search

Azure / Enterprise-Scale

The Azure Landing Zones (Enterprise-Scale) architecture provides prescriptive guidance coupled with Azure best practices, and it follows design principles across the critical design areas for organizations to define their Azure architecture
https://aka.ms/alz
MIT License
1.69k stars 963 forks source link

Feature Request - single policy already part of MDC config initiative #1611

Closed vegazbabz closed 2 months ago

vegazbabz commented 6 months ago

According to https://github.com/Azure/Enterprise-Scale/wiki/ALZ-Policies then "Deploy Microsoft Defender for Cloud configuration" should be deployed to Intermediate Root Group and "Deploy Azure Policy Add-on to Azure Kubernetes Service clusters" to Landing Zones MG.

However, Deploy Azure Policy Add-on to Azure Kubernetes Service clusters is already part of Deploy Microsoft Defender for Cloud configuration so it doesn't make sense to have a single policy assignment on a lower scope for "Deploy Azure Policy Add-on to Azure Kubernetes Service clusters".

Springstone commented 6 months ago

Hi @vegazbabz, thanks again for submitting this. We added an item to our backlog to address this #ab34447, that we'll only get round to during the next policy refresh cycle.

Feel free to submit contributions to this repo, to speed up the process.

Springstone commented 2 months ago

This has been resolved and merged #1710. Will become public as part of the next Policy Refresh. Closing as no further action required.