From 5c7c79174c238b8cbbef57d28f360ef45c60af47 Mon Sep 17 00:00:00 2001 From: Dany Contreras <78437433+danycontre@users.noreply.github.com> Date: Thu, 19 Dec 2024 09:03:58 -0600 Subject: [PATCH] updates --- workload/arm/deploy-baseline.json | 722 +++++++++++++++----------- workload/arm/deploy-custom-image.json | 156 +++--- 2 files changed, 526 insertions(+), 352 deletions(-) diff --git a/workload/arm/deploy-baseline.json b/workload/arm/deploy-baseline.json index 080224e11..ca4ef4b68 100644 --- a/workload/arm/deploy-baseline.json +++ b/workload/arm/deploy-baseline.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "8055374530470870110" + "version": "0.30.23.60470", + "templateHash": "7166903205795463106" }, "name": "AVD Accelerator - Baseline Deployment", "description": "AVD Accelerator - Deployment Baseline", @@ -988,6 +988,13 @@ "metadata": { "description": "Deploys anti malware extension on session hosts. (Default: true)" } + }, + "customStaticRoutes": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Additional customer-provided static routes to be added to the route tables." + } } }, "variables": { @@ -1775,8 +1782,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "2997718652572802150" + "version": "0.30.23.60470", + "templateHash": "8672838757620509839" }, "name": "Resource Groups", "description": "This module deploys a Resource Group.", @@ -1904,8 +1911,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "2997718652572802150" + "version": "0.30.23.60470", + "templateHash": "8672838757620509839" }, "name": "Resource Groups", "description": "This module deploys a Resource Group.", @@ -2028,8 +2035,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "2997718652572802150" + "version": "0.30.23.60470", + "templateHash": "8672838757620509839" }, "name": "Resource Groups", "description": "This module deploys a Resource Group.", @@ -2172,8 +2179,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "5485124520407650505" + "version": "0.30.23.60470", + "templateHash": "10746678051697223286" }, "name": "AVD LZA insights monitoring", "description": "This module deploys Log analytics workspace, DCR and policies", @@ -2310,8 +2317,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "2997718652572802150" + "version": "0.30.23.60470", + "templateHash": "8672838757620509839" }, "name": "Resource Groups", "description": "This module deploys a Resource Group.", @@ -2444,8 +2451,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "3083170160174738636" + "version": "0.30.23.60470", + "templateHash": "15282002205908158597" }, "name": "Log Analytics Workspaces", "description": "This module deploys a Log Analytics Workspace.", @@ -2677,8 +2684,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "12329258505555524534" + "version": "0.30.23.60470", + "templateHash": "8028201980853199520" }, "name": "Log Analytics Workspace Storage Insight Configs", "description": "This module deploys a Log Analytics Workspace Storage Insight Config.", @@ -2751,7 +2758,11 @@ "id": "[parameters('storageAccountResourceId')]", "key": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', last(split(parameters('storageAccountResourceId'), '/'))), '2022-09-01').keys[0].value]" } - } + }, + "dependsOn": [ + "storageAccount", + "workspace" + ] } }, "outputs": { @@ -2873,8 +2884,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "159466506229773777" + "version": "0.30.23.60470", + "templateHash": "14748218317477429392" } }, "parameters": { @@ -3048,16 +3059,16 @@ } } }, - "$fxv#1": "{\n \"name\": \"policy-deploy-diagnostics-avd-application-group\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"Custom - Deploy Diagnostic Settings for AVD Application group to Log Analytics Workspace\",\n \"description\": \"Custom - Deploys the diagnostic settings for AVD Application group to stream to a Log Analytics workspace when any application group which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all and categorys enabled.\",\n \"metadata\": {\n \"version\": \"1.0.1\",\n \"category\": \"Monitoring\"\n },\n \"parameters\": {\n \"logAnalytics\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Log Analytics workspace\",\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n \"strongType\": \"omsWorkspace\"\n }\n },\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"profileName\": {\n \"type\": \"String\",\n \"defaultValue\": \"setbypolicy\",\n \"metadata\": {\n \"displayName\": \"Profile name\",\n \"description\": \"The diagnostic settings profile name\"\n }\n },\n \"logsEnabled\": {\n \"type\": \"String\",\n \"defaultValue\": \"True\",\n \"allowedValues\": [\n \"True\",\n \"False\"\n ],\n \"metadata\": {\n \"displayName\": \"Enable logs\",\n \"description\": \"Whether to enable logs stream to the Log Analytics workspace - True or False\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"field\": \"type\",\n \"equals\": \"Microsoft.DesktopVirtualization/applicationGroups\"\n },\n \"then\": {\n \"effect\": \"[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\n \"name\": \"setByPolicy\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\n \"equals\": \"true\"\n },\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\n \"equals\": \"[parameters('logAnalytics')]\"\n }\n ]\n },\n \"roleDefinitionIds\": [\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\n ],\n \"deployment\": {\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"resourceName\": {\n \"type\": \"String\"\n },\n \"logAnalytics\": {\n \"type\": \"String\"\n },\n \"location\": {\n \"type\": \"String\"\n },\n \"profileName\": {\n \"type\": \"String\"\n },\n \"logsEnabled\": {\n \"type\": \"String\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"Microsoft.DesktopVirtualization/applicationGroups/providers/diagnosticSettings\",\n \"apiVersion\": \"2017-05-01-preview\",\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\n \"location\": \"[parameters('location')]\",\n \"dependsOn\": [],\n \"properties\": {\n \"workspaceId\": \"[parameters('logAnalytics')]\",\n \"logs\": [\n {\n \"category\": \"Checkpoint\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n },\n {\n \"category\": \"Error\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n },\n {\n \"category\": \"Management\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n }\n ]\n }\n }\n ],\n \"outputs\": {}\n },\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[parameters('logAnalytics')]\"\n },\n \"location\": {\n \"value\": \"[field('location')]\"\n },\n \"resourceName\": {\n \"value\": \"[field('name')]\"\n },\n \"profileName\": {\n \"value\": \"[parameters('profileName')]\"\n },\n \"logsEnabled\": {\n \"value\": \"[parameters('logsEnabled')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n }", - "$fxv#10": "{\n \"name\": \"policy-set-deploy-avd-diagnostics-to-log-analytics\",\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"displayName\": \"Custom - Deploy Diagnostic Settings to AVD Landing Zone\",\n \"description\": \"This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included \",\n \"metadata\": {\n \"version\": \"1.1.0\",\n \"category\": \"Monitoring\"\n },\n \"parameters\": {\n \"logAnalytics\": {\n \"metadata\": {\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n \"displayName\": \"Log Analytics workspace\",\n \"strongType\": \"omsWorkspace\"\n },\n \"type\": \"String\"\n },\n \"profileName\": {\n \"type\": \"String\",\n \"defaultValue\": \"setbypolicy\",\n \"metadata\": {\n \"displayName\": \"Profile name\",\n \"description\": \"The diagnostic settings profile name\"\n }\n },\n \"NetworkSecurityGroupsLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Network Security Groups to Log Analytics Workspace\",\n \"description\": \"Deploys the diagnostic settings for Network Security Groups to stream to a Log Analytics workspace when any Network Security Groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"NetworkNICLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Network Interfaces to Log Analytics Workspace\",\n \"description\": \"Deploys the diagnostic settings for Network Interfaces to stream to a Log Analytics workspace when any Network Interfaces which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"VirtualNetworkLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Virtual Network to Log Analytics Workspace\",\n \"description\": \"Deploys the diagnostic settings for Virtual Network to stream to a Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"VirtualMachinesLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Virtual Machines to Log Analytics Workspace\",\n \"description\": \"Deploys the diagnostic settings for Virtual Machines to stream to a Log Analytics workspace when any Virtual Machines which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"AVDScalingPlansLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for AVD Scaling Plans to Log Analytics Workspace\",\n \"description\": \"Deploys the diagnostic settings for AVD Scaling Plans to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"AVDAppGroupsLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for AVD Application Groups to Log Analytics Workspace\",\n \"description\": \"Deploys the diagnostic settings for AVD Application groups to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"AVDWorkspaceLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for AVD Workspace to Log Analytics Workspace\",\n \"description\": \"Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"AVDHostPoolsLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for AVD Host pools to Log Analytics Workspace\",\n \"description\": \"Deploys the diagnostic settings for AVD Host pools to stream to a Log Analytics workspace when any host pool which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n },\n \"AzureFilesLogAnalyticsEffect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Deploy Diagnostic Settings for Azure Files to Log Analytics Workspace\",\n \"description\": \"Deploys the diagnostic settings for Azure Files to stream to a Log Analytics workspace when any Azure Files share is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\n }\n }\n },\n \"policyDefinitions\": [\n {\n \"policyDefinitionReferenceId\": \"AVDScalingPlansDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"${avdWorkloadSubsId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AVDScalingPlans\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('AVDScalingPlansLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"AVDAppGroupDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"${avdWorkloadSubsId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AVDAppGroup\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('AVDAppGroupsLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"AVDWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"${avdWorkloadSubsId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AVDWorkspace\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('AVDWorkspaceLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"AVDHostPoolsDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"${avdWorkloadSubsId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AVDHostPools\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('AVDHostPoolsLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"${avdWorkloadSubsId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('NetworkSecurityGroupsLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"NetworkNICDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"${avdWorkloadSubsId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('NetworkNICLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"VirtualNetworkDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"${avdWorkloadSubsId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('VirtualNetworkLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"AzureFilesDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"${avdWorkloadSubsId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AzureFiles\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('AzureFilesLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n },\n {\n \"policyDefinitionReferenceId\": \"VirtualMachinesDeployDiagnosticLogDeployLogAnalytics\",\n \"policyDefinitionId\": \"${avdWorkloadSubsId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM\",\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[[parameters('logAnalytics')]\"\n },\n \"effect\": {\n \"value\": \"[[parameters('VirtualMachinesLogAnalyticsEffect')]\"\n },\n \"profileName\": {\n \"value\": \"[[parameters('profileName')]\"\n }\n },\n \"groupNames\": []\n }\n ],\n \"policyDefinitionGroups\": null\n }\n }", - "$fxv#2": "{\n \"name\": \"policy-deploy-diagnostics-avd-host-pool\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"Custom - Deploy Diagnostic Settings for AVD Host Pools to Log Analytics Workspace\",\n \"description\": \"Custom - Deploys the diagnostic settings for AVD Host Pools to stream to a Log Analytics workspace when any Host Pools which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all and categorys enabled.\",\n \"metadata\": {\n \"version\": \"1.1.0\",\n \"category\": \"Monitoring\"\n },\n \"parameters\": {\n \"logAnalytics\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Log Analytics workspace\",\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n \"strongType\": \"omsWorkspace\"\n }\n },\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"profileName\": {\n \"type\": \"String\",\n \"defaultValue\": \"setbypolicy\",\n \"metadata\": {\n \"displayName\": \"Profile name\",\n \"description\": \"The diagnostic settings profile name\"\n }\n },\n \"logsEnabled\": {\n \"type\": \"String\",\n \"defaultValue\": \"True\",\n \"allowedValues\": [\n \"True\",\n \"False\"\n ],\n \"metadata\": {\n \"displayName\": \"Enable logs\",\n \"description\": \"Whether to enable logs stream to the Log Analytics workspace - True or False\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"field\": \"type\",\n \"equals\": \"Microsoft.DesktopVirtualization/hostpools\"\n },\n \"then\": {\n \"effect\": \"[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\n \"name\": \"setByPolicy\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\n \"equals\": \"true\"\n },\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\n \"equals\": \"[parameters('logAnalytics')]\"\n }\n ]\n },\n \"roleDefinitionIds\": [\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\n ],\n \"deployment\": {\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"resourceName\": {\n \"type\": \"String\"\n },\n \"logAnalytics\": {\n \"type\": \"String\"\n },\n \"location\": {\n \"type\": \"String\"\n },\n \"profileName\": {\n \"type\": \"String\"\n },\n \"logsEnabled\": {\n \"type\": \"String\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"Microsoft.DesktopVirtualization/hostpools/providers/diagnosticSettings\",\n \"apiVersion\": \"2017-05-01-preview\",\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\n \"location\": \"[parameters('location')]\",\n \"dependsOn\": [],\n \"properties\": {\n \"workspaceId\": \"[parameters('logAnalytics')]\",\n \"logs\": [\n {\n \"category\": \"Checkpoint\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n },\n {\n \"category\": \"Error\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n },\n {\n \"category\": \"Management\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n },\n {\n \"category\": \"Connection\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n },\n {\n \"category\": \"HostRegistration\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n },\n {\n \"category\": \"AgentHealthStatus\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n },\n {\n \"category\": \"NetworkData\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n },\n {\n \"category\": \"ConnectionGraphicsData\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n },\n {\n \"category\": \"SessionHostManagement\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n }\n ]\n }\n }\n ],\n \"outputs\": {}\n },\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[parameters('logAnalytics')]\"\n },\n \"location\": {\n \"value\": \"[field('location')]\"\n },\n \"resourceName\": {\n \"value\": \"[field('name')]\"\n },\n \"profileName\": {\n \"value\": \"[parameters('profileName')]\"\n },\n \"logsEnabled\": {\n \"value\": \"[parameters('logsEnabled')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n }", - "$fxv#3": "{\n \"name\": \"policy-deploy-diagnostics-avd-scaling-plan\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"Custom - Deploy Diagnostic Settings for AVD Scaling Plans to Log Analytics Workspace\",\n \"description\": \"Custom - Deploys the diagnostic settings for AVD Scaling Plans to stream to a Log Analytics workspace when any Scaling Plan which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all and categorys enabled.\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Monitoring\"\n },\n \"parameters\": {\n \"logAnalytics\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Log Analytics workspace\",\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n \"strongType\": \"omsWorkspace\"\n }\n },\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"profileName\": {\n \"type\": \"String\",\n \"defaultValue\": \"setbypolicy\",\n \"metadata\": {\n \"displayName\": \"Profile name\",\n \"description\": \"The diagnostic settings profile name\"\n }\n },\n \"logsEnabled\": {\n \"type\": \"String\",\n \"defaultValue\": \"True\",\n \"allowedValues\": [\n \"True\",\n \"False\"\n ],\n \"metadata\": {\n \"displayName\": \"Enable logs\",\n \"description\": \"Whether to enable logs stream to the Log Analytics workspace - True or False\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"field\": \"type\",\n \"equals\": \"Microsoft.DesktopVirtualization/scalingplans\"\n },\n \"then\": {\n \"effect\": \"[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\n \"name\": \"setByPolicy\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\n \"equals\": \"true\"\n },\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\n \"equals\": \"[parameters('logAnalytics')]\"\n }\n ]\n },\n \"roleDefinitionIds\": [\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\n ],\n \"deployment\": {\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"resourceName\": {\n \"type\": \"String\"\n },\n \"logAnalytics\": {\n \"type\": \"String\"\n },\n \"location\": {\n \"type\": \"String\"\n },\n \"profileName\": {\n \"type\": \"String\"\n },\n \"logsEnabled\": {\n \"type\": \"String\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"Microsoft.DesktopVirtualization/scalingplans/providers/diagnosticSettings\",\n \"apiVersion\": \"2017-05-01-preview\",\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\n \"location\": \"[parameters('location')]\",\n \"dependsOn\": [],\n \"properties\": {\n \"workspaceId\": \"[parameters('logAnalytics')]\",\n \"logs\": [\n {\n \"category\": \"Autoscale\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n }\n ]\n }\n }\n ],\n \"outputs\": {}\n },\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[parameters('logAnalytics')]\"\n },\n \"location\": {\n \"value\": \"[field('location')]\"\n },\n \"resourceName\": {\n \"value\": \"[field('name')]\"\n },\n \"profileName\": {\n \"value\": \"[parameters('profileName')]\"\n },\n \"logsEnabled\": {\n \"value\": \"[parameters('logsEnabled')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n }", - "$fxv#4": "{\n \"name\": \"policy-deploy-diagnostics-avd-workspace\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"Custom - Deploy Diagnostic Settings for AVD Workspace to Log Analytics Workspace\",\n \"description\": \"Custom - Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all and categorys enabled.\",\n \"metadata\": {\n \"version\": \"1.0.1\",\n \"category\": \"Monitoring\"\n },\n \"parameters\": {\n \"logAnalytics\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Log Analytics workspace\",\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n \"strongType\": \"omsWorkspace\"\n }\n },\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"profileName\": {\n \"type\": \"String\",\n \"defaultValue\": \"setbypolicy\",\n \"metadata\": {\n \"displayName\": \"Profile name\",\n \"description\": \"The diagnostic settings profile name\"\n }\n },\n \"logsEnabled\": {\n \"type\": \"String\",\n \"defaultValue\": \"True\",\n \"allowedValues\": [\n \"True\",\n \"False\"\n ],\n \"metadata\": {\n \"displayName\": \"Enable logs\",\n \"description\": \"Whether to enable logs stream to the Log Analytics workspace - True or False\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"field\": \"type\",\n \"equals\": \"Microsoft.DesktopVirtualization/workspaces\"\n },\n \"then\": {\n \"effect\": \"[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\n \"name\": \"setByPolicy\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\n \"equals\": \"true\"\n },\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\n \"equals\": \"[parameters('logAnalytics')]\"\n }\n ]\n },\n \"roleDefinitionIds\": [\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\n ],\n \"deployment\": {\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"resourceName\": {\n \"type\": \"String\"\n },\n \"logAnalytics\": {\n \"type\": \"String\"\n },\n \"location\": {\n \"type\": \"String\"\n },\n \"profileName\": {\n \"type\": \"String\"\n },\n \"logsEnabled\": {\n \"type\": \"String\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"Microsoft.DesktopVirtualization/workspaces/providers/diagnosticSettings\",\n \"apiVersion\": \"2017-05-01-preview\",\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\n \"location\": \"[parameters('location')]\",\n \"dependsOn\": [],\n \"properties\": {\n \"workspaceId\": \"[parameters('logAnalytics')]\",\n \"logs\": [\n {\n \"category\": \"Checkpoint\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n },\n {\n \"category\": \"Error\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n },\n {\n \"category\": \"Management\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n },\n {\n \"category\": \"Feed\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n }\n ]\n }\n }\n ],\n \"outputs\": {}\n },\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[parameters('logAnalytics')]\"\n },\n \"location\": {\n \"value\": \"[field('location')]\"\n },\n \"resourceName\": {\n \"value\": \"[field('name')]\"\n },\n \"profileName\": {\n \"value\": \"[parameters('profileName')]\"\n },\n \"logsEnabled\": {\n \"value\": \"[parameters('logsEnabled')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n }", - "$fxv#5": "{\n \"name\": \"policy-deploy-diagnostics-network-security-group\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"Custom - Deploy Diagnostic Settings for Network Security Groups to Log Analytics Workspace\",\n \"description\": \"Custom - Deploys the diagnostic settings for Network Security Groups to stream to a Log Analytics workspace when any Network Security Groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Monitoring\"\n },\n \"parameters\": {\n \"logAnalytics\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Log Analytics workspace\",\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n \"strongType\": \"omsWorkspace\"\n }\n },\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"profileName\": {\n \"type\": \"String\",\n \"defaultValue\": \"setbypolicy\",\n \"metadata\": {\n \"displayName\": \"Profile name\",\n \"description\": \"The diagnostic settings profile name\"\n }\n },\n \"logsEnabled\": {\n \"type\": \"String\",\n \"defaultValue\": \"True\",\n \"allowedValues\": [\n \"True\",\n \"False\"\n ],\n \"metadata\": {\n \"displayName\": \"Enable logs\",\n \"description\": \"Whether to enable logs stream to the Log Analytics workspace - True or False\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\n },\n \"then\": {\n \"effect\": \"[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\n \"name\": \"setByPolicy\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\n \"equals\": \"true\"\n },\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\n \"equals\": \"[parameters('logAnalytics')]\"\n }\n ]\n },\n \"roleDefinitionIds\": [\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\n ],\n \"deployment\": {\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"resourceName\": {\n \"type\": \"String\"\n },\n \"logAnalytics\": {\n \"type\": \"String\"\n },\n \"location\": {\n \"type\": \"String\"\n },\n \"profileName\": {\n \"type\": \"String\"\n },\n \"logsEnabled\": {\n \"type\": \"String\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"Microsoft.Network/networkSecurityGroups/providers/diagnosticSettings\",\n \"apiVersion\": \"2017-05-01-preview\",\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\n \"location\": \"[parameters('location')]\",\n \"dependsOn\": [],\n \"properties\": {\n \"workspaceId\": \"[parameters('logAnalytics')]\",\n \"metrics\": [],\n \"logs\": [\n {\n \"category\": \"NetworkSecurityGroupEvent\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n },\n {\n \"category\": \"NetworkSecurityGroupRuleCounter\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n }\n ]\n }\n }\n ],\n \"outputs\": {}\n },\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[parameters('logAnalytics')]\"\n },\n \"location\": {\n \"value\": \"[field('location')]\"\n },\n \"resourceName\": {\n \"value\": \"[field('name')]\"\n },\n \"profileName\": {\n \"value\": \"[parameters('profileName')]\"\n },\n \"logsEnabled\": {\n \"value\": \"[parameters('logsEnabled')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n }", - "$fxv#6": "{\n \"name\": \"policy-deploy-diagnostics-nic\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"Custom - Deploy Diagnostic Settings for Network Interfaces to Log Analytics Workspace\",\n \"description\": \"Custom - Deploys the diagnostic settings for Network Interfaces to stream to a Log Analytics workspace when any Network Interfaces which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Monitoring\"\n },\n \"parameters\": {\n \"logAnalytics\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Log Analytics workspace\",\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n \"strongType\": \"omsWorkspace\"\n }\n },\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"profileName\": {\n \"type\": \"String\",\n \"defaultValue\": \"setbypolicy\",\n \"metadata\": {\n \"displayName\": \"Profile name\",\n \"description\": \"The diagnostic settings profile name\"\n }\n },\n \"metricsEnabled\": {\n \"type\": \"String\",\n \"defaultValue\": \"True\",\n \"allowedValues\": [\n \"True\",\n \"False\"\n ],\n \"metadata\": {\n \"displayName\": \"Enable metrics\",\n \"description\": \"Whether to enable metrics stream to the Log Analytics workspace - True or False\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Network/networkInterfaces\"\n },\n \"then\": {\n \"effect\": \"[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\n \"name\": \"setByPolicy\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\n \"equals\": \"true\"\n },\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\n \"equals\": \"[parameters('logAnalytics')]\"\n }\n ]\n },\n \"roleDefinitionIds\": [\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\n ],\n \"deployment\": {\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"resourceName\": {\n \"type\": \"String\"\n },\n \"logAnalytics\": {\n \"type\": \"String\"\n },\n \"location\": {\n \"type\": \"String\"\n },\n \"profileName\": {\n \"type\": \"String\"\n },\n \"metricsEnabled\": {\n \"type\": \"String\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"Microsoft.Network/networkInterfaces/providers/diagnosticSettings\",\n \"apiVersion\": \"2017-05-01-preview\",\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\n \"location\": \"[parameters('location')]\",\n \"dependsOn\": [],\n \"properties\": {\n \"workspaceId\": \"[parameters('logAnalytics')]\",\n \"metrics\": [\n {\n \"category\": \"AllMetrics\",\n \"timeGrain\": null,\n \"enabled\": \"[parameters('metricsEnabled')]\",\n \"retentionPolicy\": {\n \"enabled\": false,\n \"days\": 0\n }\n }\n ]\n }\n }\n ],\n \"outputs\": {}\n },\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[parameters('logAnalytics')]\"\n },\n \"location\": {\n \"value\": \"[field('location')]\"\n },\n \"resourceName\": {\n \"value\": \"[field('name')]\"\n },\n \"profileName\": {\n \"value\": \"[parameters('profileName')]\"\n },\n \"metricsEnabled\": {\n \"value\": \"[parameters('metricsEnabled')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n }", - "$fxv#7": "{\n \"name\": \"policy-deploy-diagnostics-virtual-machine\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"Custom - Deploy Diagnostic Settings for Virtual Machines to Log Analytics Workspace\",\n \"description\": \"CUstom - Deploys the diagnostic settings for Virtual Machines to stream to a Log Analytics workspace when any Virtual Machines which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Monitoring\"\n },\n \"parameters\": {\n \"logAnalytics\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Log Analytics workspace\",\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n \"strongType\": \"omsWorkspace\"\n }\n },\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"profileName\": {\n \"type\": \"String\",\n \"defaultValue\": \"setbypolicy\",\n \"metadata\": {\n \"displayName\": \"Profile name\",\n \"description\": \"The diagnostic settings profile name\"\n }\n },\n \"metricsEnabled\": {\n \"type\": \"String\",\n \"defaultValue\": \"True\",\n \"allowedValues\": [\n \"True\",\n \"False\"\n ],\n \"metadata\": {\n \"displayName\": \"Enable metrics\",\n \"description\": \"Whether to enable metrics stream to the Log Analytics workspace - True or False\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Compute/virtualMachines\"\n },\n \"then\": {\n \"effect\": \"[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\n \"name\": \"setByPolicy\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\n \"equals\": \"true\"\n },\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\n \"equals\": \"[parameters('logAnalytics')]\"\n }\n ]\n },\n \"roleDefinitionIds\": [\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\n ],\n \"deployment\": {\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"resourceName\": {\n \"type\": \"String\"\n },\n \"logAnalytics\": {\n \"type\": \"String\"\n },\n \"location\": {\n \"type\": \"String\"\n },\n \"profileName\": {\n \"type\": \"String\"\n },\n \"metricsEnabled\": {\n \"type\": \"String\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"Microsoft.Compute/virtualMachines/providers/diagnosticSettings\",\n \"apiVersion\": \"2017-05-01-preview\",\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\n \"location\": \"[parameters('location')]\",\n \"dependsOn\": [],\n \"properties\": {\n \"workspaceId\": \"[parameters('logAnalytics')]\",\n \"metrics\": [\n {\n \"category\": \"AllMetrics\",\n \"enabled\": \"[parameters('metricsEnabled')]\",\n \"retentionPolicy\": {\n \"enabled\": false,\n \"days\": 0\n }\n }\n ],\n \"logs\": []\n }\n }\n ],\n \"outputs\": {}\n },\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[parameters('logAnalytics')]\"\n },\n \"location\": {\n \"value\": \"[field('location')]\"\n },\n \"resourceName\": {\n \"value\": \"[field('name')]\"\n },\n \"profileName\": {\n \"value\": \"[parameters('profileName')]\"\n },\n \"metricsEnabled\": {\n \"value\": \"[parameters('metricsEnabled')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n }", - "$fxv#8": "{\n \"name\": \"policy-deploy-diagnostics-virtual-network\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"Custom - Deploy Diagnostic Settings for Virtual Network to Log Analytics Workspace\",\n \"description\": \"Custom - Deploys the diagnostic settings for Virtual Network to stream to a Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Monitoring\"\n },\n \"parameters\": {\n \"logAnalytics\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Log Analytics workspace\",\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n \"strongType\": \"omsWorkspace\"\n }\n },\n \"effect\": {\n \"type\": \"String\",\n \"defaultValue\": \"DeployIfNotExists\",\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"Disabled\"\n ],\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n }\n },\n \"profileName\": {\n \"type\": \"String\",\n \"defaultValue\": \"setbypolicy\",\n \"metadata\": {\n \"displayName\": \"Profile name\",\n \"description\": \"The diagnostic settings profile name\"\n }\n },\n \"metricsEnabled\": {\n \"type\": \"String\",\n \"defaultValue\": \"True\",\n \"allowedValues\": [\n \"True\",\n \"False\"\n ],\n \"metadata\": {\n \"displayName\": \"Enable metrics\",\n \"description\": \"Whether to enable metrics stream to the Log Analytics workspace - True or False\"\n }\n },\n \"logsEnabled\": {\n \"type\": \"String\",\n \"defaultValue\": \"True\",\n \"allowedValues\": [\n \"True\",\n \"False\"\n ],\n \"metadata\": {\n \"displayName\": \"Enable logs\",\n \"description\": \"Whether to enable logs stream to the Log Analytics workspace - True or False\"\n }\n }\n },\n \"policyRule\": {\n \"if\": {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Network/virtualNetworks\"\n },\n \"then\": {\n \"effect\": \"[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\n \"name\": \"setByPolicy\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\n \"equals\": \"true\"\n },\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\n \"equals\": \"true\"\n },\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\n \"equals\": \"[parameters('logAnalytics')]\"\n }\n ]\n },\n \"roleDefinitionIds\": [\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\n ],\n \"deployment\": {\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"resourceName\": {\n \"type\": \"String\"\n },\n \"logAnalytics\": {\n \"type\": \"String\"\n },\n \"location\": {\n \"type\": \"String\"\n },\n \"profileName\": {\n \"type\": \"String\"\n },\n \"metricsEnabled\": {\n \"type\": \"String\"\n },\n \"logsEnabled\": {\n \"type\": \"String\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"Microsoft.Network/virtualNetworks/providers/diagnosticSettings\",\n \"apiVersion\": \"2017-05-01-preview\",\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\n \"location\": \"[parameters('location')]\",\n \"dependsOn\": [],\n \"properties\": {\n \"workspaceId\": \"[parameters('logAnalytics')]\",\n \"metrics\": [\n {\n \"category\": \"AllMetrics\",\n \"enabled\": \"[parameters('metricsEnabled')]\",\n \"retentionPolicy\": {\n \"enabled\": false,\n \"days\": 0\n }\n }\n ],\n \"logs\": [\n {\n \"category\": \"VMProtectionAlerts\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n }\n ]\n }\n }\n ],\n \"outputs\": {}\n },\n \"parameters\": {\n \"logAnalytics\": {\n \"value\": \"[parameters('logAnalytics')]\"\n },\n \"location\": {\n \"value\": \"[field('location')]\"\n },\n \"resourceName\": {\n \"value\": \"[field('name')]\"\n },\n \"profileName\": {\n \"value\": \"[parameters('profileName')]\"\n },\n \"metricsEnabled\": {\n \"value\": \"[parameters('metricsEnabled')]\"\n },\n \"logsEnabled\": {\n \"value\": \"[parameters('logsEnabled')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n }", - "$fxv#9": "{\n \"name\": \"policy-deploy-diagnostics-azure-files\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"All\",\n \"displayName\": \"Custom - Deploy Diagnostic Settings for Azure Files to Log Analytics Workspace\",\n \"description\": \"Custom - Deploys the diagnostic settings for File Services to stream resource logs to a Log Analytics workspace when any file Service which is missing this diagnostic settings is created or updated.\",\n \"metadata\": {\n \"version\": \"1.0.0\",\n \"category\": \"Monitoring\"\n },\n \"policyRule\": {\n \"if\": {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Storage/storageAccounts/fileServices\"\n },\n \"then\": {\n \"effect\": \"[parameters('effect')]\",\n \"details\": {\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\n \"name\": \"[parameters('profileName')]\",\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\n \"equals\": \"[parameters('logsEnabled')]\"\n },\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\n \"equals\": \"[parameters('metricsEnabled')]\"\n },\n {\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\n \"equals\": \"[parameters('logAnalytics')]\"\n }\n ]\n },\n \"roleDefinitionIds\": [\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\n ],\n \"deployment\": {\n \"properties\": {\n \"mode\": \"incremental\",\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"resourceName\": {\n \"type\": \"string\"\n },\n \"location\": {\n \"type\": \"string\"\n },\n \"logAnalytics\": {\n \"type\": \"string\"\n },\n \"metricsEnabled\": {\n \"type\": \"bool\"\n },\n \"logsEnabled\": {\n \"type\": \"bool\"\n },\n \"profileName\": {\n \"type\": \"string\"\n }\n },\n \"variables\": {},\n \"resources\": [\n {\n \"type\": \"Microsoft.Storage/storageAccounts/fileServices/providers/diagnosticSettings\",\n \"apiVersion\": \"2021-05-01-preview\",\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\n \"location\": \"[parameters('location')]\",\n \"dependsOn\": [],\n \"properties\": {\n \"workspaceId\": \"[parameters('logAnalytics')]\",\n \"metrics\": [\n {\n \"category\": \"Transaction\",\n \"enabled\": \"[parameters('metricsEnabled')]\"\n }\n ],\n \"logs\": [\n {\n \"category\": \"StorageRead\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n },\n {\n \"category\": \"StorageWrite\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n },\n {\n \"category\": \"StorageDelete\",\n \"enabled\": \"[parameters('logsEnabled')]\"\n }\n ]\n }\n }\n ],\n \"outputs\": {}\n },\n \"parameters\": {\n \"location\": {\n \"value\": \"[field('location')]\"\n },\n \"resourceName\": {\n \"value\": \"[field('fullName')]\"\n },\n \"logAnalytics\": {\n \"value\": \"[parameters('logAnalytics')]\"\n },\n \"metricsEnabled\": {\n \"value\": \"[parameters('metricsEnabled')]\"\n },\n \"logsEnabled\": {\n \"value\": \"[parameters('logsEnabled')]\"\n },\n \"profileName\": {\n \"value\": \"[parameters('profileName')]\"\n }\n }\n }\n }\n }\n }\n },\n \"parameters\": {\n \"effect\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Effect\",\n \"description\": \"Enable or disable the execution of the policy\"\n },\n \"allowedValues\": [\n \"DeployIfNotExists\",\n \"AuditIfNotExists\",\n \"Disabled\"\n ],\n \"defaultValue\": \"DeployIfNotExists\"\n },\n \"profileName\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Profile name\",\n \"description\": \"The diagnostic settings profile name\"\n },\n \"defaultValue\": \"setbypolicy\"\n },\n \"logAnalytics\": {\n \"type\": \"String\",\n \"metadata\": {\n \"displayName\": \"Log Analytics workspace\",\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\n \"strongType\": \"omsWorkspace\",\n \"assignPermissions\": true\n }\n },\n \"metricsEnabled\": {\n \"type\": \"Boolean\",\n \"metadata\": {\n \"displayName\": \"Enable metrics\",\n \"description\": \"Whether to enable metrics stream to the Log Analytics workspace - True or False\"\n },\n \"allowedValues\": [\n true,\n false\n ],\n \"defaultValue\": true\n },\n \"logsEnabled\": {\n \"type\": \"Boolean\",\n \"metadata\": {\n \"displayName\": \"Enable logs\",\n \"description\": \"Whether to enable logs stream to the Log Analytics workspace - True or False\"\n },\n \"allowedValues\": [\n true,\n false\n ],\n \"defaultValue\": true\n }\n }\n }\n}", + "$fxv#1": "{\r\n \"name\": \"policy-deploy-diagnostics-avd-application-group\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"scope\": null,\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"displayName\": \"Custom - Deploy Diagnostic Settings for AVD Application group to Log Analytics Workspace\",\r\n \"description\": \"Custom - Deploys the diagnostic settings for AVD Application group to stream to a Log Analytics workspace when any application group which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all and categorys enabled.\",\r\n \"metadata\": {\r\n \"version\": \"1.0.1\",\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"DeployIfNotExists\",\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n }\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"setbypolicy\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n }\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"True\",\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Enable logs\",\r\n \"description\": \"Whether to enable logs stream to the Log Analytics workspace - True or False\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DesktopVirtualization/applicationGroups\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"setByPolicy\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\r\n \"equals\": \"[parameters('logAnalytics')]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"String\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"String\"\r\n },\r\n \"location\": {\r\n \"type\": \"String\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.DesktopVirtualization/applicationGroups/providers/diagnosticSettings\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [],\r\n \"properties\": {\r\n \"workspaceId\": \"[parameters('logAnalytics')]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"Checkpoint\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"Error\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"Management\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[parameters('profileName')]\"\r\n },\r\n \"logsEnabled\": {\r\n \"value\": \"[parameters('logsEnabled')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }", + "$fxv#10": "{\r\n \"name\": \"policy-set-deploy-avd-diagnostics-to-log-analytics\",\r\n \"type\": \"Microsoft.Authorization/policySetDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"scope\": null,\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"displayName\": \"Custom - Deploy Diagnostic Settings to AVD Landing Zone\",\r\n \"description\": \"This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. See the list of policies of the services that are included \",\r\n \"metadata\": {\r\n \"version\": \"1.1.0\",\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"metadata\": {\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"strongType\": \"omsWorkspace\"\r\n },\r\n \"type\": \"String\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"setbypolicy\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n }\r\n },\r\n \"NetworkSecurityGroupsLogAnalyticsEffect\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"DeployIfNotExists\",\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for Network Security Groups to Log Analytics Workspace\",\r\n \"description\": \"Deploys the diagnostic settings for Network Security Groups to stream to a Log Analytics workspace when any Network Security Groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\r\n }\r\n },\r\n \"NetworkNICLogAnalyticsEffect\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"DeployIfNotExists\",\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for Network Interfaces to Log Analytics Workspace\",\r\n \"description\": \"Deploys the diagnostic settings for Network Interfaces to stream to a Log Analytics workspace when any Network Interfaces which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\r\n }\r\n },\r\n \"VirtualNetworkLogAnalyticsEffect\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"DeployIfNotExists\",\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for Virtual Network to Log Analytics Workspace\",\r\n \"description\": \"Deploys the diagnostic settings for Virtual Network to stream to a Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\r\n }\r\n },\r\n \"VirtualMachinesLogAnalyticsEffect\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"DeployIfNotExists\",\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for Virtual Machines to Log Analytics Workspace\",\r\n \"description\": \"Deploys the diagnostic settings for Virtual Machines to stream to a Log Analytics workspace when any Virtual Machines which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\r\n }\r\n },\r\n \"AVDScalingPlansLogAnalyticsEffect\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"DeployIfNotExists\",\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for AVD Scaling Plans to Log Analytics Workspace\",\r\n \"description\": \"Deploys the diagnostic settings for AVD Scaling Plans to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\r\n }\r\n },\r\n \"AVDAppGroupsLogAnalyticsEffect\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"DeployIfNotExists\",\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for AVD Application Groups to Log Analytics Workspace\",\r\n \"description\": \"Deploys the diagnostic settings for AVD Application groups to stream to a Log Analytics workspace when any application groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\r\n }\r\n },\r\n \"AVDWorkspaceLogAnalyticsEffect\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"DeployIfNotExists\",\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for AVD Workspace to Log Analytics Workspace\",\r\n \"description\": \"Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\r\n }\r\n },\r\n \"AVDHostPoolsLogAnalyticsEffect\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"DeployIfNotExists\",\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for AVD Host pools to Log Analytics Workspace\",\r\n \"description\": \"Deploys the diagnostic settings for AVD Host pools to stream to a Log Analytics workspace when any host pool which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\r\n }\r\n },\r\n \"AzureFilesLogAnalyticsEffect\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"DeployIfNotExists\",\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Deploy Diagnostic Settings for Azure Files to Log Analytics Workspace\",\r\n \"description\": \"Deploys the diagnostic settings for Azure Files to stream to a Log Analytics workspace when any Azure Files share is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\"\r\n }\r\n }\r\n },\r\n \"policyDefinitions\": [\r\n {\r\n \"policyDefinitionReferenceId\": \"AVDScalingPlansDeployDiagnosticLogDeployLogAnalytics\",\r\n \"policyDefinitionId\": \"${avdWorkloadSubsId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AVDScalingPlans\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[[parameters('logAnalytics')]\"\r\n },\r\n \"effect\": {\r\n \"value\": \"[[parameters('AVDScalingPlansLogAnalyticsEffect')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[[parameters('profileName')]\"\r\n }\r\n },\r\n \"groupNames\": []\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AVDAppGroupDeployDiagnosticLogDeployLogAnalytics\",\r\n \"policyDefinitionId\": \"${avdWorkloadSubsId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AVDAppGroup\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[[parameters('logAnalytics')]\"\r\n },\r\n \"effect\": {\r\n \"value\": \"[[parameters('AVDAppGroupsLogAnalyticsEffect')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[[parameters('profileName')]\"\r\n }\r\n },\r\n \"groupNames\": []\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AVDWorkspaceDeployDiagnosticLogDeployLogAnalytics\",\r\n \"policyDefinitionId\": \"${avdWorkloadSubsId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AVDWorkspace\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[[parameters('logAnalytics')]\"\r\n },\r\n \"effect\": {\r\n \"value\": \"[[parameters('AVDWorkspaceLogAnalyticsEffect')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[[parameters('profileName')]\"\r\n }\r\n },\r\n \"groupNames\": []\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AVDHostPoolsDeployDiagnosticLogDeployLogAnalytics\",\r\n \"policyDefinitionId\": \"${avdWorkloadSubsId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AVDHostPools\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[[parameters('logAnalytics')]\"\r\n },\r\n \"effect\": {\r\n \"value\": \"[[parameters('AVDHostPoolsLogAnalyticsEffect')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[[parameters('profileName')]\"\r\n }\r\n },\r\n \"groupNames\": []\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics\",\r\n \"policyDefinitionId\": \"${avdWorkloadSubsId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[[parameters('logAnalytics')]\"\r\n },\r\n \"effect\": {\r\n \"value\": \"[[parameters('NetworkSecurityGroupsLogAnalyticsEffect')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[[parameters('profileName')]\"\r\n }\r\n },\r\n \"groupNames\": []\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"NetworkNICDeployDiagnosticLogDeployLogAnalytics\",\r\n \"policyDefinitionId\": \"${avdWorkloadSubsId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[[parameters('logAnalytics')]\"\r\n },\r\n \"effect\": {\r\n \"value\": \"[[parameters('NetworkNICLogAnalyticsEffect')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[[parameters('profileName')]\"\r\n }\r\n },\r\n \"groupNames\": []\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"VirtualNetworkDeployDiagnosticLogDeployLogAnalytics\",\r\n \"policyDefinitionId\": \"${avdWorkloadSubsId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[[parameters('logAnalytics')]\"\r\n },\r\n \"effect\": {\r\n \"value\": \"[[parameters('VirtualNetworkLogAnalyticsEffect')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[[parameters('profileName')]\"\r\n }\r\n },\r\n \"groupNames\": []\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"AzureFilesDeployDiagnosticLogDeployLogAnalytics\",\r\n \"policyDefinitionId\": \"${avdWorkloadSubsId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AzureFiles\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[[parameters('logAnalytics')]\"\r\n },\r\n \"effect\": {\r\n \"value\": \"[[parameters('AzureFilesLogAnalyticsEffect')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[[parameters('profileName')]\"\r\n }\r\n },\r\n \"groupNames\": []\r\n },\r\n {\r\n \"policyDefinitionReferenceId\": \"VirtualMachinesDeployDiagnosticLogDeployLogAnalytics\",\r\n \"policyDefinitionId\": \"${avdWorkloadSubsId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM\",\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[[parameters('logAnalytics')]\"\r\n },\r\n \"effect\": {\r\n \"value\": \"[[parameters('VirtualMachinesLogAnalyticsEffect')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[[parameters('profileName')]\"\r\n }\r\n },\r\n \"groupNames\": []\r\n }\r\n ],\r\n \"policyDefinitionGroups\": null\r\n }\r\n }", + "$fxv#2": "{\r\n \"name\": \"policy-deploy-diagnostics-avd-host-pool\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"scope\": null,\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"displayName\": \"Custom - Deploy Diagnostic Settings for AVD Host Pools to Log Analytics Workspace\",\r\n \"description\": \"Custom - Deploys the diagnostic settings for AVD Host Pools to stream to a Log Analytics workspace when any Host Pools which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all and categorys enabled.\",\r\n \"metadata\": {\r\n \"version\": \"1.1.0\",\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"DeployIfNotExists\",\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n }\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"setbypolicy\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n }\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"True\",\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Enable logs\",\r\n \"description\": \"Whether to enable logs stream to the Log Analytics workspace - True or False\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DesktopVirtualization/hostpools\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"setByPolicy\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\r\n \"equals\": \"[parameters('logAnalytics')]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"String\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"String\"\r\n },\r\n \"location\": {\r\n \"type\": \"String\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.DesktopVirtualization/hostpools/providers/diagnosticSettings\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [],\r\n \"properties\": {\r\n \"workspaceId\": \"[parameters('logAnalytics')]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"Checkpoint\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"Error\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"Management\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"Connection\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"HostRegistration\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"AgentHealthStatus\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"NetworkData\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"ConnectionGraphicsData\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"SessionHostManagement\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[parameters('profileName')]\"\r\n },\r\n \"logsEnabled\": {\r\n \"value\": \"[parameters('logsEnabled')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }", + "$fxv#3": "{\r\n \"name\": \"policy-deploy-diagnostics-avd-scaling-plan\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"scope\": null,\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"displayName\": \"Custom - Deploy Diagnostic Settings for AVD Scaling Plans to Log Analytics Workspace\",\r\n \"description\": \"Custom - Deploys the diagnostic settings for AVD Scaling Plans to stream to a Log Analytics workspace when any Scaling Plan which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all and categorys enabled.\",\r\n \"metadata\": {\r\n \"version\": \"1.0.0\",\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"DeployIfNotExists\",\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n }\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"setbypolicy\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n }\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"True\",\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Enable logs\",\r\n \"description\": \"Whether to enable logs stream to the Log Analytics workspace - True or False\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DesktopVirtualization/scalingplans\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"setByPolicy\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\r\n \"equals\": \"[parameters('logAnalytics')]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"String\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"String\"\r\n },\r\n \"location\": {\r\n \"type\": \"String\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.DesktopVirtualization/scalingplans/providers/diagnosticSettings\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [],\r\n \"properties\": {\r\n \"workspaceId\": \"[parameters('logAnalytics')]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"Autoscale\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[parameters('profileName')]\"\r\n },\r\n \"logsEnabled\": {\r\n \"value\": \"[parameters('logsEnabled')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }", + "$fxv#4": "{\r\n \"name\": \"policy-deploy-diagnostics-avd-workspace\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"scope\": null,\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"displayName\": \"Custom - Deploy Diagnostic Settings for AVD Workspace to Log Analytics Workspace\",\r\n \"description\": \"Custom - Deploys the diagnostic settings for AVD Workspace to stream to a Log Analytics workspace when any Workspace which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all and categorys enabled.\",\r\n \"metadata\": {\r\n \"version\": \"1.0.1\",\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"DeployIfNotExists\",\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n }\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"setbypolicy\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n }\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"True\",\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Enable logs\",\r\n \"description\": \"Whether to enable logs stream to the Log Analytics workspace - True or False\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.DesktopVirtualization/workspaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"setByPolicy\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\r\n \"equals\": \"[parameters('logAnalytics')]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"String\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"String\"\r\n },\r\n \"location\": {\r\n \"type\": \"String\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.DesktopVirtualization/workspaces/providers/diagnosticSettings\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [],\r\n \"properties\": {\r\n \"workspaceId\": \"[parameters('logAnalytics')]\",\r\n \"logs\": [\r\n {\r\n \"category\": \"Checkpoint\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"Error\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"Management\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"Feed\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[parameters('profileName')]\"\r\n },\r\n \"logsEnabled\": {\r\n \"value\": \"[parameters('logsEnabled')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }", + "$fxv#5": "{\r\n \"name\": \"policy-deploy-diagnostics-network-security-group\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"scope\": null,\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"displayName\": \"Custom - Deploy Diagnostic Settings for Network Security Groups to Log Analytics Workspace\",\r\n \"description\": \"Custom - Deploys the diagnostic settings for Network Security Groups to stream to a Log Analytics workspace when any Network Security Groups which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\r\n \"metadata\": {\r\n \"version\": \"1.0.0\",\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"DeployIfNotExists\",\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n }\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"setbypolicy\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n }\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"True\",\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Enable logs\",\r\n \"description\": \"Whether to enable logs stream to the Log Analytics workspace - True or False\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkSecurityGroups\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"setByPolicy\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\r\n \"equals\": \"[parameters('logAnalytics')]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"String\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"String\"\r\n },\r\n \"location\": {\r\n \"type\": \"String\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Network/networkSecurityGroups/providers/diagnosticSettings\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [],\r\n \"properties\": {\r\n \"workspaceId\": \"[parameters('logAnalytics')]\",\r\n \"metrics\": [],\r\n \"logs\": [\r\n {\r\n \"category\": \"NetworkSecurityGroupEvent\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"NetworkSecurityGroupRuleCounter\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[parameters('profileName')]\"\r\n },\r\n \"logsEnabled\": {\r\n \"value\": \"[parameters('logsEnabled')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }", + "$fxv#6": "{\r\n \"name\": \"policy-deploy-diagnostics-nic\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"scope\": null,\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"displayName\": \"Custom - Deploy Diagnostic Settings for Network Interfaces to Log Analytics Workspace\",\r\n \"description\": \"Custom - Deploys the diagnostic settings for Network Interfaces to stream to a Log Analytics workspace when any Network Interfaces which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\r\n \"metadata\": {\r\n \"version\": \"1.0.0\",\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"DeployIfNotExists\",\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n }\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"setbypolicy\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n }\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"True\",\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Enable metrics\",\r\n \"description\": \"Whether to enable metrics stream to the Log Analytics workspace - True or False\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/networkInterfaces\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"setByPolicy\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\r\n \"equals\": \"[parameters('logAnalytics')]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"String\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"String\"\r\n },\r\n \"location\": {\r\n \"type\": \"String\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\"\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Network/networkInterfaces/providers/diagnosticSettings\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [],\r\n \"properties\": {\r\n \"workspaceId\": \"[parameters('logAnalytics')]\",\r\n \"metrics\": [\r\n {\r\n \"category\": \"AllMetrics\",\r\n \"timeGrain\": null,\r\n \"enabled\": \"[parameters('metricsEnabled')]\",\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[parameters('profileName')]\"\r\n },\r\n \"metricsEnabled\": {\r\n \"value\": \"[parameters('metricsEnabled')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }", + "$fxv#7": "{\r\n \"name\": \"policy-deploy-diagnostics-virtual-machine\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"scope\": null,\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"displayName\": \"Custom - Deploy Diagnostic Settings for Virtual Machines to Log Analytics Workspace\",\r\n \"description\": \"CUstom - Deploys the diagnostic settings for Virtual Machines to stream to a Log Analytics workspace when any Virtual Machines which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\r\n \"metadata\": {\r\n \"version\": \"1.0.0\",\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"DeployIfNotExists\",\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n }\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"setbypolicy\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n }\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"True\",\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Enable metrics\",\r\n \"description\": \"Whether to enable metrics stream to the Log Analytics workspace - True or False\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"setByPolicy\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\r\n \"equals\": \"[parameters('logAnalytics')]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"String\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"String\"\r\n },\r\n \"location\": {\r\n \"type\": \"String\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\"\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Compute/virtualMachines/providers/diagnosticSettings\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [],\r\n \"properties\": {\r\n \"workspaceId\": \"[parameters('logAnalytics')]\",\r\n \"metrics\": [\r\n {\r\n \"category\": \"AllMetrics\",\r\n \"enabled\": \"[parameters('metricsEnabled')]\",\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ],\r\n \"logs\": []\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[parameters('profileName')]\"\r\n },\r\n \"metricsEnabled\": {\r\n \"value\": \"[parameters('metricsEnabled')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }", + "$fxv#8": "{\r\n \"name\": \"policy-deploy-diagnostics-virtual-network\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"scope\": null,\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"displayName\": \"Custom - Deploy Diagnostic Settings for Virtual Network to Log Analytics Workspace\",\r\n \"description\": \"Custom - Deploys the diagnostic settings for Virtual Network to stream to a Log Analytics workspace when any Virtual Network which is missing this diagnostic settings is created or updated. The Policy will set the diagnostic with all metrics and category enabled\",\r\n \"metadata\": {\r\n \"version\": \"1.0.0\",\r\n \"category\": \"Monitoring\"\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\"\r\n }\r\n },\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"DeployIfNotExists\",\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n }\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"setbypolicy\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n }\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"True\",\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Enable metrics\",\r\n \"description\": \"Whether to enable metrics stream to the Log Analytics workspace - True or False\"\r\n }\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\",\r\n \"defaultValue\": \"True\",\r\n \"allowedValues\": [\r\n \"True\",\r\n \"False\"\r\n ],\r\n \"metadata\": {\r\n \"displayName\": \"Enable logs\",\r\n \"description\": \"Whether to enable logs stream to the Log Analytics workspace - True or False\"\r\n }\r\n }\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Network/virtualNetworks\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"setByPolicy\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"true\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\r\n \"equals\": \"[parameters('logAnalytics')]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"String\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"String\"\r\n },\r\n \"location\": {\r\n \"type\": \"String\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\"\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"String\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"String\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Network/virtualNetworks/providers/diagnosticSettings\",\r\n \"apiVersion\": \"2017-05-01-preview\",\r\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [],\r\n \"properties\": {\r\n \"workspaceId\": \"[parameters('logAnalytics')]\",\r\n \"metrics\": [\r\n {\r\n \"category\": \"AllMetrics\",\r\n \"enabled\": \"[parameters('metricsEnabled')]\",\r\n \"retentionPolicy\": {\r\n \"enabled\": false,\r\n \"days\": 0\r\n }\r\n }\r\n ],\r\n \"logs\": [\r\n {\r\n \"category\": \"VMProtectionAlerts\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n },\r\n \"parameters\": {\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[parameters('profileName')]\"\r\n },\r\n \"metricsEnabled\": {\r\n \"value\": \"[parameters('metricsEnabled')]\"\r\n },\r\n \"logsEnabled\": {\r\n \"value\": \"[parameters('logsEnabled')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }", + "$fxv#9": "{\r\n \"name\": \"policy-deploy-diagnostics-azure-files\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"scope\": null,\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"All\",\r\n \"displayName\": \"Custom - Deploy Diagnostic Settings for Azure Files to Log Analytics Workspace\",\r\n \"description\": \"Custom - Deploys the diagnostic settings for File Services to stream resource logs to a Log Analytics workspace when any file Service which is missing this diagnostic settings is created or updated.\",\r\n \"metadata\": {\r\n \"version\": \"1.0.0\",\r\n \"category\": \"Monitoring\"\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Storage/storageAccounts/fileServices\"\r\n },\r\n \"then\": {\r\n \"effect\": \"[parameters('effect')]\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Insights/diagnosticSettings\",\r\n \"name\": \"[parameters('profileName')]\",\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/logs.enabled\",\r\n \"equals\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/metrics.enabled\",\r\n \"equals\": \"[parameters('metricsEnabled')]\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Insights/diagnosticSettings/workspaceId\",\r\n \"equals\": \"[parameters('logAnalytics')]\"\r\n }\r\n ]\r\n },\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa\",\r\n \"/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293\"\r\n ],\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"resourceName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"string\"\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"bool\"\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"bool\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {},\r\n \"resources\": [\r\n {\r\n \"type\": \"Microsoft.Storage/storageAccounts/fileServices/providers/diagnosticSettings\",\r\n \"apiVersion\": \"2021-05-01-preview\",\r\n \"name\": \"[concat(parameters('resourceName'), '/', 'Microsoft.Insights/', parameters('profileName'))]\",\r\n \"location\": \"[parameters('location')]\",\r\n \"dependsOn\": [],\r\n \"properties\": {\r\n \"workspaceId\": \"[parameters('logAnalytics')]\",\r\n \"metrics\": [\r\n {\r\n \"category\": \"Transaction\",\r\n \"enabled\": \"[parameters('metricsEnabled')]\"\r\n }\r\n ],\r\n \"logs\": [\r\n {\r\n \"category\": \"StorageRead\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"StorageWrite\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n },\r\n {\r\n \"category\": \"StorageDelete\",\r\n \"enabled\": \"[parameters('logsEnabled')]\"\r\n }\r\n ]\r\n }\r\n }\r\n ],\r\n \"outputs\": {}\r\n },\r\n \"parameters\": {\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n },\r\n \"resourceName\": {\r\n \"value\": \"[field('fullName')]\"\r\n },\r\n \"logAnalytics\": {\r\n \"value\": \"[parameters('logAnalytics')]\"\r\n },\r\n \"metricsEnabled\": {\r\n \"value\": \"[parameters('metricsEnabled')]\"\r\n },\r\n \"logsEnabled\": {\r\n \"value\": \"[parameters('logsEnabled')]\"\r\n },\r\n \"profileName\": {\r\n \"value\": \"[parameters('profileName')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"effect\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Effect\",\r\n \"description\": \"Enable or disable the execution of the policy\"\r\n },\r\n \"allowedValues\": [\r\n \"DeployIfNotExists\",\r\n \"AuditIfNotExists\",\r\n \"Disabled\"\r\n ],\r\n \"defaultValue\": \"DeployIfNotExists\"\r\n },\r\n \"profileName\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Profile name\",\r\n \"description\": \"The diagnostic settings profile name\"\r\n },\r\n \"defaultValue\": \"setbypolicy\"\r\n },\r\n \"logAnalytics\": {\r\n \"type\": \"String\",\r\n \"metadata\": {\r\n \"displayName\": \"Log Analytics workspace\",\r\n \"description\": \"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant 'Log Analytics Contributor' permissions (or similar) to the policy assignment's principal ID.\",\r\n \"strongType\": \"omsWorkspace\",\r\n \"assignPermissions\": true\r\n }\r\n },\r\n \"metricsEnabled\": {\r\n \"type\": \"Boolean\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable metrics\",\r\n \"description\": \"Whether to enable metrics stream to the Log Analytics workspace - True or False\"\r\n },\r\n \"allowedValues\": [\r\n true,\r\n false\r\n ],\r\n \"defaultValue\": true\r\n },\r\n \"logsEnabled\": {\r\n \"type\": \"Boolean\",\r\n \"metadata\": {\r\n \"displayName\": \"Enable logs\",\r\n \"description\": \"Whether to enable logs stream to the Log Analytics workspace - True or False\"\r\n },\r\n \"allowedValues\": [\r\n true,\r\n false\r\n ],\r\n \"defaultValue\": true\r\n }\r\n }\r\n }\r\n}", "varComputeServObjRgs": [ { "rgName": "[parameters('computeObjectsRgName')]" @@ -3202,8 +3213,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "15463854004391961762" + "version": "0.30.23.60470", + "templateHash": "16641541366344144948" } }, "parameters": { @@ -3353,8 +3364,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "12587950234173561119" + "version": "0.30.23.60470", + "templateHash": "7209574149100326788" } }, "parameters": { @@ -3503,8 +3514,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "15421130529251696480" + "version": "0.30.23.60470", + "templateHash": "15074949129863647497" }, "name": "Policy Assignments (Resource Group scope)", "description": "This module deploys a Policy Assignment at a Resource Group scope.", @@ -3754,8 +3765,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "13897376912843476576" + "version": "0.30.23.60470", + "templateHash": "13526857440223039502" }, "name": "Policy Insights Remediations (Resource Group scope)", "description": "This module deploys a Policy Insights Remediation on a Resource Group scope.", @@ -3923,8 +3934,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "10311140424069766046" + "version": "0.30.23.60470", + "templateHash": "12831035809041306123" } }, "parameters": { @@ -4178,7 +4189,10 @@ "value": "[variables('varDnsServers')]" }, "tags": "[if(parameters('createResourceTags'), createObject('value', union(variables('varCustomResourceTags'), variables('varAvdDefaultTags'))), createObject('value', variables('varAvdDefaultTags')))]", - "alaWorkspaceResourceId": "[if(parameters('avdDeployMonitoring'), if(parameters('deployAlaWorkspace'), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Monitoring-{0}', parameters('time'))), '2022-09-01').outputs.avdAlaWorkspaceResourceId.value), createObject('value', parameters('alaExistingWorkspaceResourceId'))), createObject('value', ''))]" + "alaWorkspaceResourceId": "[if(parameters('avdDeployMonitoring'), if(parameters('deployAlaWorkspace'), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Monitoring-{0}', parameters('time'))), '2022-09-01').outputs.avdAlaWorkspaceResourceId.value), createObject('value', parameters('alaExistingWorkspaceResourceId'))), createObject('value', ''))]", + "customStaticRoutes": { + "value": "[parameters('customStaticRoutes')]" + } }, "template": { "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", @@ -4186,8 +4200,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "15720107074941355953" + "version": "0.30.23.60470", + "templateHash": "2084797982642051770" }, "name": "AVD LZA networking", "description": "This module deploys vNet, NSG, ASG, UDR, private DNs zones", @@ -4388,18 +4402,26 @@ "metadata": { "description": "Do not modify, used to set unique value for resource deployment" } + }, + "customStaticRoutes": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Additional customer-provided static routes to be added to the route tables." + } } }, "variables": { "varAzureCloudName": "[environment().name]", - "varCreateAvdStaicRoute": true, + "varCreateAvdStaticRoute": true, "varExistingAvdVnetSubId": "[if(not(parameters('createVnet')), split(parameters('existingAvdSubnetResourceId'), '/')[2], '')]", "varExistingAvdVnetSubRgName": "[if(not(parameters('createVnet')), split(parameters('existingAvdSubnetResourceId'), '/')[4], '')]", "varExistingAvdVnetName": "[if(not(parameters('createVnet')), split(parameters('existingAvdSubnetResourceId'), '/')[8], '')]", "varExistingAvdVnetResourceId": "[if(not(parameters('createVnet')), format('/subscriptions/{0}/resourceGroups/{1}/providers/Microsoft.Network/virtualNetworks/{2}', variables('varExistingAvdVnetSubId'), variables('varExistingAvdVnetSubRgName'), variables('varExistingAvdVnetName')), '')]", "varDiagnosticSettings": "[if(not(empty(parameters('alaWorkspaceResourceId'))), createArray(createObject('workspaceResourceId', parameters('alaWorkspaceResourceId'), 'logCategoriesAndGroups', createArray())), createArray())]", "varWindowsActivationKMSPrefixesNsg": "[if(equals(variables('varAzureCloudName'), 'AzureCloud'), createArray('20.118.99.224', '40.83.235.53', '23.102.135.246'), if(equals(variables('varAzureCloudName'), 'AzureUSGovernment'), createArray('23.97.0.13', '52.126.105.2'), if(equals(variables('varAzureCloudName'), 'AzureChinaCloud'), createArray('159.27.28.100', '163.228.64.161', '42.159.7.249'), createArray())))]", - "varStaticRoutes": "[if(equals(variables('varAzureCloudName'), 'AzureCloud'), createArray(createObject('name', 'AVDServiceTraffic', 'properties', createObject('addressPrefix', 'WindowsVirtualDesktop', 'hasBgpOverride', true(), 'nextHopType', 'Internet')), createObject('name', 'AVDStunInfraTurnRelayTraffic', 'properties', createObject('addressPrefix', '20.202.0.0/16', 'hasBgpOverride', true(), 'nextHopType', 'Internet')), createObject('name', 'AVDTurnRelayTraffic', 'properties', createObject('addressPrefix', '51.5.0.0/16', 'hasBgpOverride', true(), 'nextHopType', 'Internet')), createObject('name', 'DirectRouteToKMS', 'properties', createObject('addressPrefix', '20.118.99.224/32', 'hasBgpOverride', true(), 'nextHopType', 'Internet')), createObject('name', 'DirectRouteToKMS01', 'properties', createObject('addressPrefix', '40.83.235.53/32', 'hasBgpOverride', true(), 'nextHopType', 'Internet')), createObject('name', 'DirectRouteToKMS02', 'properties', createObject('addressPrefix', '23.102.135.246/32', 'hasBgpOverride', true(), 'nextHopType', 'Internet'))), if(equals(variables('varAzureCloudName'), 'AzureUSGovernment'), createArray(createObject('name', 'AVDServiceTraffic', 'properties', createObject('addressPrefix', 'WindowsVirtualDesktop', 'hasBgpOverride', true(), 'nextHopType', 'Internet')), createObject('name', 'AVDStunTurnTraffic', 'properties', createObject('addressPrefix', '20.202.0.0/16', 'hasBgpOverride', true(), 'nextHopType', 'Internet')), createObject('name', 'DirectRouteToKMS', 'properties', createObject('addressPrefix', '23.97.0.13/32', 'hasBgpOverride', true(), 'nextHopType', 'Internet')), createObject('name', 'DirectRouteToKMS01', 'properties', createObject('addressPrefix', '52.126.105.2/32', 'hasBgpOverride', true(), 'nextHopType', 'Internet'))), if(equals(variables('varAzureCloudName'), 'AzureChinaCloud'), createArray(createObject('name', 'AVDServiceTraffic', 'properties', createObject('addressPrefix', 'WindowsVirtualDesktop', 'hasBgpOverride', true(), 'nextHopType', 'Internet')), createObject('name', 'AVDStunTurnTraffic', 'properties', createObject('addressPrefix', '20.202.0.0/16', 'hasBgpOverride', true(), 'nextHopType', 'Internet')), createObject('name', 'DirectRouteToKMS', 'properties', createObject('addressPrefix', '159.27.28.100/32', 'hasBgpOverride', true(), 'nextHopType', 'Internet')), createObject('name', 'DirectRouteToKMS01', 'properties', createObject('addressPrefix', '163.228.64.161/32', 'hasBgpOverride', true(), 'nextHopType', 'Internet')), createObject('name', 'DirectRouteToKMS02', 'properties', createObject('addressPrefix', '42.159.7.249/32', 'hasBgpOverride', true(), 'nextHopType', 'Internet'))), createArray())))]", + "varDefaultStaticRoutes": "[if(equals(variables('varAzureCloudName'), 'AzureCloud'), createArray(createObject('name', 'AVDServiceTraffic', 'properties', createObject('addressPrefix', 'WindowsVirtualDesktop', 'hasBgpOverride', true(), 'nextHopType', 'Internet')), createObject('name', 'AVDStunInfraTurnRelayTraffic', 'properties', createObject('addressPrefix', '20.202.0.0/16', 'hasBgpOverride', true(), 'nextHopType', 'Internet')), createObject('name', 'AVDTurnRelayTraffic', 'properties', createObject('addressPrefix', '51.5.0.0/16', 'hasBgpOverride', true(), 'nextHopType', 'Internet')), createObject('name', 'DirectRouteToKMS', 'properties', createObject('addressPrefix', '20.118.99.224/32', 'hasBgpOverride', true(), 'nextHopType', 'Internet')), createObject('name', 'DirectRouteToKMS01', 'properties', createObject('addressPrefix', '40.83.235.53/32', 'hasBgpOverride', true(), 'nextHopType', 'Internet')), createObject('name', 'DirectRouteToKMS02', 'properties', createObject('addressPrefix', '23.102.135.246/32', 'hasBgpOverride', true(), 'nextHopType', 'Internet'))), if(equals(variables('varAzureCloudName'), 'AzureUSGovernment'), createArray(createObject('name', 'AVDServiceTraffic', 'properties', createObject('addressPrefix', 'WindowsVirtualDesktop', 'hasBgpOverride', true(), 'nextHopType', 'Internet')), createObject('name', 'AVDStunTurnTraffic', 'properties', createObject('addressPrefix', '20.202.0.0/16', 'hasBgpOverride', true(), 'nextHopType', 'Internet')), createObject('name', 'DirectRouteToKMS', 'properties', createObject('addressPrefix', '23.97.0.13/32', 'hasBgpOverride', true(), 'nextHopType', 'Internet')), createObject('name', 'DirectRouteToKMS01', 'properties', createObject('addressPrefix', '52.126.105.2/32', 'hasBgpOverride', true(), 'nextHopType', 'Internet'))), if(equals(variables('varAzureCloudName'), 'AzureChinaCloud'), createArray(createObject('name', 'AVDServiceTraffic', 'properties', createObject('addressPrefix', 'WindowsVirtualDesktop', 'hasBgpOverride', true(), 'nextHopType', 'Internet')), createObject('name', 'AVDStunTurnTraffic', 'properties', createObject('addressPrefix', '20.202.0.0/16', 'hasBgpOverride', true(), 'nextHopType', 'Internet')), createObject('name', 'DirectRouteToKMS', 'properties', createObject('addressPrefix', '159.27.28.100/32', 'hasBgpOverride', true(), 'nextHopType', 'Internet')), createObject('name', 'DirectRouteToKMS01', 'properties', createObject('addressPrefix', '163.228.64.161/32', 'hasBgpOverride', true(), 'nextHopType', 'Internet')), createObject('name', 'DirectRouteToKMS02', 'properties', createObject('addressPrefix', '42.159.7.249/32', 'hasBgpOverride', true(), 'nextHopType', 'Internet'))), createArray())))]", + "varStaticRoutes": "[union(variables('varDefaultStaticRoutes'), parameters('customStaticRoutes'))]", "privateDnsZoneNames": { "AutomationAgentService": "[format('privatelink.agentsvc.azure-automation.{0}', variables('privateDnsZoneSuffixes_AzureAutomation')[environment().name])]", "Automation": "[format('privatelink.azure-automation.{0}', variables('privateDnsZoneSuffixes_AzureAutomation')[environment().name])]", @@ -4591,8 +4613,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "11501966143651964400" + "version": "0.30.23.60470", + "templateHash": "9920407814382381860" }, "name": "Network Security Groups", "description": "This module deploys a Network security Group (NSG).", @@ -4883,8 +4905,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "4139350537705287886" + "version": "0.30.23.60470", + "templateHash": "16552673174935421633" }, "name": "Network Security Group (NSG) Security Rules", "description": "This module deploys a Network Security Group (NSG) Security Rule.", @@ -5146,8 +5168,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "11501966143651964400" + "version": "0.30.23.60470", + "templateHash": "9920407814382381860" }, "name": "Network Security Groups", "description": "This module deploys a Network security Group (NSG).", @@ -5438,8 +5460,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "4139350537705287886" + "version": "0.30.23.60470", + "templateHash": "16552673174935421633" }, "name": "Network Security Group (NSG) Security Rules", "description": "This module deploys a Network Security Group (NSG) Security Rule.", @@ -5695,8 +5717,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "10692241138960948789" + "version": "0.30.23.60470", + "templateHash": "10050047613520543656" }, "name": "Application Security Groups (ASG)", "description": "This module deploys an Application Security Group (ASG).", @@ -5816,7 +5838,7 @@ "tags": { "value": "[parameters('tags')]" }, - "routes": "[if(variables('varCreateAvdStaicRoute'), createObject('value', variables('varStaticRoutes')), createObject('value', createArray()))]" + "routes": "[if(variables('varCreateAvdStaticRoute'), createObject('value', variables('varStaticRoutes')), createObject('value', createArray()))]" }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", @@ -5825,8 +5847,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "13765095918832848410" + "version": "0.30.23.60470", + "templateHash": "1228848793868473285" }, "name": "Route Tables", "description": "This module deploys a User Defined Route Table (UDR).", @@ -6032,8 +6054,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "13765095918832848410" + "version": "0.30.23.60470", + "templateHash": "1228848793868473285" }, "name": "Route Tables", "description": "This module deploys a User Defined Route Table (UDR).", @@ -6233,8 +6255,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "1882917237675541176" + "version": "0.30.23.60470", + "templateHash": "510602938216253127" }, "name": "DDoS Protection Plans", "description": "This module deploys a DDoS Protection Plan.", @@ -6359,7 +6381,7 @@ "value": "[parameters('dnsServers')]" }, "peerings": "[if(parameters('createVnetPeering'), createObject('value', createArray(createObject('remoteVirtualNetworkId', parameters('existingHubVnetResourceId'), 'name', parameters('vnetPeeringName'), 'allowForwardedTraffic', true(), 'allowGatewayTransit', false(), 'allowVirtualNetworkAccess', true(), 'doNotVerifyRemoteGateways', true(), 'useRemoteGateways', if(parameters('vNetworkGatewayOnHub'), true(), false()), 'remotePeeringEnabled', true(), 'remotePeeringName', parameters('remoteVnetPeeringName'), 'remotePeeringAllowForwardedTraffic', true(), 'remotePeeringAllowGatewayTransit', if(parameters('vNetworkGatewayOnHub'), true(), false()), 'remotePeeringAllowVirtualNetworkAccess', true(), 'remotePeeringDoNotVerifyRemoteGateways', true(), 'remotePeeringUseRemoteGateways', false()))), createObject('value', createArray()))]", - "subnets": "[if(parameters('deployPrivateEndpointSubnet'), createObject('value', createArray(createObject('name', parameters('vnetAvdSubnetName'), 'addressPrefix', parameters('vnetAvdSubnetAddressPrefix'), 'privateEndpointNetworkPolicies', 'Disabled', 'privateLinkServiceNetworkPolicies', 'Enabled', 'networkSecurityGroupId', if(parameters('createVnet'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('NSG-AVD-{0}', parameters('time'))), '2022-09-01').outputs.resourceId.value, ''), 'routeTableId', if(parameters('createVnet'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('Route-Table-AVD-{0}', parameters('time'))), '2022-09-01').outputs.resourceId.value, '')), createObject('name', parameters('vnetPrivateEndpointSubnetName'), 'addressPrefix', parameters('vnetPrivateEndpointSubnetAddressPrefix'), 'privateEndpointNetworkPolicies', 'Disabled', 'privateLinkServiceNetworkPolicies', 'Enabled', 'networkSecurityGroupId', if(and(parameters('createVnet'), parameters('deployPrivateEndpointSubnet')), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('NSG-Private-Endpoint-{0}', parameters('time'))), '2022-09-01').outputs.resourceId.value, ''), 'routeTableId', if(and(parameters('createVnet'), parameters('deployPrivateEndpointSubnet')), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('Route-Table-PE-{0}', parameters('time'))), '2022-09-01').outputs.resourceId.value, '')))), createObject('value', createArray(createObject('name', parameters('vnetAvdSubnetName'), 'addressPrefix', parameters('vnetAvdSubnetAddressPrefix'), 'privateEndpointNetworkPolicies', 'Disabled', 'privateLinkServiceNetworkPolicies', 'Enabled', 'networkSecurityGroupId', if(parameters('createVnet'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('NSG-AVD-{0}', parameters('time'))), '2022-09-01').outputs.resourceId.value, ''), 'routeTableId', if(parameters('createVnet'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('Route-Table-AVD-{0}', parameters('time'))), '2022-09-01').outputs.resourceId.value, '')))))]", + "subnets": "[if(parameters('deployPrivateEndpointSubnet'), createObject('value', createArray(createObject('name', parameters('vnetAvdSubnetName'), 'addressPrefix', parameters('vnetAvdSubnetAddressPrefix'), 'privateEndpointNetworkPolicies', 'Disabled', 'privateLinkServiceNetworkPolicies', 'Enabled', 'networkSecurityGroupResourceId', if(parameters('createVnet'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('NSG-AVD-{0}', parameters('time'))), '2022-09-01').outputs.resourceId.value, ''), 'routeTableResourceId', if(parameters('createVnet'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('Route-Table-AVD-{0}', parameters('time'))), '2022-09-01').outputs.resourceId.value, '')), createObject('name', parameters('vnetPrivateEndpointSubnetName'), 'addressPrefix', parameters('vnetPrivateEndpointSubnetAddressPrefix'), 'privateEndpointNetworkPolicies', 'Disabled', 'privateLinkServiceNetworkPolicies', 'Enabled', 'networkSecurityGroupResourceId', if(and(parameters('createVnet'), parameters('deployPrivateEndpointSubnet')), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('NSG-Private-Endpoint-{0}', parameters('time'))), '2022-09-01').outputs.resourceId.value, ''), 'routeTableResourceId', if(and(parameters('createVnet'), parameters('deployPrivateEndpointSubnet')), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('Route-Table-PE-{0}', parameters('time'))), '2022-09-01').outputs.resourceId.value, '')))), createObject('value', createArray(createObject('name', parameters('vnetAvdSubnetName'), 'addressPrefix', parameters('vnetAvdSubnetAddressPrefix'), 'privateEndpointNetworkPolicies', 'Disabled', 'privateLinkServiceNetworkPolicies', 'Enabled', 'networkSecurityGroupResourceId', if(parameters('createVnet'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('NSG-AVD-{0}', parameters('time'))), '2022-09-01').outputs.resourceId.value, ''), 'routeTableResourceId', if(parameters('createVnet'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('Route-Table-AVD-{0}', parameters('time'))), '2022-09-01').outputs.resourceId.value, '')))))]", "ddosProtectionPlanResourceId": "[if(parameters('deployDDoSNetworkProtection'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('DDoS-Protection-Plan-{0}', parameters('time'))), '2022-09-01').outputs.resourceId.value), createObject('value', ''))]", "tags": { "value": "[parameters('tags')]" @@ -6375,8 +6397,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "11777878679153116425" + "version": "0.30.23.60470", + "templateHash": "8852938365790433451" }, "name": "Virtual Networks", "description": "This module deploys a Virtual Network (vNet).", @@ -6746,8 +6768,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "2987086137639774798" + "version": "0.30.23.60470", + "templateHash": "17552535066446097605" }, "name": "Virtual Network Subnets", "description": "This module deploys a Virtual Network Subnet.", @@ -6968,7 +6990,10 @@ "applicationGatewayIPConfigurations": "[parameters('applicationGatewayIPConfigurations')]", "ipAllocations": "[parameters('ipAllocations')]", "serviceEndpointPolicies": "[parameters('serviceEndpointPolicies')]" - } + }, + "dependsOn": [ + "virtualNetwork" + ] }, "subnet_roleAssignments": { "copy": { @@ -7069,8 +7094,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "11802150348146024719" + "version": "0.30.23.60470", + "templateHash": "18422443457381833495" }, "name": "Virtual Network Peerings", "description": "This module deploys a Virtual Network Peering.", @@ -7214,8 +7239,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "11802150348146024719" + "version": "0.30.23.60470", + "templateHash": "18422443457381833495" }, "name": "Virtual Network Peerings", "description": "This module deploys a Virtual Network Peering.", @@ -7412,8 +7437,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "3734060428301049752" + "version": "0.30.23.60470", + "templateHash": "6447266220523423284" }, "name": "Private DNS Zones", "description": "This module deploys a Private DNS zone.", @@ -7523,8 +7548,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "14284425341855132079" + "version": "0.30.23.60470", + "templateHash": "5921383587154229928" }, "name": "Private DNS Zone Virtual Network Link", "description": "This module deploys a Private DNS Zone Virtual Network Link.", @@ -7590,7 +7615,10 @@ "virtualNetwork": { "id": "[parameters('virtualNetworkResourceId')]" } - } + }, + "dependsOn": [ + "privateDnsZone" + ] } }, "outputs": { @@ -7694,8 +7722,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "3734060428301049752" + "version": "0.30.23.60470", + "templateHash": "6447266220523423284" }, "name": "Private DNS Zones", "description": "This module deploys a Private DNS zone.", @@ -7805,8 +7833,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "14284425341855132079" + "version": "0.30.23.60470", + "templateHash": "5921383587154229928" }, "name": "Private DNS Zone Virtual Network Link", "description": "This module deploys a Private DNS Zone Virtual Network Link.", @@ -7872,7 +7900,10 @@ "virtualNetwork": { "id": "[parameters('virtualNetworkResourceId')]" } - } + }, + "dependsOn": [ + "privateDnsZone" + ] } }, "outputs": { @@ -7976,8 +8007,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "3734060428301049752" + "version": "0.30.23.60470", + "templateHash": "6447266220523423284" }, "name": "Private DNS Zones", "description": "This module deploys a Private DNS zone.", @@ -8087,8 +8118,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "14284425341855132079" + "version": "0.30.23.60470", + "templateHash": "5921383587154229928" }, "name": "Private DNS Zone Virtual Network Link", "description": "This module deploys a Private DNS Zone Virtual Network Link.", @@ -8154,7 +8185,10 @@ "virtualNetwork": { "id": "[parameters('virtualNetworkResourceId')]" } - } + }, + "dependsOn": [ + "privateDnsZone" + ] } }, "outputs": { @@ -8258,8 +8292,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "3734060428301049752" + "version": "0.30.23.60470", + "templateHash": "6447266220523423284" }, "name": "Private DNS Zones", "description": "This module deploys a Private DNS zone.", @@ -8369,8 +8403,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "14284425341855132079" + "version": "0.30.23.60470", + "templateHash": "5921383587154229928" }, "name": "Private DNS Zone Virtual Network Link", "description": "This module deploys a Private DNS Zone Virtual Network Link.", @@ -8436,7 +8470,10 @@ "virtualNetwork": { "id": "[parameters('virtualNetworkResourceId')]" } - } + }, + "dependsOn": [ + "privateDnsZone" + ] } }, "outputs": { @@ -8660,8 +8697,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "15988157916377137967" + "version": "0.30.23.60470", + "templateHash": "4295985344228543488" }, "name": "AVD LZA management plane", "description": "This module deploys AVD workspace, host pool, application group scaling plan", @@ -9006,8 +9043,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "4451897890651234613" + "version": "0.30.23.60470", + "templateHash": "4697786867177911469" }, "name": "Azure Virtual Desktop Host Pool", "description": "This module deploys an Azure Virtual Desktop Host Pool", @@ -9617,8 +9654,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "4865258456841511470" + "version": "0.30.23.60470", + "templateHash": "569336813477795175" }, "name": "Key Vault Secrets", "description": "This module deploys a Key Vault Secret.", @@ -9787,7 +9824,10 @@ "nbf": "[parameters('attributesNbf')]" }, "value": "[parameters('value')]" - } + }, + "dependsOn": [ + "keyVault" + ] }, "secret_roleAssignments": { "copy": { @@ -10588,8 +10628,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "17832472865851883158" + "version": "0.30.23.60470", + "templateHash": "9477828647923017064" }, "name": "Azure Virtual Desktop Application Group", "description": "This module deploys an Azure Virtual Desktop Application Group.", @@ -10901,7 +10941,10 @@ "friendlyName": "[parameters('friendlyName')]", "description": "[parameters('description')]", "applicationGroupType": "[parameters('applicationGroupType')]" - } + }, + "dependsOn": [ + "appGroup_hostpool" + ] }, "appGroup_roleAssignments": { "copy": { @@ -10994,8 +11037,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "16918773705933776039" + "version": "0.30.23.60470", + "templateHash": "2492935317086618448" }, "name": "Azure Virtual Desktop Application Group Application", "description": "This module deploys an Azure Virtual Desktop Application Group Application.", @@ -11199,8 +11242,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "14847379324190512453" + "version": "0.30.23.60470", + "templateHash": "13845351292967054269" }, "name": "Workspace", "description": "This module deploys an Azure Virtual Desktop Workspace.", @@ -12334,8 +12377,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "11081416395801594251" + "version": "0.30.23.60470", + "templateHash": "1018572390956690547" }, "name": "Azure Virtual Desktop Scaling Plan", "description": "This module deploys an Azure Virtual Desktop Scaling Plan.", @@ -12724,8 +12767,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "15138217385513781381" + "version": "0.30.23.60470", + "templateHash": "961381357868342754" } }, "parameters": { @@ -12886,8 +12929,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "9800876540676001554" + "version": "0.30.23.60470", + "templateHash": "11803242017330059916" }, "name": "User Assigned Identities", "description": "This module deploys a User Assigned Identity.", @@ -13141,8 +13184,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "6548182237058026465" + "version": "0.30.23.60470", + "templateHash": "1227486639354850589" }, "name": "Role Assignments (Resource Group scope)", "description": "This module deploys a Role Assignment at a Resource Group scope.", @@ -13319,8 +13362,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "6548182237058026465" + "version": "0.30.23.60470", + "templateHash": "1227486639354850589" }, "name": "Role Assignments (Resource Group scope)", "description": "This module deploys a Role Assignment at a Resource Group scope.", @@ -13495,8 +13538,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "6548182237058026465" + "version": "0.30.23.60470", + "templateHash": "1227486639354850589" }, "name": "Role Assignments (Resource Group scope)", "description": "This module deploys a Role Assignment at a Resource Group scope.", @@ -13670,8 +13713,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "6548182237058026465" + "version": "0.30.23.60470", + "templateHash": "1227486639354850589" }, "name": "Role Assignments (Resource Group scope)", "description": "This module deploys a Role Assignment at a Resource Group scope.", @@ -13842,8 +13885,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "6548182237058026465" + "version": "0.30.23.60470", + "templateHash": "1227486639354850589" }, "name": "Role Assignments (Resource Group scope)", "description": "This module deploys a Role Assignment at a Resource Group scope.", @@ -14014,8 +14057,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "6548182237058026465" + "version": "0.30.23.60470", + "templateHash": "1227486639354850589" }, "name": "Role Assignments (Resource Group scope)", "description": "This module deploys a Role Assignment at a Resource Group scope.", @@ -14237,8 +14280,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "17754170138969054558" + "version": "0.30.23.60470", + "templateHash": "14504875806674358738" } }, "parameters": { @@ -14354,7 +14397,7 @@ } }, "variables": { - "$fxv#0": "{\n \"name\": \"AVD-ACC-Zero-Trust-Disable-Managed-Disk-Network-Access\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"mode\": \"Indexed\",\n \"displayName\": \"Custom - Zero Trust - Disable Managed Disk Network Access\",\n \"description\": \"This policy definition sets the network access policy property to \\\"DenyAll\\\" and the public network access property to \\\"Disabled\\\" on all the managed disks within the assigned scope.\",\n \"metadata\": {\n \"version\": \"1.1.0\",\n \"category\": \"Security\"\n },\n \"parameters\": {\n },\n \"policyRule\": {\n \"if\": {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Compute/disks\"\n },\n \"then\": {\n \"effect\": \"modify\",\n \"details\": {\n \"roleDefinitionIds\": [\n \"/providers/Microsoft.Authorization/roleDefinitions/60fc6e62-5479-42d4-8bf4-67625fcc2840\"\n ],\n \"operations\": [\n {\n \"operation\": \"addOrReplace\",\n \"field\": \"Microsoft.Compute/disks/networkAccessPolicy\",\n \"value\": \"DenyAll\"\n },\n {\n \"operation\": \"addOrReplace\",\n \"field\": \"Microsoft.Compute/disks/publicNetworkAccess\",\n \"value\": \"Disabled\"\n }\n ]\n }\n }\n }\n }\n}", + "$fxv#0": "{\r\n \"name\": \"AVD-ACC-Zero-Trust-Disable-Managed-Disk-Network-Access\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"scope\": null,\r\n \"properties\": {\r\n \"mode\": \"Indexed\",\r\n \"displayName\": \"Custom - Zero Trust - Disable Managed Disk Network Access\",\r\n \"description\": \"This policy definition sets the network access policy property to \\\"DenyAll\\\" and the public network access property to \\\"Disabled\\\" on all the managed disks within the assigned scope.\",\r\n \"metadata\": {\r\n \"version\": \"1.1.0\",\r\n \"category\": \"Security\"\r\n },\r\n \"parameters\": {\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/disks\"\r\n },\r\n \"then\": {\r\n \"effect\": \"modify\",\r\n \"details\": {\r\n \"roleDefinitionIds\": [\r\n \"/providers/Microsoft.Authorization/roleDefinitions/60fc6e62-5479-42d4-8bf4-67625fcc2840\"\r\n ],\r\n \"operations\": [\r\n {\r\n \"operation\": \"addOrReplace\",\r\n \"field\": \"Microsoft.Compute/disks/networkAccessPolicy\",\r\n \"value\": \"DenyAll\"\r\n },\r\n {\r\n \"operation\": \"addOrReplace\",\r\n \"field\": \"Microsoft.Compute/disks/publicNetworkAccess\",\r\n \"value\": \"Disabled\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n }\r\n}", "varCustomPolicyDefinitions": [ { "deploymentName": "ZT-Disk", @@ -14408,8 +14451,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "15463854004391961762" + "version": "0.30.23.60470", + "templateHash": "16641541366344144948" } }, "parameters": { @@ -14568,8 +14611,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "15421130529251696480" + "version": "0.30.23.60470", + "templateHash": "15074949129863647497" }, "name": "Policy Assignments (Resource Group scope)", "description": "This module deploys a Policy Assignment at a Resource Group scope.", @@ -14820,8 +14863,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "13897376912843476576" + "version": "0.30.23.60470", + "templateHash": "13526857440223039502" }, "name": "Policy Insights Remediations (Resource Group scope)", "description": "This module deploys a Policy Insights Remediation on a Resource Group scope.", @@ -15009,8 +15052,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "15421130529251696480" + "version": "0.30.23.60470", + "templateHash": "15074949129863647497" }, "name": "Policy Assignments (Resource Group scope)", "description": "This module deploys a Policy Assignment at a Resource Group scope.", @@ -15262,8 +15305,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "13897376912843476576" + "version": "0.30.23.60470", + "templateHash": "13526857440223039502" }, "name": "Policy Insights Remediations (Resource Group scope)", "description": "This module deploys a Policy Insights Remediation on a Resource Group scope.", @@ -15427,8 +15470,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "6548182237058026465" + "version": "0.30.23.60470", + "templateHash": "1227486639354850589" }, "name": "Role Assignments (Resource Group scope)", "description": "This module deploys a Role Assignment at a Resource Group scope.", @@ -15601,8 +15644,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "6548182237058026465" + "version": "0.30.23.60470", + "templateHash": "1227486639354850589" }, "name": "Role Assignments (Resource Group scope)", "description": "This module deploys a Role Assignment at a Resource Group scope.", @@ -15771,8 +15814,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "6548182237058026465" + "version": "0.30.23.60470", + "templateHash": "1227486639354850589" }, "name": "Role Assignments (Resource Group scope)", "description": "This module deploys a Role Assignment at a Resource Group scope.", @@ -15975,8 +16018,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "1965569815570581817" + "version": "0.30.23.60470", + "templateHash": "5360722259128289781" } }, "parameters": { @@ -16127,8 +16170,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "13462391265404728327" + "version": "0.30.23.60470", + "templateHash": "3460005220614992836" }, "name": "Key Vaults", "description": "This module deploys a Key Vault.", @@ -17311,8 +17354,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "3969955574908853094" + "version": "0.30.23.60470", + "templateHash": "15469258025112973480" }, "name": "Key Vault Access Policies", "description": "This module deploys a Key Vault Access Policy.", @@ -17496,7 +17539,10 @@ "name": "[format('{0}/{1}', parameters('keyVaultName'), 'add')]", "properties": { "accessPolicies": "[variables('formattedAccessPolicies')]" - } + }, + "dependsOn": [ + "keyVault" + ] } }, "outputs": { @@ -17577,8 +17623,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "4865258456841511470" + "version": "0.30.23.60470", + "templateHash": "569336813477795175" }, "name": "Key Vault Secrets", "description": "This module deploys a Key Vault Secret.", @@ -17747,7 +17793,10 @@ "nbf": "[parameters('attributesNbf')]" }, "value": "[parameters('value')]" - } + }, + "dependsOn": [ + "keyVault" + ] }, "secret_roleAssignments": { "copy": { @@ -17858,8 +17907,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "3877596553067884713" + "version": "0.30.23.60470", + "templateHash": "1250108206897734506" }, "name": "Key Vault Keys", "description": "This module deploys a Key Vault Key.", @@ -18083,7 +18132,10 @@ "kty": "[parameters('kty')]", "rotationPolicy": "[coalesce(parameters('rotationPolicy'), createObject())]", "release_policy": "[coalesce(parameters('releasePolicy'), createObject())]" - } + }, + "dependsOn": [ + "keyVault" + ] }, "key_roleAssignments": { "copy": { @@ -18906,8 +18958,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "3877596553067884713" + "version": "0.30.23.60470", + "templateHash": "1250108206897734506" }, "name": "Key Vault Keys", "description": "This module deploys a Key Vault Key.", @@ -19131,7 +19183,10 @@ "kty": "[parameters('kty')]", "rotationPolicy": "[coalesce(parameters('rotationPolicy'), createObject())]", "release_policy": "[coalesce(parameters('releasePolicy'), createObject())]" - } + }, + "dependsOn": [ + "keyVault" + ] }, "key_roleAssignments": { "copy": { @@ -19228,8 +19283,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "131190861300894051" + "version": "0.30.23.60470", + "templateHash": "6378481213650236557" }, "name": "Disk Encryption Sets", "description": "This module deploys a Disk Encryption Set. The module will attempt to set permissions on the provided Key Vault for any used user-assigned identity.", @@ -19364,7 +19419,10 @@ "apiVersion": "2021-10-01", "subscriptionId": "[split(parameters('keyVaultResourceId'), '/')[2]]", "resourceGroup": "[split(parameters('keyVaultResourceId'), '/')[4]]", - "name": "[format('{0}/{1}', last(split(parameters('keyVaultResourceId'), '/')), parameters('keyName'))]" + "name": "[format('{0}/{1}', last(split(parameters('keyVaultResourceId'), '/')), parameters('keyName'))]", + "dependsOn": [ + "keyVault" + ] }, "avmTelemetry": { "condition": "[parameters('enableTelemetry')]", @@ -19413,7 +19471,7 @@ "rotationToLatestKeyVersionEnabled": "[parameters('rotationToLatestKeyVersionEnabled')]" }, "dependsOn": [ - "keyVault::key", + "keyVault", "keyVaultPermissions" ] }, @@ -19455,8 +19513,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "12513975041606321751" + "version": "0.30.23.60470", + "templateHash": "1367133447919905968" } }, "parameters": { @@ -19543,8 +19601,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "1955756120806412580" + "version": "0.30.23.60470", + "templateHash": "17444618367982488496" }, "name": "Key Vault Access Policies", "description": "This module deploys a Key Vault Access Policy.", @@ -19725,7 +19783,10 @@ "name": "[format('{0}/{1}', parameters('keyVaultName'), 'add')]", "properties": { "accessPolicies": "[variables('formattedAccessPolicies')]" - } + }, + "dependsOn": [ + "keyVault" + ] } }, "outputs": { @@ -19894,8 +19955,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "13462391265404728327" + "version": "0.30.23.60470", + "templateHash": "3460005220614992836" }, "name": "Key Vaults", "description": "This module deploys a Key Vault.", @@ -21078,8 +21139,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "3969955574908853094" + "version": "0.30.23.60470", + "templateHash": "15469258025112973480" }, "name": "Key Vault Access Policies", "description": "This module deploys a Key Vault Access Policy.", @@ -21263,7 +21324,10 @@ "name": "[format('{0}/{1}', parameters('keyVaultName'), 'add')]", "properties": { "accessPolicies": "[variables('formattedAccessPolicies')]" - } + }, + "dependsOn": [ + "keyVault" + ] } }, "outputs": { @@ -21344,8 +21408,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "4865258456841511470" + "version": "0.30.23.60470", + "templateHash": "569336813477795175" }, "name": "Key Vault Secrets", "description": "This module deploys a Key Vault Secret.", @@ -21514,7 +21578,10 @@ "nbf": "[parameters('attributesNbf')]" }, "value": "[parameters('value')]" - } + }, + "dependsOn": [ + "keyVault" + ] }, "secret_roleAssignments": { "copy": { @@ -21625,8 +21692,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "3877596553067884713" + "version": "0.30.23.60470", + "templateHash": "1250108206897734506" }, "name": "Key Vault Keys", "description": "This module deploys a Key Vault Key.", @@ -21850,7 +21917,10 @@ "kty": "[parameters('kty')]", "rotationPolicy": "[coalesce(parameters('rotationPolicy'), createObject())]", "release_policy": "[coalesce(parameters('releasePolicy'), createObject())]" - } + }, + "dependsOn": [ + "keyVault" + ] }, "key_roleAssignments": { "copy": { @@ -22691,8 +22761,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "5569394582899056364" + "version": "0.30.23.60470", + "templateHash": "3237407790324423200" } }, "parameters": { @@ -22972,8 +23042,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "10027574665149403184" + "version": "0.30.23.60470", + "templateHash": "2803598175472441376" }, "name": "Virtual Machines", "description": "This module deploys a Virtual Machine with one or multiple NICs and optionally one or multiple public IPs.", @@ -23802,8 +23872,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "8317114007842077232" + "version": "0.30.23.60470", + "templateHash": "499916289263126031" } }, "definitions": { @@ -25355,8 +25425,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "12912200857967286939" + "version": "0.30.23.60470", + "templateHash": "16065702394900050638" }, "name": "Virtual Machine Extensions", "description": "This module deploys a Virtual Machine Extension.", @@ -25471,7 +25541,10 @@ "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]", "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]", "suppressFailures": "[parameters('supressFailures')]" - } + }, + "dependsOn": [ + "virtualMachine" + ] } }, "outputs": { @@ -25561,8 +25634,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "12912200857967286939" + "version": "0.30.23.60470", + "templateHash": "16065702394900050638" }, "name": "Virtual Machine Extensions", "description": "This module deploys a Virtual Machine Extension.", @@ -25677,7 +25750,10 @@ "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]", "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]", "suppressFailures": "[parameters('supressFailures')]" - } + }, + "dependsOn": [ + "virtualMachine" + ] } }, "outputs": { @@ -25762,8 +25838,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "12912200857967286939" + "version": "0.30.23.60470", + "templateHash": "16065702394900050638" }, "name": "Virtual Machine Extensions", "description": "This module deploys a Virtual Machine Extension.", @@ -25878,7 +25954,10 @@ "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]", "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]", "suppressFailures": "[parameters('supressFailures')]" - } + }, + "dependsOn": [ + "virtualMachine" + ] } }, "outputs": { @@ -25970,8 +26049,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "12912200857967286939" + "version": "0.30.23.60470", + "templateHash": "16065702394900050638" }, "name": "Virtual Machine Extensions", "description": "This module deploys a Virtual Machine Extension.", @@ -26086,7 +26165,10 @@ "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]", "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]", "suppressFailures": "[parameters('supressFailures')]" - } + }, + "dependsOn": [ + "virtualMachine" + ] } }, "outputs": { @@ -26171,8 +26253,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "12912200857967286939" + "version": "0.30.23.60470", + "templateHash": "16065702394900050638" }, "name": "Virtual Machine Extensions", "description": "This module deploys a Virtual Machine Extension.", @@ -26287,7 +26369,10 @@ "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]", "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]", "suppressFailures": "[parameters('supressFailures')]" - } + }, + "dependsOn": [ + "virtualMachine" + ] } }, "outputs": { @@ -26369,8 +26454,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "12912200857967286939" + "version": "0.30.23.60470", + "templateHash": "16065702394900050638" }, "name": "Virtual Machine Extensions", "description": "This module deploys a Virtual Machine Extension.", @@ -26485,7 +26570,10 @@ "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]", "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]", "suppressFailures": "[parameters('supressFailures')]" - } + }, + "dependsOn": [ + "virtualMachine" + ] } }, "outputs": { @@ -26670,8 +26758,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "7382022361159607186" + "version": "0.30.23.60470", + "templateHash": "10816961315818156268" }, "name": "AVD LZA storage", "description": "This module deploys storage account, azure files. domain join logic", @@ -26940,8 +27028,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "2772051697526024027" + "version": "0.30.23.60470", + "templateHash": "10020046199410134923" }, "name": "Storage Accounts", "description": "This module deploys a Storage Account.", @@ -27653,7 +27741,10 @@ "apiVersion": "2023-02-01", "subscriptionId": "[split(coalesce(tryGet(parameters('customerManagedKey'), 'keyVaultResourceId'), '//'), '/')[2]]", "resourceGroup": "[split(coalesce(tryGet(parameters('customerManagedKey'), 'keyVaultResourceId'), '////'), '/')[4]]", - "name": "[format('{0}/{1}', last(split(coalesce(tryGet(parameters('customerManagedKey'), 'keyVaultResourceId'), 'dummyVault'), '/')), coalesce(tryGet(parameters('customerManagedKey'), 'keyName'), 'dummyKey'))]" + "name": "[format('{0}/{1}', last(split(coalesce(tryGet(parameters('customerManagedKey'), 'keyVaultResourceId'), 'dummyVault'), '/')), coalesce(tryGet(parameters('customerManagedKey'), 'keyName'), 'dummyKey'))]", + "dependsOn": [ + "cMKKeyVault" + ] }, "avmTelemetry": { "condition": "[parameters('enableTelemetry')]", @@ -27730,8 +27821,8 @@ "azureFilesIdentityBasedAuthentication": "[if(not(empty(parameters('azureFilesIdentityBasedAuthentication'))), parameters('azureFilesIdentityBasedAuthentication'), null())]" }, "dependsOn": [ - "cMKKeyVault::cMKKey", - "cMKKeyVault" + "cMKKeyVault", + "cMKUserAssignedIdentity" ] }, "storageAccount_diagnosticSettings": { @@ -28458,8 +28549,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "7563796982078818002" + "version": "0.30.23.60470", + "templateHash": "12532433520125716194" }, "name": "Storage Account File Share Services", "description": "This module deploys a Storage Account File Share Service.", @@ -28647,7 +28738,10 @@ "properties": { "protocolSettings": "[parameters('protocolSettings')]", "shareDeleteRetentionPolicy": "[parameters('shareDeleteRetentionPolicy')]" - } + }, + "dependsOn": [ + "storageAccount" + ] }, "fileServices_diagnosticSettings": { "copy": { @@ -28736,8 +28830,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "3713644329284987288" + "version": "0.30.23.60470", + "templateHash": "8149592214225924460" }, "name": "Storage Account File Shares", "description": "This module deploys a Storage Account File Share.", @@ -28887,7 +28981,10 @@ "existing": true, "type": "Microsoft.Storage/storageAccounts/fileServices", "apiVersion": "2023-04-01", - "name": "[format('{0}/{1}', parameters('storageAccountName'), parameters('fileServicesName'))]" + "name": "[format('{0}/{1}', parameters('storageAccountName'), parameters('fileServicesName'))]", + "dependsOn": [ + "storageAccount" + ] }, "storageAccount": { "existing": true, @@ -28904,7 +29001,10 @@ "shareQuota": "[parameters('shareQuota')]", "rootSquash": "[if(equals(parameters('enabledProtocols'), 'NFS'), parameters('rootSquash'), null())]", "enabledProtocols": "[parameters('enabledProtocols')]" - } + }, + "dependsOn": [ + "storageAccount::fileService" + ] }, "fileShare_roleAssignments": { "condition": "[not(empty(parameters('roleAssignments')))]", @@ -28930,8 +29030,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "818020582942572160" + "version": "0.30.23.60470", + "templateHash": "12442072449730867756" } }, "parameters": { @@ -29254,8 +29354,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "16137516709887962737" + "version": "0.30.23.60470", + "templateHash": "1689212129910611066" }, "name": "AVD LZA storage", "description": "Configures domain join settings on storage account via VM custom script extension", @@ -29355,8 +29455,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "12912200857967286939" + "version": "0.30.23.60470", + "templateHash": "16065702394900050638" }, "name": "Virtual Machine Extensions", "description": "This module deploys a Virtual Machine Extension.", @@ -29471,7 +29571,10 @@ "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]", "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]", "suppressFailures": "[parameters('supressFailures')]" - } + }, + "dependsOn": [ + "virtualMachine" + ] } }, "outputs": { @@ -29619,8 +29722,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "7382022361159607186" + "version": "0.30.23.60470", + "templateHash": "10816961315818156268" }, "name": "AVD LZA storage", "description": "This module deploys storage account, azure files. domain join logic", @@ -29889,8 +29992,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "2772051697526024027" + "version": "0.30.23.60470", + "templateHash": "10020046199410134923" }, "name": "Storage Accounts", "description": "This module deploys a Storage Account.", @@ -30602,7 +30705,10 @@ "apiVersion": "2023-02-01", "subscriptionId": "[split(coalesce(tryGet(parameters('customerManagedKey'), 'keyVaultResourceId'), '//'), '/')[2]]", "resourceGroup": "[split(coalesce(tryGet(parameters('customerManagedKey'), 'keyVaultResourceId'), '////'), '/')[4]]", - "name": "[format('{0}/{1}', last(split(coalesce(tryGet(parameters('customerManagedKey'), 'keyVaultResourceId'), 'dummyVault'), '/')), coalesce(tryGet(parameters('customerManagedKey'), 'keyName'), 'dummyKey'))]" + "name": "[format('{0}/{1}', last(split(coalesce(tryGet(parameters('customerManagedKey'), 'keyVaultResourceId'), 'dummyVault'), '/')), coalesce(tryGet(parameters('customerManagedKey'), 'keyName'), 'dummyKey'))]", + "dependsOn": [ + "cMKKeyVault" + ] }, "avmTelemetry": { "condition": "[parameters('enableTelemetry')]", @@ -30679,8 +30785,8 @@ "azureFilesIdentityBasedAuthentication": "[if(not(empty(parameters('azureFilesIdentityBasedAuthentication'))), parameters('azureFilesIdentityBasedAuthentication'), null())]" }, "dependsOn": [ - "cMKKeyVault::cMKKey", - "cMKKeyVault" + "cMKKeyVault", + "cMKUserAssignedIdentity" ] }, "storageAccount_diagnosticSettings": { @@ -31407,8 +31513,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "7563796982078818002" + "version": "0.30.23.60470", + "templateHash": "12532433520125716194" }, "name": "Storage Account File Share Services", "description": "This module deploys a Storage Account File Share Service.", @@ -31596,7 +31702,10 @@ "properties": { "protocolSettings": "[parameters('protocolSettings')]", "shareDeleteRetentionPolicy": "[parameters('shareDeleteRetentionPolicy')]" - } + }, + "dependsOn": [ + "storageAccount" + ] }, "fileServices_diagnosticSettings": { "copy": { @@ -31685,8 +31794,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "3713644329284987288" + "version": "0.30.23.60470", + "templateHash": "8149592214225924460" }, "name": "Storage Account File Shares", "description": "This module deploys a Storage Account File Share.", @@ -31836,7 +31945,10 @@ "existing": true, "type": "Microsoft.Storage/storageAccounts/fileServices", "apiVersion": "2023-04-01", - "name": "[format('{0}/{1}', parameters('storageAccountName'), parameters('fileServicesName'))]" + "name": "[format('{0}/{1}', parameters('storageAccountName'), parameters('fileServicesName'))]", + "dependsOn": [ + "storageAccount" + ] }, "storageAccount": { "existing": true, @@ -31853,7 +31965,10 @@ "shareQuota": "[parameters('shareQuota')]", "rootSquash": "[if(equals(parameters('enabledProtocols'), 'NFS'), parameters('rootSquash'), null())]", "enabledProtocols": "[parameters('enabledProtocols')]" - } + }, + "dependsOn": [ + "storageAccount::fileService" + ] }, "fileShare_roleAssignments": { "condition": "[not(empty(parameters('roleAssignments')))]", @@ -31879,8 +31994,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "818020582942572160" + "version": "0.30.23.60470", + "templateHash": "12442072449730867756" } }, "parameters": { @@ -32203,8 +32318,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "16137516709887962737" + "version": "0.30.23.60470", + "templateHash": "1689212129910611066" }, "name": "AVD LZA storage", "description": "Configures domain join settings on storage account via VM custom script extension", @@ -32304,8 +32419,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "12912200857967286939" + "version": "0.30.23.60470", + "templateHash": "16065702394900050638" }, "name": "Virtual Machine Extensions", "description": "This module deploys a Virtual Machine Extension.", @@ -32420,7 +32535,10 @@ "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]", "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]", "suppressFailures": "[parameters('supressFailures')]" - } + }, + "dependsOn": [ + "virtualMachine" + ] } }, "outputs": { @@ -32512,8 +32630,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "11716363886763727910" + "version": "0.30.23.60470", + "templateHash": "3813426440693373404" }, "name": "AVD Accelerator - VMSS Flex", "description": "Deploys a VMSS Flex without VM profile", @@ -32723,8 +32841,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "18315988187779289577" + "version": "0.30.23.60470", + "templateHash": "6770038964767794784" } }, "parameters": { @@ -33123,8 +33241,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "10027574665149403184" + "version": "0.30.23.60470", + "templateHash": "2803598175472441376" }, "name": "Virtual Machines", "description": "This module deploys a Virtual Machine with one or multiple NICs and optionally one or multiple public IPs.", @@ -33953,8 +34071,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "8317114007842077232" + "version": "0.30.23.60470", + "templateHash": "499916289263126031" } }, "definitions": { @@ -35506,8 +35624,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "12912200857967286939" + "version": "0.30.23.60470", + "templateHash": "16065702394900050638" }, "name": "Virtual Machine Extensions", "description": "This module deploys a Virtual Machine Extension.", @@ -35622,7 +35740,10 @@ "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]", "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]", "suppressFailures": "[parameters('supressFailures')]" - } + }, + "dependsOn": [ + "virtualMachine" + ] } }, "outputs": { @@ -35712,8 +35833,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "12912200857967286939" + "version": "0.30.23.60470", + "templateHash": "16065702394900050638" }, "name": "Virtual Machine Extensions", "description": "This module deploys a Virtual Machine Extension.", @@ -35828,7 +35949,10 @@ "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]", "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]", "suppressFailures": "[parameters('supressFailures')]" - } + }, + "dependsOn": [ + "virtualMachine" + ] } }, "outputs": { @@ -35913,8 +36037,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "12912200857967286939" + "version": "0.30.23.60470", + "templateHash": "16065702394900050638" }, "name": "Virtual Machine Extensions", "description": "This module deploys a Virtual Machine Extension.", @@ -36029,7 +36153,10 @@ "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]", "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]", "suppressFailures": "[parameters('supressFailures')]" - } + }, + "dependsOn": [ + "virtualMachine" + ] } }, "outputs": { @@ -36121,8 +36248,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "12912200857967286939" + "version": "0.30.23.60470", + "templateHash": "16065702394900050638" }, "name": "Virtual Machine Extensions", "description": "This module deploys a Virtual Machine Extension.", @@ -36237,7 +36364,10 @@ "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]", "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]", "suppressFailures": "[parameters('supressFailures')]" - } + }, + "dependsOn": [ + "virtualMachine" + ] } }, "outputs": { @@ -36322,8 +36452,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "12912200857967286939" + "version": "0.30.23.60470", + "templateHash": "16065702394900050638" }, "name": "Virtual Machine Extensions", "description": "This module deploys a Virtual Machine Extension.", @@ -36438,7 +36568,10 @@ "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]", "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]", "suppressFailures": "[parameters('supressFailures')]" - } + }, + "dependsOn": [ + "virtualMachine" + ] } }, "outputs": { @@ -36520,8 +36653,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "12912200857967286939" + "version": "0.30.23.60470", + "templateHash": "16065702394900050638" }, "name": "Virtual Machine Extensions", "description": "This module deploys a Virtual Machine Extension.", @@ -36636,7 +36769,10 @@ "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]", "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]", "suppressFailures": "[parameters('supressFailures')]" - } + }, + "dependsOn": [ + "virtualMachine" + ] } }, "outputs": { @@ -36779,8 +36915,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "12912200857967286939" + "version": "0.30.23.60470", + "templateHash": "16065702394900050638" }, "name": "Virtual Machine Extensions", "description": "This module deploys a Virtual Machine Extension.", @@ -36895,7 +37031,10 @@ "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]", "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]", "suppressFailures": "[parameters('supressFailures')]" - } + }, + "dependsOn": [ + "virtualMachine" + ] } }, "outputs": { @@ -36993,8 +37132,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "12912200857967286939" + "version": "0.30.23.60470", + "templateHash": "16065702394900050638" }, "name": "Virtual Machine Extensions", "description": "This module deploys a Virtual Machine Extension.", @@ -37109,7 +37248,10 @@ "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]", "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]", "suppressFailures": "[parameters('supressFailures')]" - } + }, + "dependsOn": [ + "virtualMachine" + ] } }, "outputs": { @@ -37178,8 +37320,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "16098006620978243706" + "version": "0.30.23.60470", + "templateHash": "3162213164155283873" } }, "parameters": { @@ -37276,8 +37418,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "2034101914121395359" + "version": "0.30.23.60470", + "templateHash": "11404025400543455992" } }, "parameters": { @@ -37447,8 +37589,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "13524617293657039977" + "version": "0.30.23.60470", + "templateHash": "12070773277688568193" } }, "parameters": { @@ -37479,8 +37621,8 @@ } }, "variables": { - "$fxv#0": "{\n \"name\": \"policy-deploy-amd-gpu-driver\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"mode\": \"Indexed\",\n \"displayName\": \"Custom - Deploy AMD GPU Driver Extension\",\n \"description\": \"This policy definition deploys the AMD GPU Driver extension on AMD's SKU VMs.\",\n \"metadata\": {\n \"version\": \"1.1.0\",\n \"category\": \"Drivers\"\n },\n \"parameters\": {\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Compute/virtualMachines\"\n },\n {\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\n \"in\": [\n \"Standard_NV4as_v4\",\n \"Standard_NV8as_v4\",\n \"Standard_NV16as_v4\",\n \"Standard_NV32as_v4\"\n ]\n }\n ]\n },\n \"then\": {\n \"effect\": \"deployIfNotExists\",\n \"details\": {\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\n \"roleDefinitionIds\": [\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\n ],\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\n \"equals\": \"Microsoft.HpcCompute\"\n },\n {\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\n \"equals\": \"AmdGpuDriverWindows\"\n },\n {\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\n \"in\": [\n \"Succeeded\"\n ]\n }\n ]\n },\n \"deployment\": {\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"vmName\": {\n \"type\": \"string\"\n },\n \"location\": {\n \"type\": \"string\"\n }\n },\n \"variables\": {\n \"vmExtensionName\": \"AmdGpuDriverWindows\",\n \"vmExtensionPublisher\": \"Microsoft.HpcCompute\",\n \"vmExtensionType\": \"AmdGpuDriverWindows\",\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\n },\n \"resources\": [\n {\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\n \"location\": \"[parameters('location')]\",\n \"apiVersion\": \"2018-06-01\",\n \"properties\": {\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\n \"type\": \"[variables('vmExtensionType')]\",\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\n \"autoUpgradeMinorVersion\": true\n }\n }\n ],\n \"outputs\": {\n \"policy\": {\n \"type\": \"string\",\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\n }\n }\n },\n \"parameters\": {\n \"vmName\": {\n \"value\": \"[field('name')]\"\n },\n \"location\": {\n \"value\": \"[field('location')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n}", - "$fxv#1": "{\n \"name\": \"policy-deploy-nvidia-gpu-driver\",\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\n \"apiVersion\": \"2021-06-01\",\n \"scope\": null,\n \"properties\": {\n \"policyType\": \"Custom\",\n \"mode\": \"Indexed\",\n \"displayName\": \"Custom - Deploy Nvidia GPU Driver Extension\",\n \"description\": \"This policy definition deploys the Nvidia GPU Driver extension on Nvidia's SKU VMs.\",\n \"metadata\": {\n \"version\": \"1.1.0\",\n \"category\": \"Drivers\"\n },\n \"parameters\": {\n },\n \"policyRule\": {\n \"if\": {\n \"allOf\": [\n {\n \"field\": \"type\",\n \"equals\": \"Microsoft.Compute/virtualMachines\"\n },\n {\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\n \"in\": [\n \"Standard_NV6\",\n \"Standard_NV12\",\n \"Standard_NV24\",\n \"Standard_NV12s_v3\",\n \"Standard_NV24s_v3\",\n \"Standard_NV48s_v3\",\n \"Standard_NC4as_T4_v3\",\n \"Standard_NC8as_T4_v3\",\n \"Standard_NC16as_T4_v3\",\n \"Standard_NC64as_T4_v3\",\n \"Standard_NV6ads_A10_v5\",\n \"Standard_NV12ads_A10_v5\",\n \"Standard_NV18ads_A10_v5\",\n \"Standard_NV36ads_A10_v5\",\n \"Standard_NV36adms_A10_v5\",\n \"Standard_NV72ads_A10_v5\"\n ]\n }\n ]\n },\n \"then\": {\n \"effect\": \"deployIfNotExists\",\n \"details\": {\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\n \"roleDefinitionIds\": [\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\n ],\n \"existenceCondition\": {\n \"allOf\": [\n {\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\n \"equals\": \"Microsoft.HpcCompute\"\n },\n {\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\n \"equals\": \"NvidiaGpuDriverWindows\"\n },\n {\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\n \"in\": [\n \"Succeeded\"\n ]\n }\n ]\n },\n \"deployment\": {\n \"properties\": {\n \"mode\": \"Incremental\",\n \"template\": {\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\n \"contentVersion\": \"1.0.0.0\",\n \"parameters\": {\n \"vmName\": {\n \"type\": \"string\"\n },\n \"location\": {\n \"type\": \"string\"\n }\n },\n \"variables\": {\n \"vmExtensionName\": \"NvidiaGpuDriverWindows\",\n \"vmExtensionPublisher\": \"Microsoft.HpcCompute\",\n \"vmExtensionType\": \"NvidiaGpuDriverWindows\",\n \"vmExtensionTypeHandlerVersion\": \"1.2\"\n },\n \"resources\": [\n {\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\n \"location\": \"[parameters('location')]\",\n \"apiVersion\": \"2018-06-01\",\n \"properties\": {\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\n \"type\": \"[variables('vmExtensionType')]\",\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\n \"autoUpgradeMinorVersion\": true\n }\n }\n ],\n \"outputs\": {\n \"policy\": {\n \"type\": \"string\",\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\n }\n }\n },\n \"parameters\": {\n \"vmName\": {\n \"value\": \"[field('name')]\"\n },\n \"location\": {\n \"value\": \"[field('location')]\"\n }\n }\n }\n }\n }\n }\n }\n }\n}", + "$fxv#0": "{\r\n \"name\": \"policy-deploy-amd-gpu-driver\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"scope\": null,\r\n \"properties\": {\r\n \"mode\": \"Indexed\",\r\n \"displayName\": \"Custom - Deploy AMD GPU Driver Extension\",\r\n \"description\": \"This policy definition deploys the AMD GPU Driver extension on AMD's SKU VMs.\",\r\n \"metadata\": {\r\n \"version\": \"1.1.0\",\r\n \"category\": \"Drivers\"\r\n },\r\n \"parameters\": {\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\r\n \"in\": [\r\n \"Standard_NV4as_v4\",\r\n \"Standard_NV8as_v4\",\r\n \"Standard_NV16as_v4\",\r\n \"Standard_NV32as_v4\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.HpcCompute\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"AmdGpuDriverWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"in\": [\r\n \"Succeeded\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"AmdGpuDriverWindows\",\r\n \"vmExtensionPublisher\": \"Microsoft.HpcCompute\",\r\n \"vmExtensionType\": \"AmdGpuDriverWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.0\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}", + "$fxv#1": "{\r\n \"name\": \"policy-deploy-nvidia-gpu-driver\",\r\n \"type\": \"Microsoft.Authorization/policyDefinitions\",\r\n \"apiVersion\": \"2021-06-01\",\r\n \"scope\": null,\r\n \"properties\": {\r\n \"policyType\": \"Custom\",\r\n \"mode\": \"Indexed\",\r\n \"displayName\": \"Custom - Deploy Nvidia GPU Driver Extension\",\r\n \"description\": \"This policy definition deploys the Nvidia GPU Driver extension on Nvidia's SKU VMs.\",\r\n \"metadata\": {\r\n \"version\": \"1.1.0\",\r\n \"category\": \"Drivers\"\r\n },\r\n \"parameters\": {\r\n },\r\n \"policyRule\": {\r\n \"if\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"type\",\r\n \"equals\": \"Microsoft.Compute/virtualMachines\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/sku.name\",\r\n \"in\": [\r\n \"Standard_NV6\",\r\n \"Standard_NV12\",\r\n \"Standard_NV24\",\r\n \"Standard_NV12s_v3\",\r\n \"Standard_NV24s_v3\",\r\n \"Standard_NV48s_v3\",\r\n \"Standard_NC4as_T4_v3\",\r\n \"Standard_NC8as_T4_v3\",\r\n \"Standard_NC16as_T4_v3\",\r\n \"Standard_NC64as_T4_v3\",\r\n \"Standard_NV6ads_A10_v5\",\r\n \"Standard_NV12ads_A10_v5\",\r\n \"Standard_NV18ads_A10_v5\",\r\n \"Standard_NV36ads_A10_v5\",\r\n \"Standard_NV36adms_A10_v5\",\r\n \"Standard_NV72ads_A10_v5\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"then\": {\r\n \"effect\": \"deployIfNotExists\",\r\n \"details\": {\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"roleDefinitionIds\": [\r\n \"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c\"\r\n ],\r\n \"existenceCondition\": {\r\n \"allOf\": [\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/publisher\",\r\n \"equals\": \"Microsoft.HpcCompute\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/type\",\r\n \"equals\": \"NvidiaGpuDriverWindows\"\r\n },\r\n {\r\n \"field\": \"Microsoft.Compute/virtualMachines/extensions/provisioningState\",\r\n \"in\": [\r\n \"Succeeded\"\r\n ]\r\n }\r\n ]\r\n },\r\n \"deployment\": {\r\n \"properties\": {\r\n \"mode\": \"Incremental\",\r\n \"template\": {\r\n \"$schema\": \"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#\",\r\n \"contentVersion\": \"1.0.0.0\",\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"type\": \"string\"\r\n },\r\n \"location\": {\r\n \"type\": \"string\"\r\n }\r\n },\r\n \"variables\": {\r\n \"vmExtensionName\": \"NvidiaGpuDriverWindows\",\r\n \"vmExtensionPublisher\": \"Microsoft.HpcCompute\",\r\n \"vmExtensionType\": \"NvidiaGpuDriverWindows\",\r\n \"vmExtensionTypeHandlerVersion\": \"1.2\"\r\n },\r\n \"resources\": [\r\n {\r\n \"name\": \"[concat(parameters('vmName'), '/', variables('vmExtensionName'))]\",\r\n \"type\": \"Microsoft.Compute/virtualMachines/extensions\",\r\n \"location\": \"[parameters('location')]\",\r\n \"apiVersion\": \"2018-06-01\",\r\n \"properties\": {\r\n \"publisher\": \"[variables('vmExtensionPublisher')]\",\r\n \"type\": \"[variables('vmExtensionType')]\",\r\n \"typeHandlerVersion\": \"[variables('vmExtensionTypeHandlerVersion')]\",\r\n \"autoUpgradeMinorVersion\": true\r\n }\r\n }\r\n ],\r\n \"outputs\": {\r\n \"policy\": {\r\n \"type\": \"string\",\r\n \"value\": \"[concat('Enabled extension for VM', ': ', parameters('vmName'))]\"\r\n }\r\n }\r\n },\r\n \"parameters\": {\r\n \"vmName\": {\r\n \"value\": \"[field('name')]\"\r\n },\r\n \"location\": {\r\n \"value\": \"[field('location')]\"\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n }\r\n}", "varCustomPolicyDefinitions": [ { "deploymentName": "AMD-Policy", @@ -37537,8 +37679,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "15463854004391961762" + "version": "0.30.23.60470", + "templateHash": "16641541366344144948" } }, "parameters": { @@ -37683,8 +37825,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "15421130529251696480" + "version": "0.30.23.60470", + "templateHash": "15074949129863647497" }, "name": "Policy Assignments (Resource Group scope)", "description": "This module deploys a Policy Assignment at a Resource Group scope.", @@ -37934,8 +38076,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "13897376912843476576" + "version": "0.30.23.60470", + "templateHash": "13526857440223039502" }, "name": "Policy Insights Remediations (Resource Group scope)", "description": "This module deploys a Policy Insights Remediation on a Resource Group scope.", diff --git a/workload/arm/deploy-custom-image.json b/workload/arm/deploy-custom-image.json index 394a1c2ea..f9686bbd4 100644 --- a/workload/arm/deploy-custom-image.json +++ b/workload/arm/deploy-custom-image.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "11005118672465324060" + "version": "0.30.23.60470", + "templateHash": "13314477152562779978" }, "name": "AVD Accelerator - Baseline Custom Image Deployment", "description": "AVD Accelerator - Custom Image Baseline" @@ -903,8 +903,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "2997718652572802150" + "version": "0.30.23.60470", + "templateHash": "8672838757620509839" }, "name": "Resource Groups", "description": "This module deploys a Resource Group.", @@ -1036,8 +1036,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "18377214292539099814" + "version": "0.30.23.60470", + "templateHash": "996546500864975873" } }, "parameters": { @@ -1171,8 +1171,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "9800876540676001554" + "version": "0.30.23.60470", + "templateHash": "11803242017330059916" }, "name": "User Assigned Identities", "description": "This module deploys a User Assigned Identity.", @@ -1425,8 +1425,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "6548182237058026465" + "version": "0.30.23.60470", + "templateHash": "1227486639354850589" }, "name": "Role Assignments (Resource Group scope)", "description": "This module deploys a Role Assignment at a Resource Group scope.", @@ -1597,8 +1597,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "6548182237058026465" + "version": "0.30.23.60470", + "templateHash": "1227486639354850589" }, "name": "Role Assignments (Resource Group scope)", "description": "This module deploys a Role Assignment at a Resource Group scope.", @@ -1769,8 +1769,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "767607799676016995" + "version": "0.30.23.60470", + "templateHash": "8716966376500343533" }, "name": "Azure Compute Galleries", "description": "This module deploys an Azure Compute Gallery (formerly known as Shared Image Gallery).", @@ -2083,8 +2083,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "10144839515674727775" + "version": "0.30.23.60470", + "templateHash": "6324333564562675323" }, "name": "Compute Galleries Applications", "description": "This module deploys an Azure Compute Gallery Application.", @@ -2276,7 +2276,10 @@ "privacyStatementUri": "[parameters('privacyStatementUri')]", "releaseNoteUri": "[parameters('releaseNoteUri')]", "supportedOSType": "[parameters('supportedOSType')]" - } + }, + "dependsOn": [ + "gallery" + ] }, "application_roleAssignments": { "copy": { @@ -2437,8 +2440,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "11413741938827176545" + "version": "0.30.23.60470", + "templateHash": "15863716299868232423" }, "name": "Compute Galleries Image Definitions", "description": "This module deploys an Azure Compute Gallery Image Definition.", @@ -2779,7 +2782,10 @@ "disallowed": { "diskTypes": "[parameters('excludedDiskTypes')]" } - } + }, + "dependsOn": [ + "gallery" + ] }, "image_roleAssignments": { "copy": { @@ -2944,8 +2950,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "11413741938827176545" + "version": "0.30.23.60470", + "templateHash": "15863716299868232423" }, "name": "Compute Galleries Image Definitions", "description": "This module deploys an Azure Compute Gallery Image Definition.", @@ -3286,7 +3292,10 @@ "disallowed": { "diskTypes": "[parameters('excludedDiskTypes')]" } - } + }, + "dependsOn": [ + "gallery" + ] }, "image_roleAssignments": { "copy": { @@ -3408,8 +3417,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "2647588914323323261" + "version": "0.30.23.60470", + "templateHash": "9357981150976522750" }, "name": "Virtual Machine Image Templates", "description": "This module deploys a Virtual Machine Image Template that can be consumed by Azure Image Builder (AIB).", @@ -4126,8 +4135,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "3083170160174738636" + "version": "0.30.23.60470", + "templateHash": "15282002205908158597" }, "name": "Log Analytics Workspaces", "description": "This module deploys a Log Analytics Workspace.", @@ -4359,8 +4368,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "12329258505555524534" + "version": "0.30.23.60470", + "templateHash": "8028201980853199520" }, "name": "Log Analytics Workspace Storage Insight Configs", "description": "This module deploys a Log Analytics Workspace Storage Insight Config.", @@ -4433,7 +4442,11 @@ "id": "[parameters('storageAccountResourceId')]", "key": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', last(split(parameters('storageAccountResourceId'), '/'))), '2022-09-01').keys[0].value]" } - } + }, + "dependsOn": [ + "storageAccount", + "workspace" + ] } }, "outputs": { @@ -4604,8 +4617,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "15856342842826356274" + "version": "0.30.23.60470", + "templateHash": "364033324568923142" }, "name": "Automation Accounts", "description": "This module deploys an Azure Automation Account.", @@ -5294,7 +5307,10 @@ "apiVersion": "2023-02-01", "subscriptionId": "[split(coalesce(tryGet(parameters('customerManagedKey'), 'keyVaultResourceId'), '//'), '/')[2]]", "resourceGroup": "[split(coalesce(tryGet(parameters('customerManagedKey'), 'keyVaultResourceId'), '////'), '/')[4]]", - "name": "[format('{0}/{1}', last(split(coalesce(tryGet(parameters('customerManagedKey'), 'keyVaultResourceId'), 'dummyVault'), '/')), coalesce(tryGet(parameters('customerManagedKey'), 'keyName'), 'dummyKey'))]" + "name": "[format('{0}/{1}', last(split(coalesce(tryGet(parameters('customerManagedKey'), 'keyVaultResourceId'), 'dummyVault'), '/')), coalesce(tryGet(parameters('customerManagedKey'), 'keyName'), 'dummyKey'))]", + "dependsOn": [ + "cMKKeyVault" + ] }, "avmTelemetry": { "condition": "[parameters('enableTelemetry')]", @@ -5350,8 +5366,8 @@ "disableLocalAuth": "[parameters('disableLocalAuth')]" }, "dependsOn": [ - "cMKKeyVault::cMKKey", - "cMKKeyVault" + "cMKKeyVault", + "cMKUserAssignedIdentity" ] }, "automationAccount_lock": { @@ -5456,8 +5472,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "7887936383291613293" + "version": "0.30.23.60470", + "templateHash": "12770932827291723029" }, "name": "Automation Account Credential", "description": "This module deploys Azure Automation Account Credential.", @@ -5534,7 +5550,10 @@ "password": "[parameters('credentials')[copyIndex()].password]", "userName": "[parameters('credentials')[copyIndex()].userName]", "description": "[coalesce(tryGet(parameters('credentials')[copyIndex()], 'description'), '')]" - } + }, + "dependsOn": [ + "automationAccount" + ] } }, "outputs": { @@ -5612,8 +5631,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "11043846710506937492" + "version": "0.30.23.60470", + "templateHash": "15453846545391026191" }, "name": "Automation Account Modules", "description": "This module deploys an Azure Automation Account Module.", @@ -5678,7 +5697,10 @@ "uri": "[if(not(equals(parameters('version'), 'latest')), format('{0}/{1}/{2}', parameters('uri'), parameters('name'), parameters('version')), format('{0}/{1}', parameters('uri'), parameters('name')))]", "version": "[if(not(equals(parameters('version'), 'latest')), parameters('version'), null())]" } - } + }, + "dependsOn": [ + "automationAccount" + ] } }, "outputs": { @@ -5751,8 +5773,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "2769963466163535886" + "version": "0.30.23.60470", + "templateHash": "18156490457024191308" }, "name": "Automation Account Schedules", "description": "This module deploys an Azure Automation Account Schedule.", @@ -5930,8 +5952,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "10628373878524632674" + "version": "0.30.23.60470", + "templateHash": "12957326312361613170" }, "name": "Automation Account Runbooks", "description": "This module deploys an Azure Automation Account Runbook.", @@ -6059,7 +6081,11 @@ "runbookType": "[parameters('type')]", "description": "[parameters('description')]", "publishContentLink": "[if(not(empty(parameters('uri'))), if(empty(parameters('uri')), null(), createObject('uri', if(not(empty(parameters('uri'))), if(empty(parameters('scriptStorageAccountResourceId')), parameters('uri'), format('{0}?{1}', parameters('uri'), listAccountSas(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(coalesce(parameters('scriptStorageAccountResourceId'), '//'), '/')[2], split(coalesce(parameters('scriptStorageAccountResourceId'), '////'), '/')[4]), 'Microsoft.Storage/storageAccounts', last(split(coalesce(parameters('scriptStorageAccountResourceId'), 'dummyVault'), '/'))), '2021-04-01', variables('accountSasProperties')).accountSasToken)), null()), 'version', if(not(empty(parameters('version'))), parameters('version'), null()))), null())]" - } + }, + "dependsOn": [ + "automationAccount", + "storageAccount" + ] } }, "outputs": { @@ -6130,8 +6156,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "17724956402217558185" + "version": "0.30.23.60470", + "templateHash": "4313990302593445827" }, "name": "Automation Account Job Schedules", "description": "This module deploys an Azure Automation Account Job Schedule.", @@ -6258,8 +6284,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "995071399213667449" + "version": "0.30.23.60470", + "templateHash": "11786120333296513300" }, "name": "Automation Account Variables", "description": "This module deploys an Azure Automation Account Variable.", @@ -6373,8 +6399,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "17097798234862446049" + "version": "0.30.23.60470", + "templateHash": "9587193864623256690" }, "name": "Log Analytics Workspace Linked Services", "description": "This module deploys a Log Analytics Workspace Linked Service.", @@ -6430,7 +6456,10 @@ "properties": { "resourceId": "[parameters('resourceId')]", "writeAccessResourceId": "[if(empty(parameters('writeAccessResourceId')), null(), parameters('writeAccessResourceId'))]" - } + }, + "dependsOn": [ + "workspace" + ] } }, "outputs": { @@ -6689,8 +6718,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "13977107975362188587" + "version": "0.30.23.60470", + "templateHash": "1425387999711751616" }, "name": "Automation Account Software Update Configurations", "description": "This module deploys an Azure Automation Account Software Update Configuration.", @@ -7843,8 +7872,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "11043846710506937492" + "version": "0.30.23.60470", + "templateHash": "15453846545391026191" }, "name": "Automation Account Modules", "description": "This module deploys an Azure Automation Account Module.", @@ -7909,7 +7938,10 @@ "uri": "[if(not(equals(parameters('version'), 'latest')), format('{0}/{1}/{2}', parameters('uri'), parameters('name'), parameters('version')), format('{0}/{1}', parameters('uri'), parameters('name')))]", "version": "[if(not(equals(parameters('version'), 'latest')), parameters('version'), null())]" } - } + }, + "dependsOn": [ + "automationAccount" + ] } }, "outputs": { @@ -7991,8 +8023,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "585773104499839924" + "version": "0.30.23.60470", + "templateHash": "8303233768580490500" }, "name": "Action Groups", "description": "This module deploys an Action Group.", @@ -8361,8 +8393,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "16700458498164414655" + "version": "0.30.23.60470", + "templateHash": "14881120862543771879" }, "name": "Scheduled Query Rules", "description": "This module deploys a Scheduled Query Rule.",