The Azure Landing Zones (Enterprise-Scale) architecture provides prescriptive guidance coupled with Azure best practices, and it follows design principles across the critical design areas for organizations to define their Azure architecture
This pull request primarily introduces the "Trusted Launch" policy to the project. The "Trusted Launch" policy improves the security of a Virtual Machine and requires VM SKU, OS Disk & OS Image to support it. The changes made in the pull request are related to the documentation, policy assignment, and deployment of the new policy.
Policy Documentation:
docs/wiki/ALZ-Policies.md: Updated the count of Policy Definition Sets from 11 to 12. Added a new policy definition set named Audit-TrustedLaunch to the list of specific Custom and Built-inpolicy definitions. [1][2]
Policy Assignment:
eslzArm/eslzArm.json: Added trustedLaunchPolicyInitiative to the list of policy assignments. Added trustedLaunchDeploymentName to the list of deployment names. Added a new section for assigning the Trusted Launch policy initiative to the intermediate root management group. [1][2][3]
Overview/Summary
This pull request primarily introduces the "Trusted Launch" policy to the project. The "Trusted Launch" policy improves the security of a Virtual Machine and requires VM SKU, OS Disk & OS Image to support it. The changes made in the pull request are related to the documentation, policy assignment, and deployment of the new policy.
Policy Documentation:
docs/wiki/ALZ-Policies.md
: Updated the count ofPolicy Definition Sets
from 11 to 12. Added a new policy definition set namedAudit-TrustedLaunch
to the list of specific Custom and Built-in policy definitions. [1] [2]Policy Assignment:
eslzArm/eslzArm.json
: AddedtrustedLaunchPolicyInitiative
to the list of policy assignments. AddedtrustedLaunchDeploymentName
to the list of deployment names. Added a new section for assigning theTrusted Launch
policy initiative to the intermediate root management group. [1] [2] [3]Policy Definition:
eslzArm/managementGroupTemplates/policyAssignments/AUDIT-TrustedLaunchPolicyAssignment.json
: Added a new JSON file for theTrusted Launch
policy assignment.src/resources/Microsoft.Authorization/policySetDefinitions/Audit-TrustedLaunch.json
: Added a new JSON file for theTrusted Launch
policy definition.src/templates/policies.bicep
: Added theTrusted Launch
policy definition to the list of policy set definitions.This PR fixes/adds/changes/removes
Breaking Changes
Testing Evidence
Please provide any testing evidence to show that your Pull Request works/fixes as described and planned (include screenshots, if appropriate).
Testing URLs
Azure Public
As part of this Pull Request I have
main
branch/docs/wiki/whats-new.md
)