The Azure Landing Zones (Enterprise-Scale) architecture provides prescriptive guidance coupled with Azure best practices, and it follows design principles across the critical design areas for organizations to define their Azure architecture
This pull request introduces metadata descriptions and design recommendations for various parameters in the eslzArm.json file, improving documentation and clarity on governance and security policies.
Governance Enhancements:
Added metadata descriptions for enableDecommissioned, enableSandbox, enableSqlAudit, enableStorageHttps, and enforceKvGuardrails parameters to specify the impact of enabling these policies. [1][2][3][4]
Security Improvements:
Added metadata descriptions for enforceBackup, enforceKvGuardrailsPlat, enforceBackupPlat, enforceAcsb, and enforceWsCMKInitiatives parameters to detail the security measures and recommendations. [1][2][3][4][5]
Networking Policies:
Added metadata descriptions for denyHybridNetworking, auditPeDnsZones, and auditAppGwWaf parameters to outline the networking policies and their enforcement. [1][2][3]
Workload Specific Compliance:
Added metadata descriptions for wsAPIMSelectorMG, wsAppServicesSelectorMG, wsAutomationSelectorMG, wsBotServiceSelectorMG, wsCognitiveServicesSelectorMG, wsComputeSelectorMG, wsContainerAppsSelectorMG, and wsContainerInstanceSelectorMG parameters to enforce best practices for specific workloads. [1][2][3][4][5][6][7][8]
Configuration Clarifications:
Updated metadata descriptions for delayCount and currentDateTimeUtcNow parameters to indicate they are managed by the ALZ team and not user-configurable. [1][2]
Overview/Summary
This pull request introduces metadata descriptions and design recommendations for various parameters in the
eslzArm.jsonfile, improving documentation and clarity on governance and security policies.Governance Enhancements:
enableDecommissioned,enableSandbox,enableSqlAudit,enableStorageHttps, andenforceKvGuardrailsparameters to specify the impact of enabling these policies. [1] [2] [3] [4]Security Improvements:
enforceBackup,enforceKvGuardrailsPlat,enforceBackupPlat,enforceAcsb, andenforceWsCMKInitiativesparameters to detail the security measures and recommendations. [1] [2] [3] [4] [5]Networking Policies:
denyHybridNetworking,auditPeDnsZones, andauditAppGwWafparameters to outline the networking policies and their enforcement. [1] [2] [3]Workload Specific Compliance:
wsAPIMSelectorMG,wsAppServicesSelectorMG,wsAutomationSelectorMG,wsBotServiceSelectorMG,wsCognitiveServicesSelectorMG,wsComputeSelectorMG,wsContainerAppsSelectorMG, andwsContainerInstanceSelectorMGparameters to enforce best practices for specific workloads. [1] [2] [3] [4] [5] [6] [7] [8]Configuration Clarifications:
delayCountandcurrentDateTimeUtcNowparameters to indicate they are managed by the ALZ team and not user-configurable. [1] [2]