Documentation updates

docs/wiki/Whats-new.md

@@ -44,19 +44,19 @@ Here's what's changed in Enterprise Scale/Azure Landing Zones:
 
 > **Important:** For existing ALZ deployments, you will need to redeploy the below assignments with least privilege RBAC roles, and review and remove existing service principals `Owner` role assignments. The below list includes the scope that needs to be reviewed. For new deployments, the below assignments will be deployed with least privilege RBAC roles.
 
+![Where to find RBAC roles to cleanup](media/WN-RBACCleanup.png)
+
 - Remediating default policy/initiative assignments using `Owner` role to be least privilege where possible. Updated assignments:
-  - DINE-ActivityLogPolicyAssignment.json (Management Group: Intermediate Root)
-  - DINE-AksPolicyPolicyAssignment.json (added additional required role)
-  - DINE-ResourceDiagnosticsPolicyAssignment.json (Management Group: Intermediate Root)
-  - DINE-SQLEncryptionPolicyAssignment.json (Management Group: Landing Zone)
-  - DINE-VMBackupPolicyAssignment.json (Management Group: Landing Zone)
-  - DINE-VMMonitoringPolicyAssignment.json (Management Group: Intermediate Root)
-  - DINE-VMSSMonitoringPolicyAssignment.json (Management Group: Intermediate Root)
+  - Deploy-AzActivity-Log (Management Group: Intermediate Root)
+  - Deploy-AKS-Policy (added additional required role)
+  - Deploy-Resource-Diag (Management Group: Intermediate Root)
+  - Deploy-SQL-TDE (Management Group: Landing Zone)
+  - Deploy-VM-Backup (Management Group: Landing Zone)
+  - Deploy-VM-Monitoring (Management Group: Intermediate Root)
+  - Deploy-VMSS-Monitoring (Management Group: Intermediate Root)
 
 ### August 2023
 
-Major update in this release: introducing the Policy Testing Framework foundation, along with tests for all assigned infrastructure policies that use the DENY effect. This will allow us to test the policies in a more automated fashion, and will help us to ensure that we don't introduce any regressions in the future and maintain a higher level of quality for our policies. We will be adding additional tests for custom policies in the future.
-
 #### Policy
 
 - Updating custom policies using over permissive roles (Owner) to use resource scoped roles (e.g., Storage Account Contributor, Azure SQL Contributor, etc.):
@@ -76,6 +76,8 @@ Major update in this release: introducing the Policy Testing Framework foundatio
 
 ### July 2023
 
+Major update in this release: introducing the Policy Testing Framework foundation, along with tests for all assigned infrastructure policies that use the DENY effect. This will allow us to test the policies in a more automated fashion, and will help us to ensure that we don't introduce any regressions in the future and maintain a higher level of quality for our policies. We will be adding additional tests for custom policies in the future.
+
 #### Policy
 
 - Added additional initiative assignment for [Enforce-Guardrails-KeyVault](https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Enforce-Guardrails-KeyVault.html) to the Platform Management Group to improve security coverage. Initially this assignment was only applied to the Landing Zone Management Group.

eslzArm/managementGroupTemplates/policyAssignments/DINE-AksPolicyPolicyAssignment.json

@@ -29,8 +29,8 @@
         "rbacAksContributor": "ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8",
         "rbacAksPolicyAddon": "18ed5180-3e48-46fd-8541-4ea054d57064",
         "roleAssignmentNames": {
-            "roleAssignmentNameAksContributor": "[guid(concat(parameters('topLevelManagementGroupPrefix'), variables('policyAssignmentNames').deployAks,'-1'))]",
-            "roleAssignmentNameAksPolicyAddon": "[guid(concat(parameters('topLevelManagementGroupPrefix'), variables('policyAssignmentNames').deployAks,'-2'))]"
+            "roleAssignmentNameAksContributor": "[guid(concat(parameters('topLevelManagementGroupPrefix'), variables('policyAssignmentNames').deployAks))]",
+            "roleAssignmentNameAksPolicyAddon": "[guid(concat(parameters('topLevelManagementGroupPrefix'), variables('policyAssignmentNames').deployAks,'-PolicyAddon'))]"
         }
     },
     "resources": [