Enhancement: Policy Refresh H2 FY24 and Changes for AMA #785

cae-pr-creator · 2024-06-03T14:28:22Z

Overview/Summary

This will be in our next major release and includes the policy refresh for H2 2024 and the necessary changes to move away from Microsoft Monitoring Agent to Azure Monitoring Agent.

Linked Work Items:

AB#34921
AB#22581

This PR fixes/adds/changes/removes

Policy Refresh for H2 FY24
AMA Changes/Updates
Update Policy Assignments resource provider api version to 2024-04-01

Breaking Changes

None

Testing Evidence

Validated deployment over the top of current release.

As part of this Pull Request I have

…policy-library

oZakari · 2024-06-17T04:38:39Z

/azp run validateazcloud

azure-pipelines · 2024-06-17T04:38:47Z

Azure Pipelines successfully started running 1 pipeline(s).

Co-authored-by: Jack Tracey <41163455+jtracey93@users.noreply.github.com>

…ttps://github.com/Azure/ALZ-Bicep into patch-policy-library

…ise-scale

infra-as-code/bicep/modules/logging/parameters/logging.parameters.all.json

infra-as-code/bicep/modules/policy/assignments/alzDefaults/alzDefaultPolicyAssignments.bicep

…DefaultPolicyAssignments.bicep Co-authored-by: Jack Tracey <41163455+jtracey93@users.noreply.github.com>

…n module for consistency

oZakari · 2024-06-20T05:58:26Z

@oZakari This is amazing work, must have taken some serious effort!

I added a few comments and these more general questions:

Are we missing a policy assignment for blocking deletion of the UAMI? https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/blob/main/modules/archetypes/lib/policy_assignments/policy_assignment_es_denyaction_deleteuamiama.tmpl.json

I'm also looking at the other new policy assignments we synced to Terraform and not seeing them all here. You can look at this diff to see them: Azure/terraform-azurerm-caf-enterprise-scale@5.2.1-fixes...main

Thanks, I was missing the Delete-UAMI one.

oZakari · 2024-06-20T06:00:09Z

/azp run validateazcloud

azure-pipelines · 2024-06-20T06:00:50Z

Azure Pipelines successfully started running 1 pipeline(s).

jtracey93 · 2024-06-20T12:27:45Z

/azp run validateazcloud

azure-pipelines · 2024-06-20T12:27:56Z

Azure Pipelines successfully started running 1 pipeline(s).

jtracey93

LGTM 🚀

oZakari and others added 9 commits May 23, 2024 22:12

Added UMI resource

df214b4

Add data collection rule

64ef976

Update vm insights dcr name

5b03e34

Add change tracking DCR

4f9e579

Add MDFC for SQL data collection rule

9e573a4

Remove legacy solutions

c9fab0a

Change DCR default names

58aed9c

Update Policy Library (automated)

d560bbf

Update Policy Library (automated)

09816fb

oZakari self-assigned this Jun 5, 2024

oZakari added the Area: Policy 📝 Issues / PR's related to Policy label Jun 5, 2024

actions-user and others added 12 commits June 6, 2024 08:01

Update Policy Library (automated)

675a0d9

Update Policy Library (automated)

e0d27c9

Merge branch 'main' of https://github.com/Azure/ALZ-Bicep into patch-…

25e7429

…policy-library

Update policy and policy set definition variables

8c5fb51

Update superseded definition for mdfcconfig

255aad8

Add enforce_backup assignment and deployment

7fe4784

Replace custom diag intiative with built-in

dda1cc5

Added missing endpoint for using machine learning with private dns zones

ab58efe

Update policy assignments api version to 2024-04-01

8b20af3

Add policy assignment for trusted launch initiative

eb20521

Supersede Deploy-EncryptTransit with Deploy-EncryptTransit_20240509

e9daeac

Added MD Endpoints AMA initiative and assignment

595c2a4

oZakari requested a review from jtracey93 June 17, 2024 04:38

oZakari marked this pull request as ready for review June 17, 2024 04:39

oZakari changed the title ~~Update Policy Library (automated)~~ Enhancement: Policy Refresh H2 FY24 Jun 17, 2024

Update Policy Library (automated)

979fb1b

oZakari force-pushed the patch-policy-library branch from 4b6176c to 979fb1b Compare June 18, 2024 03:31

oZakari and others added 8 commits June 19, 2024 12:37

Change UAMI API to GA version

9ea826b

Generate Parameter Markdowns [oZakari/56e2292c]

960ca75

Update infra-as-code/bicep/modules/logging/logging.bicep

20291d8

Co-authored-by: Jack Tracey <41163455+jtracey93@users.noreply.github.com>

Update infra-as-code/bicep/modules/logging/logging.bicep

3795283

Co-authored-by: Jack Tracey <41163455+jtracey93@users.noreply.github.com>

Update infra-as-code/bicep/modules/logging/logging.bicep

a0f7a90

Co-authored-by: Jack Tracey <41163455+jtracey93@users.noreply.github.com>

Merge branches 'patch-policy-library' and 'patch-policy-library' of h…

94c7cf0

…ttps://github.com/Azure/ALZ-Bicep into patch-policy-library

Update VM, VMSS, and ArcVM monitoring assignments to align to enterpr…

e659e87

…ise-scale

Add new AMA related resource IDs to accelerator config

a174cfc

jtracey93 reviewed Jun 19, 2024

View reviewed changes

infra-as-code/bicep/modules/logging/parameters/logging.parameters.all.json Outdated Show resolved Hide resolved

jtracey93 reviewed Jun 19, 2024

View reviewed changes

infra-as-code/bicep/modules/policy/assignments/alzDefaults/alzDefaultPolicyAssignments.bicep Outdated Show resolved Hide resolved

oZakari and others added 5 commits June 19, 2024 15:47

Add ama resource outputs and update documentation

7a5a435

Generate Parameter Markdowns [oZakari/56e2292c]

12f4de6

Update infra-as-code/bicep/modules/policy/assignments/alzDefaults/alz…

f2faabe

…DefaultPolicyAssignments.bicep Co-authored-by: Jack Tracey <41163455+jtracey93@users.noreply.github.com>

Match policy assignment api version to match the version referenced i…

8bbba66

…n module for consistency

Added policy assignment to block deletion of UAMI

8051f68

actions-user and others added 6 commits June 20, 2024 08:01

Update Policy Library (automated)

a8d42a8

update to align to .txt file output

37b01dd

output typo

bd7c8fa

add outputs for UAMI

fdc813a

Generate Parameter Markdowns [jtracey93/56e2292c]

10c7217

align to txt file

0bec879

jtracey93 approved these changes Jun 20, 2024

View reviewed changes

jtracey93 merged commit 925a4ef into main Jun 20, 2024
11 checks passed

jtracey93 deleted the patch-policy-library branch June 20, 2024 15:39

oZakari changed the title ~~Enhancement: Policy Refresh H2 FY24~~ Enhancement: Policy Refresh H2 FY24 and Changes for AMA Jun 21, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Enhancement: Policy Refresh H2 FY24 and Changes for AMA #785

Enhancement: Policy Refresh H2 FY24 and Changes for AMA #785

cae-pr-creator bot commented Jun 3, 2024 •

edited by oZakari

Loading

oZakari commented Jun 17, 2024

azure-pipelines bot commented Jun 17, 2024

oZakari commented Jun 20, 2024

oZakari commented Jun 20, 2024

azure-pipelines bot commented Jun 20, 2024

jtracey93 commented Jun 20, 2024

azure-pipelines bot commented Jun 20, 2024

jtracey93 left a comment

Enhancement: Policy Refresh H2 FY24 and Changes for AMA #785

Enhancement: Policy Refresh H2 FY24 and Changes for AMA #785

Conversation

cae-pr-creator bot commented Jun 3, 2024 • edited by oZakari Loading

Overview/Summary

This PR fixes/adds/changes/removes

Breaking Changes

Testing Evidence

As part of this Pull Request I have

oZakari commented Jun 17, 2024

azure-pipelines bot commented Jun 17, 2024

oZakari commented Jun 20, 2024

oZakari commented Jun 20, 2024

azure-pipelines bot commented Jun 20, 2024

jtracey93 commented Jun 20, 2024

azure-pipelines bot commented Jun 20, 2024

jtracey93 left a comment

Choose a reason for hiding this comment

cae-pr-creator bot commented Jun 3, 2024 •

edited by oZakari

Loading