The Azure Landing Zones (Enterprise-Scale) architecture provides prescriptive guidance coupled with Azure best practices, and it follows design principles across the critical design areas for organizations to define their Azure architecture
The managed id of assignment on the landing zone mg did not have read access to the DCR located in subscription in the platform mg, which caused remediation issues.
This PR fixes/adds/changes/removes
Added reader RBAC role on the Platform MG. This deployed conditionally.
Disabled policy "Configure SQL Virtual Machines to automatically install Microsoft Defender for SQL and DCR with a user-defined LA workspace" as this currently doesnt do any additional configurations.
Updated AMA FAQ
Updated Whats new
Breaking Changes
Testing Evidence
Please provide any testing evidence to show that your Pull Request works/fixes as described and planned (include screenshots, if appropriate).
Deployment
Remediation
Testing URLs
The below URLs can be updated where the placeholders are, look for {YOUR GITHUB BRANCH NAME HERE - Remove Curly Brackets Also} & {YOUR GITHUB BRANCH NAME HERE - Remove Curly Brackets Also}, to allow you to test your portal deployment experience.
Please also replace the curly brackets on the placeholders {}
Overview/Summary
The managed id of assignment on the landing zone mg did not have read access to the DCR located in subscription in the platform mg, which caused remediation issues.
This PR fixes/adds/changes/removes
Breaking Changes
Testing Evidence
Please provide any testing evidence to show that your Pull Request works/fixes as described and planned (include screenshots, if appropriate).
Deployment
Remediation
Testing URLs
The below URLs can be updated where the placeholders are, look for
{YOUR GITHUB BRANCH NAME HERE - Remove Curly Brackets Also}&{YOUR GITHUB BRANCH NAME HERE - Remove Curly Brackets Also}, to allow you to test your portal deployment experience.Azure Public
[
](https://portal.azure.com/#blade/Microsoft_Azure_CreateUIDef/CustomDeploymentBlade/uri/https%3A%2F%2Fraw.githubusercontent.com%2F{YOUR GITHUB ORG/ACCOUNT HERE - Remove Curly Brackets Also}%2FEnterprise-Scale%2F{YOUR GITHUB BRANCH NAME HERE - Remove Curly Brackets Also}%2FeslzArm%2FeslzArm.json/uiFormDefinitionUri/https%3A%2F%2Fraw.githubusercontent.com%2F{YOUR GITHUB ORG/ACCOUNT HERE - Remove Curly Brackets Also}%2FEnterprise-Scale%2F{YOUR GITHUB BRANCH NAME HERE - Remove Curly Brackets Also}%2FeslzArm%2Feslz-portal.json)
Azure US Gov (Fairfax)
[
](https://portal.azure.us/#blade/Microsoft_Azure_CreateUIDef/CustomDeploymentBlade/uri/https%3A%2F%2Fraw.githubusercontent.com%2F{YOUR GITHUB ORG/ACCOUNT HERE - Remove Curly Brackets Also}%2FEnterprise-Scale%2F{YOUR GITHUB BRANCH NAME HERE - Remove Curly Brackets Also}%2FeslzArm%2FeslzArm.json/uiFormDefinitionUri/https%3A%2F%2Fraw.githubusercontent.com%2F{YOUR GITHUB ORG/ACCOUNT HERE - Remove Curly Brackets Also}%2FEnterprise-Scale%2F{YOUR GITHUB BRANCH NAME HERE - Remove Curly Brackets Also}%2FeslzArm%2Ffairfaxeslz-portal.json)
As part of this Pull Request I have
mainbranch/docs/wiki/whats-new.md)