search

Azure / Enterprise-Scale

The Azure Landing Zones (Enterprise-Scale) architecture provides prescriptive guidance coupled with Azure best practices, and it follows design principles across the critical design areas for organizations to define their Azure architecture
https://aka.ms/alz
MIT License
1.72k stars 980 forks source link

Include all fix to a workable version for mooncake (Azure China) #1759

Closed yuanzhang9 closed 3 weeks ago

yuanzhang9 commented 2 months ago

Changes on initiative definition and assignment due to missing build-in policy in mooncake: Add new policy assignments à eslzArm\managementGroupTemplates\policyAssignments\china Add new initiatives definition à src\resources\Microsoft.Authorization\policySetDefinitions Update Bicep file on context loading à src\templates\initiatives.bicep, src\templates\policies.bicep Update ARM template to load different assignments à eslzArm\eslzArm.json

Changes on role assignment due to service Disable role “Security Operation” and “Network Management” as service “Microsoft.Support/*” is not available in mooncake. à src\templates\roles.bicep

Hide some option from Portal GUI as the service/policy/initiative are not available nor supported in mooncake. à eslzArm\eslz-portal.json

Change on service configuration: Add new configuration file for Azure Defender for Cloud since the 2024-01-01version of API(Microsoft.Security/pricings) is not supported. à eslzArm\subscriptionTemplates\mcmdfcConfiguration.json

yuanzhang9 commented 1 month ago

One more update for "Routing intent of vWAN hub", included in this PR as well. @Springstone