-
Notifications
You must be signed in to change notification settings - Fork 981
ALZ Known Issues
The list below summarizes the known issues currently being worked on by the Enterprise-Scale team.
These have been discovered whilst running the reference implementation, and customers may come across them when implementing Enterprise-Scale to build and operationalize their Azure platform.
Some of these issues may be resolved in future release, while others require input from specific Azure product teams.
Automation Account
There is a very rare scenario, that if you have enabled the Customer Managed Key initiative and you run a redeployment of ALZ through the portal accelerator (including Log Analytics) you will get a policy compliance failure:
"Azure Automation accounts should use customer-managed keys to encrypt data at rest"
This is due to the additional requirements needed to enable CMK for Automation Accounts, and have it fully configured.
As a workaround to avoid this scenario, create an exemption on the intiative Enforce-Encryption-CMK, and if you want to maximize granularity, only exempt the specific policy: Azure Automation accounts should use customer-managed keys to encrypt data at rest - Policy ID 56a5ee18-2ae6-4810-86f7-18e39ce5629b
ARM backend storage
When deploying to a region that is paired (e.g., EastUS, which is paired with WestUS), resources deployed in deployment 1 who's referenced in deployment 2 may fail due to replication latency in ARM backend storage. This will cause the overall deployment to fail
While this is being fixed, it is recommended to re-run the deployment of the reference implementation with the same input parameter, and the deployment should succeed.
We currently do not support Initialization across multiple Tenants.
Clear your AzContext and run Connect-AzAccount with the service principal that was created earlier.
No fix as of yet.
- What's New?
- Community Calls
- Frequently Asked Questions (FAQ)
- Known issues
- What is Enterprise-Scale
- How it Works
- Deploying Enterprise-Scale
- Pre-requisites
- ALZ Resource Providers Guidance
- Configure Microsoft Entra permissions
- Configure Azure permissions
- Deploy landing zones
- Deploy reference implementations
- Telemetry Tracking Using Customer Usage Attribution (PID)
- Deploy without hybrid connectivity to on-premises
- Deploy with a hub and spoke based network topology
- Deploy with a hub and spoke based network topology with Zero Trust principles
- Deploy with an Azure Virtual WAN based network topology
- Deploy for Small Enterprises
- Operating the Azure platform using AzOps (Infrastructure as Code with GitHub Actions)
- Deploy workloads
- Create landing zones (subscriptions) via Subscription Vending
- Azure Landing Zones Deprecated Services
- Azure Landing Zone (ALZ) Policies
- Policies included in Azure landing zones reference implementations
- Policies included but not assigned by default and Workload Specific Compliance initiatives
- Policies FAQ & Tips
- Policies Testing Framework
- Migrate Azure landing zones custom policies to Azure built-in policies
- Updating Azure landing zones custom policies to latest
- MMA Deprecation Guidance
- Contributing