The Azure Landing Zones (Enterprise-Scale) architecture provides prescriptive guidance coupled with Azure best practices, and it follows design principles across the critical design areas for organizations to define their Azure architecture
This pull request includes updates to the documentation and policy definitions for Azure Landing Zones (ALZ). The changes mainly focus on adding new policy initiatives, updating existing policies, and addressing known issues with Customer Managed Key (CMK) controls.
Documentation updates:
docs/wiki/ALZ-Known-Issues.md: Added a known issue regarding deploying Automation Account with CMK controls enabled and provided a workaround.
docs/wiki/Whats-new.md: Added a new section for Policy Refresh Q1 FY25, detailing multiple policy updates and additions. [1][2]
Policy updates:
docs/wiki/ALZ-Policies-Extra.md: Added new policy initiatives and updated existing ones, including renaming services and increasing policy counts. [1][2]
eslzArm/eslzArm.json: Added a new parameter enablePrivateSubnet to control the enforcement of private subnets with allowed values "Audit", "Deny", and "Disabled".
This pull request includes updates to the documentation and policy definitions for Azure Landing Zones (ALZ). The changes mainly focus on adding new policy initiatives, updating existing policies, and addressing known issues with Customer Managed Key (CMK) controls.
Documentation updates:
docs/wiki/ALZ-Known-Issues.md: Added a known issue regarding deploying Automation Account with CMK controls enabled and provided a workaround.docs/wiki/Whats-new.md: Added a new section for Policy Refresh Q1 FY25, detailing multiple policy updates and additions. [1] [2]Policy updates:
docs/wiki/ALZ-Policies-Extra.md: Added new policy initiatives and updated existing ones, including renaming services and increasing policy counts. [1] [2]docs/wiki/ALZ-Policies.md: Updated policy definitions to include new policies and correct policy counts. [1] [2] [3] [4]Configuration updates:
eslzArm/eslzArm.json: Added a new parameterenablePrivateSubnetto control the enforcement of private subnets with allowed values "Audit", "Deny", and "Disabled".