enable TrustedLaunch

Azure DevTest Labs/SharePoint-AllVersions/CHANGELOG.md

@@ -1,6 +1,6 @@
 # Change log for Azure DevTest Labs template SharePoint-AllVersions
 
-## Enhancements & bug-fixes - Published in December 26, 2024
+## Enhancements & bug-fixes - Published in December 27, 2024
 
 ### Added
 

Azure DevTest Labs/SharePoint-AllVersions/azuredeploy.parameters.json

@@ -2,9 +2,9 @@
   "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
   "contentVersion": "1.0.0.0",
   "parameters": {
-    "provisionSharePointSubscription": { "value": "Subscription-Latest" },
-    "provisionSharePoint2019": { "value": false },
-    "provisionSharePoint2016": { "value": false },
+    "provisionSharePointSubscription": { "value": "Subscription-RTM" },
+    "provisionSharePoint2019": { "value": true },
+    "provisionSharePoint2016": { "value": true },
     "configureADFS": { "value": true },
     "domainFqdn": { "value": "contoso.local" },
     "adminUsername": { "value": "Yvand" },
@@ -14,7 +14,7 @@
     "vmSharePointStorage": { "value": "Premium_LRS" },
     "rdpTrafficRule": { "value": "No" },
     "enableHybridBenefitServerLicenses": { "value": true },
-    "enableAzureBastion": { "value": true }
-    // "_artifactsLocation": { "value": "https://github.com/Yvand/AzureRM-Templates/raw/master/Templates/DTL-SharePoint-AllVersions-light" }
+    "enableAzureBastion": { "value": false }
+    // "_artifactsLocation": { "value": "https://github.com/Yvand/AzureRM-Templates/raw/master/Azure%20DevTest%20Labs/DTL-SharePoint-AllVersions-light" }
   }
 }

Azure DevTest Labs/SharePoint-AllVersions/main.bicep

@@ -250,7 +250,7 @@ param vmSharePointSize string = 'Standard_B4as_v2'
 param vmSharePointStorage string = 'StandardSSD_LRS'
 
 @description('The base URI where artifacts required by this template are located. When the template is deployed using the accompanying scripts, a private location in the subscription will be used and this value will be automatically generated.')
-param _artifactsLocation string = 'https://github.com/Yvand/AzureRM-Templates/raw/master/Templates/DTL-SharePoint-AllVersions-light'
+param _artifactsLocation string = 'https://github.com/Yvand/AzureRM-Templates/raw/convert-to-bicep/Azure%20DevTest%20Labs/DTL-SharePoint-AllVersions-light'
 
 @description('The sasToken required to access _artifactsLocation. When the template is deployed using the accompanying scripts, a sasToken will be automatically generated.')
 @secure()

Azure DevTest Labs/SharePoint-AllVersions/metadata.json

@@ -3,5 +3,5 @@
   "description": "Deploy SharePoint Subscription / 2019 / 2016 with a lightweight configuration. Each version is independent and may or may not be deployed.",
   "summary": "Deploy SharePoint Subscription / 2019 / 2016 with a lightweight configuration. Each version is independent and may or may not be deployed.",
   "githubUsername": "Yvand",
-  "dateUpdated": "2024-12-26"
+  "dateUpdated": "2024-12-27"
 }

Azure DevTest Labs/SharePoint-SingleFarm-FullConfig/CHANGELOG.md

@@ -1,6 +1,6 @@
 # Change log for Azure DevTest Labs template DTL-SharePoint-FullConfig
 
-## Enhancements & bug-fixes - Published in December 26, 2024
+## Enhancements & bug-fixes - Published in December 27, 2024
 
 ### Added
 

Azure DevTest Labs/SharePoint-SingleFarm-FullConfig/DeployTemplate.ps1

@@ -93,7 +93,9 @@ if ($result.ProvisioningState -eq "Succeeded") {
     Write-Host "Deployment completed successfully in $($elapsedTime.ToString("h\hmm\m\n"))." -ForegroundColor Green
     $outputs = (Get-AzResourceGroupDeployment -ResourceGroupName $resourceGroupName -Name $resourceDeploymentName).Outputs        
     $outputMessage = "Use the account ""$($outputs.domainAdminAccount.value)"" (""$($outputs.domainAdminAccountFormatForBastion.value)"") to sign in"
-    $outputMessage += $outputs.ContainsKey("publicIPAddressSP") ? " to ""$($outputs.publicIPAddressSP.value)""" : "."
+    if ($outputs.ContainsKey("publicIPAddressSP") -and ![String]::IsNullOrWhiteSpace($outputs.publicIPAddressSP.value)) {
+        $outputMessage += " to ""$($outputs.publicIPAddressSP.value)"""
+    }
     Write-Host $outputMessage -ForegroundColor Green
 }
 else {

Azure DevTest Labs/SharePoint-SingleFarm-FullConfig/azuredeploy.json

@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.31.92.45157",
-      "templateHash": "463196043803748823"
+      "version": "0.32.4.45862",
+      "templateHash": "11266622120295476244"
     },
     "description": "Create a DC, a SQL Server 2022, and from 1 to 5 server(s) hosting a SharePoint Subscription / 2019 / 2016 farm with an extensive configuration, including trusted authentication, user profiles with personal sites, an OAuth trust (using a certificate), a dedicated IIS site for hosting high-trust add-ins, etc... The latest version of key softwares (including Fiddler, vscode, np++, 7zip, ULS Viewer) is installed. SharePoint machines have additional fine-tuning to make them immediately usable (remote administration tools, custom policies for Edge and Chrome, shortcuts, etc...).",
     "author": "Yvand"
@@ -332,7 +332,7 @@
     },
     "_artifactsLocation": {
       "type": "string",
-      "defaultValue": "https://github.com/Yvand/AzureRM-Templates/raw/dev/Azure DevTest Labs/DTL-SharePoint-FullConfig",
+      "defaultValue": "https://github.com/Yvand/AzureRM-Templates/raw/convert-to-bicep/Azure%20DevTest%20Labs/DTL-SharePoint-FullConfig",
       "metadata": {
         "description": "The base URI where artifacts required by this template are located. When the template is deployed using the accompanying scripts, a private location in the subscription will be used and this value will be automatically generated."
       }
@@ -417,7 +417,7 @@
           "Label": "Latest",
           "Packages": [
             {
-              "DownloadUrl": "https://download.microsoft.com/download/4/b/4/4b4d907f-2e25-4972-a7b1-dfe8d1c0fadb/uber-subscription-kb5002651-fullfile-x64-glb.exe"
+              "DownloadUrl": "https://download.microsoft.com/download/c/e/c/ceca0241-efca-4484-9d76-5661806f16c4/uber-subscription-kb5002658-fullfile-x64-glb.exe"
             }
           ]
         }
@@ -457,7 +457,8 @@
       "vmFEName": "FE",
       "vmDCImage": "MicrosoftWindowsServer:WindowsServer:2022-datacenter-azure-edition-smalldisk:latest",
       "vmSQLImage": "MicrosoftSQLServer:sql2022-ws2022:sqldev-gen2:latest",
-      "vmSharePointImage": "[if(variables('sharePointSettings').isSharePointSubscription, variables('sharePointSettings').sharePointImagesList.Subscription, if(equals(parameters('sharePointVersion'), '2019'), variables('sharePointSettings').sharePointImagesList.sp2019, variables('sharePointSettings').sharePointImagesList.sp2016))]"
+      "vmSharePointImage": "[if(variables('sharePointSettings').isSharePointSubscription, variables('sharePointSettings').sharePointImagesList.Subscription, if(equals(parameters('sharePointVersion'), '2019'), variables('sharePointSettings').sharePointImagesList.sp2019, variables('sharePointSettings').sharePointImagesList.sp2016))]",
+      "vmSharePointSecurityProfile": "[if(equals(parameters('sharePointVersion'), '2016'), null(), createObject('securityType', 'TrustedLaunch', 'uefiSettings', createObject('secureBootEnabled', true(), 'vTpmEnabled', true())))]"
     },
     "dscSettings": {
       "forceUpdateTag": "1.0",
@@ -668,7 +669,14 @@
             }
           ]
         },
-        "licenseType": "[if(parameters('enableHybridBenefitServerLicenses'), 'Windows_Server', null())]"
+        "licenseType": "[if(parameters('enableHybridBenefitServerLicenses'), 'Windows_Server', null())]",
+        "securityProfile": {
+          "securityType": "TrustedLaunch",
+          "uefiSettings": {
+            "secureBootEnabled": true,
+            "vTpmEnabled": true
+          }
+        }
       },
       "dependsOn": [
         "[resourceId('Microsoft.Network/networkInterfaces', 'vm-dc-nic')]"
@@ -846,7 +854,14 @@
             }
           ]
         },
-        "licenseType": "[if(parameters('enableHybridBenefitServerLicenses'), 'Windows_Server', null())]"
+        "licenseType": "[if(parameters('enableHybridBenefitServerLicenses'), 'Windows_Server', null())]",
+        "securityProfile": {
+          "securityType": "TrustedLaunch",
+          "uefiSettings": {
+            "secureBootEnabled": true,
+            "vTpmEnabled": true
+          }
+        }
       },
       "dependsOn": [
         "[resourceId('Microsoft.Network/networkInterfaces', 'vm-sql-nic')]"
@@ -1023,7 +1038,8 @@
             }
           ]
         },
-        "licenseType": "[if(parameters('enableHybridBenefitServerLicenses'), 'Windows_Server', null())]"
+        "licenseType": "[if(parameters('enableHybridBenefitServerLicenses'), 'Windows_Server', null())]",
+        "securityProfile": "[variables('vmsSettings').vmSharePointSecurityProfile]"
       },
       "dependsOn": [
         "[resourceId('Microsoft.Network/networkInterfaces', 'vm-sp-nic')]"
@@ -1264,7 +1280,8 @@
             }
           ]
         },
-        "licenseType": "[if(parameters('enableHybridBenefitServerLicenses'), 'Windows_Server', null())]"
+        "licenseType": "[if(parameters('enableHybridBenefitServerLicenses'), 'Windows_Server', null())]",
+        "securityProfile": "[variables('vmsSettings').vmSharePointSecurityProfile]"
       },
       "dependsOn": [
         "[resourceId('Microsoft.Network/networkInterfaces', format('vm-fe{0}-nic', range(0, parameters('frontEndServersCount'))[range(0, parameters('frontEndServersCount'))[copyIndex()]]))]",

Azure DevTest Labs/SharePoint-SingleFarm-FullConfig/azuredeploy.parameters.json

@@ -2,18 +2,19 @@
   "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
   "contentVersion": "1.0.0.0",
   "parameters": {
-    // "sharePointVersion": { "value": "Subscription-RTM" },
-    "sharePointVersion": { "value": "2019" },
+    "sharePointVersion": { "value": "Subscription-RTM" },
+    // "sharePointVersion": { "value": "2019" },
     "domainFqdn": { "value": "contoso.local" },
     "adminUsername": { "value": "yvand" },
     "adminPassword": { "value": null },
     "otherAccountsPassword": { "value": null },
     "timeZone": { "value": "Romance Standard Time" },
-    // "vmSharePointStorage": { "value": "Premium_LRS" },
-    "rdpTrafficRule": { "value": "10.20.30.40" },
-    "numberOfAdditionalFrontEnd": { "value": 1 },
+    "outboundAccessMethod": { "value": "PublicIPAddress" },
+    "rdpTrafficRule": { "value": "No" },
+    "frontEndServersCount": { "value": 1 },
     "enableHybridBenefitServerLicenses": { "value": true },
-    "addAzureBastion": { "value": false }
-    // "_artifactsLocation": { "value": "https://github.com/Yvand/AzureRM-Templates/raw/master/Templates/DTL-SharePoint-FullConfig" }
+    "enableAzureBastion": { "value": false },
+    "vmSharePointStorage": { "value": "Premium_LRS" }
+    // "_artifactsLocation": { "value": "https://github.com/Yvand/AzureRM-Templates/raw/master/Azure%20DevTest%20Labs/DTL-SharePoint-FullConfig" }
   }
 }

Azure DevTest Labs/SharePoint-SingleFarm-FullConfig/main.bicep

@@ -262,7 +262,7 @@ param vmSharePointSize string = 'Standard_B4as_v2'
 param vmSharePointStorage string = 'StandardSSD_LRS'
 
 @description('The base URI where artifacts required by this template are located. When the template is deployed using the accompanying scripts, a private location in the subscription will be used and this value will be automatically generated.')
-param _artifactsLocation string = 'https://github.com/Yvand/AzureRM-Templates/raw/dev/Azure DevTest Labs/DTL-SharePoint-FullConfig'
+param _artifactsLocation string = 'https://github.com/Yvand/AzureRM-Templates/raw/convert-to-bicep/Azure%20DevTest%20Labs/DTL-SharePoint-FullConfig'
 
 @description('The sasToken required to access _artifactsLocation. When the template is deployed using the accompanying scripts, a sasToken will be automatically generated.')
 @secure()
@@ -390,6 +390,15 @@ var vmsSettings = {
     : ((sharePointVersion == '2019')
         ? sharePointSettings.sharePointImagesList.sp2019
         : sharePointSettings.sharePointImagesList.sp2016))
+  vmSharePointSecurityProfile: sharePointVersion == '2016'
+    ? null
+    : {
+        securityType: 'TrustedLaunch'
+        uefiSettings: {
+          secureBootEnabled: true
+          vTpmEnabled: true
+        }
+      }
 }
 
 var dscSettings = {
@@ -603,6 +612,13 @@ resource vm_dc_def 'Microsoft.Compute/virtualMachines@2024-07-01' = {
       ]
     }
     licenseType: (enableHybridBenefitServerLicenses ? 'Windows_Server' : null)
+    securityProfile: {
+      securityType: 'TrustedLaunch'
+      uefiSettings: {
+        secureBootEnabled: true
+        vTpmEnabled: true
+      }
+    }
   }
 }
 
@@ -770,6 +786,13 @@ resource vm_sql_def 'Microsoft.Compute/virtualMachines@2024-07-01' = {
       ]
     }
     licenseType: (enableHybridBenefitServerLicenses ? 'Windows_Server' : null)
+    securityProfile: {
+      securityType: 'TrustedLaunch'
+      uefiSettings: {
+        secureBootEnabled: true
+        vTpmEnabled: true
+      }
+    }
   }
 }
 
@@ -936,6 +959,7 @@ resource vm_sp_def 'Microsoft.Compute/virtualMachines@2024-07-01' = {
       ]
     }
     licenseType: (enableHybridBenefitServerLicenses ? 'Windows_Server' : null)
+    securityProfile: vmsSettings.vmSharePointSecurityProfile
   }
 }
 
@@ -1159,6 +1183,7 @@ resource vm_fe_def 'Microsoft.Compute/virtualMachines@2024-07-01' = [
         ]
       }
       licenseType: (enableHybridBenefitServerLicenses ? 'Windows_Server' : null)
+      securityProfile: vmsSettings.vmSharePointSecurityProfile
     }
   }
 ]
@@ -1564,15 +1589,11 @@ resource firewall_def 'Microsoft.Network/azureFirewalls@2023-11-01' = if (outbou
   }
 }
 
-output publicIPAddressDC string = outboundAccessMethod == 'PublicIPAddress'
-  ? vm_dc_pip.properties.dnsSettings.fqdn
-  : ''
+output publicIPAddressDC string = outboundAccessMethod == 'PublicIPAddress' ? vm_dc_pip.properties.dnsSettings.fqdn : ''
 output publicIPAddressSQL string = outboundAccessMethod == 'PublicIPAddress'
   ? vm_sql_pip.properties.dnsSettings.fqdn
   : ''
-output publicIPAddressSP string = outboundAccessMethod == 'PublicIPAddress'
-  ? vm_sp_pip.properties.dnsSettings.fqdn
-  : ''
+output publicIPAddressSP string = outboundAccessMethod == 'PublicIPAddress' ? vm_sp_pip.properties.dnsSettings.fqdn : ''
 output vm_fe_public_dns array = [
   for i in range(0, frontEndServersCount): (outboundAccessMethod == 'PublicIPAddress')
     ? vm_fe_pip[i].properties.dnsSettings.fqdn

Azure DevTest Labs/SharePoint-SingleFarm-FullConfig/metadata.json

@@ -3,5 +3,5 @@
   "description": "Create a DC, a SQL Server 2022, and from 1 to 5 server(s) hosting a SharePoint Subscription / 2019 / 2016 farm with an extensive configuration, including trusted authentication, user profiles with personal sites, an OAuth trust (using a certificate), a dedicated IIS site for hosting high-trust add-ins, etc... The latest version of key softwares (including Fiddler, vscode, np++, 7zip, ULS Viewer) is installed. SharePoint machines have additional fine-tuning to make them immediately usable (remote administration tools, custom policies for Edge and Chrome, shortcuts, etc...).",
   "summary": "Create a SharePoint Server farm with an extensive configuration. Key softwares (inc. Fiddler, vscode, np++, 7zip and ULS Viewer) and fine tuning make the farm immediately useful for most scenarios",
   "githubUsername": "Yvand",
-  "dateUpdated": "2024-12-26"
+  "dateUpdated": "2024-12-27"
 }

Azure Resource Manager/SharePoint-ADFS/CHANGELOG.md

@@ -1,5 +1,12 @@
 # Change log for Azure template SharePoint-ADFS
 
+## Enhancements & bug-fixes - 
+
+### Changed
+
+- Template
+  - Enabled [Trusted launch](https://learn.microsoft.com/azure/virtual-machines/trusted-launch-existing-vm), with secure boot and Virtual Trusted Platform Module, on all virtual machines except SharePoint 2016
+
 ## Enhancements & bug-fixes - Published in December 18, 2024
 
 ### Changed

Azure Resource Manager/SharePoint-ADFS/DeployTemplate.ps1

@@ -93,7 +93,9 @@ if ($result.ProvisioningState -eq "Succeeded") {
     Write-Host "Deployment completed successfully in $($elapsedTime.ToString("h\hmm\m\n"))." -ForegroundColor Green
     $outputs = (Get-AzResourceGroupDeployment -ResourceGroupName $resourceGroupName -Name $resourceDeploymentName).Outputs        
     $outputMessage = "Use the account ""$($outputs.domainAdminAccount.value)"" (""$($outputs.domainAdminAccountFormatForBastion.value)"") to sign in"
-    $outputMessage += $outputs.ContainsKey("publicIPAddressSP") ? " to ""$($outputs.publicIPAddressSP.value)""" : "."
+    if ($outputs.ContainsKey("publicIPAddressSP") -and ![String]::IsNullOrWhiteSpace($outputs.publicIPAddressSP.value)) {
+        $outputMessage += " to ""$($outputs.publicIPAddressSP.value)"""
+    }
     Write-Host $outputMessage -ForegroundColor Green
 }
 else {