivityHubLiteDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').nvaConnectivityHubLiteDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').monitoringDeploymentName)]", - "alz-prerequisites", "corpConnectedMoveLzs" ], "copy": { @@ -3514,7 +3421,6 @@ "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').vnetConnectivityHubLiteDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').nvaConnectivityHubLiteDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').monitoringDeploymentName)]", - "alz-prerequisites", "corpConnectedMoveLzs" ], "copy": { @@ -3564,7 +3470,6 @@ "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').vnetConnectivityHubLiteDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').nvaConnectivityHubLiteDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').monitoringDeploymentName)]", - "alz-prerequisites", "corpConnectedMoveLzs" ], "copy": { @@ -3614,7 +3519,6 @@ "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').vnetConnectivityHubLiteDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').nvaConnectivityHubLiteDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').monitoringDeploymentName)]", - "alz-prerequisites", "corpConnectedMoveLzs" ], "copy": { @@ -3664,7 +3568,6 @@ "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').vnetConnectivityHubLiteDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').nvaConnectivityHubLiteDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').monitoringDeploymentName)]", - "alz-prerequisites", "corpConnectedMoveLzs" ], "copy": { @@ -3714,7 +3617,6 @@ "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').vnetConnectivityHubLiteDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').nvaConnectivityHubLiteDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').monitoringDeploymentName)]", - "alz-prerequisites", "corpConnectedMoveLzs" ], "copy": { @@ -3764,7 +3666,6 @@ "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').vnetConnectivityHubLiteDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').nvaConnectivityHubLiteDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').monitoringDeploymentName)]", - "alz-prerequisites", "corpConnectedMoveLzs" ], "copy": { @@ -3814,7 +3715,6 @@ "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').vnetConnectivityHubLiteDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').nvaConnectivityHubLiteDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').monitoringDeploymentName)]", - "alz-prerequisites", "corpConnectedMoveLzs" ], "copy": { @@ -3864,7 +3764,6 @@ "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').vnetConnectivityHubLiteDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').nvaConnectivityHubLiteDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').monitoringDeploymentName)]", - "alz-prerequisites", "corpConnectedMoveLzs" ], "copy": { @@ -3914,7 +3813,6 @@ "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').vnetConnectivityHubLiteDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').nvaConnectivityHubLiteDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').monitoringDeploymentName)]", - "alz-prerequisites", "corpConnectedMoveLzs" ], "copy": { @@ -3964,7 +3862,6 @@ "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').vnetConnectivityHubLiteDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').nvaConnectivityHubLiteDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').monitoringDeploymentName)]", - "alz-prerequisites", "corpConnectedMoveLzs" ], "copy": { @@ -4014,7 +3911,6 @@ "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').vnetConnectivityHubLiteDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').nvaConnectivityHubLiteDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').monitoringDeploymentName)]", - "alz-prerequisites", "corpConnectedMoveLzs" ], "copy": { @@ -4064,7 +3960,6 @@ "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').vnetConnectivityHubLiteDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').nvaConnectivityHubLiteDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').monitoringDeploymentName)]", - "alz-prerequisites", "corpConnectedMoveLzs" ], "copy": { @@ -4114,7 +4009,6 @@ "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').vnetConnectivityHubLiteDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').nvaConnectivityHubLiteDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').monitoringDeploymentName)]", - "alz-prerequisites", "corpConnectedMoveLzs" ], "copy": { @@ -4167,7 +4061,6 @@ "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').vnetConnectivityHubLiteDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').nvaConnectivityHubLiteDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').monitoringDeploymentName)]", - "alz-prerequisites", "corpConnectedMoveLzs" ], "copy": { @@ -4217,7 +4110,6 @@ "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').vnetConnectivityHubLiteDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').nvaConnectivityHubLiteDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').monitoringDeploymentName)]", - "alz-prerequisites", "corpConnectedMoveLzs" ], "copy": { @@ -4267,7 +4159,6 @@ "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').vnetConnectivityHubLiteDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').nvaConnectivityHubLiteDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').monitoringDeploymentName)]", - "alz-prerequisites", "corpConnectedMoveLzs" ], "copy": { @@ -4317,7 +4208,6 @@ "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').vnetConnectivityHubLiteDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').nvaConnectivityHubLiteDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').monitoringDeploymentName)]", - "alz-prerequisites", "corpConnectedMoveLzs" ], "copy": { @@ -4367,7 +4257,6 @@ "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').vnetConnectivityHubLiteDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').nvaConnectivityHubLiteDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').monitoringDeploymentName)]", - "alz-prerequisites", "corpConnectedMoveLzs" ], "copy": { @@ -4417,7 +4306,6 @@ "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').vnetConnectivityHubLiteDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').nvaConnectivityHubLiteDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').monitoringDeploymentName)]", - "alz-prerequisites", "corpConnectedMoveLzs" ], "copy": { @@ -4467,7 +4355,6 @@ "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').vnetConnectivityHubLiteDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').nvaConnectivityHubLiteDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').monitoringDeploymentName)]", - "alz-prerequisites", "corpConnectedMoveLzs" ], "copy": { @@ -4708,7 +4595,7 @@ "scope": "[variables('scopes').eslzRootManagementGroup]", "location": "[deployment().location]", "dependsOn": [ - "alz-prerequisites" + "[variables('deploymentNames').initiativeDeploymentName]" ], "properties": { "mode": "Incremental", @@ -4732,7 +4619,7 @@ "scope": "[variables('scopes').eslzRootManagementGroup]", "location": "[deployment().location]", "dependsOn": [ - "alz-prerequisites" + "[variables('deploymentNames').initiativeDeploymentName]" ], "properties": { "mode": "Incremental", @@ -4756,7 +4643,7 @@ "scope": "[variables('scopes').eslzRootManagementGroup]", "location": "[deployment().location]", "dependsOn": [ - "alz-prerequisites" + "[variables('deploymentNames').initiativeDeploymentName]" ], "properties": { "mode": "Incremental", @@ -4780,7 +4667,7 @@ "scope": "[variables('scopes').eslzRootManagementGroup]", "location": "[deployment().location]", "dependsOn": [ - "alz-prerequisites" + "[variables('deploymentNames').initiativeDeploymentName]" ], "properties": { "mode": "Incremental", @@ -5091,7 +4978,7 @@ "scope": "[variables('scopes').eslzRootManagementGroup]", "location": "[deployment().location]", "dependsOn": [ - "alz-prerequisites" + "[variables('deploymentNames').initiativeDeploymentName]" ], "properties": { "mode": "Incremental", @@ -5161,7 +5048,7 @@ "scope": "[variables('scopes').platformManagementGroup]", "location": "[deployment().location]", "dependsOn": [ - "alz-prerequisites" + "[variables('deploymentNames').initiativeDeploymentName]" ], "properties": { "mode": "Incremental", @@ -5415,7 +5302,6 @@ "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').monitoringDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').identityPeeringDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').identityPeering2DeploymentName)]", - "alz-prerequisites", "corpConnectedMoveLzs" ], "location": "[deployment().location]", @@ -5479,7 +5365,6 @@ "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').identityPeeringDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').identityPeering2DeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').bastionPriDeploymentName)]", - "alz-prerequisites", "corpConnectedMoveLzs" ], "location": "[deployment().location]", @@ -5790,8 +5675,7 @@ "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').ddosDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').vnetConnectivityHubDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').vwanConnectivityHubDeploymentName)]", - "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').nvaConnectivityHubDeploymentName)]", - "alz-prerequisites" + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').nvaConnectivityHubDeploymentName)]" ], "location": "[deployment().location]", "properties": { @@ -5848,7 +5732,6 @@ "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').identityPeeringDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').identityPeering2DeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').vwanSidecarPriDeploymentName)]", - "alz-prerequisites", "corpConnectedMoveLzs" ], "location": "[deployment().location]", @@ -5913,7 +5796,6 @@ "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').identityPeering2DeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').vwanSidecarPriDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', concat('vwan-', variables('deploymentNames').bastionPriDeploymentName))]", - "alz-prerequisites", "corpConnectedMoveLzs" ], "location": "[deployment().location]", @@ -5968,8 +5850,7 @@ "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').ddosDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').vnetConnectivityHubDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').vwanConnectivityHubDeploymentName)]", - "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').nvaConnectivityHubDeploymentName)]", - "alz-prerequisites" + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').nvaConnectivityHubDeploymentName)]" ], "location": "[deployment().location]", "properties": { @@ -6026,7 +5907,6 @@ "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').identityPeeringDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').identityPeering2DeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').vwanSidecarSecDeploymentName)]", - "alz-prerequisites", "corpConnectedMoveLzs" ], "location": "[deployment().location]", @@ -6091,7 +5971,6 @@ "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').identityPeering2DeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').vwanSidecarSecDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', concat('vwan-', variables('deploymentNames').bastionSecDeploymentName))]", - "alz-prerequisites", "corpConnectedMoveLzs" ], "location": "[deployment().location]", @@ -6143,8 +6022,7 @@ "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').asbPolicyDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').ascPolicyDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').ascGovPolicyDeploymentName)]", - "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').ddosDeploymentName)]", - "alz-prerequisites" + "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').ddosDeploymentName)]" ], "location": "[deployment().location]", "properties": { @@ -6195,8 +6073,7 @@ "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').mgmtGroupDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').mgmtGroupLiteDeploymentName)]", "dnsZones", - "dnsZonesLite", - "alz-prerequisites" + "dnsZonesLite" ], "location": "[deployment().location]", "properties": { @@ -6624,7 +6501,6 @@ "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').monitoringDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').identityPeeringDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').identityPeering2DeploymentName)]", - "alz-prerequisites", "corpConnectedMoveLzs" ], "location": "[deployment().location]", @@ -6688,7 +6564,6 @@ "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').identityPeeringDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').identityPeering2DeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').bastionSecDeploymentName)]", - "alz-prerequisites", "corpConnectedMoveLzs" ], "location": "[deployment().location]", @@ -6968,8 +6843,7 @@ "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').mgmtGroupDeploymentName)]", "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').mgmtGroupLiteDeploymentName)]", "dnsZones", - "dnsZonesLite", - "alz-prerequisites" + "dnsZonesLite" ], "properties": { "mode": "Incremental", @@ -7261,7 +7135,7 @@ "scope": "[variables('scopes').platformManagementGroup]", "location": "[deployment().location]", "dependsOn": [ - "alz-prerequisites" + "[variables('deploymentNames').initiativeDeploymentName]" ], "properties": { "mode": "Incremental", @@ -7294,7 +7168,7 @@ "scope": "[variables('scopes').lzsManagementGroup]", "location": "[deployment().location]", "dependsOn": [ - "alz-prerequisites" + "[variables('deploymentNames').initiativeDeploymentName]" ], "properties": { "mode": "Incremental", @@ -7657,7 +7531,7 @@ "scope": "[variables('scopes').lzsManagementGroup]", "location": "[deployment().location]", "dependsOn": [ - "alz-prerequisites" + "[variables('deploymentNames').initiativeDeploymentName]" ], "properties": { "mode": "Incremental", @@ -7714,7 +7588,7 @@ "scope": "[variables('scopes').lzsManagementGroup]", "location": "[deployment().location]", "dependsOn": [ - "alz-prerequisites" + "[variables('deploymentNames').initiativeDeploymentName]" ], "properties": { "mode": "Incremental", @@ -7738,7 +7612,7 @@ "scope": "[variables('scopes').lzsManagementGroup]", "location": "[deployment().location]", "dependsOn": [ - "alz-prerequisites" + "[variables('deploymentNames').initiativeDeploymentName]" ], "properties": { "mode": "Incremental", @@ -7762,7 +7636,7 @@ "scope": "[variables('scopes').lzsManagementGroup]", "location": "[deployment().location]", "dependsOn": [ - "alz-prerequisites" + "[variables('deploymentNames').initiativeDeploymentName]" ], "properties": { "mode": "Incremental", @@ -7786,7 +7660,7 @@ "scope": "[variables('scopes').lzsManagementGroup]", "location": "[deployment().location]", "dependsOn": [ - "alz-prerequisites" + "[variables('deploymentNames').initiativeDeploymentName]" ], "properties": { "mode": "Incremental", @@ -7813,7 +7687,7 @@ "scope": "[variables('scopes').lzsManagementGroup]", "location": "[deployment().location]", "dependsOn": [ - "alz-prerequisites" + "[variables('deploymentNames').initiativeDeploymentName]" ], "properties": { "mode": "Incremental", @@ -7837,7 +7711,7 @@ "scope": "[variables('scopes').corpManagementGroup]", "location": "[deployment().location]", "dependsOn": [ - "alz-prerequisites" + "[variables('deploymentNames').initiativeDeploymentName]" ], "properties": { "mode": "Incremental", @@ -7864,7 +7738,7 @@ "scope": "[variables('scopes').corpManagementGroup]", "location": "[deployment().location]", "dependsOn": [ - "alz-prerequisites" + "[variables('deploymentNames').initiativeDeploymentName]" ], "properties": { "mode": "Incremental", @@ -7888,7 +7762,7 @@ "scope": "[variables('scopes').lzsManagementGroup]", "location": "[deployment().location]", "dependsOn": [ - "alz-prerequisites" + "[variables('deploymentNames').initiativeDeploymentName]" ], "properties": { "mode": "Incremental", @@ -7914,7 +7788,7 @@ "scope": "[variables('scopes').platformManagementGroup]", "location": "[deployment().location]", "dependsOn": [ - "alz-prerequisites" + "[variables('deploymentNames').initiativeDeploymentName]" ], "properties": { "mode": "Incremental", @@ -7940,7 +7814,7 @@ "scope": "[variables('scopes').lzsManagementGroup]", "location": "[deployment().location]", "dependsOn": [ - "alz-prerequisites" + "[variables('deploymentNames').initiativeDeploymentName]" ], "properties": { "mode": "Incremental", @@ -7967,7 +7841,7 @@ "scope": "[variables('scopes').lzsManagementGroup]", "location": "[deployment().location]", "dependsOn": [ - "alz-prerequisites" + "[variables('deploymentNames').initiativeDeploymentName]" ], "properties": { "mode": "Incremental", @@ -7991,7 +7865,7 @@ "scope": "[variables('scopes').lzsManagementGroup]", "location": "[deployment().location]", "dependsOn": [ - "alz-prerequisites" + "[variables('deploymentNames').initiativeDeploymentName]" ], "properties": { "mode": "Incremental", @@ -8018,7 +7892,7 @@ "scope": "[variables('scopes').platformManagementGroup]", "location": "[deployment().location]", "dependsOn": [ - "alz-prerequisites" + "[variables('deploymentNames').initiativeDeploymentName]" ], "properties": { "mode": "Incremental", @@ -8045,7 +7919,7 @@ "scope": "[variables('scopes').lzsManagementGroup]", "location": "[deployment().location]", "dependsOn": [ - "alz-prerequisites" + "[variables('deploymentNames').initiativeDeploymentName]" ], "properties": { "mode": "Incremental", @@ -8072,7 +7946,7 @@ "scope": "[variables('scopes').platformManagementGroup]", "location": "[deployment().location]", "dependsOn": [ - "alz-prerequisites" + "[variables('deploymentNames').initiativeDeploymentName]" ], "properties": { "mode": "Incremental", @@ -8099,7 +7973,7 @@ "scope": "[variables('scopes').platformManagementGroup]", "location": "[deployment().location]", "dependsOn": [ - "alz-prerequisites" + "[variables('deploymentNames').initiativeDeploymentName]" ], "properties": { "mode": "Incremental", @@ -8129,7 +8003,7 @@ "scope": "[variables('scopes').lzsManagementGroup]", "location": "[deployment().location]", "dependsOn": [ - "alz-prerequisites" + "[variables('deploymentNames').initiativeDeploymentName]" ], "properties": { "mode": "Incremental", @@ -8159,7 +8033,7 @@ "scope": "[variables('scopes').corpManagementGroup]", "location": "[deployment().location]", "dependsOn": [ - "alz-prerequisites" + "[variables('deploymentNames').initiativeDeploymentName]" ], "properties": { "mode": "Incremental", @@ -8183,7 +8057,7 @@ "scope": "[variables('scopes').corpManagementGroup]", "location": "[deployment().location]", "dependsOn": [ - "alz-prerequisites" + "[variables('deploymentNames').initiativeDeploymentName]" ], "properties": { "mode": "Incremental", @@ -8213,7 +8087,7 @@ "scope": "[variables('scopes').lzsManagementGroup]", "location": "[deployment().location]", "dependsOn": [ - "alz-prerequisites" + "[variables('deploymentNames').initiativeDeploymentName]" ], "properties": { "mode": "Incremental", @@ -8237,7 +8111,7 @@ "scope": "[variables('scopes').eslzRootManagementGroup]", "location": "[deployment().location]", "dependsOn": [ - "alz-prerequisites" + "[variables('deploymentNames').initiativeDeploymentName]" ], "properties": { "mode": "Incremental", @@ -8264,7 +8138,7 @@ "scope": "[variables('scopes').lzsManagementGroup]", "location": "[deployment().location]", "dependsOn": [ - "alz-prerequisites" + "[variables('deploymentNames').initiativeDeploymentName]" ], "properties": { "mode": "Incremental", @@ -8384,7 +8258,7 @@ "scope": "[variables('scopes').lzsManagementGroup]", "location": "[deployment().location]", "dependsOn": [ - "alz-prerequisites" + "[variables('deploymentNames').initiativeDeploymentName]" ], "properties": { "mode": "Incremental", @@ -8411,7 +8285,7 @@ "scope": "[variables('scopes').lzsManagementGroup]", "location": "[deployment().location]", "dependsOn": [ - "alz-prerequisites" + "[variables('deploymentNames').initiativeDeploymentName]" ], "properties": { "mode": "Incremental", @@ -8438,7 +8312,7 @@ "scope": "[variables('scopes').decommissionedManagementGroup]", "location": "[deployment().location]", "dependsOn": [ - "alz-prerequisites" + "[variables('deploymentNames').initiativeDeploymentName]" ], "properties": { "mode": "Incremental", @@ -8465,7 +8339,7 @@ "scope": "[variables('scopes').sandboxManagementGroup]", "location": "[deployment().location]", "dependsOn": [ - "alz-prerequisites" + "[variables('deploymentNames').initiativeDeploymentName]" ], "properties": { "mode": "Incremental", @@ -8495,7 +8369,7 @@ "scope": "[variables('scopes').identityManagementGroup]", "location": "[deployment().location]", "dependsOn": [ - "alz-prerequisites" + "[variables('deploymentNames').initiativeDeploymentName]" ], "properties": { "mode": "Incremental", @@ -8522,7 +8396,6 @@ "scope": "[variables('scopes').identityManagementGroup]", "location": "[deployment().location]", "dependsOn": [ - "alz-prerequisites", "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').identitySubscriptionPlacement)]" ], "properties": { @@ -8547,7 +8420,6 @@ "scope": "[variables('scopes').identityManagementGroup]", "location": "[deployment().location]", "dependsOn": [ - "alz-prerequisites", "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').identitySubscriptionPlacement)]" ], "properties": { @@ -8575,7 +8447,6 @@ "scope": "[variables('scopes').identityManagementGroup]", "location": "[deployment().location]", "dependsOn": [ - "alz-prerequisites", "[resourceId('Microsoft.Resources/deployments', variables('deploymentNames').identitySubscriptionPlacement)]" ], "properties": { @@ -9071,8 +8942,7 @@ "location": "[deployment().location]", "subscriptionId": "[parameters('singlePlatformSubscriptionId')]", "dependsOn": [ - "[resourceId('Microsoft.Resources/deployments', variables('esliteDeploymentNames').platformLiteSubscriptionPlacement)]", - "alz-prerequisites" + "[resourceId('Microsoft.Resources/deployments', variables('esliteDeploymentNames').platformLiteSubscriptionPlacement)]" ], "properties": { "mode": "Incremental", @@ -10176,7 +10046,6 @@ "scope": "[variables('scopes').platformManagementGroup]", "location": "[deployment().location]", "dependsOn": [ - "alz-prerequisites", "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').platformLiteSubscriptionPlacement)]" ], "properties": { @@ -10207,7 +10076,6 @@ "scope": "[variables('scopes').platformManagementGroup]", "location": "[deployment().location]", "dependsOn": [ - "alz-prerequisites", "[resourceId('Microsoft.Resources/deployments', variables('esLiteDeploymentNames').platformLiteSubscriptionPlacement)]" ], "properties": { diff --git a/eslzArm/managementGroupTemplates/policyAssignments/AUDIT-AppGwWafPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/AUDIT-AppGwWafPolicyAssignment.json index 36c7c180dc..d94b726768 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/AUDIT-AppGwWafPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/AUDIT-AppGwWafPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "policyEffect": { @@ -40,8 +41,8 @@ "DoNotEnforce": "should" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2024-04-01", "name": "[variables('policyAssignmentNames').auditWAF]", @@ -61,8 +62,12 @@ "value": "[parameters('policyEffect')]" } } + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } } - ], + }, "outputs": {} -} \ No newline at end of file +} diff --git a/eslzArm/managementGroupTemplates/policyAssignments/AUDIT-PeDnsZonesPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/AUDIT-PeDnsZonesPolicyAssignment.json index dde016064b..db61bb0d75 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/AUDIT-PeDnsZonesPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/AUDIT-PeDnsZonesPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -118,8 +119,8 @@ "DoNotEnforce": "should" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2022-06-01", "name": "[variables('policyAssignmentNames').auditPeDnsZones]", @@ -141,8 +142,12 @@ "value": "[parameters('policyEffect')]" } } + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } } - ], + }, "outputs": {} } diff --git a/eslzArm/managementGroupTemplates/policyAssignments/AUDIT-ResourceRGLocationPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/AUDIT-ResourceRGLocationPolicyAssignment.json index 3474eb30b8..f0453ce161 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/AUDIT-ResourceRGLocationPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/AUDIT-ResourceRGLocationPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "enforcementMode": { @@ -31,8 +32,8 @@ "DoNotEnforce": "should" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2024-04-01", "name": "[variables('policyAssignmentNames').auditRGL]", @@ -47,10 +48,13 @@ "message": "[replace(variables('nonComplianceMessage').message, parameters('nonComplianceMessagePlaceholder'), variables('nonComplianceMessage')[parameters('enforcementMode')])]" } ], - "parameters": { - } + "parameters": {} + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } } - ], + }, "outputs": {} -} \ No newline at end of file +} diff --git a/eslzArm/managementGroupTemplates/policyAssignments/AUDIT-TrustedLaunchPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/AUDIT-TrustedLaunchPolicyAssignment.json index 84865cd0de..93806a4d86 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/AUDIT-TrustedLaunchPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/AUDIT-TrustedLaunchPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -26,7 +27,7 @@ "Disabled", "Audit" ], - "defaultValue": "Audit" + "defaultValue": "Audit" } }, "variables": { @@ -44,8 +45,8 @@ "DoNotEnforce": "should" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2022-06-01", "name": "[variables('policyAssignmentNames').trustedLaunch]", @@ -65,8 +66,12 @@ "value": "[parameters('effect')]" } } + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } } - ], + }, "outputs": {} } diff --git a/eslzArm/managementGroupTemplates/policyAssignments/AUDIT-UnusedResourcesPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/AUDIT-UnusedResourcesPolicyAssignment.json index 98b49a5a33..cf29e0f565 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/AUDIT-UnusedResourcesPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/AUDIT-UnusedResourcesPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -26,7 +27,7 @@ "Disabled", "Audit" ], - "defaultValue": "Audit" + "defaultValue": "Audit" }, "effectPublicIpAddresses": { "type": "string", @@ -34,7 +35,7 @@ "Disabled", "Audit" ], - "defaultValue": "Audit" + "defaultValue": "Audit" }, "effectServerFarms": { "type": "string", @@ -42,7 +43,7 @@ "Disabled", "Audit" ], - "defaultValue": "Audit" + "defaultValue": "Audit" } }, "variables": { @@ -60,8 +61,8 @@ "DoNotEnforce": "should" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2022-06-01", "name": "[variables('policyAssignmentNames').costOptimization]", @@ -87,8 +88,12 @@ "value": "[parameters('effectServerFarms')]" } } + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } } - ], + }, "outputs": {} } diff --git a/eslzArm/managementGroupTemplates/policyAssignments/AUDIT-ZoneResilientPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/AUDIT-ZoneResilientPolicyAssignment.json index 7253927318..eeb725b7a1 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/AUDIT-ZoneResilientPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/AUDIT-ZoneResilientPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "effect": { @@ -49,8 +50,8 @@ "DoNotEnforce": "should" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2024-04-01", "name": "[variables('policyAssignmentNames').auditZR]", @@ -73,8 +74,12 @@ "value": "[parameters('allow')]" } } + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } } - ], + }, "outputs": {} -} \ No newline at end of file +} diff --git a/eslzArm/managementGroupTemplates/policyAssignments/DENY-AksPrivEscalationPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/DENY-AksPrivEscalationPolicyAssignment.json index 83025c99d9..1eaaba5431 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/DENY-AksPrivEscalationPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/DENY-AksPrivEscalationPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "enforcementMode": { @@ -22,8 +23,8 @@ "displayName": "Kubernetes clusters should not allow container privilege escalation" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2024-04-01", "name": "[variables('policyAssignmentNames').denyAksNoPrivEsc]", @@ -38,8 +39,12 @@ "value": "Deny" } } + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } } - ], + }, "outputs": {} -} \ No newline at end of file +} diff --git a/eslzArm/managementGroupTemplates/policyAssignments/DENY-AksPrivilegedPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/DENY-AksPrivilegedPolicyAssignment.json index 5ee290a31d..8e37ae77bd 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/DENY-AksPrivilegedPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/DENY-AksPrivilegedPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/tenantDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "enforcementMode": { @@ -22,8 +23,8 @@ "displayName": "Kubernetes cluster should not allow privileged containers" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2024-04-01", "name": "[variables('policyAssignmentNames').denyAksPriv]", @@ -38,8 +39,12 @@ "value": "Deny" } } + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } } - ], + }, "outputs": {} } diff --git a/eslzArm/managementGroupTemplates/policyAssignments/DENY-AksWithoutHttpsPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/DENY-AksWithoutHttpsPolicyAssignment.json index 495f9b53db..2345f4abbf 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/DENY-AksWithoutHttpsPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/DENY-AksWithoutHttpsPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "enforcementMode": { @@ -22,8 +23,8 @@ "displayName": "Kubernetes clusters should be accessible only over HTTPS" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2024-04-01", "name": "[variables('policyAssignmentNames').denyHttpIngressAks]", @@ -38,8 +39,12 @@ "value": "Deny" } } + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } } - ], + }, "outputs": {} -} \ No newline at end of file +} diff --git a/eslzArm/managementGroupTemplates/policyAssignments/DENY-ClassicResourceTypesPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/DENY-ClassicResourceTypesPolicyAssignment.json index 26961652bf..226cd8ac00 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/DENY-ClassicResourceTypesPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/DENY-ClassicResourceTypesPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "policyEffect": { @@ -39,8 +40,8 @@ "DoNotEnforce": "should" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2024-04-01", "name": "[variables('policyAssignmentNames').denyClassicResources]", @@ -121,8 +122,12 @@ "value": "[parameters('policyEffect')]" } } + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } } - ], + }, "outputs": {} -} \ No newline at end of file +} diff --git a/eslzArm/managementGroupTemplates/policyAssignments/DENY-DINE-APPEND-TLS-SSL-PolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/DENY-DINE-APPEND-TLS-SSL-PolicyAssignment.json index c164388d1d..4100a9e569 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/DENY-DINE-APPEND-TLS-SSL-PolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/DENY-DINE-APPEND-TLS-SSL-PolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -40,8 +41,8 @@ "deployEncryptionInTransit": "[guid(concat(parameters('topLevelManagementGroupPrefix'),variables('policyAssignmentNames').deployEncryptionInTransit))]" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2022-06-01", "name": "[variables('policyAssignmentNames').deployEncryptionInTransit]", @@ -60,14 +61,18 @@ } ], "parameters": {} + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } }, - { + "roleAssignment": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2019-04-01-preview", "name": "[variables('roleAssignmentNames').deployEncryptionInTransit]", "dependsOn": [ - "[resourceId('Microsoft.Authorization/policyAssignments', variables('policyAssignmentNames').deployEncryptionInTransit)]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -75,6 +80,6 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').deployEncryptionInTransit), '2019-09-01', 'Full' ).identity.principalId)]" } } - ], + }, "outputs": {} -} \ No newline at end of file +} diff --git a/eslzArm/managementGroupTemplates/policyAssignments/DENY-HybridNetworkingPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/DENY-HybridNetworkingPolicyAssignment.json index def5fe2d27..e8c8d7d9cb 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/DENY-HybridNetworkingPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/DENY-HybridNetworkingPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "policyEffect": { @@ -39,8 +40,8 @@ "DoNotEnforce": "should" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2024-04-01", "name": "[variables('policyAssignmentNames').denyHybridNetworking]", @@ -60,11 +61,11 @@ "value": [ "microsoft.network/expressroutecircuits", "microsoft.network/expressroutegateways", - "microsoft.network/expressrouteports", + "microsoft.network/expressrouteports", "microsoft.network/virtualwans", "microsoft.network/virtualhubs", "microsoft.network/vpngateways", - "microsoft.network/p2svpngateways", + "microsoft.network/p2svpngateways", "microsoft.network/vpnsites", "microsoft.network/virtualnetworkgateways" ] @@ -73,8 +74,12 @@ "value": "[parameters('policyEffect')]" } } + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } } - ], + }, "outputs": {} -} \ No newline at end of file +} diff --git a/eslzArm/managementGroupTemplates/policyAssignments/DENY-IPForwardingPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/DENY-IPForwardingPolicyAssignment.json index 40aa9beacc..b9a084e754 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/DENY-IPForwardingPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/DENY-IPForwardingPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "enforcementMode": { @@ -19,20 +20,20 @@ "policyDefinitions": { "denyIpForwarding": "/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900", "policyVersion": "1.*.*" - }, + }, "policyAssignmentNames": { "denyIpForwarding": "Deny-IP-forwarding", "description": "This policy denies the network interfaces which enabled IP forwarding. The setting of IP forwarding disables Azure's check of the source and destination for a network interface. This should be reviewed by the network security team.", "displayName": "Network interfaces should disable IP forwarding" - }, - "nonComplianceMessage": { - "message": "Network interfaces {enforcementMode} disable IP forwarding.", - "Default": "must", - "DoNotEnforce": "should" - } + }, + "nonComplianceMessage": { + "message": "Network interfaces {enforcementMode} disable IP forwarding.", + "Default": "must", + "DoNotEnforce": "should" + } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2024-04-01", "name": "[variables('policyAssignmentNames').denyIpForwarding]", @@ -47,8 +48,12 @@ ], "policyDefinitionId": "[variables('policyDefinitions').denyIpForwarding]", "definitionVersion": "[variables('policyDefinitions').policyVersion]" + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } - } - ], + } + }, "outputs": {} -} \ No newline at end of file +} diff --git a/eslzArm/managementGroupTemplates/policyAssignments/DENY-MgmtPortsFromInternetPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/DENY-MgmtPortsFromInternetPolicyAssignment.json index a031ef4c24..1c68299127 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/DENY-MgmtPortsFromInternetPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/DENY-MgmtPortsFromInternetPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/tenantDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -24,7 +25,7 @@ "variables": { "policyDefinitions": { "denyMgmt": "[concat('/providers/Microsoft.Management/managementGroups/', parameters('topLevelManagementGroupPrefix'), '/providers/Microsoft.Authorization/policyDefinitions/Deny-MgmtPorts-From-Internet')]" - }, + }, "policyAssignmentNames": { "denyMgmt": "Deny-MgmtPorts-Internet", "description": "This policy denies any network security rule that allows management port access from the Internet", @@ -36,8 +37,8 @@ "DoNotEnforce": "should" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2022-06-01", "name": "[variables('policyAssignmentNames').denyMgmt]", @@ -51,8 +52,12 @@ "message": "[replace(variables('nonComplianceMessage').message, parameters('nonComplianceMessagePlaceholder'), variables('nonComplianceMessage')[parameters('enforcementMode')])]" } ] + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } } - ], + }, "outputs": {} } diff --git a/eslzArm/managementGroupTemplates/policyAssignments/DENY-PublicEndpointPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/DENY-PublicEndpointPolicyAssignment.json index f2888167ea..1ad7a0719b 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/DENY-PublicEndpointPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/DENY-PublicEndpointPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -36,8 +37,8 @@ "DoNotEnforce": "should" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2022-06-01", "name": "[variables('policyAssignmentNames').denyPublicEndpoint]", @@ -53,8 +54,12 @@ } ], "parameters": {} + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } } - ], + }, "outputs": {} -} \ No newline at end of file +} diff --git a/eslzArm/managementGroupTemplates/policyAssignments/DENY-PublicIpAddressOnNICPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/DENY-PublicIpAddressOnNICPolicyAssignment.json index 9d1b8025ff..bb23045c18 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/DENY-PublicIpAddressOnNICPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/DENY-PublicIpAddressOnNICPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "enforcementMode": { @@ -31,8 +32,8 @@ "DoNotEnforce": "should" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2024-04-01", "name": "[variables('policyAssignmentNames').denyPipOnNic]", @@ -47,8 +48,12 @@ "message": "[replace(variables('nonComplianceMessage').message, parameters('nonComplianceMessagePlaceholder'), variables('nonComplianceMessage')[parameters('enforcementMode')])]" } ] + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } } - ], + }, "outputs": {} -} \ No newline at end of file +} diff --git a/eslzArm/managementGroupTemplates/policyAssignments/DENY-PublicIpAddressPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/DENY-PublicIpAddressPolicyAssignment.json index ced5859da6..e86ebc18fa 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/DENY-PublicIpAddressPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/DENY-PublicIpAddressPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "enforcementMode": { @@ -31,8 +32,8 @@ "DoNotEnforce": "should" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2024-04-01", "name": "[variables('policyAssignmentNames').denyPip]", @@ -57,8 +58,12 @@ "value": "Deny" } } + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } } - ], + }, "outputs": {} -} \ No newline at end of file +} diff --git a/eslzArm/managementGroupTemplates/policyAssignments/DENY-StorageWithoutHttpsPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/DENY-StorageWithoutHttpsPolicyAssignment.json index 294ede5650..55f32edc67 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/DENY-StorageWithoutHttpsPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/DENY-StorageWithoutHttpsPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "enforcementMode": { @@ -31,8 +32,8 @@ "DoNotEnforce": "should" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2024-04-01", "name": "[variables('policyAssignmentNames').storageHttps]", @@ -52,8 +53,12 @@ "value": "Deny" } } + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } } - ], + }, "outputs": {} -} \ No newline at end of file +} diff --git a/eslzArm/managementGroupTemplates/policyAssignments/DENY-SubnetWithoutNsgPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/DENY-SubnetWithoutNsgPolicyAssignment.json index 6efd4174d0..7d920873fc 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/DENY-SubnetWithoutNsgPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/DENY-SubnetWithoutNsgPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -24,20 +25,20 @@ "variables": { "policyDefinitions": { "denySubnetWithoutNsg": "[concat('/providers/Microsoft.Management/managementGroups/', parameters('topLevelManagementGroupPrefix'), '/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg')]" - }, + }, "policyAssignmentNames": { "denySubnetWithoutNsg": "Deny-Subnet-Without-Nsg", "description": "This policy denies the creation of a subnet without a Network Security Group to protect traffic across subnets.", "displayName": "Subnets should have a Network Security Group" - }, - "nonComplianceMessage": { - "message": "Subnets {enforcementMode} have a Network Security Group.", - "Default": "must", - "DoNotEnforce": "should" - } + }, + "nonComplianceMessage": { + "message": "Subnets {enforcementMode} have a Network Security Group.", + "Default": "must", + "DoNotEnforce": "should" + } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2022-06-01", "name": "[variables('policyAssignmentNames').denySubnetWithoutNsg]", @@ -51,8 +52,12 @@ "message": "[replace(variables('nonComplianceMessage').message, parameters('nonComplianceMessagePlaceholder'), variables('nonComplianceMessage')[parameters('enforcementMode')])]" } ] + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } - } - ], + } + }, "outputs": {} -} \ No newline at end of file +} diff --git a/eslzArm/managementGroupTemplates/policyAssignments/DENY-VMUnmanagedDiskPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/DENY-VMUnmanagedDiskPolicyAssignment.json index 19b6e272a7..0ec21ba6bd 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/DENY-VMUnmanagedDiskPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/DENY-VMUnmanagedDiskPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/tenantDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "enforcementMode": { @@ -31,8 +32,8 @@ "DoNotEnforce": "should" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2024-04-01", "name": "[variables('policyAssignmentNames').denyVMUnmanagedDisk]", @@ -47,14 +48,18 @@ "message": "[replace(variables('nonComplianceMessage').message, parameters('nonComplianceMessagePlaceholder'), variables('nonComplianceMessage')[parameters('enforcementMode')])]" } ], - "overrides":[ + "overrides": [ { "kind": "policyEffect", "value": "Deny" } ] + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } } - ], + }, "outputs": {} -} \ No newline at end of file +} diff --git a/eslzArm/managementGroupTemplates/policyAssignments/DENYACTION-DeleteUAMIAMAPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/DENYACTION-DeleteUAMIAMAPolicyAssignment.json index 31875c0798..4d165c3e21 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/DENYACTION-DeleteUAMIAMAPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/DENYACTION-DeleteUAMIAMAPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -47,8 +48,8 @@ "displayName": "Do not allow deletion of the User Assigned Managed Identity used by AMA" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2022-06-01", "name": "[variables('policyAssignmentNames').denyActionResourceDeletion]", @@ -68,8 +69,12 @@ "value": "[parameters('resourceType')]" } } + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } } - ], + }, "outputs": {} -} \ No newline at end of file +} diff --git a/eslzArm/managementGroupTemplates/policyAssignments/DINE-ASB2PolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/DINE-ASB2PolicyAssignment.json index 03fdd933fb..437235e3a0 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/DINE-ASB2PolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/DINE-ASB2PolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "enforcementMode": { @@ -45,9 +46,9 @@ "roleAssignmentNameNetworkContributor": "[guid(concat(parameters('toplevelManagementGroupPrefix'),variables('policyAssignmentNames').ascMonitoring,'-2'))]", "roleAssignmentNameCognitiveContributor": "[guid(concat(parameters('toplevelManagementGroupPrefix'),variables('policyAssignmentNames').ascMonitoring,'-3'))]" } - }, - "resources": [ - { + }, + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2024-04-01", "name": "[variables('policyAssignmentNames').ascMonitoring]", @@ -67,14 +68,18 @@ } ], "parameters": {} + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } }, - { + "roleAssignment1": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", "name": "[variables('roleAssignmentNames').roleAssignmentNameCognitiveOAIContributor]", "dependsOn": [ - "[variables('policyAssignmentNames').ascMonitoring]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -82,12 +87,12 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').ascMonitoring), '2019-09-01', 'Full' ).identity.principalId)]" } }, - { + "roleAssignment2": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", "name": "[variables('roleAssignmentNames').roleAssignmentNameNetworkContributor]", "dependsOn": [ - "[variables('policyAssignmentNames').ascMonitoring]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -95,12 +100,12 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').ascMonitoring), '2019-09-01', 'Full' ).identity.principalId)]" } }, - { + "roleAssignment3": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", "name": "[variables('roleAssignmentNames').roleAssignmentNameCognitiveContributor]", "dependsOn": [ - "[variables('policyAssignmentNames').ascMonitoring]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -108,6 +113,6 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').ascMonitoring), '2019-09-01', 'Full' ).identity.principalId)]" } } - ], + }, "outputs": {} -} \ No newline at end of file +} diff --git a/eslzArm/managementGroupTemplates/policyAssignments/DINE-ASBPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/DINE-ASBPolicyAssignment.json index 7ebe339e86..9cc4240bd1 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/DINE-ASBPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/DINE-ASBPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "enforcementMode": { @@ -30,9 +31,9 @@ "Default": "must", "DoNotEnforce": "should" } - }, - "resources": [ - { + }, + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2024-04-01", "name": "[variables('policyAssignmentNames').ascMonitoring]", @@ -52,8 +53,12 @@ } ], "parameters": {} + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } } - ], + }, "outputs": {} -} \ No newline at end of file +} diff --git a/eslzArm/managementGroupTemplates/policyAssignments/DINE-ActivityLogPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/DINE-ActivityLogPolicyAssignment.json index c33dd3b600..009e34cf3a 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/DINE-ActivityLogPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/DINE-ActivityLogPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -49,8 +50,8 @@ "roleAssignmentNameMonitoringContributor": "[guid(concat(parameters('toplevelManagementGroupPrefix'),variables('policyAssignmentNames').azureActivityLog,'-2'))]" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2024-04-01", "name": "[variables('policyAssignmentNames').azureActivityLog]", @@ -77,14 +78,18 @@ "value": "True" } } + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } }, - { + "roleAssignment1": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2019-04-01-preview", "name": "[variables('roleAssignmentNames').roleAssignmentNameLogAnalyticsContributor]", "dependsOn": [ - "[variables('policyAssignmentNames').azureActivityLog]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -92,12 +97,12 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').azureActivityLog), '2019-09-01', 'Full' ).identity.principalId)]" } }, - { + "roleAssignment2": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2019-04-01-preview", "name": "[variables('roleAssignmentNames').roleAssignmentNameMonitoringContributor]", "dependsOn": [ - "[variables('policyAssignmentNames').azureActivityLog]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -105,6 +110,6 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').azureActivityLog), '2019-09-01', 'Full' ).identity.principalId)]" } } - ], + }, "outputs": {} -} \ No newline at end of file +} diff --git a/eslzArm/managementGroupTemplates/policyAssignments/DINE-AtpOssDbPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/DINE-AtpOssDbPolicyAssignment.json index dcbe777f2f..b05739def1 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/DINE-AtpOssDbPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/DINE-AtpOssDbPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -39,10 +40,10 @@ "rbacContributor": "b24988ac-6180-42a0-ab88-20f7382dd24c", "roleAssignmentNames": { "deployAtpOssRoles": "[guid(concat(parameters('topLevelManagementGroupPrefix'), variables('policyAssignmentNames').DineAtpOssDb))]" - } + } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2024-04-01", "name": "[variables('policyAssignmentNames').DineAtpOssDb]", @@ -62,14 +63,18 @@ } ], "parameters": {} + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } }, - { + "roleAssignment": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2019-04-01-preview", "name": "[variables('roleAssignmentNames').deployAtpOssRoles]", "dependsOn": [ - "[variables('policyAssignmentNames').DineAtpOssDb]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -77,6 +82,6 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').DineAtpOssDb), '2019-09-01', 'Full' ).identity.principalId)]" } } - ], + }, "outputs": {} -} \ No newline at end of file +} diff --git a/eslzArm/managementGroupTemplates/policyAssignments/DINE-AtpSqlDbPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/DINE-AtpSqlDbPolicyAssignment.json index 7ad2013d93..a3e88ba677 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/DINE-AtpSqlDbPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/DINE-AtpSqlDbPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -39,10 +40,10 @@ "rbacSqlSecurityManager": "056cd41c-7e88-42e1-933e-88ba6a50c9c3", "roleAssignmentNames": { "deployAtpSqlRoles": "[guid(concat(parameters('topLevelManagementGroupPrefix'), variables('policyAssignmentNames').DineAtpSqlDb))]" - } + } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2024-04-01", "name": "[variables('policyAssignmentNames').DineAtpSqlDb]", @@ -62,14 +63,18 @@ } ], "parameters": {} + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } }, - { + "roleAssignment": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2019-04-01-preview", "name": "[variables('roleAssignmentNames').deployAtpSqlRoles]", "dependsOn": [ - "[variables('policyAssignmentNames').DineAtpSqlDb]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -77,6 +82,6 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').DineAtpSqlDb), '2019-09-01', 'Full' ).identity.principalId)]" } } - ], + }, "outputs": {} -} \ No newline at end of file +} diff --git a/eslzArm/managementGroupTemplates/policyAssignments/DINE-ChangeTrackingVMArcPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/DINE-ChangeTrackingVMArcPolicyAssignment.json index 0ced04dfff..2b1c271a9c 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/DINE-ChangeTrackingVMArcPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/DINE-ChangeTrackingVMArcPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -78,8 +79,8 @@ "roleAssignmentNameReader": "[guid(concat(parameters('toplevelManagementGroupPrefix'),variables('policyAssignmentNames').vmArcChangeTracking,'-3',parameters('scope')))]" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2024-04-01", "name": "[variables('policyAssignmentNames').vmArcChangeTracking]", @@ -106,14 +107,18 @@ "value": "[parameters('effect')]" } } + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } }, - { + "roleAssignment1": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", "name": "[variables('roleAssignmentNames').roleAssignmentNameLogAnalyticsContributor]", "dependsOn": [ - "[variables('policyAssignmentNames').vmArcChangeTracking]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -121,12 +126,12 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').vmArcChangeTracking), '2019-09-01', 'Full' ).identity.principalId)]" } }, - { + "roleAssignment2": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", "name": "[variables('roleAssignmentNames').roleAssignmentNameMonitoringContributor]", "dependsOn": [ - "[variables('policyAssignmentNames').vmArcChangeTracking]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -134,14 +139,14 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').vmArcChangeTracking), '2019-09-01', 'Full' ).identity.principalId)]" } }, - { + "roleAssignment3": { "condition": "[not(equals(parameters('platformScope'), parameters('scope')))]", "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", "name": "[variables('roleAssignmentNames').roleAssignmentNameReader]", "scope": "[parameters('platformScope')]", "dependsOn": [ - "[variables('policyAssignmentNames').vmArcChangeTracking]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -149,6 +154,6 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').vmArcChangeTracking), '2019-09-01', 'Full' ).identity.principalId)]" } } - ], + }, "outputs": {} -} \ No newline at end of file +} diff --git a/eslzArm/managementGroupTemplates/policyAssignments/DINE-ChangeTrackingVMPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/DINE-ChangeTrackingVMPolicyAssignment.json index 4ebfffb655..204cb94c2e 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/DINE-ChangeTrackingVMPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/DINE-ChangeTrackingVMPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -103,8 +104,8 @@ "roleAssignmentNamePlatformManagedIdentityOperator": "[guid(concat(parameters('toplevelManagementGroupPrefix'),variables('policyAssignmentNames').vmChangeTracking,'-6',parameters('scope')))]" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2024-04-01", "name": "[variables('policyAssignmentNames').vmChangeTracking]", @@ -140,14 +141,18 @@ "value": "[parameters('effect')]" } } + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } }, - { + "roleAssignment1": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", "name": "[variables('roleAssignmentNames').roleAssignmentNameLogAnalyticsContributor]", "dependsOn": [ - "[variables('policyAssignmentNames').vmChangeTracking]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -155,12 +160,12 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').vmChangeTracking), '2019-09-01', 'Full' ).identity.principalId)]" } }, - { + "roleAssignment2": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", "name": "[variables('roleAssignmentNames').roleAssignmentNameVmContributor]", "dependsOn": [ - "[variables('policyAssignmentNames').vmChangeTracking]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -168,12 +173,12 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').vmChangeTracking), '2019-09-01', 'Full' ).identity.principalId)]" } }, - { + "roleAssignment3": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", "name": "[variables('roleAssignmentNames').roleAssignmentNameMonitoringContributor]", "dependsOn": [ - "[variables('policyAssignmentNames').vmChangeTracking]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -181,12 +186,12 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').vmChangeTracking), '2019-09-01', 'Full' ).identity.principalId)]" } }, - { + "roleAssignment4": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", "name": "[variables('roleAssignmentNames').roleAssignmentNameManagedIdentityOperator]", "dependsOn": [ - "[variables('policyAssignmentNames').vmChangeTracking]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -194,14 +199,14 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').vmChangeTracking), '2019-09-01', 'Full' ).identity.principalId)]" } }, - { + "roleAssignment5": { "condition": "[not(equals(parameters('platformScope'), parameters('scope')))]", "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", "name": "[variables('roleAssignmentNames').roleAssignmentNameReader]", "scope": "[parameters('platformScope')]", "dependsOn": [ - "[variables('policyAssignmentNames').vmChangeTracking]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -209,14 +214,14 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').vmChangeTracking), '2019-09-01', 'Full' ).identity.principalId)]" } }, - { + "roleAssignment6": { "condition": "[not(equals(parameters('platformScope'), parameters('scope')))]", "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", "name": "[variables('roleAssignmentNames').roleAssignmentNamePlatformManagedIdentityOperator]", "scope": "[parameters('platformScope')]", "dependsOn": [ - "[variables('policyAssignmentNames').vmChangeTracking]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -224,6 +229,6 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').vmChangeTracking), '2019-09-01', 'Full' ).identity.principalId)]" } } - ], + }, "outputs": {} } diff --git a/eslzArm/managementGroupTemplates/policyAssignments/DINE-ChangeTrackingVMSSPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/DINE-ChangeTrackingVMSSPolicyAssignment.json index b5503e4ee1..265793419a 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/DINE-ChangeTrackingVMSSPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/DINE-ChangeTrackingVMSSPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -103,8 +104,8 @@ "roleAssignmentNamePlatformManagedIdentityOperator": "[guid(concat(parameters('toplevelManagementGroupPrefix'),variables('policyAssignmentNames').vmssChangeTracking,'-6',parameters('scope')))]" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2024-04-01", "name": "[variables('policyAssignmentNames').vmssChangeTracking]", @@ -140,14 +141,18 @@ "value": "[parameters('effect')]" } } + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } }, - { + "roleAssignment1": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", "name": "[variables('roleAssignmentNames').roleAssignmentNameLogAnalyticsContributor]", "dependsOn": [ - "[variables('policyAssignmentNames').vmssChangeTracking]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -155,12 +160,12 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').vmssChangeTracking), '2019-09-01', 'Full' ).identity.principalId)]" } }, - { + "roleAssignment2": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", "name": "[variables('roleAssignmentNames').roleAssignmentNameVmContributor]", "dependsOn": [ - "[variables('policyAssignmentNames').vmssChangeTracking]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -168,12 +173,12 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').vmssChangeTracking), '2019-09-01', 'Full' ).identity.principalId)]" } }, - { + "roleAssignment3": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", "name": "[variables('roleAssignmentNames').roleAssignmentNameMonitoringContributor]", "dependsOn": [ - "[variables('policyAssignmentNames').vmssChangeTracking]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -181,12 +186,12 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').vmssChangeTracking), '2019-09-01', 'Full' ).identity.principalId)]" } }, - { + "roleAssignment4": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", "name": "[variables('roleAssignmentNames').roleAssignmentNameManagedIdentityOperator]", "dependsOn": [ - "[variables('policyAssignmentNames').vmssChangeTracking]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -194,14 +199,14 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').vmssChangeTracking), '2019-09-01', 'Full' ).identity.principalId)]" } }, - { + "roleAssignment5": { "condition": "[not(equals(parameters('platformScope'), parameters('scope')))]", "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", "name": "[variables('roleAssignmentNames').roleAssignmentNameReader]", "scope": "[parameters('platformScope')]", "dependsOn": [ - "[variables('policyAssignmentNames').vmssChangeTracking]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -209,14 +214,14 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').vmssChangeTracking), '2019-09-01', 'Full' ).identity.principalId)]" } }, - { + "roleAssignment6": { "condition": "[not(equals(parameters('platformScope'), parameters('scope')))]", "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", "name": "[variables('roleAssignmentNames').roleAssignmentNamePlatformManagedIdentityOperator]", "scope": "[parameters('platformScope')]", "dependsOn": [ - "[variables('policyAssignmentNames').vmssChangeTracking]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -224,6 +229,6 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').vmssChangeTracking), '2019-09-01', 'Full' ).identity.principalId)]" } } - ], + }, "outputs": {} } diff --git a/eslzArm/managementGroupTemplates/policyAssignments/DINE-MDEndpointsAMAPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/DINE-MDEndpointsAMAPolicyAssignment.json index e61f1c6ecb..1c0e04209a 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/DINE-MDEndpointsAMAPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/DINE-MDEndpointsAMAPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -41,8 +42,8 @@ "deployMDEndpoints": "[guid(concat(parameters('toplevelManagementGroupPrefix'),variables('policyAssignmentNames').azureSecurityMDE))]" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2024-04-01", "name": "[variables('policyAssignmentNames').azureSecurityMDE]", @@ -62,14 +63,18 @@ } ], "parameters": {} + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } }, - { + "roleAssignment": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2019-04-01-preview", "name": "[variables('roleAssignmentNames').deployMDEndpoints]", "dependsOn": [ - "[variables('policyAssignmentNames').azureSecurityMDE]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -77,6 +82,6 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').azureSecurityMDE), '2019-09-01', 'Full' ).identity.principalId)]" } } - ], + }, "outputs": {} } diff --git a/eslzArm/managementGroupTemplates/policyAssignments/DINE-MDEndpointsPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/DINE-MDEndpointsPolicyAssignment.json index c0c59489ef..6242fa3143 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/DINE-MDEndpointsPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/DINE-MDEndpointsPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -27,7 +28,7 @@ "DeployIfNotExists", "AuditIfNotExists" ], - "defaultValue": "DeployIfNotExists" + "defaultValue": "DeployIfNotExists" } }, "variables": { @@ -50,8 +51,8 @@ "deployMDEndpoints": "[guid(concat(parameters('toplevelManagementGroupPrefix'),variables('policyAssignmentNames').azureSecurityMDE))]" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2024-04-01", "name": "[variables('policyAssignmentNames').azureSecurityMDE]", @@ -84,14 +85,18 @@ "value": "[parameters('enableMDEndpoints')]" } } + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } }, - { + "roleAssignment": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2019-04-01-preview", "name": "[variables('roleAssignmentNames').deployMDEndpoints]", "dependsOn": [ - "[variables('policyAssignmentNames').azureSecurityMDE]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -99,7 +104,6 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').azureSecurityMDE), '2019-09-01', 'Full' ).identity.principalId)]" } } - - ], + }, "outputs": {} -} \ No newline at end of file +} diff --git a/eslzArm/managementGroupTemplates/policyAssignments/DINE-MDFCConfigPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/DINE-MDFCConfigPolicyAssignment.json index 3a75c7ce48..00e6fa2993 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/DINE-MDFCConfigPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/DINE-MDFCConfigPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -155,8 +156,8 @@ "deployAzureSecurity": "[guid(concat(parameters('toplevelManagementGroupPrefix'),variables('policyAssignmentNames').azureSecurity))]" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2022-06-01", "name": "[variables('policyAssignmentNames').azureSecurity]", @@ -224,14 +225,18 @@ "value": "[parameters('enableAscForCspm')]" } } + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } }, - { + "roleAssignment": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2019-04-01-preview", "name": "[variables('roleAssignmentNames').deployAzureSecurity]", "dependsOn": [ - "[variables('policyAssignmentNames').azureSecurity]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -239,6 +244,6 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').azureSecurity), '2019-09-01', 'Full' ).identity.principalId)]" } } - ], + }, "outputs": {} } diff --git a/eslzArm/managementGroupTemplates/policyAssignments/DINE-MDFCDefenderSQLAMAPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/DINE-MDFCDefenderSQLAMAPolicyAssignment.json index d3210e1d7a..55e6a61a1f 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/DINE-MDFCDefenderSQLAMAPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/DINE-MDFCDefenderSQLAMAPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -135,8 +136,8 @@ "roleAssignmentNamePlatformManagedIdentityOperator": "[guid(concat(parameters('toplevelManagementGroupPrefix'),variables('policyAssignmentNames').azureDefenderSQL,'-7',parameters('scope')))]" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2024-04-01", "name": "[variables('policyAssignmentNames').azureDefenderSQL]", @@ -178,14 +179,18 @@ "value": "[parameters('userAssignedIdentityResourceId')]" } } + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } }, - { + "roleAssignment1": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", "name": "[variables('roleAssignmentNames').roleAssignmentNameLogAnalyticsContributor]", "dependsOn": [ - "[variables('policyAssignmentNames').azureDefenderSQL]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -193,12 +198,12 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').azureDefenderSQL), '2019-09-01', 'Full' ).identity.principalId)]" } }, - { + "roleAssignment2": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", "name": "[variables('roleAssignmentNames').roleAssignmentNameVmContributor]", "dependsOn": [ - "[variables('policyAssignmentNames').azureDefenderSQL]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -206,12 +211,12 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').azureDefenderSQL), '2019-09-01', 'Full' ).identity.principalId)]" } }, - { + "roleAssignment3": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", "name": "[variables('roleAssignmentNames').roleAssignmentNameMonitoringContributor]", "dependsOn": [ - "[variables('policyAssignmentNames').azureDefenderSQL]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -219,12 +224,12 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').azureDefenderSQL), '2019-09-01', 'Full' ).identity.principalId)]" } }, - { + "roleAssignment4": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", "name": "[variables('roleAssignmentNames').roleAssignmentNameManagedIdentityOperator]", "dependsOn": [ - "[variables('policyAssignmentNames').azureDefenderSQL]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -232,12 +237,12 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').azureDefenderSQL), '2019-09-01', 'Full' ).identity.principalId)]" } }, - { + "roleAssignment5": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", "name": "[variables('roleAssignmentNames').roleAssignmentNameContributor]", "dependsOn": [ - "[variables('policyAssignmentNames').azureDefenderSQL]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -245,14 +250,14 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').azureDefenderSQL), '2019-09-01', 'Full' ).identity.principalId)]" } }, - { + "roleAssignment6": { "condition": "[not(equals(parameters('platformScope'), parameters('scope')))]", "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", "name": "[variables('roleAssignmentNames').roleAssignmentNameReader]", "scope": "[parameters('platformScope')]", "dependsOn": [ - "[variables('policyAssignmentNames').azureDefenderSQL]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -260,14 +265,14 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').azureDefenderSQL), '2019-09-01', 'Full' ).identity.principalId)]" } }, - { + "roleAssignment7": { "condition": "[not(equals(parameters('platformScope'), parameters('scope')))]", "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", "name": "[variables('roleAssignmentNames').roleAssignmentNamePlatformManagedIdentityOperator]", "scope": "[parameters('platformScope')]", "dependsOn": [ - "[variables('policyAssignmentNames').azureDefenderSQL]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -275,6 +280,6 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').azureDefenderSQL), '2019-09-01', 'Full' ).identity.principalId)]" } } - ], + }, "outputs": {} } diff --git a/eslzArm/managementGroupTemplates/policyAssignments/DINE-PrivateDNSZonesPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/DINE-PrivateDNSZonesPolicyAssignment.json index 16bde4fc10..a5f77ecd3f 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/DINE-PrivateDNSZonesPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/DINE-PrivateDNSZonesPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -42,10 +43,10 @@ "austriaeast": "aue", "belgiumcentral": "bec", "brazilsouth": "brs", - "brazilsoutheast": "bse", + "brazilsoutheast": "bse", "canadacentral": "cnc", "canadaeast": "cne", - "centralindia": "inc", + "centralindia": "inc", "centralus": "cus", "chilecentral": "clc", "denmarkeast": "dke", @@ -89,7 +90,7 @@ "ukwest": "ukw", "westcentralus": "wcus", "westeurope": "we", - "westindia": "inw", + "westindia": "inw", "westus": "wus", "westus2": "wus2", "westus3": "wus3", @@ -168,7 +169,7 @@ "azureAcrPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.azurecr.io')]", "azureEventHubNamespacePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.servicebus.windows.net')]", "azureMachineLearningWorkspacePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.api.azureml.ms')]", - "azureMachineLearningWorkspaceSecondPrivateDnsZoneId" : "[concat(variables('baseId'), 'privatelink.notebooks.azure.net')]", + "azureMachineLearningWorkspaceSecondPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.notebooks.azure.net')]", "azureServiceBusNamespacePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.servicebus.windows.net')]", "azureCognitiveSearchPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.search.windows.net')]", "azureBotServicePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.directline.botframework.com')]", @@ -204,8 +205,8 @@ }, "policyRbac": "/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7" }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2022-06-01", "name": "[variables('policyAssignmentNames').deployPrivateDnsZones]", @@ -426,14 +427,18 @@ "value": "[variables('policyParameterMapping').azureSiteRecoveryQueuePrivateDnsZoneId]" } } + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } }, - { + "roleAssignment": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2019-04-01-preview", "name": "[variables('roleAssignmentNames').deployPrivateDnsZones]", "dependsOn": [ - "[variables('policyAssignmentNames').deployPrivateDnsZones]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -441,11 +446,11 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').deployPrivateDnsZones), '2019-09-01', 'Full').identity.principalId)]" } } - ], + }, "outputs": { "principalId": { "type": "string", "value": "[reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').deployPrivateDnsZones), '2019-09-01', 'Full').identity.principalId]" } } -} \ No newline at end of file +} diff --git a/eslzArm/managementGroupTemplates/policyAssignments/DINE-ResourceDiagnosticsPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/DINE-ResourceDiagnosticsPolicyAssignment.json index 6c8fac4b4a..eaa6e85786 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/DINE-ResourceDiagnosticsPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/DINE-ResourceDiagnosticsPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -55,8 +56,8 @@ "roleAssignmentNameMonitoringContributor": "[guid(concat(parameters('toplevelManagementGroupPrefix'),variables('policyAssignmentNames').resourceDiagnostics,'-2'))]" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2024-04-01", "name": "[variables('policyAssignmentNames').resourceDiagnostics]", @@ -80,14 +81,18 @@ "value": "[parameters('logAnalyticsResourceId')]" } } + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } }, - { + "roleAssignment1": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2019-04-01-preview", "name": "[variables('roleAssignmentNames').roleAssignmentNameLogAnalyticsContributor]", "dependsOn": [ - "[variables('policyAssignmentNames').resourceDiagnostics]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -95,12 +100,12 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').resourceDiagnostics), '2019-09-01', 'Full' ).identity.principalId)]" } }, - { + "roleAssignment2": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2019-04-01-preview", "name": "[variables('roleAssignmentNames').roleAssignmentNameMonitoringContributor]", "dependsOn": [ - "[variables('policyAssignmentNames').resourceDiagnostics]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -108,6 +113,6 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').resourceDiagnostics), '2019-09-01', 'Full' ).identity.principalId)]" } } - ], + }, "outputs": {} -} \ No newline at end of file +} diff --git a/eslzArm/managementGroupTemplates/policyAssignments/DINE-SQLAuditingPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/DINE-SQLAuditingPolicyAssignment.json index 29e4a8c15a..913ecc8518 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/DINE-SQLAuditingPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/DINE-SQLAuditingPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -47,8 +48,8 @@ "roleAssignmentNameLogAnalyticsContributor": "[guid(concat(parameters('toplevelManagementGroupPrefix'),variables('policyAssignmentNames').deploySqlAuditing,'-1'))]", "roleAssignmentNameSqlSecurityManager": "[guid(concat(parameters('toplevelManagementGroupPrefix'),variables('policyAssignmentNames').deploySqlAuditing,'-2'))]" }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2024-04-01", "name": "[variables('policyAssignmentNames').deploySqlAuditing]", @@ -72,14 +73,18 @@ "value": "[parameters('logAnalyticsResourceId')]" } } + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } }, - { + "roleAssignment1": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2019-04-01-preview", "name": "[variables('roleAssignmentNameLogAnalyticsContributor')]", "dependsOn": [ - "[variables('policyAssignmentNames').deploySqlAuditing]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -87,12 +92,12 @@ "principalId": "[reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').deploySqlAuditing), '2019-09-01', 'Full' ).identity.principalId]" } }, - { + "roleAssignment2": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2019-04-01-preview", "name": "[variables('roleAssignmentNameSqlSecurityManager')]", "dependsOn": [ - "[variables('policyAssignmentNames').deploySqlAuditing]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -100,7 +105,7 @@ "principalId": "[reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').deploySqlAuditing), '2019-09-01', 'Full' ).identity.principalId]" } } - ], + }, "outputs": { "principalId": { "type": "string", diff --git a/eslzArm/managementGroupTemplates/policyAssignments/DINE-SQLEncryptionPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/DINE-SQLEncryptionPolicyAssignment.json index b18449418a..b081af3f5b 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/DINE-SQLEncryptionPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/DINE-SQLEncryptionPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -41,8 +42,8 @@ "roleAssignmentNameSqlDbContributor": "[guid(concat(parameters('toplevelManagementGroupPrefix'),variables('policyAssignmentNames').deploySqlEncryption))]" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2024-04-01", "name": "[variables('policyAssignmentNames').deploySqlEncryption]", @@ -61,14 +62,18 @@ "message": "[replace(variables('nonComplianceMessage').message, parameters('nonComplianceMessagePlaceholder'), variables('nonComplianceMessage')[parameters('enforcementMode')])]" } ] + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } }, - { + "roleAssignment": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2019-04-01-preview", "name": "[variables('roleAssignmentNames').roleAssignmentNameSqlDbContributor]", "dependsOn": [ - "[variables('policyAssignmentNames').deploySqlEncryption]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -76,6 +81,6 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').deploySqlEncryption), '2019-09-01', 'Full' ).identity.principalId)]" } } - ], + }, "outputs": {} -} \ No newline at end of file +} diff --git a/eslzArm/managementGroupTemplates/policyAssignments/DINE-SQLThreatPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/DINE-SQLThreatPolicyAssignment.json index c93203df5a..743857ed1d 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/DINE-SQLThreatPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/DINE-SQLThreatPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -41,8 +42,8 @@ "deploySqlThreat": "[guid(concat(parameters('toplevelManagementGroupPrefix'),variables('policyAssignmentNames').deploySqlThreat))]" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2024-04-01", "name": "[variables('policyAssignmentNames').deploySqlThreat]", @@ -61,14 +62,18 @@ "message": "[replace(variables('nonComplianceMessage').message, parameters('nonComplianceMessagePlaceholder'), variables('nonComplianceMessage')[parameters('enforcementMode')])]" } ] + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } }, - { + "roleAssignment": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2019-04-01-preview", "name": "[variables('roleAssignmentNames').deploySqlThreat]", "dependsOn": [ - "[variables('policyAssignmentNames').deploySqlThreat]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -76,6 +81,6 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').deploySqlThreat), '2019-09-01', 'Full' ).identity.principalId)]" } } - ], + }, "outputs": {} -} \ No newline at end of file +} diff --git a/eslzArm/managementGroupTemplates/policyAssignments/DINE-ServiceHealthBuiltInPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/DINE-ServiceHealthBuiltInPolicyAssignment.json index 2624945d06..a67b4d60c8 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/DINE-ServiceHealthBuiltInPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/DINE-ServiceHealthBuiltInPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -83,8 +84,8 @@ "acdd72a7-3385-48ef-bd42-f606fba81ae7": "Reader" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2024-04-01", "name": "[variables('policyAssignmentNames').svcHealthBuiltIn]", @@ -125,14 +126,18 @@ "value": "[variables('actionGroupRoleIdsToName')]" } } + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } }, - { + "roleAssignment": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", "name": "[variables('roleAssignmentNames').roleAssignmentNameMonitoringPolicyContributor]", "dependsOn": [ - "[variables('policyAssignmentNames').svcHealthBuiltIn]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -140,6 +145,6 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').svcHealthBuiltIn), '2024-04-01', 'Full' ).identity.principalId)]" } } - ], + }, "outputs": {} } diff --git a/eslzArm/managementGroupTemplates/policyAssignments/DINE-TrustedLaunchGuestAttestationAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/DINE-TrustedLaunchGuestAttestationAssignment.json index 218c1f6601..25d852f005 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/DINE-TrustedLaunchGuestAttestationAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/DINE-TrustedLaunchGuestAttestationAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -61,8 +62,8 @@ "roleAssignmentMIContributor": "[guid(concat(parameters('toplevelManagementGroupPrefix'),variables('policyAssignmentNames').deployGuestAtt,'-4',parameters('scope')))]" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2024-05-01", "name": "[variables('policyAssignmentNames').deployGuestAtt]", @@ -86,14 +87,18 @@ "value": "[parameters('attestationEndpoint')]" } } + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } }, - { + "roleAssignment1": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", "name": "[variables('roleAssignmentNames').roleAssignmentVMContributor]", "dependsOn": [ - "[variables('policyAssignmentNames').deployGuestAtt]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -101,12 +106,12 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').deployGuestAtt), '2019-09-01', 'Full' ).identity.principalId)]" } }, - { + "roleAssignment2": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", "name": "[variables('roleAssignmentNames').roleAssignmentReader]", "dependsOn": [ - "[variables('policyAssignmentNames').deployGuestAtt]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -114,12 +119,12 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').deployGuestAtt), '2019-09-01', 'Full' ).identity.principalId)]" } }, - { + "roleAssignment3": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", "name": "[variables('roleAssignmentNames').roleAssignmentMIOperator]", "dependsOn": [ - "[variables('policyAssignmentNames').deployGuestAtt]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -127,12 +132,12 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').deployGuestAtt), '2019-09-01', 'Full' ).identity.principalId)]" } }, - { + "roleAssignment4": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", "name": "[variables('roleAssignmentNames').roleAssignmentMIContributor]", "dependsOn": [ - "[variables('policyAssignmentNames').deployGuestAtt]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -140,7 +145,6 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').deployGuestAtt), '2019-09-01', 'Full' ).identity.principalId)]" } } - - ], + }, "outputs": {} -} \ No newline at end of file +} diff --git a/eslzArm/managementGroupTemplates/policyAssignments/DINE-VMBackupPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/DINE-VMBackupPolicyAssignment.json index e06cc5ff72..3db4d0027e 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/DINE-VMBackupPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/DINE-VMBackupPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -44,8 +45,8 @@ "roleAssignmentNameVmContributor": "[guid(concat(parameters('toplevelManagementGroupPrefix'),variables('policyAssignmentNames').deployVmBackup,'-2'))]" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2024-04-01", "name": "[variables('policyAssignmentNames').deployVmBackup]", @@ -65,14 +66,18 @@ } ], "parameters": {} + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } }, - { + "roleAssignment1": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2019-04-01-preview", "name": "[variables('roleAssignmentNames').roleAssignmentNameBackupContributor]", "dependsOn": [ - "[variables('policyAssignmentNames').deployVmBackup]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -80,19 +85,19 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').deployVmBackup), '2019-09-01', 'Full' ).identity.principalId)]" } }, - { + "roleAssignment2": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2019-04-01-preview", "name": "[variables('roleAssignmentNames').roleAssignmentNameVmContributor]", "dependsOn": [ - "[variables('policyAssignmentNames').deployVmBackup]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", "roleDefinitionId": "[concat('/providers/Microsoft.Authorization/roleDefinitions/', variables('rbacVMContributor'))]", "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').deployVmBackup), '2019-09-01', 'Full' ).identity.principalId)]" } - } - ], + } + }, "outputs": {} -} \ No newline at end of file +} diff --git a/eslzArm/managementGroupTemplates/policyAssignments/DINE-VMHybridMonitoringPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/DINE-VMHybridMonitoringPolicyAssignment.json index abe13d8dc4..f09662b6e2 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/DINE-VMHybridMonitoringPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/DINE-VMHybridMonitoringPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -74,8 +75,8 @@ "roleAssignmentNameReader": "[guid(concat(parameters('toplevelManagementGroupPrefix'),variables('policyAssignmentNames').vmHybridMonitoring,'-3',parameters('scope')))]" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2024-04-01", "name": "[variables('policyAssignmentNames').vmHybridMonitoring]", @@ -102,14 +103,18 @@ "value": "[parameters('enableProcessesAndDependencies')]" } } + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } }, - { + "roleAssignment1": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", "name": "[variables('roleAssignmentNames').roleAssignmentNameLogAnalyticsContributor]", "dependsOn": [ - "[variables('policyAssignmentNames').vmHybridMonitoring]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -117,12 +122,12 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').vmHybridMonitoring), '2019-09-01', 'Full' ).identity.principalId)]" } }, - { + "roleAssignment2": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", "name": "[variables('roleAssignmentNames').roleAssignmentNameMonitoringContributor]", "dependsOn": [ - "[variables('policyAssignmentNames').vmHybridMonitoring]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -130,14 +135,14 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').vmHybridMonitoring), '2019-09-01', 'Full' ).identity.principalId)]" } }, - { + "roleAssignment3": { "condition": "[not(equals(parameters('platformScope'), parameters('scope')))]", "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", "name": "[variables('roleAssignmentNames').roleAssignmentNameReader]", "scope": "[parameters('platformScope')]", "dependsOn": [ - "[variables('policyAssignmentNames').vmHybridMonitoring]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -145,6 +150,6 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').vmHybridMonitoring), '2019-09-01', 'Full' ).identity.principalId)]" } } - ], + }, "outputs": {} -} \ No newline at end of file +} diff --git a/eslzArm/managementGroupTemplates/policyAssignments/DINE-VMMonitoringPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/DINE-VMMonitoringPolicyAssignment.json index d5a989f307..f098d7e104 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/DINE-VMMonitoringPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/DINE-VMMonitoringPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -106,8 +107,8 @@ "roleAssignmentNamePlatformManagedIdentityOperator": "[guid(concat(parameters('toplevelManagementGroupPrefix'),variables('policyAssignmentNames').vmMonitoring,'-6',parameters('scope')))]" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2024-04-01", "name": "[variables('policyAssignmentNames').vmMonitoring]", @@ -146,14 +147,18 @@ "value": "[parameters('scopeToSupportedImages')]" } } + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } }, - { + "roleAssignment1": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", "name": "[variables('roleAssignmentNames').roleAssignmentNameLogAnalyticsContributor]", "dependsOn": [ - "[variables('policyAssignmentNames').vmMonitoring]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -161,12 +166,12 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').vmMonitoring), '2019-09-01', 'Full' ).identity.principalId)]" } }, - { + "roleAssignment2": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", "name": "[variables('roleAssignmentNames').roleAssignmentNameVmContributor]", "dependsOn": [ - "[variables('policyAssignmentNames').vmMonitoring]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -174,12 +179,12 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').vmMonitoring), '2019-09-01', 'Full' ).identity.principalId)]" } }, - { + "roleAssignment3": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", "name": "[variables('roleAssignmentNames').roleAssignmentNameMonitoringContributor]", "dependsOn": [ - "[variables('policyAssignmentNames').vmMonitoring]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -187,12 +192,12 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').vmMonitoring), '2019-09-01', 'Full' ).identity.principalId)]" } }, - { + "roleAssignment4": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", "name": "[variables('roleAssignmentNames').roleAssignmentNameManagedIdentityOperator]", "dependsOn": [ - "[variables('policyAssignmentNames').vmMonitoring]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -200,14 +205,14 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').vmMonitoring), '2019-09-01', 'Full' ).identity.principalId)]" } }, - { + "roleAssignment5": { "condition": "[not(equals(parameters('platformScope'), parameters('scope')))]", "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", "name": "[variables('roleAssignmentNames').roleAssignmentNameReader]", "scope": "[parameters('platformScope')]", "dependsOn": [ - "[variables('policyAssignmentNames').vmMonitoring]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -215,14 +220,14 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').vmMonitoring), '2019-09-01', 'Full' ).identity.principalId)]" } }, - { + "roleAssignment6": { "condition": "[not(equals(parameters('platformScope'), parameters('scope')))]", "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", "name": "[variables('roleAssignmentNames').roleAssignmentNamePlatformManagedIdentityOperator]", "scope": "[parameters('platformScope')]", "dependsOn": [ - "[variables('policyAssignmentNames').vmMonitoring]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -230,6 +235,6 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').vmMonitoring), '2019-09-01', 'Full' ).identity.principalId)]" } } - ], + }, "outputs": {} } diff --git a/eslzArm/managementGroupTemplates/policyAssignments/DINE-VMSSMonitoringPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/DINE-VMSSMonitoringPolicyAssignment.json index e151ee8e73..803f9f4ffe 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/DINE-VMSSMonitoringPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/DINE-VMSSMonitoringPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -106,8 +107,8 @@ "roleAssignmentNamePlatformManagedIdentityOperator": "[guid(concat(parameters('toplevelManagementGroupPrefix'),variables('policyAssignmentNames').vmssMonitoring,'-6',parameters('scope')))]" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2024-04-01", "name": "[variables('policyAssignmentNames').vmssMonitoring]", @@ -146,14 +147,18 @@ "value": "[parameters('scopeToSupportedImages')]" } } + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } }, - { + "roleAssignment1": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", "name": "[variables('roleAssignmentNames').roleAssignmentNameLogAnalyticsContributor]", "dependsOn": [ - "[variables('policyAssignmentNames').vmssMonitoring]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -161,12 +166,12 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').vmssMonitoring), '2019-09-01', 'Full' ).identity.principalId)]" } }, - { + "roleAssignment2": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", "name": "[variables('roleAssignmentNames').roleAssignmentNameVmContributor]", "dependsOn": [ - "[variables('policyAssignmentNames').vmssMonitoring]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -174,12 +179,12 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').vmssMonitoring), '2019-09-01', 'Full' ).identity.principalId)]" } }, - { + "roleAssignment3": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", "name": "[variables('roleAssignmentNames').roleAssignmentNameMonitoringContributor]", "dependsOn": [ - "[variables('policyAssignmentNames').vmssMonitoring]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -187,12 +192,12 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').vmssMonitoring), '2019-09-01', 'Full' ).identity.principalId)]" } }, - { + "roleAssignment4": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", "name": "[variables('roleAssignmentNames').roleAssignmentNameManagedIdentityOperator]", "dependsOn": [ - "[variables('policyAssignmentNames').vmssMonitoring]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -200,14 +205,14 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').vmssMonitoring), '2019-09-01', 'Full' ).identity.principalId)]" } }, - { + "roleAssignment5": { "condition": "[not(equals(parameters('platformScope'), parameters('scope')))]", "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", "name": "[variables('roleAssignmentNames').roleAssignmentNameReader]", "scope": "[parameters('platformScope')]", "dependsOn": [ - "[variables('policyAssignmentNames').vmssMonitoring]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -215,14 +220,14 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').vmssMonitoring), '2019-09-01', 'Full' ).identity.principalId)]" } }, - { + "roleAssignment6": { "condition": "[not(equals(parameters('platformScope'), parameters('scope')))]", "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", "name": "[variables('roleAssignmentNames').roleAssignmentNamePlatformManagedIdentityOperator]", "scope": "[parameters('platformScope')]", "dependsOn": [ - "[variables('policyAssignmentNames').vmssMonitoring]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -230,6 +235,6 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').vmssMonitoring), '2019-09-01', 'Full' ).identity.principalId)]" } } - ], + }, "outputs": {} -} \ No newline at end of file +} diff --git a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-ALZ-DecommissionedPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-ALZ-DecommissionedPolicyAssignment.json index c43ac7f356..87e78a0853 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-ALZ-DecommissionedPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-ALZ-DecommissionedPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -55,10 +56,10 @@ "rbacVMContributor": "9980e02c-c2be-4d73-94e8-173b1dc7cf3c", "roleAssignmentNames": { "deployDecommRoles": "[guid(concat(parameters('topLevelManagementGroupPrefix'), variables('policyAssignmentNames').alzDecommission))]" - } + } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2022-06-01", "name": "[variables('policyAssignmentNames').alzDecommission]", @@ -76,14 +77,18 @@ "value": "[parameters('listOfResourceTypesAllowed')]" } } + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } }, - { + "roleAssignment": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2019-04-01-preview", "name": "[variables('roleAssignmentNames').deployDecommRoles]", "dependsOn": [ - "[variables('policyAssignmentNames').alzDecommission]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -91,6 +96,6 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').alzDecommission), '2019-09-01', 'Full' ).identity.principalId)]" } } - ], + }, "outputs": {} -} \ No newline at end of file +} diff --git a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-ALZ-SandboxPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-ALZ-SandboxPolicyAssignment.json index 895703c491..141f325054 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-ALZ-SandboxPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-ALZ-SandboxPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -25,11 +26,11 @@ "defaultValue": [ "microsoft.network/expressroutecircuits", "microsoft.network/expressroutegateways", - "microsoft.network/expressrouteports", + "microsoft.network/expressrouteports", "microsoft.network/virtualwans", "microsoft.network/virtualhubs", "microsoft.network/vpngateways", - "microsoft.network/p2svpngateways", + "microsoft.network/p2svpngateways", "microsoft.network/vpnsites", "microsoft.network/virtualnetworkgateways" ] @@ -50,8 +51,8 @@ "DoNotEnforce": "should" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2022-06-01", "name": "[variables('policyAssignmentNames').alzSandbox]", @@ -71,8 +72,12 @@ "value": "[parameters('listOfResourceTypesNotAllowed')]" } } + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } } - ], + }, "outputs": {} -} \ No newline at end of file +} diff --git a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-AcsbPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-AcsbPolicyAssignment.json index 4bc91dc750..1c12ccb602 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-AcsbPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-AcsbPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/tenantDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -38,10 +39,10 @@ "rbacContributor": "b24988ac-6180-42a0-ab88-20f7382dd24c", "roleAssignmentNames": { "deployRoles": "[guid(concat(parameters('topLevelManagementGroupPrefix'), variables('policyAssignmentNames').enforceAcsb))]" - } + } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2022-06-01", "name": "[variables('policyAssignmentNames').enforceAcsb]", @@ -59,14 +60,18 @@ "message": "[replace(variables('nonComplianceMessage').message, parameters('nonComplianceMessagePlaceholder'), variables('nonComplianceMessage')[parameters('enforcementMode')])]" } ] + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } }, - { + "roleAssignment": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2019-04-01-preview", "name": "[variables('roleAssignmentNames').deployRoles]", "dependsOn": [ - "[variables('policyAssignmentNames').enforceAcsb]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -74,6 +79,6 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').enforceAcsb), '2019-09-01', 'Full' ).identity.principalId)]" } } - ], + }, "outputs": {} -} \ No newline at end of file +} diff --git a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-BackupPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-BackupPolicyAssignment.json index ac77101473..6aec1f8651 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-BackupPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-BackupPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/tenantDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -36,8 +37,8 @@ "DoNotEnforce": "should" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2022-06-01", "name": "[variables('policyAssignmentNames').enforceGuardrailsBackup]", @@ -51,8 +52,12 @@ "message": "[replace(variables('nonComplianceMessage').message, parameters('nonComplianceMessagePlaceholder'), variables('nonComplianceMessage')[parameters('enforcementMode')])]" } ] + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } } - ], + }, "outputs": {} } diff --git a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-EncryptionCMKPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-EncryptionCMKPolicyAssignment.json index e100be2841..321826a434 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-EncryptionCMKPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-EncryptionCMKPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/tenantDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -44,8 +45,8 @@ "deployRoles": "[guid(concat(parameters('toplevelManagementGroupPrefix'),variables('policyAssignmentNames').enforceGuardrailsCMK))]" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2022-06-01", "name": "[variables('policyAssignmentNames').enforceGuardrailsCMK]", @@ -63,14 +64,18 @@ "message": "[replace(variables('nonComplianceMessage').message, parameters('nonComplianceMessagePlaceholder'), variables('nonComplianceMessage')[parameters('enforcementMode')])]" } ] + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } }, - { + "roleAssignment": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2019-04-01-preview", "name": "[variables('roleAssignmentNames').deployRoles]", "dependsOn": [ - "[resourceId('Microsoft.Authorization/policyAssignments', variables('policyAssignmentNames').enforceGuardrailsCMK)]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -78,6 +83,6 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').enforceGuardrailsCMK), '2019-09-01', 'Full' ).identity.principalId)]" } } - ], + }, "outputs": {} } diff --git a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsAPIMPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsAPIMPolicyAssignment.json index 357c0a1aec..b9c3b7a142 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsAPIMPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsAPIMPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/tenantDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -44,8 +45,8 @@ "deployRoles": "[guid(concat(parameters('toplevelManagementGroupPrefix'),variables('policyAssignmentNames').enforceGuardrailsAPIM))]" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2022-06-01", "name": "[variables('policyAssignmentNames').enforceGuardrailsAPIM]", @@ -63,14 +64,18 @@ "message": "[replace(variables('nonComplianceMessage').message, parameters('nonComplianceMessagePlaceholder'), variables('nonComplianceMessage')[parameters('enforcementMode')])]" } ] + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } }, - { + "roleAssignment": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2019-04-01-preview", "name": "[variables('roleAssignmentNames').deployRoles]", "dependsOn": [ - "[resourceId('Microsoft.Authorization/policyAssignments', variables('policyAssignmentNames').enforceGuardrailsAPIM)]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -78,6 +83,6 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').enforceGuardrailsAPIM), '2019-09-01', 'Full' ).identity.principalId)]" } } - ], + }, "outputs": {} } diff --git a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsAppServicesPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsAppServicesPolicyAssignment.json index 3969cc3787..5a016f7c42 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsAppServicesPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsAppServicesPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/tenantDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -44,8 +45,8 @@ "deployRoles": "[guid(concat(parameters('toplevelManagementGroupPrefix'),variables('policyAssignmentNames').enforceGuardrailsAppServices))]" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2022-06-01", "name": "[variables('policyAssignmentNames').enforceGuardrailsAppServices]", @@ -63,14 +64,18 @@ "message": "[replace(variables('nonComplianceMessage').message, parameters('nonComplianceMessagePlaceholder'), variables('nonComplianceMessage')[parameters('enforcementMode')])]" } ] + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } }, - { + "roleAssignment": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2019-04-01-preview", "name": "[variables('roleAssignmentNames').deployRoles]", "dependsOn": [ - "[resourceId('Microsoft.Authorization/policyAssignments', variables('policyAssignmentNames').enforceGuardrailsAppServices)]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -78,6 +83,6 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').enforceGuardrailsAppServices), '2019-09-01', 'Full' ).identity.principalId)]" } } - ], + }, "outputs": {} } diff --git a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsAutomationPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsAutomationPolicyAssignment.json index d43297d47d..bf23d317a6 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsAutomationPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsAutomationPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/tenantDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -44,8 +45,8 @@ "deployRoles": "[guid(concat(parameters('toplevelManagementGroupPrefix'),variables('policyAssignmentNames').enforceGuardrailsAutomation))]" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2022-06-01", "name": "[variables('policyAssignmentNames').enforceGuardrailsAutomation]", @@ -63,14 +64,18 @@ "message": "[replace(variables('nonComplianceMessage').message, parameters('nonComplianceMessagePlaceholder'), variables('nonComplianceMessage')[parameters('enforcementMode')])]" } ] + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } }, - { + "roleAssignment": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2019-04-01-preview", "name": "[variables('roleAssignmentNames').deployRoles]", "dependsOn": [ - "[resourceId('Microsoft.Authorization/policyAssignments', variables('policyAssignmentNames').enforceGuardrailsAutomation)]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -78,6 +83,6 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').enforceGuardrailsAutomation), '2019-09-01', 'Full' ).identity.principalId)]" } } - ], + }, "outputs": {} } diff --git a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsBotServicePolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsBotServicePolicyAssignment.json index 724c8d8cf4..a9b005fb2b 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsBotServicePolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsBotServicePolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/tenantDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -44,8 +45,8 @@ "deployRoles": "[guid(concat(parameters('toplevelManagementGroupPrefix'),variables('policyAssignmentNames').enforceGuardrailsBotService))]" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2022-06-01", "name": "[variables('policyAssignmentNames').enforceGuardrailsBotService]", @@ -63,14 +64,18 @@ "message": "[replace(variables('nonComplianceMessage').message, parameters('nonComplianceMessagePlaceholder'), variables('nonComplianceMessage')[parameters('enforcementMode')])]" } ] + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } }, - { + "roleAssignment": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2019-04-01-preview", "name": "[variables('roleAssignmentNames').deployRoles]", "dependsOn": [ - "[resourceId('Microsoft.Authorization/policyAssignments', variables('policyAssignmentNames').enforceGuardrailsBotService)]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -78,6 +83,6 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').enforceGuardrailsBotService), '2019-09-01', 'Full' ).identity.principalId)]" } } - ], + }, "outputs": {} } diff --git a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsCognitiveServicesPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsCognitiveServicesPolicyAssignment.json index 891aee217b..922a7c5726 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsCognitiveServicesPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsCognitiveServicesPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/tenantDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -44,8 +45,8 @@ "deployRoles": "[guid(concat(parameters('toplevelManagementGroupPrefix'),variables('policyAssignmentNames').enforceGuardrailsCognitiveServices))]" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2022-06-01", "name": "[variables('policyAssignmentNames').enforceGuardrailsCognitiveServices]", @@ -63,14 +64,18 @@ "message": "[replace(variables('nonComplianceMessage').message, parameters('nonComplianceMessagePlaceholder'), variables('nonComplianceMessage')[parameters('enforcementMode')])]" } ] + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } }, - { + "roleAssignment": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2019-04-01-preview", "name": "[variables('roleAssignmentNames').deployRoles]", "dependsOn": [ - "[resourceId('Microsoft.Authorization/policyAssignments', variables('policyAssignmentNames').enforceGuardrailsCognitiveServices)]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -78,6 +83,6 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').enforceGuardrailsCognitiveServices), '2019-09-01', 'Full' ).identity.principalId)]" } } - ], + }, "outputs": {} } diff --git a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsComputePolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsComputePolicyAssignment.json index a507d822be..b03e55955a 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsComputePolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsComputePolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/tenantDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -44,8 +45,8 @@ "deployRoles": "[guid(concat(parameters('toplevelManagementGroupPrefix'),variables('policyAssignmentNames').enforceGuardrailsCompute))]" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2022-06-01", "name": "[variables('policyAssignmentNames').enforceGuardrailsCompute]", @@ -63,14 +64,18 @@ "message": "[replace(variables('nonComplianceMessage').message, parameters('nonComplianceMessagePlaceholder'), variables('nonComplianceMessage')[parameters('enforcementMode')])]" } ] + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } }, - { + "roleAssignment": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2019-04-01-preview", "name": "[variables('roleAssignmentNames').deployRoles]", "dependsOn": [ - "[resourceId('Microsoft.Authorization/policyAssignments', variables('policyAssignmentNames').enforceGuardrailsCompute)]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -78,6 +83,6 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').enforceGuardrailsCompute), '2019-09-01', 'Full' ).identity.principalId)]" } } - ], + }, "outputs": {} } diff --git a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsContainerAppsPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsContainerAppsPolicyAssignment.json index 8305812e34..d1e43b388c 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsContainerAppsPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsContainerAppsPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/tenantDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -44,8 +45,8 @@ "deployRoles": "[guid(concat(parameters('toplevelManagementGroupPrefix'),variables('policyAssignmentNames').enforceGuardrailsContainerApps))]" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2022-06-01", "name": "[variables('policyAssignmentNames').enforceGuardrailsContainerApps]", @@ -63,14 +64,18 @@ "message": "[replace(variables('nonComplianceMessage').message, parameters('nonComplianceMessagePlaceholder'), variables('nonComplianceMessage')[parameters('enforcementMode')])]" } ] + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } }, - { + "roleAssignment": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2019-04-01-preview", "name": "[variables('roleAssignmentNames').deployRoles]", "dependsOn": [ - "[resourceId('Microsoft.Authorization/policyAssignments', variables('policyAssignmentNames').enforceGuardrailsContainerApps)]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -78,6 +83,6 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').enforceGuardrailsContainerApps), '2019-09-01', 'Full' ).identity.principalId)]" } } - ], + }, "outputs": {} } diff --git a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsContainerInstancePolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsContainerInstancePolicyAssignment.json index 90154b263d..1cb11c6ce0 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsContainerInstancePolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsContainerInstancePolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/tenantDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -44,8 +45,8 @@ "deployRoles": "[guid(concat(parameters('toplevelManagementGroupPrefix'),variables('policyAssignmentNames').enforceGuardrailsContainerInstance))]" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2022-06-01", "name": "[variables('policyAssignmentNames').enforceGuardrailsContainerInstance]", @@ -63,14 +64,18 @@ "message": "[replace(variables('nonComplianceMessage').message, parameters('nonComplianceMessagePlaceholder'), variables('nonComplianceMessage')[parameters('enforcementMode')])]" } ] + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } }, - { + "roleAssignment": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2019-04-01-preview", "name": "[variables('roleAssignmentNames').deployRoles]", "dependsOn": [ - "[resourceId('Microsoft.Authorization/policyAssignments', variables('policyAssignmentNames').enforceGuardrailsContainerInstance)]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -78,6 +83,6 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').enforceGuardrailsContainerInstance), '2019-09-01', 'Full' ).identity.principalId)]" } } - ], + }, "outputs": {} } diff --git a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsContainerRegistryPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsContainerRegistryPolicyAssignment.json index 5679741c18..07bb7b5ed7 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsContainerRegistryPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsContainerRegistryPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/tenantDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -44,8 +45,8 @@ "deployRoles": "[guid(concat(parameters('toplevelManagementGroupPrefix'),variables('policyAssignmentNames').enforceGuardrailsContainerRegistry))]" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2022-06-01", "name": "[variables('policyAssignmentNames').enforceGuardrailsContainerRegistry]", @@ -63,14 +64,18 @@ "message": "[replace(variables('nonComplianceMessage').message, parameters('nonComplianceMessagePlaceholder'), variables('nonComplianceMessage')[parameters('enforcementMode')])]" } ] + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } }, - { + "roleAssignment": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2019-04-01-preview", "name": "[variables('roleAssignmentNames').deployRoles]", "dependsOn": [ - "[resourceId('Microsoft.Authorization/policyAssignments', variables('policyAssignmentNames').enforceGuardrailsContainerRegistry)]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -78,6 +83,6 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').enforceGuardrailsContainerRegistry), '2019-09-01', 'Full' ).identity.principalId)]" } } - ], + }, "outputs": {} } diff --git a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsCosmosDbPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsCosmosDbPolicyAssignment.json index de4798bbbd..a433a8736e 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsCosmosDbPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsCosmosDbPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/tenantDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -44,8 +45,8 @@ "deployRoles": "[guid(concat(parameters('toplevelManagementGroupPrefix'),variables('policyAssignmentNames').enforceGuardrailsCosmosDb))]" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2022-06-01", "name": "[variables('policyAssignmentNames').enforceGuardrailsCosmosDb]", @@ -63,14 +64,18 @@ "message": "[replace(variables('nonComplianceMessage').message, parameters('nonComplianceMessagePlaceholder'), variables('nonComplianceMessage')[parameters('enforcementMode')])]" } ] + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } }, - { + "roleAssignment": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2019-04-01-preview", "name": "[variables('roleAssignmentNames').deployRoles]", "dependsOn": [ - "[resourceId('Microsoft.Authorization/policyAssignments', variables('policyAssignmentNames').enforceGuardrailsCosmosDb)]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -78,6 +83,6 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').enforceGuardrailsCosmosDb), '2019-09-01', 'Full' ).identity.principalId)]" } } - ], + }, "outputs": {} } diff --git a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsDataExplorerPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsDataExplorerPolicyAssignment.json index cac0a40e1f..9ea1ce1e8e 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsDataExplorerPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsDataExplorerPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/tenantDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -44,8 +45,8 @@ "deployRoles": "[guid(concat(parameters('toplevelManagementGroupPrefix'),variables('policyAssignmentNames').enforceGuardrailsDataExplorer))]" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2022-06-01", "name": "[variables('policyAssignmentNames').enforceGuardrailsDataExplorer]", @@ -63,14 +64,18 @@ "message": "[replace(variables('nonComplianceMessage').message, parameters('nonComplianceMessagePlaceholder'), variables('nonComplianceMessage')[parameters('enforcementMode')])]" } ] + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } }, - { + "roleAssignment": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2019-04-01-preview", "name": "[variables('roleAssignmentNames').deployRoles]", "dependsOn": [ - "[resourceId('Microsoft.Authorization/policyAssignments', variables('policyAssignmentNames').enforceGuardrailsDataExplorer)]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -78,6 +83,6 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').enforceGuardrailsDataExplorer), '2019-09-01', 'Full' ).identity.principalId)]" } } - ], + }, "outputs": {} } diff --git a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsDataFactoryPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsDataFactoryPolicyAssignment.json index 2991f85509..4f37abd59f 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsDataFactoryPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsDataFactoryPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/tenantDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -44,8 +45,8 @@ "deployRoles": "[guid(concat(parameters('toplevelManagementGroupPrefix'),variables('policyAssignmentNames').enforceGuardrailsDataFactory))]" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2022-06-01", "name": "[variables('policyAssignmentNames').enforceGuardrailsDataFactory]", @@ -63,14 +64,18 @@ "message": "[replace(variables('nonComplianceMessage').message, parameters('nonComplianceMessagePlaceholder'), variables('nonComplianceMessage')[parameters('enforcementMode')])]" } ] + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } }, - { + "roleAssignment": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2019-04-01-preview", "name": "[variables('roleAssignmentNames').deployRoles]", "dependsOn": [ - "[resourceId('Microsoft.Authorization/policyAssignments', variables('policyAssignmentNames').enforceGuardrailsDataFactory)]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -78,6 +83,6 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').enforceGuardrailsDataFactory), '2019-09-01', 'Full' ).identity.principalId)]" } } - ], + }, "outputs": {} } diff --git a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsEventGridPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsEventGridPolicyAssignment.json index 20aa445ca6..6eee1fe22d 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsEventGridPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsEventGridPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/tenantDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -44,8 +45,8 @@ "deployRoles": "[guid(concat(parameters('toplevelManagementGroupPrefix'),variables('policyAssignmentNames').enforceGuardrailsEventGrid))]" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2022-06-01", "name": "[variables('policyAssignmentNames').enforceGuardrailsEventGrid]", @@ -63,14 +64,18 @@ "message": "[replace(variables('nonComplianceMessage').message, parameters('nonComplianceMessagePlaceholder'), variables('nonComplianceMessage')[parameters('enforcementMode')])]" } ] + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } }, - { + "roleAssignment": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2019-04-01-preview", "name": "[variables('roleAssignmentNames').deployRoles]", "dependsOn": [ - "[resourceId('Microsoft.Authorization/policyAssignments', variables('policyAssignmentNames').enforceGuardrailsEventGrid)]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -78,6 +83,6 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').enforceGuardrailsEventGrid), '2019-09-01', 'Full' ).identity.principalId)]" } } - ], + }, "outputs": {} } diff --git a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsEventHubPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsEventHubPolicyAssignment.json index 538e190e28..b92a5756b6 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsEventHubPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsEventHubPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/tenantDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -44,8 +45,8 @@ "deployRoles": "[guid(concat(parameters('toplevelManagementGroupPrefix'),variables('policyAssignmentNames').enforceGuardrailsEventHub))]" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2022-06-01", "name": "[variables('policyAssignmentNames').enforceGuardrailsEventHub]", @@ -63,14 +64,18 @@ "message": "[replace(variables('nonComplianceMessage').message, parameters('nonComplianceMessagePlaceholder'), variables('nonComplianceMessage')[parameters('enforcementMode')])]" } ] + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } }, - { + "roleAssignment": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2019-04-01-preview", "name": "[variables('roleAssignmentNames').deployRoles]", "dependsOn": [ - "[resourceId('Microsoft.Authorization/policyAssignments', variables('policyAssignmentNames').enforceGuardrailsEventHub)]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -78,6 +83,6 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').enforceGuardrailsEventHub), '2019-09-01', 'Full' ).identity.principalId)]" } } - ], + }, "outputs": {} } diff --git a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsKeyVaultPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsKeyVaultPolicyAssignment.json index 838aa6d22b..228c6da73c 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsKeyVaultPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsKeyVaultPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/tenantDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -36,8 +37,8 @@ "DoNotEnforce": "should" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2022-06-01", "name": "[variables('policyAssignmentNames').enforceGuardrailsKeyVault]", @@ -46,8 +47,12 @@ "displayName": "[variables('policyAssignmentNames').displayName]", "policyDefinitionId": "[variables('policyDefinitions').enforceGuardrailsKeyVault]", "enforcementMode": "[parameters('enforcementMode')]" + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } } - ], + }, "outputs": {} } diff --git a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsKeyVaultSupPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsKeyVaultSupPolicyAssignment.json index 00b01aa98d..4fdc5721e7 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsKeyVaultSupPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsKeyVaultSupPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/tenantDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -44,8 +45,8 @@ "deployRoles": "[guid(concat(parameters('toplevelManagementGroupPrefix'),variables('policyAssignmentNames').enforceGuardrailsKeyVaultSup))]" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2022-06-01", "name": "[variables('policyAssignmentNames').enforceGuardrailsKeyVaultSup]", @@ -63,14 +64,18 @@ "message": "[replace(variables('nonComplianceMessage').message, parameters('nonComplianceMessagePlaceholder'), variables('nonComplianceMessage')[parameters('enforcementMode')])]" } ] + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } }, - { + "roleAssignment": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2019-04-01-preview", "name": "[variables('roleAssignmentNames').deployRoles]", "dependsOn": [ - "[resourceId('Microsoft.Authorization/policyAssignments', variables('policyAssignmentNames').enforceGuardrailsKeyVaultSup)]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -78,6 +83,6 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').enforceGuardrailsKeyVaultSup), '2019-09-01', 'Full' ).identity.principalId)]" } } - ], + }, "outputs": {} } diff --git a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsKubernetesPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsKubernetesPolicyAssignment.json index 06119cf2a8..7aca9c98b4 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsKubernetesPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsKubernetesPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/tenantDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -44,8 +45,8 @@ "deployRoles": "[guid(concat(parameters('toplevelManagementGroupPrefix'),variables('policyAssignmentNames').enforceGuardrailsKubernetes))]" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2022-06-01", "name": "[variables('policyAssignmentNames').enforceGuardrailsKubernetes]", @@ -63,14 +64,18 @@ "message": "[replace(variables('nonComplianceMessage').message, parameters('nonComplianceMessagePlaceholder'), variables('nonComplianceMessage')[parameters('enforcementMode')])]" } ] + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } }, - { + "roleAssignment": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2019-04-01-preview", "name": "[variables('roleAssignmentNames').deployRoles]", "dependsOn": [ - "[resourceId('Microsoft.Authorization/policyAssignments', variables('policyAssignmentNames').enforceGuardrailsKubernetes)]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -78,6 +83,6 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').enforceGuardrailsKubernetes), '2019-09-01', 'Full' ).identity.principalId)]" } } - ], + }, "outputs": {} } diff --git a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsMachineLearningPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsMachineLearningPolicyAssignment.json index 15f6121759..35c354d017 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsMachineLearningPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsMachineLearningPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/tenantDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -44,8 +45,8 @@ "deployRoles": "[guid(concat(parameters('toplevelManagementGroupPrefix'),variables('policyAssignmentNames').enforceGuardrailsMachineLearning))]" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2022-06-01", "name": "[variables('policyAssignmentNames').enforceGuardrailsMachineLearning]", @@ -63,14 +64,18 @@ "message": "[replace(variables('nonComplianceMessage').message, parameters('nonComplianceMessagePlaceholder'), variables('nonComplianceMessage')[parameters('enforcementMode')])]" } ] + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } }, - { + "roleAssignment": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2019-04-01-preview", "name": "[variables('roleAssignmentNames').deployRoles]", "dependsOn": [ - "[resourceId('Microsoft.Authorization/policyAssignments', variables('policyAssignmentNames').enforceGuardrailsMachineLearning)]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -78,6 +83,6 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').enforceGuardrailsMachineLearning), '2019-09-01', 'Full' ).identity.principalId)]" } } - ], + }, "outputs": {} } diff --git a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsMySQLPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsMySQLPolicyAssignment.json index 9a4c3f61e6..4636f5f228 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsMySQLPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsMySQLPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/tenantDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -44,8 +45,8 @@ "deployRoles": "[guid(concat(parameters('toplevelManagementGroupPrefix'),variables('policyAssignmentNames').enforceGuardrailsMySQL))]" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2022-06-01", "name": "[variables('policyAssignmentNames').enforceGuardrailsMySQL]", @@ -63,14 +64,18 @@ "message": "[replace(variables('nonComplianceMessage').message, parameters('nonComplianceMessagePlaceholder'), variables('nonComplianceMessage')[parameters('enforcementMode')])]" } ] + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } }, - { + "roleAssignment": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2019-04-01-preview", "name": "[variables('roleAssignmentNames').deployRoles]", "dependsOn": [ - "[resourceId('Microsoft.Authorization/policyAssignments', variables('policyAssignmentNames').enforceGuardrailsMySQL)]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -78,6 +83,6 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').enforceGuardrailsMySQL), '2019-09-01', 'Full' ).identity.principalId)]" } } - ], + }, "outputs": {} } diff --git a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsNetworkPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsNetworkPolicyAssignment.json index 00ca53da00..fa237eead5 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsNetworkPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsNetworkPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/tenantDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -48,8 +49,8 @@ "deployRoles": "[guid(concat(parameters('toplevelManagementGroupPrefix'),variables('policyAssignmentNames').enforceGuardrailsNetwork))]" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2022-06-01", "name": "[variables('policyAssignmentNames').enforceGuardrailsNetwork]", @@ -72,14 +73,18 @@ "message": "[replace(variables('nonComplianceMessage').message, parameters('nonComplianceMessagePlaceholder'), variables('nonComplianceMessage')[parameters('enforcementMode')])]" } ] + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } }, - { + "roleAssignment": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2019-04-01-preview", "name": "[variables('roleAssignmentNames').deployRoles]", "dependsOn": [ - "[resourceId('Microsoft.Authorization/policyAssignments', variables('policyAssignmentNames').enforceGuardrailsNetwork)]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -87,6 +92,6 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').enforceGuardrailsNetwork), '2019-09-01', 'Full' ).identity.principalId)]" } } - ], + }, "outputs": {} } diff --git a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsOpenAIPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsOpenAIPolicyAssignment.json index d8c8a3e443..524db9dbd3 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsOpenAIPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsOpenAIPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/tenantDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -44,8 +45,8 @@ "deployRoles": "[guid(concat(parameters('toplevelManagementGroupPrefix'),variables('policyAssignmentNames').enforceGuardrailsOpenAI))]" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2022-06-01", "name": "[variables('policyAssignmentNames').enforceGuardrailsOpenAI]", @@ -63,14 +64,18 @@ "message": "[replace(variables('nonComplianceMessage').message, parameters('nonComplianceMessagePlaceholder'), variables('nonComplianceMessage')[parameters('enforcementMode')])]" } ] + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } }, - { + "roleAssignment": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2019-04-01-preview", "name": "[variables('roleAssignmentNames').deployRoles]", "dependsOn": [ - "[resourceId('Microsoft.Authorization/policyAssignments', variables('policyAssignmentNames').enforceGuardrailsOpenAI)]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -78,6 +83,6 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').enforceGuardrailsOpenAI), '2019-09-01', 'Full' ).identity.principalId)]" } } - ], + }, "outputs": {} } diff --git a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsPostgreSQLPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsPostgreSQLPolicyAssignment.json index 620aa456f1..3a66de8677 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsPostgreSQLPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsPostgreSQLPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/tenantDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -44,8 +45,8 @@ "deployRoles": "[guid(concat(parameters('toplevelManagementGroupPrefix'),variables('policyAssignmentNames').enforceGuardrailsPostgreSQL))]" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2022-06-01", "name": "[variables('policyAssignmentNames').enforceGuardrailsPostgreSQL]", @@ -63,14 +64,18 @@ "message": "[replace(variables('nonComplianceMessage').message, parameters('nonComplianceMessagePlaceholder'), variables('nonComplianceMessage')[parameters('enforcementMode')])]" } ] + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } }, - { + "roleAssignment": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2019-04-01-preview", "name": "[variables('roleAssignmentNames').deployRoles]", "dependsOn": [ - "[resourceId('Microsoft.Authorization/policyAssignments', variables('policyAssignmentNames').enforceGuardrailsPostgreSQL)]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -78,6 +83,6 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').enforceGuardrailsPostgreSQL), '2019-09-01', 'Full' ).identity.principalId)]" } } - ], + }, "outputs": {} } diff --git a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsSQLPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsSQLPolicyAssignment.json index b1f5c74a60..bce4fbb21c 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsSQLPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsSQLPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/tenantDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -44,8 +45,8 @@ "deployRoles": "[guid(concat(parameters('toplevelManagementGroupPrefix'),variables('policyAssignmentNames').enforceGuardrailsSQL))]" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2022-06-01", "name": "[variables('policyAssignmentNames').enforceGuardrailsSQL]", @@ -63,14 +64,18 @@ "message": "[replace(variables('nonComplianceMessage').message, parameters('nonComplianceMessagePlaceholder'), variables('nonComplianceMessage')[parameters('enforcementMode')])]" } ] + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } }, - { + "roleAssignment": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2019-04-01-preview", "name": "[variables('roleAssignmentNames').deployRoles]", "dependsOn": [ - "[resourceId('Microsoft.Authorization/policyAssignments', variables('policyAssignmentNames').enforceGuardrailsSQL)]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -78,6 +83,6 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').enforceGuardrailsSQL), '2019-09-01', 'Full' ).identity.principalId)]" } } - ], + }, "outputs": {} } diff --git a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsServiceBusPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsServiceBusPolicyAssignment.json index 235ac1b028..189e080b3b 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsServiceBusPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsServiceBusPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/tenantDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -44,8 +45,8 @@ "deployRoles": "[guid(concat(parameters('toplevelManagementGroupPrefix'),variables('policyAssignmentNames').enforceGuardrailsServiceBus))]" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2022-06-01", "name": "[variables('policyAssignmentNames').enforceGuardrailsServiceBus]", @@ -63,14 +64,18 @@ "message": "[replace(variables('nonComplianceMessage').message, parameters('nonComplianceMessagePlaceholder'), variables('nonComplianceMessage')[parameters('enforcementMode')])]" } ] + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } }, - { + "roleAssignment": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2019-04-01-preview", "name": "[variables('roleAssignmentNames').deployRoles]", "dependsOn": [ - "[resourceId('Microsoft.Authorization/policyAssignments', variables('policyAssignmentNames').enforceGuardrailsServiceBus)]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -78,6 +83,6 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').enforceGuardrailsServiceBus), '2019-09-01', 'Full' ).identity.principalId)]" } } - ], + }, "outputs": {} } diff --git a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsStoragePolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsStoragePolicyAssignment.json index cc2c0ed034..5e459a87a5 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsStoragePolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsStoragePolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/tenantDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -44,8 +45,8 @@ "deployRoles": "[guid(concat(parameters('toplevelManagementGroupPrefix'),variables('policyAssignmentNames').enforceGuardrailsStorage))]" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2022-06-01", "name": "[variables('policyAssignmentNames').enforceGuardrailsStorage]", @@ -63,14 +64,18 @@ "message": "[replace(variables('nonComplianceMessage').message, parameters('nonComplianceMessagePlaceholder'), variables('nonComplianceMessage')[parameters('enforcementMode')])]" } ] + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } }, - { + "roleAssignment": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2019-04-01-preview", "name": "[variables('roleAssignmentNames').deployRoles]", "dependsOn": [ - "[resourceId('Microsoft.Authorization/policyAssignments', variables('policyAssignmentNames').enforceGuardrailsStorage)]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -78,6 +83,6 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').enforceGuardrailsStorage), '2019-09-01', 'Full' ).identity.principalId)]" } } - ], + }, "outputs": {} } diff --git a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsSynapsePolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsSynapsePolicyAssignment.json index ea5f22e79d..209ae9f6e9 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsSynapsePolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsSynapsePolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/tenantDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -44,8 +45,8 @@ "deployRoles": "[guid(concat(parameters('toplevelManagementGroupPrefix'),variables('policyAssignmentNames').enforceGuardrailsSynapse))]" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2022-06-01", "name": "[variables('policyAssignmentNames').enforceGuardrailsSynapse]", @@ -63,14 +64,18 @@ "message": "[replace(variables('nonComplianceMessage').message, parameters('nonComplianceMessagePlaceholder'), variables('nonComplianceMessage')[parameters('enforcementMode')])]" } ] + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } }, - { + "roleAssignment": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2019-04-01-preview", "name": "[variables('roleAssignmentNames').deployRoles]", "dependsOn": [ - "[resourceId('Microsoft.Authorization/policyAssignments', variables('policyAssignmentNames').enforceGuardrailsSynapse)]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -78,6 +83,6 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').enforceGuardrailsSynapse), '2019-09-01', 'Full' ).identity.principalId)]" } } - ], + }, "outputs": {} } diff --git a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsVirtualDesktopPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsVirtualDesktopPolicyAssignment.json index 37c9c780e6..2aa6ee3e04 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsVirtualDesktopPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsVirtualDesktopPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/tenantDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -44,8 +45,8 @@ "deployRoles": "[guid(concat(parameters('toplevelManagementGroupPrefix'),variables('policyAssignmentNames').enforceGuardrailsVirtualDesktop))]" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2022-06-01", "name": "[variables('policyAssignmentNames').enforceGuardrailsVirtualDesktop]", @@ -63,14 +64,18 @@ "message": "[replace(variables('nonComplianceMessage').message, parameters('nonComplianceMessagePlaceholder'), variables('nonComplianceMessage')[parameters('enforcementMode')])]" } ] + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } }, - { + "roleAssignment": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2019-04-01-preview", "name": "[variables('roleAssignmentNames').deployRoles]", "dependsOn": [ - "[resourceId('Microsoft.Authorization/policyAssignments', variables('policyAssignmentNames').enforceGuardrailsVirtualDesktop)]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -78,6 +83,6 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').enforceGuardrailsVirtualDesktop), '2019-09-01', 'Full' ).identity.principalId)]" } } - ], + }, "outputs": {} } diff --git a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-RegulatoryCompliancePolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-RegulatoryCompliancePolicyAssignment.json index 1d4a90f7bb..85c1479b27 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-RegulatoryCompliancePolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-RegulatoryCompliancePolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/tenantDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -3962,351 +3963,9 @@ "Wandisco.Fusion/migrators/dataTransferAgents", "Wandisco.Fusion/migrators/verifications" ] - }, - "resources": [ - { - "condition": "[not(contains(variables('knownPolicyInitativeDefinitionIdsThatRequireParamaeters'), parameters('policySetDefinitionId')))]", - "type": "Microsoft.Authorization/policyAssignments", - "apiVersion": "2022-06-01", - "name": "[parameters('policyAssignmentName')]", - "location": "[deployment().location]", - "identity": { - "type": "SystemAssigned" - }, - "properties": { - "description": "[parameters('policySetDefinitionDescription')]", - "displayName": "[parameters('policySetDefinitionDisplayName')]", - "policyDefinitionId": "[parameters('policySetDefinitionId')]", - "enforcementMode": "[parameters('enforcementMode')]" - } - }, - { - // [Preview]: Australian Government ISM PROTECTED - "condition": "[equals(parameters('policySetDefinitionId'), '/providers/Microsoft.Authorization/policySetDefinitions/27272c0b-c225-4cc3-b8b0-f2534b093077')]", - "type": "Microsoft.Authorization/policyAssignments", - "apiVersion": "2022-06-01", - "name": "[parameters('policyAssignmentName')]", - "location": "[deployment().location]", - "identity": { - "type": "SystemAssigned" - }, - "properties": { - "description": "[parameters('policySetDefinitionDescription')]", - "displayName": "[parameters('policySetDefinitionDisplayName')]", - "policyDefinitionId": "[parameters('policySetDefinitionId')]", - "enforcementMode": "[parameters('enforcementMode')]", - "parameters": { - "membersToExclude": { - "value": "[parameters('regCompPolParAusGovIsmRestrictedVmAdminsExclude')]" - }, - "logAnalyticsWorkspaceId": { - "value": "[parameters('logAnalyticsWorkspaceId')]" - }, - "listOfResourceTypes": { - "value": "[if(equals(parameters('regCompPolParAusGovIsmRestrictedResourceTypes'), 'all'), variables('allResourceTypes'), createArray())]" - } - } - } - }, - { - // [Preview]: Motion Picture Association of America (MPAA) - "condition": "[equals(parameters('policySetDefinitionId'), '/providers/Microsoft.Authorization/policySetDefinitions/92646f03-e39d-47a9-9e24-58d60ef49af8')]", - "type": "Microsoft.Authorization/policyAssignments", - "apiVersion": "2022-06-01", - "name": "[parameters('policyAssignmentName')]", - "location": "[deployment().location]", - "identity": { - "type": "SystemAssigned" - }, - "properties": { - "description": "[parameters('policySetDefinitionDescription')]", - "displayName": "[parameters('policySetDefinitionDisplayName')]", - "policyDefinitionId": "[parameters('policySetDefinitionId')]", - "enforcementMode": "[parameters('enforcementMode')]", - "parameters": { - "certificateThumbprints": { - "value": "[parameters('regCompPolParMPAACertificateThumb')]" - }, - "applicationName": { - "value": "[parameters('regCompPolParMPAAApplicationName')]" - }, - "storagePrefix": { - "value": "[parameters('regCompPolParMPAAStoragePrefix')]" - }, - "rgName": { - "value": "[parameters('regCompPolParMPAAResGroupPrefix')]" - }, - "metricName": { - "value": "[parameters('regCompPolParMPAARBatchMetricName')]" - } - } - } - }, - { - // [Preview]: Sovereignty Baseline - Confidential Policies - "condition": "[equals(parameters('policySetDefinitionId'), '/providers/Microsoft.Authorization/policySetDefinitions/03de05a4-c324-4ccd-882f-a814ea8ab9ea')]", - "type": "Microsoft.Authorization/policyAssignments", - "apiVersion": "2022-06-01", - "name": "[parameters('policyAssignmentName')]", - "location": "[deployment().location]", - "identity": { - "type": "SystemAssigned" - }, - "properties": { - "description": "[parameters('policySetDefinitionDescription')]", - "displayName": "[parameters('policySetDefinitionDisplayName')]", - "policyDefinitionId": "[parameters('policySetDefinitionId')]", - "enforcementMode": "[parameters('enforcementMode')]", - "parameters": { - "listOfAllowedLocations": { - "value": "[parameters('regCompPolParSovBaseConfRegions')]" - } - } - } - }, - { - // [Preview]: Sovereignty Baseline - Global Policies - "condition": "[equals(parameters('policySetDefinitionId'), '/providers/Microsoft.Authorization/policySetDefinitions/c1cbff38-87c0-4b9f-9f70-035c7a3b5523')]", - "type": "Microsoft.Authorization/policyAssignments", - "apiVersion": "2022-06-01", - "name": "[parameters('policyAssignmentName')]", - "location": "[deployment().location]", - "identity": { - "type": "SystemAssigned" - }, - "properties": { - "description": "[parameters('policySetDefinitionDescription')]", - "displayName": "[parameters('policySetDefinitionDisplayName')]", - "policyDefinitionId": "[parameters('policySetDefinitionId')]", - "enforcementMode": "[parameters('enforcementMode')]", - "parameters": { - "listOfAllowedLocations": { - "value": "[parameters('regCompPolParSovBaseGlobalRegions')]" - } - } - } - }, - { - // [Preview]: SWIFT CSP-CSCF v2020 - "condition": "[equals(parameters('policySetDefinitionId'), '/providers/Microsoft.Authorization/policySetDefinitions/3e0c67fc-8c7c-406c-89bd-6b6bdc986a22')]", - "type": "Microsoft.Authorization/policyAssignments", - "apiVersion": "2022-06-01", - "name": "[parameters('policyAssignmentName')]", - "location": "[deployment().location]", - "identity": { - "type": "SystemAssigned" - }, - "properties": { - "description": "[parameters('policySetDefinitionDescription')]", - "displayName": "[parameters('policySetDefinitionDisplayName')]", - "policyDefinitionId": "[parameters('policySetDefinitionId')]", - "enforcementMode": "[parameters('enforcementMode')]", - "parameters": { - "workspaceIDsLogAnalyticsAgentShouldConnectTo": { - "value": "[parameters('logAnalyticsWorkspaceId')]" - }, - "listOfMembersToIncludeInWindowsVMAdministratorsGroup": { - "value": "[parameters('regCompPolParSwift2020VmAdminsInclude')]" - }, - "domainNameFQDN": { - "value": "[parameters('regCompPolParSwift2020DomainFqdn')]" - } - } - } - }, - { - // Canada Federal PBMM - "condition": "[equals(parameters('policySetDefinitionId'), '/providers/Microsoft.Authorization/policySetDefinitions/4c4a5f27-de81-430b-b4e5-9cbd50595a87')]", - "type": "Microsoft.Authorization/policyAssignments", - "apiVersion": "2022-06-01", - "name": "[parameters('policyAssignmentName')]", - "location": "[deployment().location]", - "identity": { - "type": "SystemAssigned" - }, - "properties": { - "description": "[parameters('policySetDefinitionDescription')]", - "displayName": "[parameters('policySetDefinitionDisplayName')]", - "policyDefinitionId": "[parameters('policySetDefinitionId')]", - "enforcementMode": "[parameters('enforcementMode')]", - "parameters": { - "logAnalyticsWorkspaceIdforVMReporting": { - "value": "[parameters('logAnalyticsWorkspaceId')]" - }, - "listOfMembersToExcludeFromWindowsVMAdministratorsGroup": { - "value": "[parameters('regCompPolParCanadaFedPbmmVmAdminsExclude')]" - }, - "listOfMembersToIncludeInWindowsVMAdministratorsGroup": { - "value": "[parameters('regCompPolParCanadaFedPbmmVmAdminsInclude')]" - } - } - } - }, - { - // CIS Microsoft Azure Foundations Benchmark v2.0.0 - "condition": "[equals(parameters('policySetDefinitionId'), '/providers/Microsoft.Authorization/policySetDefinitions/06f19060-9e68-4070-92ca-f15cc126059e')]", - "type": "Microsoft.Authorization/policyAssignments", - "apiVersion": "2022-06-01", - "name": "[parameters('policyAssignmentName')]", - "location": "[deployment().location]", - "identity": { - "type": "SystemAssigned" - }, - "properties": { - "description": "[parameters('policySetDefinitionDescription')]", - "displayName": "[parameters('policySetDefinitionDisplayName')]", - "policyDefinitionId": "[parameters('policySetDefinitionId')]", - "enforcementMode": "[parameters('enforcementMode')]", - "parameters": { - "maximumDaysToRotate-d8cf8476-a2ec-4916-896e-992351803c44": { - "value": "[parameters('regCompPolParCisV2KeyVaultKeysRotateDays')]" - } - } - } - }, - { - // CMMC Level 3 - "condition": "[equals(parameters('policySetDefinitionId'), '/providers/Microsoft.Authorization/policySetDefinitions/b5629c75-5c77-4422-87b9-2509e680f8de')]", - "type": "Microsoft.Authorization/policyAssignments", - "apiVersion": "2022-06-01", - "name": "[parameters('policyAssignmentName')]", - "location": "[deployment().location]", - "identity": { - "type": "SystemAssigned" - }, - "properties": { - "description": "[parameters('policySetDefinitionDescription')]", - "displayName": "[parameters('policySetDefinitionDisplayName')]", - "policyDefinitionId": "[parameters('policySetDefinitionId')]", - "enforcementMode": "[parameters('enforcementMode')]", - "parameters": { - "logAnalyticsWorkspaceId-f47b5582-33ec-4c5c-87c0-b010a6b2e917": { - "value": "[parameters('logAnalyticsWorkspaceId')]" - }, - "MembersToInclude-30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7": { - "value": "[parameters('regCompPolParCmmcL3VmAdminsInclude')]" - }, - "MembersToExclude-69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f": { - "value": "[parameters('regCompPolParCmmcL3VmAdminsExclude')]" - } - } - } - }, - { - // HITRUST/HIPAA - "condition": "[equals(parameters('policySetDefinitionId'), '/providers/Microsoft.Authorization/policySetDefinitions/a169a624-5599-4385-a696-c8d643089fab')]", - "type": "Microsoft.Authorization/policyAssignments", - "apiVersion": "2022-06-01", - "name": "[parameters('policyAssignmentName')]", - "location": "[deployment().location]", - "identity": { - "type": "SystemAssigned" - }, - "properties": { - "description": "[parameters('policySetDefinitionDescription')]", - "displayName": "[parameters('policySetDefinitionDisplayName')]", - "policyDefinitionId": "[parameters('policySetDefinitionId')]", - "enforcementMode": "[parameters('enforcementMode')]", - "parameters": { - "CertificateThumbprints": { - "value": "[parameters('regCompPolParHitrustHipaaCertificateThumb')]" - }, - "installedApplicationsOnWindowsVM": { - "value": "[parameters('regCompPolParHitrustHipaaApplicationName')]" - }, - "DeployDiagnosticSettingsforNetworkSecurityGroupsstoragePrefix": { - "value": "[parameters('regCompPolParHitrustHipaaStoragePrefix')]" - }, - "DeployDiagnosticSettingsforNetworkSecurityGroupsrgName": { - "value": "[parameters('regCompPolParHitrustHipaaResGroupPrefix')]" - } - } - } - }, - { - // IRS1075 September 2016 - "condition": "[equals(parameters('policySetDefinitionId'), '/providers/Microsoft.Authorization/policySetDefinitions/105e0327-6175-4eb2-9af4-1fba43bdb39d')]", - "type": "Microsoft.Authorization/policyAssignments", - "apiVersion": "2022-06-01", - "name": "[parameters('policyAssignmentName')]", - "location": "[deployment().location]", - "identity": { - "type": "SystemAssigned" - }, - "properties": { - "description": "[parameters('policySetDefinitionDescription')]", - "displayName": "[parameters('policySetDefinitionDisplayName')]", - "policyDefinitionId": "[parameters('policySetDefinitionId')]", - "enforcementMode": "[parameters('enforcementMode')]", - "parameters": { - "logAnalyticsWorkspaceIdforVMReporting": { - "value": "[parameters('logAnalyticsWorkspaceId')]" - }, - "listOfMembersToExcludeFromWindowsVMAdministratorsGroup": { - "value": "[parameters('regCompPolParIrs1075Sep2016VmAdminsExclude')]" - }, - "listOfMembersToIncludeInWindowsVMAdministratorsGroup": { - "value": "[parameters('regCompPolParIrs1075Sep2016VmAdminsInclude')]" - } - } - } - }, - { - // New Zealand ISM Restricted - "condition": "[equals(parameters('policySetDefinitionId'), '/providers/Microsoft.Authorization/policySetDefinitions/d1a462af-7e6d-4901-98ac-61570b4ed22a')]", - "type": "Microsoft.Authorization/policyAssignments", - "apiVersion": "2022-06-01", - "name": "[parameters('policyAssignmentName')]", - "location": "[deployment().location]", - "identity": { - "type": "SystemAssigned" - }, - "properties": { - "description": "[parameters('policySetDefinitionDescription')]", - "displayName": "[parameters('policySetDefinitionDisplayName')]", - "policyDefinitionId": "[parameters('policySetDefinitionId')]", - "enforcementMode": "[parameters('enforcementMode')]", - "parameters": { - "MembersToInclude-30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7": { - "value": "[parameters('regCompPolParNZIsmRestrictedVmAdminsInclude')]" - }, - "MembersToExclude-69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f": { - "value": "[parameters('regCompPolParNZIsmRestrictedVmAdminsExclude')]" - } - } - } - }, - { - // NIST SP 800-171 Rev. 2 - "condition": "[equals(parameters('policySetDefinitionId'), '/providers/Microsoft.Authorization/policySetDefinitions/03055927-78bd-4236-86c0-f36125a10dc9')]", - "type": "Microsoft.Authorization/policyAssignments", - "apiVersion": "2022-06-01", - "name": "[parameters('policyAssignmentName')]", - "location": "[deployment().location]", - "identity": { - "type": "SystemAssigned" - }, - "properties": { - "description": "[parameters('policySetDefinitionDescription')]", - "displayName": "[parameters('policySetDefinitionDisplayName')]", - "policyDefinitionId": "[parameters('policySetDefinitionId')]", - "enforcementMode": "[parameters('enforcementMode')]", - "parameters": { - "logAnalyticsWorkspaceIDForVMAgents": { - "value": "[parameters('logAnalyticsWorkspaceId')]" - }, - "membersToExcludeInLocalAdministratorsGroup": { - "value": "[parameters('regCompPolParNistSp800171R2VmAdminsExclude')]" - }, - "membersToIncludeInLocalAdministratorsGroup": { - "value": "[parameters('regCompPolParNistSp800171R2VmAdminsInclude')]" - } - } - } - }, - { - // SOC 2 Type 2 + "resources": { + "policyAssignment": { "condition": "[equals(parameters('policySetDefinitionId'), '/providers/Microsoft.Authorization/policySetDefinitions/4054785f-702b-4a98-9215-009cbd58b141')]", "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2022-06-01", @@ -4331,14 +3990,18 @@ "value": "[parameters('regCompPolParSoc2Type2MaxMemoryBytes')]" } } + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } }, - { + "roleAssignment": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2019-04-01-preview", "name": "[variables('roleAssignmentNames').deployRoles]", "dependsOn": [ - "[parameters('policyAssignmentName')]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -4346,6 +4009,6 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', parameters('policyAssignmentName')), '2019-09-01', 'Full' ).identity.principalId)]" } } - ], + }, "outputs": {} -} \ No newline at end of file +} diff --git a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-SubnetPrivatePolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-SubnetPrivatePolicyAssignment.json index 01e4c8f228..21f8eda29b 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-SubnetPrivatePolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/ENFORCE-SubnetPrivatePolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "effect": { @@ -40,8 +41,8 @@ "DoNotEnforce": "should" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2024-04-01", "name": "[variables('policyAssignmentNames').privateSubnet]", @@ -61,8 +62,12 @@ "value": "[parameters('effect')]" } } + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } } - ], + }, "outputs": {} -} \ No newline at end of file +} diff --git a/eslzArm/managementGroupTemplates/policyAssignments/MODIFY-AUM-CheckUpdatesPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/MODIFY-AUM-CheckUpdatesPolicyAssignment.json index c676ec7541..a8f5ec03a8 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/MODIFY-AUM-CheckUpdatesPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/MODIFY-AUM-CheckUpdatesPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -92,8 +93,8 @@ "roleAssignmentNameManagedIdentityOperator": "[guid(concat(parameters('toplevelManagementGroupPrefix'),variables('policyAssignmentNames').vmCheckUpdates,'-3',parameters('scope')))]" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2022-06-01", "name": "[variables('policyAssignmentNames').vmCheckUpdates]", @@ -125,14 +126,18 @@ "value": "[parameters('tagOperator')]" } } + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } }, - { + "roleAssignment1": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", "name": "[variables('roleAssignmentNames').roleAssignmentNameVmContributor]", "dependsOn": [ - "[resourceId('Microsoft.Authorization/policyAssignments', variables('policyAssignmentNames').vmCheckUpdates)]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -140,12 +145,12 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').vmCheckUpdates), '2019-09-01', 'Full' ).identity.principalId)]" } }, - { + "roleAssignment2": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", "name": "[variables('roleAssignmentNames').roleAssignmentNameConnectedMachineResourceAdministrator]", "dependsOn": [ - "[resourceId('Microsoft.Authorization/policyAssignments', variables('policyAssignmentNames').vmCheckUpdates)]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -153,12 +158,12 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').vmCheckUpdates), '2019-09-01', 'Full' ).identity.principalId)]" } }, - { + "roleAssignment3": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", "name": "[variables('roleAssignmentNames').roleAssignmentNameManagedIdentityOperator]", "dependsOn": [ - "[resourceId('Microsoft.Authorization/policyAssignments', variables('policyAssignmentNames').vmCheckUpdates)]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -166,6 +171,6 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').vmCheckUpdates), '2019-09-01', 'Full' ).identity.principalId)]" } } - ], + }, "outputs": {} } diff --git a/eslzArm/managementGroupTemplates/policyAssignments/MODIFY-DDoSPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/MODIFY-DDoSPolicyAssignment.json index 461201e9de..e0cebd2c71 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/MODIFY-DDoSPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/MODIFY-DDoSPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -29,7 +30,7 @@ }, "variables": { "policyDefinitions": { - "deployDoS": "/providers/Microsoft.Authorization/policyDefinitions/94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d", + "deployDoS": "/providers/Microsoft.Authorization/policyDefinitions/94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d", "policyVersion": "1.*.*" }, "policyAssignmentNames": { @@ -45,10 +46,10 @@ "rbacNetworkContributor": "4d97b98b-1d4f-4787-a291-c67834d212e7", "roleAssignmentNames": { "deployDdoS": "[guid(concat(parameters('toplevelManagementGroupPrefix'),variables('policyAssignmentNames').deployDdoS))]" - } + } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2024-04-01", "name": "[variables('policyAssignmentNames').deployDdoS]", @@ -70,14 +71,18 @@ "value": "Modify" } } + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } }, - { + "roleAssignment": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2019-04-01-preview", "name": "[variables('roleAssignmentNames').deployDdoS]", "dependsOn": [ - "[resourceId('Microsoft.Authorization/policyAssignments', variables('policyAssignmentNames').deployDdoS)]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -85,6 +90,6 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').deployDdoS), '2019-09-01', 'Full' ).identity.principalId)]" } } - ], + }, "outputs": {} -} \ No newline at end of file +} diff --git a/eslzArm/managementGroupTemplates/policyAssignments/china/mcDINE-MDFCConfigPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/china/mcDINE-MDFCConfigPolicyAssignment.json index c4d8621c4e..c17ab2492c 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/china/mcDINE-MDFCConfigPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/china/mcDINE-MDFCConfigPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -34,7 +35,7 @@ "Disabled", "DeployIfNotExists" ], - "defaultValue": "Disabled" + "defaultValue": "Disabled" }, "enableAscForSql": { "type": "string", @@ -42,7 +43,7 @@ "Disabled", "DeployIfNotExists" ], - "defaultValue": "Disabled" + "defaultValue": "Disabled" }, "enableAscForContainers": { "type": "string", @@ -50,7 +51,7 @@ "Disabled", "DeployIfNotExists" ], - "defaultValue": "Disabled" + "defaultValue": "Disabled" }, "exportResourceGroupName": { "type": "string", @@ -74,8 +75,8 @@ "deployAzureSecurity": "[guid(concat(parameters('toplevelManagementGroupPrefix'),variables('policyAssignmentNames').azureSecurity))]" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2019-09-01", "name": "[variables('policyAssignmentNames').azureSecurity]", @@ -111,14 +112,18 @@ "value": "[parameters('enableAscForContainers')]" } } + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } }, - { + "roleAssignment": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2019-04-01-preview", "name": "[variables('roleAssignmentNames').deployAzureSecurity]", "dependsOn": [ - "[variables('policyAssignmentNames').azureSecurity]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -126,6 +131,6 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').azureSecurity), '2019-09-01', 'Full' ).identity.principalId)]" } } - ], + }, "outputs": {} -} \ No newline at end of file +} diff --git a/eslzArm/managementGroupTemplates/policyAssignments/gov/fairfaxDINE-MDFCConfigPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/gov/fairfaxDINE-MDFCConfigPolicyAssignment.json index 6b08c62be2..ddf287ef35 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/gov/fairfaxDINE-MDFCConfigPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/gov/fairfaxDINE-MDFCConfigPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -34,7 +35,7 @@ "Disabled", "DeployIfNotExists" ], - "defaultValue": "Disabled" + "defaultValue": "Disabled" }, "enableAscForSql": { "type": "string", @@ -42,15 +43,15 @@ "Disabled", "DeployIfNotExists" ], - "defaultValue": "Disabled" + "defaultValue": "Disabled" }, "enableAscForStorage": { "type": "string", - "allowedValues": [ + "allowedValues": [ "Disabled", "DeployIfNotExists" ], - "defaultValue": "Disabled" + "defaultValue": "Disabled" }, "enableAscForContainers": { "type": "string", @@ -58,7 +59,7 @@ "Disabled", "DeployIfNotExists" ], - "defaultValue": "Disabled" + "defaultValue": "Disabled" }, "enableAscForArm": { "type": "string", @@ -66,7 +67,7 @@ "Disabled", "DeployIfNotExists" ], - "defaultValue": "Disabled" + "defaultValue": "Disabled" }, "enableAscForDns": { "type": "string", @@ -74,7 +75,7 @@ "Disabled", "DeployIfNotExists" ], - "defaultValue": "Disabled" + "defaultValue": "Disabled" }, "exportResourceGroupName": { "type": "string", @@ -98,8 +99,8 @@ "deployAzureSecurity": "[guid(concat(parameters('toplevelManagementGroupPrefix'),variables('policyAssignmentNames').azureSecurity))]" } }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2019-09-01", "name": "[variables('policyAssignmentNames').azureSecurity]", @@ -144,14 +145,18 @@ "value": "[parameters('enableAscForDns')]" } } + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } }, - { + "roleAssignment": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2019-04-01-preview", "name": "[variables('roleAssignmentNames').deployAzureSecurity]", "dependsOn": [ - "[variables('policyAssignmentNames').azureSecurity]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -159,6 +164,6 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').azureSecurity), '2019-09-01', 'Full' ).identity.principalId)]" } } - ], + }, "outputs": {} -} \ No newline at end of file +} diff --git a/eslzArm/managementGroupTemplates/policyAssignments/gov/fairfaxDINE-PrivateDNSZonesPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/gov/fairfaxDINE-PrivateDNSZonesPolicyAssignment.json index c56e996c2c..351741e3db 100644 --- a/eslzArm/managementGroupTemplates/policyAssignments/gov/fairfaxDINE-PrivateDNSZonesPolicyAssignment.json +++ b/eslzArm/managementGroupTemplates/policyAssignments/gov/fairfaxDINE-PrivateDNSZonesPolicyAssignment.json @@ -1,5 +1,6 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "parameters": { "topLevelManagementGroupPrefix": { @@ -65,8 +66,8 @@ }, "policyRbac": "/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7" }, - "resources": [ - { + "resources": { + "policyAssignment": { "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2019-09-01", "name": "[variables('policyAssignmentNames').deployPrivateDnsZones]", @@ -138,14 +139,18 @@ "value": "[variables('policyParameterMapping').azureCognitiveSearchPrivateDnsZoneId]" } } + }, + "retryOn": { + "count": 6, + "interval": "PT5M" } }, - { + "roleAssignment": { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2019-04-01-preview", "name": "[variables('roleAssignmentNames').deployPrivateDnsZones]", "dependsOn": [ - "[variables('policyAssignmentNames').deployPrivateDnsZones]" + "policyAssignment" ], "properties": { "principalType": "ServicePrincipal", @@ -153,11 +158,11 @@ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').deployPrivateDnsZones), '2019-09-01', 'Full').identity.principalId)]" } } - ], + }, "outputs": { "principalId": { "type": "string", "value": "[reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').deployPrivateDnsZones), '2019-09-01', 'Full').identity.principalId]" } } -} \ No newline at end of file +} diff --git a/eslzArm/prerequisites/deployPrerequisites.json b/eslzArm/prerequisites/deployPrerequisites.json deleted file mode 100644 index 1091f38553..0000000000 --- a/eslzArm/prerequisites/deployPrerequisites.json +++ /dev/null @@ -1,287 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "resourceGroupName": { - "type": "string", - "defaultValue": "[concat('rg-alz-prereqs-', parameters('location'))]", - "metadata": { - "description": "The resource group name where the AVNM resources will be created" - } - }, - "location": { - "type": "string", - "metadata": { - "description": "The location of this AVNM instance. All resources will be deployed to this region." - } - }, - "eslzRootName": { - "type": "string", - "metadata": { - "description": "The name of the Enterprise Scale Landing Zone root resource." - } - }, - "managementSubscriptionId": { - "type": "string", - "metadata": { - "description": "The subscription ID of the management subscription." - } - }, - "userAssignedIdentityName": { - "type": "string", - "defaultValue": "[concat('id-alz-prereq-prod-', parameters('location'))]", - "metadata": { - "description": "The name of the user-assigned managed identity for ALZ prerequisites." - } - }, - "deploymentScriptName": { - "type": "string", - "defaultValue": "[concat('script-alz-prereq-prod-', parameters('location'))]", - "metadata": { - "description": "The name of the deployment script for ALZ prerequisites." - } - } - }, - "resources": [ - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "alz-prerequisites-001", - "location": "[parameters('location')]", - "subscriptionId": "[parameters('managementSubscriptionId')]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "location": { - "value": "[parameters('location')]" - }, - "resourceGroupName": { - "value": "[parameters('resourceGroupName')]" - }, - "userAssignedIdentityName": { - "value": "[parameters('userAssignedIdentityName')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "location": { - "type": "string" - }, - "resourceGroupName": { - "type": "string" - }, - "userAssignedIdentityName": { - "type": "string" - } - }, - "resources": [ - { - "type": "Microsoft.Resources/resourceGroups", - "apiVersion": "2022-09-01", - "name": "[parameters('resourceGroupName')]", - "location": "[parameters('location')]" - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "alz-prerequisites-uai", - "resourceGroup": "[parameters('resourceGroupName')]", - "dependsOn": [ - "[subscriptionResourceId('Microsoft.Resources/resourceGroups', parameters('resourceGroupName'))]" - ], - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "location": { - "value": "[parameters('location')]" - }, - "userAssignedIdentityName": { - "value": "[parameters('userAssignedIdentityName')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "location": { - "type": "string" - }, - "userAssignedIdentityName": { - "type": "string" - } - }, - "variables": {}, - "resources": [ - { - "type": "Microsoft.ManagedIdentity/userAssignedIdentities", - "apiVersion": "2023-07-31-preview", - "name": "[parameters('userAssignedIdentityName')]", - "location": "[parameters('location')]" - } - ], - "outputs": { - "userAssignedIdentityId": { - "type": "string", - "value": "[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('userAssignedIdentityName'))]" - }, - "uaiPrincipalId": { - "type": "string", - "value": "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('userAssignedIdentityName')), '2023-07-31-preview').principalId]" - } - } - } - } - } - ], - "outputs": { - "userAssignedIdentityId": { - "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'alz-prerequisites-uai'), '2022-09-01').outputs.userAssignedIdentityId.value]" - }, - "uaiPrincipalId": { - "type": "string", - "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', subscription().subscriptionId, parameters('resourceGroupName')), 'Microsoft.Resources/deployments', 'alz-prerequisites-uai'), '2022-09-01').outputs.uaiPrincipalId.value]" - } - } - - } - } - }, - { - "type": "Microsoft.Authorization/roleAssignments", - "apiVersion": "2022-04-01", - "name": "[guid(format('alz-prerequisites-{0}-{1}', parameters('eslzRootName'), parameters('location')))]", - "location": "[parameters('location')]", - "properties": { - "roleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c", - "principalId": "[reference(subscriptionResourceId(parameters('managementSubscriptionId'), 'Microsoft.Resources/deployments', 'alz-prerequisites-001'), '2022-09-01').outputs.uaiPrincipalId.value]", - "principalType": "ServicePrincipal" - }, - "dependsOn": [ - "[subscriptionResourceId(parameters('managementSubscriptionId'), 'Microsoft.Resources/deployments', 'alz-prerequisites-001')]" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "alz-prerequisites-002", - "location": "[parameters('location')]", - "subscriptionId": "[parameters('managementSubscriptionId')]", - "properties": { - "mode": "Incremental", - "template": { - "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "resources": [ - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "alz-prereq-ds", - "resourceGroup": "[parameters('resourceGroupName')]", - "dependsOn": [], - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "location": { - "value": "[parameters('location')]" - }, - "eslzRootName": { - "value": "[parameters('eslzRootName')]" - }, - "managementSubscriptionId": { - "value": "[parameters('managementSubscriptionId')]" - }, - "deploymentScriptName": { - "value": "[parameters('deploymentScriptName')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "location": { - "type": "string" - }, - "eslzRootName":{ - "type": "string" - }, - "managementSubscriptionId": { - "type": "string" - }, - "deploymentScriptName": { - "type": "string" - } - }, - "resources": [ - { - "type": "Microsoft.Resources/deploymentScripts", - "apiVersion": "2020-10-01", - "name": "[parameters('deploymentScriptName')]", - "location": "[parameters('location')]", - "kind": "AzurePowerShell", - "identity": { - "type": "UserAssigned", - "userAssignedIdentities": { - "[reference(subscriptionResourceId(parameters('managementSubscriptionId'), 'Microsoft.Resources/deployments', 'alz-prerequisites-001'), '2022-09-01').outputs.userAssignedIdentityId.value]": {} - } - }, - "properties": { - "azPowerShellVersion": "12.3", - "retentionInterval": "PT1H", - "timeout": "PT2H", - "arguments": "[format('-eslzRootName \"{0}\"', parameters('eslzRootName'))]", - "scriptContent": " - param( - [Parameter(Mandatory=$true, HelpMessage=\"Enter the ESLZ root name.\")] - [string] - $eslzRootName - ) - - #API call to register the Microsoft.Network provider against intermediate resource group for AVNM - Invoke-AzRestMethod -Method POST -Uri \"https://management.azure.com/providers/Microsoft.Management/managementGroups/$eslzRootName/providers/Microsoft.Network/register?api-version=2021-04-01\" - - #Register all resource providers required for ALZ - $subs = Search-AzGraph -Query \"ResourceContainers | where type =~ 'microsoft.resources/subscriptions'\" -ManagementGroup $eslzRootName - $rps = @('Microsoft.Insights','Microsoft.AlertsManagement','Microsoft.OperationalInsights','Microsoft.OperationsManagement','Microsoft.Automation','Microsoft.AlertsManagement','Microsoft.Security','Microsoft.Network','Microsoft.EventGrid','Microsoft.ManagedIdentity','Microsoft.GuestConfiguration','Microsoft.Advisor','Microsoft.PolicyInsights') - - foreach ($sub in $subs) { - Write-Host 'Registering resource providers for subscription: ' $sub.subscriptionId - Select-AzSubscription -SubscriptionId $sub.subscriptionId - Get-AzResourceProvider -ProviderNamespace $rps | where {$_.RegistrationState -ne \"Registered\"} | Register-AzResourceProvider - } - - #Sleep for 15 minutes to wait for Management Groups to load to cache before policy assignments - Start-Sleep -Duration (New-TimeSpan -Minutes 15) - " - }, - "metadata": { - "description": "Create a Deployment Script resource to perform the prerequisites." - } - } - ], - "outputs": {} - } - } - } - ] - } - }, - "dependsOn": [ - "alz-prerequisites-001", - "[guid(format('alz-prerequisites-{0}-{1}', parameters('eslzRootName'), parameters('location')))]" - ] - } - ], - "outputs": {} - } \ No newline at end of file