diff --git a/docs/content/patterns/alz/HowTo/deploy/Deploy-via-Azure-Portal-UI.md b/docs/content/patterns/alz/HowTo/deploy/Deploy-via-Azure-Portal-UI.md index bead24ed9..c643ac64d 100644 --- a/docs/content/patterns/alz/HowTo/deploy/Deploy-via-Azure-Portal-UI.md +++ b/docs/content/patterns/alz/HowTo/deploy/Deploy-via-Azure-Portal-UI.md @@ -27,24 +27,44 @@ weight: 30 ## Management Groups Settings Blade -- Change the values on the Management Groups Settings blade to the following instructions: +![Management Groups Settings Blade](../../../media/PortalAccelerator/MGSettings.png) - ![Management Groups Settings Blade](../../../media/PortalAccelerator/MGSettings.png) +
+ +In the Management Groups Settings blade, change the value of the policy set definitions you would like to enable according to the following instructions: + +- Set the value of _`Enable AMBA Service Health`_ to _`Yes`_. This initiative deploys Azure Monitor Baseline Alerts to monitor Service Health Events such as Service issues, Planned maintenance, Health advisories, Security advisories, and Resource health together with action groups for Service Health alerts notifications. +- Change the value of _`Enable AMBA Connectivity`_ to _`Yes`_. This initiative deploys Azure Monitor Baseline Alerts to monitor Network components such as Azure Firewalls, ExpressRoute, VPN, and Private DNS Zones. +- Change the value of _`Enable AMBA Identity`_ to _`Yes`_. This initiative deploys Azure Monitor Baseline Alerts to monitor Identity services such as Key Vaults, Managed HSMs. +- Change the value of _`Enable AMBA Management`_ to _`Yes`_. This initiative deploys Azure Monitor Baseline Alerts to monitor Management services such as Log Analytics Workspaces, Storage Accounts, Automation Accounts. +- Change the value of _`Enable AMBA Hybrid VM`_ to _`Yes`_ This initiative deploys Azure Monitor Baseline Alerts to monitor Azure Arc-enabled Servers. +- Change the value of _`Enable AMBA Azure VM`_ to _`Yes`_ This initiative deploys Azure Monitor Baseline Alerts to monitor Azure Virtual Machines. +- Change the value of _`Enable AMBA Key Management`_ to _`Yes`_ This initiative deploys Azure Monitor Baseline Alerts to monitor Key Management Services such as Azure Key Vault, and Managed HSM. +- Change the value of _`Enable AMBA Load Balancing`_ to _`Yes`_ This initiative deploys Azure Monitor Baseline Alerts to monitor Load Balancing Services such as Load Balancer, Application Gateway, Traffic Manager, and Azure Front Door. +- Change the value of _`Enable AMBA Network Changes`_ to _`Yes`_ This initiative implements Azure Monitor Baseline Alerts to monitor alterations in Network Routing and Security, such as modifications to Route Tables and the removal of Network Security Groups. +- Change the value of _`Enable AMBA Recovery Services`_ to _`Yes`_ This initiative deploys Azure Monitor Baseline Alerts to monitor Recovery Services such as Azure Backup, and Azure Site Recovery. +- Change the value of _`Enable AMBA Storage`_ to _`Yes`_ This initiative deploys Azure Monitor Baseline Alerts to monitor Storage Services such as Storage accounts. +- Change the value of _`Enable AMBA Web`_ to _`Yes`_ This initiative deploys Azure Monitor Baseline Alerts to monitor Web Services such as App Services. +- Set the value of _`Enable AMBA Notification Assets`_ to _`Yes`_. This configuration will deploy notification assets broad notifications. + +- Change the values on the Management Groups Settings blade according to the following instructions: ### If you are aligned to ALZ - Choose the value of _```Enterprise Scale Company Management Group```_ to the management group ID for Platform. +- Choose the value of _```Platform Management Group```_ to the management group ID for Platform. +- Choose the value of _```Connectivity Management Group```_ to the management group ID for Connectivity. - Choose the value of _```Identity Management Group```_ to the management group ID for Identity. - Choose the value of _```Management Management Group```_ to the management group ID for Management. -- Choose the value of _```Connectivity Management Group```_ to the management group ID for Connectivity. - Choose the value of _```Landing Zone Management Group```_ to the management group ID for Landing Zones. ### If you are unaligned to ALZ - Choose the value of _`Enterprise Scale Company Management Group`_ to the management group ID for Platform. The same management group ID may be repeated. +- Choose the value of _`Platform Management Group`_ to the management group ID for Platform. The same management group ID may be repeated. +- Choose the value of _`Connectivity Management Group`_ to the management group ID for Connectivity. The same management group ID may be repeated. - Choose the value of _`Identity Management Group`_ to the management group ID for Identity. The same management group ID may be repeated. - Choose the value of _`Management Management Group`_ to the management group ID for Management. The same management group ID may be repeated. -- Choose the value of _`Connectivity Management Group`_ to the management group ID for Connectivity. The same management group ID may be repeated. - Choose the value of _`Landing Zone Management Group`_ to the management group ID for Landing Zones. The same management group ID may be repeated. {{< hint type=note >}} @@ -54,26 +74,16 @@ For ease of deployment and maintenance we have kept the same variables. ### If you have a single management group - Choose the value of _`Enterprise Scale Company Management Group`_ to the pseudo root management group ID, also called the "Intermediate Root Management Group". +- Choose the value of _`Platform Management Group`_ to the pseudo root management group ID, also called the "Intermediate Root Management Group". +- Choose the value of _`Connectivity Management Group`_ to the pseudo root management group ID, also called the "Intermediate Root Management Group". - Choose the value of _`Identity Management Group`_ to the pseudo root management group ID, also called the "Intermediate Root Management Group". - Choose the value of _`Management Management Group`_ to the pseudo root management group ID, also called the "Intermediate Root Management Group". -- Choose the value of _`Connectivity Management Group`_ to the pseudo root management group ID, also called the "Intermediate Root Management Group". - Choose the value of _`Landing Zone Management Group`_ to the pseudo root management group ID, also called the "Intermediate Root Management Group". {{< hint type=note >}} For ease of deployment and maintenance we have kept the same variables. {{< /hint >}} -- Set the value of _`Enable AMBA notification assets`_ to _`Yes`_. This configuration will deploy notification assets broad notifications. -- Set the value of _`Enable AMBA Service Health`_ to _`Yes`_. This setting will assign the Service Health Policy Set Definition during deployment and deploy action groups for Service Health alerts notifications. -- Change the value of _`Enable AMBA Hybrid VM`_ to _`Yes`_ This initiative deploys Azure Monitor Baseline Alerts to monitor Azure Arc-enabled Servers. -- Change the value of _`Enable AMBA Key Management`_ to _`Yes`_ This initiative deploys Azure Monitor Baseline Alerts to monitor Key Management Services such as Azure Key Vault, and Managed HSM. -- Change the value of _`Enable AMBA Load Balancing`_ to _`Yes`_ This initiative deploys Azure Monitor Baseline Alerts to monitor Load Balancing Services such as Load Balancer, Application Gateway, Traffic Manager, and Azure Front Door. -- Change the value of _`Enable AMBA Network Changes`_ to _`Yes`_ This initiative implements Azure Monitor Baseline Alerts to monitor alterations in Network Routing and Security, such as modifications to Route Tables and the removal of Network Security Groups. -- Change the value of _`Enable AMBA Recovery Services`_ to _`Yes`_ This initiative deploys Azure Monitor Baseline Alerts to monitor Recovery Services such as Azure Backup, and Azure Site Recovery. -- Change the value of _`Enable AMBA Storage`_ to _`Yes`_ This initiative deploys Azure Monitor Baseline Alerts to monitor Storage Services such as Storage accounts. -- Change the value of _`Enable AMBA VM`_ to _`Yes`_ This initiative deploys Azure Monitor Baseline Alerts to monitor Azure Virtual Machines. -- Change the value of _`Enable AMBA Web`_ to _`Yes`_ This initiative deploys Azure Monitor Baseline Alerts to monitor Web Services such as App Services. - ## Notification Settings Blade ![Notification Settings Blade](../../../media/PortalAccelerator/NotificationSettings.png) diff --git a/docs/content/patterns/alz/media/PortalAccelerator/DeploymentSettings.png b/docs/content/patterns/alz/media/PortalAccelerator/DeploymentSettings.png index c70d4914b..3fe542f1e 100644 Binary files a/docs/content/patterns/alz/media/PortalAccelerator/DeploymentSettings.png and b/docs/content/patterns/alz/media/PortalAccelerator/DeploymentSettings.png differ diff --git a/docs/content/patterns/alz/media/PortalAccelerator/MGSettings.png b/docs/content/patterns/alz/media/PortalAccelerator/MGSettings.png index c04418eb6..edb778324 100644 Binary files a/docs/content/patterns/alz/media/PortalAccelerator/MGSettings.png and b/docs/content/patterns/alz/media/PortalAccelerator/MGSettings.png differ diff --git a/patterns/alz/alz-portal.json b/patterns/alz/alz-portal.json index 175b2d250..c1ed7287a 100644 --- a/patterns/alz/alz-portal.json +++ b/patterns/alz/alz-portal.json @@ -26,7 +26,7 @@ "instanceDetailsLabel": "AMBA Accelerator" }, { - "name": "getmanagementSubscriptionId", + "name": "getSubscriptionIds", "type": "Microsoft.Solutions.ArmApiControl", "request": { "method": "POST", @@ -145,7 +145,8 @@ "filter": false, "toolTip": "Provide the subscription id where the user assigned managed identity will be created.", "constraints": { - "allowedValues": "[steps('basics').getmanagementSubscriptionId.data]" + "allowedValues": "[steps('basics').getSubscriptionIds.data]", + "required": "[if(equals(steps('basics').bringYourOwnUserAssignedManagedIdentity,'No'), true, false)]" } }, { @@ -262,26 +263,32 @@ } }, { - "name": "platformManagementGroup", + "name": "enableAMBAServiceHealth", "type": "Microsoft.Common.DropDown", - "label": "Platform Management Group", - "multiselect": false, - "defaultValue": "", - "filter": false, - "defaultDescription": "Platform Management Group", - "toolTip": "Provide the name of the Management Group that will be used to host the platform resources.", + "label": "Enable AMBA Service Health", + "defaultValue": "Yes", + "toolTip": "Assign Service health initiative", "constraints": { - "allowedValues": "[map(steps('Configuration').ManagementGroupAPI.value, (item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.name, '\"}')))]", - "required": true + "required": true, + "allowedValues": [ + { + "label": "Yes", + "value": "Yes" + }, + { + "label": "No", + "value": "No" + } + ] }, "visible": true }, { - "name": "enableAMBAIdentity", + "name": "enableAMBAConnectivity", "type": "Microsoft.Common.DropDown", - "label": "Enable AMBA Identity", + "label": "Enable AMBA Connectivity", "defaultValue": "Yes", - "toolTip": "If 'Yes' is selected the Deploy Azure Monitor Baseline Alerts for Identity policy initiative is assigned to the Identity management group. This will ensure that relevant new resources created within that scope are configured with appropriate baseline alerts. For more details on what is included in the initiative please refer to https://aka.ms/amba/alz/wiki under Azure Policy Initiatives and Alert Details.", + "toolTip": "If 'Yes' is selected the Deploy Azure Monitor Baseline Alerts for Connectivity policy initiative is assigned to the Connectivity management group. This will ensure that relevant new resources created within that scope are configured with appropriate baseline alerts. For more details on what is included in the initiative please refer to https://aka.ms/amba/alz/wiki under Azure Policy Initiatives and Alert Details.", "constraints": { "required": true, "allowedValues": [ @@ -298,18 +305,25 @@ "visible": true }, { - "name": "IdentityManagementGroup", + "name": "enableAMBAIdentity", "type": "Microsoft.Common.DropDown", - "label": "Identity Management Group", - "multiselect": false, - "defaultValue": "", - "filter": false, - "toolTip": "Provide the name of the Management Group that will be used to host the identity resources.", + "label": "Enable AMBA Identity", + "defaultValue": "Yes", + "toolTip": "If 'Yes' is selected the Deploy Azure Monitor Baseline Alerts for Identity policy initiative is assigned to the Identity management group. This will ensure that relevant new resources created within that scope are configured with appropriate baseline alerts. For more details on what is included in the initiative please refer to https://aka.ms/amba/alz/wiki under Azure Policy Initiatives and Alert Details.", "constraints": { - "allowedValues": "[map(steps('Configuration').ManagementGroupAPI.value, (item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.name, '\"}')))]", - "required": true + "required": true, + "allowedValues": [ + { + "label": "Yes", + "value": "Yes" + }, + { + "label": "No", + "value": "No" + } + ] }, - "visible": "[equals(steps('Configuration').enableAMBAIdentity,'Yes')]" + "visible": true }, { "name": "enableAMBAManagement", @@ -333,25 +347,12 @@ "visible": true }, { - "name": "managementManagementGroup", - "type": "Microsoft.Common.DropDown", - "label": "Management Management Group", - "multiselect": false, - "defaultValue": "", - "filter": false, - "toolTip": "Provide the name of the Management Group that will be used to host the management resources.", - "constraints": { - "allowedValues": "[map(steps('Configuration').ManagementGroupAPI.value, (item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.name, '\"}')))]", - "required": true - }, - "visible": "[equals(steps('Configuration').enableAMBAManagement,'Yes')]" - }, - { - "name": "enableAMBAConnectivity", + "name": "enableAMBAHybridVM", "type": "Microsoft.Common.DropDown", - "label": "Enable AMBA Connectivity", + "label": "Enable AMBA Hybrid VM", + "subLabel": "", "defaultValue": "Yes", - "toolTip": "If 'Yes' is selected the Deploy Azure Monitor Baseline Alerts for Connectivity policy initiative is assigned to the Connectivity management group. This will ensure that relevant new resources created within that scope are configured with appropriate baseline alerts. For more details on what is included in the initiative please refer to https://aka.ms/amba/alz/wiki under Azure Policy Initiatives and Alert Details.", + "toolTip": "This initiative deploys Azure Monitor Baseline Alerts to monitor Azure Arc-enabled Servers", "constraints": { "required": true, "allowedValues": [ @@ -363,31 +364,19 @@ "label": "No", "value": "No" } - ] + ], + "validations": [] }, + "infoMessages": [], "visible": true }, { - "name": "connectivityManagementGroup", - "type": "Microsoft.Common.DropDown", - "label": "Connectivity Management Group", - "multiselect": false, - "defaultValue": "", - "filter": false, - "toolTip": "Provide the name of the Management Group that will be used to host the connectivity resources.", - "constraints": { - "allowedValues": "[map(steps('Configuration').ManagementGroupAPI.value, (item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.name, '\"}')))]", - "required": true - }, - "visible": "[equals(steps('Configuration').enableAMBAConnectivity,'Yes')]" - }, - { - "name": "enableAMBAHybridVM", + "name": "enableAMBAVM", "type": "Microsoft.Common.DropDown", - "label": "Enable AMBA Hybrid VM", + "label": "Enable AMBA Azure VM", "subLabel": "", "defaultValue": "Yes", - "toolTip": "This initiative deploys Azure Monitor Baseline Alerts to monitor Azure Arc-enabled Servers", + "toolTip": "This initiative deploys Azure Monitor Baseline Alerts to monitor Azure Virtual Machines.", "constraints": { "required": true, "allowedValues": [ @@ -526,12 +515,12 @@ "visible": true }, { - "name": "enableAMBAVM", + "name": "enableAMBAWeb", "type": "Microsoft.Common.DropDown", - "label": "Enable AMBA VM", + "label": "Enable AMBA Web", "subLabel": "", "defaultValue": "Yes", - "toolTip": "This initiative deploys Azure Monitor Baseline Alerts to monitor Azure Virtual Machines.", + "toolTip": "This initiative deploys Azure Monitor Baseline Alerts to monitor Web Services such as App Services.", "constraints": { "required": true, "allowedValues": [ @@ -550,12 +539,11 @@ "visible": true }, { - "name": "enableAMBAWeb", + "name": "enableAMBANotificationAssets", "type": "Microsoft.Common.DropDown", - "label": "Enable AMBA Web", - "subLabel": "", + "label": "Enable AMBA Notification Assets", "defaultValue": "Yes", - "toolTip": "This initiative deploys Azure Monitor Baseline Alerts to monitor Web Services such as App Services.", + "toolTip": "Assign Action assets initiative", "constraints": { "required": true, "allowedValues": [ @@ -567,67 +555,80 @@ "label": "No", "value": "No" } - ], - "validations": [] + ] }, - "infoMessages": [], "visible": true }, { - "name": "LandingZoneManagementGroup", + "name": "platformManagementGroup", "type": "Microsoft.Common.DropDown", - "label": "Landing Zone Management Group", + "label": "Platform Management Group", "multiselect": false, "defaultValue": "", "filter": false, - "toolTip": "Provide the name of the Management Group that will be used to host the landing zone resources.", + "defaultDescription": "Platform Management Group", + "toolTip": "Provide the name of the Management Group that will be used to host the platform resources.", "constraints": { "allowedValues": "[map(steps('Configuration').ManagementGroupAPI.value, (item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.name, '\"}')))]", "required": true }, - "visible": "[or(equals(steps('Configuration').enableAMBAHybridVM,'Yes'), equals(steps('Configuration').enableAMBAKeyManagement,'Yes'), equals(steps('Configuration').enableAMBALoadBalancing,'Yes'), equals(steps('Configuration').enableAMBANetworkChanges,'Yes'), equals(steps('Configuration').enableAMBARecoveryServices,'Yes'), equals(steps('Configuration').enableAMBAStorage,'Yes'), equals(steps('Configuration').enableAMBAVM,'Yes'), equals(steps('Configuration').enableAMBAWeb,'Yes'))]" + "visible": "[or(equals(steps('Configuration').enableAMBAHybridVM,'Yes'), equals(steps('Configuration').enableAMBAVM,'Yes'))]" }, { - "name": "enableAMBAServiceHealth", + "name": "connectivityManagementGroup", "type": "Microsoft.Common.DropDown", - "label": "Enable AMBA Service Health", - "defaultValue": "Yes", - "toolTip": "Assign Service health initiative", + "label": "Connectivity Management Group", + "multiselect": false, + "defaultValue": "", + "filter": false, + "toolTip": "Provide the name of the Management Group that will be used to host the connectivity resources.", "constraints": { - "required": true, - "allowedValues": [ - { - "label": "Yes", - "value": "Yes" - }, - { - "label": "No", - "value": "No" - } - ] + "allowedValues": "[map(steps('Configuration').ManagementGroupAPI.value, (item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.name, '\"}')))]", + "required": true }, - "visible": true + "visible": "[equals(steps('Configuration').enableAMBAConnectivity,'Yes')]" }, { - "name": "enableAMBANotificationAssets", + "name": "IdentityManagementGroup", "type": "Microsoft.Common.DropDown", - "label": "Enable AMBA Notification Assets", - "defaultValue": "Yes", - "toolTip": "Assign Action assets initiative", + "label": "Identity Management Group", + "multiselect": false, + "defaultValue": "", + "filter": false, + "toolTip": "Provide the name of the Management Group that will be used to host the identity resources.", "constraints": { - "required": true, - "allowedValues": [ - { - "label": "Yes", - "value": "Yes" - }, - { - "label": "No", - "value": "No" - } - ] + "allowedValues": "[map(steps('Configuration').ManagementGroupAPI.value, (item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.name, '\"}')))]", + "required": true }, - "visible": true + "visible": "[equals(steps('Configuration').enableAMBAIdentity,'Yes')]" + }, + { + "name": "managementManagementGroup", + "type": "Microsoft.Common.DropDown", + "label": "Management Management Group", + "multiselect": false, + "defaultValue": "", + "filter": false, + "toolTip": "Provide the name of the Management Group that will be used to host the management resources.", + "constraints": { + "allowedValues": "[map(steps('Configuration').ManagementGroupAPI.value, (item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.name, '\"}')))]", + "required": true + }, + "visible": "[or(equals(steps('Configuration').enableAMBAManagement,'Yes'), equals(steps('Configuration').enableAMBAHybridVM,'Yes'), equals(steps('Configuration').enableAMBAVM,'Yes'))]" + }, + { + "name": "LandingZoneManagementGroup", + "type": "Microsoft.Common.DropDown", + "label": "Landing Zone Management Group", + "multiselect": false, + "defaultValue": "", + "filter": false, + "toolTip": "Provide the name of the Management Group that will be used to host the landing zone resources.", + "constraints": { + "allowedValues": "[map(steps('Configuration').ManagementGroupAPI.value, (item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.name, '\"}')))]", + "required": true + }, + "visible": "[or(equals(steps('Configuration').enableAMBAHybridVM,'Yes'), equals(steps('Configuration').enableAMBAKeyManagement,'Yes'), equals(steps('Configuration').enableAMBALoadBalancing,'Yes'), equals(steps('Configuration').enableAMBANetworkChanges,'Yes'), equals(steps('Configuration').enableAMBARecoveryServices,'Yes'), equals(steps('Configuration').enableAMBAStorage,'Yes'), equals(steps('Configuration').enableAMBAVM,'Yes'), equals(steps('Configuration').enableAMBAWeb,'Yes'))]" } ] }, @@ -948,7 +949,7 @@ "enterpriseScaleCompanyPrefix": "[steps('Configuration').enterpriseScaleCompanyPrefix]", "platformManagementGroup": "[steps('Configuration').platformManagementGroup]", "IdentityManagementGroup": "[if(equals(steps('Configuration').enableAMBAIdentity,'No'), 'contoso-identity', steps('Configuration').IdentityManagementGroup)]", - "managementManagementGroup": "[if(equals(steps('Configuration').enableAMBAManagement, 'No'), 'contoso-management', steps('Configuration').managementManagementGroup)]", + "managementManagementGroup": "[if(and(equals(steps('Configuration').enableAMBAManagement,'No'), equals(steps('Configuration').enableAMBAHybridVM,'No'), equals(steps('Configuration').enableAMBAVM,'No')), 'contoso-management', steps('Configuration').managementManagementGroup)]", "connectivityManagementGroup": "[if(equals(steps('Configuration').enableAMBAConnectivity, 'No'), 'contoso-connectivity', steps('Configuration').connectivityManagementGroup)]", "LandingZoneManagementGroup": "[if(empty(steps('Configuration').LandingZoneManagementGroup), 'contoso-landingzones', steps('Configuration').LandingZoneManagementGroup)]", "BYOActionGroup": "[steps('Notification').BYOActionGroup]",