Merge pull request #495 from zaidmohd/arcbox-passwd

ArcBox - Update windows password to optional
Azure · Feb 13, 2025 · 0232b02 · 0232b02
2 parents 2aa487b + e179d05
commit 0232b02
Show file tree

Hide file tree

Showing 6 changed files with 21 additions and 3 deletions.
diff --git a/docs/azure_jumpstart_arcbox/DataOps/_index.md b/docs/azure_jumpstart_arcbox/DataOps/_index.md
@@ -202,13 +202,13 @@ $customLocationRPOID=(az ad sp list --filter "displayname eq 'Custom Locations R
   - _`sshRSAPublicKey`_ - Your SSH public key
   - _`tenantId`_ - Your Azure tenant id
   - _`windowsAdminUsername`_ - Client Windows VM Administrator username
-  - _`windowsAdminPassword`_ - Client Windows VM Password. Password must have 3 of the following: 1 lower case character, 1 upper case character, 1 number, and 1 special character. The value must be between 12 and 123 characters long
   - _`logAnalyticsWorkspaceName`_ - Name for the ArcBox Log Analytics workspace that will be created
   - _`flavor`_ - Use the value "DataOps" to specify that you want to deploy the DataOps flavor of ArcBox
   - _`deployBastion`_ - Set to _`true`_ if you want to use Azure Bastion to connect to _ArcBox-Client_
   - _`resourceTags`_ - Tags to assign for all ArcBox resources
   - _`namingPrefix`_ - The naming prefix for the nested virtual machines and all Azure resources deployed. The maximum length for the naming prefix is 7 characters,example if the value is _Contoso_: `Contoso-Win2k19`
   - _`sqlServerEdition`_ - SQL Server edition to deploy on the Hyper-V guest VM. Supported values are Developer, Standard, and Enterprise. Default is Developer edition. Azure Arc-enabled SQL Server features such as performance metrics requires Standard or Enterprise edition. Use this parameter to experience SQL Server performance metrics enabled by Azure Arc.
+  - _`windowsAdminPassword`_ - (optional) Client Windows VM Password. Password must have 3 of the following: 1 lower case character, 1 upper case character, 1 number, and 1 special character. The value must be between 12 and 123 characters long. If not specified, the default value is generated using the Bicep newGuid() function and stored in the Key Vault.
 
   ![Screenshot showing example parameters](./parameters_dataops_bicep.png)
 
@@ -267,6 +267,10 @@ By design, ArcBox doesn't open port 3389 on the network security group. Therefor
 
   > **Note:** When using Azure Bastion, the desktop background image isn't visible. Therefore some screenshots in this guide may not exactly match your experience if you are connecting to _ArcBox-Client_ with Azure Bastion.
 
+- If the _`windowsAdminPassword`_ parameter is not specified during deployment, the password is automatically generated and stored in the Key Vault. Select "Password from Azure Key Vault" as the authentication type and use "windowsAdminPassword" as the Azure Key Vault secret name.
+
+  ![Screenshot showing connecting to the VM using Bastion and Key Vault](./bastion_connect_password.png)
+
 #### Connect using just-in-time access (JIT)
 
 If you already have [Microsoft Defender for Cloud](https://learn.microsoft.com/azure/defender-for-cloud/just-in-time-access-usage?tabs=jit-config-asc%2Cjit-request-asc) enabled on your subscription and would like to use JIT to access the Client VM, use the following steps:
@@ -292,6 +296,8 @@ Example:
 
 > **Note:** Logging into the Client VM without the UPN format _[email protected]_ will prevent the automation from running automatically.
 
+- If the _`windowsAdminPassword`_ parameter is not specified during deployment, the password is automatically generated and stored in the Key Vault. Copy the "windowsAdminPassword" secret value from the Key Vault to log in.
+
 #### The Logon scripts
 
 - Once you log into the _ArcBox-Client_ VM, multiple automated scripts will open and start running. These scripts usually take up to 60 minutes to finish, and once completed, the script windows will close automatically. At this point, the deployment is complete.

diff --git a/docs/azure_jumpstart_arcbox/DataOps/bastion_connect_password.png b/docs/azure_jumpstart_arcbox/DataOps/bastion_connect_password.png
diff --git a/docs/azure_jumpstart_arcbox/DevOps/_index.md b/docs/azure_jumpstart_arcbox/DevOps/_index.md
@@ -232,13 +232,13 @@ $customLocationRPOID=(az ad sp list --filter "displayname eq 'Custom Locations R
   - _`sshRSAPublicKey`_ - Your SSH public key
   - _`tenantId`_ - Your Azure tenant id
   - _`windowsAdminUsername`_ - Client Windows VM Administrator username
-  - _`windowsAdminPassword`_ - Client Windows VM Password. Password must have 3 of the following: 1 lower case character, 1 upper case character, 1 number, and 1 special character. The value must be between 12 and 123 characters long.
   - _`logAnalyticsWorkspaceName`_ - Name for the ArcBox Log Analytics workspace
   - _`flavor`_ - Use the value _"DevOps"_ to specify that you want to deploy this specific flavor of ArcBox
   - _`resourceTags`_ - Tags to assign for all ArcBox resources
   - _`namingPrefix`_ - The naming prefix for the nested virtual machines and all Azure resources deployed. The maximum length for the naming prefix is 7 characters,example if the value is _Contoso_: `Contoso-Win2k19`
   - _`deployBastion`_ - Set to _`true`_ if you want to use Azure Bastion to connect to _ArcBox-Client_
   - _`githubUser`_ - Specify the name of your GitHub account where you cloned the Sample Apps repo
+  - _`windowsAdminPassword`_ - (optional) Client Windows VM Password. Password must have 3 of the following: 1 lower case character, 1 upper case character, 1 number, and 1 special character. The value must be between 12 and 123 characters long. If not specified, the default value is generated using the Bicep newGuid() function and stored in the Key Vault.
 
   ![Screenshot showing example parameters](./parameters_devops_bicep.png)
 
@@ -309,6 +309,8 @@ By design, ArcBox doesn't open port 3389 on the network security group. Therefor
 
   ![Screenshot showing connecting to the VM using RDP](./rdp_connect.png)
 
+  > **Note:** If the _`windowsAdminPassword`_ parameter is not specified during deployment, the password is automatically generated and stored in the Key Vault. Copy the "windowsAdminPassword" secret value from the Key Vault to log in.
+
 #### Connect using Azure Bastion
 
 - If you have chosen to deploy Azure Bastion in your deployment, use it to connect to the VM.
@@ -317,6 +319,10 @@ By design, ArcBox doesn't open port 3389 on the network security group. Therefor
 
   > **Note:** When using Azure Bastion, the desktop background image isn't visible. Therefore some screenshots in this guide may not exactly match your experience if you are connecting to _ArcBox-Client_ with Azure Bastion.
 
+- If the _`windowsAdminPassword`_ parameter is not specified during deployment, the password is automatically generated and stored in the Key Vault. Select "Password from Azure Key Vault" as the authentication type and use "windowsAdminPassword" as the Azure Key Vault secret name.
+
+  ![Screenshot showing connecting to the VM using Bastion and Key Vault](./bastion_connect_password.png)
+
 #### Connect using just-in-time access (JIT)
 
 If you already have [Microsoft Defender for Cloud](https://learn.microsoft.com/azure/defender-for-cloud/just-in-time-access-usage?tabs=jit-config-asc%2Cjit-request-asc) enabled on your subscription and would like to use JIT to access the Client VM, use the following steps:

diff --git a/docs/azure_jumpstart_arcbox/DevOps/bastion_connect_password.png b/docs/azure_jumpstart_arcbox/DevOps/bastion_connect_password.png
diff --git a/docs/azure_jumpstart_arcbox/ITPro/_index.md b/docs/azure_jumpstart_arcbox/ITPro/_index.md
@@ -140,7 +140,6 @@ ArcBox uses an advanced automation flow to deploy and configure all necessary re
 - Edit the [main.bicepparam](https://github.com/microsoft/azure_arc/blob/main/azure_jumpstart_arcbox/bicep/main.bicepparam) template parameters file and supply values for your environment.
   - _`tenantId`_ - Your Azure tenant id.
   - _`windowsAdminUsername`_ - Client Windows VM Administrator username.
-  - _`windowsAdminPassword`_ - Client Windows VM Password. Password must have 3 of the following: 1 lower case character, 1 upper case character, 1 number, and 1 special character. The value must be between 12 and 123 characters long.
   - _`logAnalyticsWorkspaceName`_ - Unique name for the ArcBox Log Analytics workspace.
   - _`flavor`_ - Use the value _"ITPro"_ to specify that you want to deploy ArcBox for IT Pros.
   - _`autoShutdownEnabled`_ - Optionally, you can set this to true if you want to configure the _ArcBox-Client_ VM to automatically shutdown to save costs.
@@ -150,6 +149,7 @@ ArcBox uses an advanced automation flow to deploy and configure all necessary re
   - _`resourceTags`_ - Tags to assign for all ArcBox resources.
   - _`namingPrefix`_ - The naming prefix for the nested virtual machines and all Azure resources.deployed. The maximum length for the naming prefix is 7 characters,example if the value is _Contoso_: `Contoso-Win2k25`.
   - _`sqlServerEdition`_ - SQL Server edition to deploy on the Hyper-V guest VM. Supported values are Developer, Standard, and Enterprise. Default is Developer edition. Azure Arc-enabled SQL Server features such as performance metrics requires Standard or Enterprise edition. Use this parameter to experience SQL Server performance metrics enabled by Azure Arc.
+  - _`windowsAdminPassword`_ - (optional) Client Windows VM Password. Password must have 3 of the following: 1 lower case character, 1 upper case character, 1 number, and 1 special character. The value must be between 12 and 123 characters long. If not specified, the default value is generated using the Bicep newGuid() function and stored in the Key Vault.
 
   ![Screenshot showing example parameters](./parameters_itpro_bicep.png)
 
@@ -214,6 +214,8 @@ By design, ArcBox doesn't open port 3389 on the network security group. Therefor
 
   ![Screenshot showing connecting to the VM using RDP](./rdp_connect.png)
 
+  > **Note:** If the _`windowsAdminPassword`_ parameter is not specified during deployment, the password is automatically generated and stored in the Key Vault. Copy the "windowsAdminPassword" secret value from the Key Vault to log in.
+
 #### Connect using Azure Bastion
 
 - If you have chosen to deploy Azure Bastion in your deployment, use it to connect to the VM.
@@ -222,6 +224,10 @@ By design, ArcBox doesn't open port 3389 on the network security group. Therefor
 
   > **Note:** When using Azure Bastion, the desktop background image isn't visible. Therefore some screenshots in this guide may not exactly match your experience if you are connecting to _ArcBox-Client_ with Azure Bastion.
 
+- If the _`windowsAdminPassword`_ parameter is not specified during deployment, the password is automatically generated and stored in the Key Vault. Select "Password from Azure Key Vault" as the authentication type and use "windowsAdminPassword" as the Azure Key Vault secret name.
+
+  ![Screenshot showing connecting to the VM using Bastion and Key Vault](./bastion_connect_password.png)
+
 #### Connect using just-in-time access (JIT)
 
 If you already have [Microsoft Defender for Cloud](https://learn.microsoft.com/azure/defender-for-cloud/just-in-time-access-usage?tabs=jit-config-asc%2Cjit-request-asc) enabled on your subscription and would like to use JIT to access the Client VM, use the following steps:

diff --git a/docs/azure_jumpstart_arcbox/ITPro/bastion_connect_password.png b/docs/azure_jumpstart_arcbox/ITPro/bastion_connect_password.png