search

Azure / Enterprise-Scale

The Azure Landing Zones (Enterprise-Scale) architecture provides prescriptive guidance coupled with Azure best practices, and it follows design principles across the critical design areas for organizations to define their Azure architecture
https://aka.ms/alz
MIT License
1.73k stars 980 forks source link

Policy Doc Updates #1035

Closed SharmainePopov closed 1 year ago

SharmainePopov commented 2 years ago

I'd like to see a starter pack for Azure Policy that mirrors what is achieved with the automated ALZ deployment. Something the client can access without cruising a repo or deploying a full ALZ. Many client resources dealing with this aren't developers. Also consistency across LZ deployment options (arm blue button, terraform, bicep, pub sec etc.), not sure we get the same set from each deployment.

jtracey93 commented 2 years ago

Hey @SharmainePopov,

We do have consistency between all ALZ implementation options as the source of truth are the policies in this repo, and we pull them from here into Terraform & Bicep implementations respectively πŸ‘

We can certainly add a link from this page https://github.com/Azure/Enterprise-Scale/blob/main/docs/ESLZ-Policies.md to the ALZ-Bicep Custom Policy Definitions module: https://github.com/Azure/ALZ-Bicep/tree/main/infra-as-code/bicep/modules/policy/definitions as this just allows all the policy definitions from ALZ to be deployed to any Management Group, that can then be used and assigned anywhere as that customer desires.

Does that sound like a good plan?

Let us know and we can action πŸ‘

Thanks

Jack

SharmainePopov commented 2 years ago

Hi That’s good info. I think the clients need something referenced outside the code base, to be honest. It would be great to see it in the ALZ doc set for lay (non coder) people. At least a summary of what could be done and where to go to find out how.

Sharmaine Popov Cloud Solution Architect |Microsoft Canada Inc. | @.**@.> | 416-799-0807

From: Jack Tracey @.> Sent: Tuesday, September 6, 2022 1:31 PM To: Azure/Enterprise-Scale @.> Cc: Sharmaine Popov @.>; Mention @.> Subject: Re: [Azure/Enterprise-Scale] Policy (Issue #1035)

Hey @SharmainePopovhttps://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FSharmainePopov&data=05%7C01%7CSharmaine.Popov%40microsoft.com%7C055cf72088934b6315ff08da902d8b29%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637980822532197678%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=o7yFfm0DMcubvoa6%2BodbwTqSW39tcR3fQhIFWhjGRx4%3D&reserved=0,

We do have consistency between all ALZ implementation options as the source of truth are the policies in this repo, and we pull them from here into Terraform & Bicep implementations respectively πŸ‘

We can certainly add a link from this page https://github.com/Azure/Enterprise-Scale/blob/main/docs/ESLZ-Policies.mdhttps://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FAzure%2FEnterprise-Scale%2Fblob%2Fmain%2Fdocs%2FESLZ-Policies.md&data=05%7C01%7CSharmaine.Popov%40microsoft.com%7C055cf72088934b6315ff08da902d8b29%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637980822532197678%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=VjKIPmf16cEp%2BmToRxHZ9HOkViLJP7cPsQ4wJQM2yaE%3D&reserved=0 to the ALZ-Bicep Custom Policy Definitions module: https://github.com/Azure/ALZ-Bicep/tree/main/infra-as-code/bicep/modules/policy/definitionshttps://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FAzure%2FALZ-Bicep%2Ftree%2Fmain%2Finfra-as-code%2Fbicep%2Fmodules%2Fpolicy%2Fdefinitions&data=05%7C01%7CSharmaine.Popov%40microsoft.com%7C055cf72088934b6315ff08da902d8b29%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637980822532197678%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=x5w8E4etydZj7pEnAlSJfiEcW2Tt89xs35orbcAPcn8%3D&reserved=0 as this just allows all the policy definitions from ALZ to be deployed to any Management Group, that can then be used and assigned anywhere as that customer desires.

Does that sound like a good plan?

Let us know and we can action πŸ‘

Thanks

Jack

β€” Reply to this email directly, view it on GitHubhttps://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FAzure%2FEnterprise-Scale%2Fissues%2F1035%23issuecomment-1238455712&data=05%7C01%7CSharmaine.Popov%40microsoft.com%7C055cf72088934b6315ff08da902d8b29%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637980822532197678%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=mbNsiO7NGhdDCnG7ooEYiqGdOz%2FOio%2B4BIK6%2BmGEa%2B8%3D&reserved=0, or unsubscribehttps://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAIIVNWRD7FOZC3LYDY6KPJDV455UVANCNFSM6AAAAAAQGAXGBI&data=05%7C01%7CSharmaine.Popov%40microsoft.com%7C055cf72088934b6315ff08da902d8b29%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637980822532353464%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=Kh1o8Ps07GkdnaiHVIr%2FHDMozleTemq%2B9XjFptWRSzc%3D&reserved=0. You are receiving this because you were mentioned.Message ID: @.**@.>>

jtracey93 commented 2 years ago

Trigger ADO Sync 1

jtracey93 commented 2 years ago

Trigger ADO Sync 2

jtracey93 commented 2 years ago

Trigger ADO Sync - Re-assigning to @{assignees=System.Object[]; url=https://github.com/Azure/Enterprise-Scale/issues/1035}.assignees[0].login to Ensure ADO Sync Assignee Take Place

jtracey93 commented 2 years ago

Trigger ADO Sync - Re-assigning to jtracey93 to Ensure ADO Sync Assignee Take Place

jtracey93 commented 2 years ago

Trigger ADO Sync - Re-assigning to jtracey93 to Ensure ADO Sync Assignee Take Place